1. INTRODUCTION

Thank you for your interest in Omen Investments and in our M&A (mergers and acquisitions) advisory services.

Whenever you engage in any type of relationship with us whether as a prospective client, business partner, investor, or simply as a visitor to our website - you entrust us with your personal data.

The purpose of this Privacy Policy is to explain what personal data we collect and process, why we process it, how we use it, and what rights you have under Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR") and the applicable national legislation.

2. IDENTITY OF THE DATA CONTROLLER

OMEN INVESTMENTS S.R.L., a company duly incorporated and existing under the laws of Romania, having its registered office at Strada Trandafirilor no. 131, Room 1, Building A, 2nd Floor, Apartment 11, registered with the Trade Register under no. J2025097739008, VAT 53122009, duly represented by Mr. Francesco Marcello Petrosillo, Email: francesco@omeninvestments.com, Telephone: +39 320 252 8228, Website: www.omeninvestments.com.

privacyPolicyPage.sections.controller.p2

3. DATA SUBJECTS

This Policy applies to any identified or identifiable natural person whose personal data we process, including:

• visitors of www.omeninvestments.com;
• individuals who contact us through the contact form or by email;
• representatives, shareholders, or contact persons of client or partner companies;
• any other individuals who enter into any type of relationship with Omen Investments.

4. CATEGORIES OF PERSONAL DATA COLLECTED

4.1 Data provided directly by you

When you complete the contact form on our website or contact us directly, we may collect:

• first and last name;
• business email address;
• telephone number (optional);
• company name and company size (1-10, 10-50, 50-100, 100+ employees);
• the message or request you submit.

4.2 Data collected automatically (technical and browsing data)

When you access our website, we may automatically collect certain information through cookies and similar technologies, including:

• IP address;
• browser type and version;
• operating system;
• pages visited and duration of the visit;
• referral source (originating URL).

4.3 Data obtained from third-party sources

In the context of our business relationships, we may receive data relating to representatives or business partners of client companies from publicly available sources (e.g. LinkedIn, public commercial registers) or directly from the client company, for the purpose of carrying out M&A mandates.

5. PURPOSES AND LEGAL BASES FOR PROCESSING

We process personal data only for specified, explicit and legitimate purposes, and solely on the basis of a valid legal ground under Article 6 of the GDPR, as set out below.

5.1 Responding to enquiries and pre-contractual communication

We process the personal data submitted through the contact form, by email, or through other communication channels in order to respond to enquiries, assess potential collaboration opportunities, and take steps at the request of the data subject prior to entering into a business relationship or service agreement.

Legal basis: Article 6(1)(b) GDPR: processing is necessary in order to take steps at the request of the data subject prior to entering into a contract.

5.2 Performance of an M&A services agreement

Where you become a client of OMEN INVESTMENTS S.R.L., we process the personal data necessary for the negotiation, conclusion, and performance of our advisory mandate, including, as applicable, transaction assessment, business valuation, due diligence, deal structuring, negotiation support, transaction management, and closing-related activities.

Legal basis: Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into such contract.

5.3 Compliance with legal obligations

We process personal data where necessary to comply with applicable legal and regulatory obligations, including, without limitation, obligations relating to tax, accounting, record-keeping, anti-money laundering (AML), know-your-client (KYC) procedures, sanctions screening, and cooperation with competent public authorities.

Legal basis: Article 6(1)(c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject.

5.4 Legitimate interests

We may process certain personal data for the purposes of our legitimate interests, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. These legitimate interests may include, in particular:

• managing and maintaining our business relationships and professional network;
• assessing potential transactions and business opportunities;
• communicating with representatives, contact persons, counterparties, investors, advisers, and other persons involved in actual or potential transactions;
• ensuring the security, integrity, and proper functioning of our website, systems, and communications;
• preventing fraud, misuse, unauthorised access, and other unlawful activities;
• improving our services, internal processes, and website performance;
• establishing, exercising, or defending legal claims.

Legal basis: Article 6(1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

5.5 Direct marketing and business communications

Where permitted under applicable law, we may send communications regarding our services, publications, insights, or events relevant to the M&A sector and related business activities.

Where such communications are based on your prior consent, the applicable legal basis shall be: Legal basis: Article 6(1)(a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Where permitted by applicable law, certain business-to-business communications may also be sent on the basis of our legitimate interest in promoting our professional services to relevant business contacts, subject at all times to the data subject's right to object.

Legal basis, where applicable: Article 6(1)(f) GDPR: legitimate interests.

