GRAMERCY FUNDS MANAGEMENT LLC

PRIVACY NOTICE

Gramercy Funds Management LLC, and its affiliate Gramercy Ltd. (collectively, “Gramercy,” “we,” “us,” or
“our”), know that data privacy is very important to you. We have created this privacy policy (the “Privacy
Policy”) to describe how we collect and process information from and about you through our website located
at https://www.gramercy.com (the “Site”), our Investment Services, and when you otherwise interact with
us (collectively, the “Services”). We have the utmost respect for your data privacy, so this Privacy Policy
also explains steps you can take to control and protect your personal information on our Services.

By accepting this Privacy Policy, accessing or using the Services, or otherwise manifesting your assent to
this Privacy Policy, you agree to be bound by this Privacy Policy. If you are accepting this Privacy Policy
on behalf of your employer or another organization, you hereby certify that you are authorized to bind such
party to the terms of this Privacy Policy. If you do not agree to (or cannot comply with) all of the terms of
this Privacy Policy you may not access or use the Services.

If you are under the age of 18, you may not use our Services.

This Privacy Policy will help you understand the following:
I. The Information We Collect
II. Information Use and Sharing
III. User Access and Choice
IV. External Websites and Third Parties
V. Security
VI. Children’s Privacy
VII. Do Not Track
VIII. Notice to Nevada Residents
IX. CCPA Notice to California Residents
X. GDPR Notice to EEA/UK Individuals
XI. Exercising Your Privacy Rights
XII. Changes to this Privacy Policy
XIII. Contacting Us

I.                           The Information We Collect

In the course of providing the Services, we may collect or receive the following types of information about
you, which may include personal information

1. Contact Information

We collect contact information through our Services, which may include your name, email address, phone
number, business contact data (e.g., title, company name, office phone number and company email
address), and any information you provide in messages to us (“Contact Information”). We use Contact
Information for purposes such as starting an application to obtain Gramercy Account, providing you with
information about the Services, responding to your inquiries, sending you email alerts (including marketing
emails), or providing you with the Services.

2. Gramercy Account Information

Gramercy is an SEC-registered investment advisor providing investment advisory services and products
(“Investment Services”) to a variety of clients including domestic and offshore private investment vehicles,
separately managed accounts of institutional investors such as pension plans, endowments, and trusts
(collectively, “institutions”), and individuals (each a “Client,” and collectively the “Clients”), focused primarily
on emerging markets investment strategies.

You may obtain Investment Services by opening one or more accounts with Gramercy which, depending
on the type of account (personal or institutional), may require that you provide certain information in addition
to Contact Information such as your date and country of birth, nationality, passport numbers (or numbers
associated with other government issued identification), Social Security Number or Tax ID, education,
gender, interests, photo, employment status, occupation, employer name and address, marital status,
financial information such as bank account and payment card details, suitability information, income,
revenue, and other sources of funds, net worth, trusted contact information, account balance, credit scores,
tax information and other information about financial situation and risk preferences.

We may refer to these accounts as “Gramercy Accounts.” If the application is approved, you will be required
to enter into an Investment Advisor Contract and other documents with Gramercy (personally or on behalf
of the applicable institution). We reserve the right to accept or decline any application(s) for Gramercy
Accounts in our sole and absolute discretion. If you have a Gramercy Account, or have taken steps to apply
for one, you may review our Regulation SP Privacy Notice for a description of our processing and disclosure
activities regarding the non-public personal information that we collect from and about you in connection
with opening and servicing Gramercy Accounts.

3. Information obtained automatically from your online activity

Except for Google Analytics (see below), when visitors (“Visitors”) or Clients access or use the Services we
only use cookies that are necessary for our Site to operate properly. Cookies are small packets of data that
a website places on your computer’s hard drive for such purpose, and necessary cookies may be placed
without your consent. If you do not want any cookies placed on your hard drive, you may be able to turn
that feature off on your computer or mobile device. Please consult your internet browser’s documentation
for information on how to do this. However, if you choose to do so, our website will not operate properly.

