Updated: September 2025

1. IMPORTANT INFORMATION

Marathon Capital respects your privacy and is committed to protecting your Personal Information. This Privacy Policy (“Policy”) explains to type of Personal Information we collect together with details of how we collect, share, use and look after your Personal Information. The Policy further provides details of your privacy rights in relation to your Personal Information.

This Policy is issued on behalf of Marathon Capital, LLC and its subsidiaries. When we mention “Marathon Capital” “we” “us” or “our” in this Policy, we are referring to the relevant company in the Marathon Capital group of companies that is responsible for processing Personal Information relating to you.

It is important that you read this Policy, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Information about you so that you are aware of how and why we are using such information.

“Personal Information” means any information about an individual from which that person can be identified. It does not include data where details of your identity has been removed (anonymous data).

SMS consent and phone number collected for SMS purposes will not be shared or transferred with any third parties for any marketing purposes.

2. COLLECTION OF PERSONAL INFORMATION

Personal Information we collect about you

This section details the Personal Information we collect about you in the course of your interaction and correspondence with us and our representatives. We collect:

• Identity Data: this includes basic personal details including your name, employer name, job title, address, email address, telephone number and other contact details;
• Transaction Data: this includes basic personal details of certain directors, ultimate beneficial owners or other individuals for client due diligence purposes such as name and address (and proof of name and address), any other contact details you supply and records of communications between ourselves;
• Financial Data: this may include your banking details and information relating to your financial status and dealings;
• Technical Data: this includes internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform information, device ID and other technology on the devices you use to access this website; and
• Employment Data: this includes your CV, employment and education history and references (where you send us this information as part of a job application process).

Personal Information we collect from other sources

We may also collect Personal Information from third parties. This may include:

• information received from background checks related to the job application process (this may include criminal record checks and credit history or bankruptcy checks as required for regulatory purposes);
• information received from due diligence activities (such as anti-money laundering, politically exposed persons and sanctions checks);
• publicly available information;
• basic personal details, employment and education history and references (where we are sent this information by a recruitment agent or previous employers).

If you do not provide certain information when requested, we may not be able to provide services or perform a contract we have entered into with you (such as advising on a particular transaction), or we may be prevented from complying with our legal obligations (such as to perform client due diligence).

3. USE OF PERSONAL INFORMATION

We use your Personal Information for the following purposes:

• conducting “know-your customer” and other due diligence pursuant to applicable anti-money laundering and anti-corruption laws and regulations and Marathon Capital’s related policies and procedures;
• assessing your suitability as our client, including by verifying your identity;
• providing our services;
• improving, enhancing or developing our services;
• managing our relationship with you;
• recruiting and evaluating your candidacy as a job applicant;
• statistical analysis and market research;
• operating our business;
• improving, enhancing or developing methods or processes for our business operations;
• billing and invoicing purposes;
• complying with our regulatory and legal obligations including assessing and managing risk;
• identifying and preventing fraud and other unlawful activity;
• safeguarding and enforcing our contractual and legal rights and interests, including under the agreements entered into between Marathon Capital and yourself or any of your affiliated persons and organizations who are involved in any transaction which Marathon Capital may be advising on, or under applicable regulatory frameworks;
• seeking and receiving advice from our professional advisors, including accountants, lawyers and other consultants;
• maintaining our records;
• learning about and understanding your behavior and preferences (and that of other relevant individuals) in relation to the services we provide;
• to send you relevant marketing communications and for the marketing of our services;
• organizing and holding meetings and events; and/or
• sending you periodic updates about Marathon Capital’s business, activities and opportunities, in particular, by email and post, providing you the option to opt out of receiving updates at any time.

LEGAL BASIS FOR OUR USE OF YOUR INFORMATION

The laws of the United Kingdom (“UK”) and various EU countries in the European Economic Area (“EEA”) require us to have a legal basis for collecting and using your Personal Information. We rely on one or more of the following legal bases for the purposes of processing Personal Information regarding people residing in those countries:

• Consent: where you have given us clear consent to process personal information for a specific purpose;
• Performance of a contract with you: where we need to use your Personal Information to perform contracts we are about to enter, have entered into or are considering entering into with you;
• Legitimate interests: where the use of your personal information is necessary for our legitimate interest; and
• Legal obligation: where to need to process your Personal Information to comply with legal or regulatory obligations.

SHARING OF PERSONAL INFORMATION

We will not disclose your Personal Information to third parties except as detailed in this Policy. The following is a list of the third parties which we may share your Personal Information with:

• Marathon Capital, LLCs subsidiaries;
• professional advisors, including accountants, auditors, legal advisors, compliance consultants and tax advisors;
• fraud prevention agencies;
• third party service providers including information technology providers, providers of client relationship management systems, information security providers, “know your customer” and other customer or employee due diligence service providers;
• financial intermediaries;
• law enforcement agencies and regulators, government departments or competent authorities of the US, UK or of other countries where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect our rights, property or safety, or that of our clients or others; and
• to other third parties to which you have consented disclosures being made.

If you are based within the UK or the EEA, this may entail a transfer of your information from a location within the UK or the EEA to outside the UK or the EEA, or from outside the UK or the EEA to a location within the EEA or the UK. The level of information protection in countries outside the UK or EEA may be less than that offered within the UK or EEA. However, we have procedures in place to ensure the protection of your information and we have taken steps to ensure that all such entities keep your personal information confidential and secure and only use it for the purposes we have specified and have informed you of. The transfer of Personal Information to third party service providers outside of the UK and the EEA takes place on the basis of data protection adequacy decisions by the UK or the European Commission or via the implementation of EU data protection Standard Contractual Clauses. The safeguards we have taken include implementing the UK and European Commission's Standard Contractual Clauses for transfers of personal information between the UK or EEA and non-UK/EEA entities within Marathon Capital, which requires our non-UK/EEA members to protect personal information they process from the UK or the EEA in accordance with UK and European Union data protection laws. Our Standard Contractual Clauses can be provided on request. We have also implemented similar appropriate safeguards with our third-party service providers and partners.

