Privacy

ICRD Group Holdings Website Privacy Policy

Effective date: January 6, 2026

Thank you for visiting the ICRD Group Holdings website (the "Site"), owned and operated by ICRD Group Holdings. At ICRD Group Holdings, we take your privacy seriously. Whether you are visiting the Site as an investor, founder, partner, applicant, or member of the general public, you are entitled to the protection of your personal data. Please read this Privacy Policy to learn how we treat your personal data.

By using or accessing our Site in any manner, you acknowledge that you accept the practices and policies outlined below, and you consent that we will collect, use, and disclose your information as described in this Privacy Policy.

Your use of the Site is at all times subject to our Terms of Use, which incorporate this Privacy Policy. Any terms used in this Privacy Policy without definition have the meanings given to them in the Terms of Use.

You may print a copy of this Privacy Policy using your browser's print function. As we continue to improve our Site, we may update this Privacy Policy from time to time. We will provide notice of material changes by posting the revised Privacy Policy on the Site or by other appropriate means. If you use the Site after changes have been posted, you agree to the updated Privacy Policy.

Privacy Policy Table of Contents

• What this Privacy Policy Covers
• Personal Data
• Categories of Personal Data We Collect
• Our Commercial or Business Purposes for Collecting Personal Data
• Other Permitted Purposes for Processing Personal Data
• Categories of Sources of Personal Data
• How We Disclose Your Personal Data
• Tracking Tools and Opt-Out
• Data Security
• Data Retention
• Personal Data of Children
• Your Rights Under POPIA
• Exercising Your Rights
• Cross-Border Data Transfers
• Contact Information and Information Regulator

What this Privacy Policy Covers

"Personal Data" means any information that identifies or relates to a particular individual and includes information referred to as personally identifiable information, personal information, or sensitive personal information under applicable data privacy laws, rules, or regulations.

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Site. It does not cover the practices of companies we do not own or control, people we do not manage, or entities with whom we have a business, investment, advisory, or partnership relationship, even if you access such entity's website or service through a link on the Site. It also does not apply to information obtained or disclosed in offline correspondence or in connection with a separate contractual, investor, employment, or application process.

If you submit Personal Data through an investor portal, recruitment process, fellowship application, partnership process, or other separate workflow, additional privacy notices may apply at the time that Personal Data is collected.

Personal Data

Categories of Personal Data We Collect

This chart details the categories of Personal Data that we collect and may have collected over the past 12 months.

Our Commercial or Business Purposes for Collecting Personal Data

Providing, Customizing, and Improving the Site

• Providing you with the services or information you request.
• Meeting or fulfilling the reason you provided the information to us.
• Providing support and assistance for the Site.
• Personalizing the Site, website content, and communications based on your preferences.
• Conducting fraud protection, security, and debugging.
• Carrying out other business purposes stated when collecting your Personal Data or as otherwise permitted by applicable privacy laws.

Corresponding with You

• Responding to correspondence that we receive from you.
• Contacting you when necessary or requested.
• Sending you information about ICRD Group Holdings or the Site.
• Sending emails and other communications according to your preferences.

Other Permitted Purposes for Processing Personal Data

Each category of Personal Data referenced above may be collected, used, and disclosed with government authorities, including law enforcement, or other parties to meet legal requirements and enforce legal terms. This may include fulfilling our legal obligations under applicable law, regulation, court order, or other legal process; preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property, or safety of you, ICRD Group Holdings, or another party; enforcing agreements; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

We will not collect additional categories of Personal Data or use Personal Data we collected for materially different, unrelated, or incompatible purposes without providing notice.

Categories of Sources of Personal Data

You

• When you provide information directly to us.
• When you use interactive tools, forms, or other features of the Site.
• When you voluntarily provide information in free-form text boxes or through responses to surveys or questionnaires.
• When you send us an email or otherwise contact us.
• When you use the Site and information is collected automatically, including through Cookies.

Third Parties and Vendors

We may use analytics providers and other vendors to help us understand how visitors interact with the Site, provide technical support, host the Site, or perform business functions on our behalf.

How We Disclose Your Personal Data

We disclose your Personal Data to service providers and other parties listed in this section. Depending on applicable state laws, some disclosures may constitute a "sale" or "sharing" of Personal Data.

Service Providers

These parties help us provide the Site or perform business functions on our behalf, including hosting, technology, communications, security, fraud prevention, and analytics providers.

Business Partners

These parties partner with us in offering services or evaluating opportunities, including businesses or entities with which you have a relationship.

Parties You Authorize, Access, or Authenticate

We may disclose information to parties that you authorize us to contact or with whom you choose to interact.

Legal Obligations

We may disclose Personal Data with third parties in connection with the activities described under "Other Permitted Purposes for Processing Personal Data" above.

