IN THIS SECTION OF THE PRIVACY POLICY, WE INFORM YOU ABOUT HOW THE COMPANY, ACTING AS THE DATA CONTROLLER, PROCESSES YOUR PERSONAL DATA.

Below, we provide information on how we specifically process personal data as a data controller.

1. Processing of personal data for purposes related to the provision of Company services:

We process your personal data for the following purposes related to the provision of the Company's services:

• Evaluation of investors;
• Conclusion and execution of investment agreements, submission and execution of applications for the redemption of investment units;
• Accounting for financial instruments;
• Mandatory investor notifications through message dispatch;
• Issuance of consent to transfer collective investment units on the secondary market;
• Investment, sale, analysis, and evaluation of potential investments in assets managed by the collective investment entity;
• Sale of or renting out real estate managed by the Fund;
• Management of the real estate assets managed by the Fund.

To access more detailed information about the personal data processed for these purposes, who authorises us to process them, how long we retain the data, to whom we provide it, and other information you have the right to receive, click here.

2. Processing of personal data related to anti-money laundering and know-your-customer implementation:

The processing of personal data related to money laundering and the implementation of the Know-Your-Customer principle is carried out by the Company not only in the context of its own anti-money laundering and anti-terrorist financing prevention activities in compliance with the legal requirements, but also in the context of the need to provide personal data to other commercial banks:

• Implementation of the Know-Your-Customer principle and prevention of money laundering and terrorist financing;
• Enforcement by commercial banks of requirements relating to the prevention of money laundering and terrorist financing.

To access more detailed information about the personal data processed for these purposes, who authorises us to process them, how long we retain the data, to whom we provide it, and other information you have the right to receive, click here.

3. Processing of personal data for the administration of the Company's activities

The Company also processes personal data in the administration of its activities, fulfilling various legal requirements. Such processing concerns not only our clients, but also their relatives, spouses, seminar participants, etc.

• Prevention of publicly undisclosed and non-public information;
• Internal administration of the company (exercise of shareholders' rights);
• Recording and investigation of breach reports;
• Internal investigations (ensuring internal control);
• Conducting internal audits;
• Organisation of online seminars (webinars) (registration for the seminar, management of the registration process, including sending login links, sending reminders about the online seminar, evaluating the relevance and usefulness of the online seminar content);
• Maintaining communication with state institutions to comply with legal requirements;
• Accounting management;
• Archiving;
• Defence of legal claims.

To access more detailed information about the personal data processed for these purposes, who authorises us to process them, how long we retain the data, to whom we provide it, and other information you have the right to receive, click here.

4. Processing of personal data related to the conclusion and execution of contracts with service providers/partners, etc.

In conducting its activities, the Company engages various service providers, maintains relationships with partners, etc., by concluding contracts. When concluding and executing contracts, the Company processes personal data of both service providers/partners, etc., and representatives of both natural and legal persons. Learn how we process this personal data here.

5. Direct marketing

We send messages about our services, news, and other relevant information related to the Company's provided services to individuals who have expressed their consent (Article 6(1)(a) GDPR, Article 81(1) of the Law on Electronic Communications). Your data for direct marketing purposes will be processed for 5 years, but no longer than until you revoke your consent.

On the basis of our legitimate interest (Article 6(1)(f) of the GDPR, Article 81(2) of the Republic of Lithuania Law on Electronic Communications), we will send special offers regarding the provision of the Company's services by electronic means (e-mail) to our customers who have provided their contact details and who have not objected at the time of their provision to our intention to process them for the purposes of direct marketing. Your data for direct marketing purposes will be processed for 5 years, but no longer than until the end of business relations with you, or until you express objection to receiving the specified offers.

For direct marketing purposes, the Company will process the following personal data: email address, telephone number (mandatory data, without which we cannot send you direct marketing messages), first name, last name.

You have the right to object or withdraw your consent to receive direct marketing messages at any time by contacting us via email: dpo@nteram.lt.

