Privacy notice

This Privacy notice is valid as of 3 Nov 2025 and applies to the management of personal data at the following Arex companies:

Arex Advisor AB, Sveavägen 9, 111 57 Stockholm, Sweden

and

Arex Advisor AG, Aeschenplatz 6, 4052 Basel, Switzerland.

1. Collection and storage of personal data as well as type and purpose of data usage
2. a) When visiting our website

When you visit our website the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a log file. In addition, we use cookies and Google analytics services when you visit our website (see section 4 below) and further analyze your use of our website (Google analytics with IP anonymization activated, further information on the use of data by Google and configuration options can be found here: https://www.google.com/intl/en/policies/privacy/partners).

In particular, the following information may be recorded without your active submission thereof and stored until it is automatically deleted:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL – the previously visited page),
• The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The mentioned data will be processed by us for the following purposes:

• Ensuring a smooth connection of the website,
• Ensuring easy use of our website,
• Evaluation of system security and stability.

1. b) When registering for our newsletter

We require your contact details (name, email address, company name, and job function) to register you for our newsletter. The data will only be used for this purpose and will not be passed on to third parties.

You can revoke your consent to the storage of your data and its use for sending newsletters at any time. In every newsletter you will find a corresponding link. You can also send us your request via the contact details given at the end of this document.

1. c) When registering for a seminar

We require your contact details (name, email address, company name, and job fuction) to register you for our seminars. The data will only be used for this purpose and will not be passed on to third parties.

You can revoke your consent to the storage of your data and its use for registering at our seminars at any time. You can also send us your request via the contact details given at the end of this document.

1. d) When applying for employment

When you apply for a job with us, we will register your contact details, and any other information you provide to us in the course of the application process, in a folder with restricted access. We process application data for the assessment of your application and potential negotiation, preparation, conclusion and performance of an employment contract with you.

We will keep your personal data only during the recruitment period, unless you clearly ask, inform, or allow us otherwise. The data will only be used for this purpose and will not be passed on to third parties. However, we may collect some information about you also from third parties (e.g. former employers or other third parties for reference purposes).

1. e) When reporting an adverse event or a product complaint

Personal data collected when reporting an adverse event or complaint will be processed by Arex on behalf of our clients as described under Contract data for the purpose of meeting legal requirements regarding adverse events and product complaints. The data may be kept at Arex until the end of the contract with the client.

You have the right to request access and correct your personal data. If you wish to exercise these rights, please contact us at the following address: safety@arexadvisor.com.

1. f) Contract data

If we enter into a contract with you, or into negotiations regarding such contract, we may collect data in relation to these purposes such as your contact details, the company on whose behalf you are interacting with us, subject matter, communication content, data included in regulatory reports, related meta data and any other information you provide to us when interacting and communicating with us in relation to the provision of our services to you and/or the entity on whose behalf you interact with us (e.g. your employer).

In general, we collect this data from you, other contractual partners and from third parties involved in the performance of the contract but may also use data from third-party or public sources (e.g. government registries; supervisory authorities).

2. Data disclosure to third parties
   • Categories of recipients

Your data will be available on our server and in our CRM-system which is situated within the EU and Switzerland and shared between the Arex companies.

Further, we may disclose your personal data to the following (external) third parties:

• external service providers (e.g. IT services providers, business information providers, newsletter service providers, marketing and event management service providers, asset managers, etc.)
• contractual partners (to the extent the disclosure results from such contracts, e.g. if you use our Services under a contract that we have with your employer)

• competent authorities, including tax authorities and courts (in Switzerland and abroad, if we are legally obliged or entitled to such disclosure or if it appears necessary to protect our interests)

• legal and professional advisors, including accountants and auditors

• transaction partners and advisors (e.g. in relation to mergers, acquisitions or other business transactions involving us or our group companies).

We will only pass on your personal data to third parties if:

• you have given your consent

• the disclosure is necessary to assert, exercise or defend legal claims except where such interests are overridden by the interests or fundamental rights and freedoms of your personal data

• this is necessary for compliance with a legal obligation, and this is legally permissible and necessary for the processing of contractual relationships with you

• our legitimate interest requires or permits us to do so.

• Cross-border transfers

Your personal data will not be transmitted to third parties, or to countries outside the EU or Switzerland, for purposes other than those listed above and below, and provided that (a) such countries provide for an adequate level of data protection according to the assessment of the competent authority, (b) we strive for an adequate level of data protection based on appropriate safeguards, such as the EU Standard Contractual Clauses adapted to Swiss law to the extent required, or (c) it is relied on a statutory exemption in accordance with applicable data protection law.

However, if we perform cross-border transfers this may be to the following regions:  UK and USA.

3. Cookies

We use cookies on our website. These are files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The information stored in the cookie is specific to the device used during each individual session. However, this does not mean that we are aware of your identity.

The use of cookies serves on the one hand to make your website visit more targeted, e.g. we use so-called session cookies to recognize that you have already visited individual pages of our website. These will be deleted automatically after leaving our site. In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimize website user-friendliness. If you revisit our site, the site will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to re-enter them.

We use cookies to statistically record the use of our website and to evaluate and continue optimization of our site. Cookies enable us to automatically recognize when you return to our site. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the mentioned purposes in order to protect our legitimate interests and those of third parties. Most browsers automatically accept cookies.

You can block the use of cookies directly in your browser configuration. However, by blocking the use of cookies you may not be able to access all parts of our website, or you may find that particular functionality is reduced or missing.

4. Rights of the data subject

Subject to the applicable data protection law, you have the following rights:

• to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom your personal data have been or will be disclosed, the envisaged storage period, the existence of the right to rectification, deletion, restriction or objection of processing of personal data, the right to lodge a complaint with a supervisory authority, the origin of your data, where the personal data was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved. You can demand without delay the correction of incorrect or complete personal data stored by us

• to request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

• to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing

• to object to the processing of your personal data, on the grounds relating to your particular situation or the objection is directed against promotional materials. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you wish to exercise your rights, simply send an e-mail to contact@arexadvisor.com.

• to complain to a supervisory authority, (in Switzerland the Federal Data Protection and Information Comissioner, in Sweden IMY).

As a rule, you can contact the supervisory authority at your usual place of residence or workplace.

5. Data retention period

We retain personal data for so long as the personal data is needed for the purposes for which it was collected, as it is required to be in line with legal and regulatory requirements, to fulfil our legitimate interest regarding documentation or for reasons of limited technical feasibility. Except in case of contrary legal or contractual obligations, we will erase or anonymize your data once the storage or processing period has expired.

Further, we generally keep application data in case of non-employment for the duration of the application process and for three months thereafter. We may retain application data for a longer time period for the assessment or exercise of, or defense against, legal claims. In case no employment contract is concluded, but you provide us with your consent to retain your application for further job vacancies, we may do so based on your consent.

6. Data security

We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties.

7. Accuracy and amendment of this privacy notice

This privacy notice is currently valid in accordance with implementation date in the header.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to amend this data protection notice, and we may amend it from time to time. The version published on www.arexadvisor.com is the version that currently applies.