Privacy Policy

Last revised: August 2021

Lendable is committed to protecting your privacy and takes the privacy of your personal data very
seriously. We handle your personal data confidentially and in accordance with any applicable Data
Protection Laws. This Privacy Policy explains how we collect, maintain and handle personal data
and informs you about your rights pertaining to the processing of your personal data.

Definitions

– “Activities” means any of our activities related to a fund managed or advised by Lendable, an
application process or an employment at Lendable.

– “Lendable” means each and any subsidiary of Lendable Inc.

– “Data Protection Laws” means the EU General Data Protection Regulation and any other
applicable data protection regulation.

– “Processing” shall have the meaning provided in the applicable Data Protection Laws.

– “Personal Data” means any information relating to an identified or identifiable natural person, in
particular all information which you submit to Lendable via our Website, or that we collect from you in
the course of our activities or your application process as an employee of Lendable. This definition
incorporates any definitions provided in the applicable Data Protection Laws.

– “Products” means any of the funds managed or advised by Lendable.

Personal Data collected

In the course of our activities we may collect the following Personal Data:

– Professional contact data of representatives of clients (investors), prospects, investees (and some
of their clients) and service providers (such as name, given name, address, e-mail address,
telephone number, mobile number, company name, function, out-of-office information, gender, civil
status);

– Private contact and identification data of employees and applicants (such as name, given name,
address, e-mail address, telephone number, mobile number, birth date, nationality, social security
number, passport, ID);

– Personal and professional data of employees and applicants (such as data on spouses and
children, marital status, photographs of employees, resumes, diplomas, reference letters, grades,
assessments, reviews, criminal records, sanction listings, bank account details);

– Time management data of employees (such as absences and working hour logs);

– Location data of employees (such as WLAN positioning and IP-address);

– Personal and identification data of employees of an investees (such as passports, ID’s, CV’s or
other documents related to personal data).

How we collect Personal Data

We typically collect or obtain Personal Data directly from you or your authorized representatives
unless it is unreasonable or impracticable to do so. The collection of Personal Data usually takes
place as follows:

– If you use our website;

– If you complete an application form for one of our products;

– If you apply for a role at Lendable and during your employment

– At the occasion of communications or meetings between you and our employees or authorized
representatives;

– Through publicly available sources (such as credit reference agencies, due diligence databases
etc.).

Use of your Personal Data

We will only use your Personal Data within the scope of our activities and/or the fulfilment of our
contractual or statutory obligations. Personal data may be used by us for the following reasons:

– To communicate with you in relation to your current or planned investment (these communications may take place in various forms, including telephone, SMS, email and mail);

– To provide continuous service to you (such as the transmission of information or marketing
materials that may be of interest for you);

– To meet regulatory or internal record keeping requirements.

Please note that at any time you may opt-out of receiving marketing communications from us. In this
case, please contact us by using either the contact details below.

Sharing of your Personal Data

To provide you with the services you require and for the purposes set out above, your Personal Data
may be shared within Lendable or any third parties. As such some of your Personal Data may be
disclosed to Lendable Inc. in the context of our employee administration activities.

We also take reasonable steps to ensure that such third parties are bound by confidentiality and
privacy obligations in relation to the protection of your Personal Data. Such third parties may include:

– External service providers (such as IT services companies etc.);

– External advisors (such as accountants, administrators, lawyers, consultants, auditors);

– Other third parties where required, or allowed under law, or in connection with legal proceedings.

During the processing of some Personal Data as described above some Personal Data may be
transferred to a country outside of the US, namely one of our below mentioned subsidiaries. Such
countries may not have an adequate level of data protection as determined by the EU GDPR.
However, Lendable has established appropriate safeguards for such cross-border data transfers by
way of contractual mechanisms.

Keeping Personal Data Secure

We invest considerable resources to keep your Personal Data secure from misuse, loss,
interference, unauthorized access, modification or disclosure. Access to and the use of Personal
Data is regulated to prevent misuse or unlawful disclosure of such data. We use security procedures
such as firewalls, intrusion detection, anti-virus technology and password log-in to prevent
unauthorized access.

Retention of Personal Data

We retain information for as long as may be necessary to provide continuous service to you or to
meet any of our contractual obligations, and longer where required by law. When Personal Data is
no longer required by us, it is destroyed or de-identified.

Access and control of Personal Data

You may contact us by email or telephone and request access to your Personal Data. However,
please note that before providing you with access to information about you we will have to verify
your identity. Furthermore, please note that at time there may be a legal reason why we must deny
such access, in particular where granting access would interfere with the privacy of others or would
result in a breach of confidentiality. Should such access be denied we would provide you with the
reasons for any refusal in writing and the mechanisms available to complain about the refusal. There
may be some charge to you to access such information. However, there is no charge for making a
request or for making any corrections to your Personal Data.

Correction of your Personal Data

We endeavor to keep your Personal Data accurate, complete, up to date and relevant. For this
purpose we kindly ask you to let us know if any of your details change. If you believe that Personal
Data we store about you is incorrect, incomplete, inaccurate or misleading, you may ask us to
amend it.

Use of our website

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide
any assurance regarding the security of transmission of information or data you communicate to us
online. We also cannot guarantee that the information you supply will not be intercepted while being
transmitted over the internet. Accordingly, any Personal Data or other information which you transmit
to us online is transmitted at your own risk.

