1. GENERAL PROVISIONS AND GOVERNANCE

1.1. Introduction and Commitment to Privacy

Alterswap AG (hereinafter referred to as "Alterswap," "the Company," "we," or "us") is a Swiss-registered financial intermediary. We recognise that the protection of personal data is a fundamental component of our service delivery and a cornerstone of the trust our clients place in us.

This Privacy Policy (the "Policy") outlines the principles and procedures governing the collection, processing, and protection of personal data in connection with our services. We are committed to ensuring that all data processing activities are conducted with the highest degree of confidentiality and in strict adherence to applicable Swiss and international legal frameworks.

1.2. Legal Foundations

Alterswap's data protection framework is primarily governed by the laws of the Swiss Confederation. Our procedures are aligned with:

- The Swiss Federal Act on Data Protection (FADP) [SR 235.1] and the Ordinance on Data Protection (DPO) [SR 235.11], which represent the current standard for data sovereignty under Swiss law.
- The Swiss Anti-Money Laundering Act (AMLA) [SR 955.0], which dictates mandatory data collection, verification, and long-term retention obligations for regulated financial intermediaries.
- The EU General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679], where applicable to data subjects within the European Economic Area (EEA).

1.3. Scope of Application

This Policy applies to all personal data processed by Alterswap in the context of:

1. Statutory Onboarding: Including Know Your Customer (KYC) and Know Your Business (KYB) verification procedures as mandated by VQF SRO regulations.
2. Financial Service Execution: The facilitation of foreign exchange conversion, multi-currency account management, IBAN account services, and international payment processing.
3. Digital Infrastructure: The use of the Alterswap web platform, secure client portals, and any integrated technical interfaces or APIs.

1.4. Data Controller Identification

Alterswap AG, a company duly incorporated and registered under the laws of Switzerland (Company No. CHE-400.153.137), serves as the Data Controller. In this capacity, the Company determines the purposes and means of processing personal data and is responsible for ensuring that such processing remains compliant with the legal foundations set out in Section 1.2.

2. LEGAL BASIS FOR DATA PROCESSING

Alterswap AG processes personal data only when there is a valid legal justification to do so under the FADP and, where applicable, the GDPR. Our processing activities are grounded in the following legal bases:

2.1. Fulfilment of Statutory and Regulatory Obligations

As a regulated financial intermediary affiliated with the Financial Services Standards Association (VQF), Alterswap is legally mandated to process specific categories of data to satisfy Swiss federal requirements. This includes:

- Anti-Money Laundering (AML) Compliance: Processing required to perform mandatory Know Your Customer (KYC) and Know Your Business (KYB) duties under the AMLA.
- Regulatory Reporting: Data processing necessary for mandatory disclosures to the Money Laundering Reporting Office Switzerland (MROS), the Swiss Financial Market Supervisory Authority (FINMA), or our Self-Regulatory Organisation (VQF).
- Tax and Audit Transparency: Adherence to Swiss accounting standards and international protocols for the automatic exchange of information, including the OECD Common Reporting Standard (CRS) and the Automatic Exchange of Information (AIA) framework.

2.2. Performance of Contractual Obligations

Processing is essential for the initiation, execution, and management of the contractual relationship as defined in our Terms and Conditions. This includes:

- Account Administration: Identifying and authenticating clients to provide secure access to the Alterswap platform and services.
- Service Execution: Facilitating foreign exchange conversions, managing dedicated IBAN account services, processing international payments, and coordinating with licensed banking partners for the secure holding of client funds.
- Fee Settlement: Calculating and processing applicable service fees and commissions as defined in the Terms and Conditions.

2.3. Protection of Legitimate Interests

Alterswap may process data to protect the legitimate interests of the Company or our clients, provided such interests are not overridden by the fundamental rights of the data subject. These interests include:

- Fraud Prevention and Cybersecurity: Implementing monitoring and detection systems to identify unauthorised access, fraudulent transactions, and cyber threats.
- Risk Management: Developing internal risk models to maintain the stability and integrity of our financial services.
- Legal Assertions: The establishment, exercise, or defence of legal claims and the protection of the Company's legal position in administrative or judicial proceedings.

2.4. Consent

In specific instances where processing is not mandated by law or contract, Alterswap will seek the explicit, informed consent of the data subject (for example, for specific marketing communications or the use of non-essential analytical tools). Consent may be withdrawn at any time with future effect.

