Privacy notice

HAUSSMANN 1864 CAPITAL MANAGEMENT LLC
DATE LAST MODIFIED: March 2025

1. PURPOSE AND DATA CONTROLLER CONTACT DETAILS

This privacy notice (the “Notice”) is issued in the context of the operation of our website available at www.1864cap.com (the “Site”), and our asset management activities (collectively, the “Activities”). We provide such Activities to business clients and prospective business clients (“Clients”) along with business partners (“Partners”) in a business-to business context only.

This Notice outlines how Haussmann 1864 Capital Management LCC (a company incorporated in the State of Delaware under registered number 3677509 with registered address at 245 Park Avenue, 3th Floor, New York, New York 10167, United States (the “Company”, “we”, “us” or “our”) and our affiliates, as data controllers, use the personal data of individuals associated or connected with our Clients and/or Partners (including legal representatives, signatories, authorized personnel, directors, beneficial owners, trustees, other employees and associates) in the context of providing the Activities (“Associated Individual”, “you”, “your”). Please note that we do not typically offer financial products or services to individuals directly. However, to conduct our Activities we may collect some limited personal data about individuals by fair and lawful means, including through our Site.

Clients and Partners should ensure that any personal data they provide to us is accurate and up-to-date, should direct their respective Associated Individuals to this Notice (as applicable) and make sure they understand how we use their personal data as described herein, prior to our receipt of their personal data (either directly from them or from other sources). Clients and Partners should also draw the attention of relevant individuals to the Section 7 on their rights.

If you are a California resident, please also refer to Section 9 under Schedule 1 (Specific Local Data Protection Law Requirements) for information regarding our collection, use and disclosure of your personal data.

This Notice is effective as of the date it is posted as noted above. Any links that we provide to third-party websites or services are provided for your convenience and information. We do not own, operate, control or endorse such third-party properties and this Notice does not apply to any such unaffiliated sites or services. If you visit any linked third-party sites or services, please review any of their applicable privacy policies. We are not responsible for the content of such unaffiliated sites, any use of such sites or services nor the privacy practices of any third parties.

The security of your personal data is important to us. We employ technical, administrative, and physical security measures to protect any personal data you provide through the Site from unauthorized access or use. You should be aware, however, that “perfect security” does not exist on the Internet, and there is always the risk that unauthorized persons may access or use your personal information. You use the Site and send us such information at your own risk.

2. THE PERSONAL DATA WE PROCESS ABOUT YOU

2.1 Sources of Personal Data

We may collect personal data from a wide range of sources. Some of it may come directly from you and we may generate some of it or obtain it from publicly or commercially available sources, affiliated and non-affiliated third parties, company systems, benefits providers, service providers and other third parties.

2.2 Categories of Personal Data

In the course of our relationship with you, we may collect the following categories of personal data which we may collect only to the extent permitted under applicable laws for the operation of the Site or the Activities performed for you. The personal data may also vary based on jurisdiction:

• Identification data and contact details, g., name, work or personal address and phone number, email address, job title, date of birth, civil status, identity documents, government identifiers or login credentials;
• Transactional and financial information, g., bank account details, account balances, transaction history, performance details, signatory details;
• Communication data, g., telephone calls, emails, voice recordings, interaction logs (models sent to Client, Client account) between us and you;
• Technical data, g., IP address, web browser, device identification details, data from online information-collecting technologies such as cookies;
• Customer due diligence,g., ongoing/renewal of due diligence, financial crime risk management rating, external intelligence reports, screening alerts;
• Investigations data, g., due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content related to relevant exchanges of information between and among you, us and other organizations or individuals, including emails, voicemail, live chat;
• Information relating to complaints, g., documents relating to disputes/litigation (including legal strategy, document production, deposition and court transcripts); and
• Information that we need to support our regulatory obligations, g., transaction details, any suspicious and unusual activity and information about you.

