Privacy Policy

1. Introduction

We at Wolf Ventures SWISS AG (“Wolf Ventures”, “we”, “us”,or “our”) are committed toprotecting your privacy and handling your personal data with the utmost care. This PrivacyPolicy explains how we collect, use and otherwise process your personal data when you useour website, our services or interact with us. We reserve the right to amend this Privacy Policyat any time; the version published on our website shall prevail. This Privacy Policy explains how we collect, use, store, disclose, and protect personal datawhen you visit our website, contact us, apply for our services, or use any of our services relatedto digital assets, blockchain-based products, compliance onboarding, or other businessactivities. We process personal data in accordance with the Swiss Federal Act on Data Protection(“FADP”) and its implementing ordinance (“DPO”). For European Economic Area (“EEA”) datasubjects and when otherwise mandated, to the extent required by law, we process personaldata in accordance with the EU General Data Protection Regulation (“GDPR”). If our activities qualify as those of a financial intermediary or are carried out under amembership or supervisory framework of a recognised Self-Regulatory Organisation(“SRO”) or other applicable Swiss supervisory regime, we may also process personal data tocomply with Swiss anti-money laundering and counter-terrorist financing obligations.

2. Data Controller

3. Categories of Personal Data We Collect

Depending on the nature of our relationship with you, we may collect and process the following categories of personal data:

4. Purposes of Processing

5. Legal Bases for Processing

For our customers located in Switzerland, we process their data according to Article 6 (1) FADPand with respect to Article 31 FADP, what would otherwise be an interference with personalityrights is justified by the consent of the data subject, or our overriding private interest.For our customers based in the EEA we rely on the following legal basis of Article 6 (1)GDPR, depending on the purpose of processing :

6. AML, KYC and SRO-Related Processing

Where applicable, Wolf Ventures SWISS AG may process personal data to satisfy obligations arising under Swiss anti-money laundering law, implementing ordinances, internalAML policies, and rules applicable through a recognised SRO membership or other Swiss supervisory framework This may include: → identifying clients, beneficial owners, controllers, and authorised representatives; → verifying identity documents and corporate documentation; → screening against sanctions, watchlists, PEP, and adverse media databases; → clarifying source of funds, source of wealth, and transaction background; → conducting ongoing monitoring of the business relationship and transactions; → documenting and retaining legally required records; → making reports or disclosures to competent authorities where required by Swiss law.

7. Cookies, Analytics and Similar Technologies

Our website may use cookies and similar technologies necessary for security, functionality, performance, and analytics. We may use: → strictly necessary cookies; → functional cookies; → analytics or performance cookies; → security and fraud prevention tools Where required by applicable law, we will ask for your consent before placing non-essentialcookies or similar technologies on your device. You can control cookies through yourbrowser settings and, where available, through our cookie banner or preference center.

8. Sources of Personal Data

We may collect personal data: → directly from you; → from your employer, company, representatives, or advisers; → from publicly available sources and official registers; → from identity verification, compliance, sanctions, or corporate intelligence providers; → from blockchain analytics providers; → from banks, payment service providers, custodians, counterparties, and professional advisers; → from regulators, authorities, courts, law enforcement, or SRO-related channels where legally permitted or required.

9. Disclosure of Personal Data

We may disclose personal data to the following categories of recipients where necessary and lawful: → group companies and affiliated entities; → IT, cloud hosting, cybersecurity, and communications providers; → KYC/AML, sanctions screening, blockchain analytics, and identity verification providers; → banks, payment processors, custodians, brokers, liquidity providers, and other financial counterparties; → auditors, lawyers, consultants, and professional advisers; → regulators, courts, supervisory authorities, SROs, tax authorities, law enforcement agencies, and other public authorities; → potential acquirers, investors, or transaction counterparties in the context of are structuring, financing, merger, sale, or acquisition, subject to confidentiality protections.

10. International Data Transfers

We may transfer personal data within Switzerland, the EEA, and to other countries where our service providers, counterparties, infrastructure providers, or group entities are located.If personal data is transferred outside Switzerland or outside jurisdictions recognised as providing an adequate level of data protection, we will implement appropriate safeguards as required by applicable law, such as: → contractual safeguards, including standard contractual clauses; → transfer mechanisms recognised under Swiss law; → disclosures required for the performance of a contract, establishment or exercise of legal claims, overriding public interest, or other lawful exceptions where applicable.

11. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, contractual, operational, and evidentiary requirements.In particular: → onboarding, KYC, AML/CFT, and transaction records may be retained for at least 10years after the end of the business relationship or completion of the transaction, ifrequired by applicable Swiss law or regulatory rules (article 7 (3) of the federal Anti-Money Laundering Act); → contractual, accounting, tax, and business correspondence records may be retainedfor statutory retention periods (article 958f of the Swiss Code of Obligations); technical logs and website records are retained for a period proportionate to securityand operational needs; → where claims are anticipated or ongoing, we may retain data until the matter isresolved and any relevant limitation periods expire. When there is no greater retention period required pursuant to the aforesaid, we destroy oranonymise personal data as soon as they are no longer needed for the purpose ofprocessing

12. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures may include: → role-based access controls; → encryption and secure transmission; → segregated systems and audit logging; → due diligence on processors and service providers; → internal policies, training, and incident response procedures; → backup, resilience, and monitoring controls

13. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data: →the right to request information about whether we process your personal data; → the right to obtain information on the categories of data processed, purposes of processing, recipients, and retention period; → the right to request correction of inaccurate personal data; → where the GDPR applies, the right to request deletion of personal data where retention is no longer required and no legal basis for continued processing exists; →the right to object to certain processing activities; → the right to request restriction of processing, where applicable; → the right to data portability, where applicable under article 20 GDPR or under article28 FADP; → the right to withdraw consent at any time where processing is based on consent; → where the GDPR applies, the right to lodge a complaint with the competent supervisory authority in the EEA; → subject to the exception mentioned at the end of this section 13, to be informed whena decision that is based exclusively on automated processing and that has a legal consequence for or a considerable adverse effect on the data subject; → and subject to the exception mentioned at the end of this section 13, to request that such above mentioned automated decision be reviewed by a natural person. Please note that these rights are not absolute. We may refuse or limit requests to the extent permitted by law, for example where data must be retained to comply with AML/CFT, legal, regulatory, evidentiary, or contractual obligations

14. Complaints

f you believe that our processing of your personal data violates applicable data protection law, you may contact us first so that we can attempt to resolve your concern. You may also contact the competent Swiss authority: Federal Data Protection and Information Commissioner (FDPIC) (Feldeggweg 1, 3003 Bern, Switzerland; https://www.edoeb.admin.ch) Where the GDPR applies, you may also lodge a complaint with the competent supervisory authority in your EEA country of residence, work, or the place of the alleged infringement.

15. Contact

For privacy and data protection inquiries, including the exercise of your rights, please contact: Wolf Ventures SWISS AG Gubelstrasse 11, 6300 Zug, Switzerland Email: contact@wolfventures.ch Website: www.wolfventures.ch

16. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in our services, legal obligations, regulatory expectations, or data processing practices. The latest version will always be published on our website. Effective date: 27.02.2026 – V. 1.0