CV Future
Limited Privacy Statement

1
Introduction

1.1
CV Future Limited (“CVL”) is a controller within the meaning
of the Data Protection Act 2018 and the UK General
Data Protection Regulation. Further details about
us and how to contact us appear below.

1.2
This notice describes how we collect,
store, transfer and use personal
data. It tells you about your privacy rights and
how the law protects you.

1.3
This Privacy Statement applies
to personal data from you when you contact us and
provide us with your personal data when you use:

a.
our websites including at selltocorporates.com;

b.
make enquiries for your
professional services;

c.
apply to a job with us;

d.
the professional services we supply.

1.4
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our
website.

1.5
We have legal obligations
to you to inform you of:

a.
the personal data which we
collect from you

e.
how we use it

f.
the purposes for which we
process your personal data

g.
the legal basis for processing
your personal data

h.
who we share your personal data
with

i.
where we store and send your
personal data, and protections

j.
the periods for which we retain
your personal data

k.
your rights under the General
Data Protection Regulation

l.
the right to lodge a complaint with a supervisory authority.

2
How we process your Personal Data

2.1
Personal data is information
that identifies you, either directly or indirectly. This includes your contact details
and any information about you that you provide
us.

2.2
When we process your personal
data, we:

a.
do so lawfully, fairly and in a transparent manner

m.
collect it for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible
with those purposes

n.
limit our collection to what is adequate and relevant to what is necessary in relation to the purposes for which
they are processed

o.
take reasonable steps to keep it accurate and up to date having
regard to the purposes for which they are processed

p.
kept in a form where we can identify
you for no longer than is necessary, for the purposes for
which it is processed

q.
process it in a manner that
ensures appropriate security of the personal data, which includes protection
against unauthorised or unlawful processing and against accidental loss, destruction or damage. We use appropriate technical or
organisational measures to do so.

3
Personal Data Collected

3.1
The types of personal
data we may collect from you when you visit
our website, contact us is
limited to the information you provide us.

3.2
When you use our services the following technical data may be collected, depending on the activities of users:

4
Special Categories of Personal Data

4.1
The special categories of
personal data are personal data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs,
or trade union membership,
and the processing of genetic data, biometric data for the purpose of uniquely
identifying a natural person, data concerning health or data concerning a
natural person’s sex life or sexual orientation.

4.2
We do not deliberately collect
any special categories of personal data from you.

4.3
We would prefer that you do
not send it to us or make it known to us.

4.4
Should we choose to do so, we may delete the entire communication and ask you to
send it again absent the special categories of personal data. If for some
reason we are not able to do so, we do not store it in any structured way and
process it only:

a.
where we have your explicit consent

r.
for employment purposes,
including for job applications;

s.
where the processing relates to
personal data which you made public; and

t.
processing is necessary for the establishment, exercise or defence
of legal claims or whenever
courts are acting in their judicial capacity.

5
Use of our services by children

5.1
We do not sell products or provide services
for purchase by children, nor do we market to children.

6
Not providing Personal Data

6.1
We need to know who we are communicating with. Should you choose not to provide us with your name, contact
details or other details we may need, we will not be able to communicate with
you.

6.2
This means that if you:

a.
have something to ask us, we
will not be able to respond to you;

b.
are enquiring about job roles we might have available, we will not be able to
assess you for suitability;

c.
have a contract with us, we will not be able to perform
the contract, and we may need to terminate it.

7
Keeping Personal Data up to Date

7.1
Please help us keep your
personal data up to date and let us know when it changes.

7.2
At any time, you may contact
us in writing to request
that we provide
you with the personal data we hold about you.

7.3
To obtain a copy of any information that is not provided on our website
you should contact us to make
that request.

8
Sources of Personal Data

8.1
We primarily obtain personal
data about you from you.

8.2
We may also obtain information about you from publicly available
sources, such as websites where you have made the
information public, Companies House, background check agencies, our business
partners, and business directories, tax authorities, and other third parties.

