Version: 5 / 11 - 202 5
Privacy Policy
1
Version: 5 / 11 - 202 5
At Vaekst , protecting your privacy and personal data is a key priority. We want you
to have full transparency on how we collect, use, and store your data, and the confi-
dence that we process it in a secure and responsible manner.
Before using our products and services, we ask you to read this Privacy Policy. Here,
we explain what information we collect about you as a customer, why we process it,
who has access to it, and what rights you have regarding your data.
In this Policy, the term “customer” refers to the individual who has entered into, or
may enter into, an agreement with Vaekst regarding investment, trading, or custody
services, as well as other individuals whose data we process in connection with our
services ( e.g. visitors to our website).
The company responsible for processing your personal data as described in this Pri-
vacy Policy is Vaekst Fondsmæglerselskab A/S, binavn to Endavu Fonds-
mæglerselskab A/S, CVR no. 43605445 .
We only process personal data when it is necessary in order to enter into or fulfil an
agreement with you, or when required by law. We may also process data where it is
necessary for our legitimate interests (GDPR Article 6(1)(f)), for example to operate
a nd improve our platform, provided that such processing does not override your
rights and interests. If we obtain your consent for marketing purposes, you may with-
draw it at any time. This will not affect any processing that has already taken place
before t he withdrawal (GDPR Article 6(1)(a)).
Depending on which services you use, the following main categories of information
may be collected:
Personal information:
- Information that can be used to identify you, such as name, date of birth, personal
identification number, email address, and phone number. Name and address de-
tails are continuously updated via the Danish Civil Registration System (CPR).
Customer information:
- Information linked to your customer profile with Vaekst , such as customer number
and account number, the products and services you use, and other history asso-
ciated with your profile.
Financial Information :
- Account details, holdings, balances, financial assets and investments, transac-
tions, income information, financial situation, previous experience with securities,
2
Version: 5 / 11 - 202 5
investment objectives, financial risk tolerance, verifications and billing details, as
well as purchase and sales records.
Security Information
- Login credentials, login history, security logs, timestamps and geolocation data.
Politically Exposed Persons (PEP) information
- Information on any politically exposed position, including details of political in-
volvement.
Suitability and appropriateness assessments
- Information you have provided in connection with a suitability assessment, such
as the purpose of your savings or your planned investment horizon.
- Information you as a customer have provided in connection with the suitability
assessment, such as questions regarding your knowledge of financial instru-
ments.
Tax liability
- Information related to your tax obligations, including foreign tax identification
numbers and details required to apply for tax benefits under double taxation trea-
ties.
Money laundering and terrorist financing :
- Information necessary for us to counter the risk of money laundering and terrorist
financing, such as information of your main occupation, the purpose of your in-
volvement with Vaekst , and the origin of the funds and/or securities you deposit
with us.
Information about how you interact with Vaekst :
- Information about how you use our services , including how you accessed and
interacted with our platforms, any download errors, and the response times of our
pages.
Device information:
- Information about the device you use to log into your account, as well as its
browser settings, such as IP address, language preferences, browser configura-
tion, time zone, operating system, platform, and screen resolution.
The collection and processing of personal data is necessary for us to enter into and
fulfil agreements on investment, trading, and custody services, as well as to comply
with legal obligations such as anti - money laundering and tax regulations. All pro-
cessi ng is carried out on four legal bases: contract (execution of your trade orders),
legal obligation (regulatory requirements), legitimate interests (operation, mainte-
nance and development of the platform, subject to a balancing of interests), and con-
sent (f or example marketing, which you may withdraw at any time).
3
Version: 5 / 11 - 202 5
As examples, under contract we process your account details to execute your pur-
chases and sales; under legal obligation we report transactions to the Danish Tax
Agency and the Danish Financial Supervisory Authority; based on legitimate interests
we analyse user traffic to improve speed and stability; and where you have given
consent, we may send you newsletters.
Only trusted employees of Vaekst and authorised third - party service providers have
access to your personal data. In addition, certain data is processed automatically
through systems and algorithms, for purposes such as risk management, profiling,
and optimisation of our platform.
Information regarding any potential criminal offences is only processed to the extent
necessary for reporting to the relevant authorities in accordance with the Danish Act
on Measures to Prevent Money Laundering and Financing of Terrorism (the "Money
Laundering Act ").
