Privacy Policy

Last updated: January 2026 · Ashenden Finance SA

1. Data Controller

This Privacy Policy applies to Ashenden Finance SA, with registered offices at Rue Sigismond-Thalberg 2, 1201 Genève, Switzerland (collectively, "Ashenden Finance", "we", "us", "our"). We are committed to protecting your personal data in accordance with the Swiss Federal Act on Data Protection (nDSG) and the EU General Data Protection Regulation (GDPR) where applicable. For data protection enquiries, please contact us at: contact@ashendenfinance.ch

2. Information We Collect

We collect and process the following categories of personal data: Account & Identity Data: full name, email address, password (stored in hashed form using bcrypt), company name, and professional role. Usage & Analytics Data: pages visited, research articles viewed, search queries, session duration, and feature interactions within the platform. Communications Data: messages you send via our contact form or support channels. Technical Data: IP address, browser type and version, device identifiers, and cookies (see our Cookie Policy for details). We do not collect sensitive personal data (e.g. health data, political opinions, or biometric data).

3. How We Use Your Data

We process your personal data for the following purposes: Service Delivery: to provide access to the Ashenden Finance platform, including research publications, bond and equity analytics, macro indicators, and advisory services you have subscribed to. Account Management: to create and manage your user account, process authentication, and maintain session security. Communications: to send you research updates, morning briefings, and service notifications you have opted into, as well as essential administrative communications. Security & Fraud Prevention: to detect and prevent unauthorized access, abuse, or fraudulent activity. Legal Compliance: to meet our obligations under applicable financial services regulations, anti-money laundering (AML) requirements, and other Swiss and UK legal obligations. Product Improvement: to analyse aggregated, anonymised usage patterns and improve our platform.

4. Legal Basis for Processing

We rely on the following legal bases: Contract Performance (Art. 6(1)(b) GDPR / nDSG Art. 31): processing necessary to deliver the services you have subscribed to. Legitimate Interests (Art. 6(1)(f) GDPR): security monitoring, fraud prevention, and platform analytics. Legal Obligation (Art. 6(1)(c) GDPR): compliance with Swiss and UK financial services regulations. Consent (Art. 6(1)(a) GDPR): marketing communications and non-essential cookies, where you have provided explicit consent.

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data with: Service Providers: trusted third-party processors operating on our behalf (e.g. hosting infrastructure, email delivery) under strict data processing agreements. Regulatory Authorities: FINMA (Switzerland), the FCA (United Kingdom), or other competent authorities when legally required. Professional Advisors: legal counsel, auditors, and insurers, bound by confidentiality obligations. We do not transfer your data outside Switzerland or the EEA/UK without ensuring adequate protection through standard contractual clauses or equivalent safeguards.

6. Data Retention

We retain your personal data for as long as your account is active, plus a further period as required by applicable law (typically 10 years for financial records under Swiss law). Usage logs and analytics data are retained for up to 24 months in identifiable form, then anonymised or deleted. Upon account termination, we will delete or anonymise your personal data within 90 days, except where retention is required for legal or regulatory compliance.

7. Your Rights

Subject to applicable law, you have the right to: · Access the personal data we hold about you · Rectify inaccurate or incomplete data · Erase your data ("right to be forgotten") where legally permissible · Restrict or object to certain processing activities · Data portability (receive your data in a structured, machine-readable format) · Withdraw consent at any time, without affecting the lawfulness of prior processing To exercise any of these rights, please email us at contact@ashendenfinance.ch. We will respond within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the UK Information Commissioner's Office (ICO).

8. Security

We implement industry-standard technical and organisational measures to protect your data, including encrypted data transmission (TLS), bcrypt password hashing (12 rounds), JWT-based session management with short expiry windows, and role-based access controls. No method of electronic transmission or storage is 100% secure. We will notify you and relevant authorities promptly in the event of a data breach affecting your rights, as required by law.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be notified via email or a prominent notice on the platform at least 30 days before taking effect. Your continued use of the platform after that date constitutes acceptance of the updated policy.

10. Contact

For any privacy-related enquiries, please contact: Ashenden Finance SA Rue Sigismond-Thalberg 2 — 1201 Genève, Switzerland T +41 22 591 22 22 contact@ashendenfinance.ch