PRIVACY NOTICE

1. This Privacy Notice (and as amended from time to time) (“Privacy Notice”) as posted on our website www.masttro.com in connection with the access and use of the Masttro Platform (the “Platform”), which is owned by Masttro Holdings AG (“Masttro”, “we”, “us”, or “our”). This Privacy Notice addresses our practices regarding information collected from Users of the Platform (sometimes referred to as “User”, “you” or “your”), but does not address information collected by other means or by our other websites. By using or accessing our Platform, you acknowledge that you accept the practices and policies described in this Privacy Notice. If you do not agree with our policies and practices, your choice is not to use our Platform.

If you have any questions concerning this Privacy Notice, please email us at privacy@Masttro.com.

2. Information of Platform Users. You have obtained rights to the Platform through a written and signed agreement with any of Masttro licensees or, alternatively, through a written and signed agreement with a third party client of any of Masttro licensees not related to or affiliated with Masttro (“Masttro’s Third Party Client”).

(a) In the event that you have been granted access to the Platform through a written and executed agreement with any of Masttro licensees, any personal information that you submit via the Platform and that, alone or in combination with other information, can identify you as a specific individual (“Personal Information”), is collected, stored and/or processed by means of a third party data center provided and hosted by Penta SA (www.penta.ch). Personal Information you submit for entry into the Platform is encrypted by the software prior to being uploaded, using encryption technology among the highest in the industry, and Masttro does not have the decryption key and cannot decrypt or read such Personal Information. The Platform is operated from Penta SA, a third party data center located in Switzerland. Penta’s server is in a location separate from Masttro and the Platform. Penta is obligated to us to ensure the security and protection of the personal information that they control and process, and to provide a compliant and consistent approach to data protection. Penta represents to us that it always has had robust and effective data protection in place which complies with existing law and abides by the data protection principles including the EU General Data Protection Regulation (“GDPR”) with respect to any encrypted or decrypted personal information that it receives. Masttro does not retain or collect, and does not have access to, any of unencrypted Personal Information you submit via the Platform as relating to your estate including assets and/or other financial information. The only unencrypted Personal Information that Masttro collects or retains or has access to is (i) information relating to billing and customer relations, including your name, address and information contained in your account profile, and (ii) the date, time and number of your logins to the Platform collected via your User ID. Masttro does not collect or retain any other Personal Information that could otherwise be collected through automatic data collection technologies, such as cookies, tracking, or other means. As to such unencrypted Personal Information Masttro collects or retains or has access to, Masttro is compliant with GDPR. In particular, as to such unencrypted Personal Information, Masttro uses such information only to provide you with the services for which you and we have contracted, for internal administration purposes, and for improving its services. Masttro will not disclose such information to any third party other than its service providers who provide Masttro with services related to Masttro’s services, and such service providers will have obligations of confidentiality. Masttro will not disclose, rent, sell, or transfer such information, other than as part of a potential sale of Masttro’s business, provided that Masttro may disclose such information where required to do so by law or government agency request. Masttro will delete such information if and when you terminate your agreement with Masttro, when Masttro has no further purpose (as described above in this paragraph) for retaining such information, but may retain such information as required by law.

(b) In the event that you instead have been granted access to the Platform through a written and signed agreement with Masttro’s Third Party Client, Masttro does not collect or retain, and does not have access to, any Personal Information that you submit via the Platform as relating to your estate, assets and/or other financial information. Personal Information is collected, stored and/or processed by Masttro’s Third Party Client by means of a third party data center provided and hosted by Penta, and Penta’s data center is in a location separate from Masttro and the Platform. Masttro’s Third Party Client and Penta are committed to ensuring the security and protection of the personal information that they control and process, and to provide a compliant and consistent approach to data protection. principles including the EU General Data Protection Regulation (“GDPR”) with respect to any encrypted or decrypted Personal Information that they receive. The only Personal Information that Masttro collects or retains or has access to are the date, time and number of your logins to the Platform collected via your User ID. As to such Personal Information Masttro collects or retains or has access to, Masttro is compliant with GDPR, as described above. Masttro also does not collect or retain any other Personal Information that could otherwise be collected through automatic data collection technologies, such as cookies, tracking, or other means.

(c) You consent to our using your email address to send you service-related notices, including any notices required by law, in lieu of communication by postal mail.

(d) You have the right to gain access to, correct, update, restrict, delete, be forgotten, suspend or object to processing of, or request data portability of such unencrypted Personal Information collected about you, subject to some exceptions and conditions. You have the right to receive a copy of and transfer such to another data controller. You have the right to object to certain types of processing of such information. You can opt-out of certain uses of such information. To exercise any of these rights, please contact us. We may process your information by personnel operating outside the European Economic Area who work for us or for one of our service providers. You agree that we may use sub-processors (as that term is defined in the GDPR), provided that we remain responsible for their acts and omissions and that they are under appropriate obligations under the GDPR. You may opt out of certain communications from us by contacting us. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or the like. You may not opt out of service-related emails.

3. Security Measures. Masttro’s Third Party Client and the third party data center provider employ technical, physical, and administrative security controls designed to secure Personal Information from accidental loss and from unauthorized access, use, alteration and disclosure. Nevertheless, because this information is transmitted over a public network, there can be no guarantee that your Personal Information, even if encrypted prior to transmission, will always remain secure. If you believe that an unauthorized person has accessed your Personal Information, please contact us immediately.

4. Global Transfers. By visiting or using the Platform, you consent to the transfer of the Personal Information the third party provider collects through the Platform to other countries, which may not have the same data protection laws as the country in which you reside.

5. Changes to the Privacy Notice. We reserve the right at any time to update this Privacy Notice. A link to our current Privacy Notice will always be on the login page of the Platform website and the updated Privacy Notice will be effective upon posting. You are responsible for periodically checking this link for updates. Your use of the Platform following any update means that you agree to follow and be bound by the Privacy Notice as updated. It is the obligation of users visiting the Platform before the change to learn of changes to the Privacy Notice since their last visit.

Dated: August 2018

DMS TJD 12991647v3