Data protection privacy notice

We are committed to protecting your personal information and ensuring we respect your privacy. This Privacy Notice explains how we will look after and use any personal information that we collect about you.

What is personal information?

Personal information means any information about you from which you can be identified. Examples of personal information include your name, home address, national insurance number, date of birth, telephone number and e-mail address but it also includes other pieces of information which can be used to identify you, either directly or indirectly, such as a cookie.

Who we are

Quantbot Technologies LP and Quantbot Technologies Ltd are both Controller of the personal information you provide to us. If you have any questions about this Privacy Notice or the information we hold about you please contact our GDPR Contact, Thuong Lam using the details set out below:

• Thuong Lam
• +44 (0)203 122 1904
• thuong@quantbot.com
• 4th Floor, 6-7 New Bridge Road, London, EC4V 6AB, United Kingdom

If more convenient, please also feel free to contact Debra Wisdom, our chief compliance officer using the details set out below:

• Debra Wisdom-Spielfogel
• +1 646 461 6204
• debra.wisdom@quantbot.com
• 369 Lexington Avenue, 9th Floor, New York, NY 10017 USA

You have the right to make a complaint at any time to the Information Commissioner‟s Office (“ICO”), the UK supervisory authority for data protection issues. We would however appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Consequences of not providing some types of information

Where we need to collect your personal information by law, or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to provide the goods or services you asked for. In this case we may have to cancel the product or services but we will tell you if this is the case.

How do we collect information about you?

Typically we will collect information from you when you contact us directly or provide information in order for us to provide our products and services. We collect information from and about you in the following ways:

Through direct interactions when you give us your personal information by filling in forms or during correspondence with us. This includes when you:

• Send your CV to us.
• Invest in our employee private fund.
• Meet with us in person or talk to us on the phone.
• Provide contact details, proof of identity etc. as part of an on-boarding process.
• Direct correspondence with us.
• Through using our website when we collect information using cookies or similar technologies which tell us about your equipment, browsing actions and patterns.
• Through automated technologies through which we scan employee emails and other correspondence to tell us about patterns, unauthorised communication, etc. We use SMARSH to review emails.

For employees we collect additional information as set out below:

• Through third parties such as background check companies we use as part of our onboarding process or recruiters.

The background check company may provide us with the following:

• Employment history.
• Educational history.
• Financial information.
• Historical information (relating to negative news searches)
• Criminal information.

The recruiters may provide us with the following:

• Name.
• Phone number, address and any other contact details.
• Employment history and Educational history.

We also collect the following information from you which is referred to as a special category of personal data because it is sensitive information about you and will require special protections. The information we collect is in relation to your:

• Race.
• Ethnicity.
• Religious or philosophical beliefs.

We are able to process this information because (i) the processing is necessary in order that we can comply with our rights and obligations, or those of the individual, in relation to employment law, social protection law or social security law, or (ii) the processing is necessary in relation to legal proceedings, for obtaining legal advice, or otherwise for establishing, exercising or defending legal rights.

We have contractual and legal basis to do so. It is necessary for us to carry out our obligations under your employment rights and other legal requirements.

To ensure you are fit and proper to undertake a specific role at the Company we may process personal data about you relating to criminal convictions and offences or related security measures.

This includes information about criminal allegations, proceedings and convictions as well as security measures. Note that, as we are regulated by the Financial Conduct Authority, we have an obligation under the Financial Services and Markets Act 2000 to do so.

How we will use your personal information

We only obtain, use and keep personal information where we need it for a specific purpose. We set out in the table below the ways in which we plan to use your personal information. We are only able to use your personal information if we have a proper legal reason or basis for doing so. This is called a legal basis and the regulations require that we have a legal basis so that your privacy is protected. Most commonly we will use your information in the following ways:

• We have a contract with you. For example, we have agreed to provide financial advice or to manage investments for you and have a contractual agreement to do this.
• We have a legal obligation. We need to use your personal information to comply with laws that assist in the prevention of financial crime and to comply with regulatory obligations. For example this might include confirming your identity and source of wealth, as well as ensuring we provide you with necessary information so you understand the risk of the financial services we can provide.
• We, or a third party, have a legitimate interest in processing the information and your interests and fundamental right do not override those interests. For example, processing your information to prevent fraud.

