Dexodata Privacy Policy

Last updated: 25 January 2023

Our company COSMODATA FZCO (Company, We, Us) respects the privacy of Your (User, You) Personal Data and ensures its safety and legitimacy as defined by the following document.

The current Privacy Policy (Policy) is created to provide You with information on:

1. Mechanisms Your Personal Data is collected
2. Reasons it is obtained
3. Methods We use to keep it private
4. To identify the third-parties we can share Your information You provide with.

The featured Policy is considered as a part of the Dexodata License Agreement, which is available via the following hyperlink: https://dexodata.com/en/license-agreement.

We strictly recommend You to get acquainted with this Policy thoroughly, and check for the actual versions of it regularly. It will guarantee that You are aware of changes if such are made.

In case You do not agree with any Policy regulations, You shall stop using the System instantly.

Terms and Definitions

All the words used in the current Policy starting from a capital letter should be perceived as mentioned in the Policy chapter below.

Dexodata, Company	The private company COSMODATA FZCO, located at Building A3, Dubai Digital Park, Dubai Silicon Oasis, Dubai, the United Arab Emirates.
System	A combination of data, web forms, software, hardware and intellectual property of the Company, including software, databases, graphic interface design, content, etc. All the list’s items You can get access to through mobile and desktop User devices connected to the Internet with specialized network browsing software (browser) at “dexodata.com” domain, including the lower-leveled domains, IP addresses of the System. All the list’s items mentioned above can be changed or deleted as specified by the License Agreement.
You, User	Individuals and enterprise representatives of legal entities who comply with the qualifications stated by the Agreement, and have a registered Account in the System.
Account	The data packages stored in the System for particular Users from the moment of passing registration, which include User interactions with the System.
Registration Data	The Personal Data User provides to the Company by mentioning it in the registration form during the process of signing up. The full list of User characteristics is enumerated in the proper paragraph of the current Policy and Agreement.
Personal Data	Any information User presented as individual or business representative provides to Company at the Account registration. Also, Personal Data is referred to as the information the System gathers about User automatically or gathers from third-parties.
Personal Data Processing (Processing)	Bunch of actions Personal Data is exposed manually or automatically, such as: the obtaining, recording, processing, structuring, keeping, adapting, retrieving, using, discussing, transferring, as revealing, distributing, or otherwise making available within rules mentioned below, compiling, restricting, erasing or eliminating.
Third-Party Account	The Account which User has registered on third-party websites, such as Gmail, Facebook, etc., and which is used by User to sign up an Account within the System.
Verification Services	Third-party platforms which have contractual relationships with the Company for execution of enhanced verification of visitors that would like to get status of the User and already registered Users. Verification Services include Sumsub service that can be accessed at https://sumsub.com.

All the terms and definitions introduced in this Policy, which has no particular definitions, must be understood as specified in the Dexodata License Agreement and its Annexures. In case the following is impossible within the documents mentioned above, such terms shall be regarded in accordance with the applicable laws and regulations or the generally accepted meaning.

Any use of terms "You", "Your", etc. shall be interpreted as a reference to the System User or guest visitor.

Policy Acceptance

The current Policy provides for Your agreement with clauses of Communication Data Processing, Registration Data and Verification Data described below by pressing the “I agree” button while You complete the Account registration within the System.

You express consent of the Policy provisions which regulate the Processing of the Log Data as described below by placing ☑ next to the “I have read and accept the terms of the Dexodata Cookies Policy” box. You are asked to do it on Your first System website visit.

You should leave the System website and refrain from using the System if You do not agree with any provision of this Policy.

The full list of Personal Data We Gain and Process

We ask You to provide Us with some information about Yourself to grant You access to the System.

During Your use of the System, We may collect the following types of Personal Data:

We reserve the right to obtain the following Personal Data with Your consent during Your stay on the System web page:

Communication Data

1. E-mail address
2. Username and other public information Your Third-Party Account includes
3. Сontact details You reveal to contact Us.

Registration Data

During manual registration: Your e-mail address.

To sign up with a Third-Party Account: Your username under the Third-Party Account and Your e-mail address under the Third-Party Account. Any other details under the Third-Party Account can be also acquired according to the policies of appealed third-parties.

