Online Banking and Mobile Banking Privacy Statement

Last updated: February 02, 2018

Deutsche Bank recognizes the importance of protecting the privacy of the personal information which

has been transmitted to us. We believe that the confidentiality and protection of information entrusted

to us by our clients and Online Banking and Mobile Banking users (online users) is one of our

fundamental responsibilities. We have been safeguarding our clients’ privacy for decades by

maintaining strict standards of security and procedures which are specially designed to prevent

misuse of this information. This Privacy Statement describes how we, Deutsche Bank (Suisse) SA

(“Deutsche Bank”), located at Prime Tower, Hardstrasse 201, 8005 Zürich, email dbs.dpo@db.com,

as controller collect and process personal data and other information of you or of you in your capacity

as the authorised representative / agent of the legal entity (hereinafter referred to as “you”), when

using eBanking services via Online Banking (https://dwoch.db.com) and Mobile Banking.

1. What categories of Personal Data do we collect and process?

We collect and process information by which you can be identified (“Personal Data”).

This information includes the following Personal Data when you log in to Online Banking or Mobile

Banking: user name, password and code generated via hard or soft token (“Log in Data”). You will be

provided with the Log in Data from us when you sign up for the eBanking services. The code will be

generated by the token upon the log in.

We also process the following Personal Data available in your eBanking account including log in

credentials, account data incl. statements, portfolio data, and transaction data (“Account Data”), which

we received from you upon account opening and eBanking opening and which depend on the

transactions on your account.

We also collect device and usage information, which includes information specific to the used device

to access Online Banking and Mobile Banking (including language preferences) (“Usage

Information"). We collect such information when you are browsing Online Banking and Mobile

Banking.

2. Why does Deutsche Bank collect Personal Data and what is the legal basis?

We process the aforementioned personal data in compliance with the provisions of the Swiss Federal

Act on Data Protection (FADP) and if applicable the EU General Data Protection Regulation (GDPR).

We collect and process your Log in Data and Account Data to provide you with the eBanking services

and to better serve your financial needs, i.e. that you can access your account statements online, and

to administer our business. We collect, retain and use Usage Data about you for the purposes of better

serving you, e.g. to remember your language preferences.

The legal basis for the processing of Log in Data and Account Data is E-banking enrollment. The legal

basis for Usage Data are our legitimate interests which are the following: to maintain the performance

of Online Banking and Mobile Banking and to analyze usage.

The provision of Personal Data is compulsory. If you do not provide your Personal Data, you cannot

use Online Banking and Mobile Banking. The legal basis for marketing is your consent. The provision

of your Personal Data for marketing purposes is voluntary. You have the right to withdraw consent at

any time, without affecting the lawfulness of the processing based on consent before its withdrawal. If

you do not consent or withdraw your consent your data will not be used for that purpose any longer

and you will not receive marketing materials by us.

3. How long will Personal Data be stored?

for, i.e. during the eBanking enrollment with you. Once our relationship has come to an end, we will

store your Log in Data and Account Data according to statutory limitation periods and then delete

them, unless statutory retention periods apply or if necessary to establish, exercise or defend a legal

claim. This also applies to Usage Data, unless you object to the respective processing in which case

we will erase or anonymize such information.

4. What is a communication protocol and how do we use it?

Deutsche Bank is committed to the continuous improvement of our services. We use so-called tracking

technologies such as cookies and tags for statistical purposes and to improve user experience.

Technically, a cookie is a small text file that is used to store information about a website visit for a

limited period of time. The stored information consists of at least two components, the name of the

cookie and its content, including the accessed webpages.

Cookies are used to improve the end-user experience by using the former mentioned tracking

technologies. Users can configure their browser to prevent or warn against cookies. However certain

functions or services might not be available in this case.

5. Who will have access to my Personal Data?

The Personal Data gathered will be stored by Deutsche Bank and only accessed by the team

responsible for you. Personal Data may be shared with service providers that provide IT services for

us and act as processors. Those service providers are located in Switzerland (for which an adequacy

decision of the EU Commission exists) and process Personal Data in Switzerland. If your relationship

manager is with another Deutsche Bank group company, your Personal Data may also be accessed

by the relationship manager of such other Deutsche Bank group company in order to better serve your

financial needs. It will only be used according to the purpose for which the data has been collected.

We reserve the right to disclose your information only in circumstances where disclosure is required

under the law, to cooperate with regulators or law enforcement authorities or to protect our rights and

property as permitted by law.

6. How is Personal Data protected?

Pages where we collect Personal Data from our website visitors are usually encrypted with your

browser’s internal encryption module. These pages, as well as the internet banking-system of

Deutsche Bank are certified by international accredited certification institutions. Deutsche Bank has

implemented additional, comprehensive security procedures for our internet-banking-system. A

firewall is deployed as a means to prevent external access to account information from Deutsche

Bank’s system. We also deploy multiple layers of encryption and identification to address the concern

of unauthorized inquiries or interception by the transmission of client information.

If, at any time, you are not satisfied with our procedure to protect your privacy or if you have questions

regarding the collecting and/or use of your Personal Data or regarding our privacy statement, please

7. Your rights

Pursuant to applicable data protection law you may have the right (i) to request access to your

Personal Data, (ii) to request rectification of your Personal Data, (iii) to request erasure of your

Personal Data, (iv) to request restriction of processing of your Personal Data, (v) to request data

portability, (vi) to object to the processing of your Personal Data (including objection to profiling) and

(v) to withdraw consent at any time without affecting the lawfulness of the processing based on

consent before its withdrawal.

a. Right of access

You may have the right to obtain from us confirmation as to whether or not Personal Data concerning

you is processed, and, where that is the case, to request access to the Personal Data. The access

information include – inter alia – the purposes of the processing, the categories of Personal Data

concerned, and the recipients or categories of recipient to whom the Personal Data have been or will

be disclosed.

You may have the right to obtain a copy of the Personal Data undergoing processing. For further

copies requested by you, we may charge a reasonable fee based on administrative costs.

b. Right to rectification

You may have the right to obtain from us the rectification of inaccurate Personal Data concerning you.

Depending on the purposes of the processing, you may have the right to have incomplete Personal

Data completed, including by means of providing a supplementary statement.

c. Right to erasure (“right to be forgotten”)

Under certain circumstances you may have the right to obtain from us the erasure of Personal Data

concerning you and we may be obliged to erase such Personal Data.

d. Right to restriction of processing

Under certain circumstances you may have the right to obtain from us restriction of processing your

Personal Data. In this case the respective data will be marked and may only be processed by us for

certain purposes.

e. Right to data portability

Under certain circumstances you may have the right to receive the Personal Data concerning you,

which you have provided to us, in a structured, commonly used and machine-readable format and you

may have the right to transmit those data to another entity without hindrance from us.

f. Right to object

Under certain circumstances you may have the right to object, on grounds relating to your particular

situation, at any time to the processing of your Personal Data, including profiling, by us and we can be

required to no longer process your Personal Data. As we process and use your Personal Data

primarily for purposes of carrying out the contractual relationship with you, we will in principle have a

legitimate interest for the processing which will override your objection request, unless the objection

request relates to marketing activities.

To exercise your rights please contact us as stated below.

You also have the right to lodge a complaint with the competent data protection supervisory authority.

Our data protection officer can be contacted as follows: Prime Tower, Hardstrasse 201, 8005 Zürich

or by email dbs.dpo@db.com.

Various

We reserve the right to modify this Privacy Statement at any time. Nevertheless we will actively inform

you about changes.