Privacy Policy

1. INTRODUCTORY PROVISIONS

QUANTEGIS Ltd. for services, Zagreb, Radnička cesta 80, PIN: 59864814633, registered with the Commercial Court in Zagreb under the number: 081466801 (hereinafter referred to as the "Company") adheres to applicable legal regulations with the aim of protecting the privacy of Users. The Company collects and processes the personal data of Users in accordance with the provisions of Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND THE COUNCIL of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as "General Data Protection Regulation") and in accordance with the Data Protection Implementation Act. When a User uses the Company's Service, they entrust their personal data to the Company, which the Company collects. The Company is committed to maintaining the trust of its Users, and the User is required to read the privacy policy (hereinafter referred to as the "policy"), which is an integral part of the Terms. User security is also the Company's security, so the Company strives to process User personal data lawfully, fairly, and transparently, thereby protecting the privacy of User personal data from unauthorized or unlawful processing, applying high technical, security, and organizational protection measures. The policy describes the information that the Company collects and may collect when necessary, how that information is used and shared, as well as information about the choices and rights of the User regarding that data. This privacy policy also applies to the confidentiality of personal data collected in the process of creating a user Account. This document also describes how the Company processes User data, what data the Company processes and may process, how to exercise User rights regarding personal data processing, and other important information in accordance with positive regulations governing the protection of personal data. These personal data processing information relates to every User who has requested or received the Company's Service, as well as to all other persons who are participants in certain direct or indirect business relationships with the Company or who are in any way connected with or will be related to the Company. The Company is committed to protecting the privacy and confidentiality of the personal information it owns and controls. This privacy policy essentially explains the measures we take to fulfill our obligations and describes how the Company collects, uses, discloses, and otherwise processes User personal information through the Company's Website available at www.botik.ai, including all subpages, as well as through other interactions with Users and survey respondents. The Company needs to collect certain personal information from Users and subjects to be able to provide the appropriate Service and meet legal obligations. The Company is committed to protecting the privacy of its Users and subjects, as well as the confidentiality of their personal information that the Company holds. If necessary, the Company may ask Users to complete the "Know Your Customer" form, which relates exclusively to the information that may be needed by the Company to meet contractual, regulatory, and tax requirements if they arise for the Company. The Company may also collect information about the User's account on the exchange (the User's account that is not under the control of the Company and with which the Software is connected through API keys for the User to use the Company's Service), transaction history, and account balances/restrictions on the exchange. The Company limits the use of User personal information. Personal information that the Company may collect when opening an Account is used for the following purposes: assisting in selecting the Service that best suits the User and meets their needs; verifying the User's identity and other information provided by the User; opening and maintaining a user Account; detecting and preventing fraud and other unauthorized or illegal activities; fulfilling legal and regulatory requirements; as otherwise provided or permitted by applicable law. Users are directed to read everything on this page to better understand what data the Company may collect and process, for what purpose, on what legal basis, with whom and why the Company may share them, what protective measures the Company takes, and what User rights are related to access to personal data, correction, deletion, and the right to object. By accepting this Policy, the User confirms that they have read, understood, and agree to the processing of personal data as determined by this Policy. This Policy applies to all Users of our services anywhere in the world, including all users of our Website or other services. By entering their personal information and confirming (clicking) the acceptance of Terms and this Privacy Policy, the User enters into a contractual relationship that is the basis for using the Service provided by the Company and which is contained in the Terms, and therefore the processing of that personal data is lawful because actions are taken at the request of the User for the implementation of the services provided by the Company.

