Aperture Investors, LLC and its affiliates (collectively, “Aperture”) take your privacy and the security of your personal information seriously. This Privacy Statement is meant to help you understand what personal information we collect on you, how we use, share and protect such information and the rights and choices you have with regard to your personal information when you visit our website, when you communicate with us via email, when you register or attend our online events, and when you otherwise engage with us offline. By accessing our website or otherwise using our services, you agree to our collection and use of personal information as described herein and agree to our Terms of Use.

This Privacy Statement applies to information we collect about clients, business contacts, employees, job applicants, and independent contractors, or individuals when acting as representatives (e.g., employees, contractors) of entities with which we do business.

Please read this Privacy Statement carefully. In the event that you have any questions or concerns about this Privacy Statement, please contact us at the contact details set forth at the end of this Privacy Statement.

For the purposes of European and UK data protection laws, Aperture Investors, LLC, Aperture Investors UK, Ltd and Aperture Investors France are controllers of your personal information.

A. What Personal Information Do We Collect About You?

We may collect personal information that you provide to us directly (for example, your name, title, postal and email address, investor type, social media profiles, or resume) and we may also collect information that you provide to us indirectly (for example, your IP address, browser type and version). Some examples of instances where and how we collect information about you are provided below.

When You Visit and Browse our Website

We collect general information about the devices you use to access our website and services (such as make, model, operating system, IP address, and browser type) and information about your online behavior. By collecting this information, we learn how to best tailor our website for our current and future visitors. To collect this information, we use technical methods such as cookies, as further explained below.

Cookies and Other Similar Tracking Technologies

Aperture and our third-party service providers utilize “cookies”, pixels and other similar tracking technologies to support the operation of our website and the offering of our services and products. Cookies are small files of data that a website or online service exchanges with a web browser or application on a visitor’s device (e.g., computer, tablet, or mobile phone). Cookies and similar technologies help Aperture collect information about users of our website, including date and time of visits, pages viewed, amount of time spent using our website, what websites our visitors come to us from, or general information about the device used to access our website. You can refuse or delete cookies. Most browsers and mobile devices offer their own settings to manage cookies. If you refuse a cookie, or if you delete cookies from your device, you may experience some inconvenience in your use of our website. For example, we may not be able to recognize you, your device, or your online preferences. Both Aperture and our third-party service providers may use cookies and other technologies, such as web beacons, pixel tags, or mobile device ID, in online advertising.

Types of cookies used: The cookies used on our website can be classified as session cookies and persistent cookies. A session cookie is a temporary cookie that remains on your device until the end of the browser session (e.g., when you leave our website and close your browser). Session cookies are essential to make our website work properly, as they enable you to move around our website and use our features. A persistent cookie remains on your device for a certain period of time, or until you manually delete them or object to them. Generally, how long the persistent cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings. Persistent cookies help us recognize you as a return user of our website so it’s easier and more convenient to return to, and interact with, our website. In addition, persistent cookies also help us recognize and record information about your web browsing habits during the lifetime of the persistent cookie.

Alternatively, the cookies used on our website can also be classified as required cookies and analytical cookies:

• Required cookies (or strictly necessary cookies). These cookies are used to save user preference and are necessary for our website’s core functionality such as security, authentication, and transmission of the website. Certain of these cookies are set by our third party vendors and cannot be modified by us.
• Analytical cookies (or non-essential cookies). These cookies: (i) help us understand your interactions with our website to help us improve it; and (ii) personalize our website content based on your browsing behavior. We only use non-essential cookies where we have your consent (see below).

Please note that we work with third-party service providers who may set cookies on our website, including those set out above. These third-party service providers are responsible for the cookies they set on our website and the interactions with the third party cookies on our website are governed by the privacy and cookie policies of the relevant third party. We neither control the dissemination of these cookies nor are we responsible for these third party sites or the content of such third party sites.

