Privacy Policy

STOCKMVP LIMITED Privacy Policy Version: April 2023 DISCLAIMER This is a live document and should be read by the current and/or prospective Clients of StockMVP Limited and/or those individuals, natural and/or legal persons, which are authorised by StockMVP Limited. The material and information provided herein are protected by copyright as a collective work under copyright laws, owned by StockMVP Limited. Any reproduction, retransmission, republication, or other use of the material herein including, but not limited to, posting, linking, or otherwise modifying its contents is expressly prohibited, unless prior written permission has been granted by StockMVP Limited. StockMVP Limited retains the right to alter and/or amend any of the provisions of this document at its absolute discretion without obtaining the consent of the Client. Except as required by applicable laws and regulations, StockMVP Limited shall not accept any responsibility and/or liability for any damages (direct, indirect, incidental, special, consequential or exemplary) resulting from unlawful and/or inappropriate use of information provided herein. 2 1. INTRODUCTION StockMVP Limited (hereafter the “Company”, “we” or “us”) is a limited liability company incorporated under the laws of the Republic of Cyprus with registration number HE 440681 and having its registered address at 10 Ioanni Kapodistria, 3032 Limassol, Cyprus. The Company has prepared this Privacy Policy which provides overview and explanation as to how we treat the personal information of individuals who are users of our website (https://www.stock- mvp.com/) and/or mobile app and/or our Clients who are using any of our tools, Services and/or applications in any manner, whether online or otherwise. By using our website, mobile app, Services and/or products, you acknowledge and agree that the Company will gather various types of information which can be used to identify you as an individual (hereafter the “personal data”). This Privacy Policy should be read in conjunction with our Terms of Service, available in our website and mobile app, and incorporated herein by reference. For the purposes of this Privacy Policy, the Company is acting as the Data Controller, as it determines the purposes and means of the processing, whereas other entities we collaborate with are acting as Data Processors (i.e. process personal data on behalf of the Controller). This Privacy Policy is in accordance and complies with, among others, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter the “GDPR”), and California Consumer Privacy Act (hereafter the “CCPA”), and any amendments and/or modifications of the aforementioned (hereafter collectively referred to as the “applicable data protection laws”). 2. TYPES OF PERSONAL DATA We may collect, store, process and transfer different types of personal data which can include, among others, the following: • Identity Data includes your full name, date of birth, ID/passport details and gender; • Financial Data includes your bank account and payment card details; • Profile Data includes your username and password, preferences, feedback and survey responses; • Contact Data includes your email address and telephone number; • Usage Data includes information about how you use our website, mobile app, tools and Services; • Technical Data includes your internet protocol (IP) address, login data, browser data, time zone settings and location, operating system data and other information regarding the devices you use to access our website, mobile app and Services; • Marketing and Communications Data includes your marketing and communication preferences. We do not collect special categories of personal data about you such as racial or ethnic origin, political opinions, religious or philosophical beliefs, union memberships, genetic data, biometric data, medical data, data concerning sex life or sexual orientation, and criminal record data. 3. PERSONAL DATA COLLECTION We use different methods to collect data from, and about, you including, without limitation, through: • Direct interactions – We may collect personal data through you by filling in forms, applications and/or by corresponding with us by email or phone. This includes personal data you provide to us when you visit our website, use our mobile app, open an account, subscribe to our Services, request marketing to be sent to you, and enter a competition, promotion or survey; 3 • Third parties and public sources - We may collect personal data about you from various third parties and/or publicly available sources, such as advertising agencies, third party service providers, banks and PSPs, commercial registrars, the press, media and the internet; • Automated technologies - As you interact with our website and/or mobile app, we may automatically collect technical data (as defined above). We collect this data by using cookies, server logs and other similar technologies. 4. PURPOSES OF PERSONAL DATA COLLECTION The main purposes that make it necessary for us to collect and process your personal data include, without limitation, the following: • Compliance with local and international laws and regulations; • Improving the quality of our website, mobile app and Services; • Identifying you as a Client and being able to communicate with you; • Informing you of products and/or services that may be of interest to you; • Research and statistical analysis; • Ensuring our network and information security; • Providing you with transaction and subscription related services; • Initiation of legal claims and preparing our defence in legal procedures. 5. HOW WE USE YOUR PERSONAL DATA We will only use your personal data where we have a lawful basis to do so under the applicable data protection laws. Without limitation, the lawful bases we rely on to use your personal data include: • Consent - you have given us clear unambiguous consent for your personal data to be processed for a specific purpose; • Contract - processing is necessary for the performance of a contract; or to take steps to enter into a contract or to enter into a business relationship with you; • Legal obligation - processing is necessary for us to comply with a legal or regulatory obligation; • Legitimate interests - processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests, rights or freedoms. Your personal data are stored and processed on servers in the United States and Europe. We may also create anonymous data records from your personal data by completely excluding information, such as your name, that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance our Services and improve website and mobile app functionality. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties at our sole discretion. 6. DISCLOSURES AND TRANSFERS OF PERSONAL DATA The Company will only disclose and/or transfer personal data to third parties when it is: • Permitted to do so under the applicable data protection laws; • Legally obliged to do, such as after a request from any governmental, international and/or other regulatory body; • Required in order to protect and enforce the Company’s rights, such as to enforce claims arising from a business relationship. 