We may automatically collect other information when you access or use the Services such as (i) information
about the device used (e.g., the type of device, the advertising identifier (“IDFA” or “AdID”)), the operating
system and version (e.g., iOS, Android or Windows), carrier and network type (e.g., WiFi, 3G, 4G, LTE); (ii)
IP addresses (which may consist of a static or dynamic IP address and will sometimes point to a specific
identifiable computer or device); (iii) browser type and language; (iv) referring and exit pages and URLs; (v)
date and time of access; (iv) the content viewed; (v) the amount of time spent on particular pages; (vi) what
features of the Services are used or visited; (vii) details of any purchases; (viii) click stream information;
and (ix) precise geolocation data. We may also evaluate your computer, mobile phone, or other access
device to identify any malicious software or activity that may affect the availability of the Services.

4. Information obtained from other sources

We may also collect or receive your personal information from third parties such as credit bureaus and
service providers (e.g., providers of Anti-Money Laundering (“AML”) or Know Your Customer (“KYC”)
services), or when you visit, use, or access the Services from third-party websites. We will do so in
accordance with the terms of use and privacy policies of the third-party websites and applicable law. This
includes any social media pages we may have on third-party services such as Twitter and LinkedIn. For
example, we may collect the information you shared on our social media pages through an application or
form, which will have a hyperlink to this Privacy Policy. Personal information may also be collected by the
third-party social media sites that host our social media pages. These sites may provide aggregate
information and analysis to us about their visitors’ use of our social media pages. This allows us to better
understand and analyze our user growth, general demographic information about the users of these pages,
and interaction with the content that we post. This Privacy Policy does not cover personal information
collected by such third-party sites. For more information on their privacy and security practices please
review the privacy policies and terms of use on their respective websites. As permitted by applicable law,
we may also collect or receive your personal information from publicly available government records,
directories, and sources such as courts, tax authorities, government agencies, regulatory authorities, and
law enforcement.

5. Information obtained from third-party analytics services

We use Google Analytics to evaluate your use of the Services, compile reports on activity, collect
demographic and geolocation data, analyze performance metrics, collect and evaluate other information
relating to the Services and mobile and internet usage. Google Analytics uses cookies to help analyze such
data and provide us with reports. The information used by such analytics services is generally at the
aggregate level. Google may associate such data with visitation information collected from the Site.

For more information on Google Analytics including how to opt out from certain data collection, please visit
the site below. Please be advised that if you opt out of any service, you may not be able to use the full
functionality of the Services.

You may also control the collection of geolocation information through the user settings on your device.
Please be sure to manage your mobile device and privacy preferences on an ongoing basis.

II.                           Information Use and Sharing

We may use and share your personal information as set forth below:

    • To onboard you as a Client, including identity verification, credit, AML, KYC checks, or other due
      diligence efforts;
    • To provide the Services including servicing, maintaining and protecting your Gramercy Account,
      and processing transactions in your Gramercy Account;
    • To monitor, support, analyze, and improve the Services;
    • To communicate with you regarding the Services and your Gramercy Accounts;
    • To fulfill your requests for information regarding new or improved products and services;
    • To engage in marketing and advertising activities, provided that, where required under applicable
      law, we will obtain your prior opt-in consent to send electronic marketing communications and/or
      our newsletter;
    • To engage research, project planning, troubleshooting problems, and detecting and protecting
      against error, fraud, or other criminal activity;
    • To protect the safety and security of our Services, businesses and Clients;
    • To third-party contractors and service providers that provide services to us in the operation of our
      business and assistance with the Services, such as administrators, broker/dealers, custodians,
      marketing and advertising companies, payment processors, consulting service organizations, IT
      and cloud service providers, among others;
    • To disclose aggregated, anonymous, user statistics and other information to (i) affiliates, agents,
      business partners, and other third parties; (ii) describe the Services to current and prospective
      business partners; and (iii) other third parties for lawful purposes;
    • To share some or all of your information with our parent company and affiliates;
    • To fulfill our legal and regulatory requirements;
    • To comply with applicable law, such as to comply with a subpoena, or similar legal process, and
      when we believe in good faith that disclosure is necessary to protect our rights, protect your safety
      or the safety of others, investigate fraud, or respond to a government request;
    • To assess or complete a corporate sale, merger, reorganization, sale of assets, dissolution,
      investment, or similar corporate event where we expect that your personal information will be part
      of the transferred assets; and
    • Otherwise, with your consent.

We will take reasonable measures (e.g., by contract) to require that any party receiving any of your personal
information from us, including for purposes of providing the Services, undertakes to: (i) retain and use such
information only for the purposes set out in this Privacy Policy; (ii) not disclose your personal information
except with your consent, as permitted by applicable law, or as permitted by this Privacy Policy; and (iii)
generally protect the privacy of your Personal Information. Additionally, brokerage and custodial services
are provided through independent third parties that are not affiliated with Gramercy, do not offer investment,
financial, legal or tax advice to Gramercy Clients, and may operate under their own privacy policies.