We set out in the table below all the ways we plan to use your personal information and the legal bases we rely on to do so. We also explain what our legitimate interests are where appropriate:

• Purpose Lawful basis for processing including our.
• legitimate interests.

External
• Recruitment Process - To interview, correspond with, assess and come to a decision on prospective staff members.
• Necessary for our legitimate interests – to recruit new staff.
• To purchase services from our suppliers To fulfil contracts with suppliers.
• To use data to improve our website Necessary for our legitimate interests – to understand how our customers interact with our website.

Internal
• Onboarding and whilst working for us - To give effect to your contract of employment. This includes a wide range of activities including, fitness and propriety, payroll, appraisal, training, discipline and internal communications related to the business..
• To fulfil our regulatory and legal obligations and to fulfil our obligations as an employer in accordance with employee contracts or employment.
• When your employment has ended - To enable us to provide regulatory references, protect you or us against legal proceedings, provide for tax purposes.
• Necessary for our legitimate interest - to protect our legal position in the event of a legal proceedings and to comply with legal obligations. To fulfil our regulatory obligations.
• To on-board you as aninvestor (in the private.
• fulfil our contact with you employee fund).
• To fulfil our legal obligations to prevent financial crime.
• To monitor your investment on an on-going basis.
• To fulfil our contract with you.
• To meet our regulatory obligations to provide you with regular information about your investment.
• To fulfil our regulatory obligations.

We will only use your personal information for the reason for which we collected it. We will only use it for another reason if we believe that new reason is compatible with the original purpose. If we do need to use your personal information for a non-related purpose we will tell you about it and explain the legal basis which allows us to do so.

Cookies

Cookies are small text files placed on your computer (or other device where you access the internet) used to collect information on your activities online. They can also be used as part of website functionality so you should be careful about accepting, deleting or removing them. We can collect information about the device you are using to access the internet, your IP address and website browser (for example). Cookies can tell us what information you were looking at, for how long, which internet sites interest you which are useful for us particularly for marketing our products and to ensure we are delivering the right service to clients.

For example, cookies can tell us how many visitors to the website accessed the information and tools we provide. It may be the information on our website is not clear and we need to improve it – or there may be a genuine need to improve our range of products in the interests of our customers.

If you have concerns about cookies this web site explains how you can delete and control the cookies that are stored on your computer: https://www.aboutcookies.org/.

Who we share your information with

We may need to provide information to third parties for a variety of reasons, for example, we may need to provide information to assist in the detection or prevention of crime or for the purpose of safeguarding national security. Please refer to the table in the section „How we will use your personal information‟ which explains how we use your data. The third parties we share your information with are as follows:

• Our accountants.
• The fund administrator for our employee private fund.
• Background check company.
• Service providers.
• Other group entities.
• Tax authorities.
• Sending your information outside of the EEA.

Quantbot Technologies Limited will transfer information intra group to Quantbot Technologies LP. The regulations which have been put in place to protect your privacy apply throughout the EEA. As explained in the section above we will send your information to other third parties who are based outside of the EEA, however we will only share your information with them because the following safeguards have been put in place:

• The information is being transferred between organisations which have an agreement in place including standard contractual clauses which sets out how your privacy will be protected.

You can obtain further information on the specific mechanism used by us when transferring your personal information outside of the EEA by contacting the GDPR Contact.

Storing your information

The period for which we will retain personal information will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. When we decide how long we will retain your personal information, we will take into account the amount, nature, sensitivity of your information and how we want to use it as well as the potential risk of harm being caused from unauthorised use or disclosure. We review our retention periods for personal information on a regular basis and will ensure all records are safely destroyed if we no longer need to retain them or you have contacted us to request so.

Your Rights

You are provided with a number of different rights under the data protection laws in relation to your personal information. These allow you:

• To access your information.
• To request we correct your information.
• To request that we erase your information.
• To object to the processing of your information.
• To request a restriction in the processing of your information.
• To request a transfer of your information.
• To withdraw your consent.

If you wish to exercise any of these rights please contact the GDPR Contact. Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or we may refuse to deal with your request. We may also need to seek further information from you to confirm your identity before we release any personal information. This does not affect your right to make a complaint.

Security

We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have a procedure to deal with any suspected personal data breach and will notify you, and other regulators, where we are legally required to do so.