Effective Date: November 30, 2023

This Privacy Policy is provided by Aquiline Management Holdings LP (“Aquiline Management”) and its affiliates, including Aquiline Capital Partners LP (“Aquiline LP”) and Aquiline Capital Partners Limited (“Aquiline Limited”). Aquiline Management, Aquiline LP, Aquiline Limited and their respective affiliates are referred to in this Privacy Policy as “Aquiline”, “we”, “us” or “our”. This Privacy Policy is provided for the benefit of natural persons (excluding those working for, or within, our organisation) visiting this website (the “Website”), applying for a job with us, visiting our premises or otherwise communicating with us, including via electronic mail or “e-mail”. In this Privacy Policy, we refer to such natural persons as “you”. We also describe how we collect and process the personal data of such natural persons, including the personal data of individuals who are subject to the protection of the EU General Data Protection Regulation (Regulation 2016/679) (the “GDPR”) or, as applicable, the GDPR as it applies in the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419 (the “UK GDPR”). This Privacy Policy describes the information that we collect about you, how we use such information and to whom we disclose it. This Privacy Policy does not address our privacy practices concerning any personal data we collect in relation to our investors, including through the Investor Portal on this Website; we address those practices in separate privacy notices included in the subscription agreement or sent to our investors or potential investors. Our current investor privacy notice is available within the Investor Portal. If you do not agree with this Privacy Policy, you should not use this Website, apply for a job with us, visit our premises or otherwise provide us with your information. Privacy Policy Changes We reserve the right, in our sole discretion, to amend, revise or supplement this Privacy Policy from time to time. We will notify you of any changes to this Privacy Policy, including any substantial changes in the way we use or disclose your personal data obtained from your use of this Website, your job application, your visit to our premises or your other communication with us, by posting a revised policy with an updated effective date on this page. Any changes will be effective immediately upon the posting of the revised Privacy Policy. Your continued access or use of this Website, submission of a job application, visit to our premises or other communication with us following the posting of changes to this Privacy Policy means that you accept such amendments, revisions or supplements. We encourage you to refer to this Privacy Policy often, or each time you visit this Website, apply for a job with us, visit our premises or otherwise communicate with us, so that you remain familiar with our most current privacy policy and stay informed of any changes regarding our collection or use of your personal data.

Privacy Terminology Certain words are given specific meanings under data protection legislation. Different laws may use different or additional legal terms, or define the same terms differently. The terms listed below are intended to have the following meanings in this Privacy Policy: “data controller” means Aquiline, or the entity within its group, that determines the purposes and means of the processing of personal data; “personal data” means information from which it is possible to identify a natural person (an individual), or information from which any individual is identifiable; “processing” means anything that is done with personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and “process” and “processed” as used in this Privacy Policy shall be construed accordingly; and How We Collect Your Personal Data Aquiline is a data controller in respect of any personal data it receives from you via this Website. The exact personal data we collect about you will depend, inter alia, on the nature of your relationship with us, but the types of personal data we may collect are described below. We may collect your personal data from: • registration information you proactively provide to us; • information captured via “cookies”; • information provided, e.g., in follow-up telephone conversations, voicemails, through written correspondence, or via e-mail; • your internet or other network activity;
• information gathered by other automated mechanisms, such as web server logs and JavaScript; and • if you login as an investor to the Investor Portal, login credentials and other information (please see the investor privacy notice available within the Investor Portal). We may also collect personal data from other sources, such as other companies providing services to us. Some third-party sources may include publicly available sources of information. What Personal Data Do We Collect The types of personal data we collect about you depends on the nature of your interaction with us. The personal data we collect may include: • Identifiers, such as name, mailing address, e-mail address, telephone numbers and internet protocol address. • Other contact details and records, such as contact information provided in the ‘Contact’ page. • Internet or other electronic network activity information, such as browsing or search history, details of interactions with other websites, applications or advertisements and online identifiers such as cookies, as well as information you provide to us when you correspond with us in relation to enquiries. • Technical information, such as information about the device you use to interact with us. • Professional, employment-related and education-related information. • Commercial information, such as account data.

