Privacy Policy

Neptune Privacy Policy v011

Neptune Networks Ltd. (“Neptune”), is committed to compliance with data protection laws and this policy sets out our personal information gathering and sharing practices for the NeptuneService which is a data connectivity network supplying the highest quality bond pre-trade data from the sell-side to the buy-side via FIX workflows and includes https://live.neptunefi.com/(Neptune GUI). This Privacy Policy applies to our use of your personal information where we are acting as a Data Controller only – please see clause 6 for further information on this.

By submitting your information to us, you agree to the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided to you when we collect personal information from you.

Please note that if you do not provide your personal information to us, we may be limited in how we are able to provide our services to you.

This external facing application may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.

This Privacy Policy is intended to explain our privacy practices and covers the following areas:

1. What personal information about you we may collect

2. How we may use your personal information

3. Who we may disclose your personal information to

4. How we protect your personal information

5. Contacting us & your rights to prevent marketing and to access and update your personal information

6. Use of User Personal Data

7. Our Cookies Policy

8. How changes to this Privacy Policy and the Cookies Policy will be made

1. Information we may collect about you

1.1 We may collect and process the following personal information about you:

(a) Information you provide to us ►personal information that you provide to us, such as during the registration process to access and use theNeptune GUI including your name, address, other contact details and information provided as part of the Neptune GUI registration process;

(b) Credit and Anti-Fraud information ►information relating to your directors/employees financial situation, creditworthiness or any criminal or fraudulent activities provided to us by you or third parties including information which establishes your identity, such as driving licenses, passports and utility bills; information about transactions, credit ratings from credit reference agencies or information pooling groups; fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included;

(c) Your transactions ►details of transactions with us that you have made or initiated;

(d) Our correspondence ►if you contact us, we may keep a record of that correspondence;

(e) Device Information ►such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;

(f) Survey information ►we may also ask you to complete surveys that we use for research purpose. In such circumstances we shall collect the information provided in thecompleted survey;

(g) Your service usage ►details of the Neptuneservices you access through our Neptune GUI or through other channels and of the fulfilment of the services we provide; and

(h) Site and communication usage ►details of your visits to the Neptune GUI and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access

(i) Call recordings and CCTV► We may monitor or record our incoming or outgoing telephone calls with you to ensure accuracy, security, service quality, for training purposes and to establish a record of our communications. If you do not wish to have your call recorded, you have other options to conduct business with us such as online, or by contacting us in writing. We may record CCTV footage in and around our premises and other locations for the safety of our clients and employees, and to protect against theft, property damage and fraud.

2. Uses made of your personal information and justification of uses

2.1 We may use your personal information in the following ways. Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy.

An explanation of the scope of the grounds available can be foundbelow. For each use, we note the use ground that we rely on:

(a) To register you or your company as a user ►You will create an account by providing the relevant information as specified in paragraph 1.1(a) above. Use justification: consent, contract performance, legitimate interests (to allow us to onboard you as a user);

(b) To verify your identity, protect against fraud and manage risk►For all Users excluding Registered Users, to conduct KYC, AML and other checks on your directors/employees to decide whether to register you. We and other organisations may access and use certain information to prevent fraud, money laundering and terrorism as may be required by applicable law and regulation and best practice at any given time, including checking against sanctions, politically exposed persons (PEP) and other fraud or crime screening databases. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them. Use justification: consent, contract performance, legal obligations, legitimate interests (including to ensure you fall within our acceptable risk profile);

(c )To provide our services effectively to you ►to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products. This includes enabling you to access the NeptuneService and data located on the NeptuneService. Use justification: consent, contract performance, legitimate interests (to enable us to perform our obligations and provide services to you);

(d)To comply with legal or regulatory requirements, or as otherwise permitted by law ►we may process your personal information to comply with our regulatory requirements or dialogue with our regulators or defend or prosecute claims as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention ordetection of a crime. Use justification: legal obligations; legal claims; legitimate interests (to cooperate with law enforcement and regulatory authorities);

(e) To provide marketing materials to you ►to provide you with updates and offers, where you havechosen to receive these. We may use your information for marketing our own services to you by email, post and telephone and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 5.5 below. Use justification: consent (which can be withdrawn at any time -please see paragraph 5.1 below);

(f) To ensure the NeptuneGUI functions correctly ►to ensure that content is presented in the most effective manner for you and for your computer. Use justification: consent, contract performance, legitimate interests (to allow us to provide you with the content and services on the Neptune GUI);

(g) To understand our customers and to develop and tailor our products and services►we may analyze the personal information we hold in order to better understand our clients’ services and marketing requirements, to better understand our business and develop our products and services. Use justification: legitimate interests (to allow us to improve our services);

(h) To inform you of changes ►to notify you about changes to our service. Use justification: contract performance, legitimate interests (to allow us to continuously develop our services); and

(i)To reorganise or make changes to our business ►in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or reorganisation. We may also need to transfer your personal information to that reorganised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy. Use justifications: legitimate interests (in order to allow us to change our business).

