PRIVACY POLICY

This privacy policy (“Privacy Policy”) applies to any collection and processing of personal data carried out:

when you interact with www.justquant.co.uk (the “Site”) operated by Just Quants LTD; when you use or request services from Just Quants LTD; when you contact us with general or specific questions or requests; when we communicate with you as part of our service or marketing activities. By accessing and using this Site or otherwise providing us with your personal data, you confirm that you have read and that you understand the way we collect, process, use, and disclose your personal data as described in this Privacy Policy.

Who are we? We are Just Quants LTD (“we”, “our”, “us”), with Company Number 14953915. We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us via email at info@justquants.com.

We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure, and handled legally.

The Regulation We collect and process your personal data in accordance with all applicable data protection laws. If you live in the European Economic Area, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation, and in the UK, it is the Data Protection Act 2018.

The Supervisory Authority The Information Commissioner’s Office (ICO) in the UK is the relevant authority for us in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

What is personal data? Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).

Data collected by third parties This website is hosted by GoDaddy.com. The GoDaddy.com privacy policy can be viewed at: https://uk.godaddy.com/agreements/showdoc.aspx?pageid=PRIVACY and applies to this site.

Access to and sharing of data In addition to any circumstances described below, we may share any data we collect if we are required to share data with the legal authorities to fulfill our obligations under the law of England and Wales.

If we wish to access or share your data in any way not described in this privacy policy, we will contact you beforehand and only proceed with your explicit consent.

Data we collect and how we use it When submitting a form on this website, the submitted data is sent to us. We use this data to contact you in relation to your enquiry. Access to data we collect is limited to the members of our staff who require that data to perform their duties.

Accuracy It is important that the data we hold about you is accurate and current; therefore, please keep us informed of any changes to your personal data.

Children Data Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your child has provided us with Personal Data, without parental consent, please contact us, and we will take the necessary steps to remove that information from our server.

Consent For specific processing activities, we need to obtain your consent to collect and process your personal data. When we need your consent, we will ask you before you submit personal data or use the relevant services. If your consent is obtained through affirmative action in ticking the relevant box and you continue to use this Site, you agree to the processing activity at stake as described in this Privacy Policy. Our records of your acceptance of this Privacy Policy, the date thereof, and all future amendments to this Privacy Policy shall be regarded as conclusive and written evidence of your consent.

What are the consequences if I refuse to provide Personal Data? Except in relation to the surfing data, providing your personal data may be a requirement necessary to enter into or perform a contract, including for the performance of certain services and functionalities offered by the Site, such as subscription to the Site, replying to and managing requests for information, questions, communication, or feedback. In the above-referenced circumstances, refusal to provide your personal data would make it impossible for us to perform the contract or provide the requested services, products, or

information as specified above. Providing your personal data for survey, marketing, and other profiling purposes as specified below is optional; refusal to provide your personal data for these purposes will not have any impact on the entering into or performance of the contract. When requested, we will collect your prior consent before proceeding to processing your personal data for these purposes.

What data do we collect? We may collect data or ask you to provide certain data when you use our website and services. The sources from which we collect Personal Data are:

Candidates

personal and contact details (for example, your name, email address, date of birth, gender); personal and contact details you give us when subscribing to receive emails or marketing information from us; during pre-assignment vetting, we will request details from you, including your name, your work history, qualifications, contact details (such as email, telephone number, and home address), your right to work documents, details required for equality and discrimination legislation checks, and your personal preferences, choices, and requirements specific to particular requests or services; details of your education, employment history, bank details, and national insurance number, references, right to work, and other information you tell us about yourself (e.g., the information contained within your CV) when you engage with us for the provision of services; information from social media activity (such as likes, shares, and tweets) when you interact with us on social media; additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests. We may also collect sensitive Personal Information about you (including details of your physical or mental health, racial or ethnic origin, criminal allegations or offenses, trade union membership, and/or other sensitive Personal Information that you may choose to provide to us voluntarily from time to time).

Clients contact details or those of individuals at your organization (such as names, telephone numbers, and email addresses) to enable the provision of services and to facilitate our relationship with you, including relevant marketing. Employees

personal and contact details (for example, your name, email address, date of birth, gender); personal and contact details of your emergency contact and referees; during pre-employment vetting, we will request details from you, including your name, your work history, qualifications, contact details (such as email, telephone number, and home address), your right to work documents, details required for equality and discrimination

legislation checks, and your personal preferences, choices, and requirements specific to particular requests or services; details of your education, employment history, bank details, and national insurance number, references, right to work, and other information you tell us about yourself (e.g., the information contained within your CV); information from social media activity (such as likes, shares, and tweets) when you interact with us on social media; additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests. We may also collect sensitive personal information about you (including details of your physical or mental health, racial or ethnic origin, criminal allegations or offenses, trade union membership, and/or other sensitive Personal Information that you may choose to provide to us voluntarily from time to time. We link data, and if we have already collected some of your data, we will only ask you for the remaining data that is necessary to carry out the service contracted for.

