Maddition Consumer Protection and Information and Data Security Policy

At Maddition and our related entities (Gembot Limited and Gembroker New Zealand Limited), we are committed to protecting our clients' interests and ensuring that our investment services and platform are safe, reliable, and secure. We strive to maintain the highest standards of consumer, information and data protection and regulatory compliance. This policy outlines our commitment to consumer, information and data protection and the procedures we have in place to achieve this.

Please note that Maddition is a holding company and does not directly offer any services to consumers, however is the ultimate beneficiary of our subsidiaries which are Gembot Limited and Gembroker New Zealand Limited.

We are committed to providing clear, accurate, and timely information to our clients about our products and services. We will disclose information about the risks associated with investing, the fees and charges that apply, and any conflicts of interest. We will ensure that the information is presented in plain language and is easily accessible to our clients.

We comply with the Financial Markets Authority (FMA) requirements to provide financial services in New Zealand. We maintain appropriate systems and controls to manage risks and protect consumers. We will cooperate with the FMA and other regulatory authorities in all matters related to consumer protection.

We have policies and procedures in place to prevent our services from being used for money laundering or terrorism financing. We will conduct customer due diligence, including verifying the identity of clients and assessing their risk profile. We will monitor transactions and report suspicious activity to the relevant authorities.

We have a process for resolving disputes with clients, including internal dispute resolution procedures and access to external dispute resolution schemes. We will provide clear information to clients about their rights and options for resolving disputes and will respond to complaints in a timely and effective manner. We will cooperate with external dispute resolution schemes to ensure that disputes are resolved fairly.

We will hold client money in a separate account on trust to protect it to comply with the Financial Market Conduct Act broker obligations which are there to ensure client funds remain segregated and secure from day to day operations or an insolvency event. We will maintain appropriate systems and controls to ensure that client money is properly accounted for and independently audited. To ensure we have good conduct with clients we will provide regular statements and transparently communicate where any fees or conflicts may apply.

We will provide ongoing disclosure to our clients, including regular statements and reports on the performance of their investments. We will provide clear and understandable information about the fees and charges that apply and will disclose any material changes that may affect the client's investment. Clients will be informed of their rights to access their information and make changes to their investments as necessary.

We will implement robust information security measures to protect the confidentiality, integrity, and availability of customer data. This includes:

• Data encryption: Sensitive data such as customer information and financial transactions will be encrypted both in transit and at rest.
• Access controls: Access to customer data will be restricted to authorized personnel only. We will implement strong authentication mechanisms and role-based access controls.
• Network security: We will have a secure network architecture that includes firewalls, intrusion detection and prevention systems, and regular vulnerability assessments and penetration testing.
• Incident response: We will have an incident response plan in place to quickly detect, respond to, and recover from security incidents. This will include procedures for notifying clients and regulatory authorities in the event of a breach.
• Physical security: We will secure our physical infrastructure with access controls, surveillance, and environmental controls to protect against theft, damage, or unauthorized access.
• Employee training: We will provide regular training to our employees on information security best practices and the importance of safeguarding customer data. We will conduct background checks on all employees who have access to customer data.
• Vendor management: We will ensure that our vendors and third-party service providers comply with our information security policies and procedures. We will conduct due diligence on all vendors and regularly monitor their security controls.

We will regularly review and update our consumer protection and information security policies and procedures to ensure that they remain effective and in line with best practices. We will provide regular training to our employees on these policies and procedures and ensure that all stakeholders, including clients and regulators, are aware of our commitment to consumer protection and information security.

All internal stakeholders are required to sign off on this Consumer Protection and Information and Data Security Policy Statement to acknowledge their commitment to maintaining the highest standards of consumer protection and information security.