DATA PROTECTION NOTICE

We, at Centaur, respect your right to privacy and we seek to comply with our obligations under all applicable data protection laws and regulations, including Regulation (EU) 2016/679 (the General Data Protection Regulation) (the “Regulations”). There are no policy waivers or exceptions.

In this data protection notice, we explain how Centaur collects personal data about you, how we use it and how you can communicate with us regarding your personal data.

In this notice, “we”, “us”, “our” “Centaur” or “Centaur Group” refers to the Centaur Group of companies which includes Centaur Fund Services Limited, Centaur Fund Services (Luxembourg) S.A., Centaur Fund Services (Bermuda) Limited, Centaur Fund Services (Cayman) Limited, Centaur Fund Services US, Inc., Centaur Fund Services (Canada) Limited, Centaur FS Limited, Centaur Financial Limited, and any other affiliates and their respective parent and subsidiary companies which may be incorporated from time to time. For more information about the Centaur Group, please visit: www.Centaurfs.com.

Centaur may act either as a data controller or as a data processor in respect of your personal data, depending on the context of your relationship with Centaur. Our contact details can be found below.

Our Data Protection Officer is based in Ireland. The Data Protection Officer oversees how we collect, use, share and protect your personal data to ensure your rights are fulfilled and that Centaur complies with the Regulations. You can contact our Data Protection Officer by:

• Email: DPO@centaurfs.com
• Post or In Person: Data Protection Officer, Centaur Fund Services Limited, 35 Shelbourne Road, Ballsbridge, Dublin, D04A4E0, Ireland.
• Telephone: 00353 1 899 2400

Centaur Fund Services Limited is the EU Representative for all non‐EU entities within the Centaur Group, where required.

We may collect personal data from you, for example, if you or your business has engaged our services or if you or an organisation with which you are connected, invest in a product for which we have been engaged to provide services.

We may also collect personal data through our marketing and social media channels. We may record phone/online conversations but, where this is the case, we will always make you aware of this before doing so.

We may collect personal data from you if we engage you or your business as a service provider or in instances where we need to work in partnership with you or your business to provide our services.

As part of our due diligence on customers, potential customers, contractors, service providers, employees and job applicants, we may carry out information searches and may take steps to verify your identity in accordance with applicable legislation. We do this by requesting the relevant information from you and where necessary, by checking your details against due diligence and risk profile databases provided to us by third parties.

In order to provide the services that we offer and to operate as an employer, we need to collect and use personal data including some or all of the following name, signature, postal address, email address, date and place of birth, nationality, professional or employment related information, source of funds details, tax identification, signatures, other contact details, account numbers (or functional equivalent) and transaction details, your tax or social security ID number or equivalent, utility bills for the purposes of address verification, photographic identification and verification such as copies of your passport, passport number and driver’s license, information relating to your status as an ultimate beneficial owner of an entity, a politically exposed person or a designated individual on a sanctions list.

We may use the personal data that we collect to help meet our service, legal and regulatory obligations and to help protect you and others from financial crime. This can sometimes require the use of technology to analyse trends and patterns.

Personal Data
We will process any personal information you provide to us for the following purposes:

• to provide you with the services you have requested;
• to contact you in connection with a service request;
• to respond to any communications, you might send to us;
• to perform our duties under a service contract to which you are a party, or to which you are a connected party;
• to comply with applicable laws and regulations;
• to communicate with you about Centaur activities or services;
• to maintain appropriate business records;
• to undertake due diligence, know your customer and anti‐money laundering activities; and
• to monitor the provision ofservices and/or businessrelationship between Centaur and you/your organisation.

Cookies

Centaur uses cookies on its website to improve your user experience and to help analyse and understand your use of our website.

Further information on our cookie policy is available on our website https://www.centaurfs.com/cookies‐policy/

We have security measures in place to protect your personal data, in accordance with applicable laws and regulations and industry standards. We also keep our IT platform, files and buildings secure.

If you choose to contact us to ask about your personal data, we will need to establish and where necessary, verify your identity before it can be provided. This is to help protect your data.

Your personal data is held in secure locations, for example on secure servers or secure office storage facilities. We cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data once we have received it.

We will normally hold your personal data for the duration of your business or employee relationship with Centaur, unless it is no longer necessary to retain such data, in which case we will destroy it. Any further retention of personal data will either be determined in line with any legal or regulatory retention requirements or where the retention of such data is otherwise deemed necessary. Where it is no longer necessary to retain the data, we will delete it in line with our data retention program.

