We respect your privacy

Last reviewed July 2024.

We respect the privacy of every individual whose personal information we may process including:

• clients, investors and the individuals that work for them or are engaged by them;
• counterparties, other third parties and the individuals that work for them or are engaged by them;
• candidates as part of our recruitment process; and
• individuals who may contact us, including through www.bluecove.com (our "Website") and/or by other methods.

This privacy policy sets out how BlueCove uses and protects your personal data.

1. Purpose of this Policy

This Privacy Policy explains our approach to any personal information that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal information. This Privacy Policy also sets out your rights in respect to our processing of your personal information.

This Privacy Policy will inform you of the nature of the personal information about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it.

This Privacy Policy is intended to assist you with making informed decisions when providing information to BlueCove, including through our Website and in relation to any of our products and/or services ("Products"), and/or understanding how your personal information may be processed by us. This Privacy Policy also includes how we comply with our obligations under the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018.

Please note that this Privacy Policy only applies to the use of your personal information obtained by us; it does not apply to your personal information collected during your communications with third parties.

2. Who are we and what do we do?

BlueCove Limited (“BlueCove”) is a scientific fixed income asset management firm registered in England and Wales with company number 11269446 and registered office at 10 New Burlington Street, Mayfair, London, W1S 3BE. BlueCove is authorised and regulated by the Financial Conduct Authority in the United Kingdom.

Our Website is operated by BlueCove ("we", "us" or "our"). The data controller for your personal information, that is either processed via our Website or that you communicate to us by email or other methods, is BlueCove.

If you have any questions about this Privacy Policy or want to exercise your rights as set out in this Privacy Policy, please contact us by:

• Sending an e-mail to dataprotection@bluecove.com; or
• Calling us on: +44 (0)203 146 1500

3. What personal information do we collect, why and how do we use it?

3.1. Clients, investors and other third parties

In relation to clients, investors and third parties and/or individuals working for (or engaged by) clients, investors and third parties (such as counterparties and service providers) we may process your personal information (as set out below) if provided to BlueCove. We may also keep your personal data on our Client Relationship Management (“CRM”) platform as appropriate.

We may collect personal information from you as set out below:

• name and job title;
• contact information including email address and phone number;
• demographic information such as postcode, preferences and interests; and
• other relevant information and/or data required for legal/regulatory/tax/business purposes.

The reasons for collecting this data may be for any one or a combination of the following:

• to verify your identity, as part of our Know Your Client (KYC) processes, which helps us to prevent fraud, money laundering, and other financial crimes;
• to conduct credit checks and assessments and to ensure that our interactions with you are secure
• for client relationship purposes and/or to develop and market Products;
• to carry out requests made by you; (iv) to investigate or settle inquiries or disputes;
• to comply with any applicable law or the requirements of a regulator regarding identification and verification;
• to enter into and/or enforce our agreements with you/third parties;
• to protect the rights, property or safety of us and/or third parties, including our clients, investors, counterparties and users of our Website;
• to provide support for the provision of said Products;
• for metrics; and
• to use as otherwise required or permitted by law and/or regulations.

3.1.1. Who do we share your personal information with for this purpose?

We may share personal information with a variety of the following categories of third parties as necessary, for example:

• Software as a Service and other technology providers and platforms (including our CRM and recruitment tools);
• if we are required to do so by law and/or regulation, to regulators/tax authorities/corporate registries;
• third party vendors/service providers (including cloud services, data storage, sales, marketing, investigations, and customer support);
• insurers;
• governmental bodies to the extent we are required to do so b a governmental body or my a law enforcement agency, or for crime prevention purposes (including fraud protection); in connection with any legal proceedings or in order to establish or defend our legal rights; and
• business sale if we sell some or all of our business or assets we may need to disclose your information to a prospective buyer for due diligence purposes.

Please note that this list is non-exhaustive and that there may be other examples where we need to share your information with other parties in order to provide Products and client-related services as effectively as we can, and to meet our legal, tax and regulatory obligations.

