COINZOOM PRIVACY POLICY

FACTS

WHAT DOES COINZOOM, INC., AND COINZOOM SECURITIES, LLC ("COINZOOM") DO WITH YOUR PERSONAL INFORMATION?

Why?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?	The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and transaction history Account balances and income Payment history and credit history
How?	All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons CoinZoom chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information	Does CoinZoom share?	Can you limit this sharing?
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus	Yes	No
For our marketing purposes – to offer our products and services to you	Yes	No
For joint marketing with other financial companies	Yes	No
For our affiliates' everyday business purposes – information about your transactions and experiences	Yes	No
For our affiliates' everyday business purposes – information about your creditworthiness	Yes	Yes
For our affiliates to market to you	Yes	Yes
For nonaffiliates to market to you	No	N/A

To limit our sharing	Visit us online at https://www.coinzoom.com/en/support Please note: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
Questions?	Visit us onlline at https://www.coinzoom.com/en/support

Who we are
Who is providing this notice?	CoinZoom is providing this privacy policy and it applies to all products and services offered to its customers in the United States.

What we do
How does CoinZoom protect my personal information?	To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does CoinZoom collect my personal information?	We collect your personal information, for example, when you Open an account Give us your income information Tell us where to send the money Provide account information Provide employment information We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can't I limit all sharing?	Federal law gives you the right to limit only Sharing for affiliates' everyday business purposes – information about your creditworthiness Affiliates from using your information to market to you Sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing. See below for more information on your rights under state laws.
What happens when I limit sharing for an account I hold jointly with someone else?	Your choices will apply to everyone on your account.

Definitions
Affiliates	Companies related by common ownership or control. They can be financial and nonfinancial companies. CoinZoom Europe SIA, CoinZoom Australia PTY LTD, and CoinZoom Global LTD are affiliates of CoinZoom.
Nonaffiliates	Companies not related by common ownership or control. They can be financial and nonfinancial companies. Nonaffiliates include service providers and payment and transaction processors.
Joint marketing	A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Our joint marketing partners can include institutions such as consumer lenders or marketers.
Other important information
FOR CALIFORNIA RESIDENTS: We will not share information we collect about you with nonaffiliated third parties, except as permitted by California law, such as to process your transactions or to maintain your account. We will limit all other sharing of the information we collect about you to the extent required by California law. FOR VERMONT RESIDENTS: We will not disclose information about your creditworthiness to our affiliates and we will not disclose your personal information, financial information, or credit report information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. FOR NEVADA RESIDENTS: We are providing this notice to you pursuant to Nevada law. If you prefer not to receive marketing calls from us, you may be placed on our internal Do Not Call List by visiting us onlline at https://www.coinzoom.com/en/support or writing to us at [email protected]. For more information, contact us at [email protected]. Nevada law requires that we inform you that you may also contact the Attorney General of Nevada at the following address: Office of the Nevada Attorney General, Bureau of Consumer Protection, 100 N. Carson Street, Carson City, NV 89703, telephone number (702) 486-3132, email [email protected] State laws may also provide you with specific privacy protections. We will comply with applicable state laws with respect to our use of your information.

I. Overview

CoinZoom, Inc., and each of its affiliates and subsidiaries (collectively, "CoinZoom," "we," "us," "our") respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. This Privacy Notice explains our practices with respect to personal data we collect and process about you. This includes information we collect through, or in association with, our website with home pages located at www.coinzoom.com/en/ (the "Site"), or otherwise through your interactions with us (the website, products, applications, services, and social media pages, collectively, the "Services"), or in relation to our recruitment practices ("Recruitment").

If you are accessing the Site from the United States, CoinZoom, Inc., located at 4640 S Holladay Village Plaza, Suite 206, Salt Lake City, UT 84117, is the data controller of the personal data collected, and is responsible for the processing of your personal data.

If you are accessing the Site from the European Economic Area ("EEA"), CoinZoom Europe Limited, located at 22 Northumberland Road, Dublin 4, D04 ED73, Ireland, is the data controller of the personal data collected of all individuals located in the EEA, and is responsible for the processing of your personal data.

If you have any questions about this Privacy Notice or how we handle your personal data, please contact us as [email protected].

Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, or through our Recruitment process, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.

