To help describe concepts as precisely as possible in this Privacy Policy, every time any of these terms are referenced, are closely defined as:

• Cookie: small data generated by a website and saved by your web browser. It is used to identify your browser, offer analytics, recognize information about you such as your language choice or login information.

• Company: when this policy mentions “Company,” “we,” “us,” or “our,” it relates to LEI Regulator, that is responsible for your information under this Privacy Policy.

• Country: where LEI Regulator or the owners of LEI Regulator are located, in this case is Spain.

• Customer: relates to the company, institution or person who signs up to use the LEI Regulator Service to maintain the contacts with your consumers or service users.

• Device: internet connected equipment such as a computer, tablet, phone or any alternative device that can be employed to visit LEI Regulator and use the services.

• IP address: Device connected to the Internet is allocated a number identified as an Internet protocol (IP) address. These numbers are assigned in geographic blocks. An IP address can be used to find the position from which a device is connecting to the Internet.

• Personnel: relates to those people who are employed by LEI Regulator or are under contract to execute a service on behalf of one of the parties.

• Personal Data: information that directly, indirectly, or in connection with other information — having a personal identification number — provides for the identification of a genuine person.

• Service: relates to the service given by LEI Regulator as defined in the relative terms and on this platform.

• Third-party service: relates to advertisers, sponsors, marketing partners, and others who provide our content or whose services we consider may interest you.

• Website: LEI Regulator’s site, which can be reached via this URL: https://www.leiregulator.com

• You: an individual or entity that is registered with LEI Regulator to use the Services.

We gather information from you when you visit our website, register on our site, place an order or fill out a form.

• Full Name / Username

• Phone Numbers

• Job Titles

• Billing Addresses

• Debit / Credit card numbers

LEI Regulator will gather End User Data needed to offer the LEI Regulator services to our clients. End users may present us with information they have made accessible on social media websites. If you offer us with any such information, we may gather openly accessible information from the social media websites you have showed. You can regulate how much of your information social media sites make public by visiting these websites and modifying your privacy settings.

We get some information from the third parties when you reach us. Example: when you send your email address to us to show interest in becoming a LEI Regulator customer, we get information from a third party that gives automated fraud detection services to LEI Regulator. We collect information that is made publicly accessible on social media websites. You can handle how much of your information social media websites make public by inspecting these websites and modifying your privacy settings.

We may share the information that we gather, both personal and non-personal, with third parties such as advertisers, sponsors, marketing partners, and others who offer our content or whose services we assume may benefit you. We may share it with our current and future connected companies and business partners, and if we are involved in a merger, asset sale or other business reorganisation, we may transfer your personal and non-personal information to our successors-in-interest. Your data is shared with SendGrid powered by Twilio for marketing purposes. SendGrid does not use the data. SendGrid privacy policy: https://www.twilio.com/legal/privacy.

We may engage trusted third party service providers to execute functions and offer services to us, such as hosting and maintaining our servers and the website, database storage and administration, e-mail management, storage marketing, credit card handling, customer service and fulfilling orders for services you may buy through the website. We will share your personal information, and some non-personal information, with these third parties to facilitate them to do these services for us and for you.

We may share fragments of our log file data, including IP addresses, for analytics with third parties such as web analytics partners, application developers, and ad networks. If your IP is shared, it may be used to evaluate general position and other techno-graphics such as communication speed, whether you have visited the website in a shared location, and type of the device used to visit the site. They may aggregate information about our advertising and what you look at on the website and then offer auditing, reporting for us and our advertisers.

We may show personal and non-personal information about you to government or law administration agents or private parties as we, in our exclusive discretion, believe necessary in order to respond to claims, legal process (including subpoenas), to protect our rights and benefits or those of a third party, the security of the public or any person, to prevent or stop any criminal, unethical, or legally actionable activity, or to otherwise follow applicable court orders, laws, rules and regulations.

LEI Regulator will gather personal information that you send to us. We may receive personal information about you from third parties as described above.