3. CATEGORIES OF PROCESSED DATA

Alterswap AG adheres to the principle of data minimisation, ensuring that only information strictly necessary for the fulfilment of our legal and contractual duties is processed. In accordance with the FADP and AMLA, we categorise the personal data we process as follows:

3.1. Identity and Onboarding Data (KYC/KYB)

To satisfy our statutory due diligence requirements as a VQF-affiliated intermediary, we collect comprehensive identification data:

- For Natural Persons: Full legal name, date and place of birth, nationality, residential address, and identification data derived from government-issued identification documents (such as a Passport or National ID card).
- For Legal Entities: Corporate name, registration number (UID), legal form, registered office address, and certified constitutional documents.
- Beneficial Ownership: Identification data of natural persons who directly or indirectly hold a significant interest (25% or more) or exercise ultimate control over a legal entity, as mandated by Article 4 of the AMLA.

3.2. Financial and Transaction Data

In the execution of financial intermediation, we process data related to the financial standing and transaction history of our clients:

- Bank and Payment Metadata: IBAN details, bank account numbers, and routing information associated with currency transfers and international payments.
- Source of Wealth (SoW) and Source of Funds (SoF): Documentary evidence such as bank statements, tax returns, or employment contracts, specifically for relationships categorised as high-risk under our internal compliance framework.
- Transaction Records: Comprehensive records of all currency conversions and cross-border payments executed through the platform, including timestamps, amounts, currency pairs, beneficiary details, and payment references.
- FX Rate and Execution Data: Exchange rates applied to conversion transactions and associated execution metadata for audit and dispute resolution purposes.

3.3. Technical and Security Telemetry

To ensure the resilience of our infrastructure and prevent fraudulent access, we collect:

- Connectivity Logs: IP addresses, browser types, operating system details, and unique device identifiers.
- Geolocation Data: Derived from IP addresses to verify compliance with jurisdictional restrictions outlined in our AML Policy.
- Interaction Data: Session durations, login attempts, and security-related event logs used for threat detection and incident response.

4. PURPOSES OF PROCESSING

Alterswap AG processes personal data for specific, predefined purposes that are essential to our operations as a regulated Swiss financial intermediary. We ensure that all processing activities are proportional and limited to the following functional objectives:

4.1. Statutory Onboarding and Regulatory Compliance

The primary purpose of processing is to satisfy our legal mandates under the Swiss AMLA and VQF SRO regulations. This includes:

- Verification of Identity: Establishing and validating the identity of natural persons and legal entities to prevent identity theft and financial fraud.
- Beneficial Ownership Transparency: Identifying the ultimate controlling persons of corporate structures as required by Swiss law.
- Risk Profiling: Conducting initial and ongoing risk assessments based on geographic, professional, and behavioural factors to ensure the platform remains secure and compliant.
- Sanctions Screening: Cross-referencing client data against international sanctions lists (including SECO, UN, and OFAC) to ensure compliance with global restrictive measures.

4.2. Provision and Management of Financial Services

We process data to facilitate the core financial services of the Alterswap platform, specifically:

- FX Conversion Execution: Processing and authorising currency conversion transactions requested by the client, including the application of agreed exchange rates and the calculation of applicable fees.
- Account and IBAN Facilitation: Managing dedicated multi-currency IBAN account services and coordinating with licensed banking partners for the secure holding of client funds in segregated accounts.
- International Payment Processing: Routing and settling cross-border payments via SEPA, SEPA Instant, SWIFT, CHAPS, Faster Payments, and other available payment rails.
- Fee Settlement: Calculating and processing applicable service fees and commissions as defined in the Terms and Conditions.

4.3. Operational Security and Fraud Mitigation

To maintain a robust and resilient platform, we process technical and behavioural data for:

- Threat Detection: Identifying and neutralising unauthorised access attempts, Distributed Denial of Service (DDoS) attacks, and other cyber threats targeting the platform or client accounts.
- Transaction Monitoring: Ongoing review of payment and conversion activity to detect patterns consistent with financial crime, sanctions evasion, or fraudulent behaviour, in accordance with our AML obligations under the AMLA.
- Audit Trails: Maintaining comprehensive logs of all system and transaction activities to ensure accountability and to support internal or external regulatory audits by the VQF, FINMA, or MROS.