II. Personal Data We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal data" or "personal information"). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.

Some of the personal information we collect, including biometric information, may be considered sensitive data under certain laws. If required under applicable law, we will collect and process sensitive personal data only with your consent. If you choose not to provide or allow us to collect some information, we may not be able to provide you with requested features, services, or information.

a. How We Use Your Personal Data

Within the last twelve (12) months, we have collected and processed your personal data for the following business and commercial purposes:

1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing, or fulfilling transactions, verifying your information, and processing payments.
2. Communicating with you by email, mail, telephone, and other methods of communication, about products, services, and information tailored to your requests or inquiries.
3. Payment/financial information, including information for anti-money laundering ("AML") and know-your-client ("KYC") compliance purposes.
4. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
6. Debugging to identify and repair errors that impair existing intended functionality.
7. Undertaking activities to verify or maintain the quality or safety of the services and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
8. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
9. Enforcing our Terms and Conditions and other usage policies.
10. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
11. Processing personal data for Recruitment and employment purposes, including evaluating applications, conducting interviews and assessments, making hiring decisions, maintaining employment records, administering payroll and benefits, managing performance, and complying with applicable employment laws and regulations.

We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.

b. How We Obtain Your Personal Data and the Categories of Personal Data We Collect

We collect your personal data from the following categories of sources:

· Directly from you. When you register for an account and use the Services, or when you engage in our Recruitment process, we have collected the following information directly from you in the last twelve (12) months:

1. Identifiers

• Contact Information: your name, phone number, email address, and physical address.
• Residence Verification Information: your utility bill details or other similar information.
• Business Contact Information: name, job title, department, business email address, and business telephone number.
• Communication Information: when you contact us or respond to our communications (e.g., by email, telephone, or other correspondence), including personal data contained in emails sent to/from members of staff and clients/customers and other third parties.

2. Personal Information Categories listed in the California Customer Records Statute

• Identity Verification Information: your date of birth, marital status, tax identification number and images of your government issued identification.

3. Protected Classifications

• Recruitment: We may collect certain information about you as a part of our onboarding process, such as your age and gender.

4. Commercial Information

• Financial Information: your banking account information, current or expected remuneration, and brokerage account information.
• Account Information: your username, password, information that is generated by your account activity, including, but not limited to, purchases and redemptions, deposits, withdrawals, and account balances.

5. Professional or Employment-Related Information

• Organizational Information: institutional clients may also provide information pertaining to the legal incorporation, business licenses and identification information of beneficial owners, principals, and executive management.
• Performance Information: records related to performance appraisals (including ratings, goals, and objectives), history of compensation, applications for promotions and their outcomes, performance improvement plans, and associated correspondence.

6. Internet Activity

• Device and Browser Information: device and browsing information from your computer, tablets, and mobile phones.

7. Sensory Data

• Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information: records of telephone calls and email communications, data regarding entry to and exit from our premises (including access logs and visitor records), and footage from CCTV systems at our locations.

8. Education Information

• General HR Information: employment contract and any amendments, details of salary and benefits, expense claims, records of leave (such as annual or family leave), documents related to grievances or disciplinary matters, requests for flexible working arrangements, documentation concerning termination of employment, and records relating to actual or potential claims.
• Application Information: information you provide in your application form or CV, such as employment history, education, qualifications, skills, and references.
• Assessment Information: results from any assessments, tests, or exercises you complete as part of the recruitment process.
• Interview Information: notes and feedback generated by interviewers or assessors during and after interviews or assessment activities.

9. Sensitive Information or Special Categories of Information

• Government Issued Identification: we may collect your social security information, driver's license, state identification card, or passport number for onboarding you as a customer or employee.
• Health Data: If you are onboarding as an employee, we may collect your health data.
• Biometric Information: Although CoinZoom does not directly collect or store your biometric data, when you submit a copy of your government ID and a "selfie" photograph to CoinZoom, CoinZoom's vendors may collect and store your facial geometry or other biometric data for the purpose of verifying your identity in connection with CoinZoom's obligations under Know-Your-Customer, Anti-Money Laundering and Counter Terrorist Finance laws and rules.

