Privacy Policy

---

Last Updated: 14 September 2025

This Privacy Policy (the “Policy”) governs the collection, use, disclosure, retention and protection of personal data by Longshanks Capital Ltd (“Longshanks Capital,” “we,” “us,” or “our”) in connection with the operation of our websites, online portals and related services (collectively, the “Site”). Longshanks Capital is a company incorporated in England and Wales. By accessing or using the Site you acknowledge that you have read, understood and agree to the terms of this Policy. If you do not agree with this Policy, you must immediately cease using the Site.

1 — Scope and Application

This Policy applies to all personal data collected by Longshanks Capital through the Site and by our officers, employees, agents and service providers acting on our behalf. It governs information collected from visitors, clients, prospective clients, suppliers, job applicants and other individuals whose data we process. It does not apply to data processed by third parties not under our control; such third parties will be governed by their own policies

2 — Controller

Longshanks Capital Ltd is the data controller for the processing activities described in this Policy. Our registered office and contact information are available on the Site. All enquiries concerning this Policy or requests to exercise rights under applicable data protection law should be directed to our Data Protection Officer or designated privacy contact provided on the Site.

3 — Categories of Personal Data Collected

We collect the following categories of personal data, as necessary and proportionate to our legitimate business purposes:

• Identity data: name, title, date of birth (where required), national identification numbers when lawfully necessary.
• Contact data: postal address, email address, telephone numbers and other contact details.
• Professional data: job title, employer, employment history, professional qualifications and regulatory statuses.
• Financial and transactional data: bank account details, billing and payment information, creditworthiness information, transaction records and trading activity when you engage in services with us.
• Technical and usage data: IP address, device identifiers, browser type and version, time zone setting, operating system, referring URLs, pages visited, search terms, mouse movements and other diagnostic, usage and performance information collected via cookies and similar technologies.
• Communications data: correspondence, call recordings and logs, meeting minutes and other communications you or third parties transmit to us.
• Special categories of personal data: only if and to the extent strictly necessary (for example, as required for regulatory checks or anti-money-laundering procedures), we may collect limited sensitive data such as nationality or government-issued identity documentation. We will only process such sensitive data where we have an appropriate lawful basis and, where applicable, explicit consent or a statutory requirement.

4 — Lawful Bases for Processing

We process personal data on one or more of the following lawful bases permitted under the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR):

• Performance of a contract with you or to take steps at your request to enter into a contract;
• Compliance with a legal or regulatory obligation to which we are subject;
• Our legitimate interests, including but not limited to: administering our business, providing services, preventing fraud, maintaining the security and integrity of our systems, enforcing our contractual rights, managing relationships and conducting marketing and business development activities; and
• Where required, your consent — in limited circumstances where consent is necessary, we will obtain it and will document it in accordance with applicable law.

We will always endeavour to ensure that the processing is necessary and proportionate, and that individual rights are respected consistent with the lawful basis relied upon.

5 — Purposes of Processing

We collect and process personal data for the following purposes (including, without limitation):

• To provide, operate and maintain the Site and our services and to perform contractual obligations;
• To process and manage client engagements, transactions and trading activity;
• For client onboarding and anti-money-laundering, sanctions and Know-Your-Client checks required by law or regulation;
• For billing, collections, and financial reconciliation;
• To detect, prevent and respond to fraud, abuse, security incidents and other illegal activities;
• To communicate with you regarding the Site, our services, notices, changes to terms, and other operational matters;
• For recruitment, HR administration and management of job applications;
• For internal record keeping, audit, risk management, compliance and legal defence;
• For marketing, market analysis and business development, unless you have opted out where such an option is provided.

6 — Cookies and Similar Technologies

We and our service providers deploy cookies, pixels, web beacons, local storage and other tracking technologies to collect technical and usage data. Cookies enable essential Site functionality and help us improve the Site, analyze usage patterns and tailor content. You may manage cookie preferences through your browser settings or via any cookie preference mechanisms presented on the Site. Disabling certain cookies may impair Site functionality.

7 — Disclosure to Third Parties

We may share personal data with third parties only as strictly necessary and subject to appropriate contractual safeguards:

• Service providers and processors: hosting providers, payment processors, communications platforms, identity verification services, analytics providers and other vendors who support our business operations.
• Professional advisers: lawyers, auditors, accountants and other professional advisors on a confidential basis.
• Regulators and law enforcement: where disclosure is required or permitted by law, regulation, court order, subpoena, governmental request, or to protect our legal rights, clients or the public.
• Corporate transactions: in connection with any sale, merger, reorganisation, acquisition, financing, due diligence, or other corporate transaction, as permitted by law and subject to confidentiality and data protection obligations.
• Other third parties: where you instruct or consent to such disclosures.

We require third-party recipients to implement appropriate technical and organisational measures, and we enter into written data processing agreements where applicable.