If you are a Canadian resident, we may process and store your personal information outside of your province of residence, including in the United States, and such data may be subject to disclosure to authorized law enforcement, local courts, and national security authorities under applicable local laws and legal process.

INFORMATION SECURITY: HOW WE PROTECT YOUR PRIVACY

We acknowledge that the information you provide may be confidential and we will maintain the confidentiality of and protect your information in accordance with our normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal information against loss and unauthorized access .

Details of some of the technical and organisational security measures we adopt include the following:

• We have a dedicated group of individuals within Marathon Capital that design, implement, and provide oversight to our information security program, including a designated Privacy Officer;
• We use specialized data security technology such as firewalls;
• We test the security and operability of products and services before they are introduced, and carry out ongoing scanning for publicly known vulnerabilities in the technology;
• We carry out internal and external reviews of our Internet sites and services;
• We regularly monitor our systems infrastructure to detect weaknesses and potential intrusions;
• We implement controls to identify, authenticate and authorize access to various systems or sites;
• We use contractual protections and other measures to ensure that service providers with whom we share personal information maintain adequate privacy protections and standards. For example, we generally require our service providers to limit their use and retention of personal information to what is necessary to provide their services and to notify us in case of any actual or suspected security incident;
• We protect information during transmission through various means including, where appropriate, encryption; and
• We provide Marathon Capital personnel with training and continually update our security practices, to address new risks and developments in technology.

DATA RETENTION

We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

UK AND EEA RESIDENTS

If you are a UK or EEA resident, you have certain rights in relation to your personal information under the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”) (for UK residents) and the General Data Protection Regulation (“GDPR”) (for EEA residents).

You have the right to apply for a copy of the Personal Information we hold about you. This is called a data subject access request and you can make a request by writing to us using the contact details below. We may require further Personal Information from you to verify your identity before disclosing any Personal Information to you.

You also have rights to ensure any inaccurate Personal Information about you corrected. We want your Personal Information to be accurate and up to date. You may ask us to correct or remove any Personal Information you think is no longer up to date. Please contact us using the contact details below if you would like any corrections made to your Personal Information.

You have a right to request erasure of your Personal Information in certain circumstances. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

You may also object to Marathon Capital’s processing of your Personal Information or request that Marathon Capital restricts the processing of your Personal Information.

You will not usually have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

To exercise the above rights, you can contact Marathon Capital by email to privacy@marathoncapital.com.

You also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based or where an alleged infringement of data protection law has taken place. In the UK, you can make a complaint to the Information Commissioner's Office (Tel: 0303 123 1113 or at www.ico.org.uk).

CALIFORNIA RESIDENTS

The following terms apply to the collection of Personal Information from California residents and supplements other terms of this Policy to provide California residents with additional information and rights required by the California Privacy Rights Act ("CPRA"). The CPRA Privacy Notice applies only to individuals residing in the State of California who are considered "consumers" under the CPRA and from whom we collect "personal information" as described in the CPRA.

California residents should be aware that this section does not apply to: Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act (“GLBA”) and its implementing regulations, the California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994; or other information subject to a California Consumer Privacy Act (“CCPA”) exception.

If you are a resident of California, you have certain rights in relation to your Personal Information under the CCPA. These include your right to:

• request information about the personal information we collect about you and the manner in which we process and disclose that information;
• obtain the specific pieces of personal information we collected about you in the 12 months preceding your request;
• delete certain personal information we collected about you;
• opt-out of disclosures of your Personal Information to third parties under certain circumstances; and
• to not be discriminated against because of exercising any of these rights.

California law requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third-party identity verification tools. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized agent to exercise certain of the rights listed above on your behalf by providing the authorized agent with power of attorney under the California Probate Code or by executing other documentation we may require. The authorized agent may make the request on your behalf by following the instructions above. If an authorized agent submits a request on your behalf, we will contact you to verify that they represent you.

California law requires that we describe certain disclosures of Personal Information where we receive valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We do not sell information to third parties as defined under California law. We do not knowingly sell the personal information of minors under 16.

CANADIAN RESIDENTS

If you are a Canadian resident, you may be entitled to access your personal information and request the rectification information that is inaccurate, incomplete or no longer up to date, subject to limited exceptions set out in applicable laws.

Depending on the province or territory in which you reside and subject to legal or contractual restrictions, you may also be entitled to:

• request that we stop or restrict processing your personal information or to have it erased;
• request information on automated processing of your personal information. You can obtain information on the personal information used to render the decision (and request that this information be correct) and the reasons, principal factors and parameters that led to the decision;
• obtain a copy of the personal information we collected from you; and
• obtain additional information about data processing, including the personal information collected and how it is processed by us.

To submit a request, please contact us in writing at privacy@marathoncapital.com.

CONTACT US

If you have any questions about this Policy or about the use of your Personal Information or you want to exercise your privacy rights, please contact us in the following ways:

• Email address: privacy@marathoncapital.com

• Postal address: 200 West Madison Street, Suite 3700, Chicago, Illinois 60606, United States

CHANGES TO THIS POLICY

We reserve the right to amend this Policy at any time. If we make any changes, we will post the updated notice here and change the date at the top of this webpage, accordingly, we encourage you to periodically review this page to learn about any such updates.