A) General principles

This policy addresses the collection, utilization, backup and the disclosure of personal information on customers and employees. It is established in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”, federal) and the Act Respecting the Protection of Personal Information in the Private Sector (Quebec).

B) Types of “personal information”

“Personal information” is defined as any information pertaining to an individual and information that allows to identify. In the exercise of its activities and in order to serve its customers well, COTE 100 collects information from its customers, including name and address, date of birth, marital status, information on the spouse and dependents, driver’s license, passport number, social security number, annual revenue, total value of assets and other sensitive financial information. The source of the information collected are multiple and may include the information collected:

· In COTE 100’s account opening forms;

· In our custodian’s account opening forms;

· In management agreements, policies for investment and other forms;

· During telephone conversations, through e-mail exchanges or during meetings in person.

Also, in the normal course of its business, COTE 100 may also, on occasion, carry the collection of some personal information on employees or applicants for employment, particularly to verify certain information necessary for the functions of the position to be filled or subsequently for purposes of management of the company.

C) Of data privacy officer

COTE 100 designated the Chief Compliance Officer as being equally responsible for the confidentiality of the data.

D) Consent to the collection

Any client or employee of COTE 100 must be informed and consent to any collection, use or disclosure of personal information concerning him (unless it is not appropriate to do so) after being informed of the purpose of the collection. Consent must be given in writing prior to any collection, use or disclosure (it is not presumed). Consent must also be given for specific purposes.

E) Data protection and conservation

Once collected, the information must remain protected at all times. In this regard, information is kept in a safe place, protected against unauthorized and retained access only for the time

necessary. COTE 100 is responsible for the personal information that it entrusts to a third party for processing (within the limits of the consent obtained). COTE 100 must therefore provide a comparable level of protection to information processed by a third party. Access to records is restricted to those employees who need to know this information in the exercise of their function.

The conservation of personal information is done in accordance with COTE 100’s Archiving Policy and conservation of data and in compliance with the applicable regulations.

F) Use and disclosure

The personal information collected from customers will only be used in the context of an account opening (mainly to allow the identification and knowledge of the client, the determination of its profile of investor and its status as an insider of some transmitters, and the assessment of the suitability of the investments). The information requested is necessary also to comply with the applicable regulations (including, securities regulations and for combating money-laundering and the financing of terrorist activities. Finally, personal information may also be required for the possible transfer of assets from another financial institution.

Certain personal information may also be collected on COTE 100’s employees and will be used in the context of the labor agreement binding COTE 100 and these employees.

COTE 100 communicates confidential information only to concerned external stakeholders in the exercise of its activities (for example, regulatory authorities and service providers such as Trustees, portfolio management systems, market intermediary, etc.).

G) Accuracy and access

COTE 100 deploys reasonable measures to ensure the accuracy of personal information and of subsequent updates.

Any customer can have access to personal information at any time about to revise its content and its accuracy. In order to avail themselves of this right, the client is asked to provide a written request, in order to allow a full search on the part of coast 100. The firm will respond to written within a period of 30 days and will be able to provide copies of the relevant documents, if applicable (side 100 will retain the originals in his possession).

H) Mandatory Data Breach Reporting Requirements

In the event that COTE 100 suffers a data breach of security safeguards, the Firm is required to:

• determine whether the breach presents a “real risk of serious harm” to any individual whose personal information was affected by the breach (“Interested Parties”) by carrying out a risk assessment that must take into account the sensitivity of such information and the likelihood of it being misused;
• as soon as possible, notify affected individuals of any breach that it believes poses a real risk of serious harm to them and report this breach to the Privacy Commissioner of Canada (the Commissioner);
• notify any other organization that may be able to mitigate the risk of harm to the Interested Parties;
• maintain a record of any data breach of which the organization is aware and provide it to the Commissioner upon request.

I) Complaints and access to policy

Any complaint relating specifically to the protection of personal information must be made in writing and sent to:

COTE 100 Inc.
Att: Chief Compliance Officer
1543, rue Montarville
Saint-Bruno, QC J3V 3t8

COTE 100 must put at the disposal of any person in an easily accessible way its policies and practices concerning management of personal information. Thus, a copy of this policy is added to the company’s Web site.

Last updated: January 2023