3.1.2. Our legal basis to use your personal information

The law requires us to have a legal basis for collecting and using your personal data. On a case by case basis, we rely on one of the following legal bases:

• Performing a contract with you: We may need your personal information to perform our obligations in accordance with any contract that we may have with you (or may enter into with you in the future);
• Legitimate business interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests,. This enables us to provide you with the best and most secure client experience. In doing so, we ensure compliance with laws and regulations that may require us to use or retain your personal information for purposes such as reporting, compliance checks or record-keeping. We continuously balance our business interests against your rights and interests, considering and mitigating any potential impact (both positive and negative) before we process your personal data for our legitimate interests.
• Legal Obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to for example, to prevent fraud and ensure compliance with legal and regulatory obligations. We will identify the relevant legal obligation when we rely on this legal basis;
• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose. We obtain your explicit consent by requiring you to express your willingness to allow us to process your personal data by clicking on the 'Agree' button on our 'Important Disclaimer' and the 'cookie banner' as you land on our site. This action demonstrates your active agreement to the use of your personal data for the purposes set forth therein.

3.2. Recruitment

If you are a candidate looking to work at BlueCove we may collect:

• your name and job title;
• your contact information including email address;
• your curriculum vitae, your education, employment history and similar information that you may provide to us; and
• any other information relevant to potential recruitment to BlueCove.

In particular, we may use your personal information for the following purposes:

• recruitment strategy;
• business administration;
• compiling metrics;
• providing feedback; and
• legal and regulatory purposes.

We collect and maintain personal information that you voluntarily submit to us during your use of our Website, via email or other method of communication with us.

We use your personal information for the following recruitment purposes:

• To assess your suitability for any position for which you may apply at BlueCove - whether such application has been received by us online, via our Website, a recruitment agency or email, or by hard copy or in-person application
• To review BlueCove's equal opportunity profile in accordance with applicable legislation. BlueCove does not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation.

All employment related decisions are made entirely on merit.

3.2.1. Who do we share your personal information with for these purposes?

We may share your personal information with third parties who assist us in carrying out our recruitment activity for example a recruitment agent that sends your CV to us and providing information to BlueCove's pre-employment screening provider.. We may also share your personal information with a variety of third-party service providers to assist us with insight analytics. We additionally utilise the services of the online technology tool Greenhouse to assist us in recruitment and in upholding UK GDPR standards.

3.2.2. What is our legal basis to use your personal information?

Where we use your personal information in relation to recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you, or where it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for BlueCove. We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent.

Where your personal information is completely anonymised, we do not require a legal basis to use it as the information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal information may be subject to other laws where your consent is required.

Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way that enables us to manage our business including servicing our clients and meeting our legal and regulatory requirements.

3.2.3. How do we obtain your consent?

Where our use of your personal information requires your consent, you can provide such consent:

• at the time we collect your personal information, following the instructions provided; or
• by informing us by e-mail, post or phone using the contact details set out in this Privacy Policy.

For more information, please see BlueCove's Candidate Privacy Notice available here: [insert link].

4. Third Party contractors and other controllers

As mentioned above, we may engage sub-contractor data processors as necessary to supportour services, such as outsourced providers and other third party vendors. Where we do so, they will process personal information on our behalf according to our instructions.. We conduct an appropriate level of due diligence and execute requisite contractual agreements with all sub-contractor to ensure that they process personal information in a manner that it is consistent withour legal and regulatory obligations.

Furthermore,we may appoint external data controllers where necessary. Where we do so, we will comply with our legal and regulatory obligations in relation to the personal information. This includes,without limitation, implementing appropriate safeguards to ensure any personal information is processed in compliance withour legal and regulatory obligations.

