Privacy Notice and Cookies

Introduction

This privacy notice sets out how Berisfords Ltd (“the Company”, “We”) may process and store Personal Data in relation to natural
persons who are customers, sales prospects, suppliers in their own right or persons who represent them; together with visitors
to the Company’s website (“You”).

Personal Data is data which by itself or with other data available to the Company can be used to identify natural persons.
The Company is the data controller and processor except where indicated otherwise. It is registered with the UK Information
Commissioner’s Office, reference Z4713299. You can contact the Company’s Data Protection Manager at Berisfords Ltd, PO Box 2,
Thomas Street, Congleton, Cheshire CW12 1EF

Type and source of Personal Data

The Company may collect certain Personal Data from You in the ordinary course of business. Much of this data will be provided
by You such as your contact details including name, trading and email addresses, telephone/mobile numbers and possibly bank or
payment card details. In conjunction with this data, the Company sources information already in the public domain or pays for
such data from agencies who research and analyse public information e.g. for credit vetting or market research purposes.
Other Personal Data is collected when You visit the Company’s website including internet protocols (“IP” addresses)
and browsing history through use of “cookies” (see relevant section below).

Reasons for collecting Personal Data (see also Legal Basis)

The Company would primarily use your Personal Data to facilitate and execute our contract with You where You trade in your
personal capacity or are acting as a representative of an incorporated company or other organization. We may use Personal Data
for direct marketing communications and related profiling to help us maintain and improve our product range. The provision of
such data is to directly and/or indirectly facilitate trade with You and to promote the business interests of the Company in
general. We’ll tell You if providing Personal Data is optional, including if we ask for your consent to retain and process it
for example in relation to e-marketing

Legal Basis for processing Personal Data

The Company relies on one or more the following legal bases:

• Contract: To take steps to enter into contract and manage/perform a contract with You, records are created which may include Personal Data;
• Legitimate Interests: Processing is necessary in pursuance of the legitimate interests of the Company, except where such interests are overridden by your interests;
• Consent: You have given clear consent to the use of Personal Data for a specific purpose;
• Legal obligation: To comply with the law (not including contractual obligations).

The Company relies on Legitimate Interests in relation to Personal Data collected from use of its website or where
it has been sourced directly or purchased from third parties. It will use this data for marketing and prospecting
purposes in order to promote brand awareness and improve sales. It will also employ tracking analytics on its website
to improve the site’s profile and user experience. These activities are considered both legitimate and necessary to
further the business. Personal data used for marketing/prospecting purposes will be deployed in a targeted way and be
confined to the business environment. This will be achieved through segmentation of markets, prospects and by identification
of persons with responsibility for purchasing and design within these organizations. Use of Personal Data in this context
should not be obtrusive, excessive or prejudicial to You. As such, the Company believes its legitimate interests are
not overridden by those of the individual.

Disclosure of Personal Data

We may share Personal Data with a limited set of partners including our sales agents, sub-contractors, suppliers,
employees in group companies* payment systems such as BACS and professional service firms such as our auditors and
credit insurers. The provision of such data is to directly and/or indirectly facilitate trade with You and to promote
the business interests of the Company in general. In such circumstances, the Company role will be as a data controller
and its agents act in the capacity of data processor.

When you visit our website your IP address is supplied to our data analytics agency. Their software collects business
IP addresses and matches this with wider data held in the public domain such as on social media and company registers
to identify key decision makers in organisations that have shown an interest in the Company’s web site. Data collected
also leverages off the use of cookies (see relevant section below). This data provides the Company with analysis to assist
it with effective lead generation. The data is not transferred or sold on by the agent to other third parties.

The Company will not provide Personal Data to any third parties for the purpose of unrelated direct marketing by them.

The Company may disclose Personal Data to competent authorities, law enforcement agencies or the courts as required
by law or where We have a reasonable expectation that disclosure will be required by them. Disclosure may also take
place in connection with actual or prospective legal proceedings against the Company. It may also be necessary to
invoke the Legitimate Interest basis to disclose Personal Data to a prospective purchaser of the Company, its trade
or on transfer of rights and obligations under any agreement with You.

