This California Privacy Schedule supplements our General Privacy Notice and applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act – together, the CCPA – applies to our processing of personal information.

This Privacy Schedule is intended to provide additional California-specific disclosures, including a notice at collection, and should be read together with our General Privacy Notice.

For the purposes of this Privacy Schedule, “personal information”, “sensitive personal information”, “sell”, “share”, “service provider” and “contractor” have the meanings given under the CCPA.

Otherwise, unless defined herein, capitalised terms in this Privacy Schedule shall be as defined in our General Privacy Notice.In particular, “Agency” and “Agency Group” refer to the specific agency, legal entity or group of entities responsible for the relevant processing, as described in the General Privacy Notice.

This Privacy Schedule applies to California residents whose personal information we process, including:

• visitors to our website;
• clients, prospective clients, suppliers, prospective suppliers, business partners and their representatives;
• event attendees and prospective event attendees;
• business contacts and prospective business contacts; and
• individuals who communicate with us or interact with us in a business context.

This Privacy Schedule does not apply to personnel, employee or candidate data unless expressly stated or required by applicable law.

We may collect the following categories of personal information:

Identifiers
Examples: Name, business email address, telephone number, employer, job title, business address, IP address, online identifiers.
Collected: Yes.

Personal information
Examples: Business contact details, financial or transaction information, payment/invoicing details.
Collected: Yes.

Commercial information
Examples: Records of services provided or received, event attendance, business relationship information, purchase or transaction records.
Collected: Yes.

Internet or electronic network activity information
Examples: Website usage, cookie data, browsing interactions, device/browser information, analytics data.
Collected: Yes.

Geolocation data
Examples: Approximate location inferred from IP address.
Collected: Limited.

Professional or employment-related information
Examples: Employer, job title, professional role, business contact details, work history where provided in a business context.
Collected: Yes.

Inferences
Examples: Business interests, preferences, event interests, marketing preferences and relationship management notes.
Collected: Yes.

Sensitive personal information
Examples: Account log-in details, government ID, financial account information or precise geolocation only where relevant and necessary.
Collected: Not usually / limited where required.

We do not knowingly, deliberately collect personal information from children under 16.

We may collect personal information from:

• you directly;
• your employer or organisation;
• Agency Group companies and The Independents Group companies;
• clients, suppliers, event partners and business partners;
• publicly available sources, such as LinkedIn, professional directories, press sources, public registers and company websites;
• cookies, analytics tools and website technologies;
• service providers and contractors; and

compliance screening providers and professional advisers.

We collect and use personal information for the purposes described in our General Privacy Notice, including:

• managing business relationships;
• communicating with you;
• providing or receiving services;
• administering contracts, projects, procurement, invoicing and accounts;
• organising and managing events;
• sending business updates, invitations and marketing communications;
• website operation, analytics, security and improvement;
• compliance, sanctions, anti-bribery, KYC and onboarding checks;
• internal reporting, group administration and business operations;
• protecting our business, systems, staff, clients and partners;
• corporate transactions, integrations, mergers, acquisitions, reorganisations or asset sales; and
• complying with legal and regulatory obligations.

We may disclose personal information to the following categories of recipients:

Agency Group companies and The Independents Group companies
Purpose of disclosure: Group administration, reporting, business operations, relationship management and service delivery.

Service providers and contractors
Purpose of disclosure: IT, hosting, CRM, communications, marketing, event administration, analytics, compliance screening and business support.

Professional advisers
Purpose of disclosure: Legal, audit, accounting, insurance, banking and consultancy services.

Clients, suppliers, event partners and business partners
Purpose of disclosure: Business relationship management, service delivery, project administration and event administration.

Regulators, authorities, courts and law enforcement
Purpose of disclosure: Compliance with legal obligations, regulatory requirements and protection of rights.

Corporate transaction parties
Purpose of disclosure: Mergers, acquisitions, reorganisations, investments, integrations, financing transactions or asset sales.

In the preceding 12 months, we may have disclosed the following categories of personal information for business purposes:

• identifiers;
• personal information described in Cal. Civ. Code §1798.80;
• commercial information;
• internet or electronic network activity information;
• approximate geolocation data;
• professional or employment-related information;
• inferences; and
• sensitive personal information, only where relevant and necessary.

