PrideLink Wealth Privacy Policy

Categories of information

We collect and process a broad range of information necessary to operate a private holding company and to meet legal, regulatory and governance obligations. Categories include:

• Identity and contact information — names, postal addresses, email addresses, telephone numbers, company names, job titles and professional contact details provided by owners, counterparties, advisors and service providers.
• Transactional and investment information — records of investments, holdings, transaction histories, valuations, contractual terms, payment instructions and settlement details.
• Operational and corporate records — governance documents, board minutes, shareholder registers, legal agreements, tax records, compliance documentation and due diligence materials.
• Communications and correspondence — emails, letters, meeting notes and call records where permitted by law or contract.
• Technical and usage data — IP addresses, device and browser information, access times, pages visited and analytics collected when interacting with our digital properties.
• Security and identity verification data — identity verification documents, KYC information and records required to meet legal and regulatory obligations.
• Voluntary information — preferences, introductions, feedback and any other information provided voluntarily.

How we collect information

Information is collected through multiple channels:

• Directly from individuals when they provide information during onboarding, transactions, communications or corporate interactions.
• From third parties such as custodians, brokers, advisors, service providers, public registers and professional intermediaries.
• Automatically via website analytics, server logs and technical telemetry when interacting with our digital properties.
• During due diligence where documents and data are received from prospective counterparties and their advisers.

Sensitive categories

We generally avoid collecting special categories of personal data unless strictly necessary for legal or regulatory compliance (for example, identity verification for anti-money laundering). Where such data is required, we apply heightened safeguards and limit access to authorised personnel only.

Primary purposes

Information is used to support the holding company’s core functions and governance. Key purposes include:

• Governance and stewardship — managing the consolidated portfolio, exercising ownership rights and supporting board and owner decision-making.
• Operational management — executing transactions, settling payments, maintaining records and administering subsidiaries and holdings.
• Reporting and consolidation — preparing consolidated performance reports, financial statements, tax filings and owner communications.
• Compliance and legal obligations — meeting regulatory, tax, anti-money laundering and other legal requirements.
• Risk management and security — monitoring exposures, performing risk assessments and protecting company assets and systems.
• Corporate development — evaluating, negotiating and completing acquisitions, investments and strategic transactions.
• Service delivery — managing relationships with service providers, custodians and counterparties and coordinating operational activities.

Legal bases for processing

Where applicable, processing is based on one or more of the following legal bases:

• Contractual necessity — processing necessary to perform contractual obligations with counterparties, service providers and owners.
• Legal compliance — processing required to comply with applicable laws and regulatory obligations.
• Legitimate interests — processing for the company’s legitimate interests in managing and protecting family capital, conducting due diligence and operating the holding company, balanced against individual privacy rights.
• Consent — where required by law or where the company requests and obtains explicit consent for specific processing activities.

Profiling and automated decisions

PrideLink Wealth does not rely on automated decision-making that produces legal effects for individuals. The company may use automated tools to aggregate and analyse portfolio exposures and operational metrics; any material decisions that affect counterparties or stakeholders are reviewed by authorised personnel and governance bodies.

Categories of recipients

Information may be shared with the following categories of recipients when necessary and appropriate:

• Service providers and professional advisers — custodians, brokers, legal counsel, auditors, tax advisers, IT and cloud providers and other vendors engaged to support operations.
• Counterparties and transaction parties — counterparties to transactions, target companies and their advisers where disclosure is necessary to complete a transaction or required by contract.
• Regulators and authorities — tax authorities, financial regulators, law enforcement and other public authorities when required by law or regulation.
• Owners and governance bodies — consolidated reporting and material decision records are shared with owners and authorised governance participants.
• Affiliates and subsidiaries — where information is necessary for consolidated management, reporting or operational purposes within the group.

Conditions for disclosure

Disclosures occur only under defined conditions:

• Contractual necessity — to perform contractual obligations or complete transactions.
• Legal requirement — when compelled by law, regulation, court order or official request.
• Operational necessity — to service providers under written agreements that require confidentiality and security safeguards.
• Commercial confidentiality — the company will not disclose commercially sensitive or proprietary information publicly unless required by law or agreed with the relevant parties.

Cross-border transfers

Because the company and its service providers operate internationally, personal information may be transferred to jurisdictions outside the individual’s country of residence. Transfers are governed by contractual safeguards, data processing agreements and, where required, appropriate legal mechanisms to ensure an adequate level of protection.

