Profilir respects your privacy and is committed to protecting your personal data. This Privacy Notice informs you about how we use and look after your personal data, including any data you may provide through this website, or when you request information about other products or services from Profilir or otherwise communicate with us, when we provide our products and services to you and when information and personal data is provided to us relating to our business. This Notice also informs you about your privacy rights and how the law protects you.

This Privacy Notice applies to any individual whose personal information we hold or use, whether you are a current or prospective customer or supplier or anyone else. It does not generally apply to individuals whose personal information forms part of the content included within our products, and in such cases such individuals should refer to the privacy notice of the relevant content provider. Our services are not aimed at children and we do not knowingly collect data relating to children.

Who we are

Profilir Limited (an Apex Group company) is the controller and responsible for your personal data (referred to as "Profilir", "we", "us" or "our" in this Privacy Notice). Profilir Limited is also responsible for this website.

Our Data Protection Manager is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights (including any opt-out mentioned in this Privacy Notice), please contact the Data Protection Manager using the details set out below.

Contact details

• dataprotection@profilir.com

If you have a complaint relating to such data, please contact the Data Protection Manager by email. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, prefer to deal with your concerns before you approach the ICO so please contact us in the first instance.

In this Privacy Notice, the terms “personal data”, “processing”, “data controller” and “data processor” shall have the meaning ascribed to them in the General Data Protection Regulation ((EU) 2016/679).

Contents:

1. Personal data we collect
2. How we use your personal data, and the legal basis for doing so
3. Messages to you (including marketing)
4. Disclosure of personal data
5. External links and social media sites
6. Where we store personal data
7. Changes of Business Ownership and Control
8. Security and data retention
9. Your rights
10. Changes to this Notice

---

1. Personal data we collect

We may obtain information from you directly. For example you may give us information by filling in forms on our site www.profilir.com including our members-only online platform (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, participate in discussion boards, surveys, videos, podcasts or other social media functions on our site, and when you report a problem with our site. The information collected may include the following:

• personal details (e.g. name, date of birth, passport information or other identification information);
• contact details (e.g. phone number, email address, postal address or mobile number);
• transactional details (e.g. payments you make and receive);
• financial information (e.g. bank account number, credit or debit card numbers, financial history);
• information about any other Profilir products and services you currently have, you have applied for, or you have previously held.
• location data, for services with location-enhanced features. If we need your consent to collect geo-location data, we will collect this separately
• demographic information, such as your country and preferred language
• CCTV, if you visit us or attend one of our events]

If you do not provide personal data that we request, it may mean that we are unable to provide you with the services and/or perform all of our obligations under our agreement with you.

We will also hold information we collect about you from other sources. This could include:

• the way you are using our services, websites [or mobile application];
• your interactions with us, for example through our telephone services, website, [mobile application], social media or other channels;
• publicly available information about you which is available online or otherwise;
• organisations that provide their own data, or data from other third parties, to enable us to enhance the personal data we hold, and then provide more relevant and interesting products and services to you;
• people appointed to act on your behalf (such as [independent financial advisers, accountants etc).

We also collect personal data automatically when you use the website and when you navigate through the website. Data collected automatically may include:

• Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies.

For more information on our use of these technologies, see our Cookie Notice.

If you give us personal data about other people (for example your clients) then you confirm that they are aware of the information in this Notice about how we will use their personal data.

2. How we use your personal data, and the legal basis for doing so

This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide and improve services and for other purposes that are in our legitimate interests, as well as for compliance purposes. Further information is set out below.

We are can only process your personal data on a basis permitted by law. The legal basis will usually be one of the following:

• to allow us to take actions that are necessary in order to provide you with the product/service (to perform our contract with you); for example, to provide you with our services;
• necessary to allow us to comply with our legal obligations; for example, to respond to a court order;
• necessary for our or your legitimate interests; for example, to help us develop and improve our services;
• where we have your consent to do so. We only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent; or
• in the case of special categories of personal data, that it is in the substantial public interest.

Note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data. You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.

