Privacy Policy

PRIVACY POLICY

Last Updated: 5 January 2026

This Privacy Policy relates to the information collection and use practices of Black Spade Acquisition III Co (“we,” “us,” or “our) in connection with this investor relations website www.bsaiii.com (the “Website”).

Description of Users and Acceptance of Terms

This Privacy Policy applies to visitors of the Website (“Visitors,” “you,” or “your”). Please refer to the U.S. State-Specific Disclosures and Additional European Economic Area, United Kingdom, and Switzerland Privacy Disclosures sections below for additional disclosures that may be applicable to you.

Please read this Privacy Policy carefully. By using any the Website, you acknowledge our collection, use, and disclosure of your information as described in this Privacy Policy. If you do not understand or agree to this Privacy Policy, please do not use or access the Website.

Information We Collect and How We Use It

The information we collect or otherwise receive in connection with the Website includes:

Contact/Demographic Information. The contact/demographic information collected on our Website varies but typically includes some combination of your name, email address, contact type, company information (including address or job title), and any information you provide in messages or other forms (e.g., surveys) to us. We use such information for purposes such as responding to, and following up on, your inquiries, providing you with requested information, or sending you email or other communications (including marketing emails). Depending on the nature of your message, we may route your information to an appropriate third party, such as a distributor, to better address such message.
If you choose to contact us or otherwise send us information (e.g., via form or survey), we may need additional information to fulfill the request or respond to your inquiry. We may provide additional privacy disclosures where the scope of the request we receive or personal data we require falls outside the scope of this Privacy Policy. In that case, the additional privacy disclosures will govern how we may process the information you provide at that time
Webcasting/Teleconferencing: We may communicate with you via webcasting and teleconferencing services and similar services, where you may participate and provide information (e.g., user name, chat messages, likeness).
Server Logs. Like most websites today, we use web servers that keep log files that record data each time a device accesses those servers. These log files are maintained by our website hosting service and contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), and referral URL (i.e., the external source by which you arrived at our Website, or the pages you’ve clicked on while on our Website).
Analytics and Usage Data. We and our third-party partners may automatically collect or process information you provide to us, and information about your device and visit/use of the Website, through technologies such as cookies, local Storage, pixel tags, scripts, SDKs, APIs, and other technologies (collectively, “cookies”). The type of information collected via these technologies may include the following (collectively, “Analytics/Usage Data”):

i. Browser and device information, such as IP address, device or other digital user IDs, browser or device type and version, other user agent string data, location information, preferences, and other settings.

ii. Website analytics and usage data, such as the path taken to, through, or when exiting our Website, log-in and account credentials, what page you are on or have visited, links clicked, videos or other content viewed, services used or signed up for, other activity in relation to our services, email open rates, mouse movements, scrolls, clicks, keystroke activity, browsing, search, or purchasing behavior, or chat function usage and logging of such conversations.

Analytics/Usage Data may be combined with the other information described in this Privacy Policy.

5. Information from Other Sources and Third Parties. We may receive the same or similar categories of information described above from the following sources and other parties:

a. Our Affiliates: To provide our products and facilitate our services, entities within our corporate group receive personal data from other group entities for purposes and uses that are consistent with this Privacy Policy.
b. Service Providers: Our service providers that perform services on our behalf, such as analytics and certain marketing providers, collect personal data and often share some or all of this information with us.
c. Business Partners and Other Sources: In some cases, such as where you sign up for a webcast, presentation, or other event/service, we may receive your contact information from a third-party website, including those white-labeled under our brand. Where we collect such contact information, our use of such contact information shall be pursuant to this Privacy Policy.