8.3
We may also confirm information
you provide to us directly using data from other sources. We also add to the information we hold about
you, sometimes to remove the need for you to provide it to us and
sometimes in order to be able to assess the quality of the services we supply
you or you offer. The additional information we collect may be categorised as
follows:

a.
information that confirms your identity;

b.
business information, including your business trading
name and address,
your company number (if incorporated), and your VAT number (if
registered);

c.
information which confirms your
contact information;

d.
reviews and feedback about your business
on other websites
through which you sell your services; and

e.
unsolicited complaints by our clientele.

9
How we use your personal data

9.1
We process your personal
data for the following purposes, where we have a legal basis to do so:

a.
to provide our services to you;

b.
receive payment for our services;

c.
pay others for services they
supplied to you;

d.
improve our services;

e.
assist others deliver their
services to you.

9.2
Payment information: Payment information
is never taken by us or transferred to us either through our website
or otherwise. Our employees and staff never
have access to it. At the point of payment, you are transferred to a secure page on the website
of Thrivecart or some other reputable payment service provider. That
page may be branded to look like a page on our website, but it is not
controlled by us.

10
Marketing

10.1
We strive to provide you with
choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal
data control mechanisms:

a.
you are able to opt out at any time;

b.
depersonalise advertising on
our site which is presented to you.

10.2
We may use your Contact
Details, Vocational Details, General Professional Details and Academic Data to
form a view on what we think you may want or need, or what may be of interest
to you. This is how we decide
which products, services
and offers may be relevant
for you.

10.3
You will receive marketing communications from us if you have requested information from us or purchased products or services from us
or if you provided us with your details when you entered a competition or
registered for a promotion and, in each case, you have not opted out of
receiving that marketing.

10.4
We will get your express opt-in
consent before we share your personal data with any company for marketing purposes.

10.5
Referrals and Affiliates: This is
information given to us by you in your capacity as an affiliate of us or as a
referral partner. It allows us to recognise visitors that you have referred to us, and to credit
to you commission due for such referrals. It also includes information that allows us to
transfer commission to you. The information is not used for any other purpose.
We undertake to preserve the confidentiality of the information and of the terms of our
relationship. We expect any affiliate
or partner to agree to reciprocate this policy.

10.6
Re-marketing: Re-marketing involves
placing a ‘tracking technology’ such as a cookie, a web beacon (also known as
an ‘action tag’ or a ‘single-pixel GIF’) to track which pages you visit and to
serve you relevant adverts for our services when you visit some other website.
The benefit of re-marketing technology is that we can provide you with more useful and relevant adverts,
and not show you ones repeatedly
that you may have already seen. We may use a third-party advertising service to
provide us with re-marketing services from time to time. If you have consented
to our

use of such tracking technologies, you
may see advertisements for our products and services on other websites. We do
not provide your personal data to advertisers or to third-party re-marketing service providers. However,
if you are already a member of a
website whose affiliated business provides
such services, that affiliated business
may learn of your preferences in relation to your use of our website.

Opting Out

10.7
You can ask us to stop sending
you marketing messages at any time by emailing us and/or logging into our website checking
or unchecking relevant
boxes to adjust
your marketing preferences or by following the opt-out links on any
marketing message sent to you or by contacting us at any time.

10.8
Where you opt out of receiving
these marketing messages, this will not apply to personal data provided to us as a result
of a product/service purchase, warranty registration, product/service
experience or other transactions.

11
Legal Basis Further Uses

11.1
We use your personal
data for the following reasons:

a.
You have given us your consent
in writing for the purposes
for which you provided your personal data;

b.
We need to take steps to form a contract with you and perform a contract with you;

c.
We need to comply with
a legal obligation other than with you;

d.
We or someone else has a legitimate interest
other than where
your interests or fundamental rights and freedoms would
be overridden.