4.4. Communication and Client Support

We process contact information to maintain an efficient professional relationship:

- Administrative Notifications: Delivering critical updates regarding account status, security alerts, transaction confirmations, and amendments to legal documents such as the Terms and Conditions or this Policy.
- Technical Support: Resolving client inquiries and addressing platform-related issues submitted via our official support channels.
- Regulatory Correspondence: Facilitating communication required by Swiss authorities or the VQF in the event of specific inquiries or reporting obligations.

4.5. Continuous Improvement and Analysis

In our legitimate interest to optimise our services, we process anonymised or pseudonymised data to:

- Service Optimisation: Analysing platform usage patterns to improve user interface and user experience design.
- Strategic Development: Assessing demand and transactional trends to expand our service offerings and jurisdictional reach in compliance with evolving regulations.

‍

5. DISCLOSURE TO THIRD PARTIES AND AUTHORITIES

Alterswap AG maintains a strict policy of confidentiality. However, to execute our financial services and satisfy our statutory obligations as a Swiss financial intermediary, we may disclose personal data to the following categories of recipients under high standards of data protection.

5.1. Regulatory and Law Enforcement Authorities

As a regulated entity, Alterswap is subject to mandatory disclosure requirements under Swiss federal law. We provide personal data to authorities when legally compelled or when necessary to protect the integrity of the financial system:

- Money Laundering Reporting Office Switzerland (MROS): In the event of suspected money laundering or terrorist financing, as mandated by the AMLA.
- Swiss Financial Market Supervisory Authority (FINMA): Within the scope of their supervisory activities.
- Financial Services Standards Association (VQF): For the purpose of SRO audits and compliance verification.
- Judicial Authorities: In response to valid subpoenas, court orders, or legal processes issued by Swiss or international courts of competent jurisdiction.

5.2. Strategic Partners and Financial Service Providers

To facilitate the services defined in our Terms and Conditions, Alterswap shares necessary data with trusted third parties:

- Licensed Banking Partners: To process currency transfers, manage IBAN account functionalities, hold client funds in segregated accounts, and support the execution of international payments.
- Liquidity Providers: To facilitate foreign exchange conversion at competitive market rates and ensure access to sufficient liquidity across supported currency pairs.
- Correspondent Banks and Payment Rail Operators: To route and settle international payments via SWIFT, SEPA, CHAPS, Faster Payments, and other applicable networks.

5.3. Technical and Compliance Service Providers

We utilise specialised external providers to maintain our security and compliance standards:

- Identity Verification Services: Third-party KYC/KYB providers used to verify document authenticity and perform biometric liveness checks during onboarding.
- AML Screening Tools: Services used to screen client data and transaction activity against sanctions lists, PEP databases, and adverse media sources for AML/CTF purposes.
- Cloud and Infrastructure Providers: Secure data hosting services located primarily in Switzerland or the EEA, ensuring high availability and encryption in accordance with the FADP.

5.4. Professional Advisors

Where necessary for the protection of Alterswap's legal and commercial interests, data may be shared with:

- External Auditors: For mandatory annual financial and AML audits.
- Legal Counsel: For the purpose of legal advice or the defence of legal claims.

‍

6. INTERNATIONAL DATA TRANSFERS

As a financial intermediary serving clients and executing payments globally, Alterswap AG may need to transfer personal data to recipients located outside of Switzerland. We ensure that any such transfer is conducted in compliance with the strict requirements of the FADP and, where applicable, the GDPR.

6.1. Transfers to Countries with Adequate Data Protection

Personal data is primarily stored and processed within Switzerland and the European Economic Area (EEA). These jurisdictions are recognised by the Swiss Federal Council and the European Commission as providing an adequate level of data protection. Transfers to these regions occur without the need for further specific authorisations.

6.2. Transfers to Third Countries

In instances where services require data to be transferred to a third country (a jurisdiction without an adequacy decision), Alterswap implements rigorous safeguards to ensure that the data remains protected to a standard equivalent to Swiss law. These safeguards include:

- Standard Contractual Clauses (SCCs): Utilising the latest version of the SCCs approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the European Commission, supplemented by necessary transitional measures.
- Binding Corporate Rules: Where applicable for specific service partners.
- Sector-Specific Regulations: Compliance with international financial standards for cross-border payment messaging and settlement, including SWIFT messaging protocols.