Vaekst may disclose your personal data to a number of third parties, including public
authorities, other group companies, business partners, external advisors and suppli-
ers who assist us in delivering our services. We only disclose the information neces-
sary for the specific purpose.
Public Authorities
- We may disclose information to public authorities where required by law, includ-
ing to the Danish Tax Agency, the Danish Financial Supervisory Authority, or the
police in connection with anti - money laundering reports and tax reporting.
Group Companies
- We may disclose information to group companies where this is necessary to fulfil
joint product and service agreements or internal obligations. Such processing al-
ways takes place under an intercompany data processing or data sharing agree-
ment, and only the information strictly necessary is shared.
Business Partners
- We may disclose information to business partners, such as IT providers, hosting
and communications providers, and platform and analytics partners, where this
is required to deliver a specific service to the customer (for example platform
operations, suppor t or user behaviour analysis). We only share the information
necessary for the purpose, and always under a data processing agreement or
after a legitimate interest assessment.
External Advisors, Representatives and Experts
- We may disclose information to external advisors, representatives and experts,
including auditors, lawyers and specialists in risk management, where access to
your data is required to obtain independent advice or to meet internal control
obligations. Acces s is limited to what is strictly necessary for the advice provided.
4
Version: 5 / 11 - 202 5
Research
- We may also contribute to research within the field of investments. In this context,
we may provide irreversibly anonymised customer and transaction data to exter-
nal research and analysis institutions, for example to study investment behaviour.
Anonymisati on ensures that individual persons cannot be re - identified. Disclo-
sure will always take place via encrypted channels under a data processing
agreement, and all data will be securely destroyed or archived at the end of the
project.
Vaekst ensures that all third - party recipients are required to process your personal
data in accordance with the GDPR and Danish data protection legislation. We imple-
ment appropriate technical and organisational measures, including encryption, ac-
cess controls an d audit requirements, to ensure that your information is processed
securely and confidentially.
As a general rule, personal data is only processed within the EU/EEA. In rare cases,
we may need to transfer data to countries outside the EU/EEA (“third countries”).
Such transfers will only take place where we have ensured that the country in ques-
tion pr ovides an adequate level of protection, or that appropriate safeguards have
been put in place, such as the European Commission’s standard contractual clauses,
binding corporate rules, or other approved transfer mechanisms. We always combine
these standard mechanisms with supplementary technical and organisational
measures to ensure a level of protection equivalent to that within the EU.
At the same time, we take appropriate and relevant legal, technical and organisa-
tional measures to ensure that we handle personal data securely and correctly. Be-
fore sharing your personal information, we always make sure to comply with the con-
fidentiality requirements that apply within the financial sector.
Vaekst stores personal data for as long as there is a legitimate need for it. That is,
as long as the customer makes use of our platform. If the customer no longer uses
our platform, their data will be deleted no later than five years in accordance with
applicable law.
We otherwise only retain personal data for as long as it is necessary to meet the
customer’s needs or to comply with applicable legislation, i ncluding in particular the
rules of the Danish Bookkeeping Act and the Danish Anti - Money Laundering Act.
According to the Danish Data Protection Act and the General Data Protection Regu-
lation (GDPR), the customer has a number of rights in relation to the personal data
we process. There are certain exceptions to the customer's rights, and it is thus not
in all cases that the customer will be able to assert these rights.
5
Version: 5 / 11 - 202 5
Specifically, the customer has the following rights:
- The right of access to personal data
- Right to rectify and update the personal data that has been registered.
- The right to have personal data that has been registered deleted if Vaekst no
longer has a legitimate need to process the data.
- Right to object to the processing of personal data if, for example, it is used for
marketing purposes.
- Right to withdraw the consent given.
We are responsible for the processing of the personal data we collect about our cus-
tomers and business partners. You can find our contact details below:
Vaekst Fondsmæglerselskab A/S
CVR - nr. 43605445
If you have any questions regarding our processing of personal data, or if you wish
to exercise your rights under the GDPR, you can contact us at
dataprotection@ Vaekst .com
In addition, you have the right to complain about our processing of personal data to
the Danish Data Protection Agency . The contact details of the Danish Data Protec-
tion Agency are as follows:
E - mail: dt@datatilsynet.dk
P hone: + 45 33 19 32 00
Website: www.datatilsynet.dk
6