Cookies and Google Analytics In addition to information you proactively provide to us, we obtain information from cookies. Cookies are small text files that are stored in your computer's memory and hard drive when you visit certain web pages. Cookies are used primarily to customize this Website for return visitors and improve your experience with this Website. For instance, when you return to this Website after logging in, cookies provide information to the Website, including personal information, so that the Website will remember who you are. We use cookies primarily to capture anonymous analytics to improve the Website experience and performance, including by compiling statistical information concerning, among other things, the frequency of use of the Website, the pages visited and the length of each visit, as well as information about your computer, operating system, browser, language and country. You are not required to accept cookies to use this Website, and you can configure your browser to accept all cookies, reject all cookies, notify you when a cookie is set or delete cookies. You are always free to decline cookies if your browser permits, however, if you choose to turn off cookies, you may not have access to features that optimize your browsing of this Website, and some of those features may not function properly. We also obtain information from other third-party web analytics service providers. We use Google Analytics which collects information such as: how often users visit this Website, what pages the user visits, and what other sites they used prior to or after coming to this Website. The information obtained by Google Analytics may itself be processed by Google Analytics (or other web analytic service providers). More information on how Google Analytics uses your data can be found at https://google.com/policies/privacy/partners/. More information about opting out of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout. We use the information we get from Google Analytics only to improve this Website. This information is maintained in a form that does not explicitly identify you, and we will not use this information to identify individuals, except for site security and law enforcement purposes. The collection of personal data from which you cannot be readily identified may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. We use such data on an aggregated basis to either help us maintain this Website or to disclose to third parties, such as investors, for informational or promotional purposes. Aquiline does not track visitors to this Website over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals. Why Do We Collect Personal Data and How Is It Used? Our reasons for processing the types of data described above will depend on the nature of our relationship with you, but may include the following: • to send updates or to correspond with you; • to service your account and/or to provide you with information about Aquiline, our products and services; • to provide efficient and reliable services; • to improve our product offerings and service options: • to maintain our relationship with you; • to monitor our communications with you; • to protect the security of our IT systems; • to improve or develop this Website; • to comply with our legal and regulatory obligations; • to maintain and keep our records up to date; and • to protect our business against fraud or other crimes. We will typically only process your personal data to pursue the purposes described above. However, we may have a legitimate business interest in processing your personal data for some other purpose, but even then we would do so only if our legitimate business interests are not overridden by your interests or your fundamental rights and freedoms which require the protection of your personal data. If you choose to submit information to us, we encourage you to contact us by e-mail or telephone to update your account information whenever such information ceases to be complete or accurate. We will use any additional information you provide to us to update our records. We will delete any information we have if it is out of date (subject to any applicable legal or regulatory requirements). To Whom Do We Disclose Your Personal Data? We may disclose your personal data to Aquiline’s subsidiaries or affiliates. We may also disclose your personal data to our service providers and professional advisors. For example, we use service providers to host and/or maintain this Website (internal or external) and employ other persons to perform work on our behalf, such as sending e-mail. These persons may have access to personal data that you submit through this Website, job applications, visits to our premises or other communication with us, but only for the purpose of performing their duties and in order to provide efficient and reliable services. These persons act on our instructions and are not authorised to disclose personal data, and are not authorised to use or disclose your personal data for other purposes, save to the extent required to comply with their own legal obligations. We will not sell or rent your personal information to others. As noted above, we may disclose aggregated data to analytic service providers. We may also disclose your personal data if we are required to make such disclosure to the government or private parties in connection with a lawsuit, subpoena, court order, investigation, similar proceedings or regulatory request or examination; to comply with applicable laws or regulations or when we otherwise believe in good faith that such disclosure is necessary or appropriate in connection with any activity that violates the law (including relating to intellectual property, fraud, contracts and privacy) or may expose us to liability, or to protect your safety or security, including the safety and security of property that belongs to you, or protect the safety and security of this Website, our databases, or the tangible or intangible property that belongs to us or to third parties. We may also disclose your personal data to applicable third parties in the event of a reorganization, merger, sale, acquisition, assignment, bankruptcy proceeding or other disposition of all or a portion of our business, assets or shares, to the extent lawfully permissible, but even then, only for the purposes set out in this Privacy Policy, including in such case, for its legitimate business interests.

