GDPR PRIVACY POLICY – INFORMATION CONCERNING PERSONAL DATA PROCESSING

We are a blockchain security, hardware start-up, open for early-stage investors. We maintain our website www.bitfold.com (“the Website”) to present our Bitfold project (“the Project”). If you would like to receive updates on the Project progress or you are interested in participating (financially or by sharing your know-how with us) in the Project, you can send us an e-mail or subscribe to our newsletter.

In this document, we would like to familiarize you with the most important information and rules regarding the processing of personal data in connection with the Regulation on the Protection of Personal Data (GDPR).

In accordance with the applicable provisions on the protection of personal data, in particular the general Regulation, in order to ensure proper protection of personal data, the data subject must first of all provide information regarding the processing of personal data set out in Article 13 or 14 GDPR – depending on whether they were obtained directly from the data subject or from other sources. The required information is provided below, including, in particular, the principles of protection and processing of Users’ Personal Data by the Personal Data Administrator.

I. Definitions

Controller/Administrator – the Controller of personal data pursuant GDPR, which is Bitfold R&D (spółka z ograniczoną odpowiedzialnością) with its registered seat in Lodz, Poland, zip code 90-525, Wolczanska street No. 143, entered in Register of Entrepreneurs of National Court Register under the number KRS: 0000840803, NIP (Tax Identification Number): 7252299166, REGON (Statistical Number): 386040760, operated by registry court: District Court for Lodz – Srodmiescie, XX Business Department of National Court Register, with its share capital: 100 000 PLN (one hundred thousand Polish Zlotys).

GDPR – Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (J. o L. UE 2016 it. L119).

User – www.bitfold.com users, natural or legal persons, who accepted this Privacy Policy.

Website – www.bitfold.com.

II. How to contact us for more information on the processing of your personal data?

All correspondence regarding matters related to the processing of your personal data, please send in writing to the address of the Administrator with the note “Personal data” or to the e-mail address biuro@bitfold.com also with the inscription “Personal data”. The Administrator does not appoint an inspector of personal data protection, as there is no obligation to do so. In particular, the following should be reported to this address:

• all events affecting the security of information transfer;
• possible suspected personal data breach;
• suspicion of sharing files containing viruses and other files of similar nature.

III. How do we collect your data?

We collect the personal data of our Users through the Website or questionnaires, from themselves – they provide personal data by sending us an e-mail or subscribe to our newsletter, webinar or participate in Bitfold’s contests or questionnaires.

IV. Requirement to provide personal data

1. Providing any personal data is voluntary and depends on your decision.
2. However, providing personal data is necessary to receive updates on the Project progress or to receive information from us about possible cooperation if you are interested in participating (financially or by sharing your know-how with us) in the Project and for sending commercial and marketing information. Therefore, in order to enable us to contact with you or provide you with digital content, you can provide us with your e-mail address by sending us an e-mail or via questionnaires or subscribe to our newsletter through the Website.
3. Your personal data is stored in the system used by the Administrator to manage contacts with current or potential Bitfold clients, partners and investors.
4. By agreeing to receive communications from us, you consent to the transfer of your personal data to a third country Switzerland or United States, which are not members of EEA.

V. Automated decision making and profiling

We kindly inform you that we do not make automated decision-making, including on the basis of profiling.

VI. What is the purpose of processing your personal data by Bitfold?

• providing services by electronic means in the scope of sharing content posted on the Website – the legal basis for processing is the legitimate interest of the Controller;
• enabling contact between you and the Controller – if you are interested in receiving information about the progress in the implementation of the Project or participation (financial or by sharing your know-how with us) in the Project – via e-mail address – the basis for processing is legitimate interest in the need to answer a question or message sent by you;
• for analytical and statistical purposes, researching Users’ behavior in order to improve the quality of services provided – the legal basis for processing is the legitimate interest of the Controller, consisting in conducting analyzes of user activity, and their preferences in order to improve the functionalities used and the services provided;
• enable subscription to the newsletter or webinar or participate in Bitfold’s contests or questionnaires. – the legal basis for processing is the consent to the processing of the personal data subject;
• providing the User by the Controller with information about offers, promotions, discounts and news (direct marketing) – the basis for processing is the implementation of the Controller legitimate interest.

VII. What is the legal basis for the processing of my personal data?

The legal basis for the processing of your data will be:

1. Consent granted;
2. The necessity to fulfill the legal obligation imposed on the Administrator;
3. Necessity arising from legitimate interests pursued by the Administrator, such as sending updates on the Project progress, press news or contacting with you in matters relating to participation in the Project (financially or by sharing your know-how with us) or direct marketing.

VIII. What personal information do we collect?

E-mail address, name, surname, telephone number.

In addition, we also collect operating data that characterizes both the way you use the Website, in particular: IP address (both static and dynamic), digital logs, information about your use of the Website, browser type, domain name and the type of operating system.

The period of processing and storage of personal data

1. In accordance with applicable law, we do not process your personal information perpetually but for the time that is needed to achieve the purpose of processing. After this period, your personal data will be irretrievably deleted or destroyed.
2. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the end of the processing period, the data is irretrievably deleted or anonymized.

