Privacy Policy - Thesis Investment Group

This Privacy and Cookies Statement (“Privacy Statement”) describes how Thesis Investment Group, LLC and its related companies (collectively, the “Firm”) collects, uses, shares, and otherwise processes individually identifiable information about visitors to our websites, prospective or actual residents of our facilities, job applicants, investors, as well as contact persons of our corporate customers, business partners, vendors, and suppliers (“Personal Data”). This Privacy Statement applies to Personal Data that we collect through our Internet sites as well as through trade shows, seminars, conferences, and other off-line means.

Summary of Key Points

Collection: We collect name, contact details, and other Personal Data related to our commercial, employment, and residential relationships.
Use: We use Personal Data to perform transactions, register residents, assess job and resident applicants, respond to inquiries, manage accounts and maintain business operations, provide relevant marketing, and to fulfill other business and compliance purposes.
Sharing: We share Personal Data as necessary to perform transactions, register residents, respond to requests, and to fulfill other business and compliance purposes.
Marketing choices: You have control over how we use Personal Data for direct marketing.
Cookies: We use cookies on our website, and provide choices on use of cookies, including third party targeting and advertising.
Data subject rights: You have certain rights to request access, rectification, deletion, or other actions regarding your Personal Data where required by applicable law.
Information security: We maintain reasonable technical and organizational measures to protect Personal Data from loss, misuse, alteration, or unintentional destruction.
Cross-border transfers: We provide appropriate protections for cross-border transfers.
Other issues: We provide other information in this Privacy Statement about: (i) the legal basis for collecting and processing Personal Data, (ii) the consequences for not providing Personal Data, (iii) automated decision-making, (iv) do-not-track (DNT) signals, (v) data retention, (vi) links to third party websites, and (vii) changes to this Privacy Statement.
Contact us: Please contact us as detailed below with any questions.

1. Collection of Personal Data. We collect the following categories of Personal Data:

Basic Information: Name, title, company, region, job responsibilities, phone number, mailing address, email address, contact details, and any other Personal Data that you submit to us during the course of correspondence with us.
Resident Application/Registration Information: Data provided by resident applicants in connection with residential opportunities (e.g., name, date of birth, email address, contact information, guarantor information, bank information, income, debt, criminal history, employer information.
Registration Information: Newsletter and/or other alert requests, subscriptions, downloads, and registration to seminars, courses, or conferences.
Marketing Information: Data about individual participation in trade shows, seminars, and conferences, credentials, associations, product interests, query information, and preferences.
Job Applicant Information: Data provided by job applicants or others on our website or off- line means in connection with employment opportunities (e.g., name, resume, education history, employment history, certifications, salary requirements, contact details, work status authorization and references)
Compliance Information: Government identifiers and other compliance and due diligence data, to the extent required and permitted by applicable law.
Transaction Information: Transaction history, payment details, and performance data.
Device Information: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our website (Usage Information). Note, however, we do not consider Device Information to be Personal Data except where we can link it to you as an individual or where applicable law provides otherwise.

2. Use of Personal Data. We use the above categories of Personal Data for the following purposes:

Purpose of Use: Perform transactions and respond to your inquiries.
Categories of Personal Data Used: Basic Information, Registration Information, Transaction Information, and Device Information.
Purpose of Use: Assess and register potential and current residents.
Categories of Personal Data Used: Basic Information, Resident Application/Registration Information.
Purpose of Use: Manage your accounts and maintain our business operations.
Categories of Personal Data Used: Basic Information, Registration Information, Resident Application/Registration Information, Transaction Information, and Device Information.
Purpose of Use: Make our website more intuitive and easier to use and conduct research regarding opinion of customer services.
Categories of Personal Data Used: Device Information, Basic Information, Registration Information.
Purpose of Use: Protect the security and effective functioning of our website and information technology systems.
Categories of Personal Data Used: Basic Information, Registration Information, Transaction Information, and Device Information.
Purpose of Use: Provide relevant marketing.
Categories of Personal Data Used: Basic Information, Registration Information, Resident Application/Registration Information, Device Information, Transaction Information, and Marketing Information.
Purpose of Use: Address our compliance and legal obligations and exercise our legal rights.
Categories of Personal Data Used: Basic Information, Registration Information, Compliance Information, Transaction Information, and Device Information.
Purpose of Use: Consider individuals for employment and contractor opportunities and manage on-boarding procedures.
Categories of Personal Data Used: Job Applicant Information.

