Privacy Notice – FundBank (Europe) S.A.

For the purpose of this Privacy Notice:

• “Client” shall refer to prospective clients of the Bank;
• “Data Protection Law” means data protection law applicable in Luxembourg, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and the Law of 1 August 2018 on the organisation of the CNPD and the general data protection framework;
• “Personal Data”, “Processing”, “Purposes”, “Controller”, “Processor”, “Data Subject”, “Recipient”, “Appropriate Safeguards” and “Supervisory Authority” shall have the meaning ascribed to them in the GDPR;
• “we”, “us” and “our” shall refer to the Bank; and
• “you” and “your” shall refer to the Client.

2. Controller Identity and Contact Details

We are:
FundBank (Europe) S.A.
13 Rue Jean Fischbach,
3372 Leudelange,
Luxembourg
Email: dataprivacy_lux@fundbank.com

3. Personal Data We Process

We collect and process personal data relating to individuals associated with our business clients, which may include clients’ directors, authorized signatories, shareholders, beneficial owners, employees, representatives, agents, and professional advisors (“client data subjects”). The types of personal data FundBank collects about client data subjects may include:

• Identification information (e.g., relationship to the client; name, address; date, and place of birth; nationality; government identification numbers; passport information; picture ID; signature; utility bill).
• Contact details (e.g., phone number, email address, mobile number, physical and mailing address).
• Personal Data provided to us within the course of your pre-contractual, contractual and commercial relationship with us, including information resulting from know your customer and anti-money laundering and counter terrorism financing (KYC/AML-CTF) checks.
• Information the Bank collects or generates for risk management purposes such as Client due diligence data, client risk profiles, data to assess suitability/ appropriateness, Client qualification data, tax data or complaint information
• Due diligence, risk management , client qualification and/or tax-related information (e.g. source of funds/wealth/financial standing; tax identification number; politically exposed person (PEP) status; information about regulatory, law enforcement, or sanctions status).
• Transactional information where there is direct data subject involvement (e.g., wire transfer/bank account details).
• Image and sound (e.g. telephone recordings, video recordings through the CCTV systems installed in the premises of the Bank).
• History of professional relationship with us.

Personal data may be collected directly from our clients, or the client data subjects in various interactions with FundBank, and from searches we may conduct of our own records, publicly available sources, and various specialist databases.

Some of the information FundBank collects may fall within the special category of personal data — for example, customer due diligence checks on client data subjects may reveal political opinions or information about criminal convictions or offenses. Where FundBank processes such personal data, it will usually do so to comply with its obligations under anti-money laundering legislation.

We also collect personal data when persons interact with our site or services, which may include:

• Identifiers/Contact Information. When you contact us or if you sign up for our mailing list, including via email or phone, we collect certain personal data from you, such as your name, phone number, email address, and any personal data that you otherwise submit to us.
• Survey Responses. When you fill out our surveys, we may collect your survey responses, including information regarding preferences, your opinion about our Services or the survey topic. Participation in our surveys is voluntary.
• Professional information. When you work with us in your professional capacity, information about your company/employer, postal address, and phone number, your email address, and your position with the company.
• Communications and Interactions. When you email, call, or otherwise communicate with us or members of our team, we collect and maintain a record of your communications. We also maintain records of communications and information that you may post on our social media channels and information you provide to us related to any support requests.
• If you register for or attend an event that we host or sponsor, we may collect personal data related to your registration for and participation in such event.
• Other Information. Depending on your interactions with us, we may collect additional information such as personal data related to your interactions with our Services.

We automatically collect and derive personal data related to your use of our services and your interactions with us by means of cookies and other tracking technologies. Such information may include:

• Device and Browsing Information. We may collect device IP address, general location information, domain name, pageviews, date and time stamps, browser type, device type, device ID, Internet service provider, referring and exiting URLs, device operating system, language, clickstream data, and similar device and usage information.
• Activities and Usage. We also collect activity information related to your use of the services, such as information about links clicked, searches, features used, pages viewed, and time spent within the services.

4. Purpose of Processing and Legal Basis

We use the personal data you provide:

a) for the fulfilment of contractual obligations (Art. 6 para.1b GDPR)

• To deliver our products and services to clients.
• To manage and administer our client relationships.
• To respond to inquiries and provide support for the services.

b) in the context of our legitimate interest not overriding your interests or fundamental rights and freedoms (Art. 6 para. 1f GDPR)

• To better understand how users access and use our services, products, and offerings, and for other research and analytical purposes, such as to evaluate and improve our services and business operations, to develop services, features, and new products and offerings, and for internal quality control and training purposes.
• To tailor the content that we may send you and that we may display on the site or services, including to offer personalized help and instructions, and to otherwise personalize your experience.
• To protect our services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our client agreement, site or services terms of use, or other agreements we have with you or this Privacy Notice.
• To respond to or evaluate any queries or complaints concerning your relationship with us.
• To establish, exercise, or defend legal claims or rights (where relevant and proportionate).