We use Google Analytics to evaluate the use of our website. Google Analytics uses cookies and other identifiers to collect information, such as how often users visit a website, what pages they visit when they do so, and what other websites they visited prior to visiting a website. To learn more about how Google Analytics collects personal information, review Google’s Privacy Policy.

When You Apply for a Job

When you apply to work for us, we may collect your name, address, email address, telephone number, company details, previous work history/experience and any other information you voluntarily disclose to us.

When You Contact Us or When We Contact You

We may collect personal information you provide about yourself anytime you contact us about our website or services. You can choose not to provide this information, but then you might not be able to send us requests via our website. You may also provide us with information in other ways, such as if you communicate with us through social media. We may also use technical methods in HTML e-mails that we send visitors to our website to determine whether such visitors have opened those e-mails and/or clicked on links in those e-mails.

The categories of personal information we collected in the past 12 months and continue to collect about you may include:

• Personal Identifiers and Contact information, such as name, email address, telephone number, and government identification and numbers;
• Technical information and digital or online identifiers, such as mobile number, mobile device identifiers, operating system information, personal information associated with online cookies and trackers, such as IP address, browser type and version, user agent string, Internet connection type and service provider, static or dynamic device identifiers, date and time of your visit, the webpages you view features you use, links you click, session replay scripts, unique and measurable patterns such as keystrokes, mouse clicks and movements, swipes and gestures, searches conducted on the website, the website that you visited before the website and the link you used to leave the a website (i.e., referring and exit pages and URLs);
• Correspondence and other information that you send to us;
• Identification information (including protected class information), for example, date of birth, gender, country of residence, and nationality;
• Government issued identifiers, for example tax identification number, and citizenship or work authorization status;
• Employment, Education and Professional Information, such as employment history and job title;
• Audio & Video Information, such as recordings of calls made to customer support or security camera footage if you visit one of our physical locations; and
• Any other information you voluntarily disclose to us or where required by applicable law.
• Inferences drawn from the above categories of personal information

B. How Do We Use Your Personal Information?

Depending on how you interact with the website (i.e., depending on the services, products or functionalities you choose to use and your relationship to us), we will process your personal information for the following purposes:

