Investing on conviction, not consensus.

1. Controller

The controller responsible for the processing of personal data described in this Privacy Notice is:

Groundshift AG
Gotthardstrasse 62
8002 Zurich, Switzerland
E-mail: hello@groundshift.co

For any questions relating to data protection or to exercise your rights, you may contact the controller using the contact details above.

2. Scope of this Policy

This Privacy Notice explains how personal data is collected and processed when you visit this website, contact the company, subscribe to the newsletter, request information, enter into a business relationship, or otherwise interact with the company in connection with its services.

The Privacy Notice is intended to provide transparent information on the categories of personal data processed, the purposes of processing, recipients, international transfers, retention periods and your rights under applicable Swiss data protection law.

3. Categories of Personal Data

Depending on the circumstances, the company may process in particular the following categories of personal data:

• identification and contact data, such as name, title, postal address, e-mail address, telephone number, date of birth and nationality;
• communication data, such as correspondence, enquiries, meeting notes and contact form submissions;
• client relationship data, such as information relating to mandate initiation, contracts, investor categorisation, investment preferences, suitability- or appropriateness-related information where applicable, and service history;
• compliance and due diligence data, such as information required to comply with legal, regulatory and internal governance obligations;
• technical and usage data, such as IP address, device identifiers, browser type, operating system, date and time of access, pages visited, clicks and similar website interaction data;
• newsletter data, such as subscription status, consent records, opening data and click behaviour, where newsletter analytics are used.

The company does not intentionally request sensitive personal data through the website unless this is necessary in the specific context and appropriate safeguards are in place.

4. Purposes of Processing

Personal data may be processed in particular for the following purposes:

• operating, maintaining and securing the website and related IT systems;
• communicating with website visitors, prospective clients, clients, business partners and service providers;
• assessing enquiries and preparing, concluding, performing and administering contractual relationships;
• providing information about the company and its services;
• complying with legal, regulatory, supervisory and internal compliance obligations;
• documenting processes, preserving evidence, exercising or defending legal claims and managing risks;
• conducting internal administration, planning, quality assurance and business organisation;
• sending newsletters and other communications where this is legally permissible or based on consent;
• analysing website use in order to improve the website, user experience and communications.

5. Legal Bases / Grounds for Processing

Under Swiss law, personal data may be processed in particular where such processing is necessary for the initiation or performance of a contract, for compliance with legal obligations, for overriding private interests such as security, administration, risk management and communication, or on the basis of consent where consent is required or obtained.

Where consent is relied upon, it may be withdrawn at any time with effect for the future.

6. Data Collection When You Visit the Website

When you visit the website, the hosting provider and the company may automatically collect technical data that is required to display the website, ensure functionality, guarantee system security and maintain system integrity. This may include IP address, date and time of access, browser request, transferred data volume, referrer URL, browser type and operating system.

Such processing is necessary for the operation of the website and is in the company’s legitimate interest.

7. Contact Forms and Business Communications

If you contact the company by e-mail, telephone, contact form or otherwise, the company processes the personal data you provide in order to handle your request, communicate with you, evaluate a potential business relationship, provide requested information or perform contractual and pre-contractual steps.

Please do not send confidential or highly sensitive information through unsecured channels unless this is necessary and suitable in the circumstances.

8. Google Analytics

This website uses Google Analytics, a web analytics service used to evaluate the use of the website and generate statistical reports. Google Analytics may use cookies and similar technologies to collect information such as IP address, device and browser information, approximate geolocation, pages visited, duration of visits and interaction behaviour on the website.

Google Analytics is generally provided in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited may rely on Google LLC and other affiliated companies or subprocessors, including in the United States.

Where required under applicable law or under the website’s consent settings, analytics cookies or similar technologies are used only after the relevant user choice has been made. Users may also object through browser settings or other technical measures, although this may impair certain website functions.

Further information on Google Analytics can be provided in the cookie settings or on Google’s privacy information pages.

9. Newsletter

If you subscribe to the newsletter, the company processes your e-mail address and any additional information you voluntarily provide in order to send regular updates, legal and market information, company news, publications, invitations or similar communications.

Newsletter registration should be based on a double opt-in process. After registration, a confirmation e-mail is sent and the subscription becomes effective only once the confirmation link has been clicked. The company may record the date, time, IP address and confirmation status in order to document consent and ensure compliance.

If the newsletter includes performance measurement, the company may process data relating to delivery, opening behaviour, clicks and interactions in order to analyse and improve newsletter content, frequency and relevance. Such processing should be transparently disclosed in the sign-up process and in this policy.

You may unsubscribe from the newsletter at any time by using the unsubscribe link included in each newsletter or by contacting the company directly. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

The company may use external service providers for newsletter distribution. If such providers process data outside Switzerland or the EEA, the rules on international transfers set out below apply.

10. Cookies and Similar Technologies

The website uses cookies and similar technologies to ensure technical functionality, save user preferences, analyse usage and improve the website. More detailed information on the use of cookies is set out in the Cookie Policy.

11. Recipients and Categories of Recipients

Personal data may be disclosed, to the extent necessary, to the following categories of recipients:

• IT, hosting, cloud, website, communication and support service providers;
• analytics providers such as Google in connection with Google Analytics;
• newsletter and marketing service providers;
• legal, tax, audit, compliance and other professional advisers;
• counterparties, business partners and service providers where this is necessary for the business relationship;
• authorities, courts, supervisory bodies, ombuds services and other public bodies where required by law or necessary in a specific case.

Such recipients may process personal data either as processors acting on the company’s instructions or, where legally required or factually necessary, as independent controllers.

12. International Data Transfers

Personal data may be processed in Switzerland, in the European Economic Area and, where necessary, in other countries, including countries that may not provide a level of data protection equivalent to Swiss law. Where personal data is transferred to such countries, the company implements appropriate safeguards, in particular contractual safeguards such as standard contractual clauses, unless a statutory exception applies.

In certain cases, data subjects may also expressly consent to such transfers where this is legally relevant and appropriate.

13. Retention Period

Personal data is retained only for as long as necessary for the purposes described in this policy, for as long as the company has a legitimate interest in retention, or for as long as statutory retention, documentation or compliance obligations apply. Thereafter, the data is deleted or anonymised unless further retention is required for legal or regulatory reasons or for the establishment, exercise or defence of legal claims.

14. Data Security

The company takes appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. However, absolute data security cannot be guaranteed in all circumstances, particularly in connection with data transmission over the internet.

15. Rights of Data Subjects

Subject to applicable law and the specific circumstances, you may have the right to request information about personal data processed concerning you, to request correction, deletion or restriction of processing, to object to certain processing activities, to withdraw consent with effect for the future and, where applicable, to receive data in a portable format.

You may also have the right to contact the competent data protection authority.

16. Amendments

This Privacy Notice may be amended at any time. The version published on the website is the current version.

Last updated: May 2026