We do not sell personal information for monetary consideration.

However, under California law, “sale” and “sharing” can include certain disclosures of personal information to third parties through cookies, pixels, analytics, advertising or similar technologies, even where no money is exchanged. Where applicable, certain cookie, pixel, analytics, advertising or similar technologies may be considered a “sale” or “sharing” of personal information under California law, even where no money is exchanged.

Where applicable, we may “share” or “sell” the following categories of personal information for cross-context behavioural advertising, analytics or similar purposes:

Identifiers, such as IP address, cookie IDs or online identifiers
Categories of third parties: Analytics, advertising or marketing technology providers.
Purpose: Analytics, marketing measurement, advertising and website optimisation.

Internet or electronic network activity information
Categories of third parties: Analytics, advertising or marketing technology providers.
Purpose: Website analytics, marketing measurement and advertising.

Inferences, such as business interests or marketing preferences
Categories of third parties: Analytics, advertising or marketing technology providers.
Purpose: Marketing, audience insights and business development.

You may opt out of sale or sharing by:

• using our cookie consent tool; or
• contacting us at DPO@the-independents.com

We do not use or disclose sensitive personal information for purposes that require a right to limit under the CCPA, unless we provide you with a right to limit such use or disclosure.

Where we collect sensitive personal information, we do so only as reasonably necessary for permitted business purposes, such as security, compliance, account administration, legal obligations or provision of requested services.

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including for legal, regulatory, tax, accounting, audit, reporting, security, compliance, corporate recordkeeping or dispute purposes.

In general:

Business contact and relationship management data
Indicative retention approach: Retained for the duration of our relationship with you or your organisation and for a reasonable period afterwards for business administration, relationship management and legal purposes.

Contract, project, procurement, invoicing and account records
Indicative retention approach: Retained for the duration of the relevant relationship, contract or project and typically for 6–7 years afterwards, unless a longer period is required by law.

Marketing contact data
Indicative retention approach: Retained until you unsubscribe, opt out or object, after which we may retain limited suppression details to ensure that we respect your preferences.

Event attendance and preference data
Indicative retention approach: Retained for as long as necessary for event administration, relationship management and marketing purposes, unless you opt out earlier.

Website analytics and cookie data
Indicative retention approach: Retained for the periods described in our Cookies Policy or cookie consent tool.

Compliance, sanctions, KYC and due diligence records
Indicative retention approach: Retained for as long as necessary to satisfy legal, regulatory, audit, compliance and risk management requirements.

Complaints, disputes and legal claims records
Indicative retention approach: Retained for the duration of the matter and for such period afterwards as necessary to protect our legal rights and comply with applicable limitation periods.

Further details are set out in our Data Retention Policy, available on request.

Subject to applicable law, California residents may have the right to:

• know/access the personal information we collect, use, disclose, sell or share;
• request a copy of specific pieces of personal information;
• request correction of inaccurate personal information;
• request deletion of personal information;
• obtain a portable copy of personal information;
• opt out of sale or sharing of personal information;
• limit certain uses and disclosures of sensitive personal information, where applicable; and
• not be discriminated against for exercising CCPA rights.

To exercise your California privacy rights, please contact us at: DPO@the-independents.com

Where available, you may also use any privacy request form, cookie consent tool or opt-out link made available on the relevant Agency website.

We may need to verify your identity before responding to your request. The information required for verification may depend on the nature of your request and your relationship with us.

You may use an authorised agent to submit a privacy rights request on your behalf.

We may require the authorised agent to provide proof that you authorised them to act on your behalf. We may also require you to verify your identity directly with us or confirm that you provided the authorised agent with permission to submit the request.

We will not discriminate against you for exercising your rights under the CCPA.

We do not offer financial incentives or price or service differences in exchange for the collection, retention, sale or sharing of personal information, unless we provide you with separate notice as required by applicable law.

California residents may request information about certain disclosures of personal information to third parties for their own direct marketing purposes, where applicable.

To make such a request, please contact: DPO@the-independents.com

If you have questions about this Privacy Schedule or our privacy practices, please contact: DPO@the-independents.com

We may update this Privacy Schedule from time to time. The latest version will be made available on the relevant Agency website or otherwise provided as required by applicable law.

Updated: April 2026