6.3. Specific Derogations for Transfers

In the absence of an adequacy decision or appropriate safeguards, a transfer may still occur based on specific legal derogations, such as:

- Contractual Necessity: The transfer is indispensable for the performance of a contract between the client and Alterswap — for example, executing a cross-border payment to a beneficiary account held at a foreign bank.
- Legal Claims: The transfer is necessary for the establishment, exercise, or defence of legal claims in a foreign jurisdiction.
- Overriding Public Interest: Where disclosure is mandated by international administrative assistance or Swiss statutory law.

6.4. Cross-Border Payment Data Flows

Clients are expressly informed that the execution of international payments via SWIFT, SEPA, CHAPS, and other payment rails necessarily involves the transmission of payment data — including beneficiary name, account number, and payment reference — to correspondent banks and receiving institutions in destination countries. This data transmission is an inherent and legally required component of cross-border payment execution. Alterswap ensures that such transmissions are conducted in accordance with applicable payment industry standards and data protection requirements, including SWIFT's Customer Security Programme (CSP).

7. STATUTORY RETENTION AND DATA INTEGRITY

Alterswap AG maintains rigorous standards for the storage and preservation of personal data, ensuring that all information is handled with the highest degree of integrity and is available for regulatory scrutiny as required by Swiss federal law.

7.1. Mandatory Ten-Year Retention Period

In accordance with Article 7 of the Swiss Anti-Money Laundering Act (AMLA) and the Swiss Code of Obligations (Art. 957 et seq.), Alterswap is legally obligated to retain specific records for a minimum duration.

- Scope of Retention: This mandate applies to all documents used for client identification (KYC/KYB), records of beneficial ownership, transaction logs for all currency conversions and cross-border payments, and all business correspondence.
- Duration: These records must be preserved for ten (10) years following the termination of the business relationship or the completion of an occasional transaction.
- Purpose: This extended retention period is a statutory requirement designed to facilitate the prevention of financial crime and to provide a historical audit trail for Swiss regulatory and judicial authorities.

7.2. Data Integrity and Availability

During the mandatory retention period, Alterswap ensures that personal data remains:

- Legible and Accessible: Data is stored in a systematic manner that allows for timely retrieval in the event of an inquiry by the VQF, FINMA, or MROS.
- Immutable: We employ technical measures to ensure that once a record is archived for compliance purposes, it cannot be altered or deleted prematurely.
- Securely Segregated: Compliance-related data is stored in secure, encrypted environments, separate from general operational databases, to prevent unauthorised access.

7.3. Systematic Deletion and Anonymisation

Upon the expiration of the statutory ten-year retention period, and provided there is no further contractual necessity or ongoing legal proceeding (such as a litigation hold), Alterswap will:

- Securely Delete: Permanently erase physical and electronic records using industry-standard data destruction protocols.
- Anonymise: In certain instances, we may choose to anonymise data for internal statistical analysis, ensuring that the data subject is no longer identifiable and the data falls outside the scope of the FADP.

7.4. Technical and Organisational Measures (TOMs)

To protect the integrity of the data we retain, Alterswap implements a defence-in-depth security architecture, including:

- Advanced Encryption: Utilising AES-256 (or higher) encryption for data at rest and TLS 1.3 for data in transit.
- Access Governance: Strict need-to-know access controls, ensuring only authorised compliance and security personnel can access sensitive identity and financial data.
- Resiliency: Maintaining redundant, geographically distributed backups within Switzerland to ensure data remains protected against hardware failure or localised disruptions.

8. RIGHTS OF THE DATA SUBJECT

Alterswap AG respects the statutory rights of data subjects as defined under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). We are committed to providing transparency and facilitating the exercise of these rights, subject to the prevailing legal obligations of a Swiss financial intermediary.

8.1. Right to Information and Access

Every data subject has the right to request confirmation as to whether Alterswap is processing their personal data. Upon a valid request, we will provide a comprehensive overview of:

- The specific categories of personal data being processed.
- The purpose of the processing activities.
- The categories of recipients to whom the data has been or will be disclosed.
- The expected duration of storage or the criteria used to determine that period.

8.2. Right to Rectification

Accuracy is a core requirement for both data protection and financial compliance. Data subjects have the right to request the immediate correction of any inaccurate or incomplete personal data held by Alterswap.

