Last Reviewed: June 1, 2022

ACORE Capital, LLC (“ACORE Capital” or “we” or “us”) respects the privacy of visitors to the websites owned and operated by ACORE Capital (the “Site”). This Privacy Policy describes how and when we collect, use and disclose Personal Information collected from visitors to our Site (“you”). Capitalized terms not defined in this Privacy Policy have the meanings set forth in the Terms of Use available at https://www.acorecapital.com/terms-of-use. Please review this Privacy Policy carefully. By providing your Personal Information to us through the Site, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, do not access the Site or otherwise use the services.

California Consumer Privacy Act\ The California Consumer Privacy Act of 2018 (“CCPA”) became operative on January 1, 2020 and creates a variety of privacy rights for California consumers. This notice makes disclosures required by the CCPA to California consumers regarding any collection, use, disclosure, and/or sale of their personal information and their rights thereof.

Collection of Personal Information

The information we collect depends on how you interact with our company and the purpose for which you come into contact with our company. The information we have collected over the preceding 12 months may have included the following:

Website Visitors

Depending on how you choose to use the Site, we may need you to provide the following information:

• to contact us - name, address, e-mail address, telephone number and other contact details along with any other information you choose to provide;
• to login to our client/investor portal - username and password.

For information on technology and cookies used on the Site, see the section entitled “Use of Technology and Cookies” below.

Office Visitors and Callers

When you visit ACORE offices or telephone certain ACORE employees, we may collect certain personal information such as:

• name, organization and other contact details;
• date and time of your visit to ACORE offices.

Third-Party Service Providers, Vendors and Suppliers

In the process of engaging third-party service providers, vendors and suppliers, ACORE may collect certain personal information about them and/or about their individual representatives and associates including:

• name, job title, telephone number, email address and other contact details;
• the name of the third-party service provider, vendor or supplier with whom you are associated and its address; and
• information required to process payments, such as a tax I.D. number and wire instruction details.

We may also collect personal information about you from companies who maintain anti-money laundering and terrorism sanction screening and know your customer databases.

Recruitment

When you submit a job application through our website or a third-party website for an open job position, we will process your personal information for purposes of recruitment.

Business Contacts and Prospective Clients and Investors

ACORE may collect personal information about individuals or representatives of organizations with whom ACORE has a business relationship (or with whom ACORE seeks to establish a business relationship), as well as prospective clients and investors. Such information may include:

• name, address, telephone number, email address and other contact details;
• organization name and address, job title; and
• investor type, strategy, product and communication preferences (if you choose to receive marketing communications, you will have the option to opt out of receiving such communications at any time by contacting us or unsubscribing via a link in the particular communication).

Use of Personal Information

Your personal information may be processed: (i) in order to comply with our legal and regulatory obligations; (ii) because we need the information for reasons of substantial public interests or in order to comply with our obligations under contract; and/or (iii) because we have a legitimate business or commercial interest in processing it, such as for the following purposes (as applicable):

• to respond to your questions and handle and resolve complaints;
• to perform research with respect to the usage of the Site
• to fill open job positions as part of a recruiting process;
• to maintain the security of our premises, personnel, assets, systems and intellectual property and to manage access to our premises and our disaster recovery procedures
• in order to comply with our obligations in connection with record-keeping requirements and applicable anti-money laundering, anti-corruption and bribery, terrorism financing rules, sanctions, and the prevention and detection of crime or other applicable laws or regulations of jurisdictions in which ACORE conducts business
• to maintain and provide appropriate management of our relationship with you;
• to exchange mail correspondence or documentation which may involve providing your contact details to couriers and service providers in charge of the delivery service;
• to engage your services in the future
• to contact you to set up meetings and/or phone calls between you and your ACORE business contact(s); and/or
• to send marketing communications about ACORE to you.

Sharing and Transfer of Personal Information

The categories of personal information we have collected about you as described in the section titled Collection of Personal information, may have been shared, over the last twelve (12) months, with the following categories of recipients:

• ACORE affiliated entities;

• third-party service providers, vendors, contractors, and agents of ACORE as part of normal business operations, including providers:

• engaged to assist in know your customer and identity verification and anti-money laundering and terrorism screening (applicable to third-party service providers, vendors and suppliers);

• of accounting, banking and other data processing services;

• of information technology services and platforms/applications;

• of courier services or other package delivery services;

• of call recording and storage services (applicable to office callers);

• third-party outsourcing providers;

• building security personnel (applicable to office visitors);

• third parties acting on your behalf such as consultants and other agents;

• governmental authorities and/or law enforcement officials where required;

• financial institutions to wire payments to you (applicable to third-party service providers, vendors and suppliers);

• advisors who provide audit, financial and legal advice to ACORE; and

• other parties to a merger, acquisition, reorganization, funding/investment round or similar transaction or proceeding involving ACORE, or steps in contemplation of such activities

ACORE may also disclose your personal information to particular parties pursuant to your express consent, to fulfill your instructions, to comply with applicable laws and regulations or to fulfill other applicable requirements.

Personnel employed by service providers generally may have access to your personal information that is necessary to perform a business purpose for ACORE but are contractually prohibited from using such information for other purposes.

We have not in the preceding 12 months, and will not, sell personal information collected about you, including the personal information of minors under 16 years of age.

ACORE follows generally recognized industry standards for consumers with disabilities, please reach out to DataPrivacyTeam@ACORECapital.com for additional details.

