This Privacy and Cookies Statement (“Privacy Statement”) describes how Thesis Investment Group, LLC and its related companies (collectively, the “Firm”) collects, uses, shares, and otherwise processes individually identifiable information about visitors to our websites, prospective or actual residents of our facilities, job applicants, investors, as well as contact persons of our corporate customers, business partners, vendors, and suppliers (“Personal Data”). This Privacy Statement applies to Personal Data that we collect through our Internet sites as well as through trade shows, seminars, conferences, and other off-line means.

Summary of Key Points

1. Collection of Personal Data. We collect the following categories of Personal Data:


2. Use of Personal Data. We use the above categories of Personal Data for the following purposes:


3. Sharing of Personal Data. We may share Personal Data with the following categories of recipients:


If you have questions about the parties with which we share Personal Data, please contact us as specified below.


4. Marketing Choices. To the extent that we provide you with direct marketing communications, you have control regarding our use of your Personal Data for such reasons. If you no longer wish to receive any direct marketing communications, you can opt-out at any time. To do so, use the unsubscribe link within a marketing email received from us.


5. Cookies. We use and allow certain third parties to use cookies, web beacons, and similar tracking technologies (collectively, “cookies”) on our website.

What are cookies?

• Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing. Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognized when you return to a website. More information about cookies and how they work is available at www.allaboutcookies.org.

How do we use cookies?

What are your options if you do not want cookies on your device?

6. Data Subject Rights.
Where required by applicable law, you may have the right to obtain confirmation that we maintain certain Personal Data about you (and the right to verify its content, origin, to whom it is shared, and accuracy), as well as the right to access, rectify, erase, restrict processing (i.e., withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal), or port such data. In particular, you may have the right to object to our use of your Personal Data for direct marketing purposes, and certain other purposes, at any time. You may also have the right to lodge a complaint with the competent data protection supervisory authority. Note, however, that we may retain certain Personal Data as required or permitted by applicable law.


The application form for making a data subject rights request is available at www.thesisig. com/ under the “Privacy Policy“tab, alongside guidance for staff on the procedure for dealing with requests for personal information.


7. Information Security. We maintain reasonable technical and organizational measures in accordance with our Data Protection Policy, to protect Personal Data from loss, misuse, alteration, or unintentional destruction. However, no security measure can guarantee against compromise. You also have an important role in protecting your Personal Data. You should not share your username and password with anyone, and you should not re-use passwords across more than one website. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.


8. Cross-Border Transfers. We transfer Personal Data to various jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. We provide appropriate protections for any cross- border data transfers, including but not limited to those instances where required by applicable law for international data transfers. With respect to transfers originating from the European Economic Area (“EEA”) to the United States, we ensure that all agreements for such transfers include obligations on behalf of both Thesis Investment Group, LLC and the counter party which are appropriate to the sensitivity of the data to be transferred, and which account for the rights of the individuals’ whose personal data is to be transferred thereunder. Where required by applicable law, you may request a summary of the mechanisms we have in place by contacting us as detailed below


9. Other Issues.

(i) What is the legal basis of processing?

• Some jurisdictions require an explanation of the legal basis for collecting and processing Personal Data. We have several different legal grounds on which we collect and process Personal Data, including: (i) as necessary to perform a transaction (such as when we respond to your requests); (ii) as necessary to comply with a legal obligation (such as when we use Personal Data for record keeping to substantiate tax liability); (iii) consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies); and (iv) necessary for legitimate interests (such as when we act to maintain our business generally).

(ii) What are the consequences of not providing Personal Data?

• You are not required to provide all Personal Data identified in this Privacy Statement to use our website or to interact with us off-line, but certain functionality will not be available if you do not provide certain Personal Data. If you do not provide certain Personal Data, we may not be able to respond to your requests, perform a transaction with you, review your application, or provide you with marketing that we believe you would find valuable.

(iii) Do we engage in automated decision-making without human intervention?

• We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

(iv) How long do we retain Personal Information?

• We typically retain Personal Data related to marketing activities for as long as you accept marketing communications from us and upon request, we will securely delete such data in accordance with applicable law. For Personal Data that we collect and process for other purposes, as described above, we retain such Personal Data in accordance with our Records Retention and Protection Policy, and typically, for no longer than the period necessary to fulfill the purposes outlined in this Privacy Statement, and as otherwise needed to address tax, corporate, compliance, employment, litigation, and other legal rights and obligations.

(v) Are third party websites governed by this Privacy Statement?

• This website contains links and references to other websites (e.g., LinkedIn, Instagram, Twitter, Facebook) administered by unaffiliated third parties. This Privacy Statement does not apply to such third-party websites. When you click a link to visit a third-party website, you will be subject to that website’s privacy practices. We encourage you to familiarize yourself with the privacy and security practices of any linked third-party websites before providing any Personal Data on those websites.

(vi) How will we handle any changes to this Privacy Statement?

• We may update this Privacy Statement from time-to-time as our services and privacy practices change, or as required by law. The effective date of our Privacy Statement is posted below, and we encourage you to visit our website periodically to stay informed about our privacy practices. We will post the updated version of the Privacy Statement on our website and ask for your consent to the changes if legally required.


10. California Privacy Rights

11. Contact Us. If you have questions or comments regarding this Privacy Statement or our privacy practices, please contact us at dataprotectionofficer@thesisig.com .

• Effective Date: September 1, 2024