Uses of Your Information

In addition to the other uses described in this Privacy Policy, we may also use your information to:

− Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations or to provide the services requested;

− Manage our organization and its day-to-day operations;

− Facilitate a business relationship with you and, where applicable, the company you represent, such as by communicating with you;

− Verify your identity and entitlement to our services;

− Market our services to you, such as via email;

− Administer, improve, and personalize our services, such as by analyzing your information in combination with others’ information;

− Create aggregated or de-identified information that cannot reasonably be used to identify you, which information we may use for purposes outside the scope of this Privacy Policy;

− Conduct research and analytics on our user base and our services (e.g., by analyzing your information with others’ information), such as inferring additional information about you or others or understanding how you and others may use our services;

− Train and improve our technology, services and products, such as our AI/machine-learning models and algorithms;

− Help maintain and enhance the safety, security, and integrity of our property, products, services, technology, assets, and business;

− Defend, protect, or enforce our rights or applicable contracts and agreements (including any relevant terms of use), as well as to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties, and or establish, exercise, or defend legal claims;

− Detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity and protect our rights and property, that of our affiliates and of others;

− Facilitate business transactions and corporate events (including mergers, acquisitions, sales, dissolutions and corporate reorganizations impacting the structure of our business);

− Comply with contractual and legal obligations and requirements; and

− Process for purposes otherwise disclosed to you (or pursuant to your consent) during your experience on, or in relation to, our Website, or any other reason permitted by law.

Our Disclosure of Your Information

As part of the uses described in this Privacy Policy, we may also provide your information to:

1. To our Affiliates. We may share your information with any of our parent companies, subsidiaries, affiliates, or other companies under common control with us in order to support the purposes described in this Privacy Policy.

2. Facilitate Business Transactions. In the event of a merger, dissolution, reorganization, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity.

3. Disclosure to Public Authorities. We are required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required or advisable by law or regulation including, but not limited to, in response to court orders and subpoenas, or for other purposes related to legal claims or legal reasons.

4. To Service Providers. We engage various service providers, such as cloud storage and web hosting providers, distributors and technical assistance and security vendors, database management/back-up services, analytics services, and email providers. This also includes sharing with any professional advisors, such as auditors, legal counsel, and accountants.

5. To Marketing Providers. We may share personal data with our marketing providers in order to offer digital marketing services (e.g., email marketing automation), customer relationship management/CRM platforms, and customer service vendors.

Email Marketing Opt-Out

You may also manage your receipt of marketing communications by clicking on the "Unsubscribe" (or similar) link located on the bottom of an applicable marketing email and following the instructions found on any page to which the link may take you. You may also manage your receipt of press releases and other communications (e.g., SEC filings) that you’ve signed up to receive via email by clicking on the link on the bottom of such applicable email communication and following the instructions found on any page to which the link may take you. You cannot opt out of receiving administrative or transactional e-mails. In all such cases, please allow us a reasonable time to process your request.

How We Protect Your Information

We take commercially reasonable steps designed to protect your personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet.

Retention of Personal Data

We will retain your personal data in a form that identifies you only for as long as it serves the purposes for which it was initially collected as stated in this Privacy Policy, subsequently authorized, or as allowed under applicable law.

Children’s Personal Data

Our Website is not directed at children and we do not knowingly collect personal data from children under the age of 16 through the Website. If you are under 16, please do not give us any personal data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal data to us. If you have reason to believe that a child under the age of 16 has provided personal data to us, please contact us at info@bsaiii.com and we will endeavor to delete that information from our databases.

Region-Specific Disclosures

Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including personal data, will be transferred from your country of origin to the US. To the extent permitted under applicable law, your decision to provide such data to us, or allow us to collect such data through our Website, constitutes your consent to this data transfer.

1. Your Rights Under U.S. State Privacy Laws. Depending on your state of residency, you may be able to exercise additional rights granted by applicable law in relation to the personal data about you that we have collected, subject to certain limitations. Please see “U.S. State Specific Disclosures” below for additional information regarding these rights and other information under the U.S. state privacy laws.

2. You Rights Under the EU and UK General Data Protection Regulation (GDPR) and Swiss Data Protection Framework. If you are a resident of the European Economic Area, the United Kingdom, or Switzerland, please see the section titled “Additional European Economic Area, United Kingdom, And Switzerland Privacy Disclosures” below regarding your rights and other information under applicable data protection laws.

Cookies

When you use the Website, we and third parties may use cookies to collect and store information we automatically collect about your device and use of the Website.