11.2
We believe we have
legitimate interests to process your personal data to:

a.
improve our services;

b.
record-keeping for the proper
and necessary administration of our business;

c.
responding to unsolicited communications from you to which we believe you would expect a response;

d.
insuring against or obtaining
professional advice that is required
to manage legal, business
and/or organisational risk;

e.
protecting your interests where
we believe we have a duty to do so;

f.
meet our legal and statutory
obligations to you and others;

g.
prevent, detect and investigate fraud, corruption and misconduct by you and/or others;

h.
conduct and operate our
business in the digital age in an online environment;

i.
understand the needs, requirements
and preferences of potential customers, and

those
that use our services;

j.
conduct marketing activities, including sending email correspondence and video presentations;

k.
comply with health and safety obligations and monitor our performance against equal opportunities legislation;
and

l.
ensure network and information
security, including preventing unauthorised access to our computer
and electronic communications systems and preventing malicious software
distribution.

11.3
We will only use your personal
information for the purposes for which we collected it, unless we reasonably consider that we
need to use it for another reason and that reason is compatible with the
original purpose. If we need to use your personal information for an unrelated
purpose, we will notify you and we will explain the legal basis which allows us
to do so.

11.4
Please note that we may process
your personal information without your knowledge or consent, in compliance with the above
rules, where this is required
or permitted by law.

12
Data Sharing

12.1
We have put in place
appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

12.2
We limit access to your personal
information to those employees, agents,
contractors and other third parties who need to know. They will only
process your personal information on our instructions. They are subject to a
duty of confidentiality.

12.3
We have put in place procedures to deal with any suspected data security breach
and will notify you and any applicable regulator of a suspected breach
where we are legally required to do so.

12.4
We may have cause to share your personal
information with our service providers, such as:

a.
telecommunications providers, including telephone, instant
messaging, post and couriers;

b.
accountants;

c.
computer systems service
providers, including IT security personnel;

d.
advertisers.

12.5
We only permit them to process
your personal data for specified purposes and in accordance with our instructions, where we have a legitimate interest in doing
so.

13
Automated Decision Making

13.1
Automated decision-making takes place when an electronic system uses personal information to make a decision
without human intervention.

13.2
We do not automate
decision making in a way that affects
your legal rights
or any other basis.

14
Data Storage

14.1
We do not store
or transmit your data outside
of the UK, other than where you are
resident outside the UK.

14.2
Other than storing your data in
UK, we also store data in:

14.3
We will transfer the personal
information we collect about you to these countries (in the sense
that the system
servers are located
in the countries named above)
in order to perform our
contract with you. There is an adequacy decision by the European Commission in
respect of the named countries. This means that the country to which we
transfer your data is deemed to provide an adequate level of protection for
your personal information.

15
Data Security

15.1
We have put in place
appropriate security measures to prevent your personal information from being
accidentally lost, used or accessed in an unauthorised way, altered or
disclosed. As stated above at paragraph 12, we limit access to your personal
information to those employees, agents, contractors and other third parties who have a business
need to know. They will only process
your personal information on our instructions and they
are subject to a duty of confidentiality.

15.2
We store all information
that you provide to us on secure servers.

15.3
We train employees regarding
our data privacy policies and procedures, and permit authorised employees and
staff to access information on a need to know basis, as required for their
role. We use firewalls designed to protect against intruders, test for network
vulnerabilities and use encryption for data at rest and data in transmission.
However, no method of transmission over the internet
or method of electronic storage is completely secure.

15.4
Where you have a password which
enables you to use our services, you are
responsible for keeping this password complex, secure, and confidential.

16
Retention of your Data

16.1
We will only retain your
personal information for as long as necessary to fulfil the

purposes for which
it was collected, including for the purposes
of satisfying any legal,
accounting, or reporting requirements.

16.2
To determine the appropriate
retention period for personal data, we consider the amount, nature,
and sensitivity of the personal
data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we
process your personal data and whether we can achieve those purposes through
other means, and the applicable legal requirements.

16.3
By law we have to keep basic
information about our customers (including your contact, identity, financial and transaction data) for six years after they cease being
customers for tax purposes.

