NEBA Token (“we,” “us,” or “our”) is committed to protecting the privacy of your personal data. This Privacy Policy describes how we collect, use, disclose, and protect your information when you participate in our referral game (“Game”).

Personal Data: We may collect the following personal information:

• First and last name
• Email address
• Contact information (if provided)
• IP address

We process this kind of Personal Data, under art. 6, para. 1 of the GDPR, based on:

– Consent given by you as the Data Subject;

– Concluded agreement, under which you as a Data Subject is a party or a representative of a party, as well as for the performance of any required actions required for the conclusion of such an agreement, by request of the Data Subject.

Usage Data: We collect data on how you interact with our website and the Game, including:

• Pages you visit
• Links you click
• Date and time of your visits
• Referrals you make

When you access or use our Website and/or enter into the Game, we automatically collect information about you. This information is used to provide statistical data about our users browsing actions and patterns, and does not personally identify individuals.

The collection and processing of this technical data is for the purpose of enabling the use of our Website, continuously ensuring system security and stability, optimising our Website, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

You may refuse to provide any and all personal, and/or financial, and/or other relevant information, which may disrupt the provision of the service, or in any way lead to an inability of the Data Controller to perform any and all agreed upon action.

Cookies and Tracking Technologies:

• We use cookies and similar technologies to enhance your experience and analyze website usage. Please see our Cookies Policy.

We use the collected information for the following purposes:

• Administering the Game
• Communicating with participants
• Processing rewards
• Analyzing data and improving the Game
• Sending marketing communications (with your consent)

We may disclose your information to:

• Third-party service providers who assist us in operating the Game – All our third party service providers are bound by contract to protect and use our users’ Personal Information only for the purposes needed, except as otherwise required by law.
• Government authorities if required by law

We store and process your Personal Information in data centers around the world, wherever our facilities or service providers are located. As such, we may transfer your Personal Information outside of the EEA. Such transfers are undertaken in accordance with our legal and regulatory obligations.

We take appropriate measures to protect your information from unauthorized access, use, or disclosure.

We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously being improved in line with technical developments.

Part of these measures are:

(i) Password protected directories and databases;

(ii) Only authorised personnel with access to your Personal Information, who are required to treat the information as confidential;

(iii) Secure Sockets Layered (SSL) technology to encrypt and send your information across the Internet securely;

(iv) PCI Scanning to prevent your information from being hacked.

We retain your personal data for as long as necessary for the purposes described in this Privacy Policy.

You have the right to:

• Opt-out of receiving marketing communications

• Right to information and access

You have the right to receive access to the data, which is related to the means, purposes and basis for the processing of your Personal Data, the recipients and the category of recipients of your Personal Data, etc. in accordance to the Regulation.

• Right to rectification

You have the right to rectify and complete (or request before the Data Controller that they rectify) inaccurate or incomplete Personal Data, which is related to you.

• Right to erasure

You have the right to request the erasure of all Personal Data related to you, and the Data Controller is obliged to delete them in the term provided, when one of the Regulation requirements is fulfilled.

The Data Controller shall not erase the Data, which they are legally obliged to store, including for the purpose of defense in legal claims and proving their rights.

• Right to data portability

You have the right to withdraw all Personal Data, regarding you, which is stored and processed by the Data Controller and request that they transferred to another Data Controller, as appointed by you, whenever technically achievable.

To exercise any of the aforementioned rights, you may file your demand (claim) to the Data Controller to the Correspondence address/e-mail described below.

• Right to restriction of processing

In the circumstance in which the Personal Data we process is inaccurate or out of date, or if you believe that their processing is unlawful, you have the right to request that we restrict the active processing for a term which allows us to check the accuracy of the information and amend it accordingly, or until the problems with the lawfulness of the processing have been resolved.

If you do not wish for some or all of your Personal Data processed on the base of your consent to continue being processed, you have the right to withdraw the consent provided by you

• Right to object

You may object against the processing which we perform at any point on ground related to the specific situation (applicable whenever the processing of Personal Data is being carried out on the basis of our legal interest or a third party). Under any circumstance, you may object against processing for the purposes of direct marketing.

• Right to withdraw consent

Whenever we process your Personal Data on the basis of your consent, you may at any point withdraw your consent. This may happen online, by contacting us via e-mail. The withdrawal of your consent shall in no way affect the lawfulness of the processing performed prior to the withdrawal.

• Right to complaint before the authority body

If you believe that your rights in relation to Personal Data protection and their security have been violated, you have the right to contact the relevant Commission for Personal Data protection.

Your data may be transferred to and processed in countries outside of your country of residence.

The Game is not intended for individuals under the age of 18.

IF YOU ARE UNDER 18 YEARS OF AGE, THEN YOU MUST NOT USE OR ACCESS THE GAME AT ANY TIME OR IN ANY MANNER. By accessing or using the Game, you affirm that you are at least 18 years of age.

We do not knowingly collect or use any personal data from minors. A minor may be able to willingly share personal information with others, depending on the products and/or media channels used. If a minor provides us with their information without the consent of their parent or guardian, we will ask the parent or guardian to contact us for the purpose of deleting that information.

We may update this Privacy Policy at any time. We will notify you of any material changes.

If you have any questions about this Privacy Policy, please contact us at: [email protected]

Data Controller

NB Token Ltd., a company incorporated and existing under the laws of Bulgaria, with corporate number (UIC) 208089483, having its seat and registered address: 64A General Yosif V. Gurko str., Sofia, Bulgaria

Authