Opes Borsa Technologies Ltd. (“Opes Borsa”, “we”, “us” or “our”) is committed to respecting and protecting the privacy of individuals who access and sign up for our services (“Users”, “you”, or “your”).

This Privacy Notice explains how we collect, use, and share personal information when you access or sign up for our services (“Service”) through our mobile app (the “App”) and when you access and use our website which available at https://www.opesborsa.com (“Website”).

It is important that you understand how we use your information. You should read this page in full, but below are the key highlights and some helpful links:

• Opes Borsa provides a comprehensive platform for real-time market data, personalised news feeds, portfolio management tools, and financial insights, enabling users to track stocks, cryptocurrencies, and markets with essential alerts and notifications, as well as enhanced and personalised features available through Opes Borsa Plus.

• We collect and use your personal information to deliver these Services, enhance your experience, protect the security and integrity of our Website and App, and fulfill our legal obligations.

• If you do not agree with the collection, use, or disclosure of your personal information as described in this Privacy Notice, or if you are under 18 years of age, please do not access or otherwise use any of our App, Website, or Services.

• If you have any questions regarding our processing of your personal data, please contact us via our Digital Form.

1. Important information and who we are

Opes Borsa is the controller and is responsible for your personal data. We process personal data in compliance with applicable data protection laws, including, where relevant, the General Data Protection Regulation (EU GDPR) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in the Data Protection Act 2018 (UK GDPR).

2. Useful contacts

Questions, comments, and requests regarding this Notice are welcomed and should be addressed to the Privacy Team at support@opesborsa.com.

Opes Borsa's GDPR Representative acts as the EU Representative for our users and visitors residing in the EEA. If you wish to contact your representative, you may email them.

3. The types of personal data we collect about you

The personal information we collect about you depends on the specific activities you engage in through our Website and App.

3.1 Information you provide to us

You may provide us with your personal data by filling in online forms or by corresponding with us via post, phone, email, or other methods. This includes personal data you provide when you create an account on our App, access and use our Services, request marketing communications, or give us feedback and contact us.

Information Category: Description

Identity Information: First name, last name

Contact Information: Phone number, email address, and any additional communication channels that you have chosen to share for communication purposes

Financial Data: Bank account details

Customer Data: Details of purchases, subscriptions, and payment history; currency preferences; payment method; date and/or timestamp; invoice details; account activity, including premium features; and information regarding assets tracked or added by the user, including asset types, portfolio performance, profit/loss data, and holdings.

Marketing Data: Your preferences regarding receiving marketing communications from us, as well as your communication preferences.

Additional information you submit to us: Feedback and responses provided to our customer support team through our Digital Form.

3.2 Information Collected Automatically

As you interact with our Website and App, we may automatically collect device and usage data about your equipment, browsing actions, and patterns. We also collect your personal data through cookies and other similar technologies.

Information Category: Description

Device Data: Internet Protocol (IP) address; your login data; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform; device ID; and other technology on the devices you use to access the Website and Services.

Usage Data: Information about how you interact with and use our Website and Services.

Information from cookies and similar technologies: Some device and service information is collected through the use of cookies and similar technologies. Please see our Cookie Policy for further details.

3.3 Information we obtain from third parties

We will receive personal data about you from various third parties and public sources as set out below:

Information Category: Description

Contact, Financial and Customer Data: Contact, financial, and customer transaction data may be collected from providers of technical, payment, and delivery services.

4. How we use your personal data and our legal basis

We use your personal information to develop, operate, and deliver our Services, to provide you with a secure and efficient experience, and to fulfil our legal obligations. The law requires us to have a legal basis for collecting and using your personal data.

Below, we have outlined, in table format, a detailed description of the various ways we intend to use your personal data and the corresponding legal bases we rely on for each use.

4.1 Necessary to perform our contract with you

Our Purpose/Use: Type of Personal Data

To create and maintain an account: Contact Information

To provide you with our Services: Identity Information, Contact Information, Customer Information, Usage Information, and any additional information you submit to us.

To provide you with Opes Borsa Plus: Identity Information, Contact Information, Financial Information, Customer Information, Usage Information, and any additional information you submit to us.

4.2 Necessary to comply with our legal obligations

Our Purpose/Use: Type of Personal Data

To determine your legal eligibility for certain services: Identity Information

To comply with our legal and regulatory obligations: Identity Information, Contact Information, Financial Information, Customer Information, Usage Information, Marketing and Communication Data, Technical Data and any additional information you submit to us.

4.3 Legitimate Interest

Our Purpose/Use: Type of Personal Data

To promote safety, security and integrity: Identity Information, Contact Information, Technical Information

To administer and protect our business and our Website (including data analysis, testing, system maintenance, support, reporting and hosting of data): Identity Information, Contact Information, Customer Information, Usage Data, Device and Technical Data.

