Stobox Technologies Inc.

Privacy Notice

Last revised: October 29 2020
Stobox Technologies Inc.(hereinafter - "Company", "we', "us", "our") is the data controller for the purpose of the General Data Protection Regulation (EU) 2016/679 (hereinafter – "GDPR"). This Privacy Notice together with our Terms of Use (https://www.stobox.io/terms_of_use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us for the purposes of provision of our services to you through our website and/or other applicable software, including but not limited to: the Digital Securities Dashboard (hereinafter – the "DS Dashboard"). The website can be accessed via the following link: https://www.stobox.io/ (hereinafter – the "Website").

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our Website, you are accepting and consenting to the practices described in this Privacy Notice.

We take the protection of our user's ("user/you/your") personal data very seriously and strictly comply with applicable data protection laws and regulations. In this Privacy Notice below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of such data.

1. Purpose and Legal Basis of Processing Data; Legitimate Interests
1.1. Legal basis for collection and processing of your personal data
Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of Personal Data, on the free movement of such data ("General Data Protection Regulation", GDPR). We will only collect, use and/or pass on Personal Data if this is permitted by law or if the user consents to the data processing.
1.2. Your data will be used for the following purposes:
1.2.1. to implement this Privacy Notice and carry out the contractual relationships between you and us regarding our services available via the Website and/or our other software, including the DS Dashboard (Art. 6 (1) b. of GDPR);
1.2.2. to provide our services on the Website, to contact you in any matters regarding our services (also by means of emails and messaging) and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations (Art. 6 (1) b. of GDPR);
1.2.3. to prevent fraudulent behavior by any of our users (Art. 6 (1) b. and f. of GDPR);
1.2.4. to analyze your use of our services and improve our services (Art. 6 (1) b. and f. of GDPR);
1.2.5. with your express consent or instruction to carry out our business activities or send you newsletters and other advertising materials (Art. 6 Para. (1) a. of GDPR);
1.2.6. to follow our internal policies and protect our legitimate interests (Art. 6 (1) a., b. or f. GDPR or Art. 9 (2) a. of GDPR);
1.2.7. to save your blockchain data (e.g. your Ethereum wallet address) on the distributed ledger (on Art. 6 (1) f. of GDPR);
1.2.8. to comply with our legal obligations before third parties involved in the process of performance of our services (Art. 6 (1) c. GDPR);
1.2.9. to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
1.2.10. to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
1.2.11. to notify you about changes to our services;
1.2.12. to ensure that content from our Website is presented in the most effective manner for you and for your device.
1.2.13. for other purposes otherwise explained in this Privacy Notice or by any further communication from us;

2. Your Consent
We can collect and process your data with your consent. By clicking "I Agree" button on any of our resources or using our Website, or other of our services you confirm that you fully agree with this Privacy Notice and provide explicit and full consent to us for collection and processing of your personal data.

3. Recipient(s) of Your Data
We, as well as our external service providers, receive your data for the purpose of provision of our services. We may need to share your information with our external service providers, affiliates and/or agents.
We require that third party organizations who handle or obtain personal information as service providers acknowledge its confidentiality and undertake to respect an individual's right to privacy and comply with data protection principles including this Privacy Notice.

4. Information We May Collect From You
4.1. We may collect and process the following data about you:
4.1.1. your name;
4.1.2. physical address;
4.1.3. e-mail address and phone number;
4.1.4. credit card information, Ethereum wallet address, other financial information applicable for provision of our services;
4.1.5. date of birth;
4.1.6. gender and nationality.

In order to obtain the above-mentioned information we may either ask it from you during your filling of any forms (e.g. registration forms) to access our services. Or, we may ask you to provide us with copies of respective documents by phone, e-mail or otherwise. Such documents include but not limited to:
- passport;
- driver license;
- transaction history;
- certificates.

4.2. Stobox may also gather data about you:
- When you engage with us on social media;
- When you enter prize draws or competitions;
- When you book any kind of appointment with us or book to attend an event;
- When you choose to complete any surveys we send you;
- When you comment on or review our products and services;
- When you've given a third party permission to share with us the information they hold about you;
- When Stobox suppliers and partners share information with us.

4.3. We may collect your data from publicly-available sources when you have given your consent to share information or where the information is made public as a matter of law in relation towards KYC and AML regulation.