Safeguarding of Personal Information

ACORE maintains established internal policies and procedures as well as physical and electronic safeguards that comply with applicable standards to safeguard access to personal information in our possession from accidental or unlawful destruction, loss, alteration, unauthorized use or disclosure. We endeavor to limit access to personal information about you to those employees, agents and other authorized parties who need to know the information to enable ACORE to provide products or services to you. Please note that such safeguards, however, do not guarantee that personal information transmitted via the Internet or stored in our systems or is otherwise under ACORE’s care will be absolutely safe from unauthorized use or intrusion from third parties due to the inherent nature of the Internet.

Your Rights

The rights described in this paragraph are applicable to you only if you reside in a jurisdiction where the provision of such rights is required by the data protection and privacy laws and regulations of the governing regulatory authority. As such, where required by applicable law or regulation, you may ask ACORE for a copy of your personal information, to correct it, to erase it or to transfer it to other organizations. You may also have rights to object to some processing and, where we have asked for your consent to process your personal information, to withdraw this consent. In particular, you have rights to object to direct marketing at any time.

You should also be aware that these rights may be limited (for example, access to personal information may be denied if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information). In addition, ACORE may be able to retain data even if you withdraw your consent, where we can demonstrate that we have a legal requirement to process your personal information. Where we must collect and process personal information in order to comply with applicable law or enter into and perform services under an agreement with you, if you do not provide the personal information we may not be able to enter into the agreement or provide services as contemplated by any agreement we have in place. Where we are not able to fulfill a request you make because your rights are limited, we will inform you of the reasons as to why when responding.

Depending on the type of personal information processing described in this Privacy Policy, we may be operating as a sole or joint controller. If operating as joint controllers, the entities jointly determine the means and purposes of the processing of your personal information. However this has no impact on your rights and how you can exercise them against either of the joint controllers by contacting us as set out below.

Should you have any questions or requests in relation to your rights, please email DataPrivacyTeam@ACORECapital.com. We will attempt to deal with all requests at the earliest opportunity. In addition, if you have unresolved concerns you have the right to complain, where permitted, to competent data protection authorities.

If you are a California resident you may have the following rights, including the right to be informed in this privacy policy of these rights, under the California Consumer Privacy Act of 2018 (the “CCPA”) in relation to “personal information” we have collected about you as defined in the CCPA. These rights are, to the extent required by the CCPA and subject to verification and any applicable exceptions:

Right to Know/Access: You have the right to request that we disclose certain information to you about our collection, use, and disclosure of certain personal information about you as described below:

• the specific pieces of personal information collected;
• the categories of personal information collected;
• the categories of sources from whom the personal information is collected;
• the business or commercial purpose for collecting the personal information; and
• the categories of third parties with whom we have shared the personal information.

Right to Delete: You have the right to request that we delete the personal information we collect from you.

To request your exercise of the rights described above, please submit a request to us by:

• Click here to submit a webform request
• Or email us at DataPrivacyTeam@ACORECapital.com
• Or send a hard copy request to the below:\ Katrina Sweezea\ Chief Compliance Officer\ ACORE Capital\ 80 E. Sir Francis Drake, Suite 2A\ Larkspur, CA 94929

Freedom from Discrimination: You have the right to be free from unlawful discrimination for exercising any of the rights above.

We will need to verify your identity prior to addressing your request. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to personal information collected about you. The authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.

Use of Technology and Cookies

Technology

When you visit our Site or open our emails, we may collect certain information by automated means (such as by cookies, web server logs, web beacons and JavaScript). The information we may collect in this manner includes your IP address, network location, browser characteristics, device characteristics, operating system, referring URLs, information on actions taken on our Sites, and dates and times of website visits. We also may use these and similar technology in emails we send you to collect certain information, such as whether you opened or clicked on links in our email.

We may use third-party web analytics services on our Site. These service providers help us analyze how visitors use the Site. The information obtained for this purpose (including your IP address and other information collected by automated means) may be disclosed to or collected directly by these service providers.

The providers of third-party plugins and widgets on our Site, such as embedded videos and social media sharing tools, may use automated means to collect information regarding your use of the Site and your interactions with the plugins and widgets. This information is subject to the privacy policies or notices of the providers of the plugins and widgets.

Links to Third-Party Websites

The Site may contain links to third party websites which, in some cases, may be integrated into, and appear to be part of, the Site. ACORE encourages you to read the privacy policies of other websites you link to from this website and disclaims any responsibility for the privacy policies and procedures of any third party websites that you reach via a hyperlink contained on this Site. Such hyperlinks are provided for your convenience only, and you access them at your own risk.

Children’s Online Privacy Protection Rule (“COPPA”)

This Site is not provided for individuals under the age of 13, and we do not knowingly collect personal information from children under the age of 13. In the event that we learn that we have collected personally identifiable information from a user of the Site that is under age 13 without verification of parental consent, we will delete that information where reasonably possible.

Updates to this Privacy Policy

This Privacy Policy is effective as of the “Last Reviewed” date stated at the top of this Privacy Policy. It may be necessary from time to time for us to modify this Privacy Policy to reflect changes in the way we collect and use information or changes in privacy-related laws, regulations, and industry standards. Accordingly, we reserve the right to change this policy at any time by posting the revised policy on this Site and updating the “last reviewed” date at the top of this page. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances. We encourage you to refer to this Privacy Policy on an ongoing basis so that you understand our current privacy policy. If revisions to the Privacy Policy are unacceptable to you, you must cease using this Site.