TESTNET PLATFORM PRIVACY NOTICE

Last updated: May 2024

The Privacy Policy related to Acloudbank Labs LLC located at https://acloudbank.com/privacy-policy/ is incorporated herein by reference.

Acloudbank Labs LLC is committed to being responsible custodians of the information you (you or your) provide to us and the information we collect. This privacy notice (this Notice) describes how Acloudbank Labs may collect, use, and share personal information in connection with the offering and distribution of CREDIT tokens (the Tokens), and the operations of this testnet platform. Please read the following carefully to understand our practices regarding your personal information. If you do not wish for your personal information to be used in the manner described within this Notice, you should not participate in the offering of Tokens, otherwise access acloudbank.com/policy and all subdirectories and subdomains and all corresponding subdirectories of such subdomains thereof (the Website) or utilise any services or processes thereon (together with the Token issuance, the Services) or otherwise provide us with your personal information.

The entity responsible for the offering of Tokens will be Acloudbank Labs Issuer Limited and is the data controller of your personal information processed in connection with the offering of Tokens. The Website and other Services will be provided by Acloudbank Labs LLC. In addition our current or future affiliated companies or entities or organizations, their respective parent companies, subsidiaries or joint ventures may be provided with your data in relation to the sale of Tokens and the provision of the Services. This Notice applies to the actions and responsibilities of all such entities where they act as data controllers of your personal information. References to Acloudbank, we, us or our in this Notice are references to the relevant entity responsible for processing your personal information. In some cases, our affiliated entities may operate as data processors on our behalf, and we will endeavour to ensure that such activities are subject to contractual obligations on privacy, security and other matters in accordance with this Notice.

This Notice describes:

• the types of information we may collect from you;
• how we use the information we collect;
• how we may share the information we collect;
• third party services and content;
• the grounds for using your personal information;
• the measures we take to keep the information we hold secure;
• your choices and rights;
• how to contact us;
• how to make a complaint;
• data for subjects under the age of eighteen; and
• changes to this Notice.

The types of information we collect

‘Personal information’ is any information that, either alone or in combination with other data, enables you to be directly or indirectly identified (for example, your name, email address, contact details, or any unique identifier such as an internet protocol (‘IP’) address, device ID or other online identifier). We collect your personal information when you provide it to us. We may also automatically collect certain information when you use, access, or interact with our Services.  

Information you provide to us

As part of the registration process, purchasers of Tokens are required to submit documents and personal information as described in our know-your-client / anti-money laundering (KYC) policy. The requirements are set out in more detail therein and may be subject to additional requests by us. However, by way of example, we may collect the following information from you:

• first and last name;
• date of birth;
• nationality and country of residence;
• liveness picture or video verification that you provide from your device, and whatever information that is required to perform such verification;
• residential address;
• email address;
• passport number and issuing body; and
• your wallet address, any other cryptocurrency wallet address or bank account details and any related transaction details recorded by any blockchain on which the Tokens are based or utilised.

In addition, where you utilise the Services, we may collect additional information from you in order to provide such Services. The scope of information will be confirmed to you on registering for such Services, but may include your personal information (including copies of your identity documents, your residential address and contact details) and financial data.

We may also collect information that you voluntarily provide to us, including when you communicate with us via email, on social media or other channels, when you register for our updates and when you respond to our communications or requests for information. The information you provide may include your name, contact information, title and other personal information about you.

Information we may collect automatically through cookies and similar technologies

By accessing our Website or any Services provided thereon, we may also automatically collect certain data from your browser, including server log information (such as login details, IP address and details on the time spent on various pages of our Website) and device and browser information (such as the type of device, universally unique identifiers (‘UUID’), advertising identifiers (‘IDFA’), type of browser, operating system, hardware and processor information, plug-ins and add-ons).