IMPORTANT! Some messages are sent as part of executing investment contracts concluded with you; such messages are not considered direct marketing, and your contact details are processed as specified in point 1 of this Privacy Policy.

6. Processing of candidate data for Company employees

We are actively seeking candidates for  Company employees, therefore, we search for candidates not only passively but also by making active efforts. The type and manner of processing your personal data as a potential candidate/employee depend on the position you are applying for, as well as whether you provide your personal data to us or we actively gather data about you as a candidate from public sources. For more details, click here.

7. Protection of company assets (video surveillance)

The Company conducts video surveillance at certain properties belonging to managed investment funds for the purpose of protection, based on legitimate interests. (Article 6(1)(f) of the GDPR). When conducting video surveillance, the Company processes video data, which may include: image, trajectory of person's movement, items held by the person. The duration of video data storage may vary depending on the location. We provide current information about the properties where video surveillance is conducted and the duration of video data storage at these locations:

Please note that, by decision of the Company's management, video data may be stored for a longer period than indicated above if there is reason to believe that the video data may be needed to investigate criminal activity or other incidents occurring on the premises, or in case of damage-causing incidents. In this case, the Image Data shall be retained until such time as an appropriate final decision or conclusion is made by law enforcement authorities or a court in relation to the criminal offence, or otherwise by the persons investigating the incident, or by other persons investigating the event that caused the damage. In this case, video data may be provided to lawyers, courts, law enforcement agencies. Recipients of the video data may also include our appointed data processors acting on our behalf and according to our instructions.

8. Protecting confidential information of the company and business continuity

In order to ensure the protection of Company confidential information and the continuity of Company operations in line with our legitimate interests, the Company may review correspondence between its employees and counterparties. For these purposes, the Company processes the personal data of its employees and individuals who send or receive employee emails, including: email address, sender or recipient's name, surname, date, and content of information contained in electronic work tools.

Data collected for the purpose of protecting confidential information are stored for 4 years, in accordance with the provision of Article 1.125(9) of the Civil Code of the Republic of Lithuania. When defending legal claims, data may be provided to such data recipients (data processors) as courts, state institutions resolving disputes, parties to the dispute, lawyers, and other legal service providers.

9. What purposes do we process personal data of website visitors for?
9.1 What information do we collect about you when you contact us with an inquiry?

You can contact us via the contact form on the website, social media platforms such as Facebook, LinkedIn. We receive, review, and respond to all messages ourselves. If you contact us, we may process the data you have provided to us, i.e. your email address, name, the subject of the message you send and the message you write to us, your username (if the request is sent via a social network account), the date, time, recipient, sender (if the message is addressed to you) of the messages sent and received, and the content of the correspondence we have with you.

Such data will be processed in order to respond to your inquiries. If you do not provide your contact information, we will not be able to communicate with you.

Correspondence is stored for the duration of the correspondence or the validity of the contract (if the parties are bound by contractual relations), except for information for which other storage periods are established by law.

All personal data you provide when communicating with us are used solely for the purposes stated above and for reviewing messages and administering and managing communication streams. We are committed not to use your personal data in any publications that would enable your identity to be determined without your clear consent.

Please note that we may need to contact you using the contact information you provide. Please inform us of any changes to your personal data if they occur.

9.2 Social media

Information provided to us through social media (including messages, the use of "Like" and "Follow" buttons, and other communication) is controlled by the social network manager.

Links to our social media accounts (hereinafter "Social Accounts") are provided on our website. Currently, we administer the following Social Accounts:

• Nter account on Facebook;
• Nter account on LinkedIn.   

We process the information on social media accounts for account management purposes based on your consent expressed by implied actions. We do not separately store the information on social media accounts (when data are processed for the purpose of Social Account management, but the data may be retained if necessary for processing for other purposes, such as legal defines).

