Privacy Policy

Last updated: April 10, 2026

1. Introduction

This Privacy Policy ("Privacy Policy") explains how Finka Swiss AG ("FinkaMetals", "we", "us", "our") processes and protects your personal data when you use the website at www.finkametals.com and all associated websites (collectively the "Website") or any other services we may provide, including but not limited to the FinkaMetals trading platform (collectively the "Services").

Finka Swiss AG is the data controller responsible for the processing of your personal data as described in this Privacy Policy.

Finka Swiss AG
Gotthardstrasse 26
6300 Zug
Switzerland
CHE-460.553.405
info@finkametals.com

2. Personal Data We Collect

We may collect or receive personal information for a number of purposes connected with our operations when you use our Services, namely:

Account information (e.g., name, email address, phone number, company name, role)
Identity verification data (e.g., government-issued ID, proof of address, KYB/KYC documentation)
Website visitor details (e.g., IP address, log files, terminal ID, browser type and version)
Geolocation data (e.g., your approximate location derived from your IP address)
Transaction data (e.g., trading activity, tender submissions, bid history)
Communication data (e.g., messages, support requests, feedback)
Form submission data (e.g., data submitted via the Request Access form or the Contact Us form, including company name, full name, email address, phone number, country, role, and message content)

There is no obligation to provide your personal data. However, please note that we may not be able to provide our Services if you do not provide the data strictly necessary for providing the Services.

3. How We Collect Personal Data

We may collect information about our users when they use our Services, including taking certain actions within them.

Directly:

Via our Website and electronic communication
When you submit a form on our Website, including the Request Access form and the Contact Us form
When you register for an account or complete KYB/KYC verification
When you use our trading platform and related Services
When you provide services to us
When you correspond with us by electronic means using our Services
When you browse, complete a form, or make an inquiry while using our Services

Indirectly:

Through public sources
From public registers (such as commercial registers), news articles, and internet searches
When our business customers engage us to perform professional services which involve them sharing personal data they control with us as part of that engagement
From external Service Providers, including identity verification and compliance partners

4. Legal Basis and Purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To provide certain Services or take steps linked to providing certain Services, including account registration, trading platform access, tender management, and transaction processing.

Legitimate interests: We rely on legitimate interests based on our assessment that the processing is fair and reasonable and does not override your interests or fundamental rights and freedoms. In particular, to maintain and improve our Services, to ensure platform security and integrity, to prevent fraud, to detect, prevent, and address security threats, and to evaluate interest expressed through our Website forms (e.g., Request Access, Contact Us) for the purpose of responding to inquiries and assessing platform access.

Necessity for compliance with legal obligations: To meet regulatory and public interest obligations. In particular, to comply with applicable anti-money laundering (AML) laws and regulations, including the Swiss Anti-Money Laundering Act (AMLA) and its implementing ordinances, as well as know-your-business (KYB), know-your-customer (KYC), and sanctions screening requirements. Identity verification data collected during onboarding is processed on this basis. This also includes the legal enforcement of claims and rights, if any.

Consent: Where we use cookies or similar technologies that are not strictly necessary for the operation of our Website, we process your data on the basis of your consent, which you may withdraw at any time.

5. Data Retention

We retain personal data for so long as it is needed for the purposes for which it was collected and in line with legal and regulatory requirements or contractual arrangements. After this period, we delete or fully anonymise your personal data.

For form submissions (Request Access, Contact Us), we retain your data for the period necessary to evaluate and respond to your inquiry. If no ongoing relationship is established, we delete such data within 12 months of submission, unless a longer retention period is required by law.

For trading and transaction records, we may be required to retain data for extended periods to comply with financial regulations and record-keeping obligations.

6. Data Recipients

We may engage third-party companies ("Service Providers") to facilitate the operation of our Services, assist in analysing the usage of the Services, or perform necessary services. These third parties have access to your personal data only to the extent necessary to perform these tasks. Exemplary types of Service Providers who might access your personal data:

Third parties that are engaged in the course of your matter, such as counsels, banks, and other payment providers, KYB/KYC/AML service providers
Third parties who provide IT and software services, including cloud hosting and data analytics
Blockchain infrastructure providers
Identity verification and compliance partners
Settlement and payment partners who facilitate transaction processing on behalf of users

7. Data Transfers

We and/or our Service Providers may transfer your personal data to and process it in the following countries: EU and EEA; Switzerland; USA.

