Memorandum on the protection of personal data (GDPR)

1. Introduction

1.1. The purpose of this document is to provide you with information about the processing of your personal data in the company MarketerIT s.r.o. and your rights associated with it.

1.2. We always process your personal data transparently, correctly, in accordance with the law and to the extent necessary for the desired purpose. We store your personal data securely for the necessary time, in accordance with the terms imposed by laws and regulations.

1.3. If you do not agree with the way we store your personal data at MarketerIT s.r.o., you can exercise your right and contact the authority responsible for personal data protection: Office for the Protection of Personal Data Hraničná 12 820 07 Bratislava 27 https://www.dataprotection.gov.sk

2. How "Operator"

is defined

2.1. The controller of your personal data is MarketerIT s.r.o., ID number: 50772619, with registered office: Cez ohrady 738/33, Trenčín 91101, registered in the Commercial Register of the Commercial Court of Trenčín, section: Sro, insert no. 34490/R (hereinafter referred to as the Company)

2.2. The company obtains your personal data, processes it and is also responsible for ensuring that it is properly and legally processed. Against the Company, as the operator of your personal data, it is also possible to invoke your rights as stated in the point Declaration and authorization of the Customer

3. Legal reasons for processing personal data

3.1. When procuring and processing personal information, the company is mainly governed by the below-mentioned laws as amended:

• Act no. 122/2013 Coll. on the protection of personal data • Act no. 297/2008 Coll. on protection against the legalization of income from criminal activity and on protection against the financing of terrorism, as amended (hereinafter referred to as "AML")

3.2. In the acquisition and processing of personal data, the company is further governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (general regulation on the protection of personal data) and Act No. 122/2013 Coll. on the protection of personal data

3.3. The company processes personal data for the purposes of:

• execution, verification and checks of the Customer's identification • conclusion, administration and control of the business relationship • activities related to the purchase and sale of cryptocurrency • identification of risks and setting of related measures to reduce them • prudent business practices of the Company • identification of suspicious transactions and related activities according to the AML Act

3.4. By concluding a business relationship, the customer acknowledges that the Company. is entitled, even repeatedly, to collect personal data by describing, scanning, copying and/or other recording from the Identity Card to the extent:

• All names and surnames, • social security number, and if not assigned, date of birth • place of birth • gender • permanent or other residence • Citizenship • the type and number of the identity card, the state or authority that issued it, the date of issue and the period of its validity

3.5. The company acquires and processes other personal data for the purpose of identifying risks, taking measures to minimize them, carrying out the transaction and then improving the quality of communication with the Customer. This is mainly the following data:

• phone number

• e-mail address

3.6. By concluding a business relationship, the customer further acknowledges that the Company is authorized to process personal data using the information system to the extent according to the previous paragraph.

3.7. The company stores personal data for the period specified by applicable legal regulations.

4. Length of storage of personal data

4.1. The retention period varies depending on the specific purpose for which we process personal data. The set period of data storage for the respective purpose respects the principle of data minimization, which ensures that we process data only for the period absolutely necessary to fulfill the period specified by applicable legal regulations

4.2. The company recognizes 2 main reasons for the retention and processing of personal data and the associated data retention period:

• Retention of data for the period required by the relevant legal regulations - Act on protection against legalization of income from criminal activity (5 years) • Legitimate interest in connection with claims, complaints, lawsuits, etc. - at least 5 years from the termination of the provision of services to the Customer

5. Providing and making available personal data

5.1. The Company does not publish the provided personal data.

5.2. The Customer's personal data may be processed by the Company in connection with ensuring the functionality of the provided services. or through third-party processors that the Company uses for these purposes on a contractual basis. The Customer's personal data may be transferred to third parties without his consent only if this is required by applicable laws or if it is necessary for the proper fulfillment of the subject and purpose of the business relationship or for the fulfillment of the Company's relevant obligations

5.3. The processed personal data may be the subject of cross-border transfer of personal data to states within the European Union, as well as to third countries that guarantee an adequate level of personal data protection.

6. Protection of personal data

6.1. The company protects processed personal data against damage, destruction, loss, unauthorized access and disclosure, misuse, theft, and other unauthorized forms of processing.

7. Declaration and authorization of the Customer

7.1. The customer hereby declares that all data and information, including personal data, which he has provided to the Company, are provided voluntarily, are true, correct, complete and up-to-date, and undertakes to immediately notify or document any change to the Company.

7.2. The customer is entitled to ask the Company for:

• information about the processing of your personal data, • correction of incorrect, incomplete, out-of-date personal data • deletion of personal data processed on the basis of the Customer's consent • restriction of the processing of personal data processed on the basis of the Customer's consent • information about the source of the provided data

7.3. The customer also has the right to ask the Company for an explanation or to demand that the Company remove any objectionable condition.