THIRD PARTY PRIVACY POLICY

1 INTRODUCTION

Welcome to the third party privacy policy of Travel Plus NV (“Travel Plus” / “we” / “us” / “our”).

We take your privacy seriously and we are committed to protecting personal data that we receive from you.
This privacy policy explains Travel Plus’ policies and practices regarding its processing of your personal data,
and explains your privacy rights under applicable privacy and security laws, even though you are not a member or
employed with a member of the Exmar group of companies.

This privacy policy is effective as of May 25th, 2018. We review our privacy practices on an ongoing basis,
and as such we may change this privacy policy from time to time. If such change includes any significant, material
changes, we will provide clear notice of the update on the homepage of our website. Please check this policy
frequently to ensure that you are familiar with its current content.

If you are an EU national and reside in the EU, or are non-EU national residing in the EU, the data controller
(as defined under EU data protection law) will be the TravelPlus relevant entity that you engage with.

2 CONTACTING US

If you would like additional information on anything in or related to this privacy policy, or you would like
to exercise any rights that you may have in relation to your personal data, please contact us at dpc@exmar.be

3 WHAT PERSONAL DATA MAY WE PROCESS?

The types of personal data relating to you that we may “process” (such as collect, use and store) depends on your
interaction with us. The key types of personal data that we may process are set out below.

* Note that the legal bases in the table below are required to be specified under EU data protection law, but are
not required, or required to be specified, if you are not an EU citizen/do not reside in the EU.

4 PERSONAL DATA THAT YOU GIVE US
Activity Types of personal data that we may process Our legal bases* for processing
Your general use of our website
  • Name, title, gender
  • Contact details (email address, business address)
  • Company
  • Any other personal data that you provide to us in
    your contact with TravelPlus through our website, such
    as your home and business addresses, phone numbers,
    description of yourself, your position, and your
    requirements or comments
Legitimate interests:

  • Getting to know clients or potential clients /
    colleagues / recruiters / employees / workers /
    consultants / service providers
  • Managing business communications with our clients
  • Maintaining and managing our website
  • Responding to your communication(s) with us
Your request for our legal services
  • Name, title, gender
  • Contact details (personal or business email address,
    telephone numbers, address)
  • Company
  • Position
  • Information relating to any matter that you want to
    discuss with us that relates to you as an individual
  • Information from identification documents
  • Financial information, such as bank account details
    and requests relating to invoices
  • Any other personal data that you may disclose to us during
    your relationship with us, such as in calls or email correspondence
Legitimate interests:

  • Getting to know clients / potential clients
  • Growing our business
  • Maintaining and managing our website
  • Responding to your communication(s) with us

Contract

  • Fulfilling our obligations under our retainer agreement with you
Your wish to receive event invitations, updates, or other marketing materials
  • Name, title, gender
  • Contact details (personal or business email address, telephone numbers, address)
  • Company
  • Position
  • Your communication preferences (what types of communication you want to receive,
    when you want to stop receiving communications, feedback, and requests relating to our communications)
  • Any other personal data that you disclose to us, such as dietary requirements, physical disability,
    comments, or requests
Legitimate interests:

  • Getting to know clients and potential clients / colleagues / recruiters / employees / workers / consultants / service providers
  • Identification of relevant content shared with clients and prospective clients
  • Understanding how you want us to communicate with you
  • Expanding our professional networks

Consent

  • On the basis of the consent that you have provided us to receive certain communications
Your application for a job, internship, freelancer position or
consultant role at TravelPlus
  • Name, title, gender, date of birth
  • Results of background checks including references, qualifications, and to the extent permitted by
    law, criminal background checks (unspent convictions)
  • Passport, work permit, visa, or other immigration documentation
  • Contact details (personal, business or educational institution email address, telephone numbers, address)
  • Resumé, including relevant skills and experience
  • Application reasons
  • Language capabilities
  • Special requirements (such as, or relating to, a disability / health issue)
  • Any other personal data that you may provide to us through the application process, such as views
    and preferences that you disclose to us in interviews, your responses to questions, and demonstrations of your skills
Legitimate interests:

  • Getting to know employees or potential employees / workers / consultants
  • Fulfilling our staffing requirements
  • Ensuring potential recruits of any kind are appropriately qualified for positions at the firm

Consent

  • On the basis of the consent that you have provided to us to process your personal data
    in the context of your application which would include in relation to our conducting criminal background and other checks

Legal obligation

  • We have a legal obligation to verify your right to work lawfully in the relevant country applicable to your application

PLEASE NOTE:

If you are applying to work at TravePlus—whether as an employee, intern, vacation student, legal consultant, freelancer, or in any other
capacity—please also refer to our separate “Data Protection Policy for those working at TravelPlus.” A copy of this will be available
on our website and is available on request. Please request/review this policy before submitting any personal data to us.

5 PERSONAL DATA THAT WE MAY COLLECT THROUGH COOKIES

“Cookies” are small pieces of information that are stored by your browser on your computer’s hard-drive for record-keeping purposes.

TravelPlus uses cookies on its website for the following reasons:

a) Analysis – to obtain web analytics from third-party vendors. These third parties use cookies to help analyze how users use
the website. The information generated by the cookie about your use of the website (including your IP address) will be transferred to and
stored by third-party vendors on servers in the United States. These vendors will use this information for the purposes of analyzing your
use of the website, creating reports on the website activity, and providing other services relating to the website activity. These
vendors may also transfer this information to other third parties where required to do so by law, or where such third parties process the
information on the vendor’s behalf.

b) Enhanced website functionality – for instance to provide account log-in prompts and to record preferences that you
input on areas of the website so that you do not have to keep re-entering information.

