Bequant — Institutional Trading Infrastructure & Prime Services

1. Scope and purpose

This Cookie Policy (the “Policy”) explains how Bequant Pro Limited (“Bequant”, “we”, “us” or “our”) uses cookies and similar technologies on our website and technology platforms (the “Site”), and, where applicable, in our marketing communications.

The Site uses cookies to distinguish you from other users, to operate core functionalities, and to help us monitor, measure and improve the performance, security and reliability of our Services. As a MiCA-aligned crypto-asset service provider, the use of cookies also supports our ICT-resilience and digital-operational-resilience obligations under Regulation (EU) 2022/2554 (DORA) where relevant.

This Policy should be read in conjunction with our Privacy Policy and Terms of Business. By using the Site, you consent to our use of cookies as described below, to the extent that consent is required under applicable law.

This Cookie Policy also applies to Bequant Prime Limited (“BQ Prime”), under the existing intercompany resource-sharing and operational-support arrangements between Bequant Pro Limited and Bequant Prime Limited. The Site and this Policy are used in common by both entities, and the same cookie-settings and technical implementation shall apply. References to MiCA- and DORA-aligned obligations in this Policy are understood to relate to Bequant Pro Limited only, as Bequant Prime Limited does not itself hold MiCA/DORA-level direct obligations at this time.

2. What are cookies

A “cookie” is a small text file of letters and numbers that is stored on your browser or device when you access the Site. It may include an anonymous, unique identifier and is used to recognize your browser or device during subsequent visits.

Cookies on the Site may be used to:

remember your actions and preferences (e.g., login, language, theme, or display settings) over time;
record the date and time of your visits and how you use the Site (pages viewed, features used, click-stream data); and
support core operational and security functions, including session-management and fraud-monitoring.

For the purposes of this Policy, the term “cookies” includes cookies and other similar tracking technologies such as web beacons, pixels, local-storage objects, and other terminal-equipment-based identifiers.

3. How we use cookies

3.1 ICT-resilient and security-related cookies

We use certain cookies and local-storage mechanisms to support our ICT-resilience and cybersecurity functions under MiCA- and DORA-aligned frameworks. These include:

session-security tokens and authentication-related cookies necessary to maintain secure login and access-control mechanisms;
session-management and one-time-token cookies that support multi-factor-authentication flows and trade-execution-channel integrity; and
anomaly-detection and abuse-monitoring cookies that help us identify unusual or potentially fraudulent activity.

These cookies are primarily strictly necessary for the operation of the Site and for the purposes of:

performance of our contractual obligations (Art. 6(1)(b) GDPR); and
our legitimate interests in security, fraud-prevention, and operational resilience, where those interests are not overridden by your rights (Art. 6(1)(f) GDPR).

Consent is not required for such strictly-necessary cookies under ePrivacy-style rules.

3.2 Types of cookies we use

We categorise cookies on the Site as follows, in line with recognized cookie-law practice and ICO-style guidance:

Category	Purpose and examples	Legal basis
Strictly necessary cookies	Essential for the Site to function (e.g., user login, session-management, security-tokens, and core trading-platform navigational-state). These cookies cannot be disabled in our systems without affecting core functionality. They do not store sensitive personal data but may carry session identifiers.	Performance of contract (Art. 6(1)(b) GDPR) and legitimate interest (security and service-operation).
Security and DORA-aligned ICT-resilience cookies	Support MiCA and DORA-aligned ICT-resilience and cybersecurity obligations, including user-session-monitoring, incident-logging, and abuse-detection. Such cookies may be combined with other technical and usage data to enable compliance monitoring and incident-reporting.	Legal obligation (ICT-security and financial-sector-resilience requirements) and legitimate interest (fraud-prevention).
Performance cookies	Analytics. Used to count visitors, measure traffic sources and understand how users interact with the Site (e.g., pages viewed, feature usage, error-rates). All information collected is aggregated and anonymized where possible. We will only set these cookies where you have given valid consent, in line with ePrivacy-style rules. We use Google Analytics (provided by Google LLC) and certain internal analytics tools to help us understand how users interact with the Site and to optimise the user experience, reliability and security of our Services. Google Analytics uses cookies that may collect information such as your IP address, browser type, operating system, pages visited and session duration. This information is transmitted to and stored by Google on servers outside the EEA and the UK, and may be used by Google to compile reports on Site-activity and to provide other usage-related services. You may configure your browser to block or delete cookies, but if you do so you may lose access to certain features of the Site. By using the Site and accepting our cookie-consent banner, you consent to the processing of data about you by Google in the manner and for the purposes described herein, where consent is required under applicable law. We do not control these third-party cookies, and the data is processed under the respective providers' privacy and cookie policies. Where applicable, such providers are contractually bound to comply with GDPR- and MiCA-aligned data-protection obligations.	Consent (Art. 6(1)(a) GDPR) where required.
Targeting cookies	Used to build interest-based profiles, measure advertising-campaign effectiveness and to serve more relevant advert-creative on our Site or on third-party platforms. These may be set by us or by third-party advertising partners and may identify your browser or device, often in pseudonymized form.	Consent (Art. 6(1)(a) GDPR).
Functionality cookies	Enable the Site to recognize you when you return, remembering preferences (language, region, theme, dashboard-layout, etc.) and certain configurable settings. Some functionality cookies may be set by us; others may be provided by third-party widgets.	Consent (where profiling-related), or legitimate interest (where non-personalized or anonymized).