3. PROCESSING PURPOSES

We process your personal data for different types of purposes in accordance with appliable law, including the following:

• Opening and administering accounts
• Registering users and providing access to the Site or services requested
• Fulfilling requests for products or services
• Providing research and associated services to deliver standard or ad hoc economic, financial or thematic studies
• Delivering customer services
• Management of the Securities trades
• Sending communications and administrative emails about the Site and our Activities
• Personalizing and better tailoring the features, performance, and support of the website and our services
• Administering our site as part of our efforts to keep it safe and secure
• Keeping conversations and communications with us for quality purposes
• Sending you business communications as an Associated Individual of our existing Clients and Partners on our own products and services, provided that you have not opted out
• Sending you business and promotional communications and emails about the Site, our Activities and our services and products as an Associated Individual of prospects, provided that you have opted in, if required by applicable law
• Organize presentations on topics of interest, to Clients and Partners, that can be delivered both physically and virtually, and later replayed
• Analyzing benchmark and conducting research on user data and user interactions with the Site and our services
• Sharing data in connection with corporate transactions such as a merger or the sale, reorganization, or liquidation of assets, businesses or corporate entities
• Managing mergers, acquisitions, re-organizations, asset sales, share sales, joint ventures and similar corporate transactions
• Managing of third-party repository
• Participating in the prevention and detection of fraud and related crimes, KYC management, managing information and executing tests, complying with anti-money laundering, terrorism and related legislation and complying with other legal and regulatory obligations
• Satisfying required legal or regulatory obligations and best practices
• Complying with any laws, procedures, and regulations applicable in the countries where we operate, including those related to disclosing personal data to legal and regulatory authorities and State, Federal or international government agencies

Some of the purposes listed in the above section may continue to apply even in situations where your relationship with us (for example, pursuant to a contract that we have entered into with our Clients or Partners) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any relevant contract). Please note that the legal basis, purposes and needs may vary depending on the jurisdiction in which your personal data is processed.

4. LEGAL BASES ON WHICH WE GROUND OUR PROCESSING OF PERSONAL DATA

We process your personal data on one or more of the following legal bases, as applicable in each case:

• in our legitimate interests such as to run a successful business, provide services to our Clients, maintain the business relationship with our Partners, protect our legal rights and defend ourselves against legal claims such as in the context of lawsuits to which we or our affiliates are a party, ensure the security of our assets and safety of individuals such as our personnel, and prevent and detect fraud.
• to comply with our legal obligations or any other industry legal or regulatory requirements to which we are subject (g. making declarations to social security / national insurance bodies, implementing controls and background checks implemented by regulators); or
• your consent, when required by applicable data protection

5. HOW LONG WE RETAIN YOUR PERSONAL DATA

Your personal data will be retained for the duration necessary to fulfil the purposes disclosed in this Notice, as updated from time to time when necessary, and for such subsequent period as necessary to comply with applicable laws in the jurisdiction in which the personal data is processed.

To determine the appropriate retention period for personal data, we consider:

• the amount, nature and sensitivity of the personal data;
• the potential risk of harm from unauthorized use or disclosure of personal data;
• the purposes for which we process personal data and whether we can achieve those purposes through other means;
• any applicable legal, regulatory or business recordkeeping requirements;
• any provision required or permitted by law or court order;
• our need to defend or pursue legal claims; and
• applicable industry standards and guidance.

You can find examples of data retention periods we apply for France under Section 1 of Schedule

3. In some circumstances, we may also anonymize the personal data so that it can no longer be associated with you, in which case we may use that information without further notice or restriction.

6. DISCLOSURE AND INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

6.1 Disclosures and transfers within the Company’s group

Your personal data may be accessible from and transferred to affiliates and subsidiaries of the Company in order to meet legal, regulatory, and contractual obligations, and for organizational, operational, and administrative management purposes.

6.2 Disclosures and transfers to third parties

Your personal data will, in certain circumstances, be disclosed or transferred to third parties for the purposes described under Section 3 (Processing purposes). These third parties include:

• external service providers (such as IT service providers or professional service providers), as may be necessary to perform our contract with you or in our legitimate interests to run a successful business;
• any financial institution, processing agent, finance- or credit-related companies or agencies (including but not limited to trustees, insurers, securities and investment companies) which have dealings with the Company; and
• law enforcement, government agencies, external advisors or any other third parties as we deem reasonably necessary to comply with laws, support investigations, or in our legitimate interests to protect the rights, property, or safety of you, us, or others.