III.                           User Access and Choice

If the personal information on file for you changes, or if you no longer desire our Services, you may correct
or update it by making the change in your Gramercy Account, or by contacting us under Section XIII
(“Contacting Us”) of this Privacy Policy.

You may manage your receipt of marketing and non-transactional communications by clicking on the
“unsubscribe” hyperlink located on the bottom of any of our marketing emails. Please note that Gramercy
Account holders cannot opt out of receiving transactional e-mails related to their Gramercy Accounts.

We will use commercially reasonable efforts to process such requests in a timely manner. You should be
aware, however, that it is not always possible to completely remove or modify information in our databases.
We will retain and use your information as necessary to comply with our legal and/or regulatory obligations,
resolve disputes, and enforce our agreements.

IV.                           External Websites and Third Parties

Unless explicitly stated otherwise, our Privacy Policy addresses only our use and disclosure of information
we collect from and/or about you in your interactions with Gramercy. If you choose to disclose information
to third parties, the use and disclosure restrictions contained in this Privacy Policy will not apply, as we do
not control the privacy policies of such third parties, nor are we subject to them.

The Services may also contain hyperlinks to other third-party websites or apps (“Other Properties”). We
have no control over the privacy practices or the content of any of our business partners, advertisers,
sponsors, or Other Properties to which we provide hyperlinks. As such, we are not responsible for the
content or the privacy policies of those Other Properties. You should check the applicable third-party privacy
policy and terms of use when visiting any Other Properties.

V.                           Security

We follow commercially reasonable and generally accepted standards to protect the personal information
submitted to us, both during transmission and once we receive it. Please understand, however, that no
method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we
cannot guarantee its absolute security. If you have any questions about security regarding our Services,
please contact us.

VI.                          Children’s Privacy

Our Services are only available to individuals aged 18 or older, and we do not knowingly collect personal
information from any person under the age of 18. If an individual under the age of 18 has provided us with
Personal Information, a parent or guardian of that child may contact us and request that such information
be deleted, and we will endeavor to delete that information from our databases.

VII.                          Do Not Track

As discussed above, third parties such as advertising networks and analytics providers may collect
information about your online activities over time and across different websites when you access or use the
Services. Currently, various browsers offer a “Do Not Track” option, but there is no standard for commercial
websites. At this time, we do not monitor, recognize, or honor any opt-out or do not track mechanisms,
including general web browser “Do Not Track” settings and/or signals.

VIII.                          Notice to Nevada Residents

We do not sell your personal information as defined under Nevada law. Nonetheless, if you are a resident
of Nevada, you have the right to opt-out of the sale of certain personal information to third parties. You can
exercise this right by contacting us under Section XI (“Exercising Your Privacy Rights”) with the subject line
“Nevada Do Not Sell Request” and providing us with your name and the email address associated with
your Gramercy Account.

IX.                          CCPA Notice to California Residents

The CCPA may give California residents (“consumers” or “you”) additional rights regarding their personal
information as set forth in this Section IX of our Privacy Policy. The CCPA does not apply to personal
information of California residents collected, processed, sold or disclosed pursuant to the federal GrammLeach-Bliley Act and its implementing regulations.

Categories of personal information We Collect or Disclose for a Business Purpose. In the preceding
twelve (12) months, we may have collected or disclosed for a business purpose the categories of personal
information set forth in Section I (“The Information We Collect”) of this Privacy Policy.

Business or Commercial Purpose for Collecting Personal Information. In the preceding twelve (12)
months, we may have collected or disclosed for a business purpose your personal information for the
business or commercial purposes set forth in Section II (“Information Use and Sharing”) of this Privacy
Policy.

Categories of Sources from Which personal information is Collected. In the preceding twelve (12)
months, we may have collected personal information about you from the sources identified in Sections I
(“The Information We Collect”) and II (“Information Use and Sharing”) of this Privacy Policy.

Categories of Third Parties with Which We Share Personal Information. In the preceding twelve (12)
months, we may have shared your personal information with the categories of third parties set forth in
Section II (“Information Use and Sharing”) of this Privacy Policy.

Your Information. We do not “sell” your personal information as such term is defined under the CCPA.

