Privacy and Data Protection Policy

Version 3.0 – Revision Date: April 8, 2026

Article 1: Identification of the Data Controller and the DPO

The company Fisher Investments Europe (hereinafter referred to as "the Platform" or "We"), whose registered office is located at Centre d'Affaires Trocadéro, 112 Avenue Kléber, 75116 Paris, France, acts as Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR). To ensure absolute protection of your personal and patrimonial data, a Data Protection Officer (DPO) has been appointed and remains contactable at the secure address: [email protected].

Article 2: Categories of Data Collected (Minimization Principle)

As part of providing its market analysis and portfolio management services, Fisher Investments Europe legitimately collects the following categories of data:

Identity and Civil Status Data

Last name, first names, date and place of birth, nationality, and certified copies of identity documents (strict KYC framework).

Contact Data

Authenticated email address, active mobile phone number, tax residence address, and proof of address.

Financial and Asset Data

Information on the origin of funds, professional situation, investor risk profile, digital wallet addresses, and transaction history.

Technical and Telemetry Data

IP addresses, device identifiers, browsing data, connection logs, and metadata of interaction with our secure interfaces.

Article 3: Legal Bases and Strict Processing Purposes

The processing of your data is carried out on the legal bases provided for by Article 6 of the GDPR:

Contract Performance: Necessary for the opening, management of the account infrastructure, and access to the Platform's tools.
Compliance with Legal Obligations: Essential for complying with French and European financial regulations, particularly directives on combating money laundering and terrorist financing (AML/CTF).
Legitimate Interest: Required to ensure platform cybersecurity, prevent financial fraud, and optimize technological infrastructure.
Express Consent: For receiving market communications, newsletters, and the deployment of non-essential analytical cookies.

Article 4: System Security and Encryption Protocols

Fisher Investments Europe deploys banking-grade and institutional security measures:

Encryption at Rest: Use of the AES-256 algorithm for all sensitive databases.
Secure Transport : Systematic end-to-end data flow encryption via TLS 1.3 protocol.
Sovereign Hosting : Data is stored on highly resilient servers located exclusively within the European Economic Area (EEA).

Article 5: Retention and Archiving Policy

Active Data : Maintained for the entire duration of the contractual relationship between the User and the Platform.
Regulatory Archives : Securely retained for a period of five (5) years after account closure, in order to meet the statute of limitations obligations of the Monetary and Financial Code.
Trackers (Cookies) : The lifespan of cookies subject to consent is capped at 13 months.

Article 6: Exercise of Your Inalienable Rights

The European GDPR framework grants you the rights of access, rectification, erasure ('right to be forgotten'), restriction, portability, and opposition. Any request related to the exercise of these rights should be addressed to our DPO ([email protected]).

In case of dispute, you have the right to lodge a complaint with the CNIL (National Commission for Informatics and Liberties - www.cnil.fr).