LEGAL NOTICE

PRIVACY POLICY

Background

The European Union (“EU”) adopted Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), which takes effect as of May 25, 2018 and aims to provide a standardized approach to protecting the Personal Data of EU residents. Switzerland adopted, as amended from time to time, the Swiss Federal Data Protection Act (“SFDPA”) and the Data Protection Ordinance (“DPO”), which regulate all acts of Personal Data processing. In accordance with Article 4 of the GDPR, and the SFDPA and DPO, “Personal Data” includes any information relating to an identified or identifiable natural person. The GDPR, SFDPA and DPO allow the transfer of Personal Data only to countries that have data protection laws deemed “adequate” under the respective legal frameworks.

Policy Applicability and Enforcement Authority

This Privacy Policy (“Policy”) covers Complete Discovery Source Inc.’s (“CDS” or “we”) collection, use and retention of Personal Data provided by those who access and use (individually, a “user” and collectively, “users”) the CDSLegal.com website (the “Site”), and those whose Personal Data CDS transfers from EU member countries, the United Kingdom (“UK”) and Switzerland to the United States. The Federal Trade Commission has jurisdiction over CDS’ compliance with this Policy.

Business of CDS

CDS provides electronic discovery support services to law firms, corporate clients and government agencies that are parties to various types of litigation, investigations and regulatory proceedings. All data CDS collects is kept pursuant to strict privacy, confidentiality and security protocols. It is CDS’ practice to enter into confidentiality and security agreements to protect data, including Personal Data, received in connection with all client engagements.

Privacy Practices

Subsequent to the exit of the UK from the EU, CDS intends to continue to transfer Personal Data from the EU and the European Economic Area (“EEA”) to the UK. For transfers from the EU or the EEA to the UK, CDS will rely on the European Commission Standard Contractual Clauses. When CDS’ services involve the transfer of personal data out of the EU/EEA, the UK or Switzerland to a jurisdiction that is not the object of an EU or Swiss “adequacy” decision, as applicable, then CDS will also rely on the European Commission Standard Contractual Clauses (with the necessary amendments to the European Commission Standard Contractual Clauses for Switzerland).

In order to operate our business efficiently, CDS may store and process transferred personal data in the United States, the EU, the UK, Switzerland and/or any other country where our partners maintain facilities and/or our clients maintain Personal Data. CDS will only do so as long as those partners and/or clients transfer Personal Data via a valid legal mechanism such as the European Commission Standard Contractual Clauses (with the necessary amendments to the European Commission Standard Contractual Clauses for Swiss personal data transfers), which commit them to similar data protection standards as in the EU, the UK and Switzerland, as applicable.

CDS’s Collection and Disclosure of Personal Data from EU and Swiss Residents in Relation Site Use and Services Provision

EU and Swiss users may interact with the Site without disclosing any Personal Data to CDS.  When an EU or Swiss user enters the Site, a notice appears seeking the user’s consent for CDS to enable “cookies” (i.e., small files that reside on the user’s computer or other digital device which CDS uses to track the volume of users visiting the Site and to tailor its marketing efforts based on the portions of the Site users visit).  If the EU or Swiss user either does not consent to CDS’s use of cookies, or the EU or Swiss user simply continues to navigate the Site, CDS will not collect any data, including Personal Data, from that user.

CDS may require certain Personal Data, including a user’s name, business address, and business e-mail or business telephone details when a user (i) chooses to send CDS a message via the Site or (ii) seeks to download information contained in the Site (e.g., a whitepaper).  CDS subscribes to the following privacy practices in connection with these two scenarios:

• CDS may utilize the Personal Data a user voluntarily provides to market its products and services to the user via e-mail, but such users have the right to discontinue receiving marketing e-mail from CDS at any time
• CDS has strict policies in place to protect the security, confidentiality and integrity of all user Personal Data we receive
• CDS does not share or sell user information, including Personal Data, to third parties
• CDS does not automatically log Personal Data from users of the Site
• CDS does not collect information about users of the Site, including Personal Data, from third-party sources

CDS may collect EU or Swiss residents’ Personal Data during the course of providing electronic discovery support services to clients under the European Commission Standard Contractual Clauses.  Types of Personal Data CDS may collect include names, mailing and e-mail addresses, identification numbers, and data related to an individual’s physical, physiological, mental, economic, political, religious, cultural or social identity.

