Privacy Notice

---

We at Goneke Investment Group Proprietary Limited, (“GIG“), respect your concerns about privacy. This Privacy Notice describes how we process the Personal Data:

• that we collect on Goneke.com, or any of our pages that are accessible through Goneke.com , and other websites or applications that may link to this Privacy Notice (the “Sites“);
• where you visit our premises;
• where you are a contact at one of our suppliers or other business partners; and
• through other data collection points or notices that reference this Privacy Notice.

We provide information on the types of Personal Data we collect, how we use the information, with whom we may share it and the choices available to you regarding our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices. “Personal Data” has the meaning given to it under data protection laws that apply to our processing of your information and includes any information that relates to, describes, identifies or can be used, directly or indirectly, to identify an individual, such as name, address, date of birth, personal identification numbers, sensitive personal information, and economic information).

The types of information we collect concerning individuals includes:

• business and personal contact information (such as name, postal and e-mail addresses, and telephone number);
• demographic information, such as age, race, gender, and citizenship;
• account information, including login credentials for our Investor Portal and on our career site;
• financial and other information you provide in connection with our Investor Portal at goneke.com, such as date of birth, banking information, account numbers, taxpayer ID number, jurisdiction of tax residence, and certain investment-related information;
• government-issued identifiers and other information we need in order to identify you and complete necessary security and safety checks, including in connection with our products and services and where you visit our premises;
• CCTV footage on our premises for the purposes of safeguarding our customers and employees and our facilities and property;
• content (and related information) in connection with your electronic communications with us or our service providers (including by e-mail or other forms of electronic communication);
• professional details and employment data in connection with job inquiries or applications on our careers pages, such as resume/CV, current or past employment history, performance-related information (e.g., performance evaluations), talent management information (e.g., education history, professional designations, qualifications and other information about your background) and work authorization status;
• voluntary information you provide in connection with job inquiries or applications on our careers pages, including information about your political contributions (not applicable if you are based in the European Union or the United Kingdom), and diversity-related information, such as gender, race/ethnicity, sexual orientation, veteran status and disability status;
• information from third-party data providers and publicly available sources for compliance with anti-money laundering obligations, background screening and to otherwise protect our business and comply with our legal and regulatory obligations;
• information from our charitable foundation, such as details relating to your involvement with our philanthropic and charitable causes, and your charitable contributions;
• information relating to your participation in our programs and other related or similar events or workshops;
• information from organizations that you represent and with which we have a business relationship, such as your business contact details or details of your role at the organization; and
• other information you provide to us (such as information provided by registering for e-mail alerts, filling in forms, and online registration details).

If you provide information to us about another person, you should ensure that you provide that person with this Privacy Notice and comply with any legal obligations that may apply to your provision of the information to us.

When you visit our Sites or open our e-mails, we may collect certain information by automated means (such as by cookies, web server logs, web beacons and JavaScript). The information we collect in this manner includes your IP address, network location, browser characteristics, device characteristics, operating system, referring URLs, information on actions taken on our Sites, and dates and times of website visits. Cookies are files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings on your device – please see our Cookie Policy for information about what cookies are and how we use cookies and similar technology. We also may use these and similar technology in e-mails we send you to collect certain information, such as whether you opened or clicked on links in our e-mail and what content was interesting to you..

Our Sites may use cookies (such as HTTP, HTML5 and Flash cookies) as well as other types of local storage (such as browser-based or plugin-based local storage). Some of these cookies may be placed by third parties such as our service providers. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. You also may be able to delete your Flash cookies or adjust your Flash cookie settings by visiting the Adobe Flash Website Storage Settings Panel and Global Storage Settings Panel. Please note, however, that without cookies you may not be able to use all the features of our Sites or other websites and services.

In conjunction with gathering information through cookies, our web servers may log information such as your device type, operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone in which your device is located. We also may record information such as the address of the web page that referred you to our Sites and the IP address of the device you used to connect to our Sites. We may log information about your interaction with the Sites, such as which pages you visit. To control which web servers collect information by automated means, we may place tags on our web pages called “web beacons”, which are small files that link web pages to particular web servers and their cookies. We also may send instructions to your device using JavaScript or other computer languages to gather the sorts of information described above and other details about your interactions with the Sites.

We may use third-party web analytics services on our Sites, such as those of Google Analytics. These service providers help us analyze how visitors use the Sites, including attributing site interactions to known contacts who have subscribed to receiving communications from us. The information processed for this purpose (including your IP address, CRM ID/BX ID and other information collected by automated means) may be disclosed to or collected directly by these service providers. To learn about opting out of Google Analytics, please click here.

The providers of third-party plugins and widgets on our Sites, such as embedded videos and social media sharing tools, may use automated means to collect information regarding your use of the Sites and your interactions with the plugins and widgets. This information is subject to the privacy policies or notices of the providers of the plugins and widgets.

Information about our cookie practices is available here.

We may use, disclose or otherwise handle the information described in this Privacy Notice for the following purposes to:

• operate, evaluate, develop, promote, and improve our business (including developing new products and services; enhancing, improving and analysing our products and services; managing our communications; managing our premises; and performing accounting, auditing and other internal functions);
• create and manage your account;
• manage your investments;
• comply with and enforce applicable legal requirements, relevant industry standards and our policies, including our Terms and Conditions of Use;
• protect against, identify and prevent fraud, money-laundering, breach of confidence, cyber attack, theft of proprietary materials, financial or business crimes, and other unlawful activity;
• in some cases, in order to operate, administer and improve the user’s experience of the Sites;
• provide our products and services to you, such as market commentary and e-mail alerts;
• send you (or produce) promotional materials, newsletters and other communications, including in visual and audio form (such as videos, podcasts and seminars);
• communicate with you about, and administer your participation in, special events, programs, promotions, offers, surveys and market research;
• respond to your inquiries;
• manage your employment application, assess your qualifications and manage your employment with us –please see our Job Applicant Privacy Notice for full information about how and why we use your Personal Data in this context;
• comply with US Equal Employment Opportunity reporting requirements and similar legal and compliance obligations – note that Goneke will not consider any voluntary information you provide in connection with a job inquiry or application or your choice to decline to provide such information in evaluating your qualifications for employment;
• verify your information;
• perform data analyses (including market and consumer research, demographic analyses and anonymization and aggregation of information);
• operate, schedule and facilitate online meetings, webinars and (video) conferences (for example, using Zoom and other online meeting platforms);
• record and monitor details and content of your electronic interactions with us or our service providers, to the extent permitted or required by applicable law; and
• facilitate and administer your participation in the LaunchPad program and related events or workshops;
• record audio and video content (for example, of our in-person or online events, training, and meetings where permitted by, and collected in accordance with, applicable data protection law).

In addition, we use information collected through cookies, web beacons, web server logs and other automated means for purposes such as (i) customizing our users’ visits to our Sites, (ii) delivering content tailored to our users’ interests and the manner in which our users browse our Sites, and (iii) managing our Sites and other aspects of our business.

CCTV operates in some of our buildings for security and safety purposes, in accordance with applicable data protection law. Where CCTV is not operated by us, the CCTV will be under the control of the relevant building landlord, manager or operator.

We may also use the information in other ways for which we provide specific notice at the time of collection.

We will only process your Personal Data as necessary so that we can pursue the purposes described above. Where we process your Personal Data for our legitimate interests as a business or those of a third party, we do so only where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest in pursuing those purposes.

When we collect Personal Data from you, unless indicated otherwise, if we ask you for information, we need it for our business or compliance purposes. In limited circumstances, we are required to collect Personal Data to comply with a legal obligation and/or might ask you to provide information which is purely voluntary; in either case, this will be indicated to you.

If you are a former employee, worker, contractor or member of Goneke, we will continue to process your Personal Data for a reasonable period following the end of your employment or engagement for our legitimate business and/or our legal compliance purposes and/or for the establishment or defense of a legal claim. 

Further, in some instances, we may process your data to perform our obligations under the contract between us (e.g., to pay you your final salary payment after your termination date). We only carry out such processing where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interests in pursuing those purposes. Your data will be retained and deleted in accordance with our retention policies and procedures (as discussed further below).

We and third parties acting on our behalf (such as Facebook, Twitter and LinkedIn) may collect information about your online activities over time and across third-party websites to provide you with advertising about products and services tailored to your interests. Where required by applicable law, we will obtain your consent for the processing of your Personal Data for direct marketing purposes. 

If you do receive direct marketing communications from us (for example, by post, e-mail, fax or telephone), you may opt-out by clicking the link in the relevant communication, completing the forms provided to you (where relevant), or by e-mailing PrivacyQueries@Goneke.com.

You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our messaging to users by considering demographic data, users’ inferred interests and browsing context. These networks track users’ online activities over time by collecting information through automated means (such as by cookies, web server logs, web beacons and other similar technologies). 

The networks use this information to show ads that may be tailored to individuals’ interests, to track users’ browsers or devices across multiple websites or apps, and to build a profile of users’ online browsing activities. The information our ad networks may collect includes data about users’ visits to websites and apps that participate in the relevant ad networks, such as the pages or ads viewed and the actions taken on the websites or apps. This data collection takes place both on the Sites and on third-party websites and apps that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts and tailor content relevant to your interests.

