PRIVACY POLICY OF WWW.AIWEALTH.EU

RESPONSABLE DEL TRATAMIENTO DE LOS DATOS

DATA CONTROLLEROwner: ASSET IBERICA UNDERWRITING S.L. Registered address: Mallorca 272, 2º 3ª, 08037 Barcelona - Spain CIF: B62178355 Telephone: 932 178 701 E-mail: lopd@assetiberica.es DPO: dpo@assetiberica.es

PERSONAL DATA COLLECTED AND PROCESSED The personal data we collect and process is obtained directly from you or from third parties, through our forms (hereinafter, the Application).

All the information you provide must be truthful, and you are responsible for any data you communicate to us, ensuring that the information is always perfectly updated to reflect your current situation. In any case, the person providing the information will be solely responsible for any false or inaccurate statements made and for any damages caused to ASSET IBERICA UNDERWRITING SL (hereinafter, The Owner), or to third parties due to the information provided. If you provide us with information about other people, you must obtain their consent. This applies to all data, and especially, if applicable, to sensitive data. By providing us with data about other people, you confirm that you have their permission and that they have understood how their information will be used. Unless otherwise indicated, all the Data requested by this Application is mandatory and failure to provide it may make it impossible for this Application to proceed with providing its services. In cases where this Application specifically indicates that certain Data is not mandatory, Users are free not to communicate such Data without any consequence on the availability or functioning of the Service.

The personal data that we may collect and process about you includes the following:

Contact details: Name, surname, email address, phone number.

Usage data

Phone permissions

Geolocation

Browsing data on our website (e.g., IP address).

Cookies Complete information regarding each category of Personal Data collected is provided in the sections of this privacy policy dedicated to that purpose or via specific explanatory texts displayed prior to the collection of such Data.

PURPOSES FOR WHICH WE COLLECT AND PROCESS PERSONAL DATA: The Data relating to the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to requests for execution, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as for the following purposes: Access to third-party service accounts, Interaction with Social Networks and External Platforms: This Application may interact with social networks and external platforms by retrieving user data, including Personal Data. This service allows the Application to connect with the User's account on these platforms.

Facebook Permissions Requested by This Application: This Application may request Facebook permissions to perform actions on the User's Facebook account and retrieve information, including Personal Data. This service allows this Application to connect with the User's account on the social network Facebook, provided by Facebook Inc. For more information on these permissions, please refer to the Facebook permissions documentation and Facebook's privacy policy. The requested permissions are as follows: Basic Information and Website.

Device Permissions for Accessing Personal Data: Depending on the User's specific device, this Application may require certain permissions to access device data, as described below. By default, the User must grant these permissions before the relevant information can be accessed. Once permission is granted, the User may revoke it at any time. To revoke these permissions, Users may use the device's settings options or contact the Owner for assistance using the contact information provided in this document. The specific procedure to control application permissions may depend on the User's device and software. It should be noted that revoking these permissions may affect the proper functioning of this Application. If the User grants any of the permissions listed below, this Application is authorised to process the corresponding Personal Data (e.g., accessing, modifying, or deleting them).

Phone Permission: Used to access a range of typical telephony features. This allows, for example, read-only access to "phone state," meaning it allows access to the device's phone number, updated information on the mobile network, or the status of any ongoing calls.

Detailed Information on the Processing of Personal Data:

Location-Based Interactions Geolocation: This Application may collect, use, and share data relating to the User's geographic location to provide location-based services. Most browsers and devices provide default means to disable geographic tracking. If the User has expressly authorised such an option, this Application may receive information about the User's actual geographic location. Personal Data processed: geographic position.

ACCESS TO THIRD-PARTY SERVICE ACCOUNTS

This type of service allows this Application to access your data in third-party service accounts and perform actions with it. These services do not activate automatically but require the User's express authorisation. Access to Facebook Account (Facebook, Inc.): This service allows this Application to connect with the User's account on the social network Facebook, provided by Facebook, Inc. Permissions requested: Website. Place of processing: USA.

CONTACTING THE USER

Contact Form (this Application): By filling in the contact form with their Data, the User authorises this Application to use such data to respond to requests for information, quotes, or any other type indicated in the form's header. Personal Data processed: surname(s); email address; various classes of Data; name; phone number.

Managing Contacts and Sending Messages: This type of service allows for the management of a database of email addresses, phone numbers, or other contact information to communicate with the User. These services may also collect data on the date and time the User viewed the message, as well as their interactions with the message, such as clicking on links included in the message.