Categories of Personal Information	Purpose	Legal Basis (where the GDPR applies to the processing)
When you visit our website or correspond with us electronically about our products and services:
Categories (a) to (c)	To provide support to you regarding the services we provide and to respond to your requests and inquiries	We have a legitimate interest to respond to your requests and inquiries for ongoing business administration
Categories (a) to (h)	To personalize your visit to our website and to assist you while you use the website	With your consent, if required by applicable law We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be
Categories (a) to (h)	To improve the website by helping us understand who uses the website	With your consent, if required by applicable law We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be
Categories (a), (b) and (h)	For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice	To comply with our legal or regulatory obligations
Category (a)	To contact you to tell you about products and services offered by us as well as other promotions and competitions, which we believe may interest you unless you advise us that you do not wish to receive marketing or market research communications from us	With your consent, if required by applicable law We have a legitimate interest to carry out direct marketing
When you use our products and services
Categories (a) to (h)	To provide products or services to you	To manage and perform our contract with you We have a legitimate interest to properly manage and administer our relationship with you
Categories (a) to (c)	To manage and maintain our relationships with you and for ongoing customer service	To manage and perform our contract with you We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be
Categories (a) to (c), (h)	To enforce or defend our rights, including through third parties to whom we delegate such responsibilities	To manage and perform our contract with you We have a legitimate interest to enforce or defend our rights, including through third parties to whom we delegate such responsibilities
Categories (a) to (c), (h)	To share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including screening transactions, reporting suspicious activity and complying with production and court orders	To comply with our legal or regulatory obligations
Categories (a) to (c), (h)	To report tax related information to tax authorities	To comply with our legal or regulatory obligations We have a legitimate interest to report tax related information to relevant tax authorities
Categories (a) to (c), (h)	To investigate and resolve complaints and manage regulatory matters, investigations and litigation	To comply with our legal or regulatory obligations We have a legitimate interest to conduct investigations, resolve complaints and manage legal and/or regulatory matters as effectively and efficiently as possible
Categories (a) to (c), (h)	To monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation	To comply with our legal or regulatory obligations We have a legitimate interest to monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation
Categories (a) to (c), (h)	To comply with any of our applicable legal, or regulatory obligations. For example, if you are a business customer we need to process your information to verify your identity and undertake necessary due diligence checks.	To comply with our legal or regulatory obligations We have a legitimate interest to manage legal and/or regulatory matters as effectively and efficiently as possible
Categories (a) to (c), (h)	The day to day running and management of the business including to monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use	To comply with our legal or regulatory obligations We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests
Categories (a) to (c), (h)	To perform general, financial and regulatory accounting and reporting.	To comply with our legal or regulatory obligations We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests
Categories (a) to (c), (h)	To compile or aggregate personal information in certain data analyses, or reports.	To comply with our legal or regulatory obligations We have a legitimate interest compile or aggregate personal information in certain data analyses, or reports for our own understanding of the business
Categories (a) to (c), (h)	To monitor and record calls for quality, business analysis, training and related purposes in order to pursue our legitimate interests to improve our service delivery.	To comply with our legal or regulatory obligations We have a legitimate interest to monitor and record calls for quality, business analysis, training and related purposes in order to pursue our legitimate interests to improve our service delivery
Categories (a) to (c), (h)	To share personal information with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business.	To comply with our legal or regulatory obligations We have a legitimate interest to manage our business including in relation to a potential merger or acquisition
When you apply for a job with us:
Category (a)	Service providers that assist in providing human resource functions; facilitate scheduling and email communications; provide security services and cloud-based data storage, assist with other IT-related functions; host or facilitate teleconferencing or video conferencing services; provide legal services	To manage and perform our contract with you We have a legitimate interest to properly manage and administer our relationship with you
Categories (d), (e)	Service providers that assist in providing human resource functions; provide legal services	To manage and perform our contract with you We have a legitimate interest to properly manage and administer our relationship with you To comply with our legal or regulatory obligations
Category (b)	Service providers that provide security services and cloud-based data storage, host our website(s) and assist with other IT-related functions, and provide analytics information	To comply with our legal or regulatory obligations We have a legitimate interest to monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation
Category (f)	Service providers that assist with recruitment activities	To manage and perform our contract with you We have a legitimate interest to properly manage and administer our relationship with you

If you are located in the EU, the UK and Switzerland, you have a right to object to processing of your personal information where that processing is carried out for our legitimate interest or for direct marketing purposes.

Where we require your personal information to comply with legal requirements, failure to provide this information means we may not be able to accept you as a customer and/or may be unable to provide you with any products and/or services. We will tell you when we ask for your information if it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.

We may use or share some of the personal information we collect about you with our affiliates or third-party entities (i) primarily to communicate with you about market news, our firm and about other affiliate financial products that we offer, (ii) to send you administrative communications either about your interactions with us or about features of our website, including any future changes to this Privacy Statement, or (iii) as otherwise permitted by law. We do not share your personal information with third parties for their own direct marketing purposes.

Other Uses

We may also share your personal information with a select group of third-party service providers that carry out certain functions on our behalf. The categories of service provider that we use include companies that improve the functionality of our website, provide analytic services, or help to gather your information or communicate with you. These companies are allowed to gather, receive, and use your information only for the purposes described in this Privacy Statement or as required by law. We may also share your personal information with third parties who assist in the management of our business, such as accountants and lawyers, and to help detect and protect against fraud or technical or data security vulnerabilities.