Similarly to other websites, our Website utilises, and other Services may utilise, browser cookies (small text files stored on a user’s web browser when you visit a website), web beacons and similar tracking technologies (collectively, Cookies) to collect and store certain information when you use, access, or interact with our Services. We may, for example, use Cookies to collect information about the type of device you use to access the Services, your browser type, the operating system and version, your IP address or other identifier, your general geographic location as indicated by your IP address, features you access on the Services, whether and how you interact with content available on the Services, and the search terms you enter on the Services. Emails may also contain small transparent image files or lines of code to record how you interact with them.  

This information is used to help developers better analyse and improve their services. We may also use Cookies to remember your preferences and settings, to remember information that you may enter online, to keep you logged in to portals that we may offer, to generate aggregate statistics about how people use our Services, to help you share content with others and to improve your experience of the Services.

You can choose how Cookies are handled by your device through your browser or device settings, including refusing or deleting all Cookies. If you choose not to receive Cookies at any time, websites may not function properly and certain services may not be provided. Each browser and device is different, so check the settings menu of the browser or device you are using to learn how to change your advertising settings and Cookie preferences.  

Information we may collect from third party sources

We may receive information about you from other sources, including third parties that help us conduct sales of Tokens, update, expand, and analyse our records, prevent or detect fraud or other suspicious activities, process payments or analyse your use of the Tokens or the Services. Such third parties include but are not limited to KYC services. In addition, our Services may also include integrated content or links to content provided by third parties (such as live chat, social media content, plug-ins and applications) – see the section entitled “Third party services and content” below.

How we use the information we collect

We may use the information we collect:

• to conduct know-your-client and anti-money laundering and other sanctions checks (or to verify those carried out by third party sources);
• to provide you with our Services and other services that you request including, as applicable, supplying, and processing your payment for, the Tokens and other services to be provided to you;
• to respond to your enquiries or to any problems that may arise (such as difficulties in purchasing Tokens, navigating our Website or accessing certain Services or features);
• to inform you of important changes or developments to the Services or our policies and to provide you with technical, support or administrative notifications;
• with your separate consent, to send you marketing communications, and other information or materials that may be of interest you or which you have expressed an interest in receiving (and subject to your ability to opt-out from receiving those communications);
• to maintain our list of contacts;
• to understand how people use our Website and other Services, including by generating and analysing statistics and user trends, and to evaluate, administer, maintain and improve our Website and other Services;
• for internal development of new products or services;
• for our internal business purposes, including data analysis, invoicing and detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement;
• to assess the effectiveness of our events, promotional campaigns and publications; and
• as we believe reasonably necessary, advisable or appropriate to comply with our legal or regulatory obligations and to respond to legal, regulatory, arbitration or government process or requests for information issued by government authorities or other third parties or to protect your, our, or others’ rights.

Further, we may aggregate personal and other data captured through our Services so that the data is no longer capable of identifying an individual. Aggregated data may cover patterns of usage relating to the Tokens or our Services, and we reserve the right to use this aggregated information for the purposes of improving and enhancing our Services, generating insights, for use in marketing to other users and current and potential partners and otherwise for the purposes of our business. Provided that such aggregated data does not directly or indirectly identify you as an individual, this data is not considered to be personal information for the purpose of this Notice.

How we may share the information we collect

We may share the personal information we collect with our current or future affiliated entities, as explained at the beginning of this Notice.

We may also disclose information we collect:

• to our partners and third party service providers that perform services on our behalf (including but not limited to KYC service providers and other third party technology providers), such as marketing companies, web-hosting companies, analytics providers, third party technology developers and information technology providers. In these circumstances contractual and other technical and security safeguards will be put in place with the partner or service provider, including, to the extent practicable, to ensure that your personal information is processed only in accordance with this Notice;
• to law enforcement, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us, as provided for under contract, as we deem reasonably necessary to provide legal services or if we believe your actions are inconsistent with our agreements and policies. In these circumstances, we will take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances;
• to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. Upon completion of such a transaction, your personal information will continue to be processed in accordance with this Notice, except as otherwise agreed by you or permitted by applicable law;
• to partners, financial institutions or service providers who may request such information in connection with providing services to us, including banking services, and only where we enter into an agreement with such institutions to limit their use and handling of personal information in accordance with this Notice; and
• to our employees or principals (Personnel) where required or necessary for the performance of their duties and in line with the reasons for processing. Personnel are required to keep that information confidential and are not permitted to use it for any purposes other than to enable you to use the Services or to deal with requests which you submit to us.