What are the purposes for processing? Provision of the online offer, its contents, and Site functions. Provision of contractual services, service, and customer care. Answering contact enquiries and communication with users. Marketing, advertising, and market research. Security measures. What are the relevant legal bases for processing your data? The following informs you about the legal basis of us processing your data, and unless the legal basis is not specifically mentioned, the following applies:

Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. Contract – This is where we process your information to fulfill a contractual arrangement we have made with you. Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests, we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm. Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. Vital interests – This is where we process your information for communications about security, privacy, and performance improvements of our services. Or for establishing, exercising, or defending our legal rights.

How long will my personal data be processed? Personal data is not kept for longer than the time necessary to achieve the specific data processing purposes described herein, unless shorter or longer retention periods apply under applicable Laws.

When do we disclose your Personal Data? We disclose your Personal Data in response to your business enquiry or your request for information within our Company in order to provide the best service possible and within our legitimate interest.

We may share your information with organizations that help us provide the services described in this Privacy Policy and who may process such data on our behalf and in accordance with this Privacy Policy, to support this website and our services. For example, with our legal other professional advisors.

In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimization of our website which is subject to our Cookies Policy. We may disclose personal information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation, or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property, or personal safety of our staff, the website, and its users.

How do we protect your Personal Data? We are committed to protect the security and confidentiality of your personal data. We take – and require that any service provider and/or third party processor processing personal data on our behalf and on our instructions takes – appropriate technical and organizational measures to prevent loss and destruction, even accidental, of data, unauthorized access to data, unlawful or unfair use of data. Moreover, information systems and software programs are configured so that personal and identification data are used only when necessary to achieve the specific processing purpose from time to time sought.

We deploy a variety of advanced security technologies and procedures to help protect personal data against the risks outlined above. For example, personal data provided by users are stored on secured servers placed in controlled locations. Moreover, for the transmission of some data through the Internet are deployed encryption techniques such as the Secure Socket Layer (SSL) protocol.

However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect your personal data, we cannot guarantee that loss, misuse, or alteration of data will never occur.

What are my rights in relation to the processing of my personal data? Right of access – Subject to applicable law, you have the right to obtain confirmation from us as to whether or not personal data that concerns you is processed, and, if so, to request access to such personal data including, without limitation, the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right. If you request more than one copy of the personal data undergoing processing, we may charge a reasonable fee based on administrative costs.

Right to rectification – You have the right to request from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you also have the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’) – You have the right to request from us the erasure of personal data concerning you in certain circumstances as defined under applicable law. When your request falls within one of those circumstances, we will erase your personal data without undue delay. If, for technical and organizational reasons, we were not able to erase your personal data, we will ensure that it is fully and irreversibly anonymized so that we will no longer be holding such personal data about you.

Right to restriction of processing – In certain circumstances as defined under applicable law, you have the right to request the restriction of processing of your personal data. In such a case, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

Right to data portability – In certain circumstances as defined under applicable law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you may have the right to transmit that data to another controller or to have such personal data transmitted directly from us to another controller, where technically feasible.

Right to object – In certain circumstances as defined under applicable law, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us, and we can be required to no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment,

exercise, or defense of legal claims. This notably applies in the case of processing your personal data based on our legitimate interests or for statistical purposes.

Right to object to direct marketing – Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such direct marketing (including profiling related to such direct marketing).

Right not to be subject to a decision based solely on automated processing – Subject to certain restrictions, you have the right not to be subject to a decision based solely on automated processed, including profiling, which produces legal effects on you similarly significantly affects you.

Right to withdraw consent – If you have declared your consent for any personal data processing activities as described in this Privacy Policy, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the withdrawal of the consent.

International transfers Our main operations are based in the UK, and your personal information is generally processed, stored, and used within the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it were being used within the EEA.

Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:

The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries. Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA. Economic Analyses and Market Research In order to run our business economically, to identify market trends, customer and user wishes, we analyze the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors, and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing, and market research.

In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimize our offer and business efficiency and are not disclosed externally unless they are anonymous analyses with summarized values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from the conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

Collection of access data and log files On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address, and the requesting provider.

For security reasons (e.g., to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes is excluded from deletion until the respective incident has been finally clarified.

Online presences in social media We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.

Social Media Widgets We display sharing buttons so you can use social networking to share items from our site. It also includes the recommend buttons and other interactive programs that run on our site that collect your IP address, which page you are visiting on our site, and sets a cookie to enable the widget to function properly. Your interactions with these Widgets are governed by the privacy policy of the company providing them.

Changes to this Privacy Policy This Privacy Policy and our commitment to protecting the privacy of your personal data can result in changes to this Privacy Policy. Please regularly review this Privacy Policy to keep up to date with any changes.

We may occasionally make changes to this privacy policy. Following any changes, the date at the top of the privacy policy will be updated. If any change allows for the wider access to or sharing of data, such changes will only apply to data collected after the date of the updated privacy policy.

Queries and Complaints Any comments or queries on this policy should be directed to us using the following contact details.

Just Quants LTD
Company Number [14953915] [www.Justquant.co.uk] [Info@justquant.co.uk]

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the Information Commissioner’s Office.