PEXA – UK Privacy Policy

Page updated: May 2026
Version: 6.0

This policy is reviewed annually and was last reviewed in May 2026.

It is important that you read and retain this Privacy Policy, together with any related Privacy Notice in connection with our collection or processing of Personal Data about you, so that you are aware of how and why we are using such information and what your rights are under the UK Data Protection Legislation.

What is the purpose of this document?

“PEXA” is the trading name of Digital Completion UK Limited. Smoove Limited is a holding company which comprises the following wholly owned trading Subsidiary companies: United
Legal Services Limited, Legal-Eye Limited, and Amity Law Limited (Smoove Limited and its Subsidiaries, hereinafter “Smoove”). PEXA, Smoove, and Optima Legal Services Limited
(“Optima Legal“) are all owned directly by DigCom UK Holdings Limited, which is a wholly owned Subsidiary of PEXA Group Limited in Australia (ACN 140 677 792; ASX: PXA). PEXA
Group Limited and its wholly owned Subsidiaries, including Property Exchange Australia Limited, are hereinafter referred to as “PEXA Australia”.

For the purposes of this Privacy Policy, PEXA, Smoove and Optima Legal comprise the “UK PEXA Group”. In this Privacy Policy, where relevant, we refer to the UK PEXA Group as “we”,
“us”, or “our”. Separate privacy policies are in place for UK PEXA Group employees and job applicants.

In some circumstances a member of the UK PEXA Group operates as a Data Controller and in others as a Data Processor. When a member of the UK PEXA Group operates as a Data
Controller, the Data Controller is responsible for deciding how it collects, holds, uses, and shares personal information about you. When a member of the UK PEXA Group operates as a
Data Processor, the Data Controller is responsible for deciding how a member of the UK PEXA Group collects, holds, uses, and shares personal information about you.
PEXA, Smoove and Optima Legal may act as a Data Processor in relation to: (i) the receipt of Personal Data of individuals directly from lenders, law firms or other third-party business
partners; and (ii) which such Personal Data requires a member of the UK PEXA Group to execute services on behalf of such lenders, law firms and other third-party business partners.
When acting as a Data Processor, PEXA, Smoove and Optima Legal will process Personal Data solely on the instructions of the relevant third party.

PEXA, Smoove and Optima Legal may act as either or both a Data Controller and a Data Processor in relation to: (i) the receipt of Personal Data directly from you; and (ii) which such
Personal Data requires a member of the UK PEXA Group to execute services on behalf of lenders, law firms and/or other third-party business partners, or in order to facilitate the
provision those services.

This UK Privacy Policy makes you aware of how and why your Personal Data will be used, and how long it will usually be retained for. It provides you with certain information that must be
provided under the UK General Data Protection Regulation (“UK GDPR”) as defined below.

Data Protection Principles

Each member of the UK PEXA Group will comply with data protection law and principles so your data will be:

• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in
any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.

Data Controller

Each member of the UK PEXA Group will respect your privacy and will only use information for specified and lawful purposes under current UK Data Protection Legislation. We collect and
use this Personal Data to provide our Services to you. If you do not provide the Personal Data when we ask, it may delay or prevent us from providing the Services.

The UK PEXA Group offers cross business support to each of its other members to ensure suitable, adequate and robust business and operational support and performance. By using any
of the UK PEXA Group’s Services, Website and Platforms, or when you provide information when registering for Events that we host, you consent to the collection, use and sharing of your
data including Personal Data as described in this Privacy Policy. We rely on various legal bases for processing as set out in the ‘Legal Basis’ section below.

Our Services, Websites and Platforms, are not intended for children and we do not knowingly collect personal information relating to children.

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing queries in relation to this Privacy Policy across the members of the UK PEXA Group. If you have
any queries, including those relating to a request to exercise your rights to the Data Controller, of the relevant member of the UK PEXA Group please contact the DPO with the following
details

Name	Address	ICO Registration Reference	Contact Email
PEXA	Suite 5a, West Village, 114 Wellington Street, Leeds, West Yorkshire, LS1 1BA	ZB100560	[email protected]
Optima Legal	Suite 5a, West Village, 114 Wellington Street, Leeds, West Yorkshire, LS1 1BA	Z9505406	[email protected]
Smoove Limited	Masters Court, Church Road, Thame, OX9 3FA	ZA207233	[email protected]
United Legal Services Limited	Masters Court, Church Road, Thame, OX9 3FA	Z8620385	[email protected]
Legal-Eye Limited	Masters Court, Church Road, Thame, OX9 3FA	Z326776X	[email protected]
Amity Law Limited	Paragon House, Paragon Business Park, Chorley New Road, Horwich, Bolton, BL6 6HG	ZA095642	[email protected]

What is Personal Data

Personal Data is defined by the UK GDPR and the UK Data Protection Act 2018 (collectively, “UK Data Protection Legislation”) as any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.