Any of the information we gather from you may be used in one of the following ways:

• To personalise your experience (your information helps us to better respond to your individual needs)

• To improve our website (we strive to improve our website offerings based on the information and feedback we receive from you)

• To improve customer service (your information helps us to respond to your customer service requests and support needs)

• To process transactions

• To administer a contest, promotion, survey or other site feature

• To send periodic emails

By submitting your email on this website, you grant to receive emails from us. You can cancel your participation in any of these email lists by clicking on unsubscribe option that is included in the respective email. By submitting your email address, you agree to allow us to use your email address for customer audience targeting on sites like Facebook, where we display custom advertising to specific communities who have opted-in to receive communications from us. Email addresses submitted only through the order processing page will be used for sending you information and updates about your order. If you have provided the same email to us through another way, we may use it for any of the purposes stated in this Policy.

We hold your information only so long as we need it to offer LEI Regulator to you and fulfil the purposes described in this policy. This is the case for anyone that we share your information with and who carries out services on our behalf. When we no longer need to use your information and there is no demand for us to keep it to follow our legal or regulatory obligations, we’ll either remove it from our systems so that we can’t identify you.

We develop a variety of security measures to keep the safety of your personal information when you place an order or submit, or access your personal information. We provide a secure server. All supplied sensitive/credit information is transported via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information classified. After a transaction, your private information (credit cards, social security numbers, financials, etc.) is never placed on file. We cannot ensure or warrant the absolute security of any information you send to LEI Regulator or guarantee that your information on the Service may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards.

LEI Regulator is based in Spain. Information gathered via our website, through direct interactions with you, or from use of our help services may be handed over from time to time to our offices or personnel, or to third parties, located throughout the world, and may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability governing the use and transfer of such data. To the fullest extent authorised by applicable law, by using any of the above, you voluntarily consent to the trans-border transfer and hosting of such information.

We take safeguards to protect the confidence of your information. We have electronic, physical, and managerial strategies to help safeguard, prevent unauthorised access, maintain data security, and correctly use your information. However, neither individuals nor security systems are foolproof, including encryption processes. People can commit voluntary crimes, make mistakes, or fail to follow policies. So, while we use honest efforts to protect your personal information, we cannot prove its absolute security. If applicable, law requires any non-dis-claimable need to protect your personal information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty.

The rights you have to ask updates and corrections to the information LEI Regulator collects depend on your relation with LEI Regulator. Personnel may update or correct their information as described in our internal company employment policies.

Customers have the right to ask the restriction of some uses and disclosures of personally identifiable information as follows. You can talk us in order to (1) update or alter your personally identifiable information, (2) modify your preferences with respect to transmissions and other information you get from us, or (3) delete the personally identifiable information kept about you on our systems (subject to the following paragraph), by cancelling your account. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have handed over to third parties following this Privacy Policy prior to such update, correction, change or deletion. To protect your privacy, we may take prudent steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the confidence of your unique password and account information at all times.

You should be conscious that it is not technologically possible to remove every record of the information you have handed over to us from our system. The need to back up our systems to secure information from unintended loss means that a copy of your information may exist in a non-erasable form that will be complex or impossible for us to locate. After receiving your request, all personal information saved in databases we actively use, and other readily searchable elements will be updated, corrected, changed or deleted as soon as and to the extent reasonably and technically viable.

If you are an end user and want to update, receive or delete any information we have about you, you may do so by contacting the organisation of which you are a customer.

If you are a LEI Regulator employee or candidate, we collect information you provide to us. We use the information gathered for Human Resources purposes in order to provide benefits to workers and screen candidates.

You may contact us to (1) correct or update your information, (2) modify your preferences regarding communications and other information you get from us, or (3) get a record of the information we have concerning to you. Such corrections, updates, changes and deletions will have no effect on separate information that we keep, or information that we have provided to third parties following this Privacy Policy before such update, correction, change or deletion.

We maintain the right to hand over information to a third party in the event of a sale, union or other transfer of all or substantially all of the assets of LEI Regulator or any of its Corporate Affiliates, or that part of LEI Regulator or any of its Corporate Affiliates to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in reorganisation, bankruptcy or similar proceeding, provided that the third party concedes to adhere to the terms of this Privacy Policy.

