PRIVACY POLICY

AshGrove Capital Nordics ApS

This Privacy Policy explains how AshGrove ("We", "Us") processes your personal information.

1. Data Controller

The entity responsible for the processing of your personal information is:

AshGrove Capital Nordics ApS
August Bournonvilles Passage 1
1055 Copenhagen K

CVR: 46067681
Phone: +44(0)7555810544
Email: samuli@ashgrovecap.com

2. Description of the Processing

Purpose	Categories of personal data	Source of the personal data	Legal basis for the processing	Recipients	Data retention
Provision of our service In connection with our management and administration of the ongoing customer relationship, we may process personal data about you. This includes liaise with portfolio companies, suppliers and group companies, and administering our contract with you and/or our portfolio companies (if applicable). We process this personal data to handle our service delivery, communication, invoicing and accounting, quality management and control, as well as any other matters related thereto.	We may process the following personal data: Contact details such as name, email address, postal address, and telephone number; and Bank and payment information such as account and registration numbers.	We collect your personal data from the following source(s): Directly from you	We process the mentioned personal data as part of our legitimate interest in managing the ongoing customer and business relationship and in performing an agreement, pursuant to Article 6(1)(f) of the GDPR. If we have a contractual relationship with you as an individual, we process your personal data on the basis of Article 6(1)(b) of the GDPR, as the processing is necessary for entering into and performing our agreement with you. When we process your information for accounting purposes, the processing is based on Article 6(1)(c) of the GDPR. Our legal obligations follow from Chapter 3 of the Danish Bookkeeping Act (the accounting requirements) and Section 12 of the Act (the obligation to retain accounting material).	We share your personal data with: Suppliers and vendors (data processors) that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions). We may in particular disclose your personal data to Eze Castle Integration, Microsoft Ireland Operations Limited and Optima Consulting Partners Ltd. Group entities.	As a general rule, we retain the mentioned personal data for as long as the customer or business relationship exists, and for up to five years after the end of the current financial year, as the data form part of our accounting records, which we are legally required to retain pursuant to Section 12 of the Danish Bookkeeping Act.
Communication and customer support We may process your personal data when you contact us, supply information or request information from us, and/or when you contact us directly via one of our members of staff, advisors or agents.	We may process the following personal data: Name, telephone number and e-mail address; and The content of your communication.	We collect your personal data from the following source(s): Directly from you	We process your personal data on the following legal bases: Article 6(1)(f) of the GDPR, where our legitimate interest is to provide relevant customer support and to handle enquiries from our customers and other business contacts.	We share your personal data with: Suppliers and vendors (data processors) that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions). We may in particular disclose your personal data to Eze Castle Integration and Microsoft Ireland Operations Limited. Group entities.	We retain personal data contained in general enquiries for up to one year after the correspondence has concluded, unless there are specific reasons to retain the data for a longer period.
Website visitors and cookies When you visit our website (www.ashgrovecap.com) we collect personal data about you as a result of our use of cookies. We process your personal data to ensure the optimal functioning of our website, including to maintain functionality, generate statistics on website usage, and remember your preferences. The servers hosting our website automatically record certain information about you when you use this site. We may use this information to understand who has seen which pages in order that we can monitor and improve the website. You may read more about this in our cookie policy.	We may process the following personal data: Personal data collected through cookies, including IP address; information about your IT equipment, such as internet browser, operating system and MAC address; as well as information about your behaviour, including your use of our website.	Automatically collected when you use our website.	When we collect your personal data through technically necessary cookies, this is done on the basis of Article 6(1)(f) of the GDPR, where our legitimate interest is to provide you with an optimally functioning and efficient website. All other processing is carried out on the basis of your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time by clicking “Change consent” in our cookie policy.	We share your personal data with: Suppliers and vendors (data processors) that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions). We may in particular disclose your personal data to Eze Castle Integration and Microsoft Ireland Operations Limited.	We store your personal data in accordance with our cookie policy. You can read the storage periods for each cookie here: https://www.ashgrovecap.com/cookie-policy

3. Transfers to Countries Outside the EU/EEA

In some cases, AshGrove will be transferring personal data to its sub-processors. They may transfer the personal data to its sub-processors in the following countries outside the EU/EEA: Australia, Brazil, Canada, Chile, China, Hong Kong, India, Indonesia, Israel, Japan, Republic of Korea, Malaysia, Mexico, New Zealand, Qatar, Singapore, South Africa, Switzerland, Taiwan, the UK, United Arab Emirates and the USA.

Israel, Republic of Korea, New Zealand, Switzerland, and the UK have been deemed by the Commission of the European Union to have an adequate level of protection of personal data pursuant to GDPR article 45(3). Canada, Japan and the USA have under certain circumstances been deemed by the Commission of the European Union to have an adequate level of protection of personal data. With regard to the USA, the Commission has concluded that companies certified under EU-U.S. Data Privacy Framework ensure an adequate level of protection.

If the European Commission has not decided that a third country ensures an adequate level of protection, or if a recipient is not covered by such a decision, we transfer the covered personal data based on the standard contractual clauses adopted by the European Commission according to GDPR Art. 46.

You can get more information about the measures we take in relation to transfers of personal data from your HR-department or the Data Protection Officer (if appointed), see contact details in section 1.

4. Your Rights

As a data subject under the GDPR, you have a number of rights that we can assist you with.

Your rights include the following:

Right of access. You have the right to request information about and a written copy of the personal data we process about you.
Right to rectification. You have the right to correct incorrect personal data, as well as the right to request the completion of incomplete data.
Right to erasure and restriction of processing. Under certain conditions, you have the right to request deletion of your information. Such conditions may, for example, be if they are no longer necessary for the purpose for which they were collected. You also have the right to oppose the processing of your personal data and have the processing of your personal data restricted.
Right to data portability. In some cases, you have the right to obtain your personal data in a structured, generally used, and machine-readable format from us, as well as the right to have your personal data transferred to another company when it is technically possible ("data portability"). This applies if the personal data is provided by you and the processing is based on consent or an agreement and if the processing takes place automatically.
You have the right to receive the personal information that you have provided yourself in a structured, commonly used, and machine-readable format (data portability).
Right to object. If our processing of personal data about you is based on GDPR Article 6(1)(e) or 6(1)(f), you have the right to object to the processing. In particular, you have an unconditional right to object to the processing of your personal data for the purpose of direct marketing.

Please note that certain conditions or restrictions may apply to these rights, depending on the specific circumstances relating to the processing activities.

It is therefore not certain e.g., that you have the right to data portability - this depends on the specific circumstances surrounding the processing activities. If an exception applies, we will inform you of this when we respond to your request.

If you want to invoke one or more of your above-mentioned rights as a data subject, you can contact Samuli Kytö whose contact details are set out at the top. We will review your request and respond within a reasonable time and in accordance with applicable law. To protect you and your personal data we may request additional information to confirm your identity before responding to your request.

We strive to do our utmost to meet your wishes regarding our processing of your personal data and your rights as a data subject. If you, despite our endeavours, wish to file a complaint, you can do so by lodging a complaint with the data protection authority in the Member State where you have your habitual residence, where you work or an alleged breach of data protection laws and regulations, i.e., Datatilsynet in Denmark.

Last updated: 8 December 2025