The Company may also disclose your personal data to third parties in the event that the Company sells, transfers, merges, consolidates or re-organizes any part(s) of the Company’s business, merges with, acquires or forms a joint venture with, any other business, or sells or transfers any of its businesses or assets, in which case the Company may disclose your data to any prospective buyer, new owner, joint venture partner and/or subsidiaries or other third party involved in such change to the Company’s business.

To the extent that it is required under applicable laws, we will seek to obtain your consent to share your personal data with third parties, including where other affiliates of the Company are qualified as third parties under relevant jurisdictions.

6.3 International transfers of personal data

Given the global nature of our Activities, and in order to optimize quality of service, the communication of information may involve the transfer of personal data anywhere in the world. In any such case, we will implement appropriate measures to ensure that your personal data remains covered by provisions equivalent to, or as protective as, the laws in your home country, including by seeking to obtain your consent if required, in accordance with applicable data protection laws.

When we send or allow access to personal data outside the European Economic Area (“EEA”) or the United Kingdom (“UK”), we rely on the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum/Agreement, or any other relevant transfer safeguard as may be required under applicable data protection laws.

7. YOUR RIGHTS IN RELATION TO OUR PROCESSING ACTIVITIES

Subject to certain limitations under applicable laws, you have the following rights:

• Access: the right to access the personal data we hold about you and certain information about how we use it and who we share it with;
• Portability: in certain circumstances, the right to receive or ask us to provide your personal data to a third party in a structured, commonly used and machine-readable format, although we will not provide you with certain personal data if to do so would interfere with another individual’s rights (g. where providing the personal data we hold about you would reveal information about another person) or where another exemption applies (we can only do so where it is technically feasible; we are not responsible for the security of the personal data or its processing once received by the third party);
• Rectification: the right to rectify any personal data held about you that is inaccurate and to have incomplete data completed (g. by the provision of a supplementary statement);
• Erasure: the right to request that we erase the personal data we hold about you, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete your personal data from our records, unless an exception applies;
• Restriction of Processing to Storage Only: the right to require us to stop processing the personal data we hold about you other than for storage purposes in certain Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under Data Protection Law for us to do so (e.g. for the defense of legal claims or for another’s protection);
• Objection: in certain circumstances, the right to restrict or object to our processing of your personal data on grounds relating to your particular situation;
• Non-Discrimination: the right to not be discriminated against for exercising any of your rights as set forth in this Notice;
• Withdrawal of consent: where you have consented to the processing of your personal data, the right to withdraw your consent to the extent we rely on your consent for such processing; and
• Complaints: the right to complain to your relevant supervisory

If you are a California resident, please also refer to Section 9 of Schedule 1 for more information regarding your rights.

If you would like to exercise your rights or have any concerns about our processing of your personal data, please contact us at: AMER-DPR-INFO@sgcib.com.

For the United States only, you may also call us at +1-833-904-0800

The Data Protection Officer (“DPO”) oversees compliance with this Notice. If you have any questions about this Notice or how we handle your personal data, please contact the applicable DPO using the contact details above. We hope that our DPO can resolve any query or concern you raise about our use of your personal data. If the DPO is unable to resolve your concern, you can contact the supervisory authority in the country in which you reside, work or where you think an infringement of data protection laws has occurred for further information about your rights and how to make a formal complaint. You can find a list of the data protection supervisory authorities of the countries where we operate depending on our Activities under Schedule 2.

To the extent permitted under applicable data protection law, you may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. As part of our verification process, we may request that you provide us with the documentation specified under applicable law.

