"Personal data" means data, whether true or not, about an individual who can be identified (i) from that data, or (ii) from that data and other information to which the organisation has or is likely to have access. Some examples of personal data that we may collect are:

(a) personal particulars (e.g. legal name, alias(es), nationality and domicile, gender, telephone number, residential address, date of birth, or identity card / passport / driver's licence details);

(b) e-mail address, account username, account password, social media or messaging platform handles and other social media or messaging platform profile information;

(c) financial details (e.g. income, wealth, source of funds/wealth and bank information);

(d) banking information (e.g. account numbers and banking transactions);

(e) tax and insurance information;

(f) information about your investments, investment objectives, knowledge and experience and/or business interests and assets;

(g) information or details regarding digital assets held;

(h) particulars of digital wallet addresses (including transactions performed by said digital wallet addresses), public cryptographic key relating to digital wallet addresses on distributed ledger networks and/or similar information;

(i) information about your use of our services and Portal, and specific user interactions with the Portal such as pages (and sub-page) visited, time and date of your visit, time spent on each page, and other diagnostic data, features utilised, areas visited or clicked on, and time spent;

(j) usernames and password, third-party account credentials (such as your Facebook login credentials, Google login credentials), Internet Protocol (IP) address, and geographical location;

(k) browser type and version, operating system used by the accessing system, Internet service provider of the accessing system, the website from which an accessing system reaches our website (i.e. "referrers"), mobile device ID, location of access, or other similar data and information; and/or

(l) personal opinions made known to us (e.g. feedback or responses to surveys, or posts on the community forum or social media).

Personal data will be automatically collected when you interact with our services, access the Portal, post on the community forum or social media or interact with other users of our services, sign up for any services or otherwise engage with us (whether through live chat, message, phone call, email, social media accounts, messaging platforms, attendance at in-person events).

To the extent permitted by law, we may also obtain other information about you such as contact information, change of address or demographic information from commercially available sources.

We may collect, use and/or disclose your personal data for its legitimate interests or business purposes, including operations for these purposes. These may include, without limitation, the following:

(a) developing, providing and improving our products and services (whether made available by us or through us) or your participation in interactive features of our services, including without limitation:

(i) services relating to market research, community networking and community building;

(ii) community support and user support, as well as to facilitate interactions between users (whether on our platform or outside our platform);

(iii) promoting advertisements or marketing material, whether from us or third parties;

(iv) various products and/or services (whether digital or not, and whether provided through an external service provider or otherwise); and/or

(v) research, planning, analytics, trouble-shooting, technical maintenance and bug fixes;

(b) communicating with you, including providing you with updates on changes to services or products (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such services or products and their terms and conditions;

(c) complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities;

(d) enforcing obligations owed to us, protecting our rights or property, and protecting against legal liability; and/or

(e) seeking professional advice, including legal or tax advice.

We may also use personal data for purposes set out in the terms and conditions that govern our relationship with you or our customer.

In addition to contacting you regarding the Services, We may use your personal data to offer you other products or services, including special offers, promotions, contests or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, telephone calls, facsimile and other messaging applications (such as Telegram), and may be sent directly by us or by various third parties which we work with. In doing so, the sender will comply with all applicable data protection and privacy laws.

You may at any time request that we stop contacting you for marketing purposes via selected or all modes.

To find out more about how you can change the way we use your personal data for marketing purposes, please contact us.

Nothing in this Policy shall vary or supersede the terms and conditions that govern our relationship with you.

We may from time to time and in compliance with all applicable laws on data privacy, disclose your personal data to any of our personnel, staff, employees, officers, group entities, or to third parties (including without limitation banks, financial institutions, credit card companies, credit bureaus and their respective service providers, companies providing services relating to insurance and/or reinsurance to us, and associations of insurance companies, agents, contractors or third-party service providers who provide services to us such as telecommunications, information technology, payment, data processing, storage and archival, and our professional advisers such as our auditors and lawyers, and regulators and authorities), located in any jurisdiction, in order to carry out the purposes set out above (including without limitation the provision of our services, or as required by any law). Please be assured that when we disclose your personal data to such parties, we will disclose only the personal information that is necessary to deliver the service required, and will also require them to ensure that any personal data disclosed to them are kept confidential and secure.