· Automatically or indirectly from you. We also may collect certain information from you when you access the Site or use our Services, such as through:

1. Logging and Analytics tools, such as Google Analytics.
2. Cookies, pixels, and similar technologies.
3. Computer or Mobile Device Information, including IP address, operating system, browser type (collectively, "Technical Information").
4. Website Usage Information.

· Third Parties Such as Advertising Networks. For example, ad networks (such as Google) to serve advertisements across the Internet. These advertisers use cookies, pixel tags, and other tracking technologies to collect information about your online activity and provide online behavioral advertising.

· Third Parties Such as Social Networks. For example, from social media networks (such as LinkedIn), including if you contact us for customer service support through our social media pages.

· Third Parties Such as Data Analytics Providers. For example, through technology and analytics providers (such as Google Analytics). These providers use cookies, pixel tags, and other tracking technologies to collect information about your online activity to allow us to personalize your online experience, including sending you messages about the products and services we offer.

· From our Public Databases and Service Providers. We also may collect certain information about you from our business partners and identification verification partners in order to comply with legal requirements relating to our:

1. Anti-fraud, anti-money laundering ("AML"), counter-financing-of-terrorism, and know-your-customer ("KYC") obligations.
2. Public employment profile.
3. Criminal history.
4. Credit history.
5. Other information to help validate your identity.

When we require certain personal data from you, it is because we are required by applicable law to collect this information or it is relevant for specified purposes. We may not be able to serve you as effectively or offer you all of our services if you elect not to provide certain types of information.

c. How We Share Your Personal Data

In the past 12 months, we have disclosed the following categories of personal data for a business purpose with the following categories of third parties:

• Our Service Providers.
• Third Parties such as Advertising Networks, Social Networks and Data Analytics Providers.
• Our affiliated entities.
• Our partners or prospective partners in order to provide us and/or our affiliates and partners with information about the use of the Services and levels of engagement with the Services, to allow us to enter into new business relationships, and to allow us to market products or services on their behalf.

Finally, we may also share personal data with government entities, agencies or regulators when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, health, or safety, and/or that of our users, visitors and others.

d. Legal Bases for Processing in the EEA

If you are based in the EEA, use of personal data under European Union ("EU") data protection laws must be justified under one of a number of legal bases and we are required to set out the grounds in respect of each use in this Privacy Notice. Most commonly, we will use your personal data under the following circumstances:

1. Your Consent. We may process personal data where you have specifically and unequivocally consented to our use of your information.
2. Performance of a Contract. We may process personal data to take steps at your request before entering into, or perform our obligations under, a contract between us.
3. Compliance with Legal and Regulatory Obligations. We may process personal data to comply with the law and our legal and regulatory obligations.
4. Legitimate Interests. We may process personal data for our legitimate interests, or those of a third party, and these interests outweigh any prejudice to your data protection rights.

We may also use "special categories" of personal data, which include personal data that may reveal racial/ethnic origin, religion/belief, health, sexual orientation, political affiliation, trade union membership and criminal convictions. In addition to the legal basis used to process your personal data as set out, the principal legal bases that justify our use of your special categories of personal data:

1. Legal Claims: Where your information is necessary for us to establish, defend, prosecute, or make a claim against you, us or a third party.
2. Substantial Public interest: Processing is necessary for reasons of substantial public interest, on the basis of EU or local law, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests.
3. Explicit Consent: You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent by contacting us. If you do so, we may be unable to provide a service that requires the use of such data.

We have set out below, in a table format, a description of ways we use and share your personal data, and which of the legal bases we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.