To the extent that we request personal data from you and you refuse to communicate that personal data to us, this may affect our ability to maintain a business relationship with you or to comply with our legal obligations. Third Party Websites Aquiline may establish links between this Website and one or more websites operated by third parties. This Privacy Policy only applies to this Website and does not apply to any other website operated by a third party to which this Website may link. Aquiline has no control over any other such websites, including over their content, operation and privacy and/or security policies or practices, and disclaims responsibility for any such third-party websites hyperlinked from this Website. Links to third-party websites contained on this Website are provided as a courtesy and the inclusion of such links does not imply and endorsement, recommendation or approval of the linked website or its privacy policy. You are encouraged to review any privacy policy contained on the linked site in order to understand how your information is collected and processed. Your access to and use of such linked websites shall be at your own risk. Transfers of Personal Data Aquiline LP’s principal place of business is in New York City. This Website is hosted in the United States of America. Aquiline Limited’s principal place of business is in London, England. In some cases, disclosure of personal data to our affiliates and third parties referred to above will involve transferring personal data from the European Economic Area or the United Kingdom to the United States or another country which may not provide a level of protection to personal data equivalent to that provided in your country. Aquiline will ensure that such transfers are carried out in compliance with applicable law, such as, where necessary, by having the transfer governed by an appropriate data transfer agreement based on the European Commission approved standard contractual clauses and/or terms issued by the United Kingdom government, as applicable. To obtain a copy of such transfer arrangements, please contact us at the address noted below. How Do We Protect Your Personal Data? The security of your information is important to us. We employ several different technical, administrative and physical security measures to protect any information you provide through this Website, job applications, visits to our premises or other communication with us from unauthorized access, accidental destruction or loss, and to ensure the ongoing confidentiality, integrity and availability of such data. You should be aware, however, that no data transmission over the Internet can be guaranteed to be secure and there is always the risk that unauthorized persons may access or use your information. Aquiline cannot ensure or warrant the security of any information you submit via this Website, job applications, visits to our premises or otherwise, and we will not be responsible or liable for any damages, losses or causes of action arising out of or in connection with the disclosure of your information. You use this Website, submit job applications, visit our premises and send us such information at your own risk. Please consider this when you choose to submit information to us via this Website, job applications, visits to our premises or otherwise. How Long Do We Keep Your Personal Data? Personal data may be kept for as long as it is required for legitimate business purposes (however no longer than necessary with regard to the purpose of that visitor’s relationship with Aquiline) or, where applicable, for such period as is required by law or regulatory obligations which apply to us. Rights of Data Subjects You have certain rights with respect to your personal data in certain circumstances. These may include: • the right to request access to, or copies of, your data and related information including: the purpose for processing such data; the recipients; its transfer to other countries; the period for which it will be stored; and the source; • the right to request rectification of any errors in your personal data; • the right to request that the processing of your data is restricted; • the right to object to our processing of some or all of your personal data; • the right to request erasure of your personal data; • the right, in the event that we rely on your consent to process data, to withdraw your consent; • a ‘data portability’ right for your personal data to be transferred to you or another data controller in a structured, commonly used and machine-readable format. We do not use automated decision-making with respect to any personal data obtained through this Website, job applications, visits to our premises or other communication with us. We also note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, for example, if that personal data were required to comply with a legal obligation. If you wish to exercise any of the rights listed above, please contact us at the address noted below. Complaints If you have any complaints, questions or comments about this Privacy Policy, or wish to notify us of any errors or changes as to any personal information you provide us through this Website, job applications, visits to our premises or other communication with us, you can e-mail us at privacymatters@aquiline-llc.com or write to us at Privacy Matters, Aquiline Management Holdings LP, 535 Madison Avenue, New York, New York 10022, (212) 624-9500. If you have a complaint, you may also contact the data protection authority in your country. In the European Economic Area, details of the data protection authorities are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. In the United Kingdom, the data protection authority is the Information Commissioner’s Office (https://ico.org.uk/). CALIFORNIA PRIVACY NOTICE This California Privacy Notice supplements the Privacy Policy with respect to specific rights granted under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and all implementing regulations thereto (collectively, the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This supplement is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection and processing of their personal information that is not set forth in this CCPA supplement is otherwise set forth in the Privacy Policy. Privacy Terminology Different laws may use different or additional legal terms, or define the same terms differently. The term listed below is intended to have the following meanings in this California Privacy Notice: “personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. What does this California Privacy Notice apply to? This California Privacy Notice applies solely to your interactions with us through this Website, job applications, visits to our premises or other communication with us, including via electronic mail or “email”. This California Privacy Notice does not address our privacy practices concerning any personal information we collect in relation to our investors, including through the Investor Portal on this Website; we address those practices in separate privacy notices included in the subscription agreement or sent to our investors or potential investors. Our current investor privacy notice is available within the Investor Portal. How Do We Obtain Your Personal Information? The exact personal information we collect about you will depend, inter alia, on the nature of your relationship with us, but the types of personal information we may collect are described below. We may collect your personal information from: • registration information you proactively provide to us; • information captured via “cookies”; • information provided, e.g., in follow-up telephone conversations, voicemails, through written correspondence, or via e-mail; • your internet or other network activity;
• information gathered by other automated mechanisms, such as web server logs and JavaScript; and • if you login as an investor to the Investor Portal, login credentials and other information (please see the investor privacy notice available within the Investor Portal).

We may also collect personal information from other sources, such as other companies providing services to us. Some third-party sources may include publicly available sources of information. For additional details about how we collect personal information, please refer to the section titled “How We Collect Your Personal Data” above.