CDS limits disclosure of Personal Data to employees and partners that have a specific business purpose for collecting, maintaining and processing such Personal Data.  CDS may disclose Personal Data as required by law, regulation or the rules of practice of a governmental or quasi-governmental body.  CDS may also disclose Personal Data to law enforcement officials in response to a lawful request made pursuant to national security interests or law enforcement requirements. Though we do not currently anticipate a change in our ownership, in the event of a sale of the company or a significant portion of its assets, CDS may disclose or transfer Personal Data to a purchasing party under the European Commission Standard Contractual Clauses.

CDS acknowledges its potential liability in cases of its Onward Transfer of Personal Data to third parties that do not meet the criteria set forth in the immediately preceding paragraph.

Limitations on Use and Disclosure of Personal Data

CDS limits access to Personal Data to those persons in CDS’ organization, or agents of CDS, that have a specific business purpose for maintaining and processing such Personal Data. Individuals who have been granted access to Personal Data are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so. CDS takes appropriate measures to protect Personal Data against loss, misuse and unauthorized access.

Inquiries and Complaints

In compliance with applicable law, CDS commits to respond to inquiries and resolve complaints about your privacy and our collection or use of your Personal Data. Note that you have the right to access, correct or delete your Personal Data processed by CDS.  Any EU resident or Swiss resident with inquiries or complaints regarding this Policy and/or his or her Personal Data should first contact the following CDS representative:

Dino E. Medina, Esq.

General Counsel
Phone: 1-212-813-7000
E-mail:

If you believe that your rights have not been respected, then you are also entitled to make a complaint to the Supervisory Authority or Personal Data Protection Authority in your country to ask them for a resolution. No monetary damages, costs, fees, or other economic remedies are available, and each party bears its own attorney’s fees.

Amendments to this Privacy Policy

CDS may amend this Policy from time-to-time by posting a revised Policy on the Site, which is located at https://cdslegal.com. CDS will only amend this Policy in a manner consistent with applicable law. This Policy was updated on July 12, 2021.

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

Background

This Privacy Notice for California Residents (“Notice”) supplements the information contained in the “Privacy Policy” tab of Complete Discovery Source, Inc’s (“CDS” or “we”) website (the “Site”). The Notice applies to all users of the Site who reside in the State of California (”consumers” or “you”). CDS adopts this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (“CPRA”).

CDS’ Collection of Personal Information

The Site may collect “personal information,” which is defined in the CCPA, as information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household (”personal information”). Below is a chart setting forth the various types of personal information and whether CDS, through the Site, has collected such information from users of the Site within the last twelve (12) months.

Personal information does not include:

• Publicly available information from government records
• De-identified or aggregated consumer information
• Information excluded from the scope of the CCPA, including:
  • Health-related information under the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act; and
  • Personal information subject to the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994

Use and Disclosure of Personal Information

CDS may use or disclose the personal information it collects as follows:

• If a user of the Site chooses to send CDS a message via the Site regarding CDS’ services or products, CDS will use the personal information supplied to respond to the message. Similarly, if a user of the Site seeks to download information contained in the
• Site (e.g., a whitepaper), CDS will use the personal information supplied to fulfill the request.
• CDS may disclose personal information as required by law, regulation or the rules of practice of a governmental or quasi-governmental body. CDS may also disclose personal information to law enforcement officials in response to a lawful request. Though we do not currently anticipate a change in our ownership, in the event of the sale of the company or a significant portion of its assets, CDS may disclose or transfer personal information to a purchasing party.
• CDS may, with user consent, use “cookies” (i.e., small files that reside on the user’s computer or other digital device), to tailor its marketing efforts based on the portions of the Site the user visits.
• CDS may use personal information as otherwise set forth in the CCPA.

Sales of Personal Information

CDS does not sell personal information under any circumstances.

Sharing of Personal Information

CDS may disclose personal information to a third party in connection with a valid business purpose. In the event CDS discloses personal information to a third party for a business purpose, CDS will put a contract in place with the third party (i) describing the business purpose, (ii) stating that the third party will only use the personal information for the business purpose described, (iii) requiring the third party to maintain the confidentiality of the personal information, and (iv) stating that the third party is prohibited from selling the personal information; (v) stating that the third party is prohibited from re-identifying any personal information that has been de-identified. In the preceding twelve (12) months, CDS has not disclosed personal information in connection with a business purpose.