Site and Services
Purpose/Activity	Types of Personal Data	Lawful Basis
To administer our services and conduct our business. To develop our products and services. To evaluate new products and services. To improve our service quality (including by performing statistical analysis and reporting on transactions and site usage and for financial reporting, management reporting, audit and record keeping purposes.	(a) Identity Verification Information (b) Contact Information (c) Financial Information	(a) Performance of a Contract (b) Compliance with Legal Obligation (c) Legitimate Interests (such as to enable us to perform our obligations to you).
To manage our risk we may use your personal data in managing the risk of our client base, including for assessing and processing applications, instructions or requests from you, maintaining credit and risk related models, managing our infrastructure and business operations and complying with internal policies and procedures and monitoring the use of our products and services.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information (f) Location Information (g) Organizational Information (h) Special Categories of Information	(a) Performance of a Contract (b) Compliance with Legal Obligation (c) Legitimate Interests (to manage the risk of our client base and to ensure you fall within our acceptable risk profile). (d) Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent
· To receive services from our vendors and conduct our business. · To receive services, including to carry out our obligations arising from any agreements entered into between our vendors and us, which may include passing your data to third parties such as agents or contractors or to our advisors (e.g., legal, financial, business, or other advisors). This includes vendors that provide ID verification and sanctions tools, which we use to help verify your identity and comply with our legal obligations, such as anti-money laundering laws. ID verification partners use a combination of government records and publicly available information to verify identity. This also includes the financial institutions with which we partner to process payments you have authorized. Our contracts require these vendors to only use your information in connection with the services they perform for us and prohibit them from selling your information to anyone else.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information (f) Organizational Information (g) Geolocation Information (h) Special Categories of Information	(a) Performance of a Contract (b) Compliance with Legal Obligation (c) Legitimate Interests (to enable us to perform our obligations and receive services from vendors) (d) Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent
· To verify your identity for the purposes of providing facilities, products or services, including conducting screenings or due diligence checks as may be required under applicable law, regulation, directive or our Terms and Conditions.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information (f) Organizational Information (g) Location Information (h) Special Categories of Information (i) Biometric Information	(a) Performance of a Contract (b) Compliance with Legal Obligation (c) Legitimate Interests (to enable us to manage client risk) (d) Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent
· In relation to fraud prevention, we and other organizations may also access and use certain information to prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided or fraud is identified or suspected, details may be passed to law enforcement and fraud prevention agencies and may be recorded by us or by them. · In addition, we may share information with the financial institutions with which we partner to process payments you have authorized. CoinZoom Inc., may also share information with other financial institutions pursuant to Section 314(b) of the U.S. Patriot Act.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information (f) Organizational Information (g) Location Information (h) Special Categories of Information	(a) Compliance with Legal Obligation (b) Legitimate Interests (to ensure that your organization falls within our acceptable risk profile and to assist with the prevention of crime and fraud) (c) Where this includes Special Categories of Information, we will usually rely on Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent
· To reorganize or make changes to our business in the event that we are: I. subject to negotiations for the sale of our business or part thereof to a third party; II. sold to a third party; or III. undergo a reorganization, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transferred to that reorganized entity or third party and used for the same purposes as set out in this policy or for the purpose of analyzing any proposed sale or reorganization.	(a) Contact Information (b) Financial Information (c) Account Information	(a) Legitimate Interests (in order to allow us to change our business)
· In connection with legal or regulatory obligations, law enforcement, regulators and the court service, we may share your information with law enforcement, regulatory authorities, tax authorities (including the US Internal Revenue Service pursuant to the Foreign Account Tax Compliance Act, to the extent this applies), self-regulatory organizations (such as those that operate virtual currency derivative exchanges) and officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms and Conditions or any other applicable policies. · We may also use your personal data to otherwise comply with all applicable laws, regulations, rules, directives, and orders.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information (f) Organizational Information (g) Location Information (h) Special Categories of Information	(a) Compliance with Legal Obligations (b) Legal Claims (c) Legitimate Interests (to cooperate with law enforcement and regulatory authorities) (d) Where this includes Special Categories of Information, we will usually rely on Legal Claims, Substantial Public Interests (processing for the prevention and detection of fraud/crime), or very rarely where necessary, Explicit Consent
