INFORMATION ON PERSONAL DATA PROCESSING AND PROTECTION

I. Controller:

Etops AG (Etops or controller), Bahnhofstrasse 1, 8852 Altendorf, Switzerland, info@etops.ch

II. Client Content

Information you provide through the Etops App are the intellectual property of and owned by the Client (“Client Content”). Client Content may include, but is not limited to, personal information of the Authorized Users, the Client, the Client’s end-clients, portfolios, service providers and any such data as submitted by you through the use of the Etops App.

III. Website analytics

To improve your experience on our site, we may use 'cookies'. Cookies are industry standard and used by most major web sites. A cookie is a small text file sent by the web server to your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.

IV. What are the purposes of processing?

Etops processes personal data for following intended purposes: * Entering into agreement and performance thereof;

V. What categories of personal data we process?

For the specific limited purposes listed above Etops may process the following categories of Data subjects‘ data (including but not limited to), if available to Etops: Basic personal data including contact details (e.g. name, address, email, phone number), professional details (e.g. job title), financial details (e.g. bank account); investment details (e.g. your assets), identification and background checks (e.g. ID card number); business activities (“Personal Data”). Etops may obtain Personal Data from you in the context of our business relationship, from publicly accessible sources where it is necessary to provide our services (e.g. commercial registers, internet) or from other third parties authorized to provide such data (e.g. custodian).

VI. Special categories of Personal Data (sensitive data)

Etops may process data necessary to assess whether you are a politically exposed person (PEP) and other relevant data in relation to its obligation according to the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA), if applicable.

VII. Legal basis for processing

Etops is entitled to process Personal Data if the laws so provide. In this case Etops doesn’t need consent for the processing and you may be obliged by law to disclose them to Etops. In case of nonprovision of such data Etops may not be able to enter into contract with you (e.g. identification or background checks to identify you and assess your integrity). Personal Data may also be processed upon your consent. Where the data is processed on the consent basis you are entitled to withdraw your consent at any time, without affecting the lawfulness of processing prior its withdrawal. You can find more details on the legal basis for processing in Annex A.

VIII. Categories of designated data recipients

Etops may disclose Personal Data to the following recipients for the abovementioned purposes insofar as it is legally permissible or necessary to do so, and to the extent that disclosure is required or legal (e.g. based on the legitimate interest of the data controller):

Etops does not rent or sell Client Content. We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing. For more details see Annex A.

IX. Intended data transfer to recipients outside of Switzerland

Personal Data may be transferred to member states of the European Union (EU) or the European Economic Area (EEA) or other countries which ensure adequate level of protection. Etops may transfer Personal Data to recipients in other countries which must provide appropriate safeguards and under condition that enforceable data subjects rights and effective legal remedies for data subjects are available. If required, Etops may transfer Personal Data to the Etops’s contractual service provider in Slovakia and respective authorities. Furthermore, the Client is aware that Client Content may be transmitted into other countries without control if the Internet is used for data transmission as a result of the configuration of the Internet. This applies even if the sender and recipient of the information transmitted are both located in Switzerland. Other jurisdictions may have different legislation concerning the protection of the privacy of the Client, and the confidentiality of business data. Over the Internet, the sender and recipient of data are not encrypted for transmission. It may therefore be possible for third parties to draw conclusions concerning business relationships. For more details see Annex A.

X. Data retention periods

Etops will archive personal data for 10 years after the termination of the contract with you or for such longer periods as required by statutory laws. In relation to the direct marketing purpose or consent-based processing Etops will cease the processing once you unsubscribe from the receiving of any marketing materials or communication or withdraw your consent.

XI. Protection of your Personal Data

Etops has implemented appropriate technical and organisational security measures to protect your Personal Data against loss, accidental or unlawful destruction or alteration, unauthorized disclosure of, or access to Personal Data.

Further details on Etops’s and the Client’s responsibilities and liabilities with respect to data security are stipulated in the Agreement. In addition, Etops can provide further details on the technical security measures upon Client’s request.

XII. Your rights

You are entitled to request from Etops access to, correction, update, erasure of Personal Data, restriction of processing or to object to processing as well as data portability. You can submit your request in a written form or electronically (see contact details in the Section I above). Please, don’t forget to identify yourself sufficiently otherwise Etops won’t be able to handle your request.

1. Right of access by data subjects

The data subject shall have the right to obtain from the controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the Personal Data.

2. Right to restriction of processing

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

3. Right to object

The data subject has the right to object, on grounds relating to his or her particular situation, at anytime to processing of Personal Data concerning him or her which is based on following grounds (including profiling on the following grounds)

4. Right to erasure (‘right to be forgotten’)

The data subject has the right to obtain from the controller the erasure of Personal Data concerning him or her without undue delay and the controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies (unless applicable law provides otherwise):

5. Right to data portability

The data subject has the right to receive the Personal Data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the Personal Data have been provided, where

6. Right to file a complaint with supervisory authority

The data subject has the right to file a complaint with a supervisory authority, in particular in the state of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of Personal Data relating to him or her infringes applicable laws.

XIII. Final provisions

This Information is issued according to the EU General Data Protection Regulation (GDPR). Etops reserves the right to change this Information from time to time. Please check the Information frequently and particularly before you submit additional

Personal Data to Etops. All revisions to this Information will be published on www.etops.ch.

Annex A

LEGAL BASIS FOR PROCESSING

Purpose Data Categories Legal basis
Entering into contract and performance thereof Basic personal data; professional details, financial details; investment details, identification and background checks; business activities; Performance of the contract or pre-contract relations
Accounting Basic personal data, financial details Compliance with/fulfilment of legal obligation to which the controller is subject
Marketing Contact details Controller’s legitimate interest in promoting its services or products to existing clients or prospective clients who voluntarily provided their contact details; you can unsubscribe from receiving any marketing materials or communication; if the processing is consentbased you may withdraw your consent anytime.
Prevention of money laundering and terrorist financing and execution of economic sanctions, if applicable Basic personal data, financial details, identification and background checks, other relevant data categories in accordance with AMLA e.g. PEP) Compliance with/fulfilment of legal obligation to which the controller is subject
Fulfilment of other Etops’s statutory duties (e.g. towards tax authorities) Basic personal data; financial details, other relevant data categories. Compliance with/fulfilment of legal obligation to which the controller is subject
Litigation (in the case of a trial) Basic personal data, other relevant data categories Controller’s legitimate interest in protection of its rights
Fraud, prevention, detection and investigation Basic personal data, other relevant data categories Controller’s legitimate interest in protection of its rights

LIST OF RECIPIENTS

(PROSPECTIVE) PROCESSORS (individuals or legal entities) which process personal data on behalf of Etops:

Processor Purpose of processing
Affiliates Etops Group
Etops AG, Altendorf Outsouricng partner
Etops SK, s.r.o., Slovakia Outsouricng partner
Suppliers, Consultants, SW providers, Subcontractors Provision of the Services or SW

OTHER (PROSPECTIVE) RECIPIENTS

Recipient Purpose of processing Based on
Tax Offices Tax Administration Tax Legislation
Courts, other judicial authorities, criminal justice authorities (law enforcement) Civil or Criminal Proceedings Swiss Civil Procedure Code, Swiss Criminal Procedure Code
Federal Data Protection and Information Commissioner Protection of personal data Federal Act on Data Protection
Auditors Conducting Audits Code of Obligations, Federal Act on the Licensing and Oversight of Auditors
FINMA Financial Markets Supervision Federal Act on the Swiss Financial Market Supervisory Authority
VQF (Self-regulatory Organisation) Anti-money laundering and counter terrorist financing AMLA et al

TRANSFER OUTSIDE OF SLOVAKIA

Recipient/Country Adequacy of protection
EEA Adequate – GDPR is applicable