5. Extra-European Economic Area (EEA) Transfers

If you are based within the EEA, please note that we may transfer personal information to countries outside the EEA. We recognize that not all jurisdictions offer an equivalent level of protection for personal information as within the EEA. Where necessary to make such transfers, we will ensure compliance with our legal and regulatory requirements by establishing a lawful basis for transferring personal information and implementing appropriate safeguards to ensure an adequate level of protection for the personal information. This includes entering into contractual agreements that provide data protection rights and remedies for data subjects, utilizing mechanisms such as International Data Transfer Agreement (IDTA) adhering to the protection regimes of the destination country and applying any additional protective measures required to uphold the level of data protection mandated by the UK GDPR and the DPA 2018.

In every instance of international data transfer, we are committed to ensuring that your personal information is processed in line with the respective privacy laws and regulations applicable, prioritizing the protection and lawful handling of your data across borders.

6. How long do we keep your personal information for?

Regarding visitors to our Website and candidates, we will generally retain relevant personal information for up to 12 months from the date of our last interaction with you. However, this period may be longer (for example five years) where we are required to do so to meet our client, regulatory, legal and/or insurance obligations.

Regarding personal information that we may process in relation to clients and investors, we will retain relevant personal information for five years from the date of our last interaction or for longer where we are required to do so according to our regulatory or legal obligations.

7. Confidentiality and security of your personal information

We are committed to keeping the personal information provided to us secure and we will take reasonable precautions to protect personal information from loss, misuse or alteration.

We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:

• unauthorised access;
• improper use or disclosure;
• unauthorised modification; and
• unlawful destruction or accidental loss.

All of our employees, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes that have been set out in this policy), who have access to and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information.

8. How to access your information and your other rights

You have the following rights in relation to the personal information we hold about you. Please note that these rights are subject to certain exemptions which may be applicable to any request you make.

8.1. Your right of access

If you ask us, we'll confirm whether we're processing your personal information and, subject to any applicable exemptions, provide you with a copy of that personal information (along with certain other details) within the timescales, or extended timescales provided for by the UK GDPR, the DPA 2018 and the Information Commissioner's Office for complex requests. If you require additional copies, we may need to charge a reasonable fee.

8.2. Your right to rectification

If the personal information we hold about you is inaccurate or incomplete, you're entitled to have it rectified. If you are entitled to rectification and if we've shared your personal information with others, we'll let them know about the rectification where possible and where this would not involve disproportionate effort. If you ask us, where possible and lawful to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.

8.3. Your right to erasure

You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable because that was the legal basis on which we were processing your personal information). If you are entitled to erasure and if we've shared your personal information with others, we'll take reasonable steps to inform those others where possible and where this would not involve disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.

8.4. Your right to restrict processing

You can ask us to 'block' or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object. If you are entitled to restriction and if we've shared your personal information with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.

8.5. Your right to data portability

You have the right, in certain circumstances, to obtain the personal information you've provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.

8.6. Your right to object

You can ask us to stop processing your personal information and we will do so if we are:

• relying on our own or someone else's legitimate interests to process your personal information, except if we can demonstrate compelling legal, business and/or regulatory grounds for the processing; or
• processing your personal information for marketing in the future

8.7. Your rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it's based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

8.8. Your right to withdraw consent

If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.

8.9. Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you can report it to the Information Commissioner's Office (ICO) in the UK where your concern relates to BlueCove. You can find details about how to do this on the ICO website at https://ico.org.uk/make-a-complaint/ or by calling their office on 0303 123 1113.

If you want to exercise any of these rights you can do so by contacting us.

9. Collection of information by third-party sites and sponsors

Our Website contains links to other sites, owned and operated by third parties whose information practices may be different from ours. Visitors to our Website should consult the other sites' privacy notices as BlueCove has no control over information that is submitted to, or collected by, these third parties. If you decide to visit external websites, you will be subject to their privacy policies and practices. We encourage you to read the privacy statements of each website that collects identifiable information. This privacy statement applies solely to information collected by our website.

10. Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time.

To ensure that you are always aware of how we use your personal information, we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes, as required, to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Policy periodically to be informed of how we use your personal information. This privacy policy (Privacy Policy) will be reviewed at least annually.