March 22, 2026
Methodology About Contact
ETF TOKENISATION
The Vanderbilt Terminal for ETF Tokenization Markets
INDEPENDENT GLOBAL INTELLIGENCE FOR ETF TOKENIZATION REGULATION
Global ETF AUM: $14.6T ▲ +18% YoY | Tokenized Fund AUM: $10.2B ▲ +340% Since 2023 | MiCA Enforcement: Jul 2026 ▼ Fund Provisions | SEC Spot BTC ETF: Jan 2024 ▲ 11 Approved | SEC Spot ETH ETF: May 2024 ▲ 9 Approved | Jurisdictions w/ Crypto ETF: 23 ▲ +7 in 2024 | On-Chain NAV Funds: 47 ▲ +22 YoY | DTCC Blockchain Pilots: 5 Active ▲ Settlement | Global ETF AUM: $14.6T ▲ +18% YoY | Tokenized Fund AUM: $10.2B ▲ +340% Since 2023 | MiCA Enforcement: Jul 2026 ▼ Fund Provisions | SEC Spot BTC ETF: Jan 2024 ▲ 11 Approved | SEC Spot ETH ETF: May 2024 ▲ 9 Approved | Jurisdictions w/ Crypto ETF: 23 ▲ +7 in 2024 | On-Chain NAV Funds: 47 ▲ +22 YoY | DTCC Blockchain Pilots: 5 Active ▲ Settlement |

Privacy Policy

Privacy Policy

Last updated: March 15, 2026

This Privacy Policy explains how The Vanderbilt Portfolio AG (“we,” “us,” or “our”) collects, uses, stores, and protects personal data when you visit ETF Tokenisation (etftokenisation.com). This policy applies to all visitors, subscribers, and users of the website. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable privacy legislation.

ETF Tokenisation provides analysis of ETF tokenization regulation and market structure across global jurisdictions. Understanding how we handle data is important given that our coverage addresses sensitive financial regulatory topics.

1. Data Controller

The Vanderbilt Portfolio AG operates ETF Tokenisation (etftokenisation.com) and acts as the data controller for the purposes of applicable data protection law. The Vanderbilt Portfolio AG is incorporated in Switzerland and subject to Swiss data protection law as well as the GDPR where it processes data of individuals in the European Economic Area (EEA).

Registered office: The Vanderbilt Portfolio AG, Switzerland

Data protection contact: info@etftokenisation.com

2. Information We Collect

We collect information through several channels when you interact with our website.

2.1 Automatically Collected Information

When you visit ETF Tokenisation, the following information is collected automatically through server logs and analytics tools:

  • IP address: Your Internet Protocol address, which may be anonymized depending on your jurisdiction and applicable regulations.
  • Browser and device information: Browser type, version, operating system, screen resolution, and device type (desktop, tablet, or mobile).
  • Access data: Pages visited, time spent on each page, referring URL, exit pages, and navigation path through the site. For example, we may record whether you accessed our US regulation section, our comparison analysis, or our glossary.
  • Timestamps: Date and time of each page request.
  • Language preferences: Browser language settings used to determine content presentation.

This data is collected through Google Analytics (GA4) and standard web server logs. Google Analytics uses cookies and similar technologies to collect and analyze information about use of the website.

2.2 Cookies and Tracking Technologies

We use cookies and similar technologies as described in our Cookie Policy. Cookies fall into three categories on our site: essential cookies required for website operation, analytics cookies used to understand traffic patterns, and advertising cookies used by Google AdSense to serve relevant advertisements.

Under the GDPR and the ePrivacy Directive, we obtain your consent before placing non-essential cookies on your device, except where strictly necessary for the functioning of the website.

2.3 Voluntarily Provided Information

If you choose to interact with us directly, we may collect:

We do not collect sensitive personal data (also known as special category data under the GDPR), such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

Under the GDPR, we process personal data on the following legal bases:

  • Legitimate interests (Article 6(1)(f) GDPR): We process automatically collected data and server logs to operate, secure, and improve the website. Our legitimate interest is maintaining a functional, secure platform that delivers high-quality analysis of tokenized fund regulation and market structure.
  • Consent (Article 6(1)(a) GDPR): We process data collected through analytics cookies and advertising cookies only where you have given consent. You may withdraw consent at any time through your browser settings or by contacting us.
  • Contract performance (Article 6(1)(b) GDPR): Where you subscribe to a newsletter or service, we process your email address to fulfill that subscription.
  • Legal obligation (Article 6(1)(c) GDPR): We may process data where required to comply with applicable laws, including tax, accounting, or regulatory obligations under Swiss or EU law.