You may withdraw your consent at any time, or object to direct marketing communications, without affecting the lawfulness of processing carried out prior to such withdrawal, by contacting us at francesco@omeninvestments.com.

6. DATA RETENTION PERIOD

We retain personal data only for as long as necessary to fulfil the purposes described above, in accordance with the storage limitation principle under Article 5(1)(e) GDPR. The main retention criteria are as follows:

• Data submitted through the contact form (without any subsequent contractual relationship): up to 12 months from the last interaction;
• Data relating to a services agreement: up to 5 years from termination of the agreement, in accordance with applicable tax and accounting retention periods;
• Data necessary for the establishment, exercise, or defence of legal claims: for the duration of the applicable limitation period;
• Technical browsing data (logs, cookies): in accordance with the Cookie Policy, generally for a maximum of 12 months.

Once the applicable retention periods expire, the data will be deleted or irreversibly anonymised.

7. DATA RECIPIENTS AND INTERNATIONAL TRANSFERS

Your data is accessible only to those persons within Omen Investments who are directly involved in providing the requested services.

We may disclose data to carefully selected third parties, strictly for specified purposes, such as:

• IT service providers (hosting, security, web analytics), under appropriate contractual data protection safeguards;
• external legal and financial advisers involved in M&A mandates;
• accountants and auditors;
• competent public authorities (including prosecutors, courts, and regulatory authorities), where required by law.

Given the international nature of Omen Investments' business activities (operations in the United States and Europe), certain data may be transferred outside the European Economic Area, in particular to the United States of America.

Any such transfer will be carried out solely on the basis of appropriate safeguards (such as Standard Contractual Clauses approved by the European Commission pursuant to Article 46 GDPR) or other legally recognised transfer mechanisms.

8. COOKIES AND SIMILAR TECHNOLOGIES

The website www.omeninvestments.com may use cookies and similar technologies to ensure website functionality, analyse traffic, and improve user experience.

Full details regarding the types of cookies used, their purposes, and the ways in which you can manage your preferences are set out in our separate Cookie Policy, available on the website.

9. YOUR RIGHTS

As a data subject, you benefit from the following rights under the GDPR, which you may exercise at any time by submitting a written request to francesco@omeninvestments.com:

• Right of access (Article 15 GDPR): the right to obtain confirmation as to whether your personal data is being processed and to receive a copy of such data;
• Right to rectification (Article 16 GDPR): the right to request correction of inaccurate data or completion of incomplete data;
• Right to erasure / "right to be forgotten" (Article 17 GDPR): the right to request deletion of your data under the conditions provided by law;
• Right to restriction of processing (Article 18 GDPR): the right to request a temporary suspension of processing;
• Right to data portability (Article 20 GDPR): the right to receive the data you have provided in a structured, commonly used, and machine-readable format;
• Right to object (Article 21 GDPR): the right to object to processing for direct marketing purposes or based on legitimate interests;
• Right to withdraw consent (Article 7 GDPR): applicable where processing is based on consent, without affecting the lawfulness of prior processing;
• Right not to be subject to decisions based solely on automated processing (Article 22 GDPR), including profiling;
• Right to lodge a complaint with a competent supervisory authority (e.g. the Romanian National Supervisory Authority for Personal Data Processing - ANSPDCP; or the Italian Data Protection Authority - Garante per la Protezione dei Dati Personali).

We will respond to your requests within 30 calendar days. This period may be extended by up to an additional 60 days in complex cases, in which case we will notify you in advance of the reasons for the extension.

10. DATA SECURITY

Omen Investments implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, accidental loss, or unlawful destruction, in accordance with Article 32 GDPR.

Such measures include, without limitation, the use of encrypted connections (HTTPS/TLS), access controls for internal systems, and security incident management procedures.

11. LINKS TO THIRD-PARTY WEBSITES

Our website may contain links to third-party websites or platforms (e.g. LinkedIn). This Privacy Policy does not apply to such external websites. We recommend that you review the privacy policy of each third-party website before providing any personal data.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy at any time in order to reflect legislative changes or changes in our business operations. The updated version will be published on the website together with the date on which it becomes effective. We recommend that you check this page periodically. Continued use of our website or services after such changes have been published constitutes acceptance of the updated version.

13. CONTACT AND EXERCISE OF RIGHTS

For any questions, requests, or complaints regarding the processing of your personal data, or in order to exercise your rights under the GDPR, you may contact us at:

Responsible contact person: Francesco Petrosillo | Email: francesco@omeninvestments.com | Telephone: +39 320 252 8228

If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority in your country of residence or in the place of the alleged infringement.