8. LOCAL LAWS AND REGULATIONS

Personal data protection requirements may vary depending on the jurisdiction in which your personal data is processed and the jurisdiction in which you are located. This Notice only applies to the extent it is not in contradiction with specific jurisdictional provisions listed under Schedule 1, which take precedence. For further information on the local data protection provisions that may apply to you (which will prevail in the case of a conflict with this Notice), please refer to Schedule 1 and/or contact us using the details provided in Section 7.

9. COOKIES AND OTHER SIMILAR TECHNOLOGIES

Cookies are pieces of information stored directly on the computer or mobile device that you are using. Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL and other aggregated Site traffic data. Please refer to our Cookie Policy for more information on the cookies we utilize.

10. UPDATES TO THIS NOTICE

This Notice may be amended or updated from time to time to reflect changes in practices, including with respect to collecting additional personal data, processing of personal data for new purposes, changes in applicable law, etc.

The date this Notice was last updated is indicated on the front page of the Notice. We recommend that you regularly review the Notice to be informed of any update and for the most recent information.

11. CHILDREN’S AND MINOR’S PRIVACY

Protecting the privacy of young children and minors is especially important. For that reason, we do not allow persons under 18 years of age to use the Site, and we do not knowingly collect or maintain information from persons under 18 years of age and no part of our products, services or the Site are directed to persons under 18 years of age. If you are under 18 years of age, then please do not use or access the Site or use our products and services, or otherwise provide us with any personal data, at any time or in any manner.

SCHEDULE 1

SPECIFIC LOCAL DATA PROTECTION LAW REQUIREMENTS

Given the international scale of our activities, and given that you may be located globally, local data protection provisions may apply to you. Please find below such local data protection provisions that may apply to you, which will prevail in the case of conflicting with the main body of the Notice.

1. CANADA

Application of this Notice

For the purposes of this Notice, “personal data” means information about an identifiable individual as described under Canadian privacy laws. Personal data does not include any business contact information that is solely used to communicate with you in relation to your employment, business or profession, such as your name, position name or title, work address, work telephone number, work fax number or work e-mail address.

This Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our Clients or Partners. In such cases, it is that Client or Partner’s privacy statement or notice that applies.

Your Consent

Notwithstanding Section 3 of this Notice, we process your personal data with your consent or as permitted or required by law. How we obtain your consent, including whether it is express or implied, will depend on the circumstances and the sensitivity of the personal data in question. Generally, we will seek your consent at the time we collect your personal data, either orally, electronically, or in writing.

If you wish to withdraw your consent to our processing of your personal data, please contact us. We will accommodate your request to withdraw consent, subject to legal or contractual restrictions. Withdrawal of your consent may mean that we will no longer be able to provide you with our products or services.

2. CHINA

If we process your personal data in the People’s Republic of China (PRC or China, for the purpose of this Notice, excluding Hong Kong, Macau and Taiwan), the following provisions apply to our processing of your personal data.

Legal grounds of our processing

The legal grounds that we rely on to process your personal data include only:

• Where we have obtained your consent;
• Where it is necessary to enter into a contract with you or to perform our obligations and exercise our rights under the contract we have with you;
• Where it is necessary to perform legal duties or comply with legal obligations; and
• Other legal grounds permitted by the applicable laws of China.

For the avoidance of doubt, if we are processing your personal data in China, we do not rely on “legitimate interest” as the legal basis for such processing.

The personal data we process may be subject to automated decision-making. If your personal data is subject to decisions that will have a significant impact on you based solely on automated decision- making, you have the right to request an explanation of the decision and to object to such automated decision-making.

Sharing of personal data

If we share your personal data with other data controllers (who autonomously determine the purposes and means of the personal data processing) due to a merger, division, dissolution, sale of business lines or assets or bankruptcy or for other similar reasons, we will inform you of the name and contact information of the recipient of the transferred personal data. In other cases where we share your personal data with other data controllers, we will inform you of the recipient’s name and contact information, the purposes and means of processing and the categories of personal data to be processed, and will reach out to obtain your separate consent.

If we share your personal data with data processors (who process your personal data at our command), we will reach an agreement with the data processor on the purposes, period and means of processing, the categories of personal data to be processed and the protection measures, as well as the rights and obligations of both parties, among others. We will supervise the personal data processing activities of the data processor.