Put simply, Personal Data is any information about a Data Subject that enables them to be identified. Personal Data covers information such as a Data Subject’s name and contact details, but it also covers identification numbers, electronic location data, and other identifiers.

Definitions

Automated Decision-Making (ADM) means when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects
an individual. The UK GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing.

Consent means agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a
clear positive action, signify agreement to the Processing of Personal Data relating to them.

Controller means the person or organisation that determines when, why and how to process Personal Data. They are responsible for establishing practices and policies in line with the UK
GDPR.

Consumer means a direct client of mortgage brokers, mortgage lenders, banks or law firms.

Customer means mortgage brokers, mortgage lenders, banks or law firms, or other relevant third-party business partners.

Data Subject means an individual, identified or identifiable natural person about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal
rights regarding their Personal Data.

Data Privacy Manager (DPM) means the UK PEXA Group’s Data Protection Officer, or such other person appointed by any member of the UK PEXA Group who is responsible for data
protection compliance within the UK PEXA Group.

Other Technologies means any software, applications, platforms, systems, tools or technologies (including cloud-based, hosted or third-party services) used by or on behalf of the UK PEXA Group in connection with providing the Services, including, without limitation, collaboration and productivity software (e.g. Microsoft 365), communication tools (e.g. Slack), video conferencing
platforms (e.g. Zoom), artificial intelligence or automated processing technologies (e.g. ChatGPT), digital signing solutions (e.g. Docusign)and any other technologies providing similar or related
functionality, whether now existing or developed in the future.

Personal Data means any information relating to an identified or identifiable natural person (Data Subject). It does not include data where the identity has been removed (anonymous data),
e.g. Personal Data rendered anonymous in such a manner that the Data Subject is no longer identifiable.

Personal Data Breach means any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative
or organisational safeguards that we or our third-party service providers put in place to protect it. The accidental or unlawful destruction, loss, or unauthorised access, disclosure or
acquisition, of Personal Data is a Personal Data Breach.

Process or Processing means operation or set of operations which is performed on Personal Data or on sets of Personal Data whether or not by automated means, such as collection,
recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction.

Subsidiary has the meaning given to it under s1159 of the Companies Act 2006.

UK GDPR means the General Data Protection Regulation ((EU) 2016/679) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the
European Union (Withdrawal) Act 2018 as modified by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI
2019/419). Personal Data is subject to the legal safeguards specified in the UK GDPR. The UK GPDR is supplemented by, and must be read in conjunction with, the Data Protection Act 2018
(“DPA 2018”). The DPA 2018 sets out separate data protection rules for law enforcement authorities, extends data protection to some other areas such as national security and defence,
and sets out the Information Commissioner’s functions and powers.

The Data We Collect

The members of the UK PEXA Group will collect Personal Data only when we have a valid legal basis to do so including for legitimate business reasons. The members of the UK PEXA Group
may rely on your consent or that the Processing is necessary to fulfil our contractual arrangements. The members of the UK PEXA Group also collect Personal Data from you either
directly or indirectly, when using any of the UK PEXA Group Services, Website or when the UK PEXA Group’s Platforms are accessed. Through the use of the UK PEXA Group’s Services,
members of the UK PEXA Group may also collect Data Subject information, including but not limited to:

• name, job title / details, contact details (e.g. personal or business address, personal or corporate email, telephone number(s), etc.), username and password;
• date of birth;
• photo ID;
• occupation information, including employer, job title, salary and copy wage slips/P60’s;
• National Insurance Number;
• borrower(s) and associated property information;
• financial, banking or other payment information or copy bank statements;
• PEXA Pay’ payee / beneficiary information;
• information necessary to process and analyse documents such as title deeds for lodgement purposes, enable payment transactions, or other information required to
  deliver our core Services;
• technical information as a result of configuring the Services, including IP addresses, geographic location, browser-type, device-type, operating system, date and time
  stamp;
• other information including the interactions you may have with customer support; and,
• other documents to evidence source of funds (e.g. information about investments, inheritance, sale of property, gifts from third parties etc).

For the remainder of this Privacy Policy, “data” and “Personal Data” refer to both Customer and Consumer related Personal Data.

