Online Banking and Mobile Banking Privacy Statement:

Data protection information under the Swiss Federal Act on Data

Protection and EU General Data Protection Regulation

Deutsche Bank recognizes the importance of protecting the privacy of the personal information which

has been transmitted to us. We believe that the confidentiality and protection of information entrusted

to us by our clients and Online Banking and Mobile Banking users (online users) is one of our

fundamental responsibilities. We safeguard our clients’ privacy by maintaining strict standards of

security and procedures which are specially designed to prevent misuse of this information.

This Privacy Statement describes how we, Deutsche Bank (Switzerland) Ltd (“Deutsche Bank”), as

controller collects and processes personal data and other information of you or of you in your

capacity as the authorised representative / agent of the legal entity (hereinafter referred to as “you”),

when using eBanking services via Online Banking (https://dwoch.db.com) and Mobile Banking.

1. Who is responsible for the data processing and who can I contact in this regard?

Controller:

Deutsche Bank (Switzerland) Ltd

Place des Bergues 3

Case Postale

1211 Genève 1

Tel: +41 22 739 0111

Fax: +41 22 739 0700

Our internal data protection ofﬁcer

may be contacted at:

Deutsche Bank (Switzerland) Ltd

Data protection ofﬁcer

Hardstrasse 201, Prime Tower

8005 Zürich

Tel: +41 58 111 0111

E-mail: dbs.dpo@db.com

2. What categories of Personal Data do we collect and process?

We collect and process information by which you can be identified (“Personal Data”).

This information includes the following Personal Data when you log in to Online Banking or Mobile

Banking: username, password and code generated via hard or soft token (“Log in Data”). You will

be provided with the Log in Data from us when you sign up for the eBanking services. The code will

be generated by the token upon the log in.

We also process the following Personal Data available in your eBanking account including log in

credentials, account data incl. statements, portfolio data, and transaction data (“Account Data”),

which we received from you upon account opening and eBanking opening and which depend on the

transactions on your account.

We also collect device and usage information, which includes information specific to the used device

to access Online Banking and Mobile Banking (including language preferences) (“Usage

Information"). We collect such information when you are browsing Online Banking and Mobile

Banking.

3. Why does Deutsche Bank collect Personal Data and what is the legal basis?

We process the aforementioned personal data in compliance with the provisions of the Swiss Federal

Act on Data Protection (FADP) and if applicable the EU General Data Protection Regulation (GDPR).

We collect and process your Log in Data and Account Data to provide you with the eBanking services

and to better serve your financial needs, i.e., that you can access your account statements online,

and to administer our business. We collect, retain and use Usage Data about you for the purposes

of better serving you, e.g., to remember your language preferences.

The legal basis for the processing of Log in Data and Account Data is E-banking enrollment. The

legal basis for Usage Data are our legitimate interests which are the following: to maintain the

performance of Online Banking and Mobile Banking and to analyze usage.

The provision of Personal Data is compulsory. If you do not provide your Personal Data, you cannot

use Online Banking and Mobile Banking. The legal basis for marketing is your consent. The provision

of your Personal Data for marketing purposes is voluntary. You have the right to withdraw consent

at any time, without affecting the lawfulness of the processing based on consent before its

withdrawal. If you do not consent or withdraw your consent your data will not be used for that purpose

any longer and you will not receive marketing materials by us.

4. How long will Personal Data be stored?

for, i.e., during the eBanking enrollment with you. Once our relationship has come to an end, we will

store your Log in Data and Account Data according to statutory limitation periods and then delete

them, unless statutory retention periods apply or if necessary to establish, exercise or defend a legal

claim. This also applies to Usage Data unless you object to the respective processing in which case

we will erase or anonymize such information.

5. What is a communication protocol and how do we use it?

Deutsche Bank is committed to the continuous improvement of our services. We use so-called

tracking technologies such as cookies and tags for statistical purposes and to improve user

experience. Technically, a cookie is a small text file that is used to store information about a website

visit for a limited period of time. The stored information consists of at least two components, the

name of the cookie and its content, including the accessed webpages.

Cookies are used to improve the end-user experience by using the former mentioned tracking

technologies. Users can configure their browser to prevent or warn against cookies. However certain

functions or services might not be available in this case.