We do not sell, rent, or otherwise share personal information that reasonably identifies you or your organisation with unaffiliated entities for their independent use except as expressly described in this Notice or with your prior permission. We may share information that does not reasonably identify you or your organisation as permitted by applicable law.

When you voluntarily make your personal information available online in an environment shared by third parties (for example, on messaging applications, social media, message boards, web logs, emails, during webinars, classes, telephone conferences or in comment or chat areas), that personal information may be viewed, saved, collected, heard, used and/or shared by others outside of the control of Acloudbank Labs. We are not responsible for any unauthorised third party use of information provided in these contexts. Please be mindful whenever you share any information in such environments.

Grounds for using your personal information

We rely on the following legal grounds to process your personal information, namely:

• Necessity for performance of a contract – We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us, for example, when you provide personal information to us to purchase Tokens, to utilise Tokens or to otherwise provide Services.
• Legal obligation – We may process your personal information as may be required to comply with any legal or regulatory obligations that may apply to us, for instance under anti-money laundering and sanctions regimes.
• Legitimate interests – We may use your personal information for our legitimate interests to improve our Services. Consistent with our legitimate interests and any consents that may be required under applicable laws, we may use technical information as described in this Notice and use personal information for our marketing purposes provided that those interests are not outweighed by your interests, rights and freedoms.
• Consent - To withdraw your consent to such use, you can contact us using the methods noted below. The electronic marketing communications we send to you also contain opt-out mechanisms that allow you to opt-out from receiving those communications. You may be able to disable the sharing of location information in your browser settings. Where required by applicable laws, we will rely on your consent for direct marketing and to collect information from your device or computer.

Third party services and content

Our Services (including our Website) may include integrated content or links to content provided by third parties (such as video materials, social media content, plug-ins and applications).

Please note that the websites, applications and services of third parties (including affiliates, partners, sponsors, advertisers or other persons) will be governed by the privacy settings, policies, and/or procedures of the third party, which may differ from this Notice. This Notice does not address, and we are not responsible for or able to control, the privacy, security, or other practices of such third parties.

Protection and storage of the information we collect

We deploy certain safeguards designed to comply with applicable legal requirements and to safeguard the information that we collect. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your personal information that they will protect the information with adequate safeguards.

However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the internet and wireless networks.

We may store the information we collect in on our servers or databases (both cloud based or in servers or databases located in secure data centres) in countries where we or our service providers have facilities. Therefore, we may transfer information to countries outside of your country of residence which may have data protection laws and regulations that differ from those in your country. For transfers from within the European Union (EU) to entities outside the EU, we aim to generally rely upon EU Standard Contractual Clauses, examples of which can be found here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).

We retain the information we collect for no longer than is reasonably necessary to fulfil the purposes for which we collect the information and to comply with our legal obligations; these may include us and/or a third party requiring back-up storage of data for audit purposes for a reasonable period of time.

Your choices and rights

To withdraw your consent to the use of your information as described in this Notice you can contact us through the methods stated below. Please note that in some circumstances this may mean that we can no longer provide our Services to you.  

If you no longer wish to receive marketing communications from us, you can also let us know via through the methods stated below. The electronic marketing communications we send to you also contain opt-out mechanisms that allow you to opt-out from receiving those communications. We will honour your choice and refrain from sending you such announcements.