Mailchimp (The Rocket Science Group, LLC.): Mailchimp is an email and message management service provided by The Rocket Science Group, LLC. Place of processing: USA.

INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS

This type of service allows interaction with social networks or other external platforms directly from the pages of this Application. The interactions and information obtained by this Application will always be subject to the User's privacy settings for each social network. This type of service may continue to collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to log out of the respective services to ensure that the processed data in this Application is not linked to the User's profile.

"Pin it" Button and Social Widgets of Pinterest (Pinterest): The "Pin it" button and social widgets of Pinterest are interaction services with the Pinterest platform, provided by Pinterest Inc. Personal Data processed: Cookies; Usage Data. Place of processing: USA.

Tweet Button and Social Widgets of Twitter (X Corp.): The Tweet button and social widgets of Twitter are interaction services with the Twitter social network, provided by Twitter Inc. Personal Data processed: Cookies; Usage Data. Place of processing: USA.

"Like" Button and Social Widgets of Facebook (Facebook, Inc.)

The "Like" button and social widgets of Facebook are interaction services with the Facebook social network, provided by Facebook, Inc. Personal Data processed: Cookies; Usage Data. Place of processing: USA.

Button and Social Widgets of YouTube (Google LLC)

The button and social widgets of YouTube are interaction services with the YouTube social network, provided by Google LLC. Personal Data processed: Usage Data. Place of processing: USA.

Viewing Content from External Platforms

This type of service allows viewing content hosted on external platforms directly from the pages of this Application and interacting with them. If one of these services is installed, it is possible that, even if Users do not use the service, it collects web traffic data related to the pages where it is installed. YouTube Video Widget (Google Inc.) YouTube is a video viewing service provided by Google Inc. that allows this Application to incorporate such content into its own pages. Personal Data processed: Cookies; Usage Data. Place of processing: USA.

Google Fonts (Google Inc.) Google Fonts is a service for displaying font families provided by Google Inc. that allows this Application to incorporate such content into its pages. Personal Data processed: Usage Data; various types of Data as specified in the service's Privacy Policy. Place of processing: USA.

OPTIMISATION AND DISTRIBUTION OF TRAFFIC

This type of service allows this Application to distribute its content through servers located in various countries and to optimise its performance. The Personal Data processed depends on the characteristics and the implementation modalities of these services, which by their nature filter communications between this Application and the User's browser. Considering the distributed nature of this system, it is difficult to determine the exact location where the content, which may contain the User's Personal Data, is transferred to. jsDelivr (jsdelivr.com) jsDelivr is a service for traffic optimisation and distribution provided by jsdelivr.com. Personal Data processed: Usage Data. Place of processing: Poland.

DEVICE PERMISSIONS FOR ACCESSING PERSONAL DATA

This Application requests certain permissions from Users, allowing it to access the User's device as described in this document. Personal Data processed: Phone Permission.

REGISTRATION AND AUTHENTICATION

By registering or authenticating, the User allows this Application to identify them and give them access to dedicated services. Depending on what is described below, third-party assistance may provide registration and authentication services. In such cases, this Application may access some Data stored by the third-party service used for registration or authentication.

Twitter OAuth (X Corp.) Twitter OAuth is a registration and authentication service provided by Twitter, Inc., and connected to the social network Twitter. Personal Data processed: various types of Data as specified in the service's Privacy Policy. Place of processing: USA.

Instagram Authentication (Instagram, Inc.) Instagram Authentication is a registration and authentication service provided by Instagram, Inc., and connected to the social network Instagram. Personal Data processed: various types of Data as specified in the service's Privacy Policy. Place of processing: USA.

YouTube OAuth (Google LLC) YouTube OAuth is a registration and authentication service provided by Google LLC and connected to the YouTube network. Personal Data processed: various types of Data as specified in the service's Privacy Policy. Place of processing: USA.

Facebook Authentication (Facebook, Inc.) Facebook Authentication is a registration and authentication service provided by Facebook, Inc., and connected to the social network Facebook. Personal Data processed: various types of Data as specified in the service's Privacy Policy. Place of processing: USA.

Pinterest OAuth (Pinterest) Pinterest OAuth is a registration and authentication service provided by Pinterest, Inc., and connected to the social network Pinterest. Personal Data processed: various types of Data as specified in the service's Privacy Policy. Place of processing: USA.