2. DATA COLLECTION

How We Collect Data The Company collects personal information directly from Users, unless otherwise specified in this Privacy Policy. When opening a user Account, the User is required to have an account on the exchange with which the Company cooperates and where the User conducts trading on their behalf and for their own account through the Software, which is connected via API keys. The Company may collect personal information about the User from the exchange, including transaction records and cash statements, to monitor the User's portfolio and provide statements to the User. The Company electronically records personal information of Users on computer servers, which are accessible only by authorized personnel, and only through secure passwords. The Company authorizes its employees and service providers to have access to personal User information on a "need-to-know basis" to fulfill their business requirements. The Company may also collect and use information about visits to the Website or Platform. In general, a potential User or User can visit the Company's Platform without disclosing their identity or providing any personal information. However, the Company may collect and/or store the IP (Internet Protocol) addresses of all Platform visitors and other related information such as page requests, browser types, operating systems, and the average time spent on the Website. The Company may use this information to understand activity on the Website or Platform, track it, and improve its Service. Cookies Policy and similar technologies The Company has the ability to use the collected data for research, resolving requests, or disputes related to the Company's business or for other purposes permitted by law. The Company and its partners use cookies and other identification technologies on their applications, websites, email, and internet ads for purposes described in this policy. Cookies are small text files stored on browsers or devices by websites, applications, internet media, and ads. The Company, including, but not limited to, may use cookies and similar technologies for purposes such as: • User authentication. • Remembering User settings. • Determining the popularity of content. • Delivery and measurement of advertising campaigns. • Traffic analysis and trends on the website and, in general, understanding the behavior and interests of users interacting with our services. The Company may entrust others with the measurement and analysis of services, placement of ads on behalf of the Company over the Internet, and tracking and reporting on the effectiveness of these ads. These entities may use cookies, web beacons, SDK-s, and other technologies to recognize devices when visiting the Website or Platform, and if the Company's Services are used, as well as when visiting other websites and/or services. The Company may use third parties to assist in collecting and analyzing information about the areas of the Platform that are visited to better understand, assess, and improve the user experience and convenience of the Website or Platform. Types of Data the Company May Collect The Company may collect the following categories of information, which may include: 1. Information Provided Directly, which may include: • Information sent when someone requests the Company's Service, visits the Company's Website or Platform, contacts the Company, and creates or updates their user Account which may include information’s like: Full name, Email address, Phone number, Payment or banking information, identification numbers (PIN, Business Registry Number, etc.), Information related to political exposure, other information required for opening and registering an Account. 2. Information generated through service usage: • Location Information: The Company may collect your location information through your IP address. • Transaction Information: The Company may collect transaction details related to the use of the Company's Services. • Payment Method and Credit/Debit Card Data: For credit and debit card payments, the Company uses a secure online payment card acceptance system. When making a transaction using a credit/debit card, you may be asked to provide specific data relevant to completing the transaction, including, but not limited to, the card number, expiration date, name, phone number, email address, and similar information. By entering this data, the User declares and guarantees that they have the legal right to use the credit/debit card and that the provided information is accurate, truthful, and complete. The Company has the right to share this data with third parties for the purpose of completing the transaction. The Company reserves the right to refuse or cancel a transaction at any time for certain reasons, including, but not limited to: service availability, suspicion of money laundering and terrorism financing, suspicion of fraud, or any unauthorized or illegal transactions. • Personal Document Information and Document Numbers: For additional User security, the Company may verify the User's identity using personal documents (ID card, passport, etc.). • Information About the Mobile Device You Use: The Company may collect information about the devices you use to access the Company's Services, including, but not limited to, hardware models, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device startup data, and network information. • Logs (hereinafter referred to as "logs"): When interacting with the Company's Platform, the Company may collect server logs, which may include information such as the device's IP address, access dates and times, viewed pages, and other system activities. 3. Information from Other Sources, which may include: • User feedback such as ratings, reviews, or compliments. • Information from exchanges where Users have open accounts and where Users trade and use trading Software within the Service provided by the Company. • Information from publicly available sources. • Information from marketing service providers and other sources. The Company may use the collected data for various purposes, including but not limited to: 1. Service Provision: The Company may use the data collected to provide, customize, maintain, and improve the Service it offers. 2. Security: The Company may use the collected data to ensure the security and integrity within the scope of providing the Service. 3. Customer Support: The Company may use the information it collects to improve and enhance the provision of customer support. 4. Research and Development: The Company may use the data collected for testing, research, analysis, and product development. The aforementioned allows the Company to improve and enhance the Service, develop new features and products, and facilitate solutions related to the Service it provides. 5. Communication with the Company: The Company may use the information it collects for communication related to the Service, promotions, surveys, news, updates, and events. The Company may also use the information for promoting and processing contests and sweepstakes. The Company may use the collected data for research or to resolve requests or disputes related to the use of the Service it provides or as otherwise permitted by applicable law. The Company may also share data it collects under the following circumstances: 1. For Legal Reasons or Disputes: The Company may share data if it deems it necessary under applicable laws, regulations, operational agreements, legal proceedings, or requests from state and regulatory authorities. 2. With Consent: The Company may share data if you consent to data sharing within the scope of providing the Company's Service. The Company retains the collected data as long as the Account remains active unless the User requests data or Account deletion, in some cases, the Company may retain certain information about the User in accordance with the law even if the User deletes their Account. In accordance with applicable law, the Company may retain data after an account is deleted in the following cases: • If there is an unresolved issue related to your Account (e.g., a dispute). • If required by us under applicable law and other regulations. • If necessary to protect the legitimate business interests of the Company, such as fraud prevention and enhancing the security and safety of Users.