International data transfers

We may transfer to and process your personal data outside China. The personal data that may be transferred and processed outside China may include the categories listed in the main text of the Notice, as applicable.

We observe applicable data protection laws and regulations when transferring your personal data outside China.

We will take all measures reasonably necessary and/or required by applicable data protection laws to ensure that your personal data is treated securely and in accordance with the Notice and applicable laws. We apply a level of protection to the personal data we process that is at least comparable to that in China, when we process such personal data outside China.

3. FRANCE

In accordance with the French Digital Republic Law of 7 October 2016, n°2016-1321, you have the right to define directives relating to the processing of your personal data after your death.

4. INDIA

Grievance redressal mechanism

If you find or have any grievances in relation to the collection, processing, storage, use, disclosure, and transfer of your personal data, or would like to exercise your rights under Section 7 of this Notice, please contact the Grievance Officer below:

• Heena MUKADAM
• Data Privacy Officer (DPO)
• Société Générale Global Solution Centre Ltd.
• 10th Floor Voyager Building, ITPB, Whitefield Road, Bangalore, India - 560
• Email: mukadam@socgen.com

5. ITALY

In accordance with Legislative Decree No. 196/2018, rights provided by the GDPR may not be exercised by a request to the data controller or by complaint pursuant to art. 77 of the GDPR if, from the exercise of those rights, actual and concrete prejudice may result to the interests protected by money laundering provisions.

6. JAPAN

In accordance with the Act on the Protection of Personal Information, you have the right to request to disclose the records of third party provision of your personal data.

Joint Use

In relation to Section 3 of the Notice, purposes of processing your personal data include our joint uses of your personal data in accordance with the following conditions set out below:

We may jointly use your personal data within the following scope.

• Items of personal data to be shared: Scope described in Section 2 of this
• Scope of joint users: We and our group companies, including Societe Generale Securities Japan Limited, Societe Generale Bank Tokyo Branch, Societe Generale Haussmann Management Japan Limited, Societe Generale Aircraft Leasing , Ltd., Societe Generale, Societe Generale Singapore, Societe Generale Global Solution centre, Societe Generale Securities (HK) Limited, Societe Generale International Limited, Societe Generale Americas Securities, LLC and other domestic and international group affiliates available on the Societe Generale Group website and AllianceBernstein L.P. and its subsidiaries.
• Purpose of use by the user: Scope described in Section 3 of this
• Name of party responsible for the management of personal data: Socuete Generale Securities Limited
• Name of Representative: Representative Director, Group Country Head, Japan, Bruno Gaussorgues
• Address: 1-1-1 Marunouchi, Chiyoda-ku, Tokyo

7. SINGAPORE

Withdrawing Your Consent

The consent that you provide, when required, for the collection, use and disclosure of your personal data in Singapore will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request that we stop using and/or disclosing your personal data for any or all of the purposes listed in Section 3 of this Notice by submitting your request in writing using the details provided in Section 7 of this Notice in respect of personal data collected, used or disclosed in Singapore.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 10 business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be able to continue providing our goods and services to you and we shall, in such circumstance, notify you before completing the processing of your request.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

8. SOUTH KOREA

8.1 Destruction of personal data

Personal data that fully served its purpose of collection and use, by means such as membership cancellation, service termination, and/or expiration of the retention period of personal information approved by the user, is destroyed to an irreversible state.

Personal data required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period.

Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration, while written information is shredded or incinerated.

9. CALIFORNIA, UNITED STATES

Please note, other sections of the Notice apply to California residents, please read the Notice above in its entirety. In particular, you are encouraged to read the following sections: Section 2 (The Personal Data We Process About You), Section 3 (Processing Purposes), Section 5 (How Long We Retain Your Personal Data), Section 6 (Disclosures And International Transfers Of Your Personal Data), Section 7 (Your Rights In Relation To Our Processing Activities), and Section 9 (Updates To This Notice).