4 The Company may disclose your personal data with, among others, any of the following parties: • Affiliates and related companies; • Third party service providers, such as banks/PSPs to process your transactions/payments and companies which assist us by offering technological expertise and IT solutions/support; • Supervisory and other regulatory and public authorities, such as criminal prosecution authorities, courts etc.; • External legal/financial/business consultants; • Auditors and accountants; • Marketing and advertising companies; • File storage companies, archiving and/or records management companies, cloud storage companies. The Client acknowledges and agrees that it might be necessary for personal data to be transferred outside of the Client’s country of residence. Your personal data may be transferred to other countries in instances where such transfer is necessary to deliver our Services to you, execute your payment transactions or if the data transfer is required by law. Specifically, our servers are located in the United States and Europe, and our affiliates and third-party service providers operate around the world. This means that when we collect your personal data, we may process it in any of these countries. Although legal requirements vary from country to country, the Company has taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. When we transfer your personal data to any other countries, we will take such technical and organizational measures as are appropriate to safeguard your data in accordance with the applicable data protection laws. These measures are designed to provide a level of security appropriate to the risk of transferring personal data internationally. 7. OPTING IN / OPTING OUT During the account opening process and/or the duration of your business relationship with the Company, you will be presented with the option to opt-in or opt-out of subscribing to, among others, the following additional services: • Marketing services, which provide you with information regarding our Services and/or opportunities that we believe may be relevant to you; • Newsletters; • Email and text messages; • Other electronic communications. If you have initially opted in but no longer wish to receive any of the above-mentioned communications, you may opt-out of receiving them by following the instructions included in each communication or by sending as an email at [email protected]. 8. FAILURE TO PROVIDE PERSONAL DATA OR WITHDRAWING CONSENT If the Company is under an obligation to collect your personal data by applicable laws and regulations and/or needs such data to enter into a business relationship with you and/or provide you with its Services, and you fail to provide that data when requested or you withdraw your consent for the processing of your data after you have given us an initial consent, we may no longer be able to provide you with the products and/or Services we would otherwise provide or would have provided to you. In this case, we may have to terminate and/or suspend a subscription and/or some or all the Services 5 we provide to you. The Company undertakes to inform you promptly in such cases in order to give you the opportunity to decide your desired course of action. 9. SECURITY MEASURES The Company takes all appropriate security measures to ensure that the personal data collected and processed in connection with your visit and use of our website, mobile app and/or our Services is protected against any unauthorized access, misuse, loss and/or destruction. The Company uses electronic security measures, including but not limited to the use of firewalls, personal passwords, encryption and authentication technologies. The Company’s employees and service providers are bound by professional secrecy and must comply with all data protection provisions contained herein. Moreover, access to personal data is restricted to specific Company employees, contractors and third- party service providers on a “need to know” basis who require this access in order to deliver the website, mobile app and the Services to you. It should be noted that personal data transmitted via an open network like the internet cannot be fully protected from third-party access, although we take the best possible precautions to avoid any leakage of information and personal data. Any transmission of data via the internet is at your own risk, although we have in place technical and organizational safeguards to protect your personal data. 10. DATA RETENTION The Company will keep your personal data for as long as we have a business relationship with you, either as an individual client or as the authorized representative/beneficial owner of a legal entity. The Company is required to retain Client’s personal data on record for at least five (5) years, which is calculated after the termination of the business relationship with the Client. The Company shall not be required to delete data stored pursuant to automatic archiving and back-up procedures in its IT systems, where a deletion is not possible or not possible without commercially unreasonable efforts. 11. COOKIES Our website uses cookies for statistical purposes and in order to improve the quality of our Services. Cookies are small files that are placed on your device via your web browser when you visit our website. Information stored includes without limitation your specific preferences when using our website. You can configure your browser not to save any or some cookies on your device. There are different types of cookies, such as session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them). If you do not wish to receive cookies, you may be able to change the settings of your browser to refuse all or some cookies or to have your device notify you each time a cookie is sent to it, thereby giving you the choice to accept it or not. It is strongly recommended that you allow cookies on our website to ensure you have the best possible experience. Disabling any cookies may result in reduced performance of our website and may also impair the quality of the Services that we provide to you. Our mobile app uses local storage to store some key data after a Client login such as ID, tokens, expiry, scope and token type. These are equivalent to a website’s "essential cookies". 