Data Protection Policy

1. OBJECTIVE

This policy aims to:

• Outline Krypto Broker Invest's obligations regarding data privacy laws and ethics.
  
• Define responsibilities and accountability for data privacy.
  
• Govern the management of personal data.
  
• Identify resources to help employees comply with this policy.

Krypto Broker Invest ("KRYPTO BROKER") respects your privacy. This Privacy Policy applies to personal information collected through our website and related applications, but not to sites operated by third parties. It informs you about the information we collect, how we use it, who we share it with, and your

data privacy rights.

Krypto Broker Invest is responsible for processing personal data ethically and lawfully. All personnel must comply with this policy and relevant guidelines. It’s essential for everyone to understand data privacy requirements and their importance in relation to personal data processing.

All KRYPTO BROKER personnel and engaged third parties must ensure compliance with this Data Protection Policy and applicable data protection laws. Non-compliance may result in disciplinary or legal action, including dismissal or criminal prosecution.

2. OVERVIEW

2.1 Client Confidentiality

KRYPTO BROKER INVEST will take reasonable measures to maintain client confidentiality through policies and procedures that protect shared information. This policy outlines how we safeguard client confidentiality.

2.2 Compliance with Data Protection Laws

KRYPTO BROKER INVEST must adhere to all relevant data protection and privacy laws in the UAE, including the PDPL and any applicable sectoral or free zone regulations. We must also comply with international data protection laws related to our activities.

2.3 Commitment to Personal Data Protection

Protecting personal data is vital to KRYPTO BROKER INVEST. Personal data refers to any information that can identify an individual directly or indirectly. We are dedicated to maintaining the confidentiality and security of data from customers, partners, suppliers, and personnel. This includes safeguarding all client-related information and transaction records. We recognize the sensitive nature of this data and will implement measures to prevent unauthorized access, use, or disclosure. Upholding these commitments is essential for meeting our contractual and regulatory obligations while maintaining trust and our reputation. This commitment extends to ensuring the ongoing confidentiality of all information related to KRYPTO BROKER INVEST’s clients, their properties, and transaction records. KRYPTO BROKER INVEST recognizes the sensitive nature of this information and will implement measures to prevent unauthorized access, use, or disclosure. Honouring these commitments is essential to meet our contractual and regulatory obligations, maintain the trust of our employees and uphold KRYPTO BROKER INVEST’s reputation.

2.4 Consequences of Non-Compliance

Failure to meet these obligations may result in fines, penalties, criminal sanctions, loss of business, and negative publicity.

3. SCOPE

3.1 Applicability of the Policy

This policy applies when KRYPTO BROKER INVEST acts as the data controller, determining the purpose and methods of processing personal data. It covers all personal data handled for its own purposes, including data related to employees, consultants, contractors, and temporary staff ("Personnel").

3.2 Responsibilities for Data Processing

If you collect, access, store, retrieve, delete, or use personal data on behalf of KRYPTO BROKER INVEST, you are considered "processing" that data. You are responsible for its usage and must understand how data privacy affects your role. For assistance, please contact the Data Protection Officer.

4. ACCOUNTABILITY

4.1 Accountability for Data Processing

Everyone at KRYPTO BROKER INVEST is responsible for processing personal data ethically and lawfully. Compliance with this policy and relevant guidelines is essential. It’s important to understand data privacy requirements as they relate to the personal data you handle on behalf of KRYPTO BROKER INVEST.

4.2 Compliance Responsibilities

All KRYPTO BROKER INVEST personnel and engaged third parties must ensure compliance with this Data Protection Policy and applicable data protection laws. Non-compliance may result in disciplinary or legal action, including dismissal, breach of contract claims, and criminal prosecution.

5. GOVERNANCE

5.1 Data Privacy Management

To manage its data privacy program, KRYPTO BROKER INVEST will implement the following:

Data Protection Officer (DPO)

The DPO, along with their team and the Legal Privacy team, will provide guidance and training on compliance with data protection laws. The DPO must have the necessary skills and may also serve as the CISO, who currently manages Data Protection.

Management & Protection of Personal Data

KRYPTO BROKER INVEST will establish a function responsible for managing and protecting personal data in accordance with applicable laws, tailored to the associated risks, including the implementation of relevant policies and controls.

Record of Processing

KRYPTO BROKER INVEST will maintain a record of processing activities as required by law and make it available to the supervisory authority upon request. The DPO will oversee this record.

