Data Privacy Framework

I. Overview

Lone Star Global Acquisitions, LLC, Lone Star Americas Acquisitions, Inc., Lone Star Americas Acquisitions, LLC, Lone Star Global Acquisitions (NY), LLC and LSF Investments, LLC (collectively, “Lone Star”) comply with the EU-U.S. Data Privacy Framework (the “EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (the “UK DPF”), and the Swiss-U.S. Data Privacy Framework (the “Swiss DPF” together with the EU-U.S. DPF and the UK DPF referred to in this Policy as the “DPF”) as set forth by the U.S. Department of Commerce. Lone Star has certified to the U.S. Department of Commerce that it adheres to the DPF Principles for the processing of personal information related to natural persons from the European Union, the United Kingdom and Switzerland (“Data Subjects”) transferred to the United States. If there is any conflict between the terms in this Data Privacy Framework Privacy Policy (this “Policy”) and the DPF Principles, the DPF Principles shall govern. For more information about the DPF program, and to view Lone Star’s certifications, please visit https://www.dataprivacyframework.gov/s/.

Lone Star’s practices regarding the collection, storage, use, transfer, and other processing of Personal Data comply, as appropriate, with the DPF Principles of notice, choice, accountability for onward transfer, access, security, data integrity and purpose limitation, and recourse, enforcement, and liability. Lone Star is committed to processing all Personal Data received from the European Union, the United Kingdom and Switzerland in accordance with the DPF program to the DPF Principles.

For the purposes of this policy, “Personal Data” means any information that (i) is transferred to Lone Star in the U.S. from the EU, UK, or Switzerland, (ii) is recorded in any form, and (iii) relates to an identified or identifiable Data Subject.

II. How Lone Star Obtains and Uses Personal Data

In the course of running our business and performing services for our clients, Lone Star obtains and processes certain Personal Data about Data Subjects, including without limitation, names, addresses, assets, liabilities, income, employers, bank account information, family member information, net worth, date of birth, and other information as required to comply with applicable laws or regulations. Lone Star uses this Personal Data to conduct due diligence, provide advice regarding investments made by our clients, and comply with legal and regulatory obligations. Lone Star may share Personal Data with third parties, including our clients; service providers, including but not limited to legal advisors, auditors, and accountants; financial institutions; insurance companies; and judicial, regulatory or governmental authorities, for the purposes indicated in this Policy.

III. Notice

Lone Star complies with the DPF Notice Principle by providing information in this Policy regarding our practices with Personal Data, including the purposes for which we collect and use Personal Data.

IV. Choice

By using the email address provided in the “Questions” section below, Data Subjects may opt out of disclosures of their information by Lone Star either (i) to third parties or (ii) if the information is used for purposes which are materially different from the purposes for which it was originally collected or subsequently authorized by the Data Subject. With respect to sensitive information (as defined in the DPF), Lone Star will obtain Data Subject’s opt-in consent prior to disclosures either (i) to third parties or (ii) if the information is used for purposes which are different from the purposes for which it was originally collected or subsequently authorized by the Data Subject.

V. Accountability for Onward Transfer

If Lone Star shares Personal Data with certain third parties for the purposes set out in the Policy, Lone Star may be liable if those parties process that Personal Data in a manner that is inconsistent with the DPF Principles. Lone Star may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

VI. Access

Data Subjects may (a) access their Personal Data that is retained by Lone Star; and (b) request for Personal Data to be corrected, amended, or deleted where it is inaccurate or used in violation of the DPF Principles. To request access to, or exercise these other rights relating to your Personal Data, please contact us using the information provided in the “Questions” section below. Access may be limited or denied, for example, if it would violate the rights of other individuals. Lone Star may charge a reasonable fee for such access requests, as permitted under the DPF.

VII. Security

Lone Star takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. Lone Star complies with the DPF Security Principle through the Information Security Policy.

VIII. Data Integrity and Purpose Limitation

Lone Star complies with the DPF Data Integrity and Purpose Limitation principles by taking reasonable steps to ensure that the Personal Data we process is (i) relevant for the purposes of processing, (ii) reliable for its intended use, and (iii) accurate, complete and current. These steps include relevant provisions of the Record Retention Policy.

IX. Recourse, Enforcement, and Liability

Lone Star commits to comply and cooperate with the DPF Recourse, Enforcement, and Liability Principle. We will take steps to remedy issues arising out of our failure to comply with the DPF Principles. Please contact us using the information provided in the “Questions” section below to address any DPF-Principles based complaints regarding Lone Star’s collection and use of Personal Data in reliance on the DPF. Lone Star has designated JAMS to address unresolved DPF-related complaints and provide appropriate recourse free of charge to the Data Subject. Data Subjects may contact JAMS at https://www.jamsadr.com/dpf-dispute-resolution. In certain circumstances, Data Subjects may be able to invoke binding arbitration with respect to adherence to the DPF. Lone Star is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

X. Contact for Questions

privacy@hudson-advisors.com

XI. Date Issued

November 2023