· In order to communicate with you we may use your personal data to communicate with you, including providing you with updates on changes to products, services and banking facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and banking facilities and their terms and conditions.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information	(a) Performance of a Contract (b) Legitimate Interests (to enable us to perform our obligations and receive services to you)
· In connection with disputes, we may use your personal data to address or investigate any complaints, claims or disputes and to enforce obligations owed to us.	(a) Identity Verification Information (b) Contact Information (c) Financial Information (d) Account Information (e) Communication Information	(a) Legal Claims (b) Performance of a Contract (c) Legitimate Interests (to enforce our rights under our agreements with you) (d) Where this includes Special Categories of Information, we will usually rely on Legal Claims, or very rarely where necessary, Explicit Consent
· For advertising, subject to applicable laws and regulations, we may use your personal data to inform our advertising and marketing strategy and to tailor our messaging to your needs. Where required by law, we will ask for your consent at the time we collect your data to conduct such marketing. An opt-out mechanism will be provided to you in each communication to enable you to exercise your right to opt out of any direct marketing. We never sell your information. You may withdraw this consent/opt-out at any time without affecting the lawfulness of processing based on your prior consent.	(a) Contact Information (b) Communication Information	(a) Consent (b) Legitimate Interests (to keep you updated with news in relation to our products and services)
Recruitment - Candidates
Purpose/Activity	Types of Personal Data	Lawful Basis
· For administration purposes during the recruitment process.	(a) Contact Information (b) Communication Information (c) Identity Verification Information (d) Application Information	(a) Legitimate Interests (in contacting candidates during the recruitment process and to take steps prior to entering and to enter into a contract with candidates).
· To assess candidate's suitability for the role and to keep records relating to our recruitment process.	(a) Contact Information (b) Communication Information (c) Identity Verification Information (d) Application Information (e) Assessment Information (f) Interview Information	(a) Legitimate Interests (in making recruitment decisions and maintaining standards of integrity and excellence in our workforce).
· To assess a candidate's application and make recruitment decisions, and to keep records relating to our recruitment process.	(a) Contact Information (b) Communication Information (c) Identity Verification Information (d) Application Information (e) Assessment Information (f) Interview Information	(a) Legitimate Interests (in making and justifying recruitment decisions and maintaining standards of integrity and excellence in our workforce).
· To make decisions about the financial package on offer.	(a) Financial Information (b) Application Information (c) Assessment Information (d) Interview Information	(a) Legitimate Interests (in ensuring appropriate and attractive financial packages are offered to candidates).
Recruitment - Staff
Purpose/Activity	Types of Personal Data	Lawful Basis
· To make recruitment decisions and to verify details provided during recruitment process.	(a) Contact Information (b) Communication Information (c) Identity Verification Information (d) Residence Verification Information (e) Application Information (f) Assessment Information (g) Interview Information	(a) Compliance with Legal Obligation. (b) Legitimate Interests (in making recruitment decisions and maintaining standards of integrity and excellence in our workforce).
· To comply with immigration requirements, for security purposes to allow access to buildings and systems.	(a) Identity Verification Information (b) Residence Verification Information	(a) Performance of a Contract (b) Compliance with Legal Obligation
· To communicate with our staff or contact them when they are not in the office.	(a) Contact Information (b) Communication Information	(a) Performance of a Contract
· Necessary for certain staff benefits e.g., medical insurance, life assurance.	(a) Contact Information (b) Identity Verification Information (c) Residence Verification Information	(a) Performance of a Contract
· Necessary for conducting business.	(a) Business Contact Information	(a) Performance of a Contract
· So that we know who to contact in an emergency.	(a) Emergency Contact Information	(a) Performance of a Contract
· To pay staff, provide benefits and comply with our obligations to regulators.	(a) Contact Information (b) Identity Verification Information (c) Residence Verification Information (d) Financial Information	(a) Performance of a Contract (b) Compliance with Legal Obligation
· For business and administration purposes relating to individuals.	(a) General HR Information	(a) Performance of a Contract (b) Compliance with Legal Obligation (c) Legitimate Interests (in managing our records, verifying details, retaining such information as evidence in the event of any query or dispute and being able to provide references)
· To monitor and evaluate staff performance and assist with decisions regarding salary increase, incentive awards and promotions.	(a) Performance Information	(a) Legitimate Interests (in monitoring and evaluating the performance of our staff to assist with decisions we make)
· For security and risk management purposes.	(a) Monitoring and Security Information	(a) Compliance with Legal Obligation (b) Legitimate Interests (in preventing and detecting crime or other misconduct and in maintaining security and managing risk).
· To ensure devices are being used in accordance with business needs and not for any inappropriate purpose	(a) Monitoring and Security Information (b) Device and Browser Information (c) Technical Information	(a) Legitimate Interests (in safeguarding our business from improper use of IT systems and assets, such as unauthorized access to or misuse of confidential information).
· Necessary for day-to-day conduct of business and in connection with the duties of our staff processed on our IT systems.	(a) Communication Information	(a) Compliance with Legal Obligation (b) Legitimate Interests (in preventing and detecting crime or other misconduct and in maintaining security and managing risk).