Your rights

1. Your basic rights are as follows:
   • Access your personal data;
   • Correction of personal data;
   • Removal of personal data;
   • Update your data;
   • Restrictions on the processing of personal data;
   • Oppose the processing of personal data;
   • Transfer of personal data;
   • Withdrawing consent to the processing of personal data;
   • To file a complaint regarding the processing of personal data by us.
2. We indicate that these rights are not absolute and therefore we may legally refuse you to comply in some cases. However, if we refuse to accept the request, then only after careful consideration and only if the refusal to consider the request is necessary.
3. The rights referred to in point 1 you carry out:
   1. by e-mail to biuro@bitfold.com or
   2. in writing to the address of the Administrator. In order to verify your application, the Administrator may ask for additional information or for sending documents necessary to confirm the identity of the applicant. In the absence of providing this information or sending documents, the Administrator reserves the right to leave the application without recognition. If the application is correct, the Administrator executes it within 7 days from the day of the submission of the correct application (this deadline is due to technical issues). In exceptional cases, this period may be longer, about which the Administrator will notify the User.
4. A request to delete (remove) personal data takes place when:
   1. Your data will no longer be necessary for the purposes for which it was collected by the Administrator;
   2. You withdraw your consent to the processing of personal data;
   3. You will object to the processing of your data;
   4. Your data will be processed illegally;
   5. The data should be deleted in order to fulfill the obligation arising from the law;
   6. The data was collected in connection with the provision of electronic services offered to the child;

   Removal of personal data from our database means that it will not be processed in it and will not be shared with other entities. However, it does not mean the cessation of data processing by entities to whom the Data was previously made available (eg the fact that your personal data will be removed from our database does not mean that the entity that previously provided your personal data from us will not be able to send you an e-mail.) Any complaints in this regard and requests to delete personal data should be directed to the sender.

5. The right to request limitation of data processing shall be due if:
   1. You will notice that your data is incorrect – you can then request to limit the processing of your data for a period of time that allows us to check the correctness of this data; or
   2. Your data will be processed unlawfully, but you will not want to be removed;
   3. Your data will no longer be needed but may be needed to defend or enforce claims; or
   4. You will object to the processing of the data pending the determination of whether the legitimate grounds on our side are superior to the grounds of objection.
6. The right to oppose further processing shall apply if:
   The processing of your personal data is based on a legitimate interest or for statistical purposes, and the opposition is justified by the specific situation in which you have found yourself. However, according to the law, we may refuse to take into account the objection if we show that:

   – There are legitimate grounds for processing which override your interests, rights and freedoms (such as tax law, accountancy law, obligation to prove accountability),

   – There are grounds for establishing, pursuing or defending claims.

7. The right to lodge a complaint in relation to the processing of your personal data by us – you do so by submitting it to the supervisory body, which is the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. Detailed information is available on the web page https://uodo.gov.pl/pl/83/155.
8. If the processing of personal data takes place on the basis of consent, you may withdraw your consent at any time – at its sole discretion.
9. If you would like to withdraw your consent to the processing of personal data, simply send an e-mail to the following address: biuro@bitfold.com.
10. If the processing of your personal data took place on the basis of consent, its withdrawal does not mean that the processing of personal data up to this point was illegal. In other words, until the withdrawal of consent, we have the right to process your personal data and its revocation does not affect the legality of the current processing.

XI. Who do we share your personal information with?

1. Our subcontractors (processors), such as:
   1. Accounting firm servicing the Administrator;
   2. Legal and IT companies;
   3. Contractors of services at the request of the Administrator:
   4. GetResponse S.A. with its regirestered seat in Gdańsk, Poland;
   5. TYPEFORM S.L. with its regirestered seat in Barcelona in Spain, Calle de Pallars 108 (Aticco), 08018, C.I.F. B6583183;
   6. Polish Agency for Enterprise Development – under a grant agreement;
   7. Our employees and people cooperating with us;
   8. Entities providing software and e-internet service platform.
2. Entities or bodies entitled under the law.

XII. Will your personal data be transferred outside the European Economic Area?

Yes, your personal data are transferred to Switzerland to our parent company Bitfold AG with its registered seat in Switzerland, 6340 Baar, Kanton Zug, Mühlegasse 18, register number: CHE-266.860.023. However, in the European Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data, the European Commission has ensured that Switzerland guarantees an appropriate and adequate level of protection for the personal data transferred.

We also inform you that due to the fact that we use cookies from third parties (more information you can find in the Cookies Policy), there is a risk that some of your personal data may be transferred to the United States. The Administrator transfers your personal data using mechanisms that comply with applicable law.

XIII. Responsibility for securing and processing personal data

• The Controller is responsible for the processing of Personal Data in accordance with the law.
• The Administrator is not responsible for the effects of providing Personal Data to a public authority if the obligation to disclose results from the law or from the request of such authority. All claims in this respect should be addressed to that public authority.

XIV. Final provisions

• In matters not covered by this Privacy Policy, the regulations on the protection of personal data apply.
• Any amendments to this Privacy Policy will be notified to you by e-mail in advanced.
• This Privacy Policy is effective from 23^rd March 2023.