PRIVACY POLICY

1. ACCEPTANCE OF PRIVACY POLICY By accessing and using our Services, you signify acceptance to the terms of this Privacy Policy. Where we require your consent to process your personal information, we will ask for your consent to the collection, use, and disclosure of your personal information as described further below. Bitoslo may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific Services. These notices may supplement or clarify Bitoslo’s privacy practices or may provide you with additional choices about how Bitoslo processes your data.

If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our Services.

2. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, and when required by law, we will notify you of changes to this Privacy Policy. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our Services prior to the change becoming effective.

3. WHAT INFORMATION DOES Bitoslo COLLECT?

3.1

We collect Personal Data and Anonymous Data, as described below.

“Personal Data” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.

“Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons.

We may collect Personal Data from you, such as your first and last name, e-mail and mailing addresses, date of birth, government issued identification, photographs, biometric information (including but not limited to device fingerprinting), company name, and password when you use our Site. We may also collect other Personal Data provided by third party identity verification services or via social networking websites.

If you tell us where you are (e.g., by allowing your mobile device or computer to send us your location), we may store that information.

Certain services, such as two-factor authentication, may require our collection of your phone number. We may associate that phone number to your mobile device identification information. If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply. We also collect other types of Personal Data that you provide to us voluntarily when seeking support services, such as email, information submitted via online form, video conferencing service information, other contact information, or other information provided to support services staff. We may collect other data, including but not limited to, referral URLs, your location, blockchain analytics information related to blockchain addresses you provide.

3.2

Some information is collected automatically by our servers:

Our servers (which may be hosted by a third party service provider) collect information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We retain information on your behalf, such as transactional data and other session data linked to your Account.

4. INFORMATION ABOUT CRIMINAL CONVICTIONS

When you register for or otherwise use our Services, we may receive information about your criminal convictions when we perform certain verification or compliance checks. We carry out these checks in order to detect or prevent any unlawful or fraudulent acts and to comply with our legal obligations.

5. IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to close your Account, but we will notify you if this is the case at the time.

6. COLLECTION OF PERSONAL INFORMATION

We collect Personal Data to provide you with our Services. You are free to choose whether to provide us with the types of Personal Data requested, but we may not be able to offer you some or all our Services when you choose not to share certain information with us. For example, we collect Personal Data which is required under law to open an account, to link a bank account, or to execute a transaction. We also collect Personal Data when you use or request information about our Services, subscribe to marketing communications, request support, complete surveys, or communicate with us. We may also collect Personal Data from you offline, such as when you attend one of our events or when you contact customer support. We may use this information in combination with other information we collect about you as set forth in this Privacy Policy.

Personal Data we collect may include the following: Information you provide to us; We collect information that you provide directly to us through the Sites or by e-mail, phone, or any other medium. This may include:

Personal identification information, such as your full name, home address, email address, date of birth, age, nationality, gender, signature, and photographs. Formal identification information, such as tax identification number, passport number and details, driver’s license details, national identity card details, photograph identification cards, and immigration visa information.

Account information, such as your username, password, account settings and preferences. Financial information, such as bank account numbers, bank statement, virtual currency wallet addresses, trading data, and tax identification. Residence verification information, such as utility bill details, bank statements, or similar information. Information we collect when you use our services; We also automatically collect information about your computer, device and browsing activity when you access the Sites or use Services. This information may include:

Device Information, such as the hardware, operating system, and browser used by you, and any other information that is automatically collected about your device. Location Information, such as your IP address and/or domain name, any external page that referred you to us, and any other information that is automatically collected via analytics systems providers to determine your location. Log Information, such as device-specific information, location information, system activity, any internal and external information related to Site pages that you visit, and any other that is generated by your use of the Sites and Services that is automatically collected and stored in our server logs.

Account Information – Information that is generated by your account activity, such as trading activity, order activity, deposits, withdrawals, and account balances. Residence verification information, such as utility bill details, bank statements, or similar information. Information we collect from other sources; We may collect information from third party partners, public authorities, public websites, social media and other public sources, which may include information related to your identification, location, reputation, business activities, and other personal details.

7. HOW WE USE YOUR PERSONAL INFORMATION

We only use your Personal Data if we have a proper reason for doing so. Unless we receive permission from you, we will not use your Personal Data for purposes other than those set forth below.

7.1 Legal Obligations.

We process certain information to comply with our legal obligations:

To maintain legal and regulatory compliance: We are required by law to collect and use your Personal Data in connection with certain of our core Services. For example, we must identify and verify users to comply with anti-money laundering and countering the financing of terrorism laws in various jurisdictions. For this purpose, we use third parties to verify your identity by comparing the Personal Data you provided against third-party databases and public records. If you do not provide this Personal Data, you will not be allowed to use our Services. To ensure network and information security: We process your Personal Data to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your Personal Data, we may not be able to ensure the security of our Services.

7.2 Contractual Obligations.

We process certain information to be able to perform our obligations under our contract with you:

To provide the Services: We process your Personal Data to provide the Services to you, including to open an account and to process your transactions. We cannot provide you with Services without such information.

To provide communications: We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. To provide customer service: We process your Personal Data to resolve user questions or disputes, to collect fees, or to troubleshoot problems. Without processing your Personal Data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services. To ensure quality control: We process your Personal Data for quality control and staff training to make sure we continue to provide you with accurate information and well-functioning services. If we do not process Personal Data for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.

7.3 Legitimate Interests.

We process certain information based on our legitimate business interests in connection with our provision of the Services to you:

To ensure network and information security (as described in Legal Obligations above). To enforce our terms of use and other agreements: Due to the importance of information we handle, such as your identification and financial data, it is very important for us and our customers that we actively monitor, investigate, prevent and mitigate any potentially prohibited or illegal activities or violations of our Terms of Use, and enforce our agreements with third parties, and violations of our Terms of Use or other agreements related to the Services. We may use any of your Personal Data collected on our Services for these purposes. For research and development purposes: We process your Personal Data to better understand the way you use and interact with the Services. In addition, we use such information to customize, measure, and improve the Services and the content and layout of the Sites and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services. To enhance your website experience: We process your Personal Data to provide a personalized experience and to implement the preferences you request. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services. To facilitate corporate acquisitions, mergers, or transactions: We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your Personal Data processed for such purposes. To engage in marketing activities: If you have opted in our marketing activities, we may (i) send you marketing communications to inform you about our events or our partner events, to deliver targeted marketing, and to provide you with promotional offers based on your communication preferences, (ii) use information about your usage of our Services and your contact information to provide marketing communications, and (iii) share Personal Data with third parties to help us with our marketing and promotional projects or sending marketing communications. For example, we may participate in Facebook’s Custom Audience and Google’s Customer Match programs, in which we may provide certain Personal Data to Facebook and Google for the purpose of delivering targeted advertisements to other internet users. 8. AUTOMATED DECISION MAKING We may make automated decisions on certain matters, such as to fulfill our obligations imposed by law (such as to verify your identity), to detect fraudulent or prohibited activities, or to determine whether you are eligible for certain of our Services. If you disagree with the decision you are entitled to contest this by contacting us at following email address: [email protected].

9. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

Please see Part 16 (Cookies Policy) below for a description of how we use cookies and similar technologies on the Sites.

10. DISCLOSURES TO THIRD PARTIES

We take care to allow your Personal Data to be accessed only by those who need to perform their tasks and duties, and to share your Personal Data only with third parties who have a legitimate purpose for accessing it.

Except in the following circumstances, we will not sell, exchange, or share your Personal Data without your consent:

We may share your Personal Data with third party identity verification and transaction monitoring services to assist in the prevention of fraud and other illegal activities and to fulfill our obligations under anti-money laundering and countering the financing of terrorism laws and regulations. This allows Bitoslo to confirm your identity by comparing the Personal Data you provide us to public records and other third-party databases and to monitor transactions to fulfil our legal and regulatory obligations to report suspicious activities.

We may share your Personal Data with financial institutions and payment services providers with which we partner to process payments you have authorized.

We may share your Personal Data with companies or other entities that we plan to merge with or be acquired by. If any such a combination occurs, then we will require that the new combined entity follow this Privacy Policy with respect to your Personal Data. You will receive prior notice of any change in applicable policies.

We may share your information with companies or other entities that purchase Bitoslo’s assets pursuant to a court-approved sale under applicable bankruptcy laws or where we are required to share your information pursuant to applicable insolvency laws.

