This Website Privacy Policy (“policy”) describes the types of personal information we may collect about you when you use our website marathoncapital.com (the “site”), the purposes for which we use the information, and the circumstances in which we may share such information. As used throughout this policy, the term “Marathon Capital,” “we”, “our” or “us” refers to Marathon Capital, LLC.

When you visit the site, we collect certain personal information about you. “Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household.

For further information about anything on this page, please contact Marathon Capital by email at privacy@marathoncapital.com

COLLECTION OF PERSONAL INFORMATION

The categories below describe the personal information we collect about you and the sources from which we collect those categories of personal information.

Personal Identifiers
Description: email address
Sources: You

Device and Online Identifiers
Description: IP address; session ID (session start time)
Sources: You; devices associated with you; third-party information providers

Internet, Browser, and Network Activity
Description: clickstream/online website tracking information; data related to user activity, e.g., browser visits, page views, visits, and unique visitor data; and cookies or other similar technologies
Sources: You; devices associated with you; third-party information providers

Location Data
Description: Region, country, and city
Sources: You; devices associated with you; third-party information providers

We operate in a regulated industry, and so we are required to collect and use certain personal information before we can accept someone as a client, and as necessary for the performance of any contracts we enter into with you. In addition to the information identified above, this may include:

• basic information such as your name, the company you work for, your position and your relationship to a person;
• contact information such as your postal address, email address and telephone number(s);
• financial information, such as payment related information;
• identification and background information provided by you or collected as part of our business acceptance process; and
• any other personal information relating to you or other third parties which you may provide to us for the purpose of receiving our services.

Marathon Capital collects information from and about candidates in connection with available employment opportunities at Marathon Capital. This information may include CVs, identification documents, academic records, work history, employment, and references.

In connection with our recruitment activities, we may also collect special categories of personal information from candidates where we have an employment law obligation to do so, the information is relevant to their future working environment at Marathon Capital or the future provision of employment benefits, or with the individual's explicit consent.

USE OF PERSONAL INFORMATION

We may use your information for these purposes:

• to provide and improve our services to you;
• to compile anonymous statistics, for example, website usage statistics;
• to market our services;
• to manage our relationship with you;
• to match your skills, experience and education with specific job roles offered by us;
• to fulfill our legal obligations, including anti money laundering requirements and Know Your Client, conflict, reputational and financial checks;
• to provide you with personalized content;
• to process and respond to enquiries;
• to alert you to new features, special events, and service offerings; and
• for other legitimate business purposes.

LEGAL BASIS FOR OUR USE OF YOUR INFORMATION

Our use of your information is limited to:

• purposes for which you have given us clear consent to process personal information for a specific purpose;
• to perform contracts we are about to enter or have entered into with you;
• where the use of your personal information is necessary for our legitimate interest or the legitimate interest of a third party;
• our legitimate interest to inform you about our business, services, and news; and
• to comply with legal or regulatory obligations.

SHARING OF PERSONAL INFORMATION WITH OTHER ENTITIES

To achieve the above purposes, your personal information may be communicated to authorized persons within Marathon Capital in charge of marketing, business development, client servicing, information technology, legal and compliance.

We may occasionally be required to share your information with other Marathon Capital group companies or branches around the world and other third parties who provide services to us or on our behalf.

If you are based within the United Kingdom (“UK”) or the European Economic Area (the “EEA”), this may entail a transfer of your information from a location within the UK or the EEA to outside the UK or the EEA, or from outside the UK or the EEA to a location within the EEA or the UK. The level of information protection in countries outside the UK or EEA may be less than that offered within the UK or EEA. However, we have procedures in place to ensure the protection of your information and we have taken steps to ensure that all such entities keep your personal information confidential and secure and only use it for the purposes we have specified and have informed you of. The transfer of personal data to third party service providers outside of the UK and the EEA takes place on the basis of data protection adequacy decisions by the UK or the European Commission or via the implementation of EU data protection Standard Contractual Clauses. The safeguards we have taken include implementing the European Commission's Standard Contractual Clauses for transfers of personal information between the UK or EEA and non-UK/EEA entities within Marathon Capital, which requires our non-UK/EEA members to protect personal information they process from the UK or the EEA in accordance with UK and European Union data protection laws. Our Standard Contractual Clauses can be provided on request. We have also implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

If you are a Canadian resident, we may process and store your personal information outside of Canada, including in the United States, and such data may be subject to disclosure to authorized law enforcement, local courts, and national security authorities under applicable local laws and legal process.

Marathon Capital may disclose your personal information to another entity (i) to outsource one or more functions described above; (ii) to confirm or update information provided by you; (iii) to inform you of events, information about our services, and other important information; or (iv) for other purposes disclosed at or before the time the information is collected. We may also share your information when legally required to do so.

If we re-organize or transfer our business, we may need to transfer your information to new Marathon Capital entities or to third parties through which the business of Marathon Capital will be carried out.

