1.1 Peninsula Credit Fund 1 GP Limited (“Peninsula Credit”) or our manager Peninsula Credit Limited ("our, we or us") are committed to protecting our investors’ personal information. We have created this Privacy Policy to help you understand how we collect, use and protect your information. This policy is provided for your information and doesn’t limit or exclude your rights under the Privacy Act 2020.

1.2 This policy is current as at 26 November 2023. We may change this policy from time to time. If we make a significant change, we will make contact with you directly by email. For smaller changes, we will post a notice on our website. We recommend that you review this privacy policy on our website regularly.

2.1 In general, and depending upon the nature of your connection with Peninsula Credit (whether you are a borrower or investor), the type of personal information we collect and hold includes (but is not limited to):

• your name, addresses, contact details, date of birth, place of birth, tax identification number, tax residency status and citizenship;

• information about your bank account details and financial and personal circumstances, including your source of funds (in some cases evidence of this), and transactional and financial information relating to your user account;

• other information which assists us in conducting our business, providing and marketing our services and meeting our legal obligations.

2.2 Peninsula Credit may collect information that is not personal information (i.e. it is not attributable to you individually). The purpose of this is to ensure we can further develop existing services and investigate new services that enable us to better assist with your requirements. If we do combine non-personal information with personal information the combined information will be treated as personal information.

2.3 Internet protocol addresses from where visitors appear to originate may be recorded for security and system diagnostic purposes. This information may also be used in aggregate form to conduct website trend and performance analysis.

Peninsula Credit is required, in accordance with the Privacy Act 2020 to have a purpose and a legal basis for processing your personal data.

3.2 The information that we collect from you may be used by us for a number of purposes connected with your account:

• Processing your applications to acquire, transfer or dispose of units and options in the Peninsula Credit including meeting the requirements of the Anti-Money Laundering and Countering Financing of Terrorism Act;

• Assessing your loan application;

• To communicate to you as a security holder in Peninsula Credit, including providing quarterly and annual reports, updates and other information;

• Carrying out any activity in connection with our legal, governmental or regulatory requirement; and

• For general administrative and business purposes.

3.3 We collect this information primarily to enable us to provide the services required by you.

4.1 To process your personal data, we will rely on several different legal bases depending on the purpose of the processing, such as where:

• We have a legal or regulatory obligation to process your personal data, such as performing checks for the prevention of financial crime;

• We have a legitimate business interest to process your personal data which is not overridden, or unbalanced compared to your interests and/or fundamental rights and freedoms;

• You have given us your consent to send you marketing information or to process special category data relating to you.

5.1 Peninsula will only send you marketing communications where you have given us your explicit consent. This can be managed through our preference centre (the link is provided in relevant emails) where you may withdraw this consent at any time. If you have any questions, please contact contact@peninsulacredit.co.nz.

6.1 The right to be informed

• You have a right to know what personal data we hold about you, for what purpose and how we process it, as detailed in this Privacy Policy.

6.2 The right of access and data portability

• You have the right to access the data that Peninsula Credit holds on you and request a portable version of this data.

6.3 The right to rectification

• You have the right to have inaccurate personal data rectified, or incomplete data completed respectively.

6.4 The right to object

• You have the right to object to the processing of your personal data when this is based on legitimate interest, including profiling. You also have the right to object to the processing of your personal data for marketing purposes.

6.5 Complaints

• Should you have any complaints about how we process your personal data, you can make a complaint by emailing us at contact@peninsulacredit.co.nz.

• You may seek to exercise any of these rights by emailing us at contact@peninsulacredit.co.nz.

7.1 Peninsula Credit is required to retain certain data records to comply with the Financial Markets Authority (FMA) general recording keeping requirements. In general, we are required to retain data for at least seven years.

7.2 Your personal information may be transferred or disclosed to third parties.

7.3 This enables us to provide services to you and to discharge our obligations to third parties, including relevant government agencies and regulators. Such third parties may also have their own data retention periods.

