PRIVACY POLICY

CONTENTS

1. PURPOSE OF THIS DOCUMENT
2. INFORMATION WE COLLECT
3. HOW WE OBTAIN YOUR PERSONAL INFORMATION
4. HOW WE WILL USE PERSONAL DATA
5. INFORMATION ABOUT THE WEBSITE
6. WHO WE MIGHT SHARE YOUR PERSONAL DATA WITH
7. RETENTION OF PERSONAL DATA
8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
9. INDIVIDUALS’ RIGHTS
10. MISCELLANEOUS
11. CONTACT US

1. PURPOSE OF THIS DOCUMENT

1.1 Tuke Bell Limited, Marfire Consulting Limited and Marfire Limited (together “Marfire” or the “Company”), is committed to be a responsible custodian of the information you provide to us and the information we collect in the course of operating our business and providing our directorship/consulting/legal services.

1.2 This Privacy Policy set out how Marfire may collect, use and share information about you and individuals connected to you and describes:

• The types of information, including personal data, we may collect;
• How we may use and share the information we collect;
• Legal grounds for using personal data;
• The measures we have in place to protect and safely store the information we collect;
• Retention of the information we collect;
• Your choices and rights in respect of the information we hold;
• How to contact us;
• Complaints; and
• Changes to this privacy notice.

1.3 If you are a contractor, or an employee or officer of Marfire separate privacy notices will apply.

1.4 Wherever we have said “we”, “our” or “us”, we mean Marfire.

1.5 Where there is any conflict between the terms of this Privacy Notice and any other document in relations to data protection the terms of this Privacy Notice shall prevail, although its contents are not contractual.

1.6 An “individual connected to you” could be any guarantor, a director, officer or employee of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, recipient of a designated payment, your attorney or representative (e.g. authorised signatories), agent or nominee, or any other persons or entities with whom you have a relationship that is relevant to your relationship with us. Whenever we say “you”, “individuals connected to you” should be read as included as well.

1.7 For the purpose of this Privacy Notice, Marfire will act as data controller in accordance with the Cayman Islands Data Protection Law (as amended from time to time) (the “Law”).

1.8 Please ensure that any relevant individuals are made aware of this Privacy Notice and the individual rights and information it sets out, prior to providing their information to us or our obtaining their information from another source. If you, or anyone else on your behalf, has provided or provides information on an individual connected to you, you or they must first ensure that you or they have the authority and appropriate legal basis to do so.

2. INFORMATION WE COLLECT

2.1 This Privacy Notice is concerned with personal data we collect about you. Personal data means any data by which you as an individual can be directly or indirectly (e.g. if several pieces of data are combined) identified. Data which is completely anonymized or de‐personalized will not count as personal data.

2.2 Some of the personal data we hold about you will have been supplied by yourself. Other personal data may have come from your solicitors or other intermediary, or other sources you’ve asked us to obtain information from. We might also get some personal data from publicly available sources.

2.3 We will usually collect personal data such as:

(a) Personal details (e.g. name, previous names, gender, date and place of birth, occupation);

(b) Identification materials we may need for our compliance obligations (e.g. a copy of your passport or national identity card, national insurance number, utility bills, financial details and/or source of wealth etc.);

(c) Contact details (e.g. address, email address, position in company, landline and mobile numbers);

(d) Other information about you which you may have provided us with during the course of our relationship with you, e.g. by filling out forms or during face‐to‐ face contact, telephone, email and the like;

(e) Information obtained through proposal forms for the purposes of procuring the services of directorship, consulting and legal services.;

(f) Financial information and information about your relationship with us, including your ways of interacting with us, sort code and account numbers;

(g) Complaints or disputes you may have had with us and details of the underlying transaction (where applicable);

(h) Information about you which is a matter of public record or readily obtainable and which we deem relevant (media, court judgements etc.);

(i) Records of correspondence and other communications between you and your representatives and us, including email, telephone calls, letters and the like;

(j) Information that we need to support our regulatory obligations (e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities); and

(k) Information from third party providers who assist us to combat fraud, money laundering and other crimes.

3. HOW WE OBTAIN YOUR PERSONAL INFORMATION

We collect information from you as part of our client on‐boarding take on processes as necessary in the course establishing a business relationship with you. We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff, providing a business card or from an authorized representative. We may also collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources.

4. HOW WE WILL USE PERSONAL DATA

4.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

(a) Where we need to perform the contract we have entered into with you;

(b) Where we need to comply with a legal or regulatory obligation;

(c) Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests;

(d) Where we need to protect your interests (or someone else's interests);

(e) Where it is needed in the public interest or for official purposes (such as compliance with a court order or regulatory direction).

4.2 Based on the reasons for using your data noted above, the purposes for which we use your information commonly include:

a) To contact you (performance of a contract);

b) To carry out our obligations arising from any contracts entered into between you and us and to provide with you the information, products and services you request from us (performance of a contract; legitimate interests);

c) To provide you with information about other goods and services that we offer which we feel may interest you (legitimate interests);

d) To permit selected third parties:

• To provide you with information about goods or services which we feel may interest you; and/or

• To assist us in the improvement and optimization of advertising, marketing material and content, our services and the website;

e) To assist us in the improvement and optimization of advertising, marketing material and content, our services and the website (legitimate interests);

f) To notify you about changes to our service (performance of a contract compliance with legal obligations legitimate interests);

g) To ensure that content from our website is presented in the most effective manner for you and your computer (legitimate interests);

h) To verify your identity (compliance with legal obligations; legitimate interests);

I) As part of our efforts to keep our Website safe and secure and to prevent or detect fraud (legal obligations; legitimate interests);

j) To provide customer support (performance of a contract with you);

k) To comply with the requirements imposed by law or any court order (legal obligations).