9.1 Our Collection of the Personal Data of California Residents

In the past 12 months, we have collected the following categories of personal data relating to California residents. We do not necessarily collect all information listed in a particular category, nor do we collect all categories of information for all individuals.

• Identifiers: such as real name, alias, postal address, unique personal identifier, telephone number, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers.
• Transactions: records regarding the transactions you conduct with us, the communications between us and the requests you make.
• Internet and similar network activity: such as information about your interactions with or use of our websites, including the Site, applications, digital ads or other digital platforms.
• Professional or employment-related information: such as your current job or job
• Audio, electronic, or similar information: such as when you call us and subject to your
• Information that may be deemed “sensitive” under the CCPA: such as government identifiers, login credentials and access codes for your account.
• Inferences derived from the above

The categories of sources from which we collect the above personal data are set out in Section 2.1 of this Notice. The business purposes for which we collect the above personal data are set out in Section 3 of this Notice.

Each of the above categories of personal data may be disclosed for a business purpose to the categories of recipients listed under Sections 6.1 and 6.2 of this Notice as applicable.

We do not use or disclose sensitive data associated with you as a resident of California for purposes other than the limited purposes permitted by the CCPA.

As noted above, we also process personal data that has been aggregated and/or deidentified as those terms are defined by the CCPA. Where we process deidentified information, we take reasonable measures to ensure such information cannot be associated with a particular consumer or household, commit to maintain and use such information in anonymized form and not attempt to re-identify such information and contractually mandate third parties to whom we disclose such information to adhere to the same obligations.

9.2 “Sale” or “Sharing” of Personal Data.

We do not “sell” or “share” (as those terms are defined under the California Consumer Privacy Act “CCPA”) personal data, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we “sell” or “share” personal data of residents under 16 years of age.

9.3 Your California Rights and Choices

Visitors and Associated Individuals who are residents of California have the following specific rights under the CCPA:

• (a) Right to know about personal data collected or disclosed and data portability rights
  You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you upon request:
  • The categories of personal data we collected about
  • The categories of sources for the personal data we collected about
  • Our business or commercial purpose for collecting your personal
  • The categories of third parties to whom we disclose your persona
  • The specific pieces of personal data we collected about
• (b) Right to deletion
  You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and notify our service providers and/or contractors to delete) your personal data from our records, unless an exception applies.
• (c) Right to correction
  You have the right to request that we correct any inaccurate personal data that we maintain about you, taking into account the nature of the personal data and the purposes of the processing of the personal data. Once we receive and confirm your verifiable consumer request, we will use commercially reasonably efforts to correct the inaccurate information.
• (d) Exercising Access, Data Portability, Deletion, and Correction Rights
  To exercise these rights, please submit a verifiable consumer request to us by contacting us via email at AMER-DPR-INFO@sgcib.com or toll free at +1-833-904-0800. You will be asked to provide certain personal data when submitting your request including your relationship with us, first and last name, email address, telephone number, and postal address in order for us to determine if your information is in our systems.
  We will verify and respond to your request in accordance with applicable law. We may need to request additional personal data from you in order to protect against fraudulent or spoofed requests. If you want to make a request through an authorized agent on your behalf, you may use the submission methods noted above. As part of our verification process, we may request that you provide us with the documentation specified under applicable law.
• (e) Right to Non-Discrimination
  We will not discriminate against you for exercising any of your rights as set forth in this Notice.

SCEDULE 2

LIST OF DATA PROTECTION SUPERVISORY AUTHORITIES

In accordance with Section 7, you may exercise your rights and lodge a complaint to data protection supervisory authorities. Please find below a list of data protection supervisory authorities that may be applicable to you.