e. Automated Decision-Making

Our operation of the CoinZoom platforms relies on automated decision-making as part of our application process, alongside that received from credit referencing agencies and fraud prevention agencies. We also perform automated screening as required by KYC, economic sanctions, anti-terrorist financing, and AML laws.

We may use criteria such as your Identity Verification Information (e.g., your name, tax id number or date of birth) to validate your identity against public records on an automated basis or without human/manual intervention.

We do this on the basis that it is necessary for us to enter into a contract with you. If you fail to meet these criteria, your application to use the CoinZoom platform will be rejected. You may also request that we provide information about our methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify (or request the relevant third party to verify) that the algorithm and source data are functioning as anticipated without error or bias.

f. Marketing

We may use your personal data, including your Identity Verification Information, Contact Information, Account Information, Website Usage Information, Cookies, and Location Information, to provide you with marketing communications about our products and Services.

• For individuals in the EEA: We will only send you marketing communications where you have given your explicit, prior consent (opt-in). You may withdraw this consent at any time.
• For individuals outside the EEA (e.g., United States): We may rely on our legitimate interest to send you marketing communications about our products and Services. You may object to such communications at any time by clicking the unsubscribe link in any email, adjusting your account preferences, or by contacting us.
• Transactional and service-related communications: Even if you opt out of marketing communications, we may still send you necessary account, order, or service notifications.

We do not sell your personal data to any third parties. In addition, we do not permit third parties to send marketing or promotional emails to you on our behalf, nor do we authorize third-party vendors to use your personal data for their own marketing purposes.

You have the right to object at any time to our processing of your personal data for direct marketing. Exercising this right will not affect the delivery of necessary service-related communications.

g. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us below.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Notice, where this is required or permitted by law.

We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. Those supplemental notices should be read together with this Privacy Notice.

III. Your Rights Regarding Your Personal Data

You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us, or by following instructions provided in this Privacy Notice or in communications sent to you.

a. Your European Union Privacy Rights

EU privacy law provides individuals based on the EEA with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:

• The right to object at any time to your personal data being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests.
• The right not to be subject to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
• The right to require us to restrict processing of your personal data in certain circumstances, e.g., if you contest the accuracy of the data;
• In certain circumstances, the right to data portability, which means that you have the right to receive the personal data you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party; and
• In certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain personal data we process about you.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

In the unlikely event of a data breach affecting your personal information, we will notify you and any relevant authorities where legally required.

Note that we may need to request additional information from you to validate your request. For individuals located in EEA to exercise any of the rights above, you can contact our EU establishment, CoinZoom Europe Limited, located at 22 Northumberland Road, Dublin 4, D04 ED73, Ireland and via email at [email protected].

If we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the EEA country in which you are based. A list of the data protection regulators and their contact details can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

b. Your California Privacy Rights

California's "Shine the Light" law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, and may be sent to us via email at [email protected], and are free of charge. However, we do not disclose personal data protected under the "Shine the Light" law to third parties for their own direct marketing purposes.

California Notice of Collection and Use of Personal Data

This California Notice at Collection applies solely to visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopted this California Notice to comply with California privacy laws, including the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"). Any terms defined in the CCPA and not defined here have the same meaning when used in this California Notice.

Disclosing of Personal Information

In the past 12 months, we have disclosed the following categories of personal data for a business purpose with the following categories of third parties:

• Category 1 (Identifiers): Our Service Providers and Government Entities.
• Category 2 (Commercial Information): Our Service Providers and Government Entities.
• Category 3 (Protected Classifications): Our Service Providers.
• Category 4 (Commercial Information): Our Service Providers.
• Category 5 (Professional or Employment Information): Our Service Providers and Government Entities.
• Category 6 (Internet Activity): Our Service Providers, Third Parties and Government Entities.
• Category 7 (Sensory Data): Our Service Providers.
• Category 8 (Education Information): Our Service Providers and Government Entities.
• Category 9 (Sensitive Information): Our Service Providers.

Sale or Sharing of Personal Data

We do not Sell or Share your personal data.