Your CCPA/CPRA Rights and Choices

As a consumer in the state of California, you have certain rights and choices regarding your personal information. , California consumers have a right to: (1) request access, correction, and deletion of their personal information; (2) opt out of the sale or sharing of their personal information; and (3) not be discriminated against for exercising one of their California privacy rights.

Your Right to Access Personal Information and to Data Portability

You have the right to request that CDS disclose certain information to you about its collection and use of your personal information over the past twelve (12) months. Once CDS receives your request, and verifies your identity, CDS will inform you of:

• The categories of personal information CDS has collected about you
• The categories of sources for the personal information CDS has collected about you
• CDS’ business purpose for collecting your personal information
• The categories of third parties with whom we share that personal information
• The specific pieces of personal information we collected about you
• Whether CDS has disclosed your personal information for a business purpose and, if so, inform you of the personal information categories that each category of recipient received

Your Right to Request Correction or Deletion

Subject to certain exceptions, you have the right to request that CDS delete any of your personal information CDS has collected and retained. Additionally, you have the right to request the correction of any personal information that CDS has collected and retained. Upon receipt and confirmation of your identity, CDS will delete (and ensure that any third parties to whom CDS has disclosed your personal information delete) your personal information from CDS’ records or make corrections to any of your personal information per your instructions.

CDS may deny your request for deletion if retaining the personal information is necessary for CDS (or any third party with whom CDS has shared your personal information) to:

• Comply with a legal mandate
• Provide the service you have requested, but only until such time as the service is complete
• Investigate security incidents, malicious activity, deceptive activity, fraudulent activity, and illegal activity, including the prosecution of any person(s) responsible for the activity
• Exercise any rights, or ensure the rights of another consumer, provided for by law, including the right of free speech
• Comply with the California Electronic Communications Privacy Act (CalECPA, SB 178)
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest (provided that such research adheres to all other applicable laws and ethical mandates) when (i) deletion of the personal information could seriously impair or likely render impossible the research, and (ii) you previously provided informed consent to participate
• Based on your relationship with CDS, make internal uses of the personal information which are reasonably aligned with your consumer expectations
• Make other internal and lawful uses of the personal information which are consistent with the context in which you provided the information

Exercising Your Access, Data Portability and Deletion or Correction Rights

To exercise your access, data portability and deletion or correction rights set forth above, please submit a verifiable consumer request to CDS by sending CDS a message on our website. Only you, or a person registered with the California Secretary of State whom you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

In order to respond to your request, CDS must be able to verify your identity / authority to make the request. CDS must also verify that the personal information about which you inquire relates to you. CDS will only use your personal information submitted in connection with a verifiable consumer request to authenticate the identity of the requestor or, if applicable, your authority to make the request on behalf of another.

Response Timing and Format

CDS strives to respond to all verifiable consumer requests within forty-five (45) days of receipt of a valid request. Should CDS require additional time to respond to your valid consumer request (which will not exceed 90 days), CDS will inform you of the reason and extension period in writing. At your preference, CDS will provide a written response to your valid consumer request via physical mail or e-mail. Any disclosures CDS provides will (i) be limited to your personal information CDS receives in the twelve- (12) month period preceding your request, and (ii) set forth the reason(s) CDS is unable to comply with the request, if applicable. For any data portability requests, CDS will provide the personal information in a readily usable format to allow you to transmit the information from one entity to another.

CDS does not charge a fee to process your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If CDS determines your request warrants a fee, CDS will, in writing, explain why CDS is charging a fee and include an estimate of the fee prior to processing your request.

Non-Discrimination

CDS will not discriminate against you for exercising any right(s) you have under the CCPA or the CPRA. Unless the CCPA/CPRA specifically permits it, CDS will not:

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
• Deny you goods or services
• Provide you a different level or quality of goods or services, or charge you a different price / rate for our goods and services

CDS may offer you certain financial incentives permitted by the CCPA, which may result in different prices, rates, or quality levels for CDS’ goods and services. Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information and contain written terms describing the pertinent characteristics of the incentive. The CCPA requires your consent (i.e., opt-in) to participate in a financial incentive program, which consent you have a right to revoke at any time.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Site that are California residents to request a list of all third parties to whom CDS has disclosed Personal Data during the preceding year for direct marketing purposes. Alternatively, the law provides that if a company has a privacy policy that gives either an opt-out or opt-in choice for use of your Personal Data by third parties (such as advertisers) for marketing purposes, the company may instead provide you with information on how to exercise your options. CDS has a comprehensive Notice and provides you with details on how you may opt-out of the use of your Personal Data by third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of third parties that received your Personal Data for marketing purposes during the preceding year. To make such a request, please send CDS an e-mail through the Site or write to CDS at the address of its headquarters listed on the Site.