For more information about the third parties with whom we share your personal data, you may, where appropriate, wish to refer to the agreement(s) and/or terms and conditions that govern our relationship with you or our customer. You may also contact us for more information (please see Section 9 below).

We wish to emphasise that we do not sell personal data to any third parties without your consent, and we shall remain fully compliant with any duty or obligation of confidentiality imposed on us under the applicable agreement(s) and/or terms and conditions that govern our relationship with you or our customer or any applicable law. For the avoidance of doubt, In particular, you consent to us providing personal data to third parties such as CoinList (https://coinlist.co/privacy; https://coinlist.co/terms; https://coinlist.co/legal) for the purpose of conducting checks under "Know Your Customer" ("KYC"), Know Your Business ("KYB") and "Anti Money Laundering" ("AML") laws

You are responsible for ensuring that the personal data you provide to us is accurate, complete, and not misleading and that such personal data is kept up to date. You acknowledge that failure on your part to do so may result in our inability to provide you with the products and services you have requested. To update your personal data, please contact us (please see Section 9 below for contact details). Where you provide us with personal data concerning individuals other than yourself, you are responsible for obtaining all legally required consents from the concerned individuals and you shall retain proof of such consent(s), such proof to be provided to us upon our request.

We may transfer, store, process and/or deal with your personal data in any jurisdiction, and accordingly such personal data may be transferred to computers, servers or hardware located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information (including without limitation the Standard Contractual Clauses approved by the European Commission). Your consent to this Policy followed by your submission of such information represents your agreement to the transfer of personal data as described herein.

The Portal uses cookies. A cookie is a small text file placed on your computer or mobile device when you visit a Portal or use an app, which may include an anonymous unique identifier. Cookies collect information about users and their visit to the Portal or use of the app, such as their Internet protocol (IP) address, how they arrived at the Portal (for example, through a search engine or a link from another Portal), how they navigate within the Portal or app, browser information, computer or device type, operating system, Internet service provider, website usage, referring/exit pages, platform type, date/time stamp, number of clicks, ads viewed, and how they use our services. We use cookies and other technologies to facilitate your Internet sessions and use of our apps, offer you customised products and/or services according to your preferred settings, display features and services which might be of interest to you (including ads on our services), track usage of our websites and apps, to compile statistics about activities carried out on our websites, and to hold certain information. Examples of cookies which we use include, without limitation, Sign-in and Authentication Cookies for user authentication, Session Cookies to operate our service, Preference Cookies to remember your preferences and various settings, Third-Party Cookies from third-party services to receive and incorporate external data, as well as Security Cookies for security purposes. You may set up your web browser to block cookies from monitoring your website visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies you may not be able to use certain features and functions of our Portal.

Our websites may contain links to other websites which are not maintained by us. This Policy only applies to websites maintained by us. When visiting these third-party websites, you should read their privacy policies which will apply to your use of such websites.

Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any legal or business purposes. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes, such as transfers of digital assets, and dealing with any disputes or concerns that may arise.

We may need to retain information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes (e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators etc).

When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.

If you:

(a) have queries about our data protection processes and practices;

(b) wish to request access to and/or make corrections to your personal data in our possession or under our control; or

(c) wish to withdraw your consent to our collection, use or disclosure of your personal data,

please submit a written request (with supporting documents, (if any) to our Data Protection Officer at: support@gcrx.io. Our Data Protection Officer shall respond to you within 30 days of your submission. Please note that if you withdraw your consent to any or all use or disclosure of your personal data, depending on the nature of your request, we may not be in a position to continue to provide our services or products to you or administer any contractual relationship in place. Such withdrawal may also result in the termination of any agreement you may have with us. Our legal rights and remedies are expressly reserved in such event.

We may charge you a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request. Information on the processing fee will be made available to you.

To contact us on any aspect of this Policy or your personal data or to provide any feedback that you may have, please contact our Data Protection Officer at support@gcrx.io.