Legitimate interests for use

We use personal information for a number of legitimate interests, including to provide and improve our services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.

• to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription and service information
• to administer our relationship with you, our business and our third-party providers (e.g., to send invoices)
• to personalise your experience with our services. We may retain your browsing and usage information to make your searches within our services more relevant and use those insights to target advertising to you online on our websites and apps. Your choices in relation to marketing are explained below.
• to deliver and suggest tailored content such as news, research, reports and business information. We analyse the way you use our services to make suggestions to you for features or services that we believe you will also be interested in, and so that we can make our services more user-friendly
• We may sometimes share your personal information across our services so that we can make all of the Services we deliver to you more intuitive (e.g., rather than requiring you to enter the same data many times)
• to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes
• to display information you choose to post, share, upload or make available in chat rooms, messaging services, and community and event forums (including in community and event profiles) and for related collaboration, peer connection and information exchange
• to provide you with marketing as permitted by law
• to meet our internal and external audit requirements, including our information security obligations
• to enforce our terms and conditions
• to protect our rights, privacy, safety, networks, systems and property, or those of other persons
• for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
• to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
• in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares (including in connection with any bankruptcy or similar proceedings)

Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our Data Protection Manager.

Consent

We may obtain consent to collect and use certain types of personal data when we are required to do so by law (for example, sometimes when we process sensitive personal data or when we place cookies or similar technologies on devices or browsers). If we ask for your consent to process your personal data, you may withdraw your consent at any time by following the unsubscribe instructions in our communications with you or by contacting us using the details set out in the Contact Us section at the beginning of this Privacy Notice or, if in relation to cookies or similar, via the cookie policy.

Special categories of data

We do not knowingly collect special categories of data (also known as sensitive personal data). If we were to do so, we would do so on the basis that it was necessary for reasons of substantial public interest, to establish, exercise or defend any legal claims, or in some cases, with explicit consent. In any case, we would carry out the processing in accordance with applicable laws.

Automated Decision Making

We do not analyse personal data in relation to our services in a way which involves profiling, which is processing your personal data using software that is able to evaluate your personal aspects and predict risks or outcomes.

This is known as “automated decision-making” and is only permitted when we have a legal basis for this type of decision-making. We may make automated decisions about you:

• where such decisions are necessary for entering into a contract. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products based on your credit history and other financial information we have collected about you; or
• where such decisions are required or authorised by law, for example for fraud prevention purposes.]

You have rights in relation to automated decision making, for example you can request that an automated decision is reviewed by a human being: if you want to know more please contact us using the details set out in the Contact Us section at the beginning of this Privacy Notice.

3. Messages to you (including marketing)

We may send you messages (by telephone, post, text and email and other digital means) to help you manage your account and to keep you informed about features of the products and services you use.

We may also send you marketing messages, to inform you about products and services (including those of others) that may be of interest to you. You can ask us to stop or start sending you marketing messages at any time by contacting us (see Contact Us at the beginning of this Privacy Notice) or by following the unsubscribe instructions in our marketing messages.

4. Disclosure of personal data

We may transfer personal data to our service providers and professional advisors, public and governmental authorities, Apex group companies/affiliates or third parties in connection with Senasen’s operation of its business.

• Our third party service providers. These may include for example:
  • those we engage to host and maintain the website and IT systems
  • analytics and search engine service providers that assist us in the improvement and optimisation of this website
  • payment processing service providers
  • those who assist us with or partner with us in marketing campaigns
  • SMS/Telephony provider
• Apex Group companies for any of the purposes outlined within this Privacy Notice.
• Third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities);
• Third parties where reasonably required to protect our rights, users, systems and Services (e.g., legal counsel and information security professionals); and
• Any person you have asked us to share information with (e.g., if you upload information into a public forum it is shared publicly).

Before we disclose personal data to a third party, we take steps to ensure that the third party will protect personal data in accordance with applicable privacy laws and in a manner consistent with this Notice. Third parties are required to restrict their use of this personal data to the purpose for which the data was provided.

Sometimes the third party will be outside the EEA, in which case see section 7 for more information.

