Privacy Policy

Ventus Power Ltd. (“Ventus”) establishes and discloses this privacy policy (this “Policy”) to protect the personal information of the data subjects, and to promptly and smoothly handle the data subjects’ related grievances in accordance with the The Data Protection Act 2018. The UK's implementation of the General Data Protection Regulation (GDPR)

1. The Purpose of processing personal information, items of personal information processed, and retention period of personal information

Ventus collects personal information from data subjects such as suppliers, clients and consultants.

Personal information will not be used for any purpose other than the purpose outlined below. If the purpose of processing such personal information is altered, Ventus plans to undertake necessary actions, including the procurement of separate consent from the data subjects.

Purpose of Collection and Use

In order to comply with the policies and procedures of Ventus and the requirements under the applicable laws and regulations (E.g. Ventus’ policy on Anti-Money Laundering and Sanctions; Ventus’ policy on Anti-Bribery and Anti-Corruption)

Item of Person Information Collected and Used

Name, gender, date of birth, nationality and place of birth; mailing address, telephone number, email address and other contact information

Period of Retention and Use

Until the purpose of collection and use is achieved (however, if the relevant laws and regulations prescribe a certain period during which an item of personal information is required to be maintained, such item of personal information will be maintained until the expiration of such period.)

2. Third-Party Transfer of Personal Information

As noted in the previous section, Ventus processes data subjects’ personal information strictly in accordance with the specified scope of the purpose of processing such information, and may not provide such personal information to third parties unless explicitly permitted under The Data Protection Act 2018 (e.g. upon procurement of prior consent from the data subject, or pursuant to special provisions in relevant laws and regulations).

In order to comply with the policies and procedures of Ventus and the requirements under the applicable laws and regulations (E.g. Ventus’ policy on Anti-Money Laundering and Sanctions ; Ventus’ policy on Anti-Bribery and Anti-Corruption) Identical to the “Items of Personal Information Collected and Used” as provided above in Section 1 Until the purpose of collection and use is achieved (however, if the relevant laws and regulations prescribe a certain period during which an item of personal information is required to be preserved, such item of personal information will be maintained until the expiration of such period.)

3. Rights and Obligations of Data Subjects and How to Exercise Such Rights

A data subject (or if the data subject is under 14 years or old, his/her legal representative, i.e, a parent who has the parental right) may at any time exercise his/her right by, among other means, requesting to access and view, modify, delete, and/or suspend the processing of his/her personal information retained by Ventus.

A data subject may make the above requests in writing or by e-mail or facsimile in accordance with The Data Protection Act 2018, and Ventus will take measures thereon without delay.

A data subject may exercise the above right through his/her proxy such as his/her legal representative or an otherwise delegated person. In such a case, however, a power of attorney must be submitted to Ventus.

The right of a data subject to request to review his/her personal information and to suspend the processing of his/her personal information may be restricted in accordance with The Data Protection Act 2018.

Ventus may reject a data subject’s request for rectification and/or deletion of his/her personal information if Ventus is required under relevant laws and regulations to collect such data subject’s personal information.

Upon receipt of a request to view, rectify, delete or suspend the processing of a data subject’s personal information, Ventus shall verify, prior to acting upon such request, whether the requesting person is the data subject or a legitimate representative.

4. Destruction of Personal Information

Ventus shall immediately destroy personal information when the relevant personal information becomes unnecessary, including when the retention period of such personal information expires, or where the purpose of processing such personal information is achieved.

If Ventus is required pursuant to relevant laws and regulations to continuously preserve certain unnecessary personal information, Ventus will store and manage such personal information in a separate storage space or a separate database (DB).

Procedures and methods for the destruction of personal information are as follows:

A. Destruction Procedures

Ventus selects the personal information to be destroyed, and destroys such personal information after obtaining approval from Ventus’ nominated privacy officer.

B. Destruction Methods

Ventus destroys any personal information recorded or stored in electronic form in an irreproducible manner; Ventus destroys any personal information recorded or stored in physical form by using a paper shredder or incinerating such information.

5. Measures to Ensure Safety of Personal Information

Ventus undertakes the administrative, technical and physical security measures, in order to ensure that the personal information it processes is secure, including, but not limited to the following:

A. Administrative Measures:

Regular monitoring by Ventus, establishment and implementation of an internal policy, and training of the employees who handle personal information.

B. Technical Measures:

Storage of any digitalised personal information in a secure folder within Ventus’ IT system, management of access right to such information and the operation of an access control system., adoption of encryption technology to safely store and transmit personal information, retaining login records and technical measures to prevent the forgery and falsification, installation and upgrade of security programs to protect personal information.

C. Physical Measures:

Separate maintenance of any physical copies of personal information in a secure filing cabinet and restriction of access to sites, offices, and data rooms.

6. Installation and Operation of an Automated System for the Automatic Collection of Personal Information, and Methods Available for the Rejection of Such Automated Collection

Ventus does not use “cookies” or any other automatic collection technologies for the purpose of storing, tracking and accessing data subjects’ usage information.

7. Privacy Officer

Ventus designates a privacy officer as follows who will handle complaints and remedy damages of the data subjects related to the processing of personal information.

Privacy Officer

Name: Ryan Colbeck

Position: Managing Partner

Contact: ryan@ventus-power.com

Data subjects may contact the privacy officer and the personal information protection department to, among others, inquire about matters in connection with the protection of personal information, the handling of complaints, and damage relief.

8. Methods for Remedying Infringement of Rights

Data subjects may contact the following organization in order to request consultation with respect to the infringement of personal information.

UK Information Commissioner’s Office

Responsibilities: Receiving reports with respect to the infringement of personal information and applications for consultation

Website address: www.gov.uk/data-protection

Telephone No.: 01625 545860

Address: Information Commissioner’s Office, Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF

Amendments to the Privacy Policy

This Policy is effective as of 6th September 2023.

Previous versions of this Policy may be accessed at www.ventus-power.com