Privacy Policy

Version: 1.02 Last updated: November 01, 2023

This Privacy Policy (“Policy”) constitutes an integral part of the Grow Terms of use (“Terms”), which is a legally binding agreement between the users of Grow services (“You”, “User”), Grow platform s.r.o., a private Companies incorporated under the laws Ras Al Khaimah, United Arab Emirates (“Companies”, “We”).

This Policy describes how the Companies collects and uses your Personal Data when providing the Services to you.

Terms and definitions in this Policy have the same meaning as in the Terms unless stated otherwise.

We may update this Policy from time-to-time by posting a new version on the Website. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.

You can contact the Companies at: [email protected]

I.Overview

Your privacy is important to us. We are not going to misuse your data.

Due to the nature of the Services, we collect some personally identifiable information

(“Personal Data”) from you when you open a User Account. Additionally, the Companies may collect some of the Personal Data from you when you

contact the Companies and during your use of the Services.

II. Information We May Collect from You 2.1. Account Information

When you open the User Account with the Companies, you provide us with your Personal Data.

To open the User Account and verify your identity, we ask you to provide the following information: email address (which will be your username (login), phone number (for restoring account access and verifying your identity), full name (to verify your identity and fraud prevention), date of birth (to verify that you are of Acceptable Age), your

address, your profession, citizenship and gender (to verify your identity and financial crime prevention), and you will have to come up with the password.

We use/store your email address:

(a) to verify your identity when you log in to your account;

(b) to contact you regarding your User Account or work and updates of the Companies (support emails); and

After you register the User Account, you will be able to sign in with your User Account information (email that is your login and your password).

We store passwords secured against unauthorized access by using a password hashing function. We encourage you to create a strong password and avoid sharing with other persons for the safety of your User Account and Card Account.

1. Wallet Information

To enable the deposit of funds to the Card Account, we collect and process relevant wallet information from you depending on the type of virtual asset you would like to deposit.

We store your wallet information in an encrypted form and do not use this information for any purpose except to provide you with the exchange services and to comply with our legal obligations.

2. Security Information

To secure your use of the Cards, each Card has a PIN. We do not collect nor process this PIN and therefore cannot help with its retrieval.

Please keep your PIN secure.

The Companies will never ask you to share your PIN with the Companies, its directors, employees, agents, or officers.

3. Usage Date

We collect information about your experience – the history of transactions, number of your assets, device and browser, information, IP-address, date, time, and duration of use of the Website, links by which you were addressed to the Website.

We store your information about your history of transactions, buy and sell orders, and

the number of your assets to:

(a) enable you to manage it on the Website and see your history (please also

see Sections 16 and 17 of the Terms); (b) comply with financial law requirements. We use other usage data to:

(a) give you the control over User Account active session (give information about logged-in devices, history of orders, etc.) and prevent fraudulent activities; and

(b) conduct our marketing research.

We also collect the information about the language of interface you chose on the Website to keep the interface in that language when you log in next time.

Usage data is collected in an anonymized and aggregated way to improve the Website and Services usability and for marketing purposes. Learn more about it in the section “Analytics” of this Policy.

4. Communication

If you need technical support, have a privacy request, or any other inquiry, you can contact us and leave your message by proceeding to our technical support by contacting us at [email protected] or using the chat on the Website.

In this case, we will receive some portion of the information from you (your name and/or email). We will use this information to provide you with the help you might need, fix our Services, and analyze the Website’s efficiency.

5. AML/KYC

To comply with the laws on the prevention of money laundering and terrorist financing, we are required to collect, keep, and analyse the information and documents that identify you, contact details, history of transactions, verification data, including from third-party sources (e.g., consumer reporting agencies, public databases, commercial registries, and sanction lists), and other types of information prescribed by law.

We will ensure the confidentiality of the collected information and will not use the data from your AML/KYC profile for any other purposes.

For more information on the AML/KYC procedure and types of information collected for this purpose, please refer to our AML/KYС Policy.

III. How We Collect Information from You 3.1. Overview

We collect information from you when:

a) you use the Website and the Services;

b) when you open the Website (including when opening a Referral Link) and access your User Account; and

c) when you contact the Companies.

3.2. Information we collect automatically

The following information is collected automatically: the number of your assets, device information, IP-address, date, time, and duration of use of the Website; information about transactions made with your Cards.

IV. Legal Base for Processing

1. Provision of Services

We use account information, wallet information, and usage data to provide our Services. Without this information, we will be unable to provide you with the Services we offer.

2. Compliance

As discussed above, we are required to store certain types of information for compliance with laws (e.g. AML/KYC obligations). We will make sure that this information will be treated strictly in accordance with relevant laws, and we will not use this information for other purposes (except as provided in this notice).

3. Customer Support

We use the information we receive when you contact us to help you with your inquiry.

4. Legitimate Interest

For marketing purposes, we process your statistics of activity on the Website and your usage data. These data help us to understand our target groups and conduct marketing research.

We can also send you occasional emails with Grow updates or new products/services, and other emails for the information purpose.

Account information, and usage data is processed for the purposes of identity fraud prevention.

You can opt-out from the email subscription by clicking the appropriate button in our emails to you.

V. Acceptable Age

We do not intend to collect nor knowingly process the children’s (under 18 years old)

personal data. Only individuals, who are already 18 years old, may use the Services and provide information to us.

VI. Third-party Access

Except as provided in this Policy, we will not sell, share, or rent your information to third parties.

1. Analytics

To analyse our efficiency and conduct marketing research, we use the services of analytics providers. When using the analytics services, we can share anonymized and aggregate details of using our Services, including, but not limited to traffic data, location data, length visit, other communication data.

This information does not allow to identify any certain person, so it is considered non- personally identifiable information.

Non-Personally Identifiable Information is collected and processed, among other services in an anonymized and aggregated way to improve the Website and Services’ usability and for marketing purposes using Google Analytics.

Google Analytics is a web analytics service that tracks and reports traffic on the Website. Google. Analytics uses the data collected to track and monitor the use of our Website. This data may also be shared with other Google services.

For more information on the privacy practices of Google, you can check its Policies at www.google.com/analytics/policies/.

If you want to opt-out of being tracked by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.

2. Third-party services

We may share some of your information with third parties, whose services are integrated with our Services solely for the purposes of

the provision of such services, and only if you intend to receive such services.

Please see Section 18 of the Terms for additional information.

3. KYC and Email notifications

We are using third-party services to:

(а) conduct KYC procedure;

(b) send our notifications by email.

Such third parties may only use information about you to perform services on our behalf. They are not allowed to use it for their own purposes, and we take all reasonable and required measures to ensure their compliance with data protection requirements.

4. Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you:

(a) if we are required to do so by law, in connection with any legal proceedings or to establish, exercise, or defend our legal rights; and

(b) in case we sell, license, or otherwise assign our Companies, corporate rights, Grow or its separate parts or features to third parties.

VII. Data Retention

We retain your data for as long as you use our Services. We will delete most of the information when you stop using our Services (upon expiration of your Card if you have not ordered another Card from the Issuer and closing your Account), excluding some of the usage data that we may retain longer for analytical purposes.

Please note, that in order to comply with our legal obligations, we will have to store the KYC/AML information for 5 years after termination of the relationship with you.

We retain the information you provide us with when you contact us to provide you with customer support and do not store it afterward.

VIII. Information Security

Your information is being stored and processed on the servers of the cloud provider inside the EU. These servers have technical measures to store the data securely and protected against unauthorized access.

To keep the processing, we may transfer the information outside the EU, e.g., for the purposes of technical maintenance. In this case, we will ensure that the necessary safeguards to process the information are met in accordance with applicable privacy regulations. We do not transfer personally-identifiable information to the U.S.

We take necessary and sufficient measures, including hashing and encryption of certain information, to protect your information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

Immediate access to some amount of the data is only allowed to our authorized employees involved in maintaining operations of the Companies and its information infrastructure. Such employees keep strict confidentiality and prevent unauthorized third-party access to personal information.

IX. Cookies

We use cookies. A cookie is a small text file that is downloaded onto your ‘terminal equipment’ (e.g. a computer or smartphone) when you access the Website. It allows the Website to recognize your device and store some information about your preferences or past actions.

There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are erased when you close your browser. Persistent cookies remain on your device for a predefined period.

Strictly necessary cookies do not require user consent as they are always placed on your device by default.

Performance and targeting cookies are placed on your device by third-party providers on our behalf. Those providers, such as Google Analytics are engaged to provide us with analytics and access to the advertisement networks. For performance and targeting cookies, we will ask for your consent first.

You can manage and disable cookie settings at any time using Cookie Settings on the Website. Furthermore, you may manage your cookie settings in your browser settings at any time.

Please keep in mind that simply disabling all cookies or all of our cookies in your browser settings may lead to certain sections or features of our Website not working. Therefore, we recommend using the Cookie Settings on our website instead of disabling all cookies in your web browser.

X. Data Rights & Requests

If you want to file a request or exercise any of your information rights under the applicable law, please contact us at [email protected].

To control our data protection activities, you may exercise certain rights regarding your information processed by us. In particular, you have the right to:

1. Object to the processing of your information. If we process your information in our legitimate interests, you can object against it. We will consider your request and, if there are no legal grounds to refuse it (e.g., public interest), stop the processing for such purposes;

2. Access your information. You have the right to:

(a) learn if we process your information;

(b) obtain disclosure regarding certain aspects of the processing; and (c) obtain a copy of the information undergoing processing.

3. Verify your information and seek rectification. If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;

4. Restrict the processing of your information. When you contest the accuracy of your information, believe we process it unlawfully, or want to object against the

processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent.

In this case, we will not process the information for any purpose other than storing it or for legal compliance purposes until the circumstances of restriction cease to exist;

5. Ask us to delete/destroy/otherwise remove the information about you. If we are not obliged to keep the data for legal purposes, we will remove your information upon your request.

Please note, that the deletion of your information may affect your experience on the Website or lead to close of relationships between you and us if the information was strictly necessary for the provision of Services; and

6. Ask us to transfer your information to another organization.