When you visit Social Accounts, social media administrators install cookies on your device, which collect personal data. Cookies are installed both if you are a registered user of social media networks and if you do not have an account on the respective social network. We have no access to the personal data collected, and from social media administrators, we can only obtain statistical information about the visits to Social Accounts. We encourage you to read third-party privacy notices and contact service providers directly if you have any questions about how they use your personal data.

9.3 What information do we collect when using cookies?

A cookie is a small file made up of letters and numbers that is stored in your device's (computer, mobile phone, tablet) browser. You can find more information about the cookies on this website here or in the end of this page.

9.3.1. What information do we collect using cookies, how long do we keep it, and which specific cookies do we use?

During the preparation of the Privacy Policy, we only use strictly necessary cookies to ensure the operation of our website and to comply with certain legal requirements. The basis for using such cookies is Article 73 (4) of the Republic of Lithuania's Law on Electronic Communications.

9.3.2 Who allows us to use cookies?

You may be accustomed to being asked for consent to use cookies, but we only use essential cookies for which your consent is not required; we use them on the basis of our legitimate interests to ensure the functioning of the website and to limit our liability.

9.3.3 How to remove cookies?

You can change your browser settings on your computer, tablet, or smartphone at any time so that cookies are not accepted or are deleted if cookies have already been stored. The detailed instructions depend on the browser and device you are using; you can find more information here:

• Internet Explorer – https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#ie=ie-11  
• Microsoft Edge – https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09  
• Mozzila Firefox – https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US  
• Google Chrome – https://support.google.com/chrome/answer/95647?hl=en  
• Opera – https://help.opera.com/en/latest/web-preferences/#cookies  
• Safari – https://support.apple.com/en-us/HT201265  
• Apple – https://support.apple.com/en-us/HT201265  
• Android – https://turbofuture.com/cell-phones/How-to-delete-internet-cookies-on-your-Droid-or-any-Android-device  
• Chrome browser Android –https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en   

IMPORTANT! Please note that rejecting all cookies may have a negative impact on the usability of the website, such as slowing down internet browsing speed, limiting the functioning of certain website features, or blocking access to the website.

10. Data transfer to third countries

The data controllers of social media networks (Facebook, LinkedIn) are established in a third country – the United States, which the European Commission has recognised as providing an adequate level of protection.

The data controller processes the data of European Union residents published on the Facebook social network. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Information on how you can exercise your rights as a data subject can be found at this address: https://lt-lt.facebook.com/privacy/explanation/. If you have complaints about the actions of Meta Platforms Ireland Limited in processing your personal data or in implementing (not implementing) your rights as a data subject, you have the right to lodge a complaint with the supervisory authority of Meta Platforms Ireland Limited – the Irish Data Protection Commission or the State Data Protection Inspectorate.

The data controller processes the data of European Union residents published on the LinkedIn social network. LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). Information on how you can exercise your rights as a data subject can be obtained at this address: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. If you have complaints about the actions of LinkedIn Ireland Unlimited Company in processing your personal data or in implementing (not implementing) your rights as a data subject, you have the right to lodge a complaint with the supervisory authority of LinkedIn Ireland Unlimited Company – the Irish Data Protection Commission or the State Data Protection Inspectorate.

We also use Microsoft products and services and have entered into a Data Processing Agreement with Microsoft Ireland Operations Limited established in Ireland; however, when providing services to this data processor, there may be cases where data is transferred to third countries. In such cases, Standard Contractual Clauses for data protection (controller-to-processor module) will apply to protect your personal data, as agreed between Microsoft Ireland Operations Limited and Microsoft Corporation. These clauses are intended for the transfer of personal data from European Economic Area data controllers to data processors located in third countries where an adequate level of data protection is not ensured, as described in Article 46 of the General Data Protection Regulation and confirmed in the European Commission Decision 2021/914/EU of June 4, 2021. Additionally, please note that, as mentioned, the United States, where Microsoft Corporation is located, has been recognised by the European Commission as ensuring an adequate level of protection.

11. Data collection and disclosure

We receive your data from you, your devices.

We may disclose information about you to our appointed data processors (IT service providers, marketing service providers, etc.).