8.1 For the purposes of the Agreement, we are required to share your information with third parties, the situations in which we share this information are detailed below:

• Regulatory bodies to comply with our legal obligations;

• Fraud prevention agencies, and other organisations in order to detect and prevent financial and other crime;

• Suppliers, where necessary for the performance of the contract.

8.2 We may also share your personal information with certain suppliers when we have a legitimate interest to do so, or your explicit consent, as detailed below:

• Data, service and software providers to help improve, develop and maintain our products and website (which may include, for example customer data modelling or statistical and trend analysis);

• Data, service and software providers to provide you with an interest-based web journey.

8.3 We will endeavour to anonymise your data and minimise the amount of your data we share with these third parties, where possible. Prior to sharing any of your personal information with these suppliers we will ensure the appropriate contractual, technical and organisational measures are in place to safeguard your personal information.

8.4 All of our suppliers and partners who we may share your data with are compliant with the New Zealand Privacy Act, or an equivalent international standard.

8.5 We will not sell or lease your personal information to third parties.

9.1 We are committed to ensuring that your data is retained securely by us. In order to prevent unauthorised access to or disclosure of your data, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we collect.

9.2 Using the internet comes with risks, we cannot guarantee that any information sent to us by email or via our website will not be intercepted or tampered with. Any communications are sent at your own risk.

10.1 What are cookies?

• A cookie is a small text file that is placed on your computer or mobile device when you visit our website or mobile app. There are two main types of cookies, persistent cookies (that remain on your hard drive and your browser for an extended period of time) and session ID cookies (that expire when you close your browser). We have categorised the cookies we use by function, along with a short description of each, below.

10.2 What cookies do we use?

• Necessary Cookies: Necessary cookies are essential to the website and mobile app functionality. These cookies enable you to navigate our website, use their features and avail of our services effectively. They also help us maintain our website services. As these cookies are essential to website functionality, disabling all cookies on kōura.co.nz will mean that our website may not be fully functional.

• Functionality and Analytical Cookies: These cookies collect information about how visitors use our website, allowing us to provide you with a more enhanced and personal experience when using our website and services. They also allow us to perform analytics (such as gathering data about the number of visits to, and the time spent on, our site), remember user preferences (such as your username and password) and provide certain content services (such as enabling you to watch videos). We also use other tracking technologies like web pixels (sometimes called “tracking pixels”). These are tiny graphics files that contain a unique identifier, enabling us to recognise when someone has visited our website or opened an email that we have sent them.

• Targeted Advertising Cookies: Targeted advertising cookies enable us to deliver advertising and marketing that is relevant to you, and also allow us to limit the number of times you see certain advertisements. These cookies are also used to analyse how effective some of our advertising campaigns are by tracking users’ clicks.

10.3 How can you control cookies?

• Peninsula Credit use both essential and tracking cookies on our website, which are mainly persistent cookies unless labelled as session only. You can accept or reject cookies by amending your web browser controls.

11.1 Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and review the privacy statement applicable to the relevant website.

12.1 We have a Privacy Officer. Our Privacy Officer is responsible for ensuring the organisation complies with the Privacy Act, dealing with any complaints about possible privacy breaches and requests for personal information, or correction of personal information. If you believe your privacy has been compromised or we’ve breached the Privacy Act or a Code of Conduct and you would like to make a complaint, you can complain to our Privacy Officer via email (emma@peninsulacredit.co.nz) and we will do our best to help resolve any issue you may have.

13.1 Peninsula must report any serious privacy breaches to the Office of the Privacy Commissioner. A serious breach is one that poses a risk of harm (e.g. leaked personal information is published online or used to facilitate identity theft). Where a serious breach occurs, we will also notify the people whose information was affected.

13.2 Breach notifications to the Office of the Privacy Commissioner can be made by email, telephone or by using their online enquiry form: https://www.privacy.org.nz/privacy-for-agencies/privacy-breaches/