This Privacy Policy applies to the personal data that We collect and process recognizing and understanding that your privacy is important to you and that you care about how your personal data is collected and processed. At CETRAPAY S.p.A. we strive to protect your personal data and privacy when visiting Our websites, using Our services, products or communicating with Us electronically. In accordance with the data protection laws applicable to us, including the GDPR, which is the General European Data Protection Regulation, We act as a Controller of personal data that We collect and process so that you are able to use Our Services. The purpose of this Privacy Policy is to transparently provide you with an explanation regarding the legal grounds for the collection and processing of your personal data, the categories of personal data that We may collect about you, what happens to the personal data that We may collect, where We process your personal data, how long We are required to store your personal data, to whom We may transfer your personal data, as well as explain your rights as a data subject. We update this Privacy Policy periodically and will post all updates on our Website as they are released. Please review this policy regularly on our Website for any changes.

The present Privacy Policy has the following definitions:

with its principal place of business located in Republic of San Marino, XXVIII Luglio way 218, 47893 Borgo Maggiore, COE SM 29374

means a small text file placed on your computer or device by Our Websites when you visit certain parts of the Websites.

means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

means that this Privacy Policy is periodically updated and published on our Website.

means any information that relates to an identified or identifiable individual. An identifiable person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. a physical person.

means a website that belongs to the Company.

means all of Our products: Website or others.

You are either a User or a Guest, depending on your status on the Website.

belongs to CETRAPAY S.p.A..

In accordance with the Law and the GDPR, you, as a personal data subject, have certain rights to the personal data that we store and process. At CETRAPAY S.p.A., we strive to make it easier for you to exercise these rights in the most transparent way possible. You can exercise any of your rights with respect to the data that CETRAPAY S.p.A.stores about you by contacting our data protection specialist at the email address indicated at the end of this section or through your personal user account. The following are the specific rights that you have with respect to your personal data that we store and process, namely:

a. The right to receive information about our collection and processing of your personal data, including, but not limited to, the legal basis for collection and processing, categories of data, methods of data use, the stipulated period, during which the personal data will be stored. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or ask any questions.

b. The right to access your personal data that we collect about you, commonly referred to as "Subject Access Requests", which grants you, as a data subject, the right to receive a copy of your personal data that we process for you. In accordance with the Law, we are obliged to respond without undue delay to all requests for access to the topic, in practice this means that we must respond within 1 month from the date of receipt of the request for access to the Topic. Usually requests for access to the subject are free. We may extend the deadline for responding to a request for access to a topic for another two months and may charge a reasonable fee if we consider the request to be manifestly unreasonable or excessive, however, we are obliged to inform you of our intention to do so within 1 month from the date of your request for access to the topic. If you want to make a Request for access to the topic, you are able do this by contacting the Company using the contact details in section 8.

c. The right to correct your personal data if any of your personal data that We collect and process is inaccurate or incomplete in any way.

d. The right to delete (otherwise known as the “right to be forgotten”), i.e. the right to ask Us to delete or otherwise dispose of any of your personal data that We process. Please note that this is not an absolute right and we may not be able to comply with your request as we may be legally obliged to continue to store your personal data for a certain period

e. The right to restrict (i.e. prevent) the processing of your personal data by us.

f. The right to object to Us processing your personal data for a specific purpose or instructions. Please note that the right of objection applies only in certain circumstances and will depend on the purposes or legal grounds for processing.

g. The right to data portability. This applies only if you have provided Us with personal data directly, the legal basis for our processing of your personal data is i) consent or ii) to fulfill the contract. In such cases, you have the right to receive your personal data (or request that We transfer it to another Controller) in a structured, frequently used and machine-readable format.

h. Rights related to automated decision-making and profiling. We do not use your personal data in this way.

i. The right to file a complaint with any relevant Data protection Authority, in particular in the Republic of Kazakhstan at your place of residence, work or processing of your personal data.

j. If you want to exercise any of the above rights, please contact us. We ask you first of all to contact our data protection officer at any time by email: [email protected].

k. We promise to promptly consider your request and respond to you in accordance with the requirements of the Law and GDPR.