4. DATA RETENTION PERIOD

The Company stores personal data for as long as necessary to fulfill contractual and legal obligations and to protect the Company's interests. The Company retains personal data for as long as specified by individual regulations that the Company is obligated to apply in its operations, and no longer than necessary to achieve the purpose for which the data is processed or to protect the interests of the Company.

5. CATEGORIES OF RECIPIENTS OF YOUR PERSONAL DATA

The Company may disclose data to third parties in accordance with the rules set out in this Privacy Policy, especially based on the consent of the data subject, the execution of a contract in which the data subject is a party, legal provisions and subordinate regulations, or in cases where the Company protects its own legitimate interests. Personal data will be disclosed to specific third parties if the Company is legally obligated to provide such data, such as the Office for the Prevention of Money Laundering, the Tax Administration, and other institutions in the Republic of Croatia and the EU to which the Company may be obligated to provide data to comply with applicable laws and other relevant regulations. The Company will disclose the personal data of the data subject to third parties when necessary to conduct the Company's business and provide services to data subjects. This may include providers of postal services, IT services.

6. RIGHTS OF DATA SUBJECTS/USERS

Each data subject/User whose personal data is processed by the Company as the data controller has the following rights: a) Right of access (according to Article 15 of the General Data Protection Regulation) - allows the data subject/User to find out if their personal data is being processed and to receive confirmation from the Company whether their data is being processed, the purpose of processing, categories of personal data, recipients or categories of recipients, the expected period during which the data will be stored, and more. b) Right to rectification (according to Article 16 of the General Data Protection Regulation) - allows the data subject/user to request the correction of inaccurate or incomplete personal data concerning them. c) Right to erasure ("right to be forgotten" according to Article 17 of the General Data Protection Regulation) - allows the data subject/User to request the deletion of personal data, but the Company must not delete their personal data if processing is necessary (e.g., to comply with a statutory data retention obligation or to establish, exercise, or defend legal claims). d) Right to restriction of processing (according to Article 18 of the General Data Protection Regulation) - allows the data subject/User to request the restriction of the processing of personal data, for example, if they contest the accuracy of personal data or if they believe that the processing is unlawful. e) Right to data portability (according to Article 20 of the General Data Protection Regulation) - allows the data subject/User to have their data transferred to another data controller. It should be noted that the right to data portability applies exclusively to personal data that the data subject provided to the Company and when it is technically feasible. f) Right to object (according to Article 21 of the General Data Protection Regulation) - allows the data subject/User to object to the processing of personal data if processing is carried out in the public interest or is necessary for the legitimate interests of the Company (including profiling), or if the data subject/User's data is processed for direct marketing purposes. The Company will refrain from further processing of personal data unless it can demonstrate compelling legitimate reasons for the processing that override the interests, rights, and freedoms of the data subject/user or if processing is necessary for the establishment, exercise, or defense of legal claims. g) Right to lodge a complaint with the supervisory authority (according to Article 77 of the General Data Protection Regulation) - allows the data subject/User to address the Croatian Personal Data Protection Agency, Selska cesta 136, 10000 Zagreb, Croatia.

7. HOW TO EXERCISE DATA SUBJECTS' RIGHTS

To exercise their rights related to personal data protection, data subjects/Users can contact customer support, which can be reached in writing at the address: Radnička cesta 80, 10000 Zagreb, Republic of Croatia, or via email at: help@botik.ai. The Company will inform you of the actions taken without undue delay and no later than one month after receiving the request. In exceptional cases, this period may be extended, taking into account the complexity and the number of requests, with the Company being obligated to inform the data subject about such extension.

8. CHANGES TO THE PRIVACY POLICY

The Company regularly updates the Privacy Policy to ensure its accuracy and currency, and the Company reserves the right to change its content if deemed necessary. The Company will timely inform Users of all changes and additions via our website (www.botik.ai) in accordance with the principle of transparency. This Policy is an integral part of the Company's General Terms and Conditions and is effective from December 1, 2023.