We may show information about you to our Corporate Affiliates. For this Privacy Policy, “Corporate Affiliate” means any individual or entity which directly or indirectly controls, is controlled by or is under popular control with LEI Regulator, whether by ownership or otherwise. Any information relating to you that we offer to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

This Privacy Policy is regulated by the laws of Spain without regard to its conflict of laws' provision. You consent to the absolute jurisdiction of the courts in connection with any dispute or action appearing between the parties under or in connection with this Privacy Policy except for those individuals who may have rights to make claims under Privacy Shield, or the Swiss-US framework.

The laws of Spain, excluding its conflicts of law practices, shall govern this agreement and your use of the site. Your use of the site may be subject to other local, state, national, or international laws.

By using LEI Regulator or visiting us personally, you signify your acceptance of this Privacy Policy. If you do not conform to this Privacy Policy, you should not engage with our website, or use our services. Continued usage of the website, direct engagement with us, or following the posting of modifications to this Privacy Policy that do not affect the use or disclosure of your personal information will mean that you accept those changes.

We have revised our Privacy Policy to give you with complete transparency into what is being set when you visit our site and how it’s being handled. By using our LEI Regulator, making a purchase, you hereby consent to our Privacy Policy and agree to its terms.

This Privacy Policy refers only to the Services. The Services may have links to other websites not managed or supervised by LEI Regulator. We are not responsible for the content, truthfulness or ideas expressed in such websites, and such websites are not examined, monitored or checked for accuracy or completeness by us. Remember that when you use a link to go from the Services to another site, our Privacy Policy is no longer in effect. Your interaction and browsing on any other website, including those that have a link on our system, is subject to that website’s own policies. Such third parties may use their own cookies or other mechanisms to collect information about you.

LEI Regulator uses “Cookies” to identify the sections of our website that you have seen. A Cookie is a small piece of data saved on your mobile device or computer by your web browser. We use Cookies to increase the performance of our website but are non-essential to their use. Most web browsers can be set to disable Cookies. If you turn off Cookies, you may not be able to access functionality on our site properly or at all. We never place Personal Identifiable Information in Cookies.

Wherever you’re situated, you may set your browser to prevent cookies, but this action may block our essential cookies and limit our website from functioning properly, and you may not be able to totally use all of its services. You should be aware that you may lose saved information (e.g. saved site preferences) if you block cookies on your browser. Browsers make various controls accessible to you. Disabling a cookie does not drop the cookie from your browser, you will need to do this yourself from within your browser, you could visit your browser’s help menu for more information.

Regarding to any credit card or other payment processing details you have presented us, we commit that this confidential information will be saved in the most secure way possible.

We do not address anyone under the age of 13. We do not consciously collect personally identifiable information from anyone under the age of 13. If You are a parent and you know that your child has provided us with personal data, please contact us. If we become aware that we have gathered personal data from anyone under the age of 13 without verification of parental consent, we take steps to delete that information from our system.

We may modify our Service and policies, and we may need to make modifications to this Privacy Policy so that they precisely express our Service and policies. Unless otherwise requested by law, we will notify you (for example, through our Service) before we make modifications to this Privacy Policy and provide you an opportunity to review them before they go into effect. If you proceed to use the Service, you will be bound by the renewed Privacy Policy. If you do not want to agree to this or any renewed Privacy Policy, you can remove your account.

We may include third-party content (including information, data, applications and other products services) or provide links to third-party websites or services (“Third- Party Services”).

You agree and accept that LEI Regulator shall not be responsible for any Third-Party Services, including their truthfulness, timeliness, completeness, legitimacy, copyright compliance, validity or any other aspect thereof. LEI Regulator does not assume and shall not have any responsibility to you or any other person or entity for any Third-Party Services.

Third-Party links and Services thereto are presented solely as a convenience to you and you access and use them entirely at your own risk and subject to such third parties’ terms and conditions.

The LEI service is provided by our partner LEI Register OU (LEI number 894500SMOMUFH0UZXT46). LEI Register OU is an LEI Registration Agent. Below you can find Data Processing Policy of LEI Register.

This privacy policy (hereinafter ‘the privacy policy’) describes LEI Register OÜ’s (hereinafter ‘LEI Register’) rules for handling personal data, as well as the types of personal data we collect and how we process the collected personal data. This privacy policy may be amended to the extent permitted by applicable legislation.