Amendments to this Privacy Notice

CDS may amend this Notice from time-to-time by posting a revised Notice on the Site, which is located at https://cdslegal.com. CDS will only amend this Notice in a manner consistent with the requirements of California law. When CDS amends this Notice, we will post the updated notice to the Site and update the effective date of the Notice. Your continued use of the amended Site constitutes your acceptance of any updates made. This Notice was updated on June 28, 2023.

Inquiries

Should you wish to communicate with CDS about the contents of this Notice, the ways in which CDS collects and uses your personal information, your choices and rights regarding such collection and use, or your desire to exercise rights under California law, please contact the following CDS representative:

Dino E. Medina, Esq.
General Counsel
250 Park Avenue, Floor 18
New York, NY 10177
Phone (toll free): 855-813-0700
E-mail:

ANTI-SLAVERY POLICY STATEMENT

Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person’s liberty by another in order to exploit them for personal or commercial gain. The Company has a zero-tolerance approach to modern slavery, and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains. We are also committed to ensuring there is transparency in our own business and in our approach to tackling modern slavery throughout our supply chains, consistent with our disclosure obligations under the Modern Slavery Act 2015. We expect the same high standards from all of our contractors, suppliers and other business partners, and as part of our contracting processes, in the coming year we will include specific prohibitions against the use of forced, compulsory or trafficked labour, or anyone held in slavery or servitude, whether adults or children, and we expect that our suppliers will hold their own suppliers to the same high standards. This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners. This policy does not form part of any employee’s contract of employment and we may amend it at any time.

Our recruitment and human resource management processes are designed to ensure that all prospective employees are legally entitled to work in the UK and are subject to a Disclosure and Barring Service (DBS) check.

We do not enter into business with any organisation, in the UK or abroad, which knowingly supports or is found to be involved in slavery, servitude, or forced or compulsory labour.

Responsibility for the policy
The Company has overall responsibility for ensuring this policy complies with our legal and ethical obligations, and that all those under our control comply with it. The Company has primary and day-to-day responsibility for implementing this policy, monitoring its use and effectiveness, dealing with any queries about it, and auditing internal control systems and procedures to ensure they are effective in countering modern slavery. Management at all levels are responsible for ensuring those reporting to them understand and comply with this policy and are given adequate and regular training on it and the issue of modern slavery in supply chains. You are invited to comment on this policy and suggest ways in which it might be improved. Comments, suggestions and queries are encouraged and should be addressed to the HR Manager.

Compliance with the policy
You must ensure that you read, understand and comply with this policy. The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the responsibility of all those working for us or under our control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy. You must notify your manager or the HR Manager as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. You are encouraged to raise concerns about any issue or suspicion of modern slavery in any parts of our business or supply chains of any supplier tier at the earliest possible stage. If you believe or suspect a breach of this policy has occurred or that it may occur, you must notify your manager or the HR Manager as soon as possible. You should note that where appropriate, and with the welfare and safety of local workers as a priority, we will give support and guidance to our suppliers to help them address coercive, abusive and exploitative work practices in their own business and supply chains. If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chains constitutes any of the various forms of modern slavery, raise it with your manager or the HR Manager. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in any of our supply chains. Detrimental treatment includes dismissal, disciplinary action, threats or other unfavourable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the HR Manager immediately. If the matter is not remedied, and you are an employee, you should raise it formally using our Grievance Procedure.

Communication & awareness of this policy
Training on this policy, and on the risk our business faces from modern slavery in its supply chains, forms part of the induction process for all individuals who work for us, and updates will be provided using established methods of communication between the business and you. Our zero-tolerance approach to modern slavery must be communicated to all suppliers, contractors and business partners at the outset of our business relationship with them and reinforced as appropriate thereafter.

Breaches of this policy
Any employee who breaches this policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct. We may terminate our relationship with other individuals and organisations working on our behalf if they breach this policy.

Current action
We aim to take the following steps over the course of the next financial year ending December 2026:
• Check CDS’ main technology supplier, Relativity ODA LLC, to understand and confirm its commitment and adherence, respectively, to the Modern Slavery Act 2015

This policy has been approved by Anita Ramnarayan, Chief Financial Officer, for the financial year ending 31 December 2026 and will be reviewed and updated annually.