Training and Awareness

KRYPTO BROKER INVEST will provide training for staff involved in processing personal data, ensuring they understand internal policies and the requirements of the Technology and Information Rulebook as they relate to their roles.

A privacy and security awareness program will educate all personnel on policies regarding the collection and processing of confidential information. Those with access to personal data will receive appropriate guidance and training.

All personnel must comply with training policies and confirm their acceptance annually. KRYPTO BROKER INVEST will periodically certify staff compliance with these policies.

Staff must not share confidential information within KRYPTO BROKER INVEST or with external entities unless necessary for Virtual Asset activities. Confidential information must not be used for trading Virtual Assets by any entity.

Information Rights

KRYPTO BROKER INVEST has a dedicated team and established processes to handle subject access requests and other information rights inquiries.

Policies and Procedures

We produce policies and guidance on information management and compliance, which are communicated to staff.

Contracts

The commercial legal department ensures our contracts comply with data protection laws.

Privacy Notices

KRYPTO BROKER INVEST will publish a privacy notice on our website and provide timely updates as required. We will also maintain an up-to-date staff privacy notice.

6. STATEMENTS

6.1 Principles

At KRYPTO BROKER INVEST, we process personal data lawfully, fairly, and transparently, informing personnel and users about how their data is handled.

We implement measures to minimize data processing to what is relevant and necessary, ensuring accuracy and compliance with retention schedules. Personal data is only collected as needed for its intended purpose

and will not be used or disclosed otherwise.

We regularly review the accuracy of personal data and its necessity for retention. Data will be erased or restricted when no longer needed, unless required by law.

Use of client-related information is strictly limited to the purposes for which it was provided, adhering to confidentiality agreements and legal requirements, including the acceptance of these agreements.

We apply privacy by design and default, considering data privacy compliance from the outset of any new project or product.

At KRYPTO BROKER INVEST, we adhere to rules for processing sensitive personal data, which is subject to additional legal requirements due to its nature and associated risks.

We implement appropriate measures to protect against unauthorized processing and accidental loss, destruction, or damage, using effective technical and organizational safeguards.

6.2 General Obligations

Notwithstanding any other regulations, VASPs must take all necessary steps to ensure VARA can access information related to KRYPTO BROKER INVEST’s compliance with Part II of the Technology and Information Rulebook, regardless of where it's stored. Access will be provided as per VARA's instructions and timelines.

Data Breach Notification

If a data breach is suspected, the employee who identifies it must immediately contact the DPO Team and Privacy Legal Team. KRYPTO BROKER INVEST is legally obligated to report breaches within 24 hours to relevant data regulators or affected individuals. The DPO will summarize the report for VARA and provide a copy if required, unless prohibited by law.

Employees must promptly report any unauthorized access or disclosure of personal data. If a breach poses serious harm to individuals, they will be notified without delay.

Following a data breach, the DPO must prepare a remediation plan to prevent future incidents and explain the actions taken to address the breach.

Resources & Audit

KRYPTO BROKER INVEST must demonstrate compliance to auditors and regulators by maintaining evidence of data processing activities. All employees share responsibility for data processing and record-keeping. We will ensure resources are available to implement and monitor policies and will conduct regular data protection audits to ensure compliance with this policy and applicable laws.

7. PERSONAL INFORMATION

7.1 The personal information we may collect from you generally falls into three categories:

(i) Information That You Provide Voluntarily

You may provide us with your identity, contact, and financial information by filling out forms or corresponding with us via post, phone, email, or other means. This includes personal information you

share when you:

• Apply for our products or services
  
• Create an account on our website
  
• Subscribe to our services or publications
  
• Request marketing materials
  
• Participate in competitions, promotions, or surveys
  
• Provide feedback
  

Certain sections of our website may also request your personal information voluntarily, such as for account registration, marketing subscriptions, or inquiries. We'll clearly explain what information is needed and why at the time of collection.

(ii) Information That We Collect Automatically

When you visit our website, we may automatically collect certain information from your device, which may be considered personal information in some regions, including the European Economic Area (EEA).

This information can include your IP address, device type, unique identifiers, browser type, general geographic location (like country or city), and how your device interacts with our site, such as pages visited and links clicked.

This data helps us understand our visitors better, their origins, and their interests, allowing us to enhance our website’s quality and relevance. Some of this information may be collected through cookies and similar tracking technologies.

(iii) Information That We Obtain from Third Party or Publicly Available Sources:

Occasionally, we may receive personal information about you from third parties, provided we verify that they have your consent or are legally allowed to share your data.

We use this information to improve our services, offering curated content relevant to your interests and the services we provide.

