COMITY FINANCE Privacy Policy

Version: 1.0 Last updated: August 28, 2024

This Privacy Policy (“Policy”) constitutes an integral part of the Comity Finance

Comity Finance services (“You”, “User”), TravelAbs s.r.o., a private Companies

incorporated under the laws of the Czech Republi, (“Companies”, “We”).

This Policy describes how the Companies collects and uses your Personal Data

when providing the Services to you.

Terms and definitions in this Policy have the same meaning as in the Terms unless

stated otherwise.

We may update this Policy from time-to-time by posting a new version on the

Website. We advise you to check this page occasionally to ensure you are happy

with any changes. However, we will endeavour to provide you with an

announcement about any significant changes.

You can contact the Companies at: support@comity.fi.

I. Overview

Your privacy is important to us. We are not going to misuse your data.

Due to the nature of the Services, we collect some personally identifiable information

(“Personal Data”) from you when you open a User Account.

Additionally, the Companies may collect some of the Personal Data from you when

you

contact the Companies and during your use of the Services.

II. Information We May Collect from You 2.1. Account Information

When you open the User Account with the Companies, you provide us with your

Personal Data.

To open the User Account and verify your identity, we ask you to provide the

following information: email address (which will be your username (login), phone

number (for restoring account access and verifying your identity), full name (to

verify your identity and fraud prevention), date of birth (to verify that you are of

Acceptable Age), your

address, your profession, citizenship and gender (to verify your identity and

financial crime prevention), and you will have to come up with the password.

We use/store your email address:

(a) to verify your identity when you log in to your account;

(b) to contact you regarding your User Account or work and updates of the

Companies (support emails); and

Policy.

After you register the User Account, you will be able to sign in with your User

Account information (email that is your login and your password).

We store passwords secured against unauthorized access by using a password

hashing function. We encourage you to create a strong password and avoid sharing

with other persons for the safety of your User Account and Card Account.

2.2. Wallet Information

To enable the deposit of funds to the Card Account, we collect and process relevant

wallet information from you depending on the type of virtual asset you would like to

deposit.

We store your wallet information in an encrypted form and do not use this

information for any purpose except to provide you with the exchange services and to

comply with our legal obligations.

2.3. Security Information

To secure your use of the Cards, each Card has a PIN. We do not collect nor

process this PIN and therefore cannot help with its retrieval.

Please keep your PIN secure.

The Companies will never ask you to share your PIN with the Companies, its

directors, employees, agents, or officers.

2.4. Usage Date

We collect information about your experience – the history of transactions,

number of your assets, device and browser, information, IP-address, date,

time, and duration of use of the Website, links by which you were addressed to

the Website.

We store your information about your history of transactions, buy and sell orders,

and

the number of your assets to:

(a) enable you to manage it on the Website and see your history (please also

see Sections 16 and 17 of the Terms); (b) comply with financial law

requirements. We use other usage data to:

(a) give you the control over User Account active session (give information about

logged-in devices, history of orders, etc.) and prevent fraudulent activities; and

(b) conduct our marketing research.

We also collect the information about the language of interface you chose on the

Website to keep the interface in that language when you log in next time.

Usage data is collected in an anonymized and aggregated way to improve the

Website and Services usability and for marketing purposes. Learn more about it in

the section “Analytics” of this Policy.

2.5. Communication

If you need technical support, have a privacy request, or any other inquiry, you can

contacting us at support@comity.fi.

In this case, we will receive some portion of the information from you (your name

and/or email). We will use this information to provide you with the help you might

need, fix our Services, and analyze the Website’s efficiency.

2.6. AML/KYC

To comply with the laws on the prevention of money laundering and terrorist

financing, we are required to collect, keep, and analyse the information and

documents that identify you, contact details, history of transactions, verification data,

including from third-party sources (e.g., consumer reporting agencies, public

databases, commercial registries, and sanction lists), and other types of information

prescribed by law.

We will ensure the confidentiality of the collected information and will not use the

data from your AML/KYC profile for any other purposes.

For more information on the AML/KYC procedure and types of information collected

for this purpose, please refer to our AML/KYC Policy.

III. How We Collect Information from You 3.1. Overview

We collect information from you when:

a) you use the Website and the Services;

b) when you open the Website (including when opening a Referral Link) and access

your User Account; and

c) when you contact the Companies.

3.2. Information we collect automatically

The following information is collected automatically: the number of your assets,

device information, IP-address, date, time, and duration of use of the Website;

information about transactions made with your Cards.

IV. Legal Base for Processing

4.1. Provision of Services

We use account information, wallet information, and usage data to provide our

Services. Without this information, we will be unable to provide you with the Services

we offer.

4.2. Compliance

As discussed above, we are required to store certain types of information for

compliance with laws (e.g. AML/KYC obligations). We will make sure that this

information will be treated strictly in accordance with relevant laws, and we will not

use this information for other purposes (except as provided in this notice).

4.3. Customer Support

We use the information we receive when you contact us to help you with your

inquiry.

4.4. Legitimate Interest

For marketing purposes, we process your statistics of activity on the Website and

your usage data. These data help us to understand our target groups and conduct

marketing research.

We can also send you occasional emails with Comity Finance updates or new

products/services, and other emails for the information purpose.

Account information, and usage data is processed for the purposes of identity fraud

prevention.

You can opt-out from the email subscription by clicking the appropriate button in our

emails to you.

V. Acceptable Age

We do not intend to collect nor knowingly process the children’s (under 18 years old)

personal data. Only individuals, who are already 18 years old, may use the Services

and provide information to us.