We may use Service Providers partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e., countries whose level of data protection does not correspond to that of the EU or Switzerland.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

Such safeguards may include: the transfer to countries that have been deemed to provide an adequate level of protection according to the Federal Council, as well as to countries where there is an adequacy decision by the European Commission in place; applying standard data protection model clauses, binding corporate rules, or other standard contractual obligations that provide appropriate data protection.

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g., intelligence services) can gain access to the transferred data and that the enforceability of your data subject rights cannot be guaranteed.

8. Data Disclosure

We may disclose your personal data in the good faith belief that such action is necessary, for example:

To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency)
To protect the security of our Services and defend our rights or property
To prevent or investigate possible wrongdoing in connection with us
To comply with anti-money laundering, sanctions, and other financial compliance requirements

9. Data on the Blockchain

When using our Services or interacting with any applicable blockchain in relationship with our Services, you should be aware that certain transaction data may be publicly and irrevocably recorded on the applicable blockchain. These records typically include information about transaction amounts, timestamps, and the involved addresses. They do not include data such as your name or email address.

Nonetheless, third parties may be able to connect blockchain transactions involving your address to you.

Due to the nature of blockchain technology, data recorded on-chain cannot be modified or deleted. Your rights under applicable data protection law may therefore be limited in respect of such data.

10. Data Security

We take reasonable technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the service providers that we engage are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us, but no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

11. Your Rights

You have the following data protection rights. To exercise these rights, you may contact us at: info@finkametals.com. Please note that we may ask you to verify your identity before responding to such requests.

Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time with effect for the future. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented, unless there is another legal basis for processing.
Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, if this is data which you have provided to us and if we are processing it on the legal basis of your consent or to perform our contractual obligations.
Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests, or if we need to continue to process the personal data for the exercise or defence of a legal claim.
Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). In the EU and EEA, you can exercise this right before a supervisory authority in the Member State of your residence, your place of work, or the place of the alleged infringement.

12. Cookies and Similar Technologies

Our Website may use cookies and similar technologies (collectively "Tools") provided either by us or by third parties.

A cookie is a small text file that is stored on your device by the browser. Comparable technologies include web storage (local/session storage), fingerprints, tags, or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or similar technologies are rejected or only stored with your prior consent. If you refuse cookies or similar technologies, you may not be able to use all of our Services without problems.

Strictly necessary cookies: We use cookies that are necessary for the operation of the Website on the basis of our legitimate interest in enabling you to use our Services. These cookies are essential for the basic functionality of the Website and cannot be switched off.

Analytics and marketing cookies: We use analytics and marketing cookies only with your prior consent. You may grant, refuse, or withdraw your consent at any time via the cookie consent banner displayed on the Website. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

[Placeholder: When analytics or marketing tools are deployed, a detailed cookie table listing each cookie, its provider, purpose, type, and duration will be added here.]

Our Services contain links to websites or apps that are not operated by us. When you click on a third-party link, you will be directed to that third party's website or app. We have no control over the content, privacy policies, or practices of any third-party websites or services.

We maintain online presences on social networks to, among other things, communicate with customers and prospective customers and to provide information about our products and Services. As soon as we transfer personal data into our own system, we are responsible for this independently. For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to their data protection declarations. Below is a list of social networks on which we operate an online presence:

LinkedIn
X (formerly Twitter)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We therefore encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are made available on the Website.

15. Contact Information

info@finkametals.com

Finka Swiss AG
Gotthardstrasse 26
6300 Zug
Switzerland
CHE-460.553.405

Last updated: April 10, 2026

1. Introduction

Finka Swiss AG is the data controller responsible for the processing of your personal data as described in this Privacy Policy.