6. Who will have access to my Personal Data?

The Personal Data gathered will be stored by Deutsche Bank and only accessed by the team

responsible for you. Personal Data may be shared with service providers that provide IT services for

us and act as processors. If your relationship manager is with another Deutsche Bank group

company, your Personal Data may also be accessed by the relationship manager of such other

Deutsche Bank group company in order to better serve your financial needs. It will only be used

according to the purpose for which the data has been collected. We reserve the right to disclose your

information only in circumstances where disclosure is required under the law, to cooperate with

regulators or law enforcement authorities or to protect our rights and property as permitted by law.

7. Will data be transferred to a third country?

Personal data is transferred within the Deutsche Bank Group and to third parties as set out above,

and is also processed in other countries. We only transfer personal data abroad to countries which

are considered to provide an adequate level of data protection, or in the absence of such legislation

that guarantee adequate protection, based on appropriate safeguards (e.g., standard contractual

clauses adopted by the European Commission or another statutory exemption) provided by local

applicable law. If and to the extent required by applicable law, we implement the necessary legal,

operational and technical measure and/or enter into an agreement with you before such transfers.

As a rule personal data may be transferred to Deutsche Bank entities in the EU and the United

Kingdom or third parties located in the EU and in the United Kingdom.

8. How is Personal Data protected?

Pages where we collect Personal Data from our website visitors are usually encrypted with your

browser’s internal encryption module. These pages, as well as the internet banking-system of

Deutsche Bank are certified by international accredited certification institutions. Deutsche Bank has

implemented additional, comprehensive security procedures for our internet-banking-system.

A firewall is deployed as a means to prevent external access to account information from Deutsche

Bank’s system. We also deploy multiple layers of encryption and identification to address the concern

of unauthorized inquiries or interception by the transmission of client information.

If, at any time, you are not satisfied with our procedure to protect your privacy or if you have questions

regarding the collecting and/or use of your Personal Data or regarding our privacy statement, please

9. What data protection rights do I have?

You have a right to access and to obtain information regarding your data that we process. If you

believe that any information we hold about you is incorrect or incomplete, you may also request the

correction of your data. You also have the right to:

• object to the processing of your data;

• request the erasure of your data;

• request restriction on the processing of your data; and/or

• withdraw your consent where Deutsche Bank obtained your consent to process Personal Data

(without this withdrawal affecting the lawfulness of any processing that took place prior to the

withdrawal). Where we process your data on the basis of your consent, or where such

processing is necessary for entering into or performing our obligations under a contract with

you, you may have the right to request your data be transferred to you (known as the ‘data

portability’ right). You also have the right to ask Deutsche Bank for information regarding some

or all of the personal data we collect and process about you. Deutsche Bank will honor such

requests, withdrawal or objection as required under applicable data protection rules but these

rights are not absolute: they do not always apply and exemptions may be engaged. We will

usually, in response to a request, ask you to verify your identity and/or provide information that

helps Deutsche Bank to understand your request better. If we do not comply with your request,

we will explain why.

10. Exercising your rights

To exercise the above rights, please contact:

Deutsche Bank (Switzerland) Ltd

Data protection ofﬁcer

Hardstrasse 201, Prime Tower

8005 Zürich

Tel: +41 58 111 0111

E-mail: dbs.dpo@db.com

11. Changes to your data

We are committed to keeping your data accurate and up to date. Therefore, if your data changes,

please inform us of the change as soon as possible.

12. Updates to this Notice

This Notice was updated in September 2023. We reserve the right to amend it from time to time. Any

amendment or update to this Notice we will make available to you here https://dwoch.db.com.

Please visit the Deutsche Bank’s website frequently to understand the current Notice, as the terms

of this Notice are closely related to you.

13. EU representative for Deutsche Bank (Schweiz) AG

Deutsche Bank designated the below Deutsche Bank entity as the EU representative in

compliance with Art. 27 EU GDPR:

Deutsche Bank AG

Data Protection Officer

Taunusanlage 12

D-60325 Frankfurt am Main

Tel: +49 (69) 910-10000

E-Mail: datenschutz.db@db.com