16.4
We keep your personal data
only for as long as required by us:

a.
to provide you with the
services you have requested;

b.
to comply with other law, including
for the period demanded by our tax authorities; and/or

c.
to support a claim or defence
in court.

16.5
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in
which case we may use such information without further notice to you. We will
retain and securely destroy your personal information in accordance with
applicable laws and regulations. Once you are no longer an employee, worker or
contractor of the company we will retain and securely destroy your personal
information in accordance with our data retention policy.

17
Rights of access, correction, erasure, and restriction

17.1
You have a series
of rights under the UK General Data Protection Regulation.

17.2
Not all apply in all
circumstances. Under certain circumstances, you have the right to:

a.
Request access to your personal
information (commonly known as a “data subject access request”). This
enables you to receive a copy of the personal information we hold about
you and to check that we are lawfully processing it;

b.
Request correction of the personal
information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about
you corrected;

c.
Request erasure of your
personal information. This enables you to ask us to delete or remove personal
information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you
have exercised your right to object to processing (see below);

d.
Object to processing of your
personal information where we are relying on a

legitimate interest (or those of a third party) and there is
something about your particular situation which
makes you want to object
to processing on this ground. You also have the right to object
where we are processing your personal information for direct marketing
purposes;

e.
Request the restriction of processing of your personal
information. This enables you to ask us to suspend the
processing of personal information about you, for example if you want us to
establish its accuracy or the reason for processing it; and

f.
Request the transfer of your
personal information to another party.

17.3
If you would like to exercise
any of these rights, please contact us using the details below. We will need to verify your identity
before we are able to release any personal
data to you. This is important to safeguard your information.

17.4
Please be aware that we are
not obliged by law to provide you with all personal data we hold about you, and that if we do provide
you with information, the law allows us to charge for such provision if doing so
incurs costs for us. After receiving your request, we will tell you when we
expect to provide you with the information, and whether we require any fee for
providing it to you.

17.5
If you wish us to remove
personally identifiable information from our website,
you should contact us to make your request.

17.6
We remind you that we are not obliged
by law to delete your personal data or to stop
processing it simply because you do not consent to us doing so. While having
your consent is an important consideration as to whether to process it, if
there is another legitimate basis on which we may process it, we may do so on
that basis.

18
Complaints

18.1
If you are dissatisfied with the way we process
your personal data,
you have the right
to complain to the Information Commissioner’s Office.

18.2
The Information Commissioner may be contacted
at: https://ico.org.uk/;

T: 0303 123 1113;

Live Chat:
https://ico.org.uk/global/contact-us/live-chat.

18.3
We would prefer to try and resolve any difficulties between
us and make them right before you approach the ICO. Please
consider contacting us in the first instance.

19
Withdrawal of Consent

19.1
Where you may have provided
your consent for us to process your personal data and/or transfer your personal
data for a specific purpose,
you can withdraw
it at any time.

19.2
To withdraw your consent,
please contact us using the details below. Once we have received notification
that you have withdrawn your consent, we will no longer process your information for the purpose
or purposes you originally agreed
to, unless we have
another legitimate basis for doing so in law. Please see above.

20
Changes to this Privacy Statement

20.1
We may need to change this
Privacy Statement from time to time. You are able to identify when this Privacy
Statement was changed
by the date which appears
at the bottom of it.

20.2
Amendments are updated on this page,
to the email address stated
in your account and/or through a notice on our
home page. Your continued use of this site and the resources enabled
by our services signifies your consent to such processing and of the conditions
set out in the Privacy Statement.

21
About Us

21.1
CV Future Limited, a company
formed in accordance with the laws of England and Wales with registered company
number 09297831 with registered offices situated at 14 Juno House John Thornycroft Road,
Southampton, Hampshire, SO19 9SW in the
United Kingdom.

21.2
CV Future Limited is
responsible for the personal data we hold and use.

21.3
We have appointed a data
protection officer who is responsible for ensuring that our Privacy Statement
is followed. If you have any questions about how we process your personal data,
including any requests
to exercise your legal rights,
please contact our data protection officer at teamjess@jessicalorimer.com.