Under local law, you may have certain rights regarding your personal information that we have collected, including that EU residents have the right to request: (i) access to your personal information, (ii) rectification or erasure of personal information, (iii) restriction of processing concerning you, (iv) objection to processing that is based upon our legitimate interests, and (v) data portability to other service providers. Your ability to exercise these rights will depend on a number of factors and, in some instances, we will not be able to comply with your request, for example because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular information we hold on you, or in the event where your information is stored by way of a decentralized blockchain system and is therefore not accessible to us. Where so entitled to access to your personal information, you will not have to pay a fee unless your request is clearly unfounded, repetitive or excessive (upon which we may charge a reasonable fee or refuse to comply with your request). If you would like to discuss or exercise the rights you may have, you can contact us through the methods stated below.

It is important that any personal information we hold about you is accurate and current. Please keep us informed if your personal information changes whilst we continue to retain such information. We encourage you to contact us to update or correct your information if it changes or if you believe that any information that we have collected about you is inaccurate or out of date. You can also ask us to see what personal information we hold about you and to erase your personal information  if it is no longer required. You may also tell us if you object to our use of your personal information.

Information for California Residents

California Residents are not permitted to participate in the Token offering, and there are restrictions in place to prevent such an occurance. However, California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether certain categories of information are “sold” or transferred for an organization’s “business purpose” as those terms are defined under California law. You can find a list of the categories of information that we share in the “California Information Sharing Disclosure” section below. Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing please submit a written request to us using the information in the "How to contact us" section below.

California Information Sharing Disclosure

California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicates that companies should disclose whether the following categories of information are collected, transferred for consideration, or transferred for an organization’s “business purpose” as that term is defined under California law.  Note that while a category may be marked that does not necessarily mean that we have information in that category about you.

Category of Personal Information	Is information collected by us?	Is information transferred for valuable consideration?	Is information transferred for business purposes?
Audio, electronic, visual, thermal, olfactory, or similar information	✔	☐	✔
Bank account number	✔	☐	✔
Biometric information	✔	☐	✔
Characteristics of protected classifications (e.g., age, sex, race, ethnicity, physical or mental handicap, etc.)	✔	☐	✔
Commercial information (e.g., products or services purchased, or other purchasing or consuming histories or tendencies)	✔	☐	✔
Credit card number	✔	☐	✔
Debit card number	✔	☐	✔
Driver’s License Number / State ID	✔	☐	✔
Education	✔	☐	✔
Electronic network activity (e.g., browsing history)	✔	☐	✔
Email address	✔	☐	✔
Employment	✔	☐	✔
Employment history	✔	☐	✔
Geolocation data	✔	☐	✔
Health insurance information	✔	☐	✔
Identifiers (e.g., name or alias)	✔	☐	✔
Insurance Policy Number	✔	☐	✔
Medical information	☐	☐	☐
Online identifier (e.g. IP address)	✔	☐	✔
Other financial information	✔	☐	✔
Passport Number	✔	☐	✔
Physical Characteristics	✔	☐	✔
Postal address	✔	☐	✔
Signature	✔	☐	✔
Social Security Number	✔	☐	✔
Telephone Number	✔	☐	✔
Transaction information	✔	☐	✔
Verification of residential address and other information for know-your-customer and anti-money-laundering processes	✔	☐	✔

How to contact us

We welcome your enquiries and comments.

If you would like to contact us regarding this Notice or to withdraw your consent to this Notice or any aspect of it, please send us an email at [email protected].

We try to respond to all legitimate enquiries within a reasonable period of time.

Complaints

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If you would like to contact us, please use the methods stated above.

If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to complain to the data protection authority/regulator, as applicable, in your jurisdiction.

Data subjects under eighteen

The Services are not directed at anybody under the age of eighteen, and we will never knowingly collect personal information from individuals under the age of eighteen.  

Changes to this Notice

We may update this Notice from time to time and we encourage you to periodically review this Notice. If we make any material changes to this Notice regarding the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting notice of the changes in a clear and conspicuous manner on the Website or, if we hold your email address, we may choose to contact you by email.

The use of certain of our Services may also be governed by other applicable terms and policies regarding privacy and the sharing of personal information, which supplement, and should be reviewed alongside, this Notice.