Transcend Corporate – Privacy policy

This Privacy Policy explains how and why we collect and use personal information, and what we do to ensure it is kept private
and secure.

This Policy sets out the following:

  1. About us
  2. Information we collect
  3. Business contacts and professional advisers
  4. Directors and shareholders of investees
  5. Our website and cookies
  6. Communications
  7. Storing your information
  8. International transfers
  9. Your rights
  10. Updates to this Policy

1 – THIS IS THE PRIVACY POLICY FOR TRANSCEND CORPORATE LIMITED

For the purposes of data protection law we will be a controller of your personal information. (This means we make decisions
about how and why your information is used, and have a duty to ensure your rights are protected).

If you have any questions about our Privacy Policy, please contact us by writing to the Data Protection Manager, Transcend
Corporate Limited, Victoria House, 116 Colmore Row, Birmingham B3 3BD; emailing
dataprotection@transcendcorporate.co.uk or telephoning 0121 289 3310.

2 – WHAT INFORMATION WE COLLECT

In order to operate our business and provide our services, we need to use personal information about actual and prospective
clients, business contacts, directors and shareholders of companies we work with and details of individual professional
advisers and intermediaries.

We collect information from individuals to provide services and to keep them informed about us. This may include personal
information, such as your name and contact details provided when communicating with us or signing up to a mailing list.
If you instruct us to provide services then we shall also may require documentary details from you such as a driving
licence, passport or birth certificate, in order to comply with our obligations under identification, money laundering
and anti-terrorism legislation.

Our collection methods are:

  • via our website;
  • through engagement (or potential engagement) of our services;
  • by communications, including email, telephone, post or social media;
  • networking;
  • through engagement of service providers;
  • via third parties and/or publicly available resources (for example from your employer or from Companies House)

How we use your information

We use information held about you to:

  • provide services to you under a contract, as set out in a Letter of Engagement between us;
  • ensure that content from our website is presented in the most effective manner for you and for your devices;
  • provide you with information, products or services that you request from us or which we feel may interest you, where
    you have consented to be contacted for such purposes or by legitimate interests;
  • carry out necessary maintenance to our infrastructure;
  • notify you about changes to our services;
  • fulfil our legal obligations including money laundering and identification checks, complying with anti-terrorism
    financing and Criminal Finances Act legislation;
  • use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings;
    and
  • enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered
into with you.  Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally
required or permitted to do so.

Sharing information

We will never sell or trade your personal information. We may share personal information with professional advisers, intermediaries
or when we are required to do so by law or by a regulator or governmental authority (for example HM Revenue and Customs
or the Financial Conduct Authority).

Sensitive information

In certain limited circumstances, we may collect or process sensitive personal information (such as information about someone’s
health). In the event that we do, we’ll ensure that this information is kept private and secure.

3 – BUSINESS CONTACTS, PROFESSIONAL ADVISERS AND INTERMEDIARIES

We often work with other businesses. These might be intermediaries, professional advisers or other businesses with whom we
choose to partner in relation to events or initiatives. We collect information about individuals working with or for
these businesses, including names and contact details, and information about someone’s role in a business (such as their
job title).

4 -DIRECTORS AND SHAREHOLDERS OF CLIENTS

We research and investigate businesses before engaging with then. This includes not just the business itself, but also its
owners and directors.  We look at information which is publicly available and obtain personal information from third
party sources like websites, Companies House and the Internet. This information might include names, job titles and career
history and other directorships or shareholdings.

We sometimes need to ask directors and officers to provide personal details about themselves by filling in a director’s questionnaire.
This can include sensitive personal data (such as information about the health or medical conditions that might affect
someone’s ability to run the business). We process this information on the basis of the relevant individual’s specific
consent and he or she can refuse to provide these details or ask us to delete them at any time.

5 – OUR WEBSITE AND COOKIES

We don’t collect or process personal information about visitors to our website unless they choose to provide information
(such as when signing up to a mailing list).

We may collect non-personal information about visitors to our website as this helps us optimise and improve the website.
This information might include your internet protocol address, the browser being used to connect to our site, the device
(e.g. its operating system) and the connection type (e.g. the Internet service provider used). However, none of this
information will directly identify you.

Cookies

Our website may use “cookies” to enhance your experience and enable certain functionality (such as making any log in processes
easier). Web browsers place cookies on hard drives for record-keeping purposes and sometimes to track information (such
as repeat visits). You can choose to set your web browser to refuse cookies, or to alert you when cookies are being sent.
However, if you refuse to allow cookies, this may interfere with your ability to use the site.

You can opt-out of Google’s use of cookies by visiting
Google’s Ads Settings. Alternatively, you can-opt out of Google and third-party cookies by visiting the
Network Advertising Initiative opt-out page.

Hyperlinks to other sites

Our website may contain hyperlinks to third-party websites. We are not responsible for the content or functionality of any
of those external websites.  If an external website requests personal information from you (e.g. in connection with an
order for goods or services), the information you provide will not be covered by this Policy. We suggest you read the
privacy policy of any website before providing any personal information.

6 – COMMUNICATIONS

We may contact you by email, telephone or post with information about products or services that might interest you (see ‘Marketing’
below), or to notify you of changes to our terms of business or this Policy.