Cookies

We may use “cookies” to help us tailor our website to better suit your needs (e.g. we may use
cookies to enable us to save any personal preferences indicated by you) and to provide a more
effective route to various components of our website. If you choose to disable cookies, some of our
website’s functionality might be impaired. Cookies are small text files that are stored in your
computer’s memory and hard drive, in your mobile device or tablet when you visit certain web pages.
They are used to enable websites to function or to provide information to the owners of a website or
other third parties which receive data obtained from that website. This information might be about
you, your preferences or your device and is mostly used to make the site work as you expect it to.
The information does not usually directly identify you, but it can give you a more personalized web
experience.

Cookies help us to provide customized services and information. We use cookies to tell us, in
general terms, how and when pages in our websites are visited, what our users’ technology
preferences are and whether our website is functioning properly. Depending on their purpose, some
cookies will only operate for the length of a single browsing session, while others have a longer life
span to ensure that they fulfil their longer-term purposes (as explained in more detail below). Please
note that, however long a cookie’s active life may be, you can delete cookies (and therefore stop any
further data collection by them) as further described below.

If you are using a password-protected site, then the website may use cookies or other technology to
help us authenticate you, store and recognize your configuration and user attributes, facilitate your
navigation of the website and customize its content so that the information made available is likely to
be of more interest to you.

In broad terms, we use cookies on our website for the following purposes:

– Analytical purposes: Analytical cookies allow us to recognize, measure and track visitors to the
website. This helps us to improve and develop the way the website works, for example, by
determining whether site visitors can find information easily, or by identifying the aspects of the site
that are of the most interest to them.

– Usage preferences: Some of the cookies on the website are activated when visitors to our sites
make a choice about their usage of the site. Our website then ‘remembers’ the settings preferences
of the user concerned. This allows us to tailor aspects of the site to the individual user.

– Terms and conditions: We use cookies on the website to record when a site visitor has seen a
policy, such as this one, or provided consent, such as consent to the terms and conditions on our
website. This helps to improve the user’s experience of the site – for example, it avoids a user from
repeatedly being asked to consent to the same terms.

– Session management: The software that runs the website uses cookies for technical purposes
needed by the internal workings of our servers. For instance, we use cookies to distribute requests
among multiple servers, authenticate users and determine what features of the site they can access,
verify the origin of requests, keep track of information about a user’s session and determine which
options or pages to display in order for the site to function.

– Functional purposes: Functional purpose cookies store information that is needed by our
applications to process and operate. For example, where transactions or requests within an
application involve multiple workflow stages, cookies are used to store the information from each
stage temporarily, in order to facilitate completion of the overall transaction or request.

– Advertising: Advertising cookies allow us (or third parties) to monitor the behavior of users of our
website. This information is used to ensure that products and services highlighted to those
individuals are targeted in a focused and relevant manner (e.g. through advertisements on our
website or through advertisements on third party websites which are based on your experience with
our website) or to monitor the effectiveness of those digital marketing campaigns. We also monitor
whether the adverts displayed on our website are of interest to users and retain this information to
ensure that adverts seen by users of our website over a period of time are appropriate.

We may disclose details about the general use of our website to third parties (for example, to
demonstrate patterns of use to advertisers and other business partners). Information we pass on for
this purpose will not include any Personal Data by which you may be identified.

You can configure your browser to accept all cookies, reject all cookies, notify you when a cookie is
set, or delete cookies that have already been set. Each browser is different, so check the “Help”
menu of your browser to learn how to change your cookie preferences. You are always free to
decline our cookies if your browser permits, although in that case you may not be able to use certain
features on our website.

We may include content on the website designed for display using Adobe Flash Player, such as
animations, videos and tools. Local flash storage (often referred to as “Flash cookies”) can be used
to help improve your experience as a user. Flash storage is retained on your device in much the
same way as standard cookies, but is managed directly by your Flash software. If you wish to
disable or delete information stored locally in Flash, please see the documentation for your Flash
software, located at www.adobe.com. Please note that, if you disable Flash cookies, some site
functionality may not work.

When you visit our website, you may receive cookies that are set by third parties. The kind of
cookies and the consequent data processing carried out by such third parties are regulated by the
third party’s privacy policy. We do not control the setting of these third party cookies. You may wish
to check any such third party’s website for more information about their use of cookies and how to
manage them.

California Privacy Rights Reporting

Lendable has compiled the following data regarding US individuals who made personal information
requests under the California Consumer Privacy Act (CCPA) or otherwise from January 1 –
December 31, 2020. In accordance with CCPA Regulation § 999.317, this information is being made
available via the Lendable Privacy Policy on www.Lendable.io.

Contact

If you believe that your privacy has been breached, please contact our Data Protection Contact
Person using the contact information below and provide details of the incident so that we can
investigate it. We request that complaints about suspected breaches of privacy be made in writing,
which will also enable us to keep in touch with you in relation to your complaint.

If you have any questions or concerns about the privacy of your Personal Data, please contact our
Data Protection Contact Person as follows:

Email: DPCP@lendable.io

If you have contacted us and believe that we have not handled your matter properly, you may
contact the Data Protection Authority in the country where the Lendable company you are dealing
with is located and if such does not exist any other local authority bestowed with the responsibility of
the protection of data:

Changes to this privacy policy

We may modify or amend this privacy policy from time to time as we may deem necessary or as may
be required by law. Any changes will be immediately posted on the website and you are deemed to
have accepted the terms of the privacy policy on your first use of the website following the
alterations. Therefore we encourage you to periodically review this privacy policy to be informed
about how we are protecting your information.

August 2021