5. External links and social media sites

This website and our services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Communication, engagement and actions taken through external social media platforms are subject to the terms and conditions as well as the privacy policies of those social media platforms.

This website may use social sharing buttons which help share web content directly from our web pages to the social media platform in question. Where you use such social sharing buttons you do so at your own discretion. You should note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Please note these social media platforms have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these social media platforms.

6. Where we store personal data

If you live in the EU, the personal data relating to you that we collect may be transferred to, and stored at, locations outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.

As described in this Privacy Notice, we may also share personal data relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.

Countries where personal data relating to you may be stored and/or processed, or where recipients of personal data relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Notice.

These measures include:

• Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection for personal data;
• We have obtained the consent of data subjects to the international transfer of their personal data;
• Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes; and
• if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.

You have the right to ask us for more information about our safeguards. Please contact the Data Protection Manager (see the Contact Us section at the beginning of this Privacy Notice).

7. Changes of Business Ownership and Control

We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties. Personal data relating to you will, where it is relevant to any division so transferred, be transferred along with that division to prospective buyers and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use personal data relating to you for the purposes.

8. Security and data retention

Security

Unfortunately, the transmission of information and data via the internet is not completely secure. Although we will do our best to protect personal data relating to you, we cannot guarantee the security of such data transmitted to the website; any transmission is at your own risk. Once we have received personal data relating to you, we use strict procedures and security features to try to prevent unauthorised access.

The security of personal data regarding you is a high priority. We take such steps as are reasonable securely to store personal data regarding you so that it is protected from unauthorised use or access, misuse, loss, modification or unauthorised disclosure. This includes both physical and electronic security measures. Examples include the use of passwords, locked storage cabinets and secured storage rooms. Other features include:

• storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
• using industry-standard encryption technologies when transferring or receiving personal data, such as SSL technology;
• restrictions are placed on the electronic transfer of files;
• our IT networks undergo regular necessary vulnerability testing to identify and remedy potential opportunities for unauthorised data access; and
• robust management of boundary firewalls, access controls, malware protection and patch release processes towards protecting customer data.

Retaining your data

We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end (e.g. following closure of your account or following a transaction), or your application for a product is declined or you decide not to go ahead with it, we will only retain your personal data for a period of time that is calculated depending on the type of personal data, and the purposes for which we hold that information.

We will only retain information that enables us to:

• maintain business records for analysis and/or audit purposes;
• comply with record retention requirements under the law;
• defend or bring any existing or potential legal claims;
• maintain records of anyone who does not want to receive marketing from us;
• deal with any future complaints regarding the services we have delivered;
• assist with fraud monitoring; or
• assess the effectiveness of marketing that we may have sent you.

We have a retention policy which helps us ensure information is only held for the correct period. We then delete or de-identify your data. The retention period is generally linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of your account or following a transaction. We will retain your personal data after this time if we are required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require your personal data to be retained, or for regulatory or technical reasons. If we do, we will continue to make sure your privacy is protected.

9. Your rights

You have certain rights regarding your personal data. These include the rights to:

• request a copy of the personal data we hold about you;
• request that we supply you (or a nominated third party) with an electronic copy of the personal data that you have provided us with;
• inform us of a correction to your personal data;
• exercise your right to restrict our use of your personal data;
• exercise your right to erase your personal data; or
• object to particular ways in which we are using your personal data (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
• understand the basis of international transfers of your data by us.

Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. Where processing is carried out based upon your consent, you have the right to withdraw that consent.

Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right does not apply to the particular data we hold on you.

You should note that if you exercise certain of these rights we may be unable to continue to provide some or all of our services to you (for example where the personal data is required by us to comply with a statutory requirement, or is necessary in order for us to perform our contract with you).

We ask that you contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate.

Please contact the Data Protection Manager (dataprotection@profilir.com) if you wish to exercise any of your rights.

If you have a concern about the way we are collecting or using personal data relating to you, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.

10. Changes to this Notice

We review and amend our Privacy Notice from time to time. Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Notice. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the website.

Last updated: June 2022