For Centaur to use your information lawfully, we may rely on one or more of the following legal bases:

• performance of a contract
• legal obligation
• legitimate interest

Our legitimate interests may include the below;

• the establishment, exercise or defence of legal claims;
• to manage and administer the Centaur Group’s business, to improve and manage relationships with employees and other stakeholders and for marketing and business development activities and analysis;
• to communicate with you in respect of your relationship with the Centaur Group;
• for risk assessment and risk management purposes, for statistical and trend analysis, for system administration, operation, testing and support and to operate control systems and management information systems;
• to help detect, prevent, investigate, and prosecute fraud or other criminal activity;
• to manage the Centaur Group’s information technology platforms and to ensure the security of the Centaur Group’s systems;
• to receive centralised support services from other Centaur Group and Waystone Group entities or affiliates;
• to disclose information to a governmental, tax or regulatory body, financial market, broker or other intermediaries, counterparties, court, auditors or other third parties, and;
• to investigate and respond to any complaints about the Centaur Group, to help maintain quality and to deal with such complaints and disputes.

In order to fulfil our legal and regulatory obligations, we may need to collect your personal data, verify it and keep it up to date by performing ongoing reviews. We may also gather information/personal data about you from publicly available sources, and from third parties to help us fulfil our legal and regulatory obligations.

In limited circumstances where we need to collect and use sensitive personal data about you, such as medical information, we will ask for your consent. Before you give your consent, we will tell you what data we need to collect and what we will use it for. You can withdraw your consent at any time by contacting us.

Centaur does notshare your personal data routinely with third parties, however it may be necessary to do so, in certain circumstances, to assist with the performance of a contract, for example, to deliver a service to you, or to comply with legal , audit or regulatory obligations or requests from competent authorities or authorised third parties.

We may disclose your personal data to other Centaur Group and Waystone Group entities and affiliates for our business purposes and purposes required to deliver a service to you.

In addition, we may also use or disclose your personal data to third party service providers who provide SaaS services & support, CRM, event management, marketing services, website hosting and cloud‐based services to the Centaur Group and Waystone Group. Such third parties are appointed data processors.

We will always ensure that your data is transferred securely in these situations.

We may provide non‐personal data to third parties, where such information is combined with similar information about other users of our web site.

When we believe we have been given false, fraudulent or misleading information, or if we suspect criminal activity, we may have a duty to inform the relevant law enforcement agencies, which may be either in or outside the European Economic Area (EEA).

We may need to transfer your personal data outside of the EEA to help us provide our services, or to comply with applicable legal or regulatory obligations. Where we need to do so, we will ensure that an equivalent standard of data protection is applied to the transfer and use of the data, so that your rights are protected. This includes where we may need to share information within the Centaur Group.

You have various rights under the regulations in respect of your personal data. These include:

• the right to request access to your personal data;
• the right to have your personal data rectified;
• the right to have your personal data erased;
• the right to request that your personal data is only used for specific purposes;
• the right to object to your personal data being processed (if the lawful basis for processing your personal information is the legitimate interest of the Centaur Group), for example, for marketing;
• the right to object to any automated decision making, where applicable;
• the right to require certain aspects of your personal data to be transferred to you or a third party (in certain circumstances).
• the right to lodge a complaint with the relevant data regulator in your jurisdiction and;
• in certain circumstances the right to compensation because of a breach of data protection.

Your rights can be exercised by contacting our Data Protection Officer using the contact details specified in Section 4.

We reserve the right to transfer information (including your personal data) to a third party in the event of a sale, merger, acquisition, liquidation, receivership or transfer of all or substantially all of the assets of our company or companies, provided that the third party agrees to adhere to the terms of this data protection notice and provided that the third party only uses your personal data for the purposes for which you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt‐out.

If you have a complaint about Centaur’s use of your personal data, please contact Centaur’s Data Protection Officer using the contact details specified in section 4.

All complaints received will be fully investigated. Please supply as much information as possible to assist us to resolve your complaint in a prompt and efficient manner.

You can contact the Office of the Data Protection Commission in Ireland, at info@dataprotection.ie or as directed on their website https://www.dataprotection.ie/en/contact/how‐contact‐us.

If you need assistance or information on how to contact the relevant data protection authorities in any other countries where Centaur operates, please contact our Data Protection Officer with the details specified in Section 4.

Where updates are made to this data protection notice, the updated version will be posted on the Centaur web site, so you are always aware of what data we collect, how we use it, and under what circumstances, if any, we may disclose it. If at any time we decide to use your personal data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e‐mail, and you will have a choice as to whether or not we may use your personal data in this manner.