Version: 1.0
Date: July 7th, 2025
Review Date: -

Privacy policy concerning the processing of customer and website user personal data

Nalantis NV (hereinafter ‘Company’, ‘we’, ‘us’ and ‘our’) understands the importance of the privacy of its customers and users of its websites (www.nalantis.be with its subdomains and www.nalantis.com with its subdomains, hereafter “website”) visitors and the protection of their personal data. This policy sets out how we handle and process your personal data.

1. Scope

Nalantis NV, with its registered offi ce at Otto Veniusstraat, 9, 2000, Antwerpen, Belgium, KBO (Crossroads Bank for Enterprises) number BE 0847.668.944 manages its websites. We act as the data controller when we process our customers’ and website users’ personal data.

We believe it is important to create and maintain an environment where our customers can be confi dent that their data will not be misused. We comply with the regulations applicable to data protection such as the Regulation (EU) 2016/679 (also referred to as the General Data Protection Regulation, hereinafter “GDPR”) and the Belgian Data Protection Act. The aforementioned regulations concern the protection of personal data and provide you with rights over the said personal data.

The objective of this policy is to indicate what personal data we collect, how we use your data after you have visited our website and to assure you that we process your data appropriately.

This privacy policy and the terms and conditions of use apply when you visit our website. The application of terms and conditions other than those set out herein is explicitly prohibited unless we have provided express permission in writing in advance. In the latter case, this policy applies alongside the specifi c agreement. The use of this website, the platform and the content contained therein is only permitted subject to compliance with this policy. The use of this website, the platform and the content contained therein is only permitted subject to compliance with the full text of this policy

2. What type of personal data do we collect?

It is not necessary to provide personal data to use most of our website.
We collect and process the following categories of personal data for the purposes stated below:

o Name, form of address, address;
o Contact details (fi rst name, last name, email);
o Company name;
o Language preference.

Additional or optional data are provided by fi lling out forms on our website or when we contact you (by telephone, email or at trade fairs or events).
We also collect and process data obtained via our website or the devices you use. The collected data may be:

o Login details (username and password) for the section of the website reserved for customers;
o Location data (collected via social media or the IP address of your device; GPS signals sent by your mobile device);
o Data collected using cookies, web beacons or from the internet. These data are automatically collected and can be related to the website you visited before you navigated to our website or the website you navigated to after visiting our website. We may also collect data on the website pages you have visited, your IP address, the type of browser you use, the access time and your operating system. Read our Cookie Policy to find out more on how we use cookies.
o Data we obtain from other websites, for example if you ask us to link to your Facebook account.

We may also collect data from the public domain to check data previously collected or to manage or broaden our activities.

3. Why do we collect these data and on what legal basis?

We collect the aforementioned data to create a profi le in order to understand your needs and to provide better service, and for the following specifi c purposes:

o To respond to your (online) questions regarding our products or services, to be able to provide information regarding our products and to follow up online offers.
o To supply the products and services you have ordered.
o To provide access to the online customer platform where you can:

- Place orders
- Check delivery terms
- Check your customer history and warranties
- Check the data generated by our machines, available on our cloud platform. These data, related to [the operations and performance of the machines/work, performance and use of the machines by the employees] is available to you via a personalised account after logging onto the platform.

o To check your identity and fi nancial data regarding payments for our products or services.
o To improve our products or services.
o To investigate complaints on our products, services or website.
o To meet the legal and regulatory obligations as well as compliance requirements.
o To analyse and monitor the use of accounts to prevent, investigate or report fraud, terrorism, deception, security incidents and criminal activity to the relevant authorities.
o To send periodic email messages with offers on our products and services, special offers or other information which we believe may be of interest to you.
o To contact you from time to time for the purposes of market research purposes. We may contact you by email or telephone.
o To process your personal data for specifi c purposes as indicated on specifi c forms on our website, by notifi cation in writing or by email.

We process the aforementioned personal data based on various processing reasons, as listed in Articles 6.1 (a), (b), (c) and (f) of the GDPR.

Processing of your personal data is required in order to meet contractual obligations for the purposes of delivering products or services in accordance with our agreements. Where personal data is processed (for example to create invoices or communicate with you) in the execution of the agreement, we will store the data for 7 years in accordance with legal retention requirements.

In some cases, it can be a legal requirement to process personal data and to share it with third parties such as government entities for the purposes of government business or anti-money laundering legislation.

In these cases, we have a legitimate interest to process your personal data and to contact you to be able to perform our operations or provide you with information on our products, services, promotions and/or events. Your personal data is retained for up to one year after the termination of our commercial relationship.

If you are not a current customer, we will request your permission to provide you with information on our events, products and services for promotional purposes. In this case, we will retain your personal data for one year.

4. How will your data be used and shared?

We can share your personal data with:

o Affiliate and subsidiary companies; or
o Third parties with whom you have asked us to share your personal data, such as Facebook or other social media if you have asked us to link these to your account.

Based on our legitimate interest, we may also share your personal data with third parties that assist us with our products and services. Some examples of third-party activities include the hosting of web servers, data analysis, marketing support providers and customer service. These companies have access to your personal data but only when this is required to perform their activities. They are not permitted to use your data for any other purposes.

Your personal data may not be sold or leased to third parties.

