Privacy Notice

Protecting personal data under new GDPR Regulations 2018.

The North East Fraud Forum takes privacy and the protection of its client data very seriously. On 25
May 2018, a new Europe-wide data protection regulation comes into effect: the General Data
Protection Regulation (“GDPR”). GDPR seeks to strengthen and unify data protection for all
individuals whose personal information is processed within the European Union and grants new and
enhanced rights for those individuals in relation to their personal information.

The North East Fraud Forum attaches the highest priority to the security of our members and
customers assets and information and will continue to do so going forward. The North East Fraud
Forum has been actively working to implement the changes required to be ready for GDPR.

GDPR increases and strengthens the rights of individuals in relation to the information we hold
about them. Being transparent and providing accessible information to customers about how we
process their personal information is a key element of the new regulation.

We encourage you to read the Privacy Notice detailed on the North East Fraud Forum website
(insert link) which provides a summary of what we do with the personal information of our clients in
order to service our business. It also provides more information about the enhanced rights of
individuals and how to exercise them.

The North East Fraud Forum recognises the importance of the appropriate and secure treatment of
member / customer information and support the enhancements to data protection which the GDPR
will introduce. The changes described in this communication serve only to enhance and clarify the
rights of individuals arising from your relationship with us.

Please note that where required, we will adhere to applicable legal and regulatory data protection
requirements in any jurisdiction in which we are established for the purposes of those requirements
(“Local Jurisdiction”). To the extent that this Privacy Notice conflicts with the data protection
requirements in any Local Jurisdiction, the data protection requirements of that Local Jurisdiction
will take precedence.

If you are a corporate entity, you must notify your employees, beneficial owners and associated
persons that we may process their personal data and draw their attention to this Privacy Notice and
any changes made to it from time to time.