Your Rights and Choices. The CCPA provides consumers with specific rights regarding their personal
information which are described below, along with instructions on how to exercise them.

Right to Know. You have the right to request that we disclose certain information to you about our
collection, disclosure, sale and use of your personal information. Once we receive and verify your request,
we will disclose to you the following (to the extent applicable to your request):

    • The specific pieces of personal information we collected about you in the preceding twelve (12)
      months;
    • The categories of personal information that we have collected about you in the preceding 12
      months;
    • Categories of personal information that we disclosed or sold for a Business Purpose in the
      preceding 12 months;
    • The categories of sources from which we have collected this Personal Information,
    • The commercial or business reason(s) for having collected, used, disclosed, or sold that personal
      information; and
    • The categories of third parties to whom we have disclosed or sold your personal information in the
      preceding 12 months.

You may exercise this right up to two times in any 12-month period.

Right to Request Deletion. You may also have the right to request deletion of your personal information.
We will honor such request, but might not be able to fulfill your request if we (or our service providers) are
required to retain your personal information. Examples of such exceptions are:

    • Completing a transaction or performing a contract we have with you;
    • Detecting and addressing data security incidents, and repairing or upkeep of our IT systems;
    • Protecting against fraud or other illegal activity;
    • Complying with applicable law or a legal obligation, or to exercise rights under the law (e.g. the
      right to free speech); or
    • Using your personal information internally to improve our services.

Exercising Your Privacy Rights. To exercise your CCPA rights, please submit a verifiable consumer
request to us under Section XI with the subject line: “CCPA Rights Request” and providing us with your
name and the email address associated with your Gramercy Account.

What we need to know to fulfill your request. The verifiable consumer request must: (i) provide sufficient
information that allows us to reasonably verify you are the person about whom we collected personal
information or an authorized representative; and (ii) describe your request with sufficient detail that allows
us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you
with personal information if we cannot verify your identity or authority to make the request and confirm the
personal information related to you. Making a verifiable consumer request does not require you to create a
Gramercy Account

How you will hear back from us. We will confirm receipt of a verifiable consumer request within then (10)
business days of its receipt. We will endeavor to respond to a verifiable consumer request within forty-five
(45) calendar days of its receipt. If we require more time, we will notify you of the extension and provide an
explanation of the reason for the extension in writing, and we will provide you with a response no later than
ninety (90) calendar days of receipt of the request. If you have a Gramercy Account, we will deliver our
written response to that account. If you do not have a Gramercy Account, we will deliver our written
response by mail or electronically, at your option. The response we provide will also explain the reasons
we cannot comply with a request, if applicable. For data portability requests, we will select a format to
provide your personal information that is readily useable and should allow you to transmit the information
from one entity to another entity without hindrance. We may charge a reasonable fee to process or respond
to your verifiable consumer requests if they are excessive, repetitive, or manifestly unfounded. If we
determine that the request warrants a fee, we will inform you of the reasons for this decision and provide
you with a cost estimate before completing your request.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
We will not (i) deny you Services; (ii) charge you different prices or rates for Services, including through
granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of
Services; or (iv) suggest that you may receive a different price, rate or quality of Services.

Right to Designate an Authorized Agent. If you submit a request to know or delete your personal
information through the use of an authorized agent, we may require that you (i) provide the authorized agent
written permission to act on your behalf, and (ii) verify their identity directly with us. We may deny a request
from an authorized agent that does not submit proof of authorization.

Other California Privacy Rights. Under California’s “Shine the Light” law (Civil Code Section § 1798.83),
California residents have the right to request certain information regarding our disclosure of personal
information to third parties for their direct marketing purposes, including the names and addresses of those
third parties, and examples of the types of services or products marketed by those third parties.

X.                         GDPR Notice to European Individuals

The General Data Protection Regulation (“GDPR”) may give natural persons located in the European Union,
Lichtenstein, Norway, or Iceland (the “European Economic Area” or “EEA”), the United Kingdom or
Switzerland (collectively, “European Individuals”) additional rights regarding their personal data as set forth
in this Section X of our Privacy Policy. Under the GDPR, “Personal Data” generally means information that
can be used to identify a natural person, and “processing” generally refers to actions that can be performed
on data such as its collection, use, storage or disclosure.

Gramercy will usually be the controller of your Personal Data processed in connection with the Services.