8 — International Transfers

Personal data may be transferred to and stored in countries outside the United Kingdom. Where transfers involve jurisdictions not deemed to provide an adequate level of protection under UK law, we will implement appropriate safeguards such as standard contractual clauses approved under UK law, binding corporate rules, or rely on another lawful transfer mechanism. By using the Site and providing your data you consent to such transfers, subject to the protections described herein.

9 — Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, to comply with legal and regulatory obligations (including retention periods imposed by financial services regulation), to resolve disputes and enforce agreements, and for legitimate business purposes. Retention periods will vary by category of data and purpose; where practicable, we apply retention schedules and securely delete or anonymise data when no longer required.

10 — Security

We implement and maintain reasonable technical, physical and organisational security measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. Such measures are commensurate with the sensitivity of the data and prevailing industry standards. Notwithstanding these measures, no transmission over the internet or electronic storage can be guaranteed to be 100% secure; Longshanks Capital disclaims any absolute guarantee of security to the maximum extent permitted by applicable law.

11 — Your Rights

Subject to applicable law and legitimate exemptions, you may have rights concerning your personal data, including the right to: access, rectify, erase, restrict processing, object to processing, receive a copy of your data in a structured, commonly used electronic format, and lodge a complaint with a supervisory authority. Requests to exercise rights must be directed to the contact details on the Site; we reserve the right to verify the requester’s identity and to charge a reasonable fee where permitted by law for manifestly unfounded or excessive requests.

12 — Communications and Marketing

We may communicate with you regarding our products, services, events and research. Where required by law, we will obtain your consent before sending direct marketing communications, and we will provide clear mechanisms to opt out. If you opt out, we will cease marketing communications but may continue to send administrative messages relevant to services you receive.

13 — Automated Decision-Making and Profiling

Where we carry out any automated decision-making, including profiling, that produces legal effects or similarly significantly affects you, we will notify you and, where required by law, provide meaningful information about the logic involved, the significance and envisaged consequences of such processing, and the safeguards in place. In most circumstances, automated decisions are limited to risk scoring, transaction monitoring and compliance screening and are subject to human review where legally mandated.

14 — Minors

The Site is not directed to children and we do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected personal data from a minor without adequate parental consent, we will take steps to delete such data.

15 — Third-Party Links and Widgets

The Site may contain links to third-party websites, services or resources. Longshanks Capital is not responsible for the privacy practices or content of third parties. Linking to a site does not constitute endorsement. You should review the privacy policies of any third party before submitting personal data to them.

16 — Changes to This Policy

Longshanks Capital reserves the right to amend or update this Policy at any time. We will post updated versions on the Site and indicate the date of the latest revision. Material changes will be notified by conspicuous posting on the Site or by direct communication where appropriate. Your continued use of the Site following publication of changes constitutes acceptance of the revised Policy.

17 — Liability and Indemnity

To the fullest extent permitted by applicable law, Longshanks Capital, its officers, directors, employees, agents and service providers shall not be liable for any indirect, incidental, special, consequential or punitive damages arising from or relating to the collection, processing, storage or disclosure of personal data, or from your use of or inability to use the Site. Nothing in this Policy excludes or limits liability for death or personal injury caused by negligence, or for any other liability which cannot be limited or excluded under applicable law. You agree to indemnify, defend and hold harmless Longshanks Capital against any claims, liabilities, losses, damages, costs and expenses (including reasonable legal fees) arising from your breach of this Policy, misuse of the Site or violation of applicable law.

18 — Regulatory Compliance and Law Enforcement

We will cooperate with regulators, law enforcement authorities and courts to the fullest extent required by law. We may disclose personal data when required to do so by law, regulation, subpoena, court order or other legal obligation, or where we reasonably believe disclosure is necessary to protect our rights, property, or safety, or that of our clients, the public or third parties.

19 — Governing Law and Jurisdiction

This Policy and any disputes arising from or related to it or the processing of your personal data shall be governed by and construed in accordance with the laws of England and Wales. Subject to any mandatory legal requirements to the contrary, the courts of England and Wales shall have exclusive jurisdiction to resolve any such disputes.

20 — Contact and Complaints

If you have any questions, requests, complaints or wish to exercise any rights described in this Policy, please contact us using the contact information provided on the Site. If you remain dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another competent supervisory authority.

21 — Severability and Interpretation

If any provision of this Policy is held to be invalid, illegal or unenforceable in any respect under applicable law, such invalidity, illegality or unenforceability shall not affect the remaining provisions, which shall continue in full force and effect. Headings are for convenience only and do not affect interpretation.

22 — Acknowledgement

By using the Site or providing personal data to Longshanks Capital, you acknowledge that you have read and understand this Policy and consent to Longshanks Capital’s processing of your personal data as described herein, where consent is the lawful basis for processing.

This Policy is intended to set forth the principal terms governing Longshanks Capital’s handling of personal data and is drafted to reflect our rigorous approach to compliance, security and business continuity. For operational details, legal queries or to obtain a copy of specific contractual safeguards (including copies of any standard contractual clauses or other transfer mechanisms we employ), contact the Data Protection Officer via the contact details on our Site.