Data Protection & Confidentiality Policy

EFG-HUB Technologies

---

1. Purpose

This Policy establishes the principles, rules, and controls governing the collection, processing, storage, protection, disclosure, and confidentiality of data within EFG-HUB Technologies and all its divisions. It ensures compliance with applicable data protection laws and reinforces trust with investors, partners, clients, employees, and stakeholders.

2. Scope

This Policy applies to:

• The Founder, Board Members, Executives, Employees, Consultants, and Contractors
• All divisions of EFG-HUB Technologies
• All forms of data, whether digital, physical, verbal, or recorded

Including but not limited to:

• Personal Data
• Confidential Business Information
• Financial, legal, and strategic data
• Intellectual Property and proprietary content

3. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Confidential Information: Non-public information that could harm EFG-HUB or its stakeholders if disclosed
• Data Subject: Any individual whose data is processed
• Processing: Any operation performed on data (collection, storage, use, transfer, deletion)

4. Data Protection Principles

EFG-HUB Technologies adheres to the following principles:

1. Lawfulness & Fairness – Data is processed legally and transparently
2. Purpose Limitation – Data is collected only for defined business purposes
3. Data Minimization – Only necessary data is collected
4. Accuracy – Data is kept accurate and up to date
5. Storage Limitation – Data is retained only as long as required
6. Integrity & Confidentiality – Data is protected against unauthorized access, loss, or misuse
7. Accountability – Management ensures compliance at all levels

5. Categories of Protected Data

• Founder & Shareholder Information
• Investor & Partner Documents
• Financial Records & Bank Information
• Employee & Contractor Records
• Client & User Data
• Trade Secrets, Intellectual Property, and Strategic Plans
• Media, Training, and Platform Content

6. Confidentiality Obligations

All covered persons must:

• Treat all confidential information as strictly private
• Not disclose data without proper authorization
• Use data solely for legitimate EFG-HUB business purposes
• Maintain confidentiality during and after engagement with EFG-HUB

Breach of confidentiality may result in:

• Disciplinary action
• Contract termination
• Legal liability

7. Data Access & Authorization

• Access is granted strictly on a need-to-know basis
• Sensitive data access requires written authorization
• Investor and partner access is controlled via NDAs and data room permissions
• All access rights are reviewed periodically

8. Data Security Measures

EFG-HUB implements appropriate technical and organizational safeguards, including:

• Secure servers and encrypted storage
• Password-protected systems and role-based access
• Secure physical document storage
• Watermarking of confidential documents
• Controlled data rooms for investors and partners

9. Data Sharing & Disclosure

Data may only be shared:

• With explicit authorization
• Under signed Non-Disclosure Agreements (NDAs)
• When legally required by regulators or courts
• With trusted service providers bound by confidentiality obligations

EFG-HUB does not sell or trade personal data.

10. Cross-Border Data Transfers

• Adequate data protection safeguards must be in place
• Transfers must align with applicable UAE data protection laws
• Investor and partner confidentiality standards must be respected

11. Data Retention & Disposal

• Data is retained according to legal, regulatory, and business needs
• Confidential data is securely destroyed when no longer required
• Disposal methods prevent recovery or reconstruction

12. Data Breach Management

• Immediate containment and assessment
• Notification to senior management
• Legal notification to affected parties and authorities where required
• Corrective actions to prevent recurrence

13. Founder & Board Oversight

The Founder & Chairman, together with senior management, holds ultimate responsibility for policy enforcement, compliance oversight, and strategic data protection decisions.

14. Compliance & Enforcement

Non-compliance may result in:

• Internal disciplinary measures
• Contractual penalties
• Civil or criminal liability under applicable laws

15. Policy Review

This Policy is reviewed periodically and updated to reflect regulatory changes, business expansion, and technological developments.

16. Governing Law

This Policy is governed by the laws and regulations of the United Arab Emirates, without prejudice to applicable international data protection standards.

---

Official Statement

EFG-HUB Technologies is fully committed to protecting data, preserving confidentiality, and maintaining the highest standards of integrity, trust, and institutional governance.