We may also disclose your personal information when (a) such disclosure is required by law, a court of law, or as requested by any governmental, self-regulatory organization or law enforcement authority; (b) to the extent necessary for a reorganization, restructuring, merger, acquisition or transfer of assets related to our business; or (c) we determine such disclosure is required or advisable in order to enforce our Terms of Use; protect your safety or security, including the safety and security of property that belongs to you; or protect the safety and security of our personnel, websites, databases, and/or third parties, including the safety and security of tangible and/or intangible property that belongs to us or to third parties.

We seek to ensure that the entities with which we share your personal information (both affiliates and non-affiliated third parties) protect the confidentiality and security of your information and use it only for its intended purpose.

C. Transferring Your Personal Information to Other Countries

Due to the global nature of our business, we may transfer personal information to other Aperture affiliates, suppliers and other recipients located in different countries, including to countries outside of the European Union (“EU”) and UK. Certain of these countries are not considered by the European Commission and/or the United Kingdom Government to provide an adequate level of data protection.

Where we transfer your personal information to recipients in countries not considered to provide an adequate level of data protection, we will ensure we take steps to ensure your personal information are protected and safeguarded. Such steps include entering into EU Standard Contractual Clauses with the recipient or seek assurances from them that they have Binding Corporate Rules (“BCRs”) in place. BCRs are data protection policies adhered to by companies established in the EU or UK for transfers of personal information outside of the EU or UK within a corporate group.

D. How Long Do We Keep Your Personal Information?

We will retain your personal information for no longer than is necessary for the provision of the products and/or services, internal analytical purposes, or to comply with our legal obligations, resolve disputes and enforce agreements (e.g., settlement). The criteria used to determine the retention periods include:

• how long the personal information is needed to provide the products and/or services and operate the business;
• the type of personal information collected; and
• whether we are subject to a legal, contractual or similar obligation to retain the data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).

We will also delete your personal information when you withdraw your consent (where applicable), provided that we are not legally required or otherwise permitted to continue to hold such data. We may retain your personal information for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.

E. How Do We Protect Your Personal Information?

We have implemented technical, administrative, organizational, and physical security measures to protect your personal information from unauthorized or unlawful processing and against accidental loss or destruction of, or damage to, your personal information in accordance with our internal security procedures covering its storage, access and destruction. We review our security procedures in order to consider appropriate new technology and methods on a periodic basis. Except as otherwise required by law, rule or regulation, only authorized persons will be allowed to view your personal information. Personal information may be stored on our own technology systems or those of our vendors or in paper files. Please understand, however, that no security system is impenetrable. We can neither guarantee the security of our systems or the systems of the third parties with which we may share your personal information, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet.

F. Do Not Track.

“Do Not Track” is a privacy preference that users can set in certain web browsers.

Questions, Concerns, and Complaints

Should you wish to make an inquiry or complaint about Aperture’s use of your personal information, or would like to exercise your data subject rights, you may contact us at the contact details set forth below.

You also have the right to lodge a complaint with the appropriate regulatory body/supervisory authority, in particular in the country where you reside, place of work or of an alleged infringement of the law.

Changes to this Privacy Statement

We reserve the right to change our Privacy Statement from time to time as necessary, including due to changes in the law or to our data processing practices or activities. This Privacy Statement is effective as of the last updated date stated at the top of this Privacy Statement.

Your Rights under the EU and UK General Data Protection Regulation

You have the right (subject to certain limitations) to confirm that Aperture is processing your personal information, to access the personal information we keep about you, to restrict or object to the processing of your personal information, and to rectify, erase, and port your personal information.

If you wish to exercise any of these rights, please contact us at the contact details set forth below.

Your Right to Access

You have the right to obtain:

• Confirmation that we process your personal information; and
• Access to the personal information we have about you.

Your Right to Rectification

You have the right to have inaccurate personal information rectified.

Your Right to Erasure

You have the right to have your personal information erased if:

• Your personal information is no longer necessary for the purpose which we originally collected or processed it for;
• We are only relying on your consent to process your personal information, and you decide to withdraw your consent;
• You object to the processing of your personal information, and we have no overriding legitimate interest or other valid basis to continue the processing of your personal information;

We are processing the personal information for direct marketing purposes and you object to that processing;

We have unlawfully processed your personal information; and

We have to do so in order to comply with a legal obligation.

