The present version of the Privacy Policy is effective since 30.09.2022

1. GENERAL INFORMATION

This policy (“Policy”, together with our Terms of Use) describes the policies and procedures of Olympus Capital JSC (“we,” “our,” or “us”) pertaining to the collection, use, and disclosure of your information on www.changex.io (“Website”) and the related mobile application (“App”, “Platform”) and products we offer (collectively the “Services”).

Your privacy and security are of great importance to us. We are focused on giving you the best possible experience, while showing consideration to the information you are sharing with us by using our Services. This policy is meant to give you a detailed description of how we handle your data and how you can manage it.

By using the Services you are accepting and consenting to the practices described in this Policy. Please note that this includes consenting to the collection and processing of any personal information you provide, as described below.

We may revise, modify, amend, update or supplement this Policy from time to time so please check it occasionally to ensure that you agree with any changes. Your continued use of our Services will constitute your acceptance of, and agreement to, any changes.

2. PURPOSE

The purpose of this Privacy Policy is to inform you of:

(i) the kinds of Personal Information we may collect about you and how it may be used;

(ii) use of information regarding IP Addresses and our use of cookies;

(iii) disclosure of Personal Information to third parties;

(iv) the transfer of your Personal Information within and outside of the European Economic Area (“EEA”);

(v) your ability and rights to correct, update and delete your Personal Information;

(vi) the security measures we have in place to prevent the loss, misuse, or alteration of Personal Information under our control;

(vii) ChangeX’s retention of your Personal Information.

3. RESPONSIBLE PERSON

For any matters relating to data protection you may contact aml@changex.io in writing by e-mail.

4. DATA PROCESSING

4.1 INFORMATION WE AUTOMATICALLY COLLECT

When you access or use our Services, we automatically collect information about you. This information is used to provide statistical data about our users browsing actions and patterns, and does not personally identify individuals. This information may include:

(i) Log Information: the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our services.

(ii) Device Information: information about the computer or mobile device you use to access our services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

(iii) Information processed in relation to push notifications - Device operating system and Device IDFA.

The collection and processing of this technical data is for the purpose of enabling the use of our Services, continuously ensuring system security and stability, optimising our Services, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

4.2 IP ADDRESSES

We may collect information about your device, including your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

Furthermore, the IP addresses will be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorised use or misuse of the Services, for the purpose of intelligence and protection, and if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

4.3 USAGE OF COOKIES

The Services use cookies. Cookies are text files that are stored in a computer system via an Internet browser. More detailed information on cookies and how they work can be found at: https://www.allaboutcookies.org.

We use information collected from cookies to assess the effectiveness of our Services, analyse trends, and administer the Services. The information collected from cookies allows us to determine which parts of our Services are most visited and what difficulties our visitors may experience in accessing our Services. With this knowledge, we can improve the quality of your experience by recognizing and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies, and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails and to provide you with a more personalized experience when using our Services.

By continuing to use our Website you agree to the following cookies:

(i) Cookies that are strictly necessary to operate our Services: cookies to log in, transact and otherwise use our Services;

(ii) Cookies for analytical and performance purposes;

(iii) Cookies for targeting user actions;

(iv) Cookies from third parties;

The strictly necessary cookies are not an object of consent by users because they are required for the normal operation of our services. You can provide your consent for the use of the other types of cookies with a click on the button “I accept and agree” in the cookie banner which is situated at the bottom of the screen.

Every visitor can control and restrict and even delete the cookies stored on their technical devices by following the necessary steps according to the settings to the devices. You can install different programs for the browsers you use to block cookies. In case you make any of these actions, it is possible that you may have to manually adjust them to your preferences. Please note that the restriction or refusal to use cookies may affect the full potential and use of our Services. Please bear in mind that by blocking cookies, you may not be able to use certain features on the Services, which is not recommended.

We use third party service providers, to assist us in better understanding the use of our Services. Our service providers will place cookies on your device and will receive information that we select that will educate us on such things as how visitors navigate around our Services, what products are browsed, and general Transaction information. Our service providers analyse this information and provide us with aggregate reports. The information and analysis provided by our service providers will be used to assist us in better understanding our visitors' interests in our Services and how to better serve those interests. The information collected by our service providers may be linked to and combined with information that we collect about you while you are using the Services. Our service providers are restricted from using information they receive from our Services other than to assist us.

Third-party providers that we use include:

(i) App Store: For more information please review the App Store Privacy policy at https://www.apple.com/legal/privacy/data/en/app-store/

(ii) Google Play Console and Google Analytics: For more information please review the Google Privacy policy at https://policies.google.com/technologies/product-privacy/

(iii) Sendgrid: For more information please review the Twilio Privacy policy at https://www.twilio.com/legal/privacy

(iv) Facebook Analytics: For more information please review the Meta Privacy policy at https://www.facebook.com/privacy/policy

(v) Branch.io: For more information please review the Branch.io Privacy policy at https://branch.io/policies/privacy-policy/#privacy-our-clients-use-of-information

(vi) AppsFlyer: For more information please review the AppsFlyer Privacy policy at https://www.appsflyer.com/legal/services-privacy-policy/

(vii) Onesignal: For more information please review the Onesignal Privacy policy at https://onesignal.com/privacy_policy

4.4 E-MAIL SUBSCRIPTION

Users who complete the e0mail registration process on our Services can at the same time grant ChangeX permission to send them e-mail messages for marketing and general communication purposes at the e-mail address they have provided. This consent constitutes the legal basis for our processing of your e-mail address in the sense of Art. 6 Par. 1 lit. a GDPR. All information gathered this way will never be passed on or sold to any third party.

