CLOUD AND CULTURE LTD. COOKIE POLICY Last Updated: May 11, 2026 1. INTRODUCTION This Cookie Policy explains how Cloud and Culture Ltd. ("we", "us", or "our") uses cookies and similar storage and access technologies when you visit our website cloudandculture.co or any other websites, pages, features, or content we own or operate (collectively, the "Sites") and/or when you interact with our online advertisements or marketing emails. This Cookie Policy should be read together with our Privacy Policy and Terms and Conditions. We use cookies in accordance with the UK Privacy and Electronic Communications Regulations 2003 (PECR), as amended by the Data (Use and Access) Act 2025, and the UK General Data Protection Regulation (UK GDPR). 2. WHAT ARE COOKIES? Cookies are small text files that are stored on your computer or mobile device when you visit a website. They allow the website to recognise your device and remember if you have visited the site before. Cookies are widely used to make websites work efficiently and to provide information to the owners of the website. This Cookie Policy also covers similar technologies that store or access information on your device, including pixels, web beacons, tags, local storage, and device fingerprinting. 3. YOUR CONSENT When you first visit our Sites, you will be shown a cookie banner that allows you to accept all cookies, reject all non-essential cookies, or choose which categories of cookies you accept. Strictly necessary cookies are set automatically because they are required for the Sites to function. All other cookies (analytical/performance, functionality, and targeting) will only be set if you give your consent through the banner. You can withdraw or change your consent at any time by clicking the "Cookie Preferences" link in the footer of our Sites, or by clearing the cookies stored by our Sites in your browser. 4. TYPES OF COOKIES WE USE a) Strictly Necessary Cookies These cookies are essential to enable you to move around the Sites and use their features, such as maintaining your session and protecting our Sites from malicious traffic. Without these cookies, services you have asked for cannot be provided. They do not require your consent. The following strictly necessary cookies are set on our Sites by our content delivery and security provider, Cloudflare, Inc.: - __cf_bm — Cloudflare bot management cookie. Identifies and mitigates automated traffic to protect our Sites. Expires after 30 minutes of inactivity. - cf_clearance — Confirms that a visitor has passed a Cloudflare security challenge (e.g. JavaScript or CAPTCHA challenge), so they are not repeatedly challenged on subsequent pages. - __cflb — Load balancing / session affinity cookie. Routes a visitor's requests to the same origin server during their session. Session cookie, lasting from a few seconds up to 24 hours. - __cfruid / _cfuvid — Used by Cloudflare for rate limiting and to differentiate visitors that share an IP address. b) Analytical/Performance Cookies These cookies collect information about how visitors use our Sites, such as which pages are visited most often and whether visitors encounter error messages. We use this information only to improve how our Sites work. These cookies are only set if you consent through our cookie banner. c) Functionality Cookies These cookies allow our Sites to remember choices you make (such as your username, language, or region) and provide enhanced, more personalised features. These cookies are only set if you consent through our cookie banner. d) Targeting Cookies These cookies are used to deliver adverts more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with our permission and may share information with other organisations such as advertisers. These cookies are only set if you consent through our cookie banner. 5. THIRD PARTIES AND OUR USE OF CLOUDFLARE Some cookies on our Sites are set by third-party providers we have chosen to work with. We are responsible for ensuring that any third-party cookies on our Sites are only set in accordance with this Policy and your consent preferences. We block all third-party non-essential cookies until you have given consent. Cloudflare Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA) provides content delivery network (CDN), security, and performance services for our Sites. All visitor traffic to our Sites is routed through Cloudflare's global network. In providing these services, Cloudflare acts as our data processor and processes certain personal data on our behalf, including your IP address and request metadata, in order to deliver our Sites efficiently and to protect against malicious activity such as denial-of-service attacks and bot traffic. Cloudflare also sets the strictly necessary cookies listed in section 4(a) above. Because Cloudflare is based in the United States, the use of Cloudflare involves the international transfer of personal data outside the United Kingdom. These transfers are protected by appropriate safeguards, including the UK Extension to the EU-US Data Privacy Framework and the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, as set out in our Data Processing Addendum with Cloudflare. For further information about how Cloudflare processes personal data, please see Cloudflare's Privacy Policy at https://www.cloudflare.com/privacypolicy/ and Cloudflare's Cookie Policy at https://www.cloudflare.com/cookie-policy/. Vimeo We use Vimeo (provided by Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA) to embed videos on our Sites. When you view a page containing an embedded Vimeo video, Vimeo may set cookies on your device and receive information about your visit, including your IP address, the page you are viewing, and information about your device and browser. Vimeo cookies are only set if you have consented to functionality and/or targeting cookies through our cookie banner. The cookies Vimeo may set include: - vuid — Vimeo's unique visitor identifier. Used by Vimeo to collect analytics data on how visitors interact with embedded videos across sites. Persistent cookie, expires after approximately 2 years. - player — Stores the video player's preferences (such as volume and playback quality) for the user. - sync_active — Indicates whether the visitor has consented to the use of cookies by Vimeo. - Additional cookies may be set by Vimeo for analytics, advertising, and fraud prevention purposes. For a full list, please see Vimeo's Cookie Policy. Because Vimeo is based in the United States, embedding Vimeo videos involves the international transfer of personal data outside the United Kingdom. Vimeo relies on appropriate safeguards for these transfers, including the UK Extension to the EU-US Data Privacy Framework and Standard Contractual Clauses. For further information about how Vimeo processes personal data, please see Vimeo's Privacy Policy at https://vimeo.com/privacy and Vimeo's Cookie Policy at https://vimeo.com/cookie_policy. Other Third Parties Other third-party providers may also set cookies on our Sites, only with your consent. Categories may include analytics providers, advertising networks, and other social media or content platforms. [Note: this section should be updated to name any additional specific providers used and the cookies they set.] 6. HOW TO MANAGE COOKIES You can change your cookie preferences at any time by clicking the "Cookie Preferences" link in the footer of our Sites. In addition, most web browsers allow some control of cookies through their settings. You can delete cookies that are already on your device and configure your browser to prevent new ones from being set. If you do this, you may have to manually adjust some preferences when you visit our Sites, and some services and functionalities may not work properly. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. For UK-specific guidance, see the Information Commissioner's Office at https://ico.org.uk/your-data-matters/online/cookies/. 7. CHANGES TO THIS COOKIE POLICY We may update this Cookie Policy from time to time to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. We will post any updates on our Sites and revise the "Last Updated" date at the top of this Policy. 8. CONTACT US If you have any questions about our use of cookies or this Cookie Policy, please contact us at: Cloud and Culture Ltd. 7 Bell Yard London WC2A 2JR United Kingdom Email: support@cloudandculture.co