Personal Data Protection Policy

WERIN seeks to build a transparent, trust-based relationship with its Visitors and Users. WERIN undertakes to protect your personal data and privacy, and to ensure the security of the information entrusted to it.

This personal data protection policy (the "Policy") applies to all persons accessing the werinfinance.com platform and, where applicable, the WERIN mobile application, whether they are:

• Visitors: any person browsing the site without being logged into an account;
• Users: any person holding a WERIN account and accessing the proposed services.

WERIN acts as data controller within the meaning of the GDPR. WERIN may modify this Policy at any time. The version in force is available on the platform and any material change will be notified to Users by email.

WERIN ensures that it collects only the data strictly necessary for the purpose for which it is processed. Depending on your profile (Visitor or User) and the services you use, the data collected may differ.

2.1 — Data collected from Visitors and Users

Upon access to the platform, WERIN automatically collects certain browsing data:

• IP address, date and time of connection, pages viewed;
• Type of browser and operating system used.

This data enables the technical operation of the site, the production of audience statistics and the improvement of the content and services offered. Cookies may also be placed on your device, in accordance with our Cookie Policy accessible on the platform.

2.2 — Data provided when creating an account

Creating a User Account requires the following information:

• Email address and password (the password is stored in encrypted form, inaccessible to WERIN).

This data is necessary for the performance of the contract and for accessing WERIN services.

2.3 — Data collected through the use of the services

In the context of using the platform, WERIN collects and processes:

• The portfolio configuration parameters and criteria entered by the User;
• The saved portfolio configurations and the associated tracking data;
• Data relating to the subscription and transactions (banking data is processed directly by our payment provider; WERIN does not access it).

2.4 — Data collected through communications

When you contact customer service or agree to receive our communications:

• The content of your exchanges with our team;
• Your email address, to send you notifications relating to your account (changes to the ToS, security alerts, rebalancing proposals) and, with your consent, marketing communications.

You may opt out of marketing communications at any time by clicking on the unsubscribe link in each email.

2.5 — Content you publish on the platform

Comments, reviews and testimonials that you voluntarily publish on the platform constitute personal data of which you remain the owner. By publishing them, you authorise WERIN to use them for promotional purposes, free of charge, for the duration of your registration and for three (3) years after the end of services, under the conditions provided in the ToS.

WERIN handles your data with the utmost care and shares it only with third parties strictly necessary for providing its services:

• Technical and hosting providers: data hosting, cloud infrastructure, development tools. These providers are contractually bound by confidentiality and security obligations.
• Payment provider: secure processing of your transactions. This provider is responsible for your banking data under its own privacy policy.
• Financial data providers: feeding the platform with market data and company fundamentals.
• Audience measurement tools: WERIN uses Google Analytics 4 (operated by Google Ireland Limited) and PostHog for statistical analysis of platform use. These tools are activated only with your prior and explicit consent, collected via Axeptio, our consent management platform (CMP). Without consent, no browsing data is transmitted to these third parties.
• Public and judicial authorities: upon a request based on legal grounds or in the context of judicial proceedings.

WERIN does not sell or rent your personal data to third parties for commercial purposes.

WERIN implements appropriate technical and organisational measures to protect your data against any unauthorised access, disclosure or alteration. These measures include in particular:

• Encryption of data in transit (HTTPS/TLS) and at rest;
• Hashing of your password (not readable by WERIN);
• Management of internal access rights according to the least-privilege principle;
• Regular security audits.

In the event of a data breach likely to result in a risk to your rights and freedoms, you will be informed as soon as possible, in accordance with applicable regulations.

Your data is retained for the period strictly necessary for the purposes for which it was collected, then deleted or anonymised. As an indication:

• Account data: duration of the subscription, then 3 years;
• Portfolio configurations: duration of the account, then deleted upon closure;
• Connection data and logs: 12 months;
• Billing and payment data: 10 years (legal obligation);
• Customer service exchanges: 3 years from the last contact;
• Marketing data: 3 years from the last contact, or immediate deletion upon withdrawal of consent.

Account closure entails the deletion of all personal data and portfolio configurations, in accordance with our Personal Data Protection Policy.

Where data is transferred to countries outside the European Economic Area, WERIN will ensure that such transfers are framed by appropriate safeguards (adequacy decision of the European Commission or standard contractual clauses), in order to provide a level of protection equivalent to that guaranteed within the European Union.

For any information on these safeguards, you may contact WERIN at admin@werinfinance.com.

In accordance with applicable personal data protection regulations (GDPR and French Data Protection Act), you have the following rights:

• Right of access: obtain confirmation that data concerning you is being processed and receive a copy.
• Right to rectification: have inaccurate or incomplete data corrected.
• Right to erasure: request the deletion of your data under the conditions provided by the regulations.
• Right to restriction: request the temporary suspension of processing.
• Right to portability: receive your data in a structured, machine-readable format.
• Right to object: object at any time to the processing of your data for marketing purposes, without having to justify your request.
• Withdrawal of consent: withdraw your consent at any time, without affecting prior processing.
• Post-mortem directives: provide directives regarding the fate of your data after your death.

To exercise any of these rights, send your request:

• By email to: admin@werinfinance.com (subject: "Exercise of rights — Personal data");
• By post to: WERIN SAS — Data Protection Officer — 6B Boulevard Berthelot, Bureau 3, 34000 Montpellier (France).

WERIN undertakes to respond within one (1) month. This period may be extended by two (2) additional months for complex requests, in which case the User will be informed. Exercising these rights is free of charge.

You also have the right to lodge a complaint with the CNIL, online at www.cnil.fr or by post at: CNIL — 3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07.

The WERIN platform relies on an algorithm that generates equity portfolio configurations based exclusively on the criteria entered by the User. This involves automated processing of personal data, the nature of which WERIN wishes to clarify. WERIN is fundamentally conceived as a tool that helps structure the investor's thinking: it does not decide for them; it provides a framework to formalise, organise and visualise their own choices.

Personalised processing, without autonomous decision-making effect

The WERIN algorithm analyses the preferences and criteria expressed by the User to produce a result tailored to their parameters. In this respect, it amounts to a form of profiling within the meaning of the GDPR. However, this processing does not constitute an automated decision producing significant effects on the User, for the following reasons:

• All criteria fed into the algorithm are provided exclusively by the User. WERIN does not infer, complete or modify any parameter without the User's express agreement.
• The result produced is an indicative configuration. It is neither a personalised recommendation nor investment advice, and produces no legal effect or automatic consequence for the User.
• The User remains at all times the sole decision-maker: it is for them to decide freely whether to act on the proposed portfolio, and to execute any orders with the broker of their choice, without WERIN's intervention.
• WERIN executes no orders, holds no assets and acts in no way on behalf of the User.

Legal basis and transparency

This processing is based on the performance of the contract between the User and WERIN: it is the very condition of the service. It is carried out strictly within the limits of the data provided by the User and gives rise to no commercial profiling, advertising targeting or transfer to third parties.

For any question on the operation of the algorithm applied to your data, you may contact our Data Protection Officer at admin@werinfinance.com.

When accessing the platform or using the services, cookies may be placed on your device. The operating conditions and use of these cookies are described in our Cookie Policy, accessible in the footer of the site.

WERIN reserves the right to modify this Policy at any time, in particular to comply with regulatory or service changes. Any material change will be notified to Users by email and published on the platform with thirty (30) days' notice. The version in force is the one available on the platform on the date of consultation.

© 2026 WERIN SAS — Personal Data Protection Policy — Version April 2026