Log Data

Technical characteristics:

1. The Internet protocol (IP) address
2. Browser type and version
3. Time zone settings
4. Types and versions of Your browser extensions
5. Operating system and device type.

Session Data

1. Page response times
2. Time spent on Our page
3. Download errors
4. Time and dates Your visits to certain System pages took place
5. Clickstream data
6. Methods used to end or exit session from the System website
7. Other data collected via cookies and other digital fingerprint specifics.

Please explore the Dexodata Cookies Policy for more information

Verification Data

Such data type consists of information You provide to Us on Our demand or demands of third-parties, including law authorities, and Our requests essential to verify compliance with the Agreement and regulatory framework, including:

• Your full name
• E-mail address
• full legal name, date of birth, age, nationality, gender, signature, email address and home address;
• passport or other photo identification such as a driver’s license or national identification card, other photographs like selfies;
• user ID, security questions, authentication data, transaction information, financial information, cryptocurrency or wallet addresses; and
• Other details of Your privacy required to comply with legal obligations, applicable laws and regulations.

We are developing the System consistently. The new features introduced may demand access to Your additional private information.

You provide Us Personal Data willingly. The refusal to share Your Personal Data with Us may decrease the service quality and/or lead to System access restrictions.

The purposes of Personal Data Collecting

We obtain the above-mentioned Personal Data to:

Communication Data

• Provide You the relevant feedback
• Contact You for Account managing reasons.

Registration Data

• Grant access to the System
• Maintain network and individual security
• Provide User support.

Log Data

• Maintain network and information security
• Sustain a reliable System performance
• Enhance User experience
• Detect and dispose malfunctions, develop the System infrastructure
• For other purposes mentioned in the Policy.

Verification Data

• Provide safety to Users, System and Third-Parties.

We use Your Personal Data only for the purposes stated in the current Policy. We retain the right to improve and develop the System, enhance the list of reasons we may acquire Your private Personal Data, and retrieve new titles of Your Data. All such cases are implemented in Privacy Policy updates published on the System website and exist in accordance with the applicable laws or court/enforceable orders. We are entitled to notify You and provide an explanation on the legal basis.

Please be aware that We may provide You with information related to the System upon Your consent.

The Personal Data Collection methods

The Personal Data Collection methods

Communication Data

We gather such Personal Data in case You contact Us before Your Account registration for any other purpose via e-mail or web messengers.

Registration Data

You provide Us such Personal Data, when

• You fill in and submit application forms and sign up an Account in the System
• Use the Third-Party Account to pass the registration procedure in the System and sign in using the Third-Party website.

Log Data

During your interaction with the interface of System services. The tools to collect such Personal Data are cookies, server logs, and similar technologies. Please make sure You have read the Dexodata Cookies Policy for details.

Verification Data

You provide such Personal Data to Us directly or we obtain it from Third-Party web sources according to the permissions You give Us. Verification of the user is done by the Verification Services provider mentioned above. We obtain information about you from public databases and ID verification partners for purposes of verifying your identity when you sign up for our Services or use our Services. Our ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information includes your name, address, status on any sanction lists maintained by public authorities, and other relevant data.

The time periods We keep Your Personal Data

We store Your Personal Data only for the time necessary to fulfill its purposes described in the current Policy. The standards for retaining and deleting Your Personal Data are:

Communication Data

We erase it after You get the requested feedback or Your inquiry is responded to.

Registration Data

We keep it all the time Your Account is active. The disposal takes place once the System deletes Your Account.

Personal Data may be retained after the Account is deleted within the period prescribed by the applicable laws.

Log Data

We keep it strictly throughout the life of Your Account and delete it once the System executes the request to delete Your Account.

Personal Data may be retained after the Account is closed within the period prescribed by the applicable laws.

Verification Data

We keep it rigorously while Your Account exists. Verification Data is deleted once the System closes Your Account within the time limits crucial to achieve the objectives of processing Data.

Personal Data may be retained after the Account is closed within the period prescribed by the applicable laws.