Marketing

If you are an existing client, we’ll send you marketing communications about similar products or services that may be of
interest, unless you ask us not to or decide to unsubscribe.

Email and SMS marketing

We will only contact an individual personally with email marketing communications if that individual is an existing client
or if he or she has asked to receive marketing or enquired about a particular service. If you would like to opt-in to
marketing you can do so on our website.

We sometimes send emails to business customers, contacts, intermediaries and professional advisers without their prior consent,
which we do in order to promote our services and build relationships. If we have contacted you it will be because we
think these communications may be of interest or relevance to you on the basis of our previous dealings with you or a
recommendation from a third party.

Our marketing emails will always tell recipients why they are receiving that email and give them the option to unsubscribe.

Our marketing communications are either sent directly by us or using the MailChimp email marketing platform based in the
USA (and for further information about how we ensure your data is protected when it is transferred to the USA please
see ‘International transfers’ below).

Telephone and post

We may record telephone conversations, video calls or any other electronic communication and retain copies of them, as well
as any transcripts and any written or electronic communication we have with you. These will be used for the purpose of
administering your account, training, evidencing compliance with regulatory requirements, evidence in the event of a
dispute, or as evidence in court.

Changing your preferences or unsubscribing

You can change how you hear from us or unsubscribe from marketing at any time. You can do this by clicking the “unsubscribe”
link on any of our emails, or by writing to the Data Protection Manager, Transcend Corporate Limited, Victoria House,
116 Colmore Row, Birmingham B3 3BD; emailing  dataprotection@transcendcorporate.co.uk or telephoning 0121 289 3310 with
details of your request. You can also contact us using these details if you wish to complain about a marketing communication
you have received in error.

7 – STORING YOUR INFORMATION

We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access
to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who
has access to them (using both physical and electronic means).

We cannot absolutely guarantee the security of the internet or external networks or your own device.  Accordingly any online
communications (e.g. information provided by email or through our website) are at your own risk.

Storage

We only store personal information for as long as it is required for the purpose(s) we collected it for (or for a related
compatible purpose, such as keeping a record of a transaction). We regularly review what data we have and delete that
which is no longer necessary. In certain situations you have the right to request that your data be deleted (the right
to be forgotten), please see paragraph 10 for further details.

If you believe that any information we are holding on you is incorrect or incomplete, please contact us using the details
set out in clause 1.

8 – INTERNATIONAL TRANSFERS

We use Dropbox, a file storage platform based in the US to store and manage our data.  You can find details of Dropbox’s
privacy policy
here.  Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of
Commerce regarding the collection, use and retention of personal information transferred from the European Union, the
European Economic Area and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification
here.

We use MailChimp, an email services platform based in the USA, to manage and send email communications. If you receive emails
powered by the MailChimp platform, this will mean your information has been transferred to the USA. However, MailChimp’s
owner (the Rocket Science Group LLC) is certified under the EU-US Privacy Shield Scheme, meaning it has taken steps to
ensure your information is adequately protected. You can learn more about MailChimp by visiting its privacy policy at:
https://mailchimp.com/legal/privacy/.

If you would like to learn more about the Privacy Shield scheme please visit
https://www.privacyshield.gov/welcome.

9 – YOUR RIGHTS

We are committed to protecting and respecting your personal data and privacy. This privacy and cookie policy relates to our
use of any personal data we collect from you from any of our services. Whenever you provide such information, we are
legally obliged to use your information in line with all applicable laws concerning the protection of personal data.

As well as this Privacy Policy, your privacy is protected by law. The General Data Protection Regulation (‘GDPR’) that came
into force on 25 May 2018 ensures that we use your personal information only if we have a proper reason to do so. This
includes sharing it outside Transcend Corporate Limited. The law says we must have one or more of these reasons for using
your data:

  • To fulfil a contract we have with you to provide our services
  • Where it is our legal duty
  • When it is in our legitimate interest
  • When you consent to the use of the data

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not
unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that
is.

Your rights

Under the GDPR your rights are:

  • To be informed – we must make available this privacy notice with the emphasis on transparency over how we
    process your data.
  • Access – you are entitled to find out what details we may hold about you and why.
  • Rectification– we are obliged to correct or update your details.
  • Erasure – this is also known as the right to be forgotten.
  • Restrict processing – you have the right to ‘block’ or suppress the processing by us of your personal data.
  • Data portability – you have the right to obtain and reuse your personal data that you have provided to us.
  • Object – you have the right to object to us processing your data in relation to direct marketing and or
    profiling.
  • Rights in relation to automated decision making and profiling – we do not use automatic decision making
    or processing.

If you would like further information on your rights or wish to exercise them, please write to the Data Protection Manager,
Transcend Corporate Limited, Victoria House, 116 Colmore Row, Birmingham B3 3BD; emailing dataprotection@transcendcorporate.co.uk
or telephoning 0121 289 3310 with details of your request.

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction,
there may be situations where we are unable to do so (for example, because the information no longer exists or there
is an exception which applies to your request).

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you
should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details
of how to do this can be found at
www.ico.org.uk.

10 – UPDATES TO THIS POLICY

We may update this Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage
users to frequently check this page for any changes to stay informed about how we are helping to protect the personal
information we collect.

This policy was last updated on 29 May 2018