This Policy and your use of the Portal shall be governed and construed in accordance with the laws of Delaware, without regard to its conflict of laws principles. Any controversy, claim, dispute or disagreement that may arise out of or in relation to this Policy or the transactions contemplated hereby (a "Dispute") shall be arbitrated pursuant to the Delaware Rapid Arbitration Act, 10 Del. C. § 5801, et seq. (the "DRAA"). The parties agree to take all steps necessary or advisable to submit any Dispute that cannot be resolved by the parties for arbitration under the DRAA (the "Arbitration") in accordance with this Section 10, and each party represents and warrants that it is not a "consumer" as such term is defined in 6 Del. C. § 2731. Each party (a) hereby waives, and acknowledges and agrees that it shall be deemed to have waived, any objection to the application of the procedures set forth in the DRAA, (b) consents to the procedures set forth in the DRAA, and (c) acknowledges and agrees that it has chosen freely to waive the matters set forth in subsections (b) and (c) of Section 5803 of the DRAA. In connection therewith, each party understands and agrees that it shall raise no objection to the submission of the Dispute to Arbitration in accordance with this Section 10 and that it waives any right to lay claim to jurisdiction in any venue and any and all rights to have the Dispute decided by a jury. The Arbitration shall be conducted in accordance with the Delaware Rapid Arbitration Rules, as such Rules may be amended or changed from time to time; provided that the parties may agree to depart from the Rules by (i) adopting new or different rules to govern the Arbitration or (ii) modifying or rejecting the application of certain of the Rules. To be effective, any departure from the Rules shall require the consent of the Arbitrator and shall be in writing and signed by an authorized representative of each such party. The Arbitration shall take place in Wilmington, Delaware, or such other location as the parties and the Arbitrator may agree. The Arbitration shall be presided over by one arbitrator (the "Arbitrator") who shall be selected by mutual agreement or otherwise in accordance with the DRAA/Rules. The Award shall be deemed an award of the United States, the relationship between the parties shall be deemed commercial in nature, and any Dispute arbitrated pursuant to this Section 10 shall be deemed commercial. The Arbitrator shall have the authority to grant any equitable or legal remedies, including, without limitation, entering preliminary or permanent injunctive relief; provided, however, that the Arbitrator shall not have the authority to award (and the parties waive the right to seek an award of) punitive or exemplary damages. The parties hereto agree that, subject to any non-waivable disclosure obligations under federal law, the Arbitration, and all matters relating thereto or arising thereunder, including, without limitation, the existence of the Dispute, the Arbitration and all of its elements (including any pleadings, briefs or other documents submitted or exchanged, any testimony or other oral submissions, any third-party discovery proceedings, including any discovery obtained pursuant thereto, and any decision of the Arbitrator or Award) shall be kept strictly confidential. Each party hereto shall bear its own legal fees and costs in connection with the Arbitration.

We reserve the right to amend this Policy from time to time to ensure that this Policy is consistent with any developments to the way we use your personal data or any changes to the laws and regulations applicable to us. We will make available the updated Policy on the Portal. When this Policy is updated, we will post a notice on the Portal and also change the "Last Updated" date indicated at the top. You are encouraged to visit the Portal from time to time to ensure that you are well-informed about our latest policies in relation to personal data protection. All communications, transactions and dealings with us shall be subject to the latest version of this Policy in force at the time.

This section 12 applies if you are an individual located in the European Union or European Economic Area. Subject to applicable law, you have the following additional rights in relation to your personal data:

(a) the right to access your personal data (if you ask us, we will confirm whether we are processing your personal data in a structured, commonly used and machine-readable format and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee;

(b) the right to ensure the accuracy of your personal data;

(c) the right to have us delete your personal data (we will do so in some circumstances, such as where we no longer need it, but do note that we may not delete your data when other interests outweigh your right to deletion);

(d) the right to restrict further processing of your personal data (unless we demonstrate compelling legitimate grounds for the processing);

(e) rights in relation to automated decision-making and profiling (you have the right to be free from decisions based solely on automated processing of your personal data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing);

(f) the right to withdraw consent (if we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but provided always that this shall not affect the lawfulness of processing based on your prior consent); and

(g) the right to complain to a supervisory authority in your country of residence in the event that data is misused.

If you believe that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your residence, your place of work or the place of the alleged infringement. You may exercise any of your rights in relation to your personal data by contacting our Data Protection Officer at: support@gcrx.io, and we shall respond to you within 30 days of your submission.

This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated.

By using the Portal and/or any services provided by us, you signify your acceptance of this Policy and terms of service. If you do not agree to this Policy or terms of service, please do not use the Portal or any services provided by us. Your continued use of the Portal following the posting of changes to this Policy will be deemed your acceptance of those changes.