Privacy Policy.

Skale Capital Pty Ltd (Skale Capital, we, us, our) is the Fund Manager of the Skale Capital Fund and a Corporate Authorised Representative of Brindabella Investment Group Pty Ltd (AFSL 510735), the trustee of the Fund.

We are committed to protecting your privacy and are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, hold and disclose personal information in connection with our private credit business, including loan origination, investor onboarding and fund administration.

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not true and whether or not recorded in a material form. Where required, we may also give you a short collection notice when we collect your information through a specific channel (such as an application form or investor portal). Those notices should be read together with this policy.

The personal information we collect depends on your relationship with us. It may include:

• Identity information: name, date of birth, residential address, contact details and government-issued identification;
• Financial information: income, bank statements, tax returns, assets, liabilities, source of funds and source of wealth;
• Credit and business information: commercial credit reports, repayment history, ABN/ACN, directorships, shareholdings, trust deeds and beneficial ownership;
• Property information: valuations, title searches, contracts of sale and security property details;
• Investor information: wholesale or sophisticated investor status, accountant certificates, tax residency (including for FATCA and CRS reporting), bank account details and investment records;
• AML/CTF information: identity verification records, beneficial ownership, politically exposed person status and sanctions screening information; and
• Technical information: IP address, browser type, device information and website or portal usage data.

Where practicable, we collect personal information directly from you, through forms, email, phone, meetings, our website and our portals. We may also collect personal information from:

• finance brokers, advisers, accountants, solicitors and other authorised representatives acting for you;
• borrowers, guarantors, directors, shareholders, trustees and beneficial owners connected with a loan or investment;
• credit reporting bodies, identity verification providers, valuers, lawyers and fund administrators;
• public sources such as ASIC, ABR and land title registries; and
• our website, portals and analytics tools.

If we collect information about you from a third party, we take reasonable steps to make sure you are aware of that collection where required by law.

We use personal information for purposes including:

• assessing, processing and managing loan applications, including credit and security assessment;
• verifying identity and conducting AML/CTF, sanctions, PEP and fraud-prevention checks;
• preparing, issuing, administering, varying and enforcing loan documents;
• onboarding investors, verifying wholesale or sophisticated investor status, and administering investments, distributions and tax reporting (including FATCA and CRS);
• communicating with borrowers, guarantors, brokers, investors and other relevant parties;
• complying with our legal, regulatory, tax, AFSL and AML/CTF obligations;
• operating and improving our website and portals;
• handling enquiries, complaints and access or correction requests; and
• marketing our products or services where permitted by law or with your consent.

If you do not provide the personal information we request, we may not be able to process your application, onboard you as an investor, comply with our legal obligations or provide our products or services to you.

We may disclose personal information to:

• Brindabella Investment Group Pty Ltd, as trustee and fund administrator of the Skale Capital Fund;
• finance brokers, referrers, financial advisers and other authorised representatives;
• borrowers, guarantors, directors, shareholders, trustees and beneficial owners where relevant to a loan or investment;
• lawyers, valuers, accountants, settlement agents, auditors (including Australian Audit Pty Ltd) and other professional advisers;
• credit reporting bodies, identity verification providers and AML/CTF, sanctions and fraud-prevention providers;
• funding partners, custodians, registry providers and our investment management platform provider (Caruso);
• our technology and operational service providers, including cloud hosting, email, document storage and analytics providers;
• banks, payment processors and insurers; and
• ASIC, AUSTRAC, the ATO (including under FATCA and CRS), the OAIC, courts, tribunals and other regulators or government bodies where required or permitted by law.

Brindabella, Caruso and other service providers handle personal information under their own privacy policies, which are available on request. We do not sell personal information for marketing purposes.

We may use automated tools, including artificial intelligence and third-party technology platforms, to assist our team with administrative tasks such as document processing, data extraction and operational efficiency. We do not use AI or automated tools to make credit decisions or material investment decisions, those decisions are made by our authorised human decision-makers.

You may request information about how automated tools have been used in relation to your information.

Where we use third-party AI providers, we take reasonable steps to ensure information is handled securely and is not used to train third-party public models without authorisation.

Personal information is primarily stored and processed in Australia. Our customer relationship management system is hosted on Australian-based servers (Amazon Web Services, Sydney region), and our investor management platform provider (Caruso) is based in Australia and New Zealand. However, some of our service providers, including email, analytics, identity verification and AI providers, may store or access information from overseas, most commonly the United States.

Where we disclose personal information overseas, we take reasonable steps required by APP 8 to ensure the recipient handles the information consistently with the APPs, unless an exception applies (for example, where the recipient is subject to a substantially similar privacy regime, or where disclosure is required or authorised by law, including under FATCA and CRS).

We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. These steps include access controls and role-based permissions, authentication and user access management, encryption in transit (and at rest where available), secure document storage, audit logs and monitoring, staff confidentiality and privacy training, vendor due diligence, and incident response procedures. No system is completely secure, if you believe your information has been compromised, please contact us promptly.

We retain personal information for as long as reasonably necessary for the purposes for which it was collected and to comply with our legal, regulatory, tax, AML/CTF, AFSL and dispute-resolution obligations. AML/CTF records may need to be retained for at least 7 years. Where information is no longer required and we are not legally required to retain it, we take reasonable steps to destroy or de-identify it.

If a data breach occurs that is likely to result in serious harm to an individual, we will assess and respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

Our website and portals use cookies and similar technologies to operate the site, improve functionality, analyse traffic and secure accounts. You can manage cookies through your browser settings, but disabling them may affect functionality. Our website may contain links to third-party websites, those parties are responsible for their own privacy practices and we recommend you review their policies.

We may use your contact details to send you information about Skale Capital's products, services and investment opportunities where permitted by law or with your consent. We comply with the Spam Act 2003 (Cth) when sending commercial electronic messages. You can opt out at any time using the unsubscribe link or by contacting us.

You can request access to the personal information we hold about you, and ask us to correct information that is inaccurate, incomplete, out of date, irrelevant or misleading. We may need to verify your identity before responding and will respond within a reasonable period, within 30 days where required by law. If we refuse access or correction, we will explain why.

If you have a complaint about how we have handled your personal information, please contact us first using the details below. We will acknowledge your complaint within a reasonable period and aim to resolve it within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

We may update this policy from time to time to reflect changes in our practices, technology, service providers or legal requirements. The updated policy will be published on our website with the revised date.