At the end of each newsletter a link is provided by means of which you can unsubscribe at any time. After unsubscribing your personal data will be deleted.

4.5 INFORMATION PROCESSED IN RELATION TO PUSH NOTIFICATIONS

4.5.1 Тo send push notifications to your device in order to provide service activity information, service updates, promotional communications and other related messages;

4.5.2 Your consent to the processing of your personal data for the above-mentioned purposes can be withdrawn at any time through your devicesettings or through contacting our support at support@changex.io.

4.6 SOCIAL MEDIA

We may use plug-ins from social networks such as Twitter, GitHub, YouTube, Reddit, Facebook on our Services. When you activate them (by clicking on them), the operators of the respective social networks may record that you are on our Services and may use this information. This processing of your personal data lays in the responsibility of these individual social media platforms and occurs according to their privacy policy. Please check with these individual social media platforms regarding their privacy policies. ChangeX is not responsible for data collected by these individual social media platforms. We only use these platforms to inform our community of updates and answer user questions.

5. DISCLOSURE OF INFORMATION

Your Personal Information may be disclosed to third parties and/or legal authorities under the following circumstances/conditions:

5.1 DISCLOSURE TO THIRD PARTIES

We may disclose your Personal Information with third parties including:

(i) Business partners, suppliers, sub-contractors and other service providers;

(ii) Advertisers and/or advertising networks that require data in order to select and show you relevant advertisements;

(iii) Analytics and/or search engine providers that assist us in the optimization of our Services.

(iv) All our third party service providers are bound by contract to protect and use our users’ Personal Information only for the purposes listed above, except as otherwise required by law.

5.2 DISCLOSURE TO LEGAL AUTHORITIES

We may share your Personal Information with law enforcement, data protection authorities, government officials, and other authorities in the following cases:

(i) If we believe disclosure is in accordance to any law, regulation or legal procedure;

(ii) If we think disclosure is needed to prevent any harm or financial loss;

(iii) If disclosure is necessary to report certain illegal activity;

(iv) To protect the rights, property or safety of ChangeX and its community.

(v) If we believe your actions are in violation of this Privacy Policy and/or our Terms of Use.

6. INTERNATIONAL TRANSFER

We store and process your Personal Information in data centers around the world, wherever ChangeX facilities or service providers are located. As such, we may transfer your Personal Information outside of the EEA. Such transfers are undertaken in accordance with our legal and regulatory obligations.

7. MINORS

THE SERVICE IS NOT FOR PERSONS UNDER THE AGE OF 18 OR FOR ANY USERS PREVIOUSLY SUSPENDED OR REMOVED FROM THE SERVICE. IF YOU ARE UNDER 18 YEARS OF AGE, THEN YOU MUST NOT USE OR ACCESS THE SERVICE AT ANY TIME OR IN ANY MANNER. By accessing or using the Services, you affirm that you are at least 18 years of age.

ChangeX does not knowingly collect or use any personal data from minors. A minor may be able to willingly share personal information with others, depending on the products and/or media channels used. If a minor provides us with their information without the consent of their parent or guardian, we will ask the parent or guardian to contact us for the purpose of deleting that information.

8. LINKS

ChangeX may provide references and/or links to other websites. This Policy applies only to ChangeX’s Services.

9. YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM

You have the right to:

(i) Withdraw your consent for the push notifications;

(ii) Request access to the personal data that we hold about you in a portable format;

(iii) Request correction of any collected personal data when the data is inaccurate;

(iv) Receive a copy of your personal data in electronic format;

(v) You have the right to request the deletion of your data – “the right to be forgotten”, which right, however, is not absolute (exceptions – the personal data holds is needed to exercise the right of freedom of expression; there is a legal obligation to keep that data; for reasons of public interest);

(vi) Receive information from us about our activities in connection to your personal data, including the purposes of collection and storage, the period of time for storage, the methods of collecting, the presence of automated processing, etc.;

(vii) You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that there is personal data breach.

(viii) To exercise your rights you can always contact us at aml@changex.io or through the support channels of the service you are using. You can also send us a letter to bul. Simeonovsko shose 33, Sofia 1700, Bulgaria.

We will respond to all privacy related requests in a timely fashion. If you have an unresolved privacy or data use concern you may contact your local data protection authority.

10. SECURITY OF PERSONAL INFORMATION

We undertake all necessary technological, technical and organizational measures to protect your personal data. Your personal data is stored on protected servers with strictly controlled access. Only strictly defined people have access to your personal data in connection to the provision of our Services. Our Services have SSL certificates which represent Internet security protocols and they provide additional guarantee for the safe use of our services. We implement other appropriate technical and organizational measures to ensure a level of security appropriate to the risk such as pseudonymisation and encryption of personal data, we ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and we regularly test and evaluate the effectiveness of the measures. Some of the above-mentioned information is stored in such a form that could not be used to identify you directly. In case of breach, we will undertake every possible action according to the applicable legislation in an appropriate and timely manner, to avoid any material or non-material damage to users and to protect the personal data of users. We have undertaken measures to ensure the ability to restore the availability and access to personal data in a timely manner in the event of physical or technical incident.

11. RETENTION OF PERSONAL INFORMATION

We retain Personal Information for as long as necessary to fulfill purposes described in this Privacy Policy, subject to our own legal and regulatory obligations.