7.2 Who we share your information with

KRYPTO BROKER INVEST may share your personal information with the following recipients:

• Group Companies and Service Providers: This includes third-party partners who assist with data processing, website functionality, and security, as outlined in this Privacy Policy or communicated to you during data collection.
• Law Enforcement and Regulatory Bodies: We may disclose your information to law enforcement, regulatory agencies, courts, or other parties when necessary for:
• o Compliance with applicable laws or regulations
• o Establishing or defending our legal rights
• o Protecting your vital interests or those of others
• Virtual Assets Regulatory Authority: We are required to share your information with the Virtual Assets Regulatory Authority in Dubai upon request, regardless of where the data is stored.
• With Your Consent: We may also disclose your information to others if you consent to it.
  

7.3 Legal Basis for processing your personal information

Our basis for collecting and using your personal information depends on the specific data and context.

Generally, we collect personal information when we have your consent, need it to fulfill a contract with you, or when our processing aligns with our legitimate interests and does not override your rights. We may also have a legal obligation to collect certain information to protect vital interests.

If we request your personal information for legal compliance or contract performance, we will inform you whether it is mandatory and the consequences of not providing it.

When we rely on legitimate interests, we will clarify those interests at the time of collection.

For questions about the lawful basis for our data collection and use, please contact the Compliance Team.

7.4 Reasons for using your personal information

Serving You as a Client

We collect personal information to onboard you, deliver products and services, provide access to our trading platform, and respond to your queries. The lawful basis for this is contract performance and legitimate interest.

Administration of Our Business

We use your information for stress testing systems, reviewing services, conducting audits, collecting debts, and testing new products. The lawful basis includes contract performance, legal obligations, and legitimate interest.

Financial Crime Prevention

We comply with laws and regulations, respond to complaints, and detect, investigate, and prevent financial crime. The lawful basis is legal obligation, legitimate interest, and safeguarding public interest.

Marketing

We engage in marketing activities and provide guidance on our products and services. The lawful basis for this is our legitimate interest in understanding clients better, developing new products, and exploring new market segments.

7.5 How KRYPTO BROKER INVEST protects personal information

We implement appropriate technical and organizational measures to safeguard the personal information we collect and process. These measures are designed to ensure a security level that corresponds to the risks involved. Specifically, we:

• Store personal information in secure facilities and, when electronic, on secure servers.
  
• Use encrypted transmission links.
  
• Employ safeguards like firewalls, authentication systems (e.g., passwords), and access controls to prevent unauthorized access.
  
• Regularly review our data collection, storage, and processing practices, including physical security measures, to protect against unauthorized access.
  
• Limit access to personal information to employees, contractors, and agents who need it for processing and who are bound by strict confidentiality agreements
  

8. DATA STORAGE

Your personal information will be retained for 8 years per the Compliance and Risk Management Rulebook, unless longer retention is legally required. We will not keep your personal information beyond this period, which will be reviewed periodically. Anonymized data may be retained indefinitely if we have a legitimate and lawful interest in doing so.

9. COOKIES

Some cookies set by KRYPTO BROKER INVEST are essential for the website's functionality, enabling features like online chat, trading applications, and fund deposits. Performance cookies enhance user experience and improve content presentation. Marketing cookies, often from third-party networks, help deliver targeted ads relevant to your interests. If you prefer not to receive non-essential cookies, you can manage your preferences at WEBSITE/cookies.

10. YOUR RIGHTS

Individuals have certain rights under data protection law, including the right to access, rectify, withdraw consent, erase, restrict, transport, and object to the processing of their personal information. They can also lodge a complaint with the relevant authority if they believe their data is not being processed lawfully.

Here’s a summary of your rights:

• Right to Access: You can obtain a copy of your personal information held by us.
  
• Right to Rectification: You may request corrections to inaccurate or incomplete personal information.
  
• Right to Data Portability: You can request a copy of your personal information for transfer to another controller of your choice.
  
• Right to Opt-Out: You can unsubscribe from marketing communications using the "unsubscribe" link in our emails.
  
• Right to Withdraw Consent: You may withdraw consent for processing at any time, though this may limit access to certain services.
  
• Right to Object: You can request that we stop processing your personal information, but this may affect service features.
  
• Right to Erasure: You can request the deletion of your personal information unless we have a lawful reason to retain it.
  
• Right to Lodge a Complaint: You can contact us with any questions or complaints, but you also have the right to reach out directly to the supervisory authority.
  

To exercise any of these rights, please contact your manager.