c) based on your consent (Art. 6 para. 1a GDPR)

• For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and services.
• To administer surveys, such as for market research, client satisfaction purposes or improving our products and services; to conduct statistical and data analytics; and for other similar purposes.
• By way of marketing/business development, we may communicate with you from time to time about products, services, and events offered by FundBank or our affiliates or those of other parties that we think may be of interest to you, and/or send analysis and insight communications that we think may be of interest. Individuals can opt-out at any time to the receipt of such communications.
• To use non-essential cookies on the website.

d) due to legal requirements (Art. 6 para. 1c GDPR)

• To comply with customer due diligence obligations and reporting obligations under applicable law regarding anti-money laundering and combatting the financing of terrorism and proliferation; financial sanctions; and FATCA/CRS.
• To comply with legal and regulatory measures to which we are subject in connection with our business and service provision, including in particular the conduct of the regulated activity of banking.
• To respond to lawful requests for information from a court or law enforcement, regulatory or government authorities, or other legal process, and related legal proceedings for general commercial purposes, including marketing/business development, product/service development and enhancement, quality control, accounting, auditing, compliance, recordkeeping; in the context of any merger, sale, acquisition, reorganization, bankruptcy, financing or other business transactions involving FundBank or any of our assets; and other business purposes.

5. Sharing Your Personal Data

Set out below are the parties with which FundBank may share personal data:

• Our service providers (including specialist database/screening services), counterparties, internal or external auditors, and professional advisors.
• Our outsourced service providers where involved in processing personal data on our behalf (i.e., acts as data processor), including, for example, our information technology service providers.
• Regulatory, law enforcement, judicial, or other competent authorities, and other parties (such as in response to a court order) under lawful request or legal obligation.
• FundBank affiliates or members of our corporate group or under common majority ownership with us, including internal service companies and companies with which our clients have a direct customer relationship.
• Any concerned party (including their advisors or service providers) as a result of a merger or the sale or acquisition of FundBank or a FundBank service line or asset (including as part of a bankruptcy or insolvency proceeding).
• Analytics and advertising network providers, sponsors, or traffic measurement services, who may use this information to help us better understand how users access and use the services and to improve and measure the effectiveness of our advertisements and those of other parties.
• When we believe it is appropriate to do so to investigate, prevent, or take action regarding suspected illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our client agreement, site or services terms of use, or other agreements we have with you or this Privacy Policy, or as evidence in litigation in which we are involved.

Each data sharing is thoroughly assessed to ensure adequate mechanisms are implemented prior to data disclosure i.e. use of consent, implementation of data processing agreements with service providers, etc.

6. Third Country Transfer

Recipients referred to in previous section can be located outside of Luxembourg and the European Economic Area. In those cases, except where the relevant country has been determined to provide an adequate level of protection, we require such recipients to comply with appropriate measures designed to protect personal data including use of standard contractual clauses where applicable.

7. Data Security

FundBank has implemented a comprehensive information security framework consisting of strategies, policies, procedures, IT protocols and tools to duly and adequately protect Bank information assets including personal data and IT assets including IT systems processing personal data. We have also put in place procedures to deal with any suspected data security breach and will notify you and competent data protection authority of a suspected breach when regulatory conditions are met.

8. Retention of Personal Data

FundBank will retain your personal data for the duration of your relationship with FundBank or for as long as reasonably necessary to fulfil the purposes for which it was collected, and, in each case for such period after the relationship ends (generally 10 years retention) as is necessary to comply with applicable record retention requirements under the law (e.g., anti-money laundering legislation) or to enable FundBank to be in a position to deal with any complaint, claim, or dispute that might arise.

9. Your Rights

You have the following rights regarding your personal data (under certain circumstances, and without prejudice to applicable laws and regulations):

• The right to access your personal data.
• The right to correct any inaccurate or incomplete personal data.
• The right to request the deletion of your personal data.
• The right to restrict the processing of your personal data.
• The right to object to the processing of your personal data.
• The right to data portability.
• The right to withdraw your consent at any time (only where consent is used as legal basis).

To exercise these rights, please contact us at dataprivacy_lux@fundbank.com.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive.

You also have the right to lodge a complaint with the Data Protection Authority at: https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html

10. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. If we make any material changes to reflect changes to our practices or for other operational, legal, or regulatory reasons, we will bring this to your attention and may do so by any means such as by e-mail, letter, or otherwise post a notice on our website and update the “Last Updated” date at the bottom of this Privacy Notice. A copy of the latest version may be requested from dataprivacy_lux@fundbank.com at any time.

11. Contact Us

If you have any questions about this Privacy Notice, please contact us. Please refer to contact details under section 2.

Last Updated: April 22, 2025