ADDITIONAL INFORMATION ON PERSONAL DATA PROCESSING

Online Sale of Goods and Services The Personal Data collected is used to provide services to the User or to sell goods, including payment and delivery where applicable. The Personal Data collected for payment may include the credit card, bank account used for the transfer, or any other payment method. The type of Data collected by this Application depends on the payment system used.

Analysis and Predictions Based on User Data ("Profiling") The Owner may use the Personal Data and Usage Data collected through this Application to create or update User profiles. This type of Data processing allows the Owner to evaluate User choices, preferences, and behaviour to achieve the purposes highlighted in the relevant section of this document. User profiles may also be created using automated tools such as algorithms, which may also be provided by third parties. Users always have the right to object to this type of profiling activity. For more information on Users' rights and how to exercise them, please refer to the section of this document that outlines User rights.

COOKIE POLICY

This Application uses Trackers. For more information, Users can consult the Cookie Policy.

LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

The Owner may process the User's Personal Data if one of the following conditions applies:

When Users have given their consent for one or more specific purposes.

When obtaining the Data is necessary for the performance of a contract with the User and/or any pre-contractual obligations thereof.

When the processing is necessary for compliance with a legal obligation to which the User is subject.

When the processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Owner.

When the processing is necessary for the purposes of a legitimate interest pursued by the Owner or a third party. In any case, the Owner is available to clarify the specific legal basis that applies to the processing and, in particular, whether the provision of Personal Data is a statutory or contractual requirement or a requirement necessary to enter into a contract.

RETENTION TIME OF YOUR PERSONAL DATA

Unless otherwise stated in this document, Personal Data will be processed and stored for as long as required by the purpose for which they have been collected and may be retained for a longer period due to a relevant legal obligation or based on the User's consent. Therefore:

Personal Data collected for the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.

Personal Data collected based on the legitimate interest of the Owner shall be retained for as long as needed to fulfil such purpose.

For specific information related to the legitimate interest of the Owner, please consult the relevant sections of this document or contact the Owner directly. The Owner may retain Personal Data for an additional period when the User consents to such processing, provided that such consent remains valid. Additionally, the Owner may be obliged to retain Personal Data for an additional period when necessary to comply with a legal obligation or by order from an authority. Once the retention period has expired, Personal Data must be deleted. Therefore, the rights of access, erasure, rectification, and data portability cannot be exercised after the expiration of the retention period.

INTERNATIONAL TRANSFERS

Data Transfer Outside the EU: The Owner is authorised to transfer Personal Data collected within the EU to third countries (e.g., countries that are not part of the EU) only in accordance with a specific legal basis. Any data transfer will be based on one of the legal bases described below. Users can consult the Owner to find out which legal bases apply to each specific service.

Data Transfer Abroad with User Consent (this Application): On this legal basis, the transfer of Personal Data from the EU to other countries takes place only if the User explicitly consents to such transfer after being informed of the potential risks due to the lack of adequacy decisions and appropriate safeguards. In such cases, the Owner must properly inform Users and obtain explicit consent via this Application.

Data Transfer Abroad Based on Standard Contractual Clauses (this Application): On this legal basis, the transfer of Personal Data from the EU to other countries is carried out by the Owner in accordance with the "standard contractual clauses" provided by the European Commission. This means that the recipients of the Data have committed to process Personal Data in accordance with the data protection standards established by European data protection legislation. For more information, Users can contact the Owner using the contact details provided in this document.

Data Transfer from the EU and/or Switzerland to the USA Based on the "Privacy Shield" Agreement (this Application): On this legal basis, the transfer of Personal Data from the EU or Switzerland to the USA is carried out under the agreement between the EU, the United States, and Switzerland, the "Privacy Shield" agreement. Specifically, Personal Data is transferred to a service that self-certifies according to the "Privacy Shield" framework, thus ensuring an adequate level of protection for the transferred Data. All services are listed in the relevant section of this document, and those adhering to the "Privacy Shield" can be identified by consulting their privacy policy and possibly also by checking their adherence to the "Privacy Shield" on the official Privacy Shield List.

The "Privacy Shield" agreement specifically guarantees Users' rights; these can be found in their most updated version on the website managed by the United States Department of Commerce. Personal Data may be transferred from the EU or Switzerland to the USA to services that are not part of or no longer part of the "Privacy Shield" agreement only based on other valid legal grounds. Users can contact the Owner to know these legal grounds.