Business Transfers

Personal Data may be transferred to a third party if we undergo a merger, acquisition, financing, reorganization, bankruptcy, or other transaction in which that third party assumes control of all or part of our business.

Data that is Not Personal Data

We may create aggregated, de-identified, or anonymized data from Personal Data we collect. We may use and disclose such data for lawful business purposes, including to analyze, build, improve, and promote the Site, provided that we do not disclose such data in a manner that could identify you.

Tracking Tools and Opt-Out

The Site may use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, "Cookies") to recognize your browser, understand how and when you visit and use the Site, analyze trends, learn about our user base, and operate and improve the Site. Cookies are small pieces of data placed on your computer, tablet, phone, or similar device when you access the Site.

Please note that the Site does not support "Do Not Track" requests sent from a browser at this time.

Essential Cookies

Essential Cookies are required for features or services you request. Disabling these Cookies may make certain features unavailable.

Functional Cookies

Functional Cookies record choices and settings, maintain preferences, and help us recognize you when you return to the Site.

Performance and Analytical Cookies

Performance and analytical Cookies help us understand how visitors use the Site, measure performance, and improve website content. Analytics providers may use Cookies subject to their own terms and privacy policies.

You can decide whether to accept Cookies through your browser settings. Most browsers allow you to turn off Cookies or delete Cookies already on your device. If you do so, some Site features may not work properly.

Data Security

We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we process it. No method of transmitting data over the internet or storing data is completely secure.

Data Retention

We retain Personal Data for as long as necessary to provide the Site, perform our business or commercial purposes, comply with legal obligations, resolve disputes, enforce agreements, or as otherwise permitted or required by applicable law. We may retain information in anonymous or aggregated form where that information would not identify you personally.

Personal Data of Children

We do not knowingly collect or solicit Personal Data from children under 13 years of age. If you are under 13, please do not use the Site or send us Personal Data. If we learn that we have collected Personal Data from a child under 13, we will delete that information as quickly as possible.

Your Rights Under POPIA

ICRD Group Holdings is committed to compliance with the Protection of Personal Information Act, 4 of 2013 ("POPIA"), the primary data protection legislation of the Republic of South Africa. POPIA governs the lawful processing of personal information and grants data subjects (individuals whose personal information we hold) a range of rights.

Right of Access

You may request confirmation of whether we hold Personal Data about you and, if so, request access to that information, including the categories collected, the purposes for processing, and any third parties to whom it has been disclosed.

Right to Correction or Deletion

You may request that we correct inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained Personal Data. You may also request deletion of Personal Data where POPIA or other applicable law permits.

Right to Object

You may object, on reasonable grounds, to the processing of your Personal Data. We will consider your objection and cease processing unless we can demonstrate a lawful basis that overrides your objection.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint

If you believe your rights under POPIA have been infringed, you may lodge a complaint directly with the Information Regulator of South Africa (see contact details below).

No Selling of Personal Data

We do not sell Personal Data. We do not share Personal Data with third parties for their independent marketing purposes without your prior consent.

Non-Discrimination

We will not discriminate against you for exercising any of your rights under POPIA or other applicable privacy legislation.

Exercising Your Rights

To exercise any of the rights described in this Privacy Policy, you or a duly authorised representative must submit a request that provides sufficient information to verify your identity and describes your request in sufficient detail for us to understand, evaluate, and respond to it. You may submit a request through our contact page.

We will respond to valid requests within the timeframes prescribed by POPIA and other applicable law — generally within 30 days of receipt of a valid, complete request. We will not charge a fee for reasonable requests; however, if a request is excessive, repetitive, or manifestly unfounded, we will notify you of any applicable fee before proceeding.

Cross-Border Data Transfers

ICRD Group Holdings operates internationally and may transfer Personal Data to recipients located outside the Republic of South Africa, including to our service providers, technology platforms, and international business partners. Where we transfer Personal Data across borders, we do so in accordance with Section 72 of POPIA, which requires that the recipient country or organisation provides an adequate level of protection for that data, or that the data subject has consented to the transfer, or that another lawful basis applies. We take reasonable steps to ensure that any cross-border transfer of Personal Data is subject to appropriate safeguards.

Contact Information and Information Regulator

If you have questions or comments about this Privacy Policy, the ways we collect and use Personal Data, or your choices and rights, please contact ICRD Group Holdings through our contact page.

ICRD Group Holdings has designated a responsible party and Information Officer as required under POPIA. Requests or complaints relating to the processing of your Personal Data may also be directed to us in writing at our registered address: 2 Sherborne Road, Parktown 2193, Johannesburg, South Africa.

If you believe your rights have been violated and you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa: