PPP Yieldsolutions AG (hereinafter also referred to as "we", "us") procures and processes personal data

1) that affect you or other persons (so-called "third parties"). In this Privacy Policy, we describe what we do with your data when you use www.nextfacto.com or www.ppp-Yieldsolutions.com (hereinafter "Website")

2), obtain our services or products, otherwise be associated with us under a contract, communicate with us or otherwise have anything to do with us.

If you provide us with information about other people, such as family members, we will assume that you are authorized to do so and that this information is accurate. By submitting data via third parties, you confirm this. Please also ensure that these third parties have been informed of this Privacy Policy.

1) Your personal data is any information that relates to you and can identify you directly or indirectly (e.g. via the Internet) (e.g. name, e-mail address, telephone number, picture, depending on your profile.

2)When you surf to our website, your IP address, your browser type, the address from which you were referred, for example, are automatically communicated.

We are responsible for the data processing described in this privacy policy. You can contact us for your data protection concerns and the exercise of your rights under No. 11 as follows:

PPP Yieldsolutions AG

Moosmattstrasse 4,

6331 Hünenberg

Switzerland

info@ppp-yieldsolutions.com

We process different categories of data about you. The main categories are as follows:

• Master and inventory data such as name, address, date of birth, contract number and duration, documents to establish customer identity, information on the account, custody account, concluded transactions or on third parties such as life partners, authorised representatives and advisors who are also affected by data processing.

• Tax residence and any other tax-relevant documents and information.

• Transaction, order and risk management data, such as details of beneficiaries, details of the mandate if applicable, details of your assets, investment products, risk and investment profile, cases of fraud.

• Where applicable, records of telephone calls between you and us.

• Marketing data such as needs, wants, preferences.

• Technical data, such as internal and external identifiers, business numbers, IP addresses, records of access or changes.

We process your data for the following purposes (in addition to those we will communicate to you separately):

• Communication with you

• Conclusion/execution of contracts with you, your employer and customers

• Operation of the infrastructure, website, app

• Marketing (e.g. mailings, with unsubscribe link/option, events), relationship management

• Market analyses, planning, development of products and services, R&D

• Compliance (adherence to laws, industry standards, directives, etc.)

• Legal proceedings, investigations

• Currency Security, Access Control

• Management, Risk Management

• Corporate transactions (e.g. M&A)

• Media Relations, PR, Publications

• Shareholder Services, Investor Relations

• Training, instruction, further education

• Combating crime and fraud

Depending on the products and services we may provide to you or the purpose for which the personal data is processed, the data processing is based on the following basis:

• To establish, enter into or perform a contract or business relationship with you or for the performance of our obligations under such a contract or business relationship.

• To safeguard our legitimate interests, e.g. statistics, planning or product development, business decisions; Monitoring and managing risks, auditing; Marketing, market research, comprehensive support, advice and information about the range of services, preparation and provision of tailor-made services – provided that no objection has been made; To protect our interests and secure the claims of our company, customers and employees.

• To comply with legal or regulatory obligations of our company or to carry out tasks in the public interest.

• Based on your consent.

On our website, we use various techniques with which we and third parties engaged by us can recognize you when you use it and possibly track you over several visits. In this section, we will inform you about this.

In essence, it is about us being able to distinguish your access (via your system) from access from other users so that we can ensure the functionality of the website and carry out evaluations and personalizations. We do not want to infer your identity, even if we can, insofar as we or third parties engaged by us can identify you by combining it with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor every time you visit a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called "cookie").

Other techniques can also  be used to recognise you with a greater or lesser probability (i.e. to distinguish you from other users), e.g. "fingerprinting". Fingerprinting combines your IP address, the browser you are using, the screen resolution, the choice of language and other information that your system communicates to each server, which results in a more or less unique fingerprint. This way, cookies can be dispensed with.

Whenever you access a server (e.g. when using a website or an app, or because an image is visible or invisible in an email), your visits can be "tracked". If we integrate offers from an advertising contract partner or provider of an analysis tool on our website, they can track you in the same way, even if you cannot be identified in individual cases.

We use such techniques on our website and allow certain third parties to do the same. You can program your browser to block, deceive, or delete certain cookies or alternative technologies. You can also extend your browser with software that blocks tracking by certain third parties. You can find more information on this on your browser's help pages (usually under the keyword "Privacy") or on the third-party websites, which we list below.

A distinction is made between the following cookies (techniques with comparable functions such as fingerprinting are meant here):

Necessary cookies: Some cookies are necessary for the functioning of the website as such or certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also make sure that you stay logged in. These cookies are only temporary ("session cookies"). In case you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond one session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, the function for automatic login, etc.). These cookies have an expiry date of up to [24] months.

Performance cookies: In order to optimize our website and related offerings and to better tailor them to the needs of users, we use cookies to record and analyze the use of our website, possibly even beyond the session. We do this by using third-party analytics services. We have listed these below. revoked. Performance cookies also have an expiration date of up to 24 months. Details can be found on the third-party websites.

Marketing cookies: We and our advertising contractors have an interest in controlling advertising in a targeted manner, i.e. displaying it only to those we want to address. We have listed our advertising contractual partners below. For this purpose, we and our advertising contract partners – if you consent – also use cookies that can be used to record the content accessed or contracts concluded. This enables us and our advertising contractors to display advertisements that we can reasonably believe will interest you, on our website, but also on other websites that display advertisements from us or our advertising contractors. These cookies have an expiry period of a few days to 12 months, depending on the situation. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.

In addition to marketing cookies, we use other techniques to control online advertising on other websites and thus reduce wastage. We can, for example, transmit the e-mail addresses of our users, customers and other persons to whom we want to display advertising to operators of advertising platforms (e.g. social media). If these persons are registered there with the same e-mail address (which the advertising platforms determine by means of a comparison), the operators will display the advertising placed by us to these persons in a targeted manner. However, in the case of known e-mail addresses, they learn that these people are in contact with us and what content they have accessed.

We may also integrate other third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate it (e.g. by clicking on a switch), the relevant providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data under their own responsibility.

We currently use offers from the following service providers and advertising contractors (insofar as they use data from you or cookies set by you for advertising control):

Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both "Google"). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages accessed, geographical origin of access, etc.) and compiles reports on the use of our website for us on this basis. We have configured the service in such a way that the IP addresses of visitors to Google in Europe are shortened before being forwarded to the USA and thus cannot be traced. We have turned off the "Data sharing" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google may draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these people. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data on the website and app, device information and individual IDs) to the USA and other countries. Information on the data protection of Google Analytics can be found here [https://support.google.com/analytics/answer/6004245] and if you have a Google account, you can find further information on how Google processes it will be processed here [https://policies.google.com/technologies/partner-sites?hl=de]

Microsoft Clarity: We use the web analysis software Microsoft Clarity for our website. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft processes your data in the USA, among other places. Clarity or Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data of EU citizens to the USA. More information can be found at . In addition, Microsoft uses so-called standard contractual clauses (= Art. 46 paras. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. For more information about Microsoft's Standard Contractual Clauses, see https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses. To learn more about the data processed through the use of Microsoft, please see the privacy statement on https://www.microsoft.com/de-de/privacy/privacystatement?tid=331734695488.

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests, we also transfer your personal data to third parties, in particular to the following categories of recipients:

• Service providers (who process your data partly on our behalf, such as IT providers, and partly on their own responsibility, such as banks)

• Authorities at home and, if necessary, abroad

• Business partners such as suppliers,

• Customers, marketing and project partners

• Third parties who collect data about you via the website/app (see list on the website)

Yes, this is possible, to the EEA, but exceptionally to any country in the world (conceivable especially for online services that we use). If this is a country without sufficient data protection, we conclude contracts (so-called EU SCC), but we can also rely on consent or give data abroad in some cases, because it is necessary for the processing of a contract where data published by you is involved or it is necessary for legal proceedings abroad.

The duration of the storage of personal data is determined by statutory retention obligations or the purpose of the respective data processing. As a general rule, we store personal data for the duration of the business relationship or contract period and for a further five, ten or more years thereafter (depending on the applicable legal basis).

We take appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, accidental alteration, unintentional disclosure or access.

You have the right to information, correction, deletion, restriction, objection and – where applicable – the right to data portability. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority. If you wish to exercise the above rights against us), please contact us in writing, at our location or, unless otherwise stated or agreed, by e-mail. Our contact details can be found in No. 2. In order for us to be able to rule out misuse, we must identify you (e.g. with a copy of your ID, unless otherwise possible).

This Privacy Policy does not form part of any contract with you. We may amend this Privacy Policy at any time. The version published on this website is the current version.

Latest Update: 05.12.2025