Data Transfer to Countries Guaranteeing European Standards (this Application)

On this legal basis, the transfer of Personal Data from the EU to other countries is carried out according to an adequacy decision by the European Commission. The European Commission adopts adequacy decisions for specific countries when it considers that such a country possesses and facilitates data protection standards comparable to those contained in European data protection regulations. Users can find an updated list of all adequacy decisions issued on the European Commission's website.

Other Legal Bases for Data Transfer Abroad (this Application)

In the absence of any other legal basis, Personal Data will only be transferred from the EU to other countries if at least one of the following conditions is met:

When the transfer is necessary to perform a contract between the User and the Owner or to take pre-contractual measures at the User's request;

When the transfer is necessary to conclude or perform a contract concluded in the interest of the User between the Owner and a natural or legal person;

When the transfer is necessary for important reasons of public interest;

When the transfer is necessary for the establishment, exercise, or defence of legal claims;

When the transfer is necessary to protect the vital interests of the Data Subject or other persons where the Data Subject is physically or legally incapable of giving consent. In such cases, the Owner must inform the User of the legal bases on which the transfer is based through this Application.

SECURITY MEASURES FOR PERSONAL DATA

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed, all in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data, as well as Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, and other applicable sector regulations. We have also implemented procedures to deal with any suspected personal data security breach. In the event of a breach, we will notify you and the relevant regulatory authority (Spanish Data Protection Agency). However, any data transmission over the internet is at your own risk, and we urge you to take all necessary precautions to protect your personal information while online.

USER RIGHTS BASED ON THE GENERAL DATA PROTECTION REGULATION (GDPR)

Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following, to the extent permitted by law:

Withdraw their consent at any time. Users have the right to withdraw their consent where they have previously given their consent to the processing of their Personal Data.

Object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.

Access their Data. Users have the right to learn if their Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.

Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In this case, the Owner will only process their Data for storage purposes.

Have their Personal Data deleted or otherwise removed.Users have the right to obtain the erasure of their Data from the Owner.

Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.

Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Users also have the right to be informed about the legal bases of Data transfers to countries outside the European Union or to any international organisation governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

Information about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner, or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection. Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To find out whether the Owner is processing Personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests are free of charge and will be addressed by the Owner as early as possible and always within one month, providing Users with the legally required information. The Owner will communicate any rectification or erasure of Personal Data or restriction of processing to each recipient to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. Upon request, the Owner will inform Users about those recipients.

ADDITIONAL INFORMATION

Legal Defence

The User’s Personal Data may be used for legal purposes by the Owner in court or in the stages leading to possible legal action arising from improper use of this Application or related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Additional Information about User’s Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data.

System Logs and Maintenance

For operation and maintenance purposes, this Application and any third-party services it uses may collect files that record interaction with this Application (System Logs) or use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this privacy policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and, as far as technically and legally feasible, sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the User’s consent, the Owner shall collect new consent from the User, where required.

DEFINITIONS AND LEGAL REFERENCES

Personal Data (or Data)

Personal Data Personal Data constitutes any information that, directly, indirectly, or in connection with other information - including a personal identification number - allows for the identification of a natural person.

Usage Data Information collected automatically by this Application (or by third-party services employed by this Application) may include: the IP addresses or domain names of the computers utilised by the User who connects with this Application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the server's response status (successful outcome, error, etc.), the country of origin, the browser and operating system characteristics used by the visitor, the various temporal details per visit (e.g., the time spent on each page), and the details about the path followed within the Application, with particular reference to the sequence of pages visited, and other parameters about the device's operating system and/or the User's IT environment.

User The individual using this Application, who, unless otherwise specified, coincides with the Data Subject.

Data SubjectThe natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor) The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller, as described in this privacy policy.

Data Controller (or Owner) The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. Unless otherwise specified, the Data Controller is the Owner of this Application.

This Application The means by which the Personal Data of the User is collected and processed.

Service The service provided by this Application as described in the relative terms (if available) and on this site/application.

European Union (or EU) Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area (EEA).

Cookies are Trackers consisting of small amounts of data stored in the User's browser.

Tracker Tracker indicates any technology - e.g. Cookies, unique identifiers, web beacons, embedded scripts, entity tags, and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.

Legal Information This privacy policy relates solely to this Application, unless stated otherwise within this document.