4. How We Use Information

We use collected information for the following purposes:

  • Website operation and security: Ensuring the website functions correctly, detecting and preventing security threats, and maintaining system integrity.
  • Analytics and improvement: Analyzing usage patterns to understand which content areas — such as our entity profiles, guides, or regulatory comparisons — are most accessed, and using those insights to improve coverage and user experience.
  • Communication: Responding to inquiries, sending newsletter updates to subscribers, and providing information about new analysis or features.
  • Advertising: Serving relevant advertisements through Google AdSense based on your browsing behaviour, subject to your cookie consent preferences.
  • Legal compliance: Meeting our obligations under applicable data protection, tax, and commercial law.

We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

5. Third-Party Services

We use the following third-party services that may process personal data:

5.1 Google Analytics (GA4)

Google Analytics collects anonymized usage data to help us understand how visitors interact with the website. Google processes this data on our behalf under a data processing agreement. Google Analytics data is retained for 14 months. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

Google’s privacy policy: https://policies.google.com/privacy

5.2 Google AdSense

Google AdSense serves advertisements on our website. AdSense may use cookies to serve ads based on your previous visits to this website or other websites. You can opt out of personalized advertising by visiting Google’s Ads Settings.

Google’s advertising privacy information: https://policies.google.com/technologies/ads

5.3 Hosting Provider

Our website is hosted on infrastructure that processes server access logs containing IP addresses and request data. This processing is necessary for the secure operation of the website and is covered by a data processing agreement with our hosting provider.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • Server logs: Retained for 90 days, then deleted.
  • Google Analytics data: Retained for 14 months, as configured in our GA4 property settings.
  • Newsletter subscriber data: Retained until you unsubscribe, at which point your email address is deleted within 30 days.
  • Correspondence: Retained for up to 24 months after the last communication, or longer where required for legal compliance.

7. Data Transfers

As a Swiss-based organization using US-based service providers (Google), personal data may be transferred to countries outside the EEA and Switzerland. Such transfers are protected by:

  • EU-US Data Privacy Framework: Google LLC is certified under the EU-US Data Privacy Framework, providing adequate protection for personal data transferred to the United States.
  • Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we rely on the European Commission’s Standard Contractual Clauses as the legal mechanism for data transfers.
  • Swiss adequacy decisions: Transfers are also subject to any applicable adequacy decisions under Swiss data protection law.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all website traffic.
  • Access controls limiting data access to authorized personnel only.
  • Regular security updates to website infrastructure and software.
  • Data processing agreements with all third-party service providers.

While we take reasonable steps to protect personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

9. Your Rights

Under the GDPR, the Swiss FADP, and other applicable privacy laws, you have the following rights regarding your personal data:

  • Right of access (Article 15 GDPR): You may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16 GDPR): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17 GDPR): You may request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restriction of processing (Article 18 GDPR): You may request that we restrict processing of your personal data in certain circumstances.
  • Right to data portability (Article 20 GDPR): You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21 GDPR): You may object to processing of your personal data based on legitimate interests, including direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at info@etftokenisation.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority — in Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC); in the EU, this is the data protection authority in your member state.

10. Children’s Privacy

ETF Tokenisation is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised “last updated” date. We encourage you to review this policy periodically.

For material changes that significantly affect how we process personal data, we will provide prominent notice on the website.

12. Regulatory Authority References

For EU data protection guidance, the European Data Protection Board publishes guidelines applicable to financial services websites. Financial regulatory authorities including ESMA and BaFin publish supplementary data protection guidance for entities operating in the financial services sector.

13. Contact

For privacy inquiries, data subject requests, or questions about this policy: info@etftokenisation.com

You may also write to us at:

The Vanderbilt Portfolio AG Data Protection Switzerland

Institutional Access

Coming Soon