You can refuse the use of cookies by selecting the appropriate settings on your browser, though please note that if you do so,
you may not be able to use the full functionality of the TravePlus website.

6 PERSONAL DATA FROM MINORS

TravelPlus’ services, including its website, are directed solely at adults. If you are under the age of thirteen (or if being a
‘minor’ is defined as a younger age in your relevant jurisdiction, that relevant age), please do not provide us with any of your
personal data, including your email address.

7 OTHER INFORMATION THAT WE MAY COLLECT AUTOMATICALLY

We collect the following information relating to our website visitors automatically: domain name, IP address, and type of
browser used and type of operating system used. We use this information for internal statistical analysis, such as to see where
our website is being used geographically. However, we do not link this information with any personal data.

8 HOW AND WHY MAY WE PROCESS YOUR PERSONAL DATA?

We may process your personal data in the following ways (depending upon your interaction with us):

a) Collecting your personal data that you input on our website, or provide to us in conversations, emails, or
meetings with us.

b) Recording your personal data, such as through electronic or handwritten notes that we make.

c) Organising and storing your personal data on our servers, in our case management system, in our electronic
HR filing system, in our employee’s email inbox folders, or in hard copy files.

d) Using your personal data to provide our services to you, and address any preferences, complaints, or
comments that you have.

e) Disclosing your personal data to third parties, where necessary, appropriate and/or as required by law
(see section 5 providing more information on this below).

We may process your personal data for the following purposes:

a) To process and manage your purchase and use of our services.

b) To respond to your questions, comments, complaints, or requests.

c) To follow up with you on a job application.

d) To create and deliver personalized communications that are relevant to your preferences.

e) To further our business purposes, such as to perform data analysis, audits, fraud monitoring, and prevention; enhance,
improve, or modify our website or services; identify client trends; determine the effectiveness of our promotional campaigns;
and operate and expand our business activities.

9 HOW WILL WE PROTECT YOUR PERSONAL DATA?

We have implemented security policies and technical measures to protect the personal data that we collect, consistent with
applicable privacy and security laws. These security measures are designed to prevent unauthorized access, improper use or
disclosure, unauthorized modification, and unlawful destruction or accidental loss of your personal data.

We update and test our personal data privacy and security measures on an ongoing basis. We also provide training to our
employees on privacy laws and how to comply with them, and have disciplinary procedures in place that may be imposed on
employees if they do not comply with our standards. We ensure that only employees who need to know your personal data to
fulfill the purposes of processing that personal data (as described in this privacy policy) have access to it.

10 WITH WHOM MAY WE SHARE YOUR PERSONAL DATA?

We take your privacy seriously and will not share your personal data with others, except in the following circumstances:

a) Service providers – we may disclose your personal data to third-party service providers to provide us
with services such as website hosting and professional services, including information technology services, payroll services,
auditing services, consultancy services, regulatory services, and legal services in other countries.

b) Our other group entities – we may disclose your personal data to our other group entities in order to
provide you with tailored services and communications, or in accordance with our business administrative practices.

c) To fulfill your option to share our website content with third parties – using the sharing features
on our website (to share content with Facebook, LinkedIn, or Twitter, for example).

d) Corporate transactions or events – we may disclose your personal data to a third party in connection
with a corporate reorganization, merger, joint venture, sale, transfer, or other disposition of all or any portion
of our business or shares.

e) Legal reasons – we may use or disclose your personal data as we deem necessary or appropriate under
applicable laws; to respond to requests from public, governmental; and regulatory authorities; to comply with court
orders, litigation procedures, and other legal processes; to obtain legal remedies or limit our damages; to protect the
operations of our group entities; and to protect the rights, safety, or property of our employees, you, or others.

11 INTERNATIONAL TRANSFERS OF PERSONAL DATA

Some of our group entities and service providers are located in the United States. Accordingly, if you are an EU
citizen/resident in the EU, please note that we will transfer your personal data to the United States in accordance with EU
data protection law requirements by using standard contractual clauses that have been approved by the European Commission.
Such a transfer may also be necessary in order to perform a contract with you/fulfill your request and/or through obtaining
your explicit consent.

12 WHAT RIGHTS DO YOU HAVE WITH RESPECT TO YOUR PERSONAL DATA?

If you are an EU citizen and reside in the EU, or are non-EU national residing in the EU, you may have the following
rights with respect to the personal data you provide to us, to the extent permitted by applicable data protection laws:

a) To withdraw any consent that you have provided to us to process your personal data.

b) To access or rectify your personal data.

c) To have your personal data erased if it is no longer necessary for the purposes for which it was processed, you
have withdrawn your consent to, or object to, its processing and there is no other legitimate grounds for processing it
or you consider it has been unlawfully processed.

d) To have the processing of your personal data restricted if you contest its accuracy, its processing is unlawful, we no
longer need it but you need it for a legal claim, or you have objected to its processing and await verification of our
legitimate grounds for processing it.

e) To have your personal data transferred to another company under certain circumstances.

f) To complain to your national data protection regulator if you feel that your personal data has been unlawfully processed.

13 FOR HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We retain your personal data only for as long as is necessary for our relationship with you, in accordance with our
retention policies, and in accordance with applicable laws. We do not collect more personal data than we need to fulfill
our purposes stated in this privacy policy, and we will not retain it for longer than is necessary.

14 LINKS TO THIRD-PARTY SITES

Our website may include links to other sites operated by third parties. We are not responsible for information on
these sites, nor for services or products offered by them. Use of such sites, including transmitting your personal
data to them, is at your own risk. You should check the privacy policies (and other applicable terms and conditions)
of these third-party sites.