Your CCPA Rights

If you are a California resident, you have the following CCPA rights:

1. Right to Know: You have the right to request that we disclose certain information to you about the personal data we collected, used, disclosed, sold, and shared about you in the past 12 months. This includes a request to know any or all of the following:

• The categories of personal data collected about you;
• The categories of sources from which we collected your personal data;
• The categories of personal data that we have sold, shared, or disclosed about you for a business purpose;
• The categories of third parties to whom your personal data was sold, shared, or disclosed for a business purpose and the categories of persons to whom it was disclosed for a business purpose;
• Our business or commercial purpose for collecting, selling, or sharing your personal data; and
• The specific pieces of personal data we have collected about you.

2. Data Portability: You have the right to request a copy of personal data we have collected and maintained about you in the past 12 months.

3. Right to Deletion: You have the right to request that we delete the personal data we collected from you and maintained, subject to certain exceptions.

4. Right to Opt-Out/In: You have the right to opt-out of the Sale or Sharing of your personal data, but we do not Sell or Share of personal data.

5. Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

6. Right to Correct: You have the right to correct inaccurate personal data about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate personal data about you.

7. Right to Restrict or Limit the Use of Sensitive Personal Data: You have the right to restrict the use and disclosure of Sensitive Information to certain purposes related to the offering of goods or services as listed in the CCPA.

Some of our Services, however, may require your personal data. If you choose not to provide your personal data that is necessary to provide any aspect of our products or services, you may not be able to use those products or services.

Submitting a Verified Consumer Request

To exercise your rights, you must provide us with sufficient information to allow us to verify your identity, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Once we receive the information you provide to us, we will review it and determine if more information is necessary to verify your identity as required by law, and we may request additional information in order to do so.

To exercise your California privacy rights described above, please submit a verifiable request to us by:

• Visit us onlline at https://www.coinzoom.com/en/support
• Emailing us at [email protected]

Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal data. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative. We will need to verify your identity with at least two (2) pieces of information, such as name and email address.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.

Consumer Request by an Authorized Agent

If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity's authority to act on your behalf and verify the authorized agent's identity, we require an email be sent to [email protected], along with all of the below items:

• To verify your authorization to request on behalf of a California resident, provide one or more of the following: (1) California Secretary of State authorization, (2) written permission from the California resident, or (3) power of attorney.
• Sufficient information to verify the authorized agent's identity, depending on the nature of the request.
• To verify the identity of the California resident for whom the request is being made, provide the information set forth above for verification of the consumer request.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. We will only use personal data provided in a verifiable consumer request to verify the request's identity or authority to make the request.

We will acknowledge receipt of the request within ten (10) business days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Do Not Track

We use analytics systems and providers and participate in ad networks that process personal data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. Presently, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit www.donottrack.us.

c. Your Nevada Privacy Rights

Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Please note that we do not sell your personal data. Requests may be sent to [email protected] and are free of charge.

4. Protecting Personal Data

We use commercially reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data in accordance with data protection legislative requirements. Those safeguards include: (i) the encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.

However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.

5. Retention of Personal Data

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, regulatory, accounting, or reporting obligations, or our legitimate business interests. When determining the appropriate retention period, we consider factors such as the volume, nature, and sensitivity of the data, the risk of harm from unauthorized use or disclosure, whether the purposes can be achieved by other means, and any applicable legal requirements. Once your information is no longer needed, it will be irreversibly anonymized (and the anonymized information may be retained) or securely destroyed. Generally, we will keep information relevant to our dealings with you as set out below:

a. Use to perform a contract. In relation to your personal data used to perform any contractual obligation to you, we may retain that personal data whilst the contract remains in force plus a further period (depending on jurisdiction and other factors) to deal with any queries or claims thereafter.

b. Copies of evidence obtained in relation to AML checks. In relation to your personal data obtained in relation to AML checks, we may retain that personal data whilst our client relationship remains in force plus a further 5 years to deal with any queries or claims thereafter.

c. Where claims are contemplated. In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that information for as long as that claim could be pursued.

d. Anonymity. ZOOM and other virtual currencies may not be fully anonymous as a result of the public digital ledgers reflecting these currencies. Generally, anyone can view the balance and transaction history of any public wallet address. We, and others who are able to can match your public wallet address to other information about you, and also may be able to identify you from a blockchain transaction. Furthermore, third parties may use data analytics to identify other information about you. Please note that such third parties have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data.