3. Sharing of Personal Data. We may share Personal Data with the following categories of recipients:

The Firm: We share Personal Data within the Thesis Investment Group, LLC group of affiliates and subsidiaries, in the United States, Europe, and Latin America as necessary for the purposes identified above. Please refer to Section 8 below on data transfers to the United States and Latin America from Europe.
Suppliers and service providers: We share Personal Data with suppliers and service providers, acting as data processors, to enable such parties to perform functions on our behalf and under our instructions to carry out the purposes identified above (e.g., information technology services, human resources and resident management services, statistical analysis). We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Data only on our behalf. A limited number of service providers will act as data controllers and will be contractually obligated to comply with applicable data protection laws, rules, and regulations.
Auditors, advisors, business partners, and financial institutions: We share Personal Data with auditors for the performance of audit functions, and with advisors for the provision of legal and other advice, with business partners to operate our business, and with financial institutions in connection with payment and other transactions.
Business reorganization: In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Data may be among the assets transferred. The acquirer of your Personal Data will inform you in accordance with and where mandated by applicable law. You acknowledge that such transfers may occur and are permitted by this Privacy Statement, and that any acquirer of our assets may continue to process your Personal Data as set forth in this Privacy Statement.
Mandatory disclosures and legal rights: Where mandated or permitted by applicable law, regulation or legal process, we will share Personal Data to comply with any subpoena, court order or other legal process, or other governmental request. We also share Personal Data to
establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims or prevent fraud.

If you have questions about the parties with which we share Personal Data, please contact us as specified below.

4. Marketing Choices. To the extent that we provide you with direct marketing communications, you have control regarding our use of your Personal Data for such reasons. If you no longer wish to receive any direct marketing communications, you can opt-out at any time. To do so, use the unsubscribe link within a marketing email received from us.

5. Cookies. We use and allow certain third parties to use cookies, web beacons, and similar tracking technologies (collectively, “cookies”) on our website.

What are cookies?

• Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing. Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognized when you return to a website. More information about cookies and how they work is available at www.allaboutcookies.org.

How do we use cookies?

We use cookies to provide the website and services, gather information about your usage patterns when you navigate this website to enhance your personalized experience, and to understand usage patterns to improve our website, products, and services. We also allow certain third parties to place cookies on our website to collect information about your on line activities on our website over time and across different websites that you visit. This information is used to provide advertising tailored to your interests on websites you visit, also known as interest-based advertising, and to analyze the effectiveness of such advertising.
Cookies on our website are generally divided into the following categories:
Strictly Necessary Cookies: These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies that are erased when you close your browser.
Analytical/Performance Cookies: These allow us to recognize and count the number of users of our website and understand how such users navigate through our website. This helps to improve how our website works, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies which are erased when you close your browser. We use Google Analytics, and you can see below for how to control the use of cookies by Google Analytics.
Functional Cookies: These improve the functional performance of our website and make it easier for you to use. For example, cookies are used to remember that you have previously visited the website and asked to remain logged into it. These cookies qualify as persistent cookies, because they remain on your device for us to use during your next visit to our website. You can delete these cookies via your browser settings.
Targeting Cookies: These record your visit to our website and the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the website and other websites you visit. These cookies qualify as persistent cookies, because
they remain on your device for us to use during your next visit to our website. You can delete these cookies via your browser settings. See below for further details on how you can control third party targeting cookies.

What are your options if you do not want cookies on your device?

You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain cookies. If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of this website, and you may be required to re-enter your log-in details.
To learn more about the use of cookies for Google analytics and to exercise choice regarding such cookies, please visit https://tools.google.com/dlpage/gaoptout.
To learn more about certain cookies used for interest-based advertising by third parties, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings if you have the DAA or other mobile application.

6. Data Subject Rights.
Where required by applicable law, you may have the right to obtain confirmation that we maintain certain Personal Data about you (and the right to verify its content, origin, to whom it is shared, and accuracy), as well as the right to access, rectify, erase, restrict processing (i.e., withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal), or port such data. In particular, you may have the right to object to our use of your Personal Data for direct marketing purposes, and certain other purposes, at any time. You may also have the right to lodge a complaint with the competent data protection supervisory authority. Note, however, that we may retain certain Personal Data as required or permitted by applicable law.

The application form for making a data subject rights request is available at www.thesisig. com/ under the “Privacy Policy“tab, alongside guidance for staff on the procedure for dealing with requests for personal information.

7. Information Security. We maintain reasonable technical and organizational measures in accordance with our Data Protection Policy, to protect Personal Data from loss, misuse, alteration, or unintentional destruction. However, no security measure can guarantee against compromise. You also have an important role in protecting your Personal Data. You should not share your username and password with anyone, and you should not re-use passwords across more than one website. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.