Please be aware that We can store Your Personal Data longer if it is prescribed by the legislation and law regulations. the Company retains some Personal Data from the list above after the deleting of Your Account is completed. It is necessary to prevent fraud cases performed by switching between the System accounts, and to not violate the terms of Our License Agreement. Verification of the user is done by the Verification Services provider mentioned above.

The legal grounds to Collect Personal Data

The Personal Data gathering and processing is performed in accordance with the following privacy rights and regulations:

1. EU General Data Protection Regulation (GDPR)
2. Current License Agreement and its parts
3. Our local terms.

We can handle Your Personal Data as prescribed by the local law legislation in case the country of Your location demands more stringent treatment with the items of the current Policy.

The legal grounds to gather and process Personal Data are based on:

Your Consent

You grant Us consent to get and handle Your Personal Data for specific purposes under conditions mentioned in the current document. You give Us Your consent at Your own will and can withdraw it any time without any consequences for You except possible malfunctions or restrictions in interaction with our System. The withdrawal takes instant effect on possible future interactions and will affect previous cases of processing Your Personal Data as scheduled by the terms of the current Policy.

Agreement Implementation

Your private data is used to fulfill Our obligations arising from the terms and conditions of the present Agreement or to conclude the Agreement.

Our Legit Business Objectives and Interests

We conduct and manage Our business objects fairly and responsibly to maintain Our goodwill and to provide You with the best experience possible.

Legal Compliance

We gather and store Your Personal Data compliant to local regulatory obligations if required.

Personal Data disclosure and its transfer to Third-Parties

We can share Personal Data processed by Us to third-party resources on specific occasions. The Third-Parties who can get access to Your Personal Data include

1. Business partners, suppliers, and sub-contractors involved in providing You the services of the System.
   
   We oblige affiliated entities to treat Your Personal Data carefully and lawfully in accordance with the law and Our License Agreement. We prohibit Third-Parties the exploitation of Your Personal Data for their own purposes. Third-Parties are accountable to the law for treating Your Personal Data in ways and objectives distinct from established by this Agreement. The Third-Parties get access to Your Personal Data in amounts necessary only to execute their functions.
2. Authorities and/or law enforcement officials in cases prescribed by the laws and regulations.
   
   We use and share Your Personal Data with such Third-Parties if it is crucial for Us to comply with the obligations connected to Our business activity.
3. Analytical companies, search engine providers, etc assisting the Company in System development and improvement.
   
   We guarantee You that We do not sell, exchange or share Your Personal Data with Third-Parties without Your consent.
4. Other Users and IP Addresses.
   
   Users joining the System in Proxy Provider mode grant Us the rights to treat their IP addresses as a host for Users regarded as the System Proxy Receiver mode clients. We pass the IP address characteristics to other System Users impersonally, without any Personal Data.

Terms of handling Personal Data to Third-Party states

Dexodata operates as an international data gaining infrastructure and may resort to the services of data processing service providers in Third-Party countries. It is done unless legislation in Your area restricts such actions.

We hereby inform You about transferring Your Personal Data to our partners located in the states, validated compliance with GDPR (General Data Protection Regulation) or handling Personal Data according to provisions of the European Commission. Dexodata protects Your Personal Data as stated in this Privacy Policy and takes every measure to keep Personal Data safe in accordance with the applicable laws.

The processes handling Personal Data in Third-Party states beyond the jurisdiction of Regulation (EU) 2016/679 are covered by the standard data protection terms adopted by the European Commission. Otherwise the Privacy Shield Framework is applied.

The access to the System in a Proxy Provider mode may engage the IP address transfer to other Users, including personalities and enterprises over your present country’s border. Maintaining the System access in a Proxy Provider mode refers to Your consent for such a transfer execution.

Protection of Your Personal Data

We apply a complex of tools and measures in technical, organizational, and administrative spheres to guarantee the confidentiality, integrity, availability, and privacy of Your Personal Data. We commit the defense of Your Personal Data from leak, loss, theft, unauthorized access, misapplication, modification or destruction by generally accepted methods while Personal Data is at Our disposal.