In addition, we may disclose information about you:

• If required by law;
• when intending to sell a part of our business or assets, disclosing your personal data to a potential buyer of the business or its part;
• upon selling the business or our essential asset part to third parties.

Except as provided in this Privacy Policy, we do not provide your personal data to any third parties.

The list of recipients or categories of recipients specified in the Privacy Policy is subject to change, therefore, if you wish to be informed about changes in the recipients of your personal data, please notify us by sending us an e-mail to the e-mail address specified in this Privacy Policy, stating "I wish to receive information about changes in the recipients of my personal data, name in the body of the e-mail."

12. What rights do you have and how to exercise them?

In this section, we provide information about your rights related to the processing of your personal data by us and cases in which you can exercise these rights. If you want to get more information about your rights or to exercise them, please contact us at the email address provided in this Privacy Policy.

We will provide you with information about the actions taken upon receiving your request regarding the implementation of your rights within 1 (one) month from the receipt of the request, without undue delay. Depending on the complexity of the request and the number of requests received, this period may be extended for an additional 2 (two) months. In such a case, we will inform you within 1 (one) month of receiving the request about the extension of the term and its reasons. We will refuse to implement your rights only in cases provided by law.

12.1. Right of access to own personal data

We want you to fully understand how we use your personal data so that you do not experience any inconvenience. Information on how we process your personal data is primarily provided in this Privacy Policy (right to be informed). Nevertheless, you can always contact us and inquire whether we process any of your personal data. If we store or use your personal data in any way, you have the right to access it. To do this, please submit a written request to the email address specified in this Privacy Policy, confirming your identity (if such confirmation is required in a specific case).

We expect that in making such requests, you will not abuse the process and will adhere to principles of fairness and reasonableness.

12.3. Right to withdraw your consent

If you have provided us with clear consent for the processing of your data, you can revoke it at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.

For information on how to withdraw your consent for the use of cookies, reject cookies, or remove them, please refer to the "Cookies" section of the Privacy Policy.

12.4. Additional rights

Below you will find information about additional rights that you may have, which you can exercise by following the procedures described below.

a) You have the right to ask us to correct any inaccuracies in the data we hold. In this case, we may ask you to confirm the corrected information.
b) You have the right to ask us to delete your personal data. This right is exercised in cases provided for in Article 17 of the General Data Protection Regulation (EU) 2016/679.
c)You have the right to request us to restrict or not process your personal data:

• During the period of time necessary to verify the accuracy of your personal data when you make a complaint about the accuracy of the data;
• where our collection, storage or use of your personal data is unlawful, but you choose not to request erasure of the data;
• where we no longer need your personal data, but you need it to establish, exercise or defend a legal claim;
• the period necessary to determine whether we have an overriding legal basis to continue processing your personal data if you have exercised your right to object to the processing of personal data.

d) You have the right to receive your data, processed by automated means and provided by you in a structured, commonly used, and machine-readable format, with your consent or for the purpose of entering into a contract. Upon your request, we will transfer a copy of your data provided by you to you or to a data controller of your choice.
e) You have the right, in accordance with Article 21 of the GDPR, to object to the processing of your personal data, for example, when we use your personal data based on our legitimate interests.

12.4. Right to request more information

We strive to provide clear and comprehensive information about the processing of personal data and undertake to update this Privacy Policy as the data usage processes change. However, if you have any questions about our use of your personal data, we will be happy to answer them or provide you with any additional information we may disclose. If you have any specific questions or if you do not understand the information provided, please contact us.

13. Complaints

If you believe that your rights as a data subject are or may be violated, please promptly contact us at the email address provided in this Privacy Policy. We assure you that upon receipt of your complaint, we will contact you within a reasonable period and inform you about the progress of the investigation, and later about the outcome.

If you are dissatisfied with the results of the investigation, you may lodge a complaint with the supervisory authority – the State Data Protection Inspectorate. https://vdai.lrv.lt/.