Data Protection Statement

Introduction

This statement provides an overview of Financial Times Group’s approach to data protection. It should be read in conjunction with the relevant FT Group website privacy policy.

FT Group is committed to respecting and protecting the personal information of anyone who entrusts us with it, including our staff, our customers, our website and app users and other customers, our advertisers and other individuals we deal with for administration or operational reasons, or to comply with legal obligations. Protecting this information is more than a legal requirement for the FT Group; it is a matter oftrust, in line with our brand values. As a global business in a digitally connected environment, we respect applicable laws relating to data privacy.

FT Group’s Data Protection policy

Our policy sets out our rules on data protection, and the conditions that must generally be satisfied when we obtain, handle, process, transfer and store Personal Data. It applies to all staff of Financial Times Group Limited, its wholly owned and majority-owned subsidiaries (FT Group). We expect our business partners, including contractors and contributors, to meet the same high standards when working with FT Group or on our behalf.

Definitions

Personal Data is any information about an individual, or from which an individual can be identified, whether directly, or indirectly in combination with other information FT Group holds. This includes Special Category Data.

Special Category Data is a category of Personal Data that consists of sensitive information such as information about an individual’s health or religious beliefs, which require a higher level of protection.

Data Processing is the action of doing something with Personal Data, such as obtaining, editing, reviewing, storing, disclosing, transferring and deleting it.

Principles

The below principles are applicable, except where a specific lawful exemption applies (for example, there are certain exemptions under UK and EU law for processing data for the
purposes of journalism):

1. Transparency - To be transparent about our privacy practices and how external and internal individuals can contact us with questions or concerns.

2. Minimisation and limitation - To limit the collection and use of Personal Data to specific purpose(s) and ensure that Personal Data is adequate, relevant and not excessive for the purpose(s) for which it was collected. To only share Personal Data with those who have a legitimate need to know and whose access is appropriately authorised.

3. Accuracy -To take steps to ensure that Personal Data is accurate and, where necessary, kept up to date.

4. Storage limitation - To retain Personal Data only as long as needed and in accordance with FT Group policies.

5. Integrity and confidentiality (security) - To ensure Personal Data is protected by appropriate security including technical and non-technical measures whether in transit or at rest. To promptly report any actual or suspected unauthorised use, disclosure or access to Personal Data to the FT Group Cybersecurity team.

6. Privacy by Design and Default - To ensure that new systems and processes are designed with appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights.

7. Accountability - To ensure any third parties we use to process Personal Data on our behalf have appropriate policies and practices in place, and that our contract with them appropriately covers data protection.

8. Individual rights - To comply with individuals’ rights in relation to their Personal Data, which may include rights of access, rectification, erasure, portability, restrict or object to processing.

Reporting

If you are aware of any FT Group related non-compliance with this statement or applicable data protection laws and regulations you can report it to our Data Protection Officer at privacy.officer@ft.com.