We may share your information with these types of entities:

• Service providers: We engage service providers to assist us with operating the site. These service providers analyze information about our site and your use of the site. Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.
• Other entities related to legal process and emergency situations:We may disclose personal information to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud, and cooperating with law enforcement or regulatory authorities. Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.

Applicable law requires that we identify the categories of personal information we share for business purposes. We disclose these categories of personal information for business purposes: Personal identifiers, device and online identifiers, information about your internet, browser, and network activity, and location data.

INFORMATION SECURITY: HOW WE PROTECT YOUR PRIVACY

Marathon Capital is committed to protecting the privacy and confidentiality of your personal information. We limit access to your personal information to authorized Marathon Capital employees or agents and the third parties described above in Sharing of Personal Information With Other Entities. We also maintain physical, electronic, and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

• a dedicated group within Marathon Capital that designs, implements, and provides oversight to our information security program;
• using specialized technology such as firewalls;
• testing the security and operability of products and services before they are introduced to the Internet, and ongoing scanning for publicly known vulnerabilities in the technology;
• internal and external reviews of our Internet sites and services;
• monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
• implementing controls to identify, authenticate and authorize access to various systems or sites;
• protecting information during transmission through various means including, where appropriate, encryption; and
• providing Marathon Capital personnel with training and continually updating our security practices, given new risks and developments in technology.

PRIVACY AND THE INTERNET

The following additional information will interest you as a visitor to this site:

“Cookies” are small text files that may be placed on your Web browser when you visit our Web sites or when you view advertisements, we have placed on other Web sites. For more information about cookies, how our Web sites use them, and your options regarding their use, please see our cookies policy.

“Clickstream” data (e.g., information regarding which of our Web pages you access, the frequency of such access, and your product and service preferences) may be collected by Marathon Capital itself, or by our service providers, using cookies, Web beacons, page tags, or similar tools set when you visit the site or when you view an advertisement we have placed on another Web site. Clickstream data and similar information may be shared internally within Marathon Capital and used for administrative purposes; to assess the usage, value and performance of our online products and services; to improve your experience with the site; and as otherwise permitted by law or regulation. This information may be processed by us for the purposes described above, or on our behalf by other entities, solely under our instructions.

The site is not currently configured to respond to “do not track” signals or similar mechanisms.

OUR OTHER PRIVACY POLICIES OR NOTICES; CHANGES TO POLICY

This policy generally states how Marathon Capital protects your personal information when you access and use the site. You may, however, with specific products or services offered by Marathon Capital, be provided with separate privacy policies or notices that describe the privacy practices associated with your use of those products or services. This policy may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information related to your use of the site. If we make material changes to this policy, we will let you know by appropriate means, such as posting the revised copy on this page with a new effective date. The revised policy will be effective immediately upon posting to our Web site.

DATA RETENTION

We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

UK AND EEA RESIDENTS

If you are a UK or EEA resident, you have certain rights in relation to your personal information under the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”) (for UK residents) and the General Data Protection Regulation (“GDPR”) (for EEA residents).

You have the right to apply for a copy of the information we hold about you. This is called a data subject access request and you can make a request by writing to us using the contact details below. We may require further information from you to verify your identity before disclosing any personal information to you.

You may also have any inaccurate information about you corrected. We want your information to be accurate and up to date. You may ask us to correct or remove any information you think is no longer up to date. Please contact us using the contact details below if you would like any corrections made to your information.

You may also object to Marathon Capital’s processing of your personal information or request that Marathon Capital restricts the processing of your personal information.

To exercise the above rights, you can contact Marathon Capital by email to privacy@marathoncapital.com.

You also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based or where an alleged infringement of data protection law has taken place. In the UK, you can make a complaint to the Information Commissioner's Office (Tel: 0303 123 1113 or at www.ico.org.uk).

CALIFORNIA RESIDENTS

California residents should be aware that this section does not apply to: Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act (“GLBA”) and its implementing regulations, the California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994; or other information subject to a California Consumer Privacy Act (“CCPA”) exception.

If you are a resident of California, you have certain rights in relation to your personal information under the CCPA. These include your right to:

• request information about the personal information we collect about you and the manner in which we process and disclose that information;
• obtain the specific pieces of personal information we collected about you in the 12 months preceding your request;
• delete certain personal information we collected about you;
• opt-out of disclosures of your personal information to third parties under certain circumstances; and
• not be discriminated against because of exercising any of these rights.

To discuss or exercise such rights, please contact us at privacy@marathoncapital.com

California law requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third-party identity verification tools. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized agent to exercise certain of the rights listed above on your behalf by providing the authorized agent with power of attorney under the California Probate Code or by executing other documentation we may require. The authorized agent may make the request on your behalf by following the instructions above. If an authorized agent submits a request on your behalf, we will contact you to verify that they represent you.

California law requires that we describe certain disclosures of personal information where we receive valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We do not sell information to third parties as defined under California law. We do not knowingly sell the personal information of minors under 16.