We may share your information with law enforcement, government officials or regulators, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to comply with applicable laws and regulations, to report suspected illegal activity, or to investigate violations of our Terms of

Use or any other applicable policies. In addition, from time to time we may request your consent to share your information with third parties in certain other circumstances. Such requests may be presented to you in our Terms of Use, an email from us to you, or otherwise through the Services.

11. CONSENT TO INTERNATIONAL TRANSFERS OF PERSONAL DATA

As a global company, we may store and process your Personal Data in our facilities in various locations, including Japan, Singapore, and Vietnam. This Privacy Policy applies regardless of the location in which we store and process your Personal Data.

We transfer Personal Data to service providers that process data in Ireland and Japan for the specific purposes of performing identity verification and other screening, to enable us to prevent fraud and to comply with our know-your-customer obligations under anti-money laundering and countering the financing of terrorism laws and regulations.

We transfer Personal Data to service providers located in the United States for the specific purposes of delivering emails and targeted marketing. When we send emails, Personal Data may pass through our service provider’s data centers in Japan, India, and/or the United Kingdom for geo-forwarding to the United States. By accepting this

Privacy Policy, you specifically and voluntarily consent to the transfer of your personal information to each of the countries specified in the preceding paragraphs. Some of these countries might not have protections in place for personal data as extensive as those within your country of residence. However, we require our service providers to treat your personal information in strict confidence and to use appropriate security measures to protect it. We also require them to uphold all of our other obligations under this Privacy Policy.

You may revoke your consent to this section at any time by contacting us at [email protected]

12. YOUR RIGHTS

You have certain rights concerning your Personal Data under Data Privacy Laws, which you can exercise by contacting us at [email protected].

These rights include:

Access: You have the right to request that we provide you a copy of your Personal Data held by us. In accordance with applicable Data Privacy Laws, we may request that you specify the information or processing activities to which your request relates before we provide you with a copy of your Personal Data. Correction: You have the right to request that any incomplete or inaccurate Personal Data we hold about you is corrected. Erasure: You have the right to ask us to delete or remove Personal Data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, such as in cases where the personal Data is required for compliance with law or in connection with pending legal claims. Restriction: You have the right to ask us to suspend the processing of certain of your Personal Data about you if (a) you dispute the accuracy of the Personal Data and wish for us to verify the accuracy, (b) your Personal Data has been unlawfully processed, (c) we no longer need the Personal Data, but you need us to retain such Personal Data to establish, exercise or defend a legal claim, or (d) you have objected to our processing your Personal Data, pending the verification of whether our legitimate grounds for processing the Personal Data override your rights. Data Portability: You may obtain or request the transfer of certain of your Personal Data to another party if both (a) our lawful basis for processing the Personal Data was based on either your consent or our performance of our obligations under our contract with you, and (b) the processing was carried out by automated means. Objection: If we are processing your Personal Data on the basis of our legitimate interests for doing so, you have the right to provide specific reasons why you object to such processing. You also have the right to object where we are processing your Personal Data for direct marketing purposes. Automated Decisions: You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered. Right to Submit a Complaint: If you believe that we have infringed your rights, we encourage you to contact us first at [email protected] so that we can try to resolve the issue or dispute informally. You can also submit a complaint about our processing of your Personal Data to the relevant data protection authority. You can submit a complaint in the country where you live or work or in the place where the alleged breach of the applicable Data Privacy Laws has taken place.

13. SECURITY OF PERSONAL DATA

We use a variety of security measures to ensure the confidentiality of your Personal Data and to protect your personal Data from loss, theft, unauthorized access, misuse, alteration or destruction. For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to Personal Data only for those employees who require it to fulfill their job responsibilities.

However, we cannot guarantee that loss, theft, unauthorized access, misuse, alteration or destruction of your personal Data will not occur. Please take adequate measures to protection your Personal Data. When registering to use our Services, it is important to choose a password of sufficient length and complexity and to keep this password a secret. Please notify us immediately if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure the security or confidentiality of Personal Data that you transmit to us or receive from us via the internet or wireless connection, including email, phone, or SMS. If you have reason to believe that your data is no longer secure, please contact us at the email address, mailing address or telephone number listed at the end of this Privacy Policy.

