December 31, 2020

Bloomberg Finance L.P., its operating agent Bloomberg L.P., and affiliates ("Bloomberg") are committed to compliance with their data protection obligations throughout the world. This Intra-Group Personal Data Protection Statement ("Statement") sets out the privacy principles Bloomberg follows with respect to personal information that it transfers from the European Union, European Economic Area, and Switzerland (collectively, "EU") or the United Kingdom ("UK"), in accordance with the EU General Data Protection Regulation ("GDPR") and UK GDPR.

Bloomberg has implemented robust processes and protections to meet the requirements of transferring personal information to third countries in accordance with applicable data protection laws. Accordingly, the relevant Bloomberg group companies have entered into Intra-Group Personal Data Protection Agreements ("IGAs") to ensure that personal information transferred from the EU or UK is subject to appropriate safeguards, and to clearly identify the Bloomberg group companies responsible for transfers of personal information from the EU or UK.

The IGAs incorporate unchanged EU Commission Standard Contractual Clauses (“SCCs”), which include specific obligations and rights around transfers of personal information, and ensure that any personal information leaving the EU and/ or UK will be transferred by Bloomberg in compliance with applicable EU and UK data protection laws. The IGAs include the operational procedures and security measures we use to maintain the accuracy and integrity of personal information and protect personal information.

• Governance
  We regularly review and update our governance framework, including roles and responsibilities of personnel, and maintain a working group to oversee data protection regulation compliance and document results and decisions as they relate to personal information management.
• Accountability and Recordkeeping
  We map the personal data life cycle and maintain a personal data map inventory, including documenting personal data flows within Bloomberg's systems and any disclosures to third-party systems.
• Security
  We invest in and maintain organisational, technical, and physical safeguards intended to ensure the protection of personal information. We engage in ongoing monitoring and testing of the efficacy of these safeguards. Our data centers are dedicated solely to our products, services, and operations, and have secure and monitored access controls.
• Privacy By Design
  We integrate personal data mapping and accountability into our product design processes, and build personal data security into our development and product life cycles.
• Administrative controls
  We regularly review and update our policies, procedures, and controls to address our data protection obligations. We conduct data protection executive education and tailored training programs for data protection compliance.

The Bloomberg group companies involved in personal information transfer and management are identified in the IGAs as Data Exporter(s) or Data Importer(s). Bloomberg is an independent Data Controller unless otherwise specified. With respect to specific products and services where Bloomberg acts as a Data Processor to our customers, we make available to our customers additional data processing terms, including unchanged EU-Commission approved Controller-to-Processor SCCs. Products where Bloomberg acts as data processor include Bloomberg Vault and Bloomberg Regulatory Reporting Services.

This Statement may be amended from time to time, consistent with the requirements of applicable law, and will be effective immediately.