Note: For identity data (KYC/KYB), such requests must be accompanied by valid, government-issued supporting documentation to ensure the integrity of our regulatory records.

8.3. Right to Erasure (The "Right to be Forgotten")

Data subjects may request the deletion of their personal data under certain conditions — for example, if the data is no longer necessary for the original purpose or if consent is withdrawn. However, as a regulated financial intermediary, Alterswap's ability to erase data is strictly limited by:

- Statutory Retention Mandates: As detailed in Section 7.1, the Swiss AMLA requires us to retain identity and transaction data for ten (10) years following the end of a business relationship. This legal obligation takes precedence over a request for erasure during the retention period.
- Ongoing Legal Proceedings: Where data is subject to a litigation hold or regulatory investigation, erasure will be deferred until the proceedings are concluded.

8.4. Right to Restriction of Processing

Under specific circumstances, a data subject may request that Alterswap restricts the processing of their data — for example, if the accuracy of the data is contested. During the restriction period, the data will only be stored and not further processed, except for legal claims or for reasons of public interest.

8.5. Right to Data Portability

Data subjects have the right to receive the personal data they have provided to Alterswap in a structured, commonly used, and machine-readable format. This right applies to data processed based on consent or for the performance of a contract, provided the processing is carried out by automated means and does not adversely affect the rights of others.

8.6. Right to Object

Data subjects may object to processing based on legitimate interests (Section 2.3). Upon such an objection, Alterswap will cease processing unless we can demonstrate compelling legitimate grounds that override the data subject's interests, or if the processing is necessary for the establishment, exercise, or defence of legal claims.

8.7. Exercise of Rights and Supervisory Authority

To exercise any of the rights outlined above, data subjects may submit a formal written request via the contact details provided in Section 9.4.

- Verification: To protect client confidentiality, we require proof of identity before processing any such request.
- Complaints: Data subjects also have the right to lodge a complaint with a competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). In the EEA, clients may also approach the data protection authority of their country of residence.

9. FINAL PROVISIONS

9.1. Amendments and Policy Evolution

Alterswap AG reserves the right to amend this Privacy Policy at any time to ensure ongoing alignment with shifting regulatory requirements, technological developments, and institutional changes.

- Notification of Changes: Significant amendments will be communicated to clients via the Alterswap platform, email notifications, or a prominent notice on our website.
- Review Mandate: We encourage data subjects to review this Policy periodically. Continued use of Alterswap services following the publication of an updated version constitutes acknowledgement of the revised terms.

9.2. Conflict of Laws

In the event of any inconsistency between this Privacy Policy and the mandatory provisions of the Swiss Federal Act on Data Protection (FADP) or the Swiss Anti-Money Laundering Act (AMLA), the statutory provisions of Swiss federal law shall prevail.

9.3. Governing Law and Jurisdiction

This Policy is governed by and construed in accordance with the laws of the Swiss Confederation. Any disputes arising from or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts at the registered seat of Alterswap AG, subject to any mandatory consumer protection forums provided under the GDPR or FADP.

9.4. Contact for Data Protection Inquiries

For any questions regarding this Policy, the processing of your personal data, or to exercise your statutory rights as outlined in Section 8, please contact our Compliance Department:

- Entity: Alterswap AG
- Email: support@alterswap.ch
- Subject Line: "Privacy / Data Protection Inquiry"
- Registered Address: Assetstrasse 37, CH 6438, Ibach, Switzerland

Please ensure that any request for information or access is accompanied by valid proof of identity to maintain the security and confidentiality of our client base. Requests will be acknowledged within 5 business days and resolved within 30 days of receipt, or sooner where required by applicable law.

9.5. Effective Date

This Privacy Policy is effective as of March 2026.
‍

REGULATORY

AlterSwap AG
Company Registration: CHE-400.153.137
Registered Address: Assetstrasse 37, CH 6438, Ibach, Switzerland
Regulatory Status: AlterSwap AG is an officially affiliated member of the VQF (Self-Regulatory Organisation), a supervised body officially recognised by the Swiss Financial Market Supervisory Authority (FINMA) for the purpose of combating money laundering and terrorist financing (AMLA). AlterSwap AG does not hold a banking licence from FINMA and does not provide traditional deposit insurance.

For cookie and tracking inquiries, please contact: support@alterswap.ch

‍

‍