What are cookies: Cookies are text files which are placed on your device when a website is loaded on your browser. They are widely used in order to make websites work or work more efficiently, as well as to provide information to the owner of the site or to another site that recognizes those cookies.

Our use of cookies: In the EEA+ (as defined below), we will only use optional cookies with your consent. If you do not accept the use of cookies, please decline them when prompted on our Website or disable them at any time using the instructions below and changing your browser settings. We use strictly necessary cookies, and optional analytics and functional cookies. Strictly necessary cookies are essential to the functioning of the Website, to provide a service requested by you or to ensure the security of the Website. These cookies will be set once our Website is loaded on your browser and cannot be turned off as we cannot provide the Website without them. Analytics and functional cookies allow us to collect information about your online activity, including behavioral data and content engagement, and permit us to remember your Website preferences. They allow us to provide you with a better user experience and to maintain, operate and continually improve the Website. The data collected will generally be aggregated to provide trends and usage patterns for business analysis, site/platform improvement and performance metrics and to inform our advertising and marketing strategies. For example, we may use Google Analytics on our website. We use their cookies to generate statistical data on how a visitor uses the Website. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website here: www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Add-On here: https://tools.google.com/dlpage/gaoptout/.

How to manage or delete cookies: Most devices and browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. This lets you control your cookie settings so that you can (i) see what cookies or other locally stored data are used and delete them on an individual basis, (ii) block third party cookies, (iii) block cookies from particular sites, (iv) block all cookies from being set, and (v) delete all cookies when you close your browser.

• For more information on how to manage popular browsers, please see below:

o Cookie settings in Chrome for web and Android
o Cookie settings in Safari web and iOS
o Cookie settings in Edge
o Cookie settings in Firefox

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of cookies. If you so choose, you may block or delete certain of our cookies from your browser; however, blocking or deleting cookies may cause some of the Website, including any portal features and general functionality, to work incorrectly. You may also opt-out of the collection and use of information for interest-based advertising by advertisers that are part of certain industry alliances, including through tools offered by the National Advertising Initiative, the Digital Advertising Alliance or the European Interactive Digital Advertising Alliance, by clicking the links provided. If you want to change your settings at any time (for example, if you accept all cookies, but later decide you do not want a certain type of cookie) you can use your browser settings to remove any third party cookies or similar technologies dropped on your previous visit. To opt out of Google Analytics’ use of cookies, a Chrome browser add-on is available.

Your browser settings may also allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our website is not designed to respond to "Do Not Track" settings or other related mechanisms at this time and we do not use or disclose your information in any way that would legally require us to recognize opt-out preference signals.

Links to External Websites

Our Website may provide links to other digital properties that are controlled by third parties. Linked digital properties may have their own privacy notices or policies, which we suggest you review. We are not responsible for the security, content, usage, terms, privacy policies, or digital properties of any third party.Our inclusion of such links does not, by itself, imply any endorsement of such third party platforms or of their owners or operators.

Changes to This Privacy Policy

This Privacy Policy is effective as of the ‘Last Updated’ date stated at the top of this Privacy Policy. We reserve the right to make changes or update this Privacy Policy at any time, in which case we will update the “Last Updated” date at the top of this Privacy Policy. If we make material changes to how we use or disclose information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Website or by other means consistent with applicable law). If you do not agree to any updates to this Privacy Policy, please do not continue using or accessing the Services. By visiting the Website after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. As permitted by applicable law, our use of your information is governed by the Privacy Policy in current effect, regardless of when the information was collected. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us and Our Data Protection Officer

If you have questions about this Privacy Policy, please e-mail our Data Protection Officer at info@bsaiii.com with “Privacy Policy” in the subject line.

U.S. State-Specific Disclosures

For residents covered under the State Privacy Laws, this U.S. state privacy policy (this “U.S. State Privacy Policy”) is included in our Privacy Policy and applies to our processing of personal data of residents of California or other U.S. state that has passed a law similar to the California Consumer Privacy Act (“CCPA”) (collectively, “State Privacy Laws”). Any capitalized terms or other terms not defined herein shall have the meaning given to them elsewhere in our Privacy Policy or, if not defined herein or elsewhere in our Privacy Policy, the applicable State Privacy Law. For purposes of this section, references to “personal data” shall include “sensitive personal information” and “sensitive personal data” as those terms are defined under applicable State Privacy Laws.