You may manage your consent for non-essential categories (performance, functionality, targeting) via our cookie-consent banner or your browser settings.

4. Where we place cookies

We place cookies across the following environments:

our main website and any associated microsites or subdomains;
our technology and trading platforms (web UIs and API-based interfaces);
any mobile or desktop applications provided by Bequant; and
marketing emails and communications (e.g., tracking open-rates and clicks).

Cookies may be:

first-party (set directly by Bequant); or
third-party (set by external service providers acting on our behalf, such as Google Analytics, payment-providers (if applicable), or advertising-networks (if applicable)).

We require all third-party providers that place cookies on our behalf to comply with applicable data-protection and ICT-resilience obligations, and, where they act as processors, with GDPR-style data-protection-by-design and data-protection-by-default expectations.

5. How long cookies stay on your device

The duration for which a cookie remains on your device depends on whether it is a session cookie or a persistent cookie:

Session cookies are placed during your browsing session and are automatically deleted when you close your browser.
Persistent cookies remain on your device until their defined expiry date or until you manually delete them.

Typical expiry durations for key categories are as follows:

Cookie category	Typical expiry window (illustrative only)
Strictly necessary / session cookies	On session / deleted when the browser is closed
Performance / analytics cookies (e.g., Google Analytics)	Up to 2 years, although the actual lifetime may be shorter depending on browser behaviour and provider settings
Functionality cookies	1 year or less, depending on provider
Targeting / advertising cookies	Typically, 3–12 months, depending on provider and category

These periods correspond with the underlying third-party providers' cookie-settings where applicable and are subject to change in line with MiCA-, DORA- and GDPR-aligned cookie-law updates.

6. Managing and Controlling cookies

You may control, manage or delete cookies in several ways:

via our cookie-consent banner, which allows you to accept, reject or customize your consent for each category of cookie;
by adjusting your browser settings (e.g., “Help”, “Tools”, “Privacy” menus), where you can block, delete or receive alerts when cookies are set; and
by using cookie-management resources provided by major browsers (e.g., Chrome, Firefox, Safari, Edge) and third-party guidance such as www.aboutcookies.org.

Please note:

if you disable strictly necessary cookies, core features of the Site (including login, trading, security-related controls and certain MiCA-aligned monitoring functions) may not operate correctly or may be unavailable;
if you block or delete performance, functionality, targeting or certain security-related cookies, you may still use the Site, but your experience and the effectiveness of our MiCA- and DORA-aligned ICT-resilience and security-monitoring mechanisms may be reduced;
You may also configure your browser to send “Do-Not-Track” signals; however, since uniform standards for such signals have not yet been adopted, the Site does not currently detect or respond to them.

7. MiCA- and DORA-aligned context

As a MiCA-aligned crypto-asset service provider, our use of cookies contributes to:

enabling secure, stable and transparent trading, custody and administration services;
collecting non-personal or pseudonymized usage data for product-improvement, incident-analysis and statistical-risk-monitoring; and
fulfilling MiCA- and DORA-related ICT-resilience and cybersecurity obligations, including anomaly-detection, abuse-prevention, and incident-logging.

Any processing of personal data via cookies is carried out in accordance with:

GDPR Requirements (including clear-lawful-basis-mapping and purpose-limitation);
ePrivacy-style cookie-consent expectations (where non-essential cookies are deployed); and
MiCA- and DORA-aligned operational-resilience and security-governance requirements.

8. Policy Updates

We may update this Cookie Policy from time to time, for example to reflect:

changes in the types or categories of cookies used on the Site;
developments in MiCA, DORA, GDPR or ePrivacy-style-cookie-law; or
changes in our ICT-resilience, security-monitoring or marketing-practices.

When we do so, we will update the “Last updated” date at the top of this page and recommend that you review this Cookie Policy periodically.

9. Feedback and contact

If you have any questions or concerns about this Cookie Policy or how we use cookies, or if you wish to exercise your rights in relation to cookies-based tracking, you may contact our Privacy and Data Protection team at: legal@bequant.io