Types of Personal Data we Collect. We currently collect and otherwise process the kinds of Personal
Data listed in Section I (“The Information We Collect”) of this Privacy Policy.

How we Receive Personal Data and the Purpose(s) of Processing. We collect and receive Personal
Data in the ways and for the purposes listed in Section I (“The Information We Collect”) and Section II
(“Information Use and Sharing”) of this Privacy Policy. We will only process your Personal Data if we have
a lawful basis for doing so. Under the GDPR, the lawful bases we rely on for processing this information
are:

Your Consent. In some cases, we process Personal Data based on the consent you expressly grant to
us at the time we collect such data. When we process Personal Data based on your consent, it will be
expressly indicated to you at the point and time of collection. You can remove your consent at any time.
You can do this by contacting us as set forth in Section XIII (“Contacting Us”) of this Privacy Policy with the
subject line “GDPR Request.”

We Have a Contractual Obligation. We process certain categories of Personal Data as a matter of
“contractual necessity”, meaning that we need to process the data to perform our contractual obligations to
you, which enables us to provide you with the Services. When we process data due to contractual necessity,
failure to provide such Personal Data will result in your inability to use some or all portions of the Services
that require such data. These categories of Personal Data are set forth in Section I (“The Information We
Collect”) of this Privacy Policy.

We Have a Legitimate Interest. We process the following categories of Personal Data when we believe it
furthers the legitimate interest of us or third parties:

    • Contact information and additional information about you
    • Device/IP/Usage Data
    • Information about your interactions with the Services
    • Geolocation Data

Our legitimate interests are:

  • Information Security: We process contact information, the information collected through Tracking
    Technologies, and when you use the Services in order to maintain an audit log of activities
    performed. We use this information pursuant to our legitimate interests in tracking usage,
    combating DDOS or other cyberattacks, and removing or defending against malicious individuals
    or programs.
  • Operation and Improvement of our Services: We process server log information and information
    collected through Tracking Technologies pursuant to our legitimate interest in operating and
    improving our Services.
  • Audience Measurement and Retargeting: Pursuant to your consent, we use analytics cookies and
    Tracking Technologies, and collect identifiers for purposes of audience measurement, analytics,
    audience reaction to the Services, and creating relevant user experiences.
  • General Business Development and Management: We process Personal Data pursuant to our
    legitimate interest in creating and managing our business relationships with European Individuals,
    including without limitation:
    o To respond to inquiries from European Individuals;
    o To assist European Individuals with any issues while using the Services;
  • Protection of Rights: We may also Process Personal Data to respond to claims of violation of third
    party rights or to enforce and protect our rights.

We Have a Legal Obligation. We may be required to disclose Personal Data in response to lawful
requests by public authorities, including for the purpose of meeting national security or law enforcement
requirements. We may also disclose Personal Data to other third parties when compelled to do so by
government authorities or required by law or regulation including, but not limited to, in response to court
orders and subpoenas.

How we Share Your Personal Data. Section II (“Information Use and Sharing”) of this Privacy Policy
explains how and why we share your Personal Data with third parties.

How we Store and Protect Your Personal Data. We use commercially reasonable administrative,
technical, and physical safeguards to protect your Personal Data from loss, misuse, and unauthorized
access, disclosure, alteration, or destruction, for which we take into account the nature of the Personal
Data, its processing, and the threats posed to it. Unfortunately, no data transmission or storage system can
be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no
longer secure, please immediately notify us via email at [email protected].

We retain your Personal Data for as long as needed to fulfill the purposes for which we obtained it, as
further described in this Privacy Policy. We will only keep your Personal Data for as long as allowed or
required by law.

Your Data Protection Rights. You have certain rights with respect to your Personal Data, including those
set forth below. You are not required to pay any charge for exercising your rights. If you make a request,
we have one month to respond to you. Please note that in some circumstances, we may not be able to fully
comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of
others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a
decision. In some cases, we may need additional time to comply, or ask you to provide us with additional
information, which may include Personal Data, if necessary to verify your identity and the nature of your
request.

