PRIVACY POLICY

AXIS CAPITAL MANAGEMENT GROUP – PRIVACY POLICY

Effective date: November 12, 2025
Last updated: November 12, 2025

1. Introduction

This Privacy Policy describes how Axis Capital Markets Group (“Axis” ) collects, uses, discloses, retains and otherwise processes personal information of individuals who access or use our websites, mobile applications, services and related interactions (collectively, the “Services”). By accessing or using our Services, you acknowledge you have read this Policy and agree to the processing of your personal information as described herein and in our Terms of Use.

2. Who we are

Axis Capital Markets Group is a global boutique management firm”] based at 1720 Pioneer Avenue, Suite 7000, Cheyenne, WY 82001.
For Europe/UK residents, Axis acts as the data controller for the personal information collected via the Services, unless otherwise indicated. If you reside in the European Economic Area (“EEA””) or the United Kingdom (“UK”), this means we determine the purposes and means of processing of your personal data. For other regions, we act in accordance with applicable privacy laws.

3. Categories of personal information we collect

Depending on your interaction with us (e.g., visitor, client, job applicant, service provider, event attendee), we may collect one or more of the following categories of personal information:

• Identifiers: name, email address, phone number, mailing address, date of birth, government ID number, IP address, device or browser identifiers.
• Professional or employment-related information: job title, employer name, work history, compensation information, contract details.
• Financial information: account numbers, transaction history, investments, income, net worth, credit card or debit card number (where applicable).
• Commercial or transactional information: records of services you obtained, your preferences, feedback, service enquiries.
• Biographical / demographic / personal characteristics: gender, marital status, nationality, country of residence, age.
• Online or device activity information: browsing history, search history, interaction with our site, geolocation data (if enabled), cookies and similar tracking technologies.
• Sensitive personal data (where applicable): e.g., government ID numbers, “special category” data under GDPR — only if required and permitted under law or consent.
• Recruitment data: for job applicants, we may collect CVs/resumes, references, interview notes, background check details.

4. How we collect personal information

We collect your personal information in a variety of ways, including:

• When you provide it directly (e.g., via contact forms, job applications, event registrations).
• Automatically when you use our Services (e.g., cookies, log files, analytics).
• From third-party sources (e.g., service providers, partners, public records, client referrals).
• Through offline interactions (e.g., meetings, phone calls, business cards) when applicable.

5. How we use your personal information

We may use your personal information for the following purposes (and for any other lawful purpose notified to you):

• Provide, manage and enhance our Services, including account administration and client servicing.
• Respond to your inquiries, requests, applications or support issues.
• Perform contractual obligations or enter into a contract with you.
• Conduct marketing and communications (where permitted by law), including newsletters, promotional offers, event invitations.
• Carry out analytics, research, business intelligence and performance tracking (e.g., measurement of website usage, campaign results).
• Protect system security, detect/prevent fraud, misconduct, unauthorized access.
• Comply with legal and regulatory obligations (e.g., anti-money laundering, tax reporting, litigation).
• Manage business operations, mergers, acquisitions, corporate reorganizations, asset sales or transfers.
• Conduct recruitment processes (for job applicants).
• Any other purpose disclosed to you at the time of collection.

6. Legal bases for processing (EEA/UK)

If you are located in the EEA or UK, we rely on one or more of the following legal bases for processing your personal data:

• Consent – when you give freely-given, specific and informed consent to process your personal data for one or more purposes.
• Performance of a contract – when processing is necessary for the performance of a contract to which you are a party.
• Legal obligation – when processing is necessary to comply with a legal obligation to which we are subject.
• Legitimate interests – when processing is necessary for our legitimate interests (or those of a third party) and your rights do not override those interests. We will always balance our interests against your privacy rights.

7. Disclosure and sharing of personal information

We may share your personal information in the following circumstances:

• With Affiliates and subsidiaries of Axis, under common control, to provide Services and support our operations.
• With Service Providers (vendors, contractors, consultants) who perform services on our behalf, subject to data-processing agreements.
• With Regulators, courts, law enforcement or government authorities as required to comply with legal obligations or protect rights.
• In connection with business transactions, such as mergers, acquisitions, reorganizations or asset sales; in such cases, we will require recipient to honour this Policy.
• With your consent, or as otherwise disclosed at the time of data collection.
• With other parties as required to fulfil the purposes described in Section 5.

8. International data transfers

Your personal information may be transferred to, stored or processed in countries other than your country of residence. When we transfer data outside the EEA/UK, we ensure appropriate safeguards, such as Standard Contractual Clauses, or rely on an adequacy decision. Where required by law, we will inform you of such transfers and your rights.

9. Retention of personal information

We will retain your personal information for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific retention periods may vary depending on the category of data, legal/regulatory obligations and the nature of the relationship. When data are no longer required, we will either delete, anonymize or securely destroy them.

10. Cookies, tracking and web technologies

We use cookies and similar technologies to track usage, preferences and advertising. Please refer to our Cookie Policy for full details on cookie categories, your choices and how to opt-out.

11. Your rights

Depending on your country of residence, you may have the following rights:

• The right to access your personal data and receive information about how it is processed.
• The right to rectify inaccurate or incomplete data.
• The right to erase (delete) personal data in certain circumstances (e.g., when data are no longer necessary, you withdraw consent, or there is no overriding legitimate interest).
• The right to restrict or object to processing of your personal data.
• The right to data portability, where applicable (receive data in a structured, commonly-used, machine-readable format).
• The right to withdraw consent at any time (if processing is based on consent).
• California and other US state privacy rights: the right to opt-out of sale/sharing of personal information, right to know, right to deletion, and non-discrimination.
• If you are located in the EEA/UK, the right to lodge a complaint with the relevant supervisory authority.

To exercise these rights or request further information, contact: privacy@[your-domain].com
We may need to verify your identity before fulfilling requests.

12. Marketing communications

If you have opted-in to marketing communications, you may unsubscribe or opt-out at any time by following the unsubscribe link in the email or contacting us at the email above. If you are a resident of Switzerland/EU, you may also object to profiling for direct marketing.

13. Children’s data

Our Services are not directed to children under the age of 16 (or the age required by your local jurisdiction). We do not knowingly collect personal data of children without parental/guardian consent. If you believe we have inadvertently collected such information, please contact us and we will take appropriate steps.

14. Security

We employ administrative, technical and physical safeguards appropriate to the risk to protect your personal information from unauthorized access, disclosure, alteration and destruction. However, no security system is perfect and we cannot guarantee absolute security.

15. Links to external sites

Our Services may contain links to third-party websites, applications or services (“Third-Party Sites”). This Policy applies only to our Services. We are not responsible for the privacy practices of Third-Party Sites. We encourage you to review their privacy policies.

16. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our data practices, legal requirements or technologies. When we make changes, we will post the updated version here and update the “Last updated” date. Your continued use of our Services after the update constitutes acceptance of the updated Policy.

17. Contact us

If you have questions, comments or concerns about this Policy, or wish to exercise your rights, please contact:
Axis Capital Markets Group
Email: privacy@axiscmg.com
Address: 1720 Pioneer Avenue, Suite 7000, Cheyenne, WY 82001
Phone: +1-305-215-0660