Privacy Policy

Occu Living Limited and Occu Services Limited (together “Occu”, “we”, “us” or “our”) is committed to protecting your personal data and respecting your privacy. We process personal data in accordance with:

• Regulation (EU) 2016/679 (the General Data Protection Regulation or “GDPR”);

• The Data Protection Act 2018 (Ireland); and

• All other applicable EU and Irish data protection and privacy legislation (together, “Data Protection Legislation”).

This Privacy Notice explains how we collect, use, store, share and protect your personal data, and describes your rights in relation to that data

This Privacy Notice applies to individuals whose personal data we process, including:

• Clients and prospective Clients

• Business contacts, advisers and professional counterparties

• Website visitors

• Event attendees

• Job applicants (where applicable)

This Notice applies when we:

• Provide services to you or our Clients

• Communicate with you in a professional or business capacity

• Operate our website at www.occu.ie

• Carry out business, legal or regulatory activities

The Data Controller is:

Occu

35 Shelbourne Road

Ballsbridge, D04 A4E9

Dublin 4, Ireland

In certain limited circumstances, Occu may act as a joint controller or data processor with other companies within the Occu group. Where this occurs, appropriate arrangements are in place in accordance with Article 26 GDPR.

Occu has designated a data protection contact responsible for overseeing compliance with Data Protection Legislation.

You may contact us regarding data protection matters at:

📧 info@occu.ie

📮 Address as above

We may collect and process personal data in both electronic and physical formats.

5.1 Categories of Personal Data

The personal data we collect may include:

• Identity data: name, date of birth, gender

• Contact data: postal address, email address, telephone number

• Professional data: employer, job title, business contact details

• Financial and tax data: income, transaction information

• Government identifiers: PPS number, passport number, driver’s licence (where legally required)

• Online data: IP address, browser type, device information, website usage

• Communications: correspondence, enquiries, complaints

• Marketing preferences

5.2 Special Category Personal Data

In limited circumstances, we may process special category personal data (Article 9 GDPR), such as information relating to health, dietary requirements, or other information you

voluntarily provide.

We only process such data where:

• It is strictly necessary; and

• A lawful condition under Article 9 GDPR applies (see Section 7.2).

We collect personal data:

• Directly from you

• From third parties such as employers, advisers or service providers

• From publicly available sources

• Automatically through your use of our website (cookies and similar technologies)

Where you provide us with personal data relating to another individual, you confirm that you are authorised to do so.

7.1 Processing Purposes and Legal Bases

We process personal data for the purposes set out below:

Providing services - Contract

Client and relationship management - Legitimate interests

Legal and regulatory compliance (e.g. AML/KYC) - Legal obligation

Business administration and risk management - Legitimate interests

Marketing communications - Legitimate interests or consent

Recruitment (where applicable) - Legitimate interests or consent

Website operation and improvement - Legitimate interests / consent

Where we rely on legitimate interests, we carry out a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

7.2 Special Category Data Legal Bases

Where we process special category personal data, we rely on one or more of the following conditions:

• Your explicit consent

• Compliance with legal obligations (e.g. AML laws)

• Employment, social security or social protection law

• Establishment, exercise or defence of legal claims

• The data has been manifestly made public by you

We may send you information about our services, events and insights where permitted by law.

You may opt out of marketing at any time by:

• Using the unsubscribe link in communications; or

• Contacting us using the details in Section 4

Withdrawal of consent will not affect the lawfulness of processing prior to withdrawal.

Our website uses cookies and similar technologies.

• Strictly necessary cookies are always enabled

• Non-essential cookies are used only with your consent

Further information is available in our Cookie Policy, accessible on our website.

We may share personal data with:

• Other companies within the Occu Group

• Professional advisers (lawyers, accountants, consultants)

• IT and business service providers

• Regulatory bodies, courts and competent authorities

• Third parties in connection with corporate transactions

All recipients are required to process personal data securely and lawfully.

Your personal data may be transferred outside the European Economic Area (“EEA”).

Where this occurs, we ensure appropriate safeguards are in place, including:

• European Commission Standard Contractual Clauses (2021/914)

• Transfer Impact Assessments

• Transfers to countries subject to an EU adequacy decision

You may request further information about international transfers by contacting us.

We implement appropriate technical and organisational measures to protect personal data, including:

• Staff training

• Access controls

• Secure IT systems

• Physical security measures

Despite these measures, no transmission over the internet is completely secure.

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

• Client records: duration of relationship plus applicable limitation periods

• AML/KYC data: as required by law (typically 5–10 years)

• Marketing data: until consent is withdrawn or inactivity thresholds are met

Retention periods are reviewed regularly.

Under Data Protection Legislation, you have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Erase personal data

• Restrict processing

• Object to processing

• Data portability

• Withdraw consent at any time

• Not be subject to automated decision-making, including profiling

Requests can be made using the contact details in Section 4. We will respond within one month unless an extension is permitted by law.

If you are dissatisfied with how we process your personal data, you may lodge a complaint with:

Data Protection Commission (Ireland)

www.dataprotection.ie

You also have the right to lodge a complaint with another EU supervisory authority where appropriate.

We may update this Privacy Notice from time to time.

The most current version will always be available on our website, and the effective date will be updated accordingly.

Effective Date: January 2026

Version: 2.0