To the extent of any conflict between this U.S. State Privacy Policy and the rest of our Privacy Policy, this U.S. State Privacy Policy shall control only with respect to consumers and their personal data.

Deidentified Information

We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

Processing of Personal Data

We collect the categories of personal data listed below and have done so within the past twelve (12) months:

1. Identifiers, including name, email address, physical address, company name, and title.

2. Commercial Information, including records of webcasts, presentations or other events that you signed up for or attended.

3. Internet or Network Activity, including page views, clickthroughs, referral and exiting URLs, time spent on pages, latency, and IP address.

4. Geolocation data, including IP address.

5. Personal information categories listed in the California Customer Records statute, including name, address and telephone number.

6. Inferences, including predictions about your interests and preferences.

The categories of sources from which we collect your personal data and the specific purposes for which we collect your personal data are described in the sections “Information We Collect and How We Use It” and “Uses of Your Information” above. The recipients of your personal data, and the specific purposes for which we disclose your personal data, are described in the section “Our Disclosure of Your Information” above. The section “Retention of Personal Data” above provides information about our retention practices.

We only use and disclose sensitive personal data for the purposes specified in the CCPA or otherwise in line with your consent.

We do not “sell” or “share” (as those terms are defined under the CCPA) personal data or process personal data for “targeted advertising”, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge of or “selling” or “sharing” the personal data of consumers under sixteen (16) years old.

Your U.S. Privacy Rights

Under the State Privacy Laws, you may have the following rights subject to certain limitations under such laws, such as exceptions found in such laws or, in some cases, the inability to verify your identity:

• Access / Know: You may have the right to request access to the personal information we hold about you, and to obtain details about how we use and share your information, and with whom we share or have shared it in the past.

• Deletion: You may have the right to request that we delete personal information we hold about you.

• Correction: You may have the right to request that we correct inaccurate personal information we hold about you.

Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights.

Exercising Your Rights

To exercise any of the rights described above, please submit a request to us by email us at info@bsaiii.com.

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal data. Before processing your request to exercise certain rights, we may need to verify your identity and confirm you are a resident of a state that offers the requested rights, as permitted under applicable law. Further information may be needed to verify your identity before exercising these rights, such as your email address or date of birth.

Please note that a record of your requests, including how we responded to your request and any correspondence or documentation related thereto, may be kept pursuant to our legal obligations.

Submitting Authorized Agent Requests

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf using the designated mechanisms for submitting requests set forth above, where, to the extent verification is permitted under law, we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority to submit requests on your behalf, we generally require evidence of either (i) a valid power of attorney under the relevant state laws, or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, as permitted under applicable law, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request. When you submit a request or launch an appeal, we will limit our collection of your information to only what is necessary to securely fulfil your request or process your appeal. We will not require you or your authorized agent to pay a fee for the verification of your request or appeal.

How to Contact Us

If you have any questions regarding our privacy practices as it relates to this U.S. State Privacy Policy, please contact us via email at info@bsaiii.com with the subject line, “U.S. State Privacy Policy.”

ADDITIONAL EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND PRIVACY DISCLOSURES

These disclosures supplement the information contained in our Privacy Policy by providing additional information about our processing of personal data of natural persons residing in the European Economic Are (“EEA”), United Kingdom (“UK”), or Switzerland (together “EEA+”). To the extent of any conflict between these disclosures and any other provision of the Privacy Policy, these disclosures shall control only with respect to covered individuals and their personal data.

Controller Disclosure & Details

We are a data controller of personal data regarding Visitors for the purposes and under the legal bases described in the table below. Data Subject Category

Purpose & Legal Basis of Processing

Visitors

Provide Our Website and Services: We will process Visitors’ personal data to provide our Website and our services, and will do so as necessary to enter into or perform our contract with you or as otherwise in our legitimate interest in providing our services to you.