CARBON REDUCTION PLAN 2025

Meeting the Reporting Requirements

This Carbon Reduction Plan complies with PPN 06/21, as published by the Cabinet Office in June 2021. This document will be reviewed and updated annually in accordance with industry standards and regulatory requirements.

Baseline Carbon Emissions

Baseline year: 2025
Additional details: Complete Discovery Source Inc (CDS) is a private limited SME company. While we are not obligated to report our emissions under the Streamlined Energy and Carbon Reporting (SECR) regulations, we are committed to environmental responsibility. To demonstrate this commitment, we began recording our emissions in 2025, which serves as our baseline for measuring and improving our environmental impact.

2025 Carbon Emissions Overview

To ensure transparency and a comprehensive assessment of our environmental impact, we are recording emissions data associated with our office at Regus – Fenchurch Street New London House, London, 6 London Street, EC3R 7LP

In our baseline year, we operated with 7 Full-Time Equivalent (FTE) employees working primarily from our London office. Because we do not control our own utilities, we have applied government-published UK office benchmarks for electricity, gas and water consumption per square metre. Waste emissions have been estimated using the government conversion factors and industry assumptions for office-generated waste.

As our business grows, we anticipate a proportional increase in emissions. This potential rise is factored into our Carbon Reduction Plan, ensuring that we take appropriate measures to mitigate and offset any increases while maintaining our commitment to sustainability.

Emission Reduction Targets

To continue our progress toward achieving Net Zero by 2045, we have adopted an Absolute Contraction Approach to carbon reduction. Our targets are as follows:

• • 2035: Target of 50% Carbon reduction to 4746.40 kg CO2e
  • 2040: Target of 75% Carbon reduction to 2373.20 kg CO2e
  • 2045: Target of 100% Carbon reduction to Net Zero

Carbon reduction projects

The carbon reduction opportunities outlined in this section, once fully implemented, will reduce our GHG emissions annually, aligning with our goal of achieving Net Zero emissions by 2045.

Scope 1 actions
CDS does not own or operate company vehicles and does not combust fuel onsite. As such, no Scope 1 emissions reduction actions are currently applicable. This position will be reviewed should our operating model change in the future.
Scope 2 actions
As CDS leases its office space and does not directly procure electricity or gas, we do not currently have Scope 2 emissions. Where possible, we will engage with our office provider to understand energy efficiency measures in place and support improvements that align with sustainability best practice.
Scope 3 actions
Business Travel and Employee Commuting
As business travel represents the largest proportion of our emissions, the following actions will be prioritised:

• • Reducing non-essential business travel by continuing to make use of virtual meeting platforms where appropriate
  • Encouraging the use of lower-carbon transport options, particularly rail, for domestic and regional travel
  • Continuing to support hybrid and home working arrangements to reduce commuting-related emissions
  • Promoting active travel options, such as walking and cycling, where feasible
  • Reviewing travel data annually to better understand emissions drivers and identify opportunities for further reduction

Office Operations and Resource Use

Although CDS does not directly control office utilities, we will explore the following measures to minimise indirect emissions:

• • Continuing to work towards a largely paperless office environment
  • Encouraging responsible use of office equipment and IT hardware
  • Prioritising sustainable procurement where possible, including durable and energy-efficient equipment
  • Engaging with suppliers and service providers to improve the quality of emissions data over time

Waste Management

• • Maintaining low levels of general waste through reuse and recycling practices
  • Working with office and waste management providers to ensure recycling facilities are available and used effectively
  • Reviewing waste practices periodically to identify opportunities for improvement

Declaration and sign-off

This Carbon Reduction Plan has been completed in accordance with PPN 06/21 and associated guidance and reporting standards for Carbon Reduction Plans.

Emissions have been reported and recorded in accordance with the published reporting standard for Carbon Reduction Plans and the GHG Reporting Protocol corporate standard and use the appropriate government emission conversion factors for GHG company reporting.

Scope 1 and Scope 2 emissions have been reported in accordance with Streamlined Energy and Carbon Reporting (SECR) requirements, and the required subset of Scope 3 emissions have been reported in accordance with the published reporting standard for Carbon Reduction Plans and the Corporate Value Chain (Scope 3) Standard.

This Carbon Reduction Plan has been reviewed and signed off by the Board of Directors on behalf of Complete Discovery Source Inc.: