This Privacy Statement applies to the processing of personal data by MAVX. MAVX always processes personal data for a specific purpose and within the applicable legal framework.

We collect the following personal data from current and prospective customers, counterparties, service providers and applicants with whom we may enter into a business relationship:

• Personal information such as your full name, address, date of birth, gender and email address;
• Business information such as your contact details and job title;
• Data when you access our website, which is transmitted by your browser and automatically collected by our server, including the date and time of access, your web browser, the browser language, the domain requested and the IP address.

We process your personal data in particular for the following purposes:

• When entering into a customer relationship for the purpose of identification in connection with our legal due diligence obligations and also during the business relationship to conduct checks regarding compliance with regulatory requirements (e.g., for the purpose of anti-money laundering compliance, fraud prevention, and review of sanctioned countries to prevent financial crime);
• For customer relationship management, in managing the business relationship and for the purpose of communicating with you;
• For the provision of products and services and for their proper performance;
• For customer acquisition and the expansion of the business relationship;
• For marketing products or services;
• To comply with MAVX's ongoing regulatory and risk management obligations, particularly with respect to recording and monitoring communications, applying risk classification to existing business relationships, and investigating and preventing crime;
• For application purposes.

MAVX processes your personal data within the scope of these applicable legal provisions for one of the following reasons:

• When necessary to fulfill our contractual obligations to you;
• Where necessary to comply with our legal and regulatory obligations;
• Where it is necessary to do so to protect MAVX's legitimate interests; or
• Where you have given us consent to do so for a specific purpose.

The present data processing operations are based on the Swiss Data Protection Act (DPA) and - if applicable - the EU General Data Protection Regulation (GDPR).

We may use functions of the web analysis service of Hotjar Ltd (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) on our website to gain a better understanding of your needs and to optimize the offer and the customer experience on this website. By using Hotjar technology, we gain insights into your experience (e.g. duration of use of certain content or attractiveness of links) and can optimize our offer and your user experience based on this.

Hotjar uses cookies and other data points (anonymized IP address, screen size and resolution, browser details, geographical position, etc.) to generate data on the use of our website. Hotjar then generates and stores an anonymized user profile. If you do not want the data described to be collected and transferred to Hotjar, you can prevent this by using a browser plugin. You can find the corresponding plugin under the following link: hotjar.com/en/legal/policies/do-not-track/
The legal basis for the processing of your data is based on our legitimate interest in analyzing user behavior to optimize our offer. Further information about Hotjar can be found at the following link: hotjar.com/privacy

All employees who access personal data must comply with the internal rules and procedures for processing personal data to protect it and ensure its confidentiality.

MAVX has also implemented appropriate technical and organizational measures to protect your personal data from unauthorized, accidental, or unlawful destruction, alteration or disclosure, or from unauthorized, accidental or unlawful loss, misuse or access, or from any other unlawful processing.

On our website we use so-called cookies. Cookies are small data packages (text files) that your browser stores on your access device (computer, smartphone, etc.) on the instruction of a visited website in order to remember certain information related to the device (e.g. login information). The legal basis for the use of cookies on our website is generally your consent. Once you have consented, the file is added, and the cookie helps analyze web traffic. Cookies allow Internet applications to respond to you individually. Cookies cannot transmit viruses or spy on your data. We use cookies so that the website recognizes returning visitors and stores certain information about your preferences. If you do not wish to receive cookies, you must select your browser settings to delete or block all cookies placed on your computer. The cookies will remain on your computer until they expire or are manually deleted.

In principle, MAVX processes your personal data itself. If we share your personal data with external service providers (e.g. IT hardware, software outsourcing providers, document storage service providers or other service providers), they are contractually bound to confidentiality. In such a case, i.e. when MAVX transfers your data to service providers who process data on behalf of MAVX, we take measures to ensure that they comply with our data security standards so that your personal data is protected. Service providers, regardless of location, are required to comply with a number of technical and organizational measures.

Some of the personal data transferred is also processed in other countries. We only transfer personal data to countries that guarantee an adequate level of data protection, or, in the absence of such legislation, that guarantee adequate protection based on appropriate measures.

We store personal data only for as long as is necessary to fulfill the purpose for which it was collected or in accordance with legal, regulatory, or internal requirements. To this end, we apply criteria for determining the appropriate period for storing your personal data, which depends on the purpose of the data.

Based on the requirements of the Financial Market Authority, MAVX is also required to keep a record of the external and internal telephone calls of all employees working in securities trading, as well as electronic correspondence (e-mail, communication via Bloomberg, etc.) and proof of connections made by these employees via business telephones for a period of two years and to make them available to the authorities as required.

As a rule, we store your personal data based on statutory provisions for a period of ten years after termination of the business relationship, taking into account the statutory limitation period.

You can request information about your personal data processed by us. If you believe that the information we have collected about you is incorrect or incomplete, you may also request that your personal data be corrected.

In addition, you have the following rights:

• object to the processing of your personal data; or
• request the deletion of your personal data; or
• request a restriction on the processing of your personal data; and/or
• withdraw your consent if MAVX has obtained your consent to process your personal data; or
• request that we provide you with a copy of your data in a commonly used electronic format or transfer your data directly to another data controller.

To exercise your rights set forth above, or if you have any questions or comments about this Privacy Notice, please contact MAVX’s Privacy Advisor Nathalie Kappeler in writing or by email at the address below:

Maverix Securities AG
Data protection
Tessinerplatz 7
8002 Zurich
Switzerland

E-Mail: data-protection@mavx.com

This Notice was updated in August 2023. MAVX reserves the right to amend it from time to time.