Information Security: Our web servers will log Visitors’ IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Website usage, combating DDOS or other attacks, and removing or defending against malicious Visitors, or otherwise ensuring the safety, integrity, and security of our systems.

Communications: We will answer inquiries or analyze other information, such as those sent through a Contact Us or survey/form or similar page, pursuant to our legitimate interest in answering such inquiries, ensuring prospective or Visitor satisfaction, and furthering business relationships.

We will send e-mail marketing communications to Visitors based on their consent. Visitors may also have the option to consent to other e-mail-based communications that are not marketing-related; we may also send such emails pursuant to our legitimate interest.

General Business Development: We have a legitimate interest in processing the personal data of Visitors to further business relationships and ensure Visitor satisfaction (e.g., by storing Business Contact information within a CRM or other file, answering inquiries per Email Communications above).

Audience Analytics/Location: We utilize web audience measurement tools such as Google Analytics pursuant to Visitors’ consent (as required under law or else we will rely on our legitimate interest) to understand how Site Visitors interact with our Website and optimize the Website and related services. Additionally, we may request consent for use of your location to provide location-based services.

Improve Our Services: We have a legitimate interest in analyzing, personalising, and otherwise improving our services and to conduct research and analytics.

Compliance With Applicable Law and Security and Business Integrity: We will process Visitors’ personal data pursuant to (a) our obligations under

Representatives

To the extent required under applicable law, we have appointed a representative to act on our behalf in the EEA+. For further information, please email us at info@bsaiii.com.

Retention

We process Visitors’ personal data for as long as we have a legitimate business relationship with such Visitors or unless otherwise deleted upon request by such Visitors. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process your personal data:

• Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.

• Legitimate Interest: Where we are processing personal data based on legitimate interests, we generally will retain the information for a reasonable period based on the particular interest, considering the fundamental interests and the rights and freedoms of data subjects.

• Legal Obligation: Where we are processing personal data based on a legal obligation, we generally will retain the information for the period necessary to fulfill the legal obligation plus some additional limited period of time that represents the statute of limitations for legal claims that could arise from the legal obligation.

• Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period necessary to fulfill the purposes for which you have provided your consent.

In certain circumstances, we may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved. In all cases, in addition to the purposes and legal bases identified above, we consider the amount, nature and sensitivity of personal data, as well as the potential risk of harm from unauthorized use or disclosure of personal data, in determining the relevant retention period.

Your Additional EEA+Privacy Rights

Subject to certain limitations at law, you have a right to: (i) request access to, correction, or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting info@bsaiii.com with the subject line “GDPR Notice”.

Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our services to you or otherwise engage with you in the same manner.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by contacting info@bsaiii.com with the subject line “GDPR Rights”.

Before processing your request to exercise certain rights (taking into account the confidential nature of any personal data we maintain), we will need to verify your identity and confirm you are accessing our services or otherwise interacting with us from the EEA+. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity as needed to protect your personal data or locate your information in our systems, or where you are not accessing our services or otherwise interacting with us from the EEA+.

Objecting to Legitimate Interest/Direct Marketing

You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within a marketing email. In such case, your personal data will no longer be used for that purpose.

Right to Withdraw Consent

Where we rely on your consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Transfer of Personal Data to Outside the EEA+

Our servers are located in the United States and we work with global partners and vendors. If we transfer personal data from the EEA+ to countries that have not been deemed adequate for data protection purposes by the European Commission, the UK or Swiss Government, we use approved transfer mechanisms such as the EU Standard Contractual Clauses and the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, and implement supplementary measures where necessary.

Additional Questions or Complaints

If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred, and, as applicable, to exercise third-party beneficiary rights under our Standard Contractual Clauses. Contact details for applicable Data Protection Authorities can be found using the links below:

− European Economic Area: https://edpb.europa.eu/about-edpb/board/members_en

− United Kingdom: https://ico.org.uk/global/contact-us/

− Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at info@bsaiii.com if you have any concerns.