To customize your experience with our Services and otherwise improve our Services: Identity Information, Contact Information, Customer Information, Usage Data, Marketing and Communication Data

If you are an existing User, we may process your personal data for marketing purposes. This allows us to send you relevant marketing communications, make personalised suggestions, and provide you with promotions related to our services, provided that they are similar to those you have previously used or shown interest in. You have the right to opt out of receiving such communications at any time.: Identity Information, Contact Information, Customer Information, Marketing and Communication Data

To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or Privacy Notice.
(b) Dealing with your requests, complaints and queries
(c) Providing costumer support: Identity Information, Contact Information, Customer Informatıon, Marketing and Communication Data

To use data analytics to improve our App, Website, products/Services, customer relationships and experiences and to measure the effectiveness of our communications and marketing: Technical Data, Usage Information

4.4 Consent

Our Purpose: Use Type of Personal Data

If you are not yet a User, we will only process your personal data for marketing purposes if we have obtained your consent. This includes sending you relevant marketing communications, personalised suggestions, and providing you with promotions related to our services. You may withdraw your consent at any time.: Identity Information, Contact Information, Usage Information, Customer Information, Marketing and Communication Information, Information you submit to us.

To send you services updates via app notification: Contact Information, Device Information (Push Token)

Anyone who wishes to completely avoid the processing of push token data can disable push notifications for the App in the Settings section of their device.

5. Direct marketing

During the registration process on our App when your personal data is collected, you will be asked to indicate your preferences for receiving direct marketing communications from Opes Borsa via email. You will receive marketing communications from us if you have not opted out of receiving the marketing.

6. Opting out of marketing

You can ask to stop sending you marketing communications at any time by logging into the App and checking or unchecking relevant boxes to adjust your marketing preferences by following the opt-out links within any marketing communication sent to you or by contacting us via Digital Form.

If you opt out of receiving marketing communications, you will only receive service-related communications that are essential for administrative or customer service purposes.

7. Cookies

For more information about the cookies we use and how to change your cookie preferences, please see Cookie Policy.

8. How and why we share your personal information

We may share your personal data where necessary with the parties set out below for the purposes set out in the table Purposes for which we will use your personal data above.

• We may disclose your personal data to courts, law enforcement agencies, regulatory bodies, and government officials when required by law or reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; and

• We may provide your personal data to third-party service providers such as cloud computing services, data storage service provider, data analytics service provider, application log storage service provider, auditors, professional advisors. When we share information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms and only process as necessary for the purpose of the contract.

We ensure that these third parties comply with the GDPR and other applicable data protection laws. We require them to implement appropriate security measures and process your personal data only for the specified purposes.

9. How we transfer information internationally

In some cases, your personal data may be transferred to countries outside of the UK or European Economic Area (EEA). When this happens, we ensure that appropriate safeguards are in place to protect your data. These safeguards include Standard Contractual Clauses (SCCs) approved by the European Commission, which ensure that personal data is afforded the same level of protection it receives within the EEA or the UK.

Our main external third-party service provider for data storage and processing is Amazon Web Services (AWS). As a global company, AWS may transfer and store your personal data outside of the UK as part of its cloud infrastructure services. We have implemented appropriate safeguards and contractual measures, to ensure the security and protection of your personal data during international transfers in accordance with applicable data protection laws.

10. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Data retention

We will not retain your personal information longer than necessary to fulfil the purposes for which the data was collected or to fulfil our legal obligations or necessary for the establishment, exercise of defence of legal claims or resolving disputes.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, accounting or other requirements.

In some circumstances you can ask us to delete your data: see paragraph 13 below for further information.

12. Information collected from minors

Our Services are intended to be appropriate for general audiences. Therefore, we do not intentionally collect or categorize personal information from children. In the event that we learn we have collected personal information from a minor under 18 years of age without first receiving their parent’s verified consent, we will use that information only to respond directly to that child (or their parent or legal guardian) to inform them that they cannot use the Website and App, and we will delete that personal information. If you believe that a minor under the age of 18 is using our Services, please contact our support team.

13. Your rights

To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your personal data:

• Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

• Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.

• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.

• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:

• (i) If you want us to establish the data's accuracy;

• (ii) Where you believe our use of the data is unlawful but you do not want us to erase it;

• (iii) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

• (iv) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us – see below ‘How to contact us’.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

14. Third-party links

The App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our App or Website, we encourage you to read the privacy policy of every website you visit.

15. Complaints

We hope we will be able to resolve any issues you may have. If you have a concern about how we use your personal data, we would like to work with you to resolve it. You also have the right to make a complaint at any time to your local data protection authority,

You have the right to make a complaint at any time to your local data protection authority, such as the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). For a list of EEA data protection supervisory authorities and their contact details, see here. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection authority so please contact us in the first instance.

16. Changes to the privacy policy and your duty to inform us of changes

We keep our Privacy Policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us, such as a new address or email.

17. How to contact us

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact our privacy team or us in the following ways:

• Email Address: support@opesborsa.com

If you are a resident in the European Economic Area, we are the 'data controller' of your personal information. We have appointed to be our representative in the EEA. You can contact them directly regarding our processing of your information, by email at support@opesborsa.com.