MIB CAPITAL CORPORATION – DATA PRIVACY POLICY

I. Introduction

MIB Capital Corporation, formerly Multinational Investment Bancorporation, is committed to safeguarding the personal data entrusted to us by our clients, partners, employees, and other stakeholders. Since our establishment in 1972, we have provided independent financial advisory, capital raising, valuation, and related services to corporate, institutional, and individual clients.

This Data Privacy Policy outlines how we collect, use, store, share, and protect personal data in the course of our operations. We process all personal data in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and all applicable issuances of the National Privacy Commission.

By engaging with us, whether through our advisory services, employment processes, or communications, you acknowledge and understand the practices described in this Policy.

II. Scope

This Policy applies to all personal data we collect from:

• Clients and prospective clients
• Corporate officers, directors, and employees of organizations we engage with
• Business partners, counterparties, and service providers
• Job applicants and current/former employees, where applicable
• Representatives of regulators and government agencies
• Individuals who communicate or interact with us through meetings, correspondence, or our website

III. Definitions

• Personal Information Controller (PIC): MIB Capital Corporation.
• Personal Data: Any information that can identify an individual.
• Processing: Any operation performed on personal data.
• Services: Financial advisory, valuation, capital raising, fairness opinions, and related services.

IV. Personal Data We Collect

We collect only data necessary to deliver our financial advisory and related services. This may include:

• Identification Information: Name, birthdate, nationality, IDs, signatures.
• Contact Information: Address, email, phone numbers.
• Professional and Corporate Information: Employer, designation, corporate ownership.
• Financial and Transaction Information: Statements, investment profiles, banking details.
• Due Diligence and Compliance Information: KYC, AML, regulatory filings, beneficial ownership.
• Recruitment and Employment Information: CV, education, employment history, payroll and tax details.

We collect only personal data that is relevant, necessary, and proportionate to the lawful purpose for which it is being processed.

V. Purpose of Processing

We process personal data for legitimate and lawful business purposes, including:

• To evaluate and onboard clients
• To provide financial advisory, valuation, capital raising, and related services
• To prepare fairness opinions, transaction documentation, and corporate reports
• To comply with regulatory and legal obligations
• To conduct due diligence and conflict of interest checks
• To manage contracts and engagements
• To administer employment and human resource functions
• To support our corporate social responsibility initiatives through Multinational Foundation, Inc., where applicable

We do not process personal data for purposes that are incompatible with the purpose for which it was collected, unless otherwise permitted or required by law.

VI. Legal Basis for Processing

We process personal data only where there is a lawful basis to do so. Depending on the circumstances, processing may be based on:

• Your consent, where consent is required under applicable law
• The performance of a contract or prior to entering into a contract
• Compliance with legal and regulatory obligations
• Protection of legitimate interests of the company or third parties, provided these do not override the rights and freedoms of the data subject

Where consent is the basis of processing, you may withdraw such consent subject to applicable legal or contractual limitations.

VII. Cookies

Our website may use basic cookies to support website functionality, security, and user experience.

Cookies are small text files stored on your device when you visit a website. These may be used to:

• Enable core website functions
• Support website security and technical administration
• Help improve website performance and navigation

You may manage or disable cookies through your browser settings. Please note, however, that doing so may affect certain website functions or performance.

VIII. Data Sharing and Disclosure

We treat client information and personal data with strict confidentiality. We may share personal data only when necessary, lawful, and subject to appropriate safeguards.

We may share personal data:

• With regulators such as the Securities and Exchange Commission and other government authorities
• With professional advisers including legal, tax, and audit firms
• With financial institutions involved in transactions
• With service providers under written data processing or confidentiality agreements
• With Multinational Foundation, Inc., when required for legitimate philanthropic activities or related operational purposes

Where required by law, regulation, or the nature of the data sharing arrangement, we will obtain your consent or provide the necessary privacy notice before such sharing takes place.

We do not sell personal data.

IX. Data Retention

We retain personal data only for as long as necessary to:

• Fulfill the purpose for which it was collected
• Comply with legal, tax, accounting, and regulatory requirements
• Establish, exercise, or defend legal claims

As a general guide:

• Client and transaction-related records may be retained for up to ten (10) years from the completion, termination, or closure of the engagement, or longer where required by law, regulation, audit, or legal and regulatory proceedings
• Employment-related records may be retained for the duration of employment and for up to ten (10) years thereafter, subject to applicable labor, tax, accounting, and legal requirements
• Job applicant records may be retained for up to two (2) years from the date of application, unless a longer retention period is required by law or consented to by the applicant
• Website inquiry or correspondence records, where applicable, may be retained for up to two (2) years, unless a longer period is necessary for legal, regulatory, security, or legitimate business purposes

After the applicable retention period, we securely dispose of, delete, anonymize, or otherwise render the data inaccessible, in accordance with applicable law and internal retention procedures.

X. Data Security Measures

We implement reasonable and appropriate technical, organizational, and physical security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include:

• Restricted access to sensitive information
• Confidentiality undertakings by officer-partners and employees
• Secure storage of physical and electronic records
• Access controls and authentication mechanisms
• Regular review of internal policies and procedures

Our internal Corporate Partnership structure reinforces accountability for professional acts and conflicts of interest.

XI. Rights of Data Subjects

Under applicable law, you have the right to:

• Be informed about the processing of your personal data
• Access your personal data
• Request correction of inaccurate or incomplete data
• Object to processing under certain conditions
• Request erasure or blocking when legally justified
• Withdraw consent where processing is based on consent
• Claim damages, where applicable
• Request data portability, where applicable
• Lodge a complaint with the National Privacy Commission

Requests shall be evaluated and acted upon in accordance with applicable law and our internal procedures.

To exercise these rights, you may contact us through the details below.

XII. Contact Us

For any questions, requests, or concerns regarding this Policy or the processing of your personal data, you may contact us through the following details:

mib@mib.com.ph
MIB Capital Corporation
22/F Multinational Bancorporation Centre, 6805 Ayala Avenue Makati City 1226 Philippines

XIII. Policy Updates

We may update this Policy to reflect changes in law, regulation, or business operations. The updated version will be made available through our official communication channels.

XIV. Commitment

We operate as an independent, professionally managed institution. The interests of our clients take precedence in our engagements. Protecting the confidentiality and integrity of personal data forms part of that commitment.