3. Disclosures to third parties and justification of uses

We may transfer your personal information to third parties for the purposes set out below:

(a) To allow us to effectively provide our services to you, we may disclose your information to selected third parties ► We may permit selected third parties such as business partners, suppliers, service providers, agents and contractors to use your personal information, for the purposes set out in paragraph 2 above who will be subject to obligations to process such information in compliance with the same safeguards thatwe deploy. Use justification: contract performance, legitimate interests (to enable us to effectively provide our services to you);

(b) To comply with our legal obligations to law enforcement, regulators and the court service ► We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);

(c) To transfer your information when the structure of the business changes ►In the event that we (or a part thereof) are (i) subject to negotiations for the sale of its business or (ii) is sold to a third party or (iii) undergoes a reorganisation, you agree that any of your personal information which We hold may be transferred to that re-organised entity or third party and used for the same purposes as set out in this policy, or for the purpose of analysing any proposed sale or reorganisation. We will ensure that no more of your information is transferred than necessary. Use justification: legitimate interests (to allow us to change our business); and

(d) To conduct certain checks on you, such as KYC, credit checks and antifraud checks If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to the relevant authorities including credit reference agencies and fraud prevention agencies. We will also record this. Law enforcement agencies may access and use this information. We, and other organisations that may access and use information recorded by such agencies, may do so from other countries. Use justification: legal obligation, legal claims, legitimate interests (to assist with the prevention of crime and fraud).

Use justifications

We note the grounds we use to justify each use of your information next to the use in the Uses made of your personal information and justification of uses and Disclosures to third parties and justification of uses sections of this policy.

These are the principal legal grounds that justify our use of your information:

Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use.

Contract performance: where your information is necessary to enter into or perform our contract with you. Legal obligation: where we need to use your information to comply with our legal obligations.

Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

4. Transmission, storage and security of your personal information

4.1 We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your personal informationin our custody or control.

4.2 We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform. Security over the internet

4.3 No data transmission over the Internet or Neptune GUI can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.

4.4 All personal information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.Export outside the EEA

4.5 Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.

4.6 Where we transfer personal information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/dataprotection/internationaltransfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commissionapproved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

4.7 Please contact us if you would like to see a copy of the safeguards applied to the export of your personal information.

4.8 Our retention periods for personal data are based on business needs and legal requirements. We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose. For example, certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). When personalinformation is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

5. Your rights & contacting us

5.1 You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processingby checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in paragraph 5.7 below.

5.2 In relation to processing of criminal convictions data and politically exposed person data for the purposes of complying with our antimoney laundering obligations and to combat fraud we consider that our processing is permitted by the substantial public interest ground (to prevent or detect crime) but to the extent it is not you give and we rely on your consent to process that type of personal information. Although you have a right to withdraw such consent at any time, as we consider the processing to be necessary for us to provide our services its withdrawal (tothe extent the processing cannot be justified on substantial public interest grounds) may require us to cease to provide certain services.

5.3 If you have any questions in relation to our use of your personal information, you should first contact us asper the “Contacting us” section below. Under certain conditions, you may have the right to require us to:

(a) provide you with further details on the use we make of your personal information;

(b) provide you with a copy of personal information that you have provided to us;

(c) update any inaccuracies in the personal information we hold;

(d) delete any personal information that we no longer have a lawful ground to use; and

(e) restrict how we use your personal information whilst a complaint is being investigated.

You also have the right to:

(a )where processing is based on consent, withdraw your consent so that we stop that particular processing;

(b) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(c) restrict how we use your personal information whilst a complaint is being investigated.

5.4 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

5.5 If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office.

Updating information

5.6 We are committed to maintaining the accuracy of your personal informationand ensuring that it is complete and uptodate. If you discover inaccuracies in our records, or your personal information changes, please notify us immediately so that we can make the necessary changes. Failure to notify us of changes to your personal information may negatively impact the way we communicate or provide services to you. Where appropriate, we will advise others of any material amendments to your personal information that we may have released to them. If we do not agree to make the amendments that you request, you may challenge our decision as described in the “Contacting us” section below.

Contacting us

5.7 Neptune Networks Ltd is responsible for and is the “data controller” of your personal information processed by us under thisPrivacy Policy.

5.8 We can be contacted in relation to your rights or any questions you may have in respect of this Privacy Policy or our processing of your personal information at the following addresses: By email: privacy@neptunefi.com

5.9 By post: Neptune Networks Ltd, Cannon Place, 78 Cannon Street, London EC4N 6HL, United Kingdom

6. Use of User Personal Data

This Privacy Policy only covers our processing of personal information submitted via the Neptune GUI where we act as a “data controller” only.

7. Cookies

The Neptune GUI uses cookies to distinguish you from other users of the Neptune GUI. This helps us provide you with a good experience when you browse the Neptune GUI and also allows us to improve the Neptune GUI. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

8. Changes to our Privacy Policy and/or Cookies Policy

We may change the content of the Neptune GUI or services without notice, and consequently our Privacy Policy and/or Cookies Policy may change at any time in the future. We therefore encourage you to review it from time to time to stay informed of how we are using personal information.