4.4. We may collect notes from our conversations with you, details of any complaints or comments you make, details of investments you made and how and when you contact us.

4.5. With regard to each of your visits to our Website we may automatically collect the following information:
4.5.1. technical information, including the internet protocol (IP) address used to connect your computer to the internet;
4.5.2. browser type and version;
4.5.3. time zone setting;
4.5.4. browser plug-in types and versions;
4.5.5. operating system and platform.
4.5.6. information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our Website (including date and time);
4.5.7. products you viewed or searched for;
4.5.8. page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs);
4.5.9. methods used to browse away from the page and any phone number used to call our customer service number.

4.6. Information we receive from other sources.
We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

5. Your Rights
5.1. You have the right to:
5.1.1. withdraw your consent relating to the use of your data any time with effect for the future when such data processing is based on your consent*;
5.1.2. object to the processing of your personal data, if your personal data is processed on the basis of legitimate interests (based on Art. 6 (1) f. GDPR);
5.1.3. access the scope of data stored by us;
5.1.4. amend or rectify your data if such data is incorrect or outdated;
5.1.5. request the restriction of processing of your personal data;
5.1.6. request the erasure of your data**;
5.1.7. receive information about the stored data (in a structured, current and machine-readable format) at any time.
* Please note that if you become our Investor as described in the DS Dashboard Terms of Use (https://www.stobox.io/terms_of_use) and at any point will decide not to use our services and/or products we are legally obliged to nevertheless store your data related to you as our investor for the purposes of maintenance of shareholder list.
** Please note, that your blockchain data stored on a distributed ledger is pseudonymized and in any case cannot be deleted by us due to the consequences for the integrity of the entire chain, specifically, due to deletion of such chain containing transactions validation history of other users.

5.2. To enforce your above mentioned rights, you may reach us through email put at the end of this document.

6. Period for Storing Your Data; Deletion of Your Data
The data that we collect from you will be stored and processed for the period of time necessary to provide you our services and will be deleted after there will be no need in its storage and processing. Please note that when using our Website and/or any of our available services certain information and data about the user will be stored on the blockchain in pseudonymized form and may not be deleted.

7. Disclosure of Your Data

7.1. We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries as well as the above-mentioned third party services providers. We provide only the information they need to perform their specific services. They may only use your data for the exact purposes we specify in our contract with them. We work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
7.2. We may share your data with selected third parties including:
- business partners, suppliers and subcontractors for the performance of any contract we enter into with them to render you our services;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you;
- analytics and search engine providers that assist us in the improvement and optimization of our Website;
- credit reference agencies for the purpose of assessing your credit score where this is a condition for us entering into any agreement with you regarding our services;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements between you and us, or to protect our or our customer's rights, property, or safety. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- we may, from time to time, expand, reduce or sell the Company and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

8. Use of the Blockchain
When using our services, including DS Dashboard, certain information and data about the user will be stored on the blockchain in pseudonymized form and may not be deleted because it is not possible without deleting the entire chain.Such data stored on the blockchain will only be in pseudonymized form, including address (public key) of the user of the relevant services, a flag that the user is verified, a flag stating that the user is a sophisticated investor, a flag that the user has verified their bank account.In this event and if such data is considered to be a Personal Data, the data processing by us is subject to Art. 6 (1) f. of GDPR based on our legitimate interest in using and providing this technology for our services in a functioning way.

9. Sharing Your Data With Authorities

9.1. We will only do this in very specific circumstances, for example:
- for fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- we may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.

10. Cookies
10.1. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree to accept them. Cookies contain information that is transferred to your device's hard drive. Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. By continuing to browse the Website.
10.2. We use the following cookies:
- strictly necessary cookies – which are required for the operation of our Website, including, cookies that enable you to log into secure areas of our Website;
- analytical/performance cookies – which allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for in the possible easiest way;
- functionality cookies – which are used to recognize you when you return to our Website, enabling us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region);
- targeting cookies – which record your visit to our Website, the pages you have visited and the links you have followed. We use this information to make our Website more relevant to your interests. We may also share this information with third parties for this purpose.
10.3. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
10.4. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

11. Access to Information on Your Data
GDPR gives you the right to information held about you and information can be accessed in accordance with GDPR by emailing [email protected]

12. Changes to Our Privacy Notice

Any changes we may make to our Privacy Notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Notice.

13. Contacts

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to [email protected]