Nuant Privacy Policy

1 - Who are we and what do we offer?

We are Nuant AG.Nuant is the integrated solution for institutional professionals to support their digital asset portfolio management,research, and data intelligent needs. Our integrated Portfolio analytics platform, powered by our market data and on-chain data services, is built on a set of advanced capabilities, each of which have been specifically developed to address aninstitutional manager’s Digital Asset portfolio analytics and decision- support needs.More information about our Services is available on (the Website).
2 - Privacy Policy

This is our Privacy Policy. In this document we explain what kind of Personal Data we collect. We also explain what rolewe have in the processing of Personal Data, how long we retain them and what rights you have as a data subject.
3 - Personal Data and the Privacy Legislation

We are all about respecting the privacy of our Users and protecting their Personal Data. We process Personal Data.Personal Data means all information by which a person can be directly or indirectly identified – in line with the definitionsof the General Data Protection Regulation (GDPR) and other relevant legislation on the protection of Personal Data(collectively referred to as the Privacy Legislation).
4 - Our role as Controller

We collect and process the Personal Data in the context of our Services and if you visit our website. We determine thepurposes and means of these processing activities. This means we act as Controller within the meaning of the PrivacyRegulation.
5 - What Personal Data do we collect as Controller?

Personal Data we process when you contact us via email or our contact form:

> (Personal) Data:
Your name, e-mail address and other (Personal) Data you share with us in your message.

> Purpose(s):
We use this information to contact you about your message and/or to provide you information and/or support.

> Legal basis:
We may process this Personal Data because we have a legitimate interest to process this data. We need this data to contact you about your message and/or to provide you support.

Personal Data we process through our social media pages:

> (Personal) Data:
Information you make public, when you leave a comment, send a message to us, or otherwise post something on our social media pages.

> Purpose(s):
We use this information to: - contact you via our social media pages; - process your feedback left on our social media pages.

> Legal basis:
We may process this Personal Data, because we have a legitimate interest to process this data and you voluntarily made public such information. Our social media pages are also controlled by the social medium itself. Please check their own privacy policies, to see how each social medium handles your Personal Data: Twitter Privacy Policy, Facebook Privacy, LinkedIn Privacy Policy, YouTube Privacy Policy, Instagram Privacy Policy, Pinterest: Privacy Policy.

Personal Data we process through the use of our Website:

> (Personal) Data:
Technical information: IP-address, functional cookies, and technical information (i.e., type of browser and operating system).

> Purpose(s):
We use this information to:
- analyse (the use of) our Services;
- solve problems;
- improve our Services;
- adjust the Services to the device used;
- flag, report and prevent misuse, fraud and threats of/regarding our Services.

> Legal basis:
We have a legitimate interest to use technical information, functional cookies and your IP-address, namely to analyse and improve our Services.

Personal Data we process when you subscribe to our newsletter:

> (Personal) Data:
Contact information: Name/ company name and email address.

> Purpose(s):
We use this information:
- to send you our newsletter and other marketing emails;
- keep you updated on any developments and offers regarding our Services.

> Legal basis:
We only send newsletters and other marketing emails, if you gave us permission to do so via an opt-in. It is always possible to revoke your permission by unsubscribing from our newsletter via the link at the bottom of each newsletter.
6 - Cookies

We use cookies on the Website. A cookie is a simple small text file that can be stored on your computer, when you visit the Website. This text file identifies your browser and/or computer. When you revisit our website, the cookie ensures, for instance, that our website recognizes your browser or computer.

If you do not want cookies to be stored on your device, you can change the cookie settings in your web browser. If you do so, please note that some features of the Website may not function properly without cookies.

We use the following types of cookies: Functional cookies:
> Functional cookies: Functional cookies are essential to the operation of our website. They allow you to navigate through our website and to use the functions incorporated in it.
> Analytical or statistical cookies: Analytical cookies are used to check the quality and effectiveness of the Website. For instance, we can see how many users visit the Website and which pages are visited. We use this information to improve our Website and Services.
> Tracking cookies: Tracking cookies monitor the clicking behaviour and surfing habits of our visitors. By means of these cookies we can see how you navigate through to our website. We might use these cookies to show you advertisements based on your interests.