12. THIRD PARTY WEBSITES Links may appear on our website, mobile app and/or the Services that are not operated or monitored by us. The Client agrees and acknowledges that third-party websites are not bound by this Privacy 6 Policy and the Company is not responsible for their content. No warranties or representations related to the content of such third-party websites are made. Using links to third-party websites is at your own risk and discretion. When you click on any links redirecting you to a third-party website, we encourage you to read the Privacy Policy of the website you are redirected to. 13. YOUR LEGAL RIGHTS You have certain rights under the applicable data protection laws which include without limitation the following: • Right of access - This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. • Right to request correction - This enables you to have any incomplete and/or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. • Right to withdraw consent – This enables you to withdraw the consent you have given us for processing your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will notify you if this is the case at the time you withdraw your consent. • Right to object to processing – This enables you to object to the processing of your personal data where we are relying on a legitimate interest (or that of a third party) and you want to object to processing as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms. • Right to request restriction of processing - This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy, (b) where our use of the data is unlawful but you do not want us to erase it, (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, and (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. • Right of erasure - This enables you to ask us to delete your personal data where there is no longer a legitimate reason for us to continue processing it. You also have the right to ask us to delete your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to delete your personal data to comply with applicable laws and regulations. However, please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. • Right to be forgotten – This enables you to ask for your personal data to be deleted where the data we hold is no longer needed. We will also take reasonable steps to inform other third-party providers that are processing your personal data for the erasure of the personal data related to you. It is to be noted that this is not an absolute right, as in certain cases freedom of expression and scientific research take precedent over the right to be forgotten. • Right to request transfer of your personal data - This enables you to ask us to transfer to you, or a third party you have chosen, your personal data in a structured, commonly used, machine- readable format. • Right to lodge a complaint – This enables you to lodge a complaint with the relevant data protection authority and/or courts within your jurisdiction if you believe that we have mishandled or abused your personal data in any way. 7 Please note that the Company reserves the right to charge a reasonable fee in cases of repetitious or unreasonable requests. 14. CALIFORNIA CONSUMER PRIVACY ACT For Californian users of our website and/or mobile app, the following are also applicable, complementing all other information that is found herein. Under the CCPA, "sale" is defined very broadly and includes a wide array of data sharing. As the term is defined by the CCPA, we “sold” the following categories of personal data in the last 12 months: identifiers/contact information, internet or other electronic network activity information, and inferences drawn from the above. We “sold” such information to data analytics providers, advertising networks and social networks. The commercial purpose of “selling” personal information is for third- party companies to perform services on our behalf, such as marketing, advertising, and audience measurement. If you are a Californian, in addition to your legal rights mentioned in section 13 above, you have the following privacy rights: • Right to Know - You have the right to request that we disclose to you the personal data we have collected, used, disclosed and “sold” over the past 12 months, and information about our data practices; • Right to Opt-Out of "Sale" of personal information - You can opt out of the "sale" of your personal data to third parties by sending us a request via email; • Right to be Notified of Financial Incentives - You have the right to be notified of any financial incentives, the right to opt-out of such incentives at any time and not to be included in such incentives without your prior informed opt-in consent; • Right to Non-Discrimination - We will not discriminate against you for exercising any of these rights. According to CCPA we agree to the following: • Users can visit our website and mobile app anonymously; • The word "Privacy" appears in our Privacy Policy link, which is prominently displayed on the home page of our website and mobile app; • Users/Clients will be notified of any Privacy Policy changes via our Privacy Policy page or via email; • Clients are able to change their personal information by emailing us; • We adhere to ‘’do not track’’ signals and do not track, plant cookies, or use advertising when a ‘’do not track’’ browser mechanism is in place; • You can request certain information regarding the disclosure of your personal data by us and our related companies to third parties for the third parties’ direct marketing purposes; • We do not allow third-party behavioral tracking. 15. VARIATIONS TO THIS PRIVACY POLICY We may update this Privacy Policy at any time in response to changing legal, regulatory or business developments. When we update our Privacy Policy, we will take appropriate steps to inform you, including updating the version date at the top of this Privacy Policy. By continuing using the website, the mobile app and/or the Services, you give your implied consent that you have accepted such 8 variations. It is your responsibility to frequently check the website, the mobile app and the communications channels you provided to the Company to ascertain any changes/variations. 16. CONTACT US For enquiries regarding this Privacy Policy and/or requests to exercise any of your rights, you can contact our Data Protection Officer at [email protected]. We undertake to respond promptly and at the latest within one (1) month from the date we received your enquiry/request. In cases where the enquiry/request is complex and we are unable to resolve it within the aforementioned period, the Company will inform you beforehand of the estimated additional time it will need to resolve it and keep you updated of the process. The Client acknowledges and agrees that it might be necessary to provide additional details and/or information in order for the Company to be able to resolve their enquiry/request in a satisfactory manner and/or for the Company to be able to verify the Client’s identity before it proceeds to examine their enquiry/request. 17. GOVERNING LAW This Privacy Policy, the use of our website, mobile app and Services, shall be governed and construed in accordance with the laws of the Republic of Cyprus, without regard to its conflict of law provisions. The courts of the Republic of Cyprus shall have exclusive jurisdiction to adjudicate on any dispute arising under, or relating to, this Privacy Policy.