Your Right to Restrict Processing

As an alternative to requesting the erasure of your personal information, you have the right to limit the way we use your personal information in certain circumstances:

• You contested the accuracy of your personal information, and we are verifying the accuracy of such information;
• We have unlawfully processed your personal information and you oppose erasure and request restriction instead;
• We no longer need your personal information, but you need us to keep it in order to establish, exercise or defend a legal claim; or
• You have objected to us processing your personal information, and we are considering whether we have legitimate grounds to continue processing your personal information.

Your Right to Object to Processing

You have the right to object to certain types of processing of your personal information, namely:

• Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• Direct marketing (including profiling); and
• Processing for purposes of scientific/historical research and statistics.

Your Right to Data Portability

Under limited circumstances, you have the right to obtain from us and reuse your personal information for your own purposes. This right allows you to move, copy or transfer your personal information easily, without hindrance to usability. If you request it, we may transmit your personal information directly to another organization if this is technically feasible.

Data Subject Rights Requests

All such requests should be made using the contact details set out below. Please note that if you request that your personal information be deleted, you may no longer be able to access or use certain parts of the website.

We will respond to any request in writing, or orally if requested, as soon as practicable and in any event not more than within one (1) month after receipt of that request. In exceptional cases, we may extend this period by two (2) months and we will provide reasons. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details as set out below.

Your Rights under the California Consumer Privacy Act

California Collection Notice

If you are a California resident, California law requires us to provide you with some additional information regarding how Aperture collects, uses, shares, and sells your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)). Please note the CCPA’s scope excludes personal information covered by certain financial services-specific privacy laws, including the Gramm-Leach-Bliley Act (GLBA) and California Financial Information Privacy Act (FIPA).

Depending on how you interact with our website and services, we may have shared or sold during the 12 months preceding the date of this Statement, and will continue to share or sell, the following categories of information from you:

Personal Identifiers (such as your name and contact information, IP address, and mobile device identifiers)

• We share identifiers with service providers, including Google Analytics.
• Our business and commercial purposes for collecting and sharing this information are to operate our website, to communicate with you, and to engage in legal and everyday business purposes.

Internet usage information (such as browsing history and use and interaction with our website)

• We share internet usage information with service providers, including Google Analytics.
• Our business and commercial purposes for collecting and sharing this information are to operate our website, to communicate with you, and to engage in legal and everyday business purposes.

Your California Privacy Rights

If you are a California resident, you may have certain rights.

California law may permit you to request that we:

• Provide you with the specific pieces and categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we sold or shared -personal information.
• Provide you with access to and/or a copy of certain personal information we hold about you.
• Delete certain personal information we have about you.
• Not sell or share personal information we have collected about you.

You may have the right to receive information about the financial incentives that we offer to you for your personal information (if any). You also have the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we may need certain information to provide services to you or for compliance with applicable law. If you ask us to delete certain information, you may no longer be able to access or use some of our services.

Shine the Light Disclosure: The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, please send us an email at DSR@apertureinvestors.com. You will need to provide additional information to verify your identity before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

Additional Information for California Residents

Please note that the CCPA sets forth certain obligations for businesses that “sell” personal information to third parties and gives California residents the right to opt out of the “sale” of personal information. We do not knowingly sell the personal information of individuals under 16 years of age. We do share certain information and allow parties to collect certain information about your activity, for example through cookies. We explain our use of cookies and how you can control cookies in various sections of the Privacy Statement above. You can direct us not to sell your personal information by using the contact information below.

How To Contact Us

If you have any questions concerning our privacy practices described in this Privacy Statement, or require a copy of our privacy policy in an alternative accessible format, please contact us at DSR@apertureinvestors.com or call 1-212-521-5180.