1. INTRODUCTION

1.1. This POLICY ("Policy") applies to all personal data of Users that the Shard Exchange Platform ("Platform") may receive from Users during their use of the Platform.

1.2. Using the Platform, including registering an account on the Platform, means the User's unconditional consent to this Policy and the terms of data collection and processing specified therein; in case of disagreement with these conditions, the User must refrain from using the Platform. By using the Services, you accept the terms of this Policy and our Terms of Use, and consent to the collection, use, disclosure and storage of your information as described in this Policy. If you have not already done so, please also review the Terms of Use. The Terms of Use contain provisions that limit our liability to you and require that you resolve any disputes with us on an individual basis and not in any class or representative action. IF YOU DO NOT AGREE WITH ANY PORTION OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE THE SERVICES.

2. TERMS AND DEFINITIONS

2.1. Personal data – any information relating directly or indirectly to a specific or identifiable individual (Personal Data User), including standard data automatically received by the http server when accessing the Platform and subsequent actions of the User (host IP address, type of User's operating system, pages of the Site visited by the User).

2.2. Terms of Use – an agreement between the User and the Operator, containing all the necessary and essential conditions for using the Platform, providing access to the Platform and using the Platform by the User, while this Policy is an integral part of the Terms of Use.

2.3. User (Personal Data User, User) is an individual who visits, downloads, registers an Account on the Platform or otherwise uses the Platform, regardless of whether he actually uses the functions of the Platform.

2.4. Operator – NewGenIT Ltd., registration number 246535. Registered address: House Of Francis, Room 303, Ile Du Port, Mahe, Seychelles. The company manages the Shard Exchange Platform, determines the purposes and means of processing Users' personal data, and bears the responsibilities of personal data Operator.

2.5. Platform means the Shard Exchange Platform, including the website shard.exchange, and associated ecosystems through which Shard Exchange provides certain cryptocurrency-related functionality to Users.

2.6. Account – a User's account on the Platform, containing the User's data and a set of access rights to the functionality of the Platform.

2.7. Cookies are a piece of data as part of an HTTP request, intended for storage on the User's device and used by the Operator to authenticate the User, store the User's personal preferences and settings, track the state of the User's access session and maintain statistics on Users.

2.8. Destruction of personal data – actions as a result of which it becomes impossible to determine the ownership of personal data to a specific User of personal data without excessive financial and organizational costs.

2.9. Processing of personal data – any action (operation) or set of actions (operations) performed with or without automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

3. GENERAL PROVISIONS

3.1. The Policy governs the processing of personal data when the Operator interacts with the User in connection with the User's use.

3.2. The policy has been developed in accordance with the requirements of applicable legislation, agreements concluded by the Operator, and other regulatory documents taking into account modern requirements in the field of personal data protection.

3.3. This Policy is published on the Platform.

4. CATEGORIES OF PERSONAL DATA PROCESSED

4.1. The Operator may process the following personal data of Users: name, gender, citizenship, e-mail address, phone number, identity document details, date and place of birth, registration address and actual residence address, login and password for using the Platform, financial information (including certificates of origin of funds, documents on the use of funds requested for AML/KYC compliance), IP address and device information, browser type and version, transaction history, data from cookies, data about content posted on the Platform and activity on the Platform.

5. PURPOSE OF PROCESSING PERSONAL DATA

5.1. Personal data may be processed for: providing Platform capabilities and identifying the User; collecting and analyzing statistical data; protecting User accounts and archiving data; improving the Platform; complying with legislation; informing Users about products and updates; communication with Users; maintaining satisfaction; planning strategies; maintaining security; modeling and reporting; complying with government obligations; settling disputes; ensuring account and system security; fulfilling AML/anti-fraud obligations; and marketing purposes.

5.2. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes.

5.3. The transfer of personal data to third parties may be permitted to a minimum extent and only to perform tasks consistent with the purposes of processing.

6. PROCESSING METHODS

6.1. The Operator receives and processes personal data on the basis of agreements, notices, communication with support, and data from third-party service providers.

6.2. Personal data is stored on electronic media with measures to prevent loss or misuse.

6.3. Processing may be manual, automated, or mixed. The Operator does not make decisions based solely on automated processing that give rise to legal consequences without User consent.

7. USER RIGHTS

7.1. The user has the right to: access information about processed personal data; make changes to own personal data; request changes or clarification; require notification of persons who received incorrect data; receive information about third parties to whom data was transferred; receive information about processing; receive data in machine-readable format and transfer to other operators; request deletion, restrictions, or withdrawal of consent; demand compensation for damages. Deletion or withdrawal of consent may lead to inability to use Platform functions.

8. CHILDREN'S PERSONAL INFORMATION

The Operator and the Platform are not directed to persons under 18 years of age. If you are under 18, please do not provide any personal information. If a User providing personal information is suspected of being under 18, the Operator will require the User to close their account and will take steps to delete their information as quickly as possible.

9. INFORMATION ABOUT PERSONAL DATA PROTECTION REQUIREMENTS

9.1. The Operator takes necessary legal, organizational and technical measures to protect personal data, including: appointing a responsible person; limiting employee access; software identification; antivirus control; backup tools; regular software updates; encryption when transmitting data; and secure storage locations.

10. PRIVACY

The Operator undertakes to keep confidential information disclosed to it in strict confidence and takes all necessary measures to ensure confidentiality and prevent unlawful disclosure or unauthorized use.

11. COOKIES POLICY

11.1. The Operator uses cookies when you visit the Platform. Cookies are small files that are downloaded to your device when you visit certain websites.

11.2. We use first and third party cookies to recognize you as a Shard Exchange User, customize services, measure advertising effectiveness, and collect information to reduce risk, prevent fraud and build trust.

11.3. Types of cookies: Necessary cookies (required for Platform functioning); Analytical cookies (for measuring performance); Functional cookies (to remember User preferences).

12. DESTRUCTION OF PERSONAL DATA

12.1. Destruction is carried out when processing goals are achieved, upon unlawful processing or revocation of consent, upon expiration of storage period, or by order of authorized body or court.

13. TRANSFER TO THIRD PARTIES

13.1. The operator may transfer personal data to employees, partners, consultants, auditors, courts, government agencies, hosting and analytics providers, subsidiaries, credit organizations, and other third parties specified in User consent.

14. CROSS-BORDER TRANSFER

14.1. The User consents to cross-border transfer of personal data for the purposes specified in this Policy. The Operator undertakes to ensure that third parties take necessary measures to protect transferred data.

15. USER REQUESTS

15.1. Users may send requests to the Operator by email: help@shard.exchange.

15.2. The Operator undertakes to review and respond within thirty (30) days from the date of receipt.

16. THIRD PARTY RESOURCES

16.1. The Operator may provide links to third party websites. The Operator is not responsible for the collection, processing and deletion of Users' personal data by such third parties.

17. FINAL PROVISIONS

17.1. The period for processing personal data is equal to the period for fulfilling the Operator's obligations or until the User withdraws consent or terminates the Operator's activities.

17.2. Withdrawal of consent is carried out by sending a written application to the Operator.