Special Category and Criminal Offence Data

In limited circumstances, we may process special category data (such as biometric data used for identity verification) or criminal offence data for the purposes of preventing fraud, money
laundering and financial crime. Where we process such data, we rely on Article 9(2)(g) UK GDPR and Schedule 1 of the Data Protection Act 2018 (substantial public interest), including preventing
fraud and complying with anti-money laundering obligations.]

How We Use Data

The members of the UK PEXA Group use data for a variety of purposes, such as:

• delivering its Services and providing the latest product enhancements;
• processing transactions necessary for property completion;
• optimising customer experience;
• providing customer support for our Services;
• security and fraud prevention;
• analytical purposes;
• performance of our contractual arrangements; and,
• complying with applicable laws or legislation.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Data Retention

The members of the UK PEXA Group will only retain Personal Data for as long as necessary to fulfil the purposes for which the information was collected as described in this Privacy Policy,
or as required by law. Where the relevant members of the UK PEXA Group are acting as the Data Processor, this will be in line with its contract with the Data Controller. Where the relevant
members of the UK PEXA Group are acting as the Data Controller, it will carefully consider retention periods and work to retain Personal Data for the shortest possible period under
existing law or best practice. After this period, the relevant members of the UK PEXA Group will securely destroy your personal information in accordance with its data retention schedule.

Data Security

The UK PEXA Group has put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know and they will only process your Personal Data on the relevant member of the UK PEXA Group’s instructions and they are subject to a duty of confidentiality.

The UK PEXA Group has robust procedures in place to deal with any suspected Personal Data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

How We Use Your Personal Data

Legal Basis

The law requires us to have a legal basis for collecting and using your Personal Data. The relevant members of the UK PEXA Group rely on one or more of the following legal bases:

1. Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
2. Legitimate Interests or Legitimate Business Purposes: We may use your Personal Data where it is necessary to conduct our business and pursue our legitimate interests across the UK PEXA Group. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your Personal Data for our legitimate Interests or legitimate business purposes. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
3. Legal Obligation: We may use your Personal Data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on that legal basis.
4. Consent: We rely on consent only where we have obtained your active agreement to use your Personal Data for a specified purpose.

Legitimate Interest

We process personal data where it is necessary for our legitimate interests, including operating and improving our services, mandated record-keeping, supporting business
operations across the UK PEXA Group, ensuring security and fraud prevention, legal, regulatory and compliance requirements and developing new products and services.

We may collect, use, share and store anonymised (or pseudonymised) and aggregated data for analytics, metrics, reporting and other legitimate business purposes.

Purposes for Which We Will Use Your Personal Data

The primary reason for processing Personal Data is to allow us to provide Customers with our Services. The following are some examples, although not exhaustive, of what else we may use
your information for:

• Performing Financial Crime related due diligence, including verifying your identity and
  (where applicable) verifying Source of Funds.
• Keeping financial records of your transaction and the transaction we make on your
  behalf.
• Responding to any complaint or allegation of negligence against us.
• Complying with legal obligations and regulatory requirements.
• Keeping you informed about your use of the Services.
• Creating and managing user accounts.
• Providing and personalising our services and products.
• Processing transactions and sending related information.
• Sending updates or service-related communications.
• Sending marketing and promotional communications, subject to your preferences ..
• Conducting surveys and market research.
• Analysing usage patterns and trends to improve our Services and products.
• To conduct research and analysis to better understand our users and their needs.

Cookies, Artificial Intelligence(Al) and Other Technologies

• The UK PEXA Group’s Websites or Platforms may use Cookies and Other Technologies to help us safely authenticate users, understand visitor / user behaviour, for security
  and fraud prevention purposes, and/or to inform us about which parts of the Websites visitors go to.
• Cookies are text files containing small amounts of information that are transferred and stored to your device when you visit one of our Websites. Cookies are then sent back to
  us on each subsequent visit, or to another Website that recognises that cookie. Cookies are useful because they allow us to recognise a user’s device and to remember a user’s
  actions and preferences over a period of time and improve your experience the next time you visit. the UK PEXA Group considers the information collected from Cookies as
  non-Personal Data; however, IP addresses or similar identifiers are considered as Personal Data. Information is collected and used by us in accordance with this Privacy
  Policy and the relevant Cookies Policies for each UK PEXA Group entity accessible via the relevant Websites.
• The UK PEXA Group may use artificial intelligence and machine learning tools including but not limited to supporting certain operational and internal business functions,
  improving internal processes, enhancing service delivery, generating internal documentation, reports, and communications to support administrative and operational
  functions, conducting internal analysis, and supporting innovation initiatives in order to provide the Services.
• Where Personal Data is used, it will be limited to what is necessary and subject to appropriate safeguards, including anonymisation or pseudonymisation where possible,
  human oversight, and strict access control
• Al tools are not used to make solely automated decisions about identifiable individuals, nor are they used to profile individuals. We do not engage in automated decision-making.
  We follow ISO27001 standards to maintain a robust framework.
• If you have any questions about our use of Al technologies, please contact our Data Protection Officer using the contact details provided in this Privacy Policy.