Thereafter, as a general matter, your personal data will be archived and stored to be used and otherwise processed in the event of legal or regulatory requirements, statutes of limitations, disputes, or actions, and will be stored and, if applicable, used and otherwise processed until reasonably after the end of any such requirement, limitation, dispute, or action, including any potential periods of review or appeal. Thereafter, your personal data will be anonymized, deleted, or archived as permitted by applicable law.

6. Other Important Information About Personal Data and the Services and the Recruitment process

a. Processing for Fraud Prevention and Detection Purposes. Before we provide our Services or engage your for Recruitment, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering and to verify your identity.

In order to do so, we may provide information to, obtain information from, and verify information with fraud prevention and debt collection agencies and credit reference agencies (in their role as fraud prevention agents). We will continue to exchange information with such parties while you have a relationship with us.

We, fraud prevention and debt collection agencies and credit reference agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime.

Fraud prevention agencies and credit reference agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behavior to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

As a consequence of processing, if we, or a fraud prevention agency or credit reference agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the Services you have requested, or we may stop providing existing Services to you, or end our Recruitment process with you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and credit reference agencies, and may result in others refusing to provide services, financing, or employment to you.

If you are based in the EEA, whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.

b. Collection of Personal Data from Children. Children under 18 years of age are not permitted to use the Services or engage in the Recruitment process with us, and we do not knowingly collect information from children under the age of 18. By using the Services or engaging in the Recruitment process with us, you represent that you are 18 years of age or older.

c. Third-Party Websites and Services. As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Services and Recruitment process, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. This Privacy Notice does not apply to any third-party services; please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.

d. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services or during the Recruitment process may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

e. Cookies, Web Tracking, and Advertising. We use technologies including cookies, pixel tags, web beacons and other tracking technologies, to personalize and enhance your experience in regard to our Services, to collect data about your visit to our Services, to help diagnose problems with our servers, to administer the Services, to evaluate the effectiveness of our marketing and advertising campaigns, to permit analytics providers to gather information about your visit to the Services, and to gather broad demographic information about our users.

The Digital Advertising Alliance ("DAA"), the Network Advertising Initiative ("NAI"), and Google offer tools and information to provide choices about whether participating third parties can use your information to provide targeted advertising. To opt out of the use of your personal data by such participating third parties for targeted advertising:

For websites, please use the:

• DAA WebChoices tool, available at https://optout.aboutads.info
• NAI Consumer Opt-Out, available at https://optout.networkadvertising.org/ (go to "Manage My Browser's Opt-Outs")
• Google Analytics Opt-Out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout

For mobile apps, please use the:

• DAA AppChoices app, available at https://youradchoices.com/appchoices
• operating system settings on your mobile device to opt out of the use of your mobile advertising ID. Information for many common operating systems is available on the NAI's Mobile Device Opt-Outs page: https://thenai.org/opt-out/mobile-opt-out

7. International Transfers Outside of the European Economic Area

This section applies to individuals located in the EEA. Your personal data will be stored and processed in certain countries outside the EEA that have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions. In countries that have not had these approvals, (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index), we will transfer it subject to the European Commission Standard Contractual Clauses that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

8. Modifications and Updates to this Privacy Notice

This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services or our Recruitment practices. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to this Privacy Notice, such as by posting a notice on the Services or notifying you during the Recruitment process, or sending you an email. Your continued use of the Services or engagement with the Recruitment process following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.

9. Applicability of this Privacy Notice

This Privacy Notice is subject to the Terms and Conditions and any partner or affiliate agreements, as applicable, that govern your use of the Services or participation in our Recruitment process. This Privacy Notice applies regardless of the means used to access or provide information through the Services or during Recruitment.

This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services or Recruitment process. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party's compliance ther ewith.

10. Additional Information and Assistance

If you have any questions or concerns about this Privacy Notice and/or how we process personal data, please contact us at:

[email protected]
CoinZoom, Inc.
4640 S. Holladay Village Plaza, Suite 206
Salt Lake City, Utah 84117

© 2025 CoinZoom - Official - Last updated: 11.11.2025