You can read more about our use of cookies in our cookiestatment.
7 - How long do we keep the Personal Data?

It is our policy to store and process only those Personal Data that are essential to provide you with the best possible service.

We will not process or store any Personal Data that we do not need. We store Personal Data for as long as we need it for the above purposes unless we are legally obliged to retain the Personal Data for a longer period. In this respect, we apply the following retention periods:

> Personal data in our records for the tax authorities | This data is stored for seven (7) years unless we are legally obliged to retain the data for a longer period.

> Other information | We store other Personal Data only for as long as it is necessary for the purposes. This is deleted as soon as it is no longer necessary for the purposes for which we processed it.

We may also process all Personal Data when we have a good faith belief it is necessary to detect, prevent and address fraud and other illegal activity. Personal Data that we process to prevent fraud (or users who have committed fraud), we store for a maximum of five (5) years.

Personal Data we process may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
8 - Do we share your Personal Data with others?

We may use Processors to assist us in our Services provided as Controller – in such case the Processor processes the Personal Data ‘on our behalf’. We enter into a Data Processing Agreement with all our Processors. Our use of (Sub- )Processors is in accordance with the Privacy Regulation. The Processors we use are:

> Google for data storage (servers located in the EU);

> DocuSign for the signing of contracts and documents (located in the EU). In addition, we may share some of the Personal Data processed as Controller with other controllers. For example, we share:

> Our financial administration with the tax authorities, because we are legally obliged to do so;

> Payment details with the bank through which the payment is issued because this is necessary to execute the transaction. Apart from the above, we will not share your Personal Data with third parties, unless we are legally obliged to do so.
9 - Export of Personal Data outside the European Union or European Economic Area

Nuants principal place of business is in Switzerland, which is a Third Country under the GDPR. Decision 2000/518/EC of the EU Commission states that Switzerland is deemed to provide an adequate level of data protection regarding commercial organizations such as Nuant. We may transmit Personal Data to parties outside the European Union, if one of our (Sub-)Processors is established outside the European Union. The Personal Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the European standards.

The transmission of data outside the European Union will always happen in conformity with the Privacy Legislation (chapter 5 of the GDPR).
10 - Data security

We protect all Personal Data we process from unauthorised and unlawful access, change, disclosure, use and destruction. For instance, we take the following technical and organisational measures to protect the Personal Data:
> we encrypt many of our services using SSL;
> we review our information collection, storage and processing practices, from time to time to guard our systems against unauthorised access;
> IT and network security solutions;
> pseudonymisation and checks;
> training;
11 - Links to other websites

You can find (hyper) links on our website which link to the websites of partners, providers, reference sources or any other third parties. We have no control of the content or the links which appear on said websites and we are not responsible for the practices of websites linked to. Furthermore, these websites, including their content and links, may constantly change. These websites may have their own privacy policies, user conditions and customer policies. Browsing and interaction on any other website, including websites linked to, are subject to the terms and conditions of such website.
12 - Changes to the Privacy Policy

The Privacy Policy may be changed from time to time. Please check our Privacy Policy frequently and take note of any changes. The new Privacy Policy will be effective immediately upon posting on our Website. If we change our Privacy Policy significantly, then we will state so on our website together with the revised Privacy Policy.
13 - Your rights as a data subject and our contact data

Within the scope of and to the extent required by Privacy Legislation, you have – as a data subject - the right to:
> Ask us to rectify or update your Personal Data;
> Ask us to remove your Personal Data from its systems;
> Ask us for a copy of the Personal Data processed of you. Such copy may also be transferred to another data controller at your request;
> Withdraw your consent to process your Personal Data. This only affects the processing activities that are based on your consent and does not affect the validity of such processing activities before you have withdrawn your consent;
> Object to the processing of your Personal Data;
14 - Contact Information

If you have questions or concerns about this Privacy Policy or your privacy, you can contact us at
Last Updated: 27 October 2022