We may publish your personal data to enforce our policy, to comply with our legal obligations or in the interest of safety, in the public interest or for the purposes of legal enforcement in any country where we have entities or subsidiaries. We may follow up a request from a law enforcement agency, regulatory authority or government agency. We may also publish data for the purposes of current or scheduled court cases or to protect our property, safety, people or other rights and interests.

Should Nalantis NV be sold or merges with another company, your data will be accessible to the advisor of the potential buyer and transferred to the new company owners. In that case, we will take the appropriate measures to guarantee the integrity and confi dentiality of your personal data. The use of your personal data will always be subject to this policy.

5. Transfer of your personal data outside the European Economic Area

We may transfer your personal data to third parties in third countries (outside the European Economic Area (EEA)). The said transfer of data outside the EEA is legal if the recipient of the data resides in a country with a level of protection deemed adequate by the European Commission. Some of these countries may not have enacted equivalent data protection legislation to protect the use of your personal data. In such cases, we have researched whether appropriate preventive measures similar to those implemented within the EU are possible, for example by adopting standard contractual clauses. In specifi c cases, we will request your prior consent to the transfer of your personal data outside the EEA. Please follow the procedure set out in Rights of the data subject for further information on data transfer.

6. Rights of the data subject

Data protection legislation provides various rights for the data subject with regard to the processing of personal data to ensure the data subject has suffi cient control over the processing of their personal data.

You are entitled to inspect the data we hold on you and to request and receive a copy of the personal data on our records. You are entitled to request that we amend, add to or delete any outdated, incorrect or incomplete personal data relating to you when your personal details change. You are also entitled to limit the processing of your personal data and to object thereto. You are also entitled to receive the personal data you have provided to the data controller in a structured, commonly used, machine-readable format, and to transmit it to another data controller.

We have appointed a Data Protection Offi cer (DPO), who can be contacted by email dpo@nalantis.com to answer questions regarding the processing of your personal data. The DPO will respond to your requests to exercise your rights.

You are entitled to lodge a complaint with the competent supervising authority (for data protection). In Belgium, the Data Protection Authority, Drukpersstraat 35, 1000 Brussels (contact@apd-gba.be)

Security

We make every effort to guarantee the security of your data. We have implemented reasonable technical and organisational measures to guarantee your personal data against accidental or unlawful destruction, loss, modifi cation, unauthorised disclosure and/or unauthorised access to the data transmitted, saved or otherwise processed. Please note that the internet is an open network; we cannot therefore guarantee that unauthorised third parties will not be able to circumvent these measures or use your personal data for inappropriate purposes.

This website may include links to third-party websites. We will not be held liable for the content of these websites, nor for the privacy standards and practices of the corresponding third party. You must read and understand the relevant third-party and website privacy policies before accepting cookies and visiting a website, to ensure your personal data is suffi ciently protected.

7. Terms and conditions of use and liability

A. Rights to the website and materials – Permitted usage

Our website and the materials available thereon (for example texts, images, videos, data, software, brands and trademarks and other data) are protected by intellectual property rights and other rights vested in us.

Visitors to the website and any other platforms (customer section) are permitted to consult the website, the platform and the material for their own purposes. This right of use is non-exclusive and non-transferable and we reserve the right to revoke this right at any time and without justifi cation. Any other use of any element of the website and/or platform (i.e. reproduction, changes, publication or any other form of distribution) is prohibited, unless we and/or the licensors have provided advance express permission in writing.

B. Prohibited use of the website and material

You undertake as follows: not to use the website, the platform and the material (1) illegally and/or for illegal purposes; (2) not to damage, modify, interrupt, stop it or impair its effi ciency; (3) to disseminate or install computer viruses nor to disseminate or install material that is insulting, obscene, threatening or otherwise not in accordance with the intended use of the website and the platform; (4) not to infringe third-party or our rights to privacy, protection of personal data or intellectual property; (5) to disseminate or install material for marketing or advertising purposes without requesting our prior approval and only insofar as the recipient has requested the said material.

C. Liability

We shall make every effort to ensure the information we add to our website and the platform is as complete, correct and current as possible, although we cannot guarantee that the information provided does not include any errors. The information contained therein is not aimed at specifi c people or organisations and may therefore not be complete, relevant or accurate.

The information must not be considered professional or legal advice (an expert should always be consulted for these purposes). The user is responsible for the use of the website, the platform and their data. We waive all liability for any damage caused by any errors on this website.

We make every reasonable effort to limit technical malfunctions. Errors and malfunctions may however occur when using the website or the platform, which may hinder the availability or operation thereof. The website, the platform and the content thereof is provided “as is” and we do not accept any liability for issues resulting from the use of our website, the platform or the content thereof.

The website pages or the platform may contain links to external websites for whose content we neither assume nor will assume any liability with regard thereto. We will not be held liable for material and information added by users to the website or platform. The user is obliged to indemnify or compensate us for all damage attributable to the material and information.

8. Applicable legislation and jurisdiction

Belgian law is applicable to our website, this policy and disputes that may arise with regard to these. In the event of a dispute, only the courts of Antwerpen shall have jurisdiction.

9. Amendments to this policy

Nalantis NV may amend or update this policy to ensure the provision of information on how we process your personal data at that time. The updated version of this policy is available on the same website and will take effect upon publication. Please visit this webpage regularly to ensure you remain up-to-date on how we collect and process personal data, how and under what circumstances we use your personal data and when we share your personal data with third parties.

Changes to this Plan: This plan has been last updated on July 7th 2025.