The Sites are not designed to respond to “do not track” signals received from browsers. To learn how to opt out of ad network interest-based advertising, please visit www.aboutads.info/choices, http://www.networkadvertising.org/choices/ or http://www.youronlinechoices.eu/

We do not disclose Personal Data we obtain about you through the Sites or other channels covered by this Privacy Notice, except as described in this Privacy Notice. We may share your Personal Data with our affiliates and subsidiaries. Depending on the nature of our relationship with you, we also share Personal Data with service providers who perform services on our behalf (including cloud services), our financial and transaction counterparties, Philanthropic, charitable and advocacy partners, our professional advisors, and your agents and representatives. We do not authorize these persons to use or disclose the information except as necessary for the purposes for which it is provided or to comply with legal requirements.

We also may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities, regulators and/or other government entities and/or other competent authorities based on a lawful disclosure request, or (iii) when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We reserve the right to transfer Personal Data we have about you or otherwise process in the event that we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation).

In addition, we may share anonymous / aggregated information with third parties, such as service providers, in order to facilitate our business operations.

Information collected through third-party plug-ins and widgets on the Sites (such as information relating to your use of a social media sharing tool) is collected directly by the providers of the plug-ins and widgets. This information is subject to the privacy policies of the providers of the plug-ins and widgets, and Blackstone is not responsible for those providers’ information practices.

We may transfer the Personal Data we collect about you to recipients in countries other than the country in which the information was originally collected. Where you are based in the UK, the EU, or another country which imposes data transfer restrictions outside of its territory, this includes transfers outside of the UK and the European Economic Area (“EEA“) or that geographical area, including to those countries in which our affiliates, group members, service providers and business partners operate, such as the U.S. Those countries may not have the same data protection laws as the country in which you initially provided the information. 

Where we transfer Personal Data outside of the UK, the EEA, or other territories subject to data transfer restrictions to other members of the Blackstone group or our service providers, we will ensure that our arrangements with them are governed by data transfer agreements or safeguards, designed to ensure that your Personal Data is protected as required under applicable data protection law (including, where appropriate, under an agreement on terms approved for this purpose by the European Commission or by obtaining your consent).

We intend to keep your Personal Data accurate and up-to-date. We will delete the information that we hold about you when we no longer need it. We retain your Personal Data for as long as it is required by us for our legitimate purposes, to perform our contractual obligations, or where longer, such longer period as is required or permitted by law or regulatory obligations which apply to us.

We will retain your information in line with our retention policies and, in any event, for no longer than is necessary given the purpose for which it was collected, after which it will be deleted or anonymized.

Note that we may retain some limited information about you (even when we know that you have left the organisation that you represent) so that we can maintain a continuous relationship with you if and when we are in contact with you again.

We offer you certain choices in connection with the Personal Data we collect from you. To update your preferences or submit a request, please contact us as indicated in the “How to Contact Us” section of this Privacy Notice. To the extent provided by the law of your jurisdiction or otherwise applicable to our processing of your information, you may request access to the Personal Data we maintain about you or request that we correct, amend, delete or block the information by contacting us as indicated below. Where provided by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your Personal Data, and we will apply your preferences going forward.

These rights, subject to certain limitations, may include:

Rights of access, correction and deletion. You may have a right of access to the Personal Data that we hold about you, and to some related information, including the purpose for processing the Personal Data, the categories of recipients of that Personal Data to the extent it has been transferred internationally, and, where the Personal Data has not been collected directly from you, the source. You may also have the right to require any inaccurate Personal Data to be corrected or deleted.

Right to object, and portability. You can object to our use of your Personal Data for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your Personal Data (and require it to be deleted) in some other circumstances. In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or a third party, in a data portable format.

We review and verify requests to protect your Personal Data, and will action data protection requests fairly and in accordance with applicable data protection laws and principles.

If you wish to exercise any of these rights, please contact us as set out below.

Complaints. You can also lodge a complaint about our processing of your Personal Data with the body regulating data protection in your country. The contact details for the regulator in your jurisdiction can be found here.

If you are a California consumer, for more information about your privacy rights, please see the section of this Privacy Notice called “California Consumer Privacy Statement.”

We maintain administrative, technical and physical safeguards designed to protect Personal Data we obtain through the Sites against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

Our Sites may provide links to other websites for your convenience and information. These websites may operate independently from us. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.

This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our Personal Data practices. We will post the updated version on the Sites and indicate at the top of the Notice when it was most recently updated. Please check for any updates regularly.

If you have any questions or comments about this Privacy Notice, or if you would like us to update information we have about you or your preferences, please e-mail us or access our web form at PrivacyQueries@Goneke.com.

You also may write to:

Goneke Proprietary Limited
Attn: Legal & Compliance
70, Melville Road Illovo
Johannesburg Gauteng 2196

Individuals in the UK and EU may write to:

Goneke Europe LLP
Attn: Legal & Compliance
17 Rickfield
Crawley, Rh10 8ef
United Kingdom

Please also contact us via any of the above methods if you have a disability and require an alternative format of this Privacy Notice.