8. Cross-Border Transfers. We transfer Personal Data to various jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. We provide appropriate protections for any cross- border data transfers, including but not limited to those instances where required by applicable law for international data transfers. With respect to transfers originating from the European Economic Area (“EEA”) to the United States, we ensure that all agreements for such transfers include obligations on behalf of both Thesis Investment Group, LLC and the counter party which are appropriate to the sensitivity of the data to be transferred, and which account for the rights of the individuals’ whose personal data is to be transferred thereunder. Where required by applicable law, you may request a summary of the mechanisms we have in place by contacting us as detailed below

9. Other Issues.

(i) What is the legal basis of processing?

• Some jurisdictions require an explanation of the legal basis for collecting and processing Personal Data. We have several different legal grounds on which we collect and process Personal Data, including: (i) as necessary to perform a transaction (such as when we respond to your requests); (ii) as necessary to comply with a legal obligation (such as when we use Personal Data for record keeping to substantiate tax liability); (iii) consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies); and (iv) necessary for legitimate interests (such as when we act to maintain our business generally).

(ii) What are the consequences of not providing Personal Data?

• You are not required to provide all Personal Data identified in this Privacy Statement to use our website or to interact with us off-line, but certain functionality will not be available if you do not provide certain Personal Data. If you do not provide certain Personal Data, we may not be able to respond to your requests, perform a transaction with you, review your application, or provide you with marketing that we believe you would find valuable.

(iii) Do we engage in automated decision-making without human intervention?

• We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

(iv) How long do we retain Personal Information?

• We typically retain Personal Data related to marketing activities for as long as you accept marketing communications from us and upon request, we will securely delete such data in accordance with applicable law. For Personal Data that we collect and process for other purposes, as described above, we retain such Personal Data in accordance with our Records Retention and Protection Policy, and typically, for no longer than the period necessary to fulfill the purposes outlined in this Privacy Statement, and as otherwise needed to address tax, corporate, compliance, employment, litigation, and other legal rights and obligations.

(v) Are third party websites governed by this Privacy Statement?

• This website contains links and references to other websites (e.g., LinkedIn, Instagram, Twitter, Facebook) administered by unaffiliated third parties. This Privacy Statement does not apply to such third-party websites. When you click a link to visit a third-party website, you will be subject to that website’s privacy practices. We encourage you to familiarize yourself with the privacy and security practices of any linked third-party websites before providing any Personal Data on those websites.

(vi) How will we handle any changes to this Privacy Statement?

• We may update this Privacy Statement from time-to-time as our services and privacy practices change, or as required by law. The effective date of our Privacy Statement is posted below, and we encourage you to visit our website periodically to stay informed about our privacy practices. We will post the updated version of the Privacy Statement on our website and ask for your consent to the changes if legally required.

10. California Privacy Rights

Shine the Light. Under California’s “Shine the Light” law, California residents who provide certain personally identifiable information in connection with obtaining products or services for personal, family, or household use are entitled to request and obtain from us once per calendar year information about the information that we shared with other businesses for their own direct marketing uses. If applicable, this information would include the categories of information and the names and addresses of those businesses with whom we shared information for the immediately prior calendar year. To obtain this information, please contact us at dataprotectionofficer@thesisig.com with “Request for California Privacy Information” in the subject line and in the body of Your message. We will provide the requested information to you at your email address in response. Please be aware that not all information sharing is covered by the “Shine the Light” requirements, and only information on covered sharing will be included in our response. We may ask for additional information to verify your identity.
Do Not Track. Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we do not respond to DNT signals at this time.
Consumer Rights Notice. Under California Civil Code Section 1789.3, we are required to provide California residents with the following specific consumer rights information:
This website is owned and operated by Thesis Investment Group, LLC.
Unless otherwise expressly stated, this website is provided without charge.
To file a complaint regarding this website or to receive further information regarding use of this website, please send a letter to 8 East Huron, Chicago IL 60614 or contact us via email at dataprotectionofficer@thesisig.com. You also may contact the Complaint Assistance Unit of the Division of Consumer Services of California’s Department of Consumer Affairs in writing at 400 R Street, Suite 1080, Sacramento, California 95814 or by telephone at (916) 445 1254 or (800) 952 5210.

11. Contact Us. If you have questions or comments regarding this Privacy Statement or our privacy practices, please contact us at dataprotectionofficer@thesisig.com .

• Effective Date: September 1, 2024