    • Right of access: You can request more information about the Personal Data we hold about you
      and request a copy of such Personal Data. If you have a Gramercy Account, you can also access
      certain of your Personal Data by logging in to your account.
    • Right to rectification: If you believe that any Personal Data we are holding about you is incorrect
      or incomplete, you can request that we correct or supplement such data. If you have a Gramercy
      Account, you can also correct some of this information (for example, email address) directly by
      logging in to your account.
    • Right to erasure: You can request that we erase some or all of your Personal Data from our
      systems.
    • Right to restriction of processing: You have the right to ask us to restrict the processing of your
      Personal Data.
    • Right to object to processing: You have the the right to object to the processing of your Personal
      Data in certain circumstances.
    • Right to data portability: You can ask for a copy of your Personal Data in a machine-readable
      format. You can also request that we transmit the data to another controller where technically
      feasible.
    • Right to withdraw consent: If we are processing your Personal Data based on your consent (as
      indicated at the time of collection of such data), you have the right to withdraw your consent at any
      time. Please note, however, that if you exercise this right, you may have to then provide express
      consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such
      use or disclosure is necessary to enable you to utilize some or all of the Services.
    • Objecting to Legitimate Interest/Direct Marketing: You may object to Personal Data processed
      pursuant to our legitimate interest. In such case, we will no longer process your Personal Data
      unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if
      needed for the establishment, exercise, or defense of legal claims. You may also object at any time
      to processing of your Personal Data for direct marketing purposes by clicking “Unsubscribe” within
      an automated marketing email or by submitting your request to [insert email] with the subject line
      “GDPR Request.” In such case, your Personal Data will no longer be used for that purpose

Exercising Your Privacy Rights. To exercise your GDPR rights, please submit a request to us under
Section XI (“Exercising Your Privacy Rights”) with the subject line: “GDPR Rights Request” and providing
us with your name and the email address associated with your Gramercy Account.

How to Complain. If you have any concerns about our use of your Personal Data, you can make a
complaint to us under Section XIII (“Contacting Us”) with the subject line “GDPR Request.”

You also have the right to lodge a complaint about the processing of your Personal Data with a supervisory
authority of the European state where you work or live or where any alleged infringement of data protection
laws occurred. A list of most of the supervisory authorities can be found here:
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

UK Representative. Our representative in the UK (identified below) is available to answer any questions
and assist in exercising your privacy rights under Section XI.

UK Representative:
Gramercy Ltd.
48 Dover Street
London, England W1S, 4FF
Attn: Philip Max Meier
Phone: 011-44-203-808-9821
Email: [email protected]

Corporate Restructuring. In the event of a merger, reorganization, dissolution, or similar corporate event,
or the sale of all or substantially all of our assets, the information that we have collected, including Personal
Data, may be transferred to the surviving or acquiring entity. All such transfers shall be subject to our
commitments with respect to the privacy and confidentiality of such Personal Data as set forth in this GDPR
Notice.

Transfers of Personal Data. The Services are hosted and operated in the United States (“U.S.”) through
Gramercy and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from
the laws where you reside. By using the Services, you acknowledge that any Personal Data about you,
regardless of whether provided by you or obtained from a third party, is being provided to Gramercy in the
U.S. and will be hosted on U.S. servers, and you authorize Gramercy to transfer, store and process your
information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data
to the U.S. pursuant to an appropriate data processing agreement incorporating the modernized standard
contractual clauses for the transfer of Personal Data to third countries promulgated by the European
Commission on 4 June 2021, a copy of which can be obtained at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en, or
another data transfer mechanism approved pursuant to the GDPR.

XI.                         Exercising Your Privacy Rights

To exercise your rights described in Sections VIII (Nevada Residents), IX (California Residents), or X
(EEA/UK), please submit a request to us by either: submitting your request by email to:
[email protected]; or by calling our Toll Free number 800-610-6192. GDPR Rights Requests may
also be submitted to the applicable Representative located in the EU or the UK as set forth in Section X.

XII.                         Changes to this Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may update this
Privacy Policy from time to time without notice to you. We will indicate at the top of this Privacy Policy when
it was most recently updated, and we encourage you to revisit this page periodically to stay aware of any
changes. By accessing the Services after we change this Privacy Policy, you are deemed to have accepted
such changes.

XIII.                         Contacting Us

If you have any questions about our Privacy Policy, our privacy practices, or if you would like to exercise
your rights and choices, please contact us as set forth below:

Gramercy Funds Management LLC
Toll Free Number 800-610-6192
Email: [email protected]

Postal address:
Gramercy Funds Management LLC
Attn: Lacie Smith
Partner, Head of Investor Relations
Gramercy
20 Dayton Avenue
Greenwich, CT 06830
Email: [email protected]
Tel. (203) 552-1928
Fax: (203) 552-190