5. INFORMATION ABOUT THE WEBSITE

5.1 IP addresses

We may collect information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

6. WHO WE MIGHT SHARE YOUR PERSONAL DATA WITH?

6.1 We may share relevant personal data of yours with other parties where it is lawful to do so, including where:

(a) It is necessary to comply with our contractual obligations or with your instructions such as financial institutions, government agencies, and other service providers;

(b) We have a public or legal duty to do so (e.g. to assist with detecting and preventing fraud, tax evasion and financial crime or compliance with a court order);

(c) We are obligated to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;

(d) We have a legitimate business reason for doing so (e.g. to manage risk or verify identity);

(e) We have asked you if we can share it, and you gave consent.

6.2 Parties we might share your personal data with can include (without limitation):

(a) Service providers acting as processors who provide IT and system administration services, anti‐money laundering service providers and services to enable us to perform our contract with you;

(b) Professional advisers acting as processors or joint controllers including, without limitation, brokers, lawyers, bankers, auditors who provide consultancy, banking, legal, compliance and accountancy services;

(c) Banks you instruct us to make payments to and receive payments from;

(d) Third parties who host the Website or provide services related to it, including IT security providers;

(e) Any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;

(f) Law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;

(g) Other parties involved in any disputes, including disputed transactions;

(h) Fraud prevention agencies who’ll also use personal data to detect and prevent fraud and other financial crime and to verify your identity;

(I) Anyone who provides instructions to us on your behalf (e.g. under a Power of Attorney, solicitors, intermediaries, etc.);

(j) Anybody else that you instructed us to share your information with by you;

(k) Insurers who may provide cover for your business with us.

6.3 We might share aggregated and/or anonymized or de‐personalized data with third parties for analytics, marketing and research purposes. Where we do so, we will ensure that neither you nor any other person will be identifiable from the data.

7. RETENTION OF PERSONAL DATA

7.1 We keep personal data only for as long as it is necessary for the specific purpose the data was collected for or as long as we are required by applicable laws and regulation. We are generally required to retain its records for at least five (5) years from the date the contractual relationship with you ends or potentially longer, depending on the kind of data and relevant laws and regulations applicable to it.

7.2 We may keep personal data likewise for longer periods where we have a legitimate interest for doing so, for instance to address complaints, assert or defend our rights in litigation or other dispute resolution procedures or to respond to requests from regulators or assist judicial authorities.

7.3 Any information we are not required to hold for any minimum period and for which there is no purpose in us holding it anymore will be deleted, destroyed or returned to you more promptly.

7.4 Where we share your personal data with third parties, the privacy notices and laws and regulations of the third party will determine how long they will have to retain your data.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8.1 Where we have to transfer personal data outside of the Cayman Islands, we will ensure that the transfer is lawful, and that the data is appropriately secure and protected. Where necessary, we will ensure that separate and appropriate legal agreements are put in place with the recipient of that data.

8.2 Reasons for having to transfer your personal data outside the Cayman Islands may include:

(a) We need to carry out our contract with you;

(b) We have to fulfil a legal obligation;

(c) We need to back up electronic data on cloud‐based technology;

(d) We need to protect the public interest; and/or

(e) For your or our legitimate interests.

8.3 In some countries the law might compel us to share certain information. We will only share any information with parties who have the lawful authority and right to see it and only to the extent that such parties are permitted to see it.

9. INDIVIDUALS’ RIGHTS

9.1 As an individual or “data subject”, you have certain rights in relation to your personal data. These rights include:

(a) The right to access information we hold about you and to obtain information about how we process it;

(b) The right to object to and withdraw your consent to our processing of your data. This right can be exercised at any time. However, we may continue to process your personal data if there is another legitimate reason or legal obligation for doing so. Please also note that depending on which kind of processing you object to, we may no longer be able to perform our contractual obligations with you;

(c) The right to request that we rectify information we hold about you if it is inaccurate or incomplete;

(d) In some circumstances, you have the right to request that erasure and deletion of personal data we hold. We may however continue to retain it if we are entitled or required by law to do so;

(e) The right to object to, and to request that we restrict, our processing of your information in some circumstances. Please note that despite this general right we may be entitled under law to continue processing the information and / or to refuse that request.

9.2 You also have the right to complain to the data protection regulator in the Cayman Islands, which is the Office of the Ombudsman. You can access their website here: ombudsman.ky.

9.3 You may also be able to seek redress for any violation of your data protection rights in the Cayman Islands courts or challenge a decision by the regulator.

10. MISCELLANEOUS

10.1 Please ensure that any data you give us or ask third parties to provide to us is up to date, accurate and complete in all respects. Please inform us about any changes as soon as reasonably possible.

10.2 We use a range of measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. If you wish to know more about our data protection measures, please contact us (details provided below).

10.3 This Privacy Notice is governed by the laws of the Cayman Islands. Any dispute arising from or in connection with this Privacy Notice is subject to the exclusive jurisdiction of the Cayman Islands courts.

11. CONTACT US

For any further questions or queries in relation to this Privacy Notice, please get in touch with your usual relationship contact or email: [email protected]