1. Data controller

LEI Register OÜ, Uus tn 21-2, Tallinn, Estonia

2. Contact person

info@leinumber.com

3. Purpose of and legal basis for the processing of personal data

Collected personal data are used by LEI Register and, on a need-to-know basis, its contractual partners. We only process the personal data of legal persons or their representatives (hereinafter ‘company’ or ‘person’).

We process the personal data of persons: 1) who are existing customers of LEI Register; 2) who have submitted a query (potential customer) via LEI Register’s website www.legalentityidentifier.co.uk (hereinafter ‘the website’); 3) who browse LEI Register’s website (potential customer); or 4) whose LEI code contact address is available in a public database (potential customer).

LEI Register uses the collected personal data to contact customers or potential customers and to provide services to them. LEI Register may also use the personal data to support its economic activities and analyses, carry out business analyses, improve its products and services, and personalise content and advertisements.

The legal basis for the collection and processing of personal data is LEI Register’s legitimate interest in collecting and processing data to offer, improve, and develop its products and services, as well as to deliver better, targeted advertisements.

LEI Register will not disclose collected personal data to unauthorised third parties. However, LEI Register may transfer the personal data to third parties that provide a contractual service to LEI register. Such third parties are obliged under the contract to use the personal data disclosed to them only for the provision of the contractual service. LEI Register may also disclose collected personal data to authorities or other third parties where required by applicable laws.

4. Processed personal data

Regular data, for example:

• company name;

• the number of the LEI code of a company possessing an LEI code;

• e-mail address;

• country of location.

Personal data collected in connection with the use of our services or website or another similar situation, for example:

• service or website usage data;

• information about the device used;

• LEI Code;

• IP address;

• browser information.

5. Usual data sources and cookies

The customer transfers their personal data themselves whenever they purchase a product or service from LEI Register, as well as when they visit the website and submit a query. LEI Register collects necessary information about potential customers from public databases. Whenever we transmit information for direct marketing purposes, the customer will see an indication if their personal data have been obtained from public databases.

LEI Register uses cookies to improve customer experience.

By using our services, the customer is giving their consent to store cookies on their device. If the customer decides to disable the storing of cookies on their device, they may not be able to access or use LEI Register’s services.

6. Usual recipients of personal data and the transfer of personal data in the European Union and to countries in the European Economic Area.

LEI Register processes personal data in the jurisdictions of European Union member states as well as countries participating in the European Economic Area.

7. Data security

Collected personal data are handled with care and kept confidential. The personal data can only be accessed by persons whose duties include the processing of the personal data.

To access a system containing collected personal data (iAdmin or Google Drive), the users must log in using their personal user ID and password.

All collected personal data are protected against accidental or unlawful access (Google Drive) and alteration, destruction, or other similar processing (backlog).

8. Customer’s rights

Customers have the right to:

• access, renew, remove, and rectify their personal data;

• withdraw their consent, if the processing of the personal data is based on consent given by the customer;

• order the restriction of the processing of their personal data from LEI Register;

• order the cessation of the processing of their personal data.

Customers may exercise all of the rights listed above by contacting us by e-mail or clicking on the ‘unsubscribe’ link in the footer of an e-mail received from us.

LEI Register may ask the customer to specify their request in writing.

If the customer is not satisfied with how LEI Register processes their personal data, the customer has the right to file a complaint with the competent supervisory authority which monitors compliance with data protection legislation.

Written requests and queries must be submitted to the following address:

LEI Register OÜ

info@leinumber.com

9. Data retention policy

Collected personal data shall only be stored for as long as it is necessary and justified or required by applicable legislation.

The personal data of LEI Register’s customers and potential customers shall be retained throughout the duration of the relevant business relationship. If the business relationship ends and the personal data are no longer actively used, the data shall be made inactive. Inactive personal data shall be deleted in accordance with LEI Register’s data retention policy.

LEI Register privacy policy: https://www.leinumber.com/data-protection/.

We use Cookies to increase the functionality and performance of our website, but they are not required. Without these cookies, functionality like videos may become unavailable or you would be required to enter your authentication details every time you visit the website as we would not be able to remember that you had logged in before.

Don’t hesitate to contact us if you have questions.

• Via Email: contactus@leiregulator.com