Anthos Client Privacy Statement

Anthos provides services to you. To do so, it also needs to process certain information about you. Your privacy is of the utmost importance to us. Anthos is committed to ensuring your personal data is protected and to treating the information entrusted to us confidentially. This Privacy Statement explains what personal data Anthos collects, what we do with that information and what rights you have in relation to that information and how you can exercise them. As part of our commitment to protecting your personal data, we also want to inform you why and how Anthos collects, uses and stores your personal data and the lawful basis for using your personal data.

What information (personal data) do we collect from you?

Anthos provides the following main services: private wealth management, estate planning, tax advice, family legal, care support and local services. Depending on the services we provide to you, we may (to the extent permitted by law) collect and process the following categories of personal data from you:

• Personal details such as your name, person code, date and place of birth, marital status, nationality, and details drawn from official identification documents (incl. national identity card, passport, driving licence, birth certificate and permits), phone numbers, email addresses, addresses and family details such as the name of your partner (including relations, e.g. parents, siblings, children) and, if applicable, information on participation in the multi-generational family business;
• Financial information, including balance, position and transaction information relating to your assets (incl. cash, investments, real estate), bank account numbers (of Anthos supported accounts, as well as private accounts), investment profiles, contractual documentation (such as wealth management agreements and notarial documents) and information Anthos needs to comply with regulatory requirements (such as total income, total wealth, source of funds);
• Tax information such as tax domicile, tax identification number, tax returns and other tax-related documents and information;
• Estate information including execution start and end dates;
• Details of our interactions with you (e.g. physical, telephone, through mobile applications, web, email), including the content of such interaction and technical data accompanying such interaction (such as time stamp, IP address, UserID);
• Special categories of personal data, if applicable, and typically following your specific request, consent and if in your specific interests.

For what purposes do we process your personal data, and on what lawful basis?

Personal data will be processed for the purposes of relationship management, delivery of the services to you, to communicate with you about the services we provide to you, and to carry out legal and regulatory compliance obligations. We may also use your personal data for the purpose of communicating information important to you. We process your personal data only for a specific purpose and process only the personal data relevant to achieve that purpose. If we intend to use any personal data in any manner inconsistent with this Privacy Statement, you will be informed of such anticipated use before or at the time the personal data is collected. The lawful basis for processing your personal data will be one of the following:

• legitimate interest, i.e. to offer you services, manage our long-term relationship, communicate with you and respond to a specific enquiry from you;
• the performance of a private wealth management agreement;
• your consent (where Anthos requires this to process certain personal data; please note that you may always withdraw your consent); or
• to meet our legal or regulatory responsibilities, in relation, for example, to the financial sector, anti-money laundering and tax laws, as well as to manage and measure risks and opportunities related to Environmental, Social and Governance (“ESG”) criteria.

How do we protect your personal data?

All Anthos employees are subject to a code of conduct. Furthermore, internal policies, rules and processes are in place to protect your personal data and ensure confidentiality. All employees are required to pass mandatory data-privacy training.

Anthos is committed to ensuring that we have all necessary and adequate technical and organisational measures in place to keep your personal data secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Who has access to your personal data and with whom are they shared?

We restrict access to your data to those employees who need this information to provide our services to you. We take all reasonable measures to protect your data against loss and unlawful processing. We keep records of electronic access rights granted, and regularly check these rights and the data themselves for accuracy and appropriateness.

We will not use your data for profiling or targeting for commercial marketing purposes. We do not share your data with other clients, also not for charitable events or for other idealistic purposes, unless you have indicated otherwise or our role as a Anthos requires us to do so.

We may use your personal data to communicate with you about the services we provide to you. This enables us to offer you information likely to be relevant to you.

Unless prohibited by law, we may share, on a need-to-know basis, personal data with the various parts of the Anthos organisation that provide services to you and with entities that are part of the COFRA group to be able to provide our services to you.

We will share your personal data with third parties only if required to do so for legal and/or regulatory reasons and to be able to provide the services we deliver to you.

Depending on the service we provide to you, we may need to disclose personal information to the authorities and sometimes to private organisations, such as banks, lawyers, tax advisors, auditors, accountants, insurers and travel companies.

Our suppliers are contractually bound to observe confidentiality and we do not disclose personal data beyond what is required and allowed.

We will conduct periodic due diligence to ensure any third-party processor has appropriate data protection measures in place that align with the requirements of the applicable data protection legislation. The personal data transferred within or outside Anthos and the COFRA group is in some cases also processed in countries outside the European Economic Area (i.e. EU + Iceland, Liechtenstein and Norway), this means in the UK, Jersey, Switzerland, Canada and the USA. We transfer your personal data abroad only to countries considered to provide an adequate level of data protection, or, in the absence of such legislation, that guarantee adequate protection, based on appropriate safeguards (e.g. standard contractual clauses adopted by the European Commission).

How long do we keep your information?

We retain your personal data only for as long as is necessary for the purposes for which it was collected or to comply with legal or regulatory obligations. The record retention regulations across the various jurisdictions in which we operate require us to comply with a variety of retention periods and generally range from two to ten years. To comply with these requirements we have, as a rule, decided that all client-related information should be kept for at least ten years. In cases of doubt, no client-related information will be destroyed without first consulting the Legal and Compliance departments.

We regularly review the personal data we hold on you to check for accuracy and relevance and to ensure we continue to have a lawful basis for processing it. If the personal data is no longer necessary, or where we no longer have a lawful basis for processing it, we will delete or fully anonymise the data. If your data becomes inaccurate, we will update it accordingly.

What are your rights, and how can you contact us?

You have the right to access and obtain information on your personal data that we process. If you believe any information we hold about you is incorrect or incomplete, you may request that your personal data be corrected.

You also have the right to:

• object to the processing of your personal data;
• request the deletion of your personal data – for example, if the personal data has been collected in violation of statutory frameworks, or if the personal data is no longer necessary for the purpose for which it was collected and retained;
• request the processing of your personal data be restricted; and/or
• if the data processing is based on your consent, withdraw your earlier consent to Anthos to process personal data (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).

If you exercise any of your rights, Anthos must respond no later than one calendar month, starting from the day we receive your request. If your request is complex or you make more than one, the response time may be a maximum of three calendar months, starting from the day of receipt.

If you have questions, comments or requests regarding this Privacy Statement, we will be happy to help you.

You can contact us by email privacy@anthos.net.

Clients serviced by the Anthos Swiss Service Office AG can contact us by email at swissprivacy@anthos.net.

To exercise your rights as indicated in this section, or if, in your opinion, we do not comply with the provisions of this Privacy Statement, you have the right to submit a request to us (by email to privacy@anthos.net or swissprivacy@anthos.net) or a complaint to the applicable data protection authority.

Changes and updates to this Privacy Statement

We regularly review our Privacy Statement and update it when necessary. Any update will be announced and posted on the Anthos Digital Platform.

This Privacy Statement was last updated in July 2024.