1. WHO WE ARE (DATA CONTROLLER)

This Privacy Policy explains how Rothschild Warehouse AG (“Company”, “we”, “us”, “our”) collects and processes personal data when you visit our website https://www.rothschild-warehouse.com/ or contact us.

Controller:

Rothschild Warehouse AG

In der Specki 3

9494 Schaan

Principality of Liechtenstein

Company/Registry No.: FL-0002.746.504-3

Contact: info@rothschild-warehouse.com

2. SCOPE

This Privacy Policy applies to personal data processed in connection with:

- accessing and browsing the Website,

- contacting us via email,

- ensuring the security, stability, and performance of the Website.

This Website may contain links to third-party websites. We are not responsible for the privacy practices of third parties.

3. PERSONAL DATA WE PROCESS

We keep the Website’s data footprint proportionate and process personal data on a need-to-operate

basis.

3.1 Data you provide

If you contact us, we process:
- Identification and contact data (e.g., name, email address, phone number, company, role),

- Communication content (your message and any information you choose to include),

- Attachments you send to us.

3.2 Data processed automatically when you use the Website

When you access the Website, our systems may process:
- Technical data (e.g., IP address, device identifiers, browser type/version, operating system),
- Usage data (e.g., pages requested, timestamps, referrer information),

- Security data (e.g., log files and indicators used to detect misuse or attacks).

4. PURPOSES OF PROCESSING

We process personal data for the following business purposes:

- Website operations: to deliver the Website reliably and maintain availability.

- Security and resilience: to protect the Website, prevent abuse, and ensure system integrity.

- Stakeholder communications: to respond to inbound inquiries and manage business

correspondence.

- Compliance and governance: to meet legal obligations and manage disputes and claims, if any.

5. LEGAL BASES (EEA/UK GDPR — WHERE APPLICABLE)

Where applicable, we rely on:

- Legitimate interests (Art. 6(1)(f) GDPR): operating, securing, and improving the Website; handling

B2B communications; preventing fraud and misuse

- Steps prior to entering into a contract / contract performance (Art. 6(1)(b) GDPR): where you

request information relevant to a business relationship.

- Legal obligation (Art. 6(1)(c) GDPR): where processing is required by law.

- Consent (Art. 6(1)(a) GDPR): only where we explicitly request it (notably for non-essential

technologies, if introduced in the future).

6. COOKIES AND SIMILAR TECHNOLOGIES

Current status:

- We do not use third-party analytics, marketing trackers, or newsletter technologies.

- We do not deploy non-essential cookies for profiling or advertising.

If cookies or similar technologies are used, they are limited to what is strictly necessary to operate

and secure the Website. You can control cookies via your browser settings. Disabling certain cookies

may impact functionality.

If we introduce non-essential cookies/technologies in the future, we will implement a consent

mechanism where required and update this Policy accordingly.

7. SHARING AND DISCLOSURE

We do not sell your personal data.

Access to personal data is restricted to authorized personnel on a need-to-know basis. We may

disclose personal data only where necessary and appropriate, including:

- to professional advisors (e.g., legal) where required for governance,

- to competent authorities where legally required,

- in connection with legal claims, audits, or investigations,

- in the context of corporate transactions (e.g., restructuring, merger, asset transfer), subject to

appropriate safeguards.

8. INTERNATIONAL DATA TRANSFERS

If personal data is transferred outside the EEA/UK, we implement appropriate safeguards, such as

adequacy decisions and Standard Contractual Clauses (SCCs), as applicable.

9. DATA RETENTION

We retain personal data only as long as needed for the purposes described above:

- Website/security logs: retained for a limited period consistent with security and operational

requirements.

- Email correspondence: retained as long as required to address the inquiry and for reasonable

recordkeeping, then deleted or archived in line with governance needs.

Retention may be extended where required by law or to establish, exercise, or defend legal claims.

10. SECURITY

We apply risk-based technical and organizational measures designed to protect personal data,

including access controls and security monitoring. No system is entirely risk-free; however, we

maintain controls appropriate to the nature and scale of processing.

11. YOUR RIGHTS

Subject to applicable law, you may have the right to:

- access your personal data,

- rectify inaccurate data,

- request deletion,

- restrict processing,

- object to processing (including where based on legitimate interests),

- data portability (where applicable),

- withdraw consent (where processing is based on consent).

To exercise your rights, contact: info@rothschild-warehouse.com

We may request verification to protect against unauthorized disclosure.

You also have the right to lodge a complaint with a competent supervisory authority.

12. CHILDREN

The Website is not directed at children and we do not knowingly collect personal data from children.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes in our operating model, tooling, or legal

requirements. The “Last updated” date indicates the latest revision.

14. CONTACT

Rothschild Warehouse AG

In der Specki 3, 9494 Schaan, Principality of Liechtenstein

Email: info@rothschild-warehouse.com