What Information Do We Collect About You? The types of personal information we collect about you depends on the nature of your interaction with us. The categories of personal information we have collected over the last twelve (12) months include the following: • Identifiers, such as name, mailing address, e-mail address, telephone numbers and internet protocol address. • Other contact details and records, such as contact information provided in the ‘Contact’ page. • Internet or other electronic network activity information, such as browsing or search history, details of interactions with other websites, applications or advertisements and online identifiers such as cookies, as well as information you provide to us when you correspond with us in relation to enquiries. • Technical information, such as information about the device you use to interact with us. • Professional, employment-related and education-related information. • Commercial information, such as account data. For additional details about the personal information we may collect, please refer to the section titled “What Personal Data Do We Collect” above.
We do not knowingly collect personal information from anyone under the age of 18. We do not collect any sensitive personal information from you. How Long Do We Retain Your Personal Information? For each of the categories of personal information that we collect (listed above), we retain such personal information only for as long as reasonably necessary to fulfill the purposes we collected it for, including for purposes of satisfying any legal, regulatory, accounting or reporting requirements, unless a longer retention period is otherwise required by law. How Do We Use Your Personal Information? We will use your personal information for one or more of the following business purposes: • to send updates or to correspond with you; • to service your account and/or to provide you with information about Aquiline, our products and services; • to provide efficient and reliable services; • to improve our product offerings and service options: • to maintain our relationship with you; • to monitor our communications with you; • to protect the security of our IT systems; • to improve or develop this Website; • to comply with our legal and regulatory obligations; • to maintain and keep our records up to date; • to protect our business against fraud or other crimes For additional details about how we use your personal information, please refer to the section titled “Why Do We Collect Personal Data and How Is It Used” above.
To Whom Do We Disclose Your Personal Information? We do not “sell” or “share” (as such terms are defined by the CCPA) any of the personal information we collect about you to third parties. We do not disclose any nonpublic personal information about you to anyone, except as permitted or required by law or regulation and to subsidiaries, affiliates, service providers, professional advisors and other third parties in order to facilitate our services and perform functions on our behalf, including but not limited to administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. We may also disclose your information to other parties as may be required by law or regulation, or in response to regulatory inquiries. Within the last twelve (12) months, we have disclosed each of the categories of personal information collected in connection with this Website, job applications, visits to our premises or other communication with us to subsidiaries, affiliates, service providers and professional advisors as set forth above in “What Personal Data Do We Collect”. We may also disclose your personal information to applicable third parties in the event of a reorganization, merger, sale, acquisition, assignment, bankruptcy proceeding, or other disposition of all or a portion of our business, assets or shares. For additional details about to whom we disclose your personal information, please refer to the section titled “To Whom Do We Disclose Your Personal Data” above.
Your Rights Under the CCPA Deletion Rights: You have the right to request that we delete any of your personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons. Correction Rights: You have the right to request that we correct inaccurate personal information about you. Disclosure and Access Rights: You have the right to request that we disclose to you certain information regarding our collection and use of personal information specific to you over the last twelve (12) months. Such information includes: • the categories of personal information we collected about you; • the categories of sources from which the personal information is collected; • our business or commercial purpose for collecting such personal information; • the categories of third parties to whom we disclose the personal information; • the specific pieces of personal information we have collected about you; and • whether we disclosed your personal information to a third party, and, if so, the categories of personal information that each recipient obtained. Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive (or charging) different rates for services or suggesting that you will receive (or providing to you) a different level or quality of service. How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this notice in an alternative format, please submit a request on your behalf using any of the methods set forth in the “Contact us” section below.

Contact Us For any requests relating to the exercise of your rights under the CCPA, or questions regarding our processing of your personal information, please submit or have your authorized representative submit a request using any of the methods set forth below. • Call us at (212) 624-9500. • E-mail us at privacymatters@aquiline-llc.com outlining your request. Be sure to include your contact information. We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (e.g., the risk of responding to fraudulent or malicious requests), we may request further information or your investor portal access credentials, if applicable, to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf if you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above. Our goal is to respond to any verifiable consumer request within forty-five (45) days of our receipt of such request, but in certain cases, additional time might be required (up to 90 days). California’s Shine the Light Law California Civil Code Section 1798.83, known as the “Shine the Light” law, permits our Website users who are California residents to request and obtain from us a list of their personal information (if any) that we disclosed to third parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. We currently do not disclose any personal information to third parties for their direct marketing purposes. Please contact privacymatters@aquiline-llc.com with any questions about this California Privacy Notice. Last updated: November 30, 2023.