Sources of Information

Information about you may be obtained from a number of sources, including:

• Information provided by your appointed law firm in order to process your conveyancing transaction.
• Information obtained from HM Land Registry, for example, title documentation for the purposes of ascertaining ownership of a property.
• Organisations that have referred work to us (e.g. mortgage lenders).
• Information that you may volunteer about yourself.
• Information shared by business partners, affiliates, and service providers.
• Information available from public databases, and other public records.

Location Data

• When you use the UK PEXA Group Platforms, we may receive technical data about the device used to access the Platform, including device ID, operating system, browser
  type, IP address, and location (collectively, “Device Data”). Device Data may be used as part of our technical and organisational security measures which are used to identify
  the device and log and authenticate users accessing our Websites or Platforms. Device Data may be shared, along with information about any fraudulent transactions using the
  device with our Sub-Contractors. They may compare and add the Device Data, and any fraud-related data, to a database to identify and block access to our Websites or
  Platforms by devices that have performed questionable or fraudulent activity.

Sources of Information

Information about you may be obtained from a number of sources, including:

• Information provided by your appointed law firm in order to process your conveyancing
  transaction.
• Information obtained from HM Land Registry, for example, title documentation for the purposes of ascertaining ownership of a property.
• Organisations that have referred work to us (e.g. mortgage lenders).
• Information that you provide about yourself.
  Information shared by business partners, affiliates, and service providers.
• Information available from public databases, and other public records.
  Information obtained from your activity on our Websites when you engage with us.

Disclosures of Your Personal Data

There may be circumstances, in carrying out our Services, where we may need to disclose some information to third parties subject to relevant consents where required; for example:

• The firm of solicitors acting for you or another party in respect of your conveyancing
  transaction;
• Mortgage brokers, estate agents and home builders with whom you are interacting
  with;
• HM Land Registry to register a property;
  HM Revenue & Customs, e.g. for Stamp Duty Liability;
  ClearBank Limited (our transaction banking partner);
• Microsoft (Office 365);
  Contracted suppliers, e.g. Amazon Web Services, LexisNexis, ThoughtWorks Australia Pty Limited, CTM Professional Services Pty Limited;
• Suppliers engaged to provide telephony services, document automation/printing services and digital signing solutions;
• PEXA (where members of the UK PEXA Group engage PEXA as a supplier of technology via the PEXA Platform);
• Banks or Building Societies; or other financial institutions, e.g. to redeem an existing mortgage;
• Providers of identity verification;
• Any disclosure required by law or regulation, such as the prevention of financial crime and terrorism; and,
• External auditors or our Regulators including but not limited to the ICO, the CLC, the SRA, CQS and the FCA;
• Business partners to provide services or products that you have requested or that may be of interest to you.

Data Transfers

In compliance with applicable laws, we may use, process, transfer, and share your data. We may combine this data with other information collected from publicly available information,
including third-party sources.

By using the PEXA UK Group Services, Websites or Platforms or by providing Personal Data tous, and subject to relevant consents (where required by UK PEXA Group), you acknowledge and
agree that Personal Data may be sent to and processed in countries outside your country of residence. These countries will include the jurisdictions of the ultimate parent company of the
UK PEXA Group and/or its subsidiaries, which includes Australia. These countries may also include jurisdictions that are locations for our business continuity, compliance and operational
resilience requirements e.g., for cloud and banking global service providers, and technology platforms.

We may also share data, including Personal Data, with regulators and between members of the UK PEXA Group, PEXA Australia and with Sub-Contractors to deliver the UK PEXA Group’s
Services, Websites or Platform. These Sub-Contractors include business partners, completion and delivery services, analytics providers, IT specialists and product developers. Sub-
Contractors are contractually bound to use and process Personal Data we share for the permitted purposes only, as well as use adequate technical and operational measures to
protect Personal Data from unauthorised access and use. Permitted purposes may include providing payment processing, verifying and authenticating identity, to prevent and detect
fraud, money laundering and other crimes, sanctions screening, document scanning, processing, and storage. Sub-Contractors may be located outside of the United Kingdom.