14. RETENTION OF PERSONAL DATA

We retain Personal Data for as long as necessary to fulfill the purposes described in this Privacy Policy, subject to our own legal and regulatory obligations. The criteria we may use to determine the retention period for certain categories of data includes: how long you have had an Account; whether there are contractual or legal obligations that exist that require us to retain the data for a certain period of time; whether there is any ongoing legal or financial claim that relates to your relationship with us; whether any applicable law, statute, or regulation allows for a specific retention period; and what the expectation for retention was at the time the data was provided to us. Except where prohibited by law, this period may extend beyond the end of your relationship with for so long as is necessary for audit or other accounting or regulatory purposes. When Personal Data are no longer needed we have procedures either to destroy, delete, erase or convert it to an anonymous form.

After you have terminated your use of our Services, we reserve the right to maintain your Personal Data as part of our standard back up procedures in an aggregated format.

15. CHILDREN’S PERSONAL INFORMATION

We do not knowingly request to collect Personal Data from any person under the age of 18. If a user submitting Personal Data is suspected of being younger than 18 years of age, we will require the user to close his or her account. We will also take steps to delete the Personal Data as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can act to prevent access to our Services.

16. COOKIES POLICY

16.1 Description of Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to allow websites to work properly or more efficiently, as well as to provide information to the owners of the website.

There are two general categories of cookies. “First-party cookies” cookies are set directly by us. “Third-party cookies” are set by a third party, and that third party can recognize your computer both when it visits the Sites and when it visits certain other websites and/or mobile apps.

Cookies can remain on your computer or mobile device for different periods of time. Some cookies are “session cookies”, which exist only while your browser is open and expire once you close your browser. Other cookies are “persistent cookies”, which survive after your browser is closed. They can be used by websites to recognize your computer when you open your browser and browse the internet again.

More information on cookies and their use can be found at www.aboutcookies.org or www.allaboutcookies.org.

16.2 Why We Use Cookies

When you access our Services, we or companies we work with may place cookies on your computer or other device. These technologies help us better understand user behavior and inform us about which parts of the Sites people have visited.

16.3 We use cookies to:

track traffic flow and patterns of travel in connection with the Sites;

16.4 Categories of Cookies We Use

We use the following categories of cookies:

Strictly Necessary Cookies: These cookies are necessary because they enable you to move around our Sites and use certain features on our Services. For example, strictly necessary cookies allow you to access secure areas. Without these cookies, some Services cannot be provided. Functionality Cookies: These cookies allow us to remember the choices you make and to tailor our Services so we can provide relevant content to you. For example, a functionality cookie can remember your preferences (e.g., country or language selection), or your username. Performance/Analytics Cookies: These cookies collect information about how you use a website. For example, a performance/analytics cookie will collect information about which pages you go to most often, how much time you spend on that page, or if you get error messages from certain pages. These cookies do not gather information that identifies you. The information these cookies collect is anonymous and is only used to improve how our Services work.

Advertising and Tracking Cookies: Our Sites may feature advertising. We may allow third party companies, including advertising companies, to place cookies on our Sites. These cookies enable such companies to track your activity across various sites where they display ads and record your activities, so they can show ads that they consider relevant to you as you browse the Internet. These cookies also allow us and third parties to know whether you have seen an ad or a type of ad, and how long it has been since you last saw it. This information may be used for frequency capping purposes, to help tailor the ads you see, and to measure the effectiveness of ads. These cookies are anonymous – they store information about the content you are browsing, but not about who you are.

16.5 Other Similar Technologies We Use

They are used to track the online movements of web users.

In contrast to cookies, which are stored on a user's computer hard drive or device, clear gifs are embedded invisibly on web pages. We and our third-party service provider employ web beacons for the reasons stated above (under "4.2 – Why We Use Cookies"), but primarily to help us better manage content on our Services by informing us which content is effective.

16.6

You have the right to choose whether or not to accept cookies, and instructions for exercising this right are given below. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Sites.

Our Cookies. Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser.

Advertising Cookies. To opt-out of third-party advertising networks and similar entities that use targeting/advertising cookies, go to http://www.aboutads.info/choices. Once you click the link, you may choose to opt-out of such advertising from all participating advertising companies or only advertising provided by specific advertising entities. For more information about third-party advertising networks and similar entities that use these technologies, please see http://www.aboutads.info/consumers.

Contact Us

If you have any questions about this Privacy Policy, please contact us.