When collecting and processing personal data, the Company adheres to the following principles:

Legality – the controller determines the legal basis before processing personal data (for example, consent). Fairness – In order to process data fairly, the controller must provide certain information to the data subjects as far as practicable. This applies regardless of whether the personal data was obtained directly from the data subjects or from other sources. Transparency – any information and messages related to the processing of personal data should be easily accessible and understandable, and clear and understandable formulations should be used.

Personal data should be collected for specific, explicit and legitimate purposes and should not be further processed in a manner incompatible with these purposes; further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes should not be considered incompatible with the original purposes.

Personal data must be adequate, relevant and limited to what is necessary in connection with the purposes for which they are processed.

Personal data must be accurate and, if necessary, updated; all reasonable steps must be taken to ensure that personal data that is inaccurate, taking into account the purposes for which they are processed, are deleted or corrected without delay.

Personal data must be stored in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which personal data is processed. Personal data may be stored for longer periods, since personal data will be processed solely for the purposes of archiving in the public interest, scientific or historical research or statistical purposes, if only appropriate technical and organizational measures required by applicable law to protect the rights and freedoms of the data subject are taken.

Personal data must be processed in a manner that ensures the proper security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

CETRAPAY S.p.A. will process your personal data legally, such as: -

a. fulfilling Our agreement with you (i.e. providing you with Our Services);

b. our legitimate business interests (for example, to prevent fraud, maintain the security of our network and services, strive to improve the Services we provide and your interaction with us). Whenever We rely on this legitimate basis, we evaluate our business interests to make sure that they do not overlap with your rights. In addition, in some cases you have the right to object such processing;

c. with your consent for direct marketing purposes, so that We can keep you informed of other products and services that we provide that we believe may be of interest to you. Where We rely on consent, We will need your explicit consent, which can be removed at any time;

d. our legal obligations.

A brief description of the Personal Data that We process, when We collect it, how we use it and why We use it (i.e. the legal grounds for processing) is given below:

We use, store and process your personal data on CETRAPAY S.p.A. servers located in San Marino. By agreeing to this Policy, you agree to these terms of collection, processing, transfer and storage of your personal data. When We process your personal data for one of the legitimate reasons specified in this Privacy Policy, We will take all reasonably necessary steps to ensure that your Personal Data is processed safely and in accordance with this Policy. CETRAPAY S.p.A. protects your Personal Data in accordance with internationally recognized standards, using physical, technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and modification. Some of the precautions that CETRAPAY S.p.A. uses are firewalls and data encryption, control of physical access to Our data centers and control of authorization of access to information. CETRAPAY S.p.A. also allows access to Personal Data only to those employees or contractors who need it to perform their official or service duties. CETRAPAY S.p.A. employees are trained in personal information management procedures, including restrictions on disclosure of information. Access to personal information is restricted to those members of Our staff and contractors whose work requires such access. CETRAPAY S.p.A. conducts periodic reviews to ensure that appropriate information management policies and procedures are understood and followed. All of our physical, electronic and procedural safeguards are designed in accordance with applicable laws and regulations.

When you provide Your personal data through Our Website, KYC portals, Our applications, this information is transmitted over the Internet securely using industry standard encryption. Your personal data will be stored encrypted on secure servers. If any third parties process your personal data on Our behalf, we require that they have appropriate technical and organizational measures to protect this personal data, and we will also ensure compliance with the requirements of the Law and GDPR. The data processing agreement is concluded between CETRAPAY S.p.A. and a third party so that both parties understand their responsibilities.

When you create your account, choose a strong password that is unique to that account. Do not share your password with other people. Using the same password in different accounts will increase the risk of compromising your data if unauthorized persons accidentally or illegally gain access to your password. If you suspect that someone else has gained access to your password, make sure you change it immediately. When using our wallets, make sure that you store your passwords and keys on a secure device, isolated from the devices that you regularly use. Do not share the device containing your passwords and keys with friends, family members, or even people you trust.

Your personal data will be stored for as long as it is necessary to achieve the purposes for which we received it, including regulatory and business purposes. When determining the required period of personal data storage, the following factors are taken into account:

a. The amount of personal data, as We strive to minimize this amount as much as possible for each specific purpose specified in Section 4.2 of this Privacy Policy.

b. The nature of personal data depending on the exact purpose that these specific personal data serve, as described in detail in section 4.3 of this Privacy Policy.

c. Confidentiality of personal data by their nature and content.

d. The potential risk of harm resulting from unauthorized use or disclosure of your personal data, and we continue to conduct risk assessments and risk mitigation measures to minimize this potential risk, including the involvement of third-party specialized data management and data protection service providers.

e. The purposes for which We process your personal data, and whether we can achieve these goals by other means, as well as applicable legal requirements.