Finka Swiss AG
Gotthardstrasse 26
6300 Zug
Switzerland
CHE-460.553.405
info@finkametals.com

2. Personal Data We Collect

We may collect or receive personal information for a number of purposes connected with our operations when you use our Services, namely:

Account information (e.g., name, email address, phone number, company name, role)
Identity verification data (e.g., government-issued ID, proof of address, KYB/KYC documentation)
Website visitor details (e.g., IP address, log files, terminal ID, browser type and version)
Geolocation data (e.g., your approximate location derived from your IP address)
Transaction data (e.g., trading activity, tender submissions, bid history)
Communication data (e.g., messages, support requests, feedback)
Form submission data (e.g., data submitted via the Request Access form or the Contact Us form, including company name, full name, email address, phone number, country, role, and message content)

3. How We Collect Personal Data

We may collect information about our users when they use our Services, including taking certain actions within them.

Directly:

Via our Website and electronic communication
When you submit a form on our Website, including the Request Access form and the Contact Us form
When you register for an account or complete KYB/KYC verification
When you use our trading platform and related Services
When you provide services to us
When you correspond with us by electronic means using our Services
When you browse, complete a form, or make an inquiry while using our Services

Indirectly:

Through public sources
From public registers (such as commercial registers), news articles, and internet searches
When our business customers engage us to perform professional services which involve them sharing personal data they control with us as part of that engagement
From external Service Providers, including identity verification and compliance partners

4. Legal Basis and Purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To provide certain Services or take steps linked to providing certain Services, including account registration, trading platform access, tender management, and transaction processing.

5. Data Retention

For trading and transaction records, we may be required to retain data for extended periods to comply with financial regulations and record-keeping obligations.

6. Data Recipients

Third parties that are engaged in the course of your matter, such as counsels, banks, and other payment providers, KYB/KYC/AML service providers
Third parties who provide IT and software services, including cloud hosting and data analytics
Blockchain infrastructure providers
Identity verification and compliance partners
Settlement and payment partners who facilitate transaction processing on behalf of users

7. Data Transfers

We and/or our Service Providers may transfer your personal data to and process it in the following countries: EU and EEA; Switzerland; USA.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

8. Data Disclosure

We may disclose your personal data in the good faith belief that such action is necessary, for example:

To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency)
To protect the security of our Services and defend our rights or property
To prevent or investigate possible wrongdoing in connection with us
To comply with anti-money laundering, sanctions, and other financial compliance requirements

9. Data on the Blockchain

Nonetheless, third parties may be able to connect blockchain transactions involving your address to you.

Due to the nature of blockchain technology, data recorded on-chain cannot be modified or deleted. Your rights under applicable data protection law may therefore be limited in respect of such data.

10. Data Security

11. Your Rights

Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time with effect for the future. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented, unless there is another legal basis for processing.
Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, if this is data which you have provided to us and if we are processing it on the legal basis of your consent or to perform our contractual obligations.
Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests, or if we need to continue to process the personal data for the exercise or defence of a legal claim.
Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). In the EU and EEA, you can exercise this right before a supervisory authority in the Member State of your residence, your place of work, or the place of the alleged infringement.

12. Cookies and Similar Technologies

Our Website may use cookies and similar technologies (collectively "Tools") provided either by us or by third parties.

[Placeholder: When analytics or marketing tools are deployed, a detailed cookie table listing each cookie, its provider, purpose, type, and duration will be added here.]

LinkedIn
X (formerly Twitter)

14. Changes to This Privacy Policy

15. Contact Information

info@finkametals.com

Finka Swiss AG
Gotthardstrasse 26
6300 Zug
Switzerland
CHE-460.553.405

1. Introduction

2. Personal Data We Collect

3. How We Collect Personal Data

4. Legal Basis and Purposes

5. Data Retention

6. Data Recipients

7. Data Transfers

8. Data Disclosure

9. Data on the Blockchain

10. Data Security

11. Your Rights

12. Cookies and Similar Technologies

13. Links to Third-Party Apps and Websites; Social Media

14. Changes to This Privacy Policy

15. Contact Information

Privacy Policy

1. Introduction

2. Personal Data We Collect

3. How We Collect Personal Data

4. Legal Basis and Purposes

5. Data Retention

6. Data Recipients

7. Data Transfers

8. Data Disclosure

9. Data on the Blockchain

10. Data Security

11. Your Rights

12. Cookies and Similar Technologies

13. Links to Third-Party Apps and Websites; Social Media

14. Changes to This Privacy Policy

15. Contact Information