VI. Third-party Access

Except as provided in this Policy, we will not sell, share, or rent your information to

third parties.

6.1. Analytics

To analyse our efficiency and conduct marketing research, we use the services of

analytics providers. When using the analytics services, we can share anonymized

and aggregate details of using our Services, including, but not limited to traffic data,

location data, length visit, other communication data.

This information does not allow to identify any certain person, so it is considered

non- personally identifiable information.

Non-Personally Identifiable Information is collected and processed, among other

services in an anonymized and aggregated way to improve the Website and

Services’ usability and for marketing purposes using Google Analytics.

Google Analytics is a web analytics service that tracks and reports traffic on the

Website. Google. Analytics uses the data collected to track and monitor the use of

our Website. This data may also be shared with other Google services.

For more information on the privacy practices of Google, you can check its Policies

at www.google.com/analytics/policies/.

If you want to opt-out of being tracked by Google Analytics, please visit

https://tools.google.com/dlpage/gaoptout.

6.2. Third-party services

We may share some of your information with third parties, whose services are

integrated with our Services solely for the purposes of the provision of such services,

and only if you intend to receive such services.

Please see Section 18 of the Terms for additional information.

6.3. KYC and Email notifications

We are using third-party services to:

(а) conduct KYC procedure;

(b) send our notifications by email.

Such third parties may only use information about you to perform services on our

behalf. They are not allowed to use it for their own purposes, and we take all

reasonable and required measures to ensure their compliance with data protection

requirements.

6.4. Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose

information about you:

(a) if we are required to do so by law, in connection with any legal proceedings

or to establish, exercise, or defend our legal rights; and

(b) in case we sell, license, or otherwise assign our Companies, corporate rights,

Comity Finance or its separate parts or features to third parties.

VII. Data Retention

We retain your data for as long as you use our Services. We will delete most of the

information when you stop using our Services (upon expiration of your Card if you

have not ordered another Card from the Issuer and closing your Account), excluding

some of the usage data that we may retain longer for analytical purposes.

Please note, that in order to comply with our legal obligations, we will have to store

the KYC/AML information for 5 years after termination of the relationship with you.

We retain the information you provide us with when you contact us to provide you

with customer support and do not store it afterward.

VIII. Information Security

Your information is being stored and processed on the servers of the cloud provider

inside the EU. These servers have technical measures to store the data securely

and protected against unauthorized access.

To keep the processing, we may transfer the information outside the EU, e.g., for the

purposes of technical maintenance. In this case, we will ensure that the necessary

safeguards to process the information are met in accordance with applicable privacy

regulations. We do not transfer personally-identifiable information to the U.S.

We take necessary and sufficient measures, including hashing and encryption of

certain information, to protect your information from unauthorized or accidental

access, destruction, modification, blocking, copying, distribution, as well as from

other illegal actions of third parties.

Immediate access to some amount of the data is only allowed to our authorized

employees involved in maintaining operations of the Companies and its information

infrastructure. Such employees keep strict confidentiality and prevent unauthorized

third-party access to personal information.

IX. Cookies

We use cookies. A cookie is a small text file that is downloaded onto your ‘terminal

equipment’ (e.g. a computer or smartphone) when you access the Website. It allows

the Website to recognize your device and store some information about your

preferences or past actions.

There are two main kinds of cookies: session cookies and persistent cookies.

Session cookies are erased when you close your browser. Persistent cookies remain

on your device for a predefined period.

Strictly necessary cookies do not require user consent as they are always placed on

your device by default.

Performance and targeting cookies are placed on your device by third-party

providers on our behalf. Those providers, such as Google Analytics are engaged to

provide us with analytics and access to the advertisement networks. For

performance and targeting cookies, we will ask for your consent first.

You can manage and disable cookie settings at any time using Cookie Settings on

the Website. Furthermore, you may manage your cookie settings in your browser

settings at any time.

Please keep in mind that simply disabling all cookies or all of our cookies in your

browser settings may lead to certain sections or features of our Website not working.

Therefore, we recommend using the Cookie Settings on our website instead of

disabling all cookies in your web browser.

X. Data Rights & Requests

If you want to file a request or exercise any of your information rights under the

applicable law, please contact us at support@comity.fi.

To control our data protection activities, you may exercise certain rights regarding

your information processed by us. In particular, you have the right to:

10.1. Object to the processing of your information. If we process your information

in our legitimate interests, you can object against it. We will consider your request

and, if there are no legal grounds to refuse it (e.g., public interest), stop the

processing for such purposes;

10.2. Access your information. You have the right to:

(a) learn if we process your information;

(b) obtain disclosure regarding certain aspects of the processing; and (c) obtain a

copy of the information undergoing processing.

10.3. Verify your information and seek rectification. If you find that we process

inaccurate or out-of-date information, you can verify the accuracy of your information

and/or ask for it to be updated or corrected;

10.4. Restrict the processing of your information. When you contest the accuracy

of your information, believe we process it unlawfully, or want to object against the

processing, you have the right to temporarily stop the processing of your information

to check if the processing was consistent.

In this case, we will not process the information for any purpose other than storing it

or for legal compliance purposes until the circumstances of restriction cease to exist;

10.5. Ask us to delete/destroy/otherwise remove the information about you. If

we are not obliged to keep the data for legal purposes, we will remove your

information upon your request.

Please note, that the deletion of your information may affect your experience on the

Website or lead to close of relationships between you and us if the information was

strictly necessary for the provision of Services; and

10.6. Ask us to transfer your information to another organization.