Some of the countries in which our Sub-contra tors or global service providers and other suppliers may not have data protection laws that provide an equivalent level of data protection
as the laws in the UK; however, we take all appropriate steps to ensure Personal Data is handled in accordance with applicable UK Data Protection Legislation. Where such transfers
occur, we ensure that appropriate safeguards are in place in accordance with UK Data Protection Legislation. These safeguards include the use of the UK International Data Transfer
Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or reliance on adequacy decisions where applicable.

Your Legal Rights

Under UK Data Protection Legislation, you have the following rights in relation to your Personal
Data, which we will always work to uphold. You have the right to:

(a) Withdraw Consent to Processing at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out
before you withdraw your consent. If you withdraw consent, we may not be able to provide certain services to you or permit you access to the UK PEXA Group Platforms or Services;

(b) Receive certain information about the Data Controller’s Processing activities, which is fulfilled by way of this Privacy Policy and our transparent explanation as to how we use your
Personal Data;

(c) Request access to your Personal Data that is held by the relevant member of the UK PEXA Group (commonly known as a “Data Subject Access Request”). This enables you to receive a
copy of the Personal Data we hold about you and to check that we are lawfully processing it;

(d) Ask us to erase Personal Data in certain circumstances. This enables you to ask the relevant member of the UK PEXA Group to delete or remove Personal Data where there is no good
reason for us continuing to process it. You will also have the right to ask the relevant member of the UK PEXA Group to delete or remove your Personal Data where you have successfully
exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note,
however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request;

(e) Request restriction of Processing your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data in one of the following scenarios:

(i) If you want us to establish the data’s accuracy;

(ii) Where our use of the data is unlawful but you do not want us to erase it;

(iii) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or,

(iv) You have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it;

(f) Object to Processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your Personal Data. In some
cases, we may demonstrate that we have compelling legitimate business grounds to process your information, which override your right to object.

(g) Request a copy of an agreement under which Personal Data is transferred outside of the UK;

(h) Object to decisions based solely on Automated Processing, including profiling (ADM);

(i) Prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else

(j) Be notified of a Personal Data Breach which is likely to result in high risk to your rights and freedoms;

(k) Make a complaint to the supervisory authority; and,

(l) In limited circumstances, request the transfer of your Personal Data to you or to a third party. We will provide you, or a third party you have chosen, your Personal Data in a structured, commonly used, and machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information
to perform a contract with you.

If you wish to exercise any of the rights set out above, please contact the Data Protection Officer (contact details provided above).

Change of Purpose

We will only use your Personal Data as outlined in this Privacy Policy. Any changes in the processing of your Personal Data for another purpose will be communicated to you and we will
also explain the legal basis which allows us to do so.

No Fee Usually Required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights referred to above). However, we may charge a reasonable fee if your request is clearly
unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Information We May Need From You

We may need to request specific information from you to help us confirm your identity andensure your right to access your Personal Data (or to exercise any of your other rights). This is a
security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your
request to speed up our response.

Time Limit to Respond

We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of
requests. In this case, we will notify you and keep you updated.

Protecting Your Personal Data

The Company processes Personal Data in a way that ensures its security, by using appropriate technical and organisational security measures. This is to protect against unauthorised or
unlawful Processing and protection against accidental loss, destruction, or damage. In addition, we limit access to your personal information to those employees, agents, contractors and other
third parties who have a business need-to-know. They are only permitted to process your personal information on our instructions, and they are subject to a duty of confidentiality. They
must also comply with their obligations under applicable data protection legislation. Details of these measures may be obtained by contacting the Data Protection Officer
at [email protected].

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
This will be done in line with our Data Protection Policy.

Withdrawing Consent

Where only consent is used to process your data you can withdraw that consent at any time. If you wish to do so or have any questions, please contact us using the information provided
above.

Please note that if you do withdraw your consent, we may not be able to provide our Services to you. We will let you know in writing if this is the case.If you no longer want to receive
marketing communications, you can withdraw your consent at any time by using the “unsubscribe” link in our e-mails, or by contacting us.

Where only consent is used to process your data you can withdraw that consent at any time. If you wish to do so or have any questions, please contact us using the information provided
above.

Please note that if you do withdraw your consent, we may not be able to provide our Services to you. We will let you know in writing if this is the case.If you no longer want to receive
marketing communications, you can withdraw your consent at any time by using the “unsubscribe” link in our e-mails, or by contacting us.

Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator responsible for data protection issues in the UK by
visiting https://ico.org.uk. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.

You can also contact the Information Commissioner’s Office for more information about your rights of access:

By Post

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9
5AF;

By Telephone 0303 123 1113 (local rate); or

By Fax 01625 524 510.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy at any time. We may also notify you in other ways from time to time about processing of your personal information. These changes will be
posted on the relevant UK PEXA Group’s website.