Technical and organisational measures

PrideLink Wealth applies a layered approach to security that combines technical, operational and organisational controls. Measures include:

• Encryption — encryption in transit and at rest where appropriate, and secure key management for sensitive assets.
• Access controls — role-based access, least-privilege principles and routine access reviews.
• Authentication — multi-factor authentication for privileged accounts and administrative access.
• Network and endpoint protections — firewalls, intrusion detection, endpoint protection and monitoring.
• Operational controls — segregation of duties, change management, logging and audit trails.

Custody and key management

For digital assets and other custody-sensitive holdings, the company uses institutional custody solutions, multi-signature arrangements and documented key rotation and recovery procedures. Custody arrangements are selected for operational controls, insurance coverage and regulatory standing where available.

Incident response and breach handling

The company maintains incident response procedures and an escalation framework to address security incidents promptly. Where required by law or contract, affected parties and regulators will be notified in a timely manner. Incidents are documented, root cause analysis is performed and corrective actions are implemented to reduce recurrence.

Physical security and records handling

Physical access controls, visitor management and secure storage for sensitive records and backup media are maintained. Physical records are handled according to secure retention and disposal procedures, including secure shredding and destruction where appropriate.

Retention principles

Information is retained only as long as necessary for the purposes described, to meet legal and regulatory obligations, and to support governance and historical recordkeeping. Retention decisions balance operational needs, legal requirements and privacy considerations.

Typical retention periods

Retention periods vary by category:

Retention periods are reviewed periodically and adjusted to reflect legal changes and operational needs. Where records are no longer required, they are securely archived or destroyed in accordance with company procedures.

Rights available to individuals

Subject to legal and contractual constraints, individuals may have the following rights with respect to their personal information:

• Access — request access to personal information the company holds about them.
• Correction — request correction of inaccurate or incomplete information.
• Deletion — request deletion where permitted by law and consistent with retention obligations.
• Restriction and objection — request restriction of processing or object to certain processing activities where applicable.
• Portability — request a copy of personal information in a structured, commonly used format where technically feasible and required by law.
• Withdraw consent — withdraw consent where processing is based on consent, without affecting prior processing.

How to exercise rights

Requests should be submitted to the company’s privacy contact at the address below. The company will verify the requester’s identity and respond within a reasonable timeframe consistent with legal requirements. The company may decline requests to the extent permitted by law, for example where disclosure would infringe the rights of others, impede legal obligations, or compromise confidentiality in transactions.

Choices and controls

Individuals can manage certain preferences and controls:

• Communications preferences — opt out of non-essential communications and marketing where applicable by following opt-out instructions or contacting the privacy contact.
• Cookies and tracking — control tracking technologies through browser settings and any cookie controls provided on the site.

Types of technologies used

Our digital properties use a range of technologies to support functionality and analytics:

• Essential cookies — required for site operation and basic functionality.
• Analytical cookies — collect aggregated usage information to help us understand site interactions.
• Functional cookies — remember preferences and improve user experience.

Purpose and control

Cookies are used to support site functionality, measure usage and improve the user experience. Visitors can manage cookie preferences through browser settings and any cookie controls provided on the site. Disabling certain cookies may affect site functionality.

Third party services

PrideLink Wealth uses third-party providers for custody, execution, analytics, hosting and other services. These providers process information on the company’s behalf under contractual terms that require confidentiality and security. References to third-party services do not constitute endorsement and the company does not control third-party privacy practices.

Links to other sites

Our websites may contain links to external sites. This Privacy Policy does not apply to those sites. Individuals should review the privacy policies of any external sites they visit.

Global operations

PrideLink Wealth operates and engages service providers in multiple jurisdictions. Personal information may be transferred and processed in countries with different data protection laws. Transfers are governed by contractual protections, data processing agreements and other safeguards appropriate to the jurisdiction and the nature of the data.

Local legal requirements

Where local law imposes additional requirements, the company will comply with applicable local obligations and, where necessary, adopt supplementary measures to protect personal information.

Policy updates

This Privacy Policy is reviewed periodically and may be updated to reflect changes in the company’s practices, legal requirements or operational needs. Material changes will be communicated to owners and, where appropriate, to other stakeholders through the company’s usual communication channels. The effective date of the current policy will be indicated below.

Effective date

Effective date: 11 April 2026. The company will maintain a version history and will make prior versions available on request for governance and audit purposes.

How to contact us

For questions, requests to exercise rights, or privacy-related enquiries, contact PrideLink Wealth at the address below. The company will verify the requester’s identity and respond within a reasonable timeframe consistent with legal requirements.

Verification: the company will take reasonable steps to verify the identity of requesters before responding to privacy requests. Response timeframe: the company aims to respond promptly and within applicable legal timeframes.