1. AUSTRALIA

Office of the Australian Information Commissioner
175 Pitt Street Sydney NSW 2000
Website: https://www.oaic.gov.au/

2. CANADA

Office of the Privacy Commissioner of Canada or the applicable provincial privacy commissioner
Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/en/contact-the-opc/
Office of the Information and Privacy Commissioner of Alberta: https://oipc.ab.ca/about-us/contact-us/
Office of the Information and Privacy Commissioner for British Columbia: https://www.oipc.bc.ca/about/contact-us/

3. CHINA

Cyberspace Administration of China
15 Fucheng Road, Haidian District Beijing 100048
+86 (010) 55636504
Website: https://www.cac.gov.cn

4. DENMARK

Datatilsynet
Carl Jacobsens Vej 35 DK-2500 Valby
Website: https://www.datatilsynet.dk/english/contact-us

5. DUBAI

The Commissioner of Data Protection
Dubai International Financial Centre Authority Level 14, The Gate
P.O. Box 74777
Dubai
United Arab Emirates
commissioner@dp.difc.ae

6. FINLAND

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Website: www.tietosuoja.fi

7. FRANCE

Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
Website: https://www.cnil.fr/fr/particulier

8. GERMANY

Der Hessische Datenschutzbeauftragte:
Gustav-Stresemann Ring 1, 65289 Wiesbaden,
Website: Startseite | https://datenschutz.hessen.de/

9. GREECE

Hellenic Data Protection Authority (HDPA)
Kifissias 1-3
115 23 Athens Greece
Website: https://www.dpa.gr/en

10. HONG KONG

Office of the Privacy Commissioner for Personal Data
2/F, Sunlight Tower
248 Queen’s Road East, Wan Chai
Hong Kong
Website: www.pcpd.org.hk

11. IRELAND

Data Protection Commission
21 Fitzwilliam Square South Dublin 2, D02 RD28
Ireland
Website: https://www.dataprotection.ie/en/contact/how-contact-us

12. ITALY

Garante per la protezione dei dati personali
Piazza Venezia, 11 – 00187 Roma (Italia)
+39 06.696771
protocollo@gpdp.it
Website: https://www.garanteprivacy.it/

13. JAPAN

Personal Information Protection Commission
Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100- 0013, Japan

14. NETHERLANDS

Autoriteit Persoonsgegevens
Postbus 93374, 2509 AJ DEN HAAG the Netherlands
privacy@autoriteitpersoonsgegevens.nl or
Website: https://autoriteitpersoonsgegevens.nl/

15. NORWAY

Datatilsynet
Postboks 458 Sentrum
0105 Oslo
Website: www.datatilsynet.no

16. POLAND

Office of the President for Personal Data Protection
Urzad Ochrony Danych Osobowych
Stawki 2
00-193 Warsaw Poland
kancelaria@uodo.gov.pl

17. SINGAPORE

Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City
Singapore 117438
Main Line: +65 6377 3131
Fax: +65 6577 3888

18. SOUTH KOREA

Personal Information Protection Commission:
209 Sejong-daero, Jongno-gu, Seoul 03171, Korea
Website: https://www.pipc.go.kr/eng/index.do

19. SPAIN

Agencia Española de Protección de Datos (AEPD):
C/ Jorge Juan, 6. 28001 – Madrid 900 293 183
https://www.aepd.es/

20. SWEDEN

Swedish Authority for Privacy Protection(Integritetsskyddsmyndigheten)
Box 8114
104 20 Stockholm
Sweden
Website: https://www.imy.se/

21. SWITZERLAND

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Berne
Website: https://www.edoeb.admin.ch/edoeb/en/home.html

22. TAIWAN

Personal Data Protection Commission:
5F., No. 77, Guanqian Rd., Zhongzheng Dist., Taipei City, Taiwan (R.O.C.)
Website: https://pipa.pdpc.gov.tw

23. UNITED KINGDOM

Information Commissioner’s Office (ICO):
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

https://ico.org.uk/

24. UNITED STATES

24.1 California

CalOPPA Complaint Form Privacy Notice: https://oag.ca.gov/privacy/caloppa/complaint-form/privacy-notice/

California Attorney General’s Office:
Phone: 916-322-3360;
Toll-Free Phone Number: 1-800-952-5225;
By Mail: https://www.peopleclerk.com/post/california-attorney-general-complaint
Online: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company

SCEDULE 3

DATA RETENTION PERIODS

1. FRANCE