It is not envisaged that your Personal Data shall be transferred outside of the European Economic Area (“EEA”)
other than on a strict “need to know” basis to management and employees of group companies*.

Personal Data may be disclosed in an emergency or otherwise to protect your vital interests.

group companies relate to those undertakings that form part of the Kuny Group, whose parent undertaking is Benken Holding AG, a company incorporated in Switzerland.

Security of Personal Data

The Company will make reasonable endeavors to ensure Personal Data is stored securely by the Company. However,
data sent by the use of none encrypted emails or none encrypted internet connections as a mode of communication is
inherently insecure and as a consequence the Company cannot guarantee security of data transmitted in this way.

Personal Data in relation to You shall be stored on applications hosted on the Company’s local servers. Our systems
are secured through protocols including password protection, appropriate encryption, layered firewalls and anti-virus
protection. Firewalls will be subject to periodic vulnerability scanning and penetration testing. The Company does not
employ home or mobile workers with access to Personal Data and the use of mobile devices is minimal with appropriate
control settings.

As the Company does not currently operate an e-commerce website, access passwords and user details are not required from You.

Retention of Personal Data

The following retention criteria shall be applied to your Personal Data:

• Retention in case of supply of product: We will retain Personal Data for as long as is reasonably required to transact and settle current product trades, deal with queries and resolve any claims made against the Company;
• Retention on grounds of a Legitimate Interest: For as long as the Company has reasonable business needs or expectations such as management of our business relationship with You;
• Retention on grounds of a legal obligation: We will retain your Personal Data after your account is closed (or otherwise come to an end) for as long as required by law.

Automated Decision Making

Automated Decision Making involves the processing of Personal Data in order to make a decision without human intervention.
The Company does not engage in this kind of decision making and has no plans to do so.

Marketing Preferences

The Company will use the post, email or telephone to contact You for marketing purposes in accordance with your
registered preferences. We will not contact You through Social Media channels such as Facebook, by texting or via
messaging platforms.

Cookies

A cookie is a small file, typically of letters and numbers, which is put on your computer or mobile device’s hard
drive when You visit a website. Cookies allow the website to recognize your device and browsing history.
Cookies can be broadly grouped into two types: (1) those that are strictly necessary and usually session based and
(2) analytical/performance based cookies, which are usually persistent and set up to recognize your return to the website.
The former are essential to enable You to move around the site and use its features. These session cookies are stored
on your device temporarily as they are erased when You exit your web browser. Analytical/performance based cookies
allow the Company to recognize and count visitors and see how they move around the web site. This provides useful
tracking analytics to help the Company improve site content as well as ensuring that You optimize your experience of our site.

When You visit our website You are asked to consent to the use of cookies.

As explained above, cookies help You get the most from your website visit, however you can set up your browser to disable them.
More information on how businesses use cookies can be found at third party websites such as www.allaboutcookies.org.
If you access from more than one computer or mobile device ensure each browser is appropriately configured.

Your Rights under Data Protection Law

You have the following rights:

• The right to be informed about the processing of your Personal Data;
• The right to have your Personal Data corrected if it is inaccurate or completed where it is shown to be a partial record;
• The right to object to processing of your Personal Data or to restrict the processing of it;
• The right to have your Personal Data erased (the “right to be forgotten”);
• The right to request access to your Personal Data and obtain information about how We process it;
• The right to move, copy or transfer your Personal Data (“data portability”)
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the UK Information Commissioner’s Office, which enforces data protection laws:
https://ico.org.uk/. You can contact the Company using the details below or at the address given in the introduction.

Third Party Websites

The Company’s website may contain links to other third party websites and no responsibility can be accepted in
relation to their privacy practices including those for links to social media organisations. This is relevant
because our website includes “social buttons” which allow you to share contents or bookmark our site through social media.

Updating Your Data

Please let us know if the Personal Data You have supplied needs to be corrected or updated by emailing
office@berisfords-ribbons.co.uk.

Amendments to this Privacy Notice

We may change this privacy notice from time to time by updating this page in order to reflect changes in the law
and/or our privacy practices. You should check this Privacy Notice for changes whenever You visit our website.