The measures mentioned above include but are not limited to:

• Secure Sockets Layer (SSL) protocol for fully encrypting Your Personal Data with cryptographic technology and sending it reliably
• HTTPS and TLS cryptographic protocol to guard internal and external transmissions performed by the System
• Our proprietary coding technology
• Recurrent monitoring for data breaches.

We grant access to Personal Data to authorized employees compliant with the non-disclosure agreement of treating confidential Personal Data. Our legal and technical departments update the defensive algorithms and implement new defensive measures due to recommended requirements.

We ask You to contact Us immediately in case of awareness of any potential data breach or security vulnerability. We guarantee to carry out activities crucial for preventing or investigating the declared issue.

Users Rights granted

Your fundamental rights granted to You as a subject of Personal Data are the following:

1. Right to access Personal Data.
   
   We may send You a copy of Your Personal Data that we have access to upon Your request. The document includes specification of information gathered within a specified period. Be aware that We can ask You to compensate for the expenses incurred to gather and frame the information.
2. Right to Personal Data corrections.
   
   You may ask Us to make amendments or update Your Personal Data details. Contact us using the e-mail address provided below or via Client Support. The Company reserves the right to refuse assistance in making revision in case Users can make it on their own using the System dashboard or interface elements.
3. Right to delete Personal Data.
   
   You can demand to erase Your Personal Data according to the existing legislation. Be aware that the System automatically deletes most of Your Personal Data after You delete Your Account. Then We will not use Your Personal Data for any further objectives, nor share it with Third-Parties, except required by the law. We may not be able to fulfill Your request completely due to specific legal motives You will be informed about in the course of Your request. To have your data deleted you must send a request to the Company's contact email address mentioned at the end of the document.
4. Right to withdraw Your consent.
   
   You are able to withdraw the consent of retrieving and managing Your Personal Data given to Us anytime. These do not affect the legitimacy of processes that occur before Your demand. Consider the fact that our activity which does not involve Your Personal Data consent will continue.
5. Right to restrict processing.
   
   You can restrict or oppose Our processing or transferring Your Personal Data under certain circumstances. We have the right to continue Your Personal Data use in case it is crucial to defend ourselves against legal claims or in other cases permitted by the current legislation.

Please take into account that none of the rights are indisputable and they must be weighed generally against Our legal obligations and legitimate interests. If You decide to exercise Your rights, You will be informed about Our decision and measures taken along with the reasons of Our decision. For additional information please contact Us at [email protected] or [email protected].

Relevance to Third-Party websites

The System may operate external hyperlinks to websites and platforms maintained by Third-Party Service Providers who may stick to their own Personal Data rules different from Ours.

The Company is not responsible or liable for the Personal Data treatment or mechanisms taken common to such Third-Parties. We advise You to familiarize yourself with the Third-Parties License Agreements before taking advantage of such resources or submitting to them Your Personal Data or other sensitive information.

Attitude to Children’s Personal Data

We do not practice collecting Personal Data of Internet users under the age of 13 or of other age representatives in case it demands the consent or permission from parents, guardians or authorized tutors. This is Our conscious decision. In case the child or person under Your official custody provides Us Personal Data, we will nullify such Account and delete the gathered Data. Please report such cases taking place to Us so we can make appropriate arrangements.

Ownership Change

This passage describes the situation of changing the ownership or control of Our Company entirely or its parts through acquisition, merger or sale. In that case We keep the right to transfer all or part of the Personal Data to the new owner of the Company.

Policy Updates

This Policy may be updated, revised and/or amended any time at the Company's discretion without prior notice. In case amendments are implemented, the latest Policy version is published with the date of origin on the first page of the Policy.

The responsibility to keep informed with the Policy updates is up to You. We recommend reducing the risk of staying unaware of the latest updates. To do so:

1. Save a copy of the featured Policy after signing up for the Account for the first time.
2. Regularly visit the described page on the System website to check for changes in the date the latest Policy version is published. If it is so, please take the time to study the entire Policy for revisions.

By using the System after the Policy has been amended, You confirm Your understanding and consent to the amended Policy. If You do not agree with any amendments of this Policy introduced, You shall give up the use of the System instantly.