You may find links to third-party websites on Our Website or user chats contained on Our Website or in mobile apps. These websites should have their own privacy policies that you should check. We do not take any responsibility for their policies as we do not control them.

We do not share your Personal Data with third parties, except for the cases specified in this Privacy Policy.

We will share information with companies, organizations or individuals outside of CETRAPAY S.p.A. if we have your explicit consent.

We may share information in response to a request for information if we believe that disclosure is consistent with or required by any applicable law, regulation, judicial process or government request, including, but not limited to, compliance with national security or law enforcement requirements. To the extent permitted by law, we will try to provide you with advance notice before disclosing your information in response to such a request.

We may share information if we believe it is necessary to protect the vital interests of the data subject (i.e. to prevent imminent serious physical harm or death of a person).

We may share information if we believe that your actions are incompatible with our user agreements, rules or other CETRAPAY S.p.A. policies, or to protect the rights, property and safety of ourselves and others.

We may exchange information between CETRAPAY S.p.A. and any of our subsidiaries, affiliates, subsidiaries and other companies under common control and/or ownership.

We may share information with suppliers, consultants and other service providers (but not with advertisers and advertising partners) who need access to such information to perform processing actions for us. The use of personal data by the partner will be carried out in compliance with appropriate confidentiality and security measures. We may share your personal data with such service providers subject to the obligations consistent with this Privacy Policy and any other appropriate privacy and security measures, and provided that third parties use your personal data only on Our behalf and in accordance with Our instructions. We may share your personal data with our partners to complete the transaction. If any third parties process your personal data on Our behalf, we require that they have appropriate technical and organizational measures to protect this personal data, and we will also ensure compliance with the requirements of the Law and GDPR.

Data subjects risk losing the protection of the Law and GDPR if personal data is transferred outside i) the Republic of San Marino or the EU or ii) countries with adequacy status, and, accordingly, the Law restricts such transfers, except in cases where the rights of data subjects with respect to their personal data are protected by appropriate precautions or one of the following applies a limited number of exceptions (such exceptions include your explicit and informed consent). CETRAPAY S.p.A. will not make any international transfers of your personal data unless it has i) your explicit and informed consent or ii) it has taken appropriate precautions or iii) the international transfer is subject to an exception.

We may share aggregated or pseudonymous information (including demographic information) with partners such as publishers, advertisers, measurement analysts, apps, or other companies. For example, we can tell the advertiser how his advertisement was displayed, or tell how many people installed the app after viewing the promotion. We do not share information that personally identifies you (personal information is information such as your name or email address) with these partners, such as publishers, advertisers, measurement analysts, applications or other companies.

Other information that does not personally identify you as an individual is collected by CETRAPAY S.p.A. (for example, as an example, usage patterns). We may transfer certain aggregated, non-personal information to third parties, such as the number of users who have registered with us, the volume and structure of traffic to and within the site, etc. This information does not identify you, an individual, in any way. We will not use your email or other contact information to send a commercial offer or other marketing needs without your prior consent. In light of the above, when you send Us messages, We may save them for the administration of your requests, to improve Our services. We will not share information from such messages with third parties.

In order to improve the quality of our services, provide you with relevant content, and understand how you use our website and applications, we use technologies such as cookies. Cookies usually do not contain any information that identifies you personally, but the personal information we store about you may be related to the information stored in and obtained from cookies. We use strictly necessary cookies - they are necessary for the operation of our Website. They include the user's session key, browser language. This is a temporary key issued to the User after a successful login. These cookies are used to enable you to log into secure sections of our Website

We welcome any questions, comments or suggestions you may have regarding this Privacy Policy. If you would like to make a request for access to the topic, please do not hesitate to contact us at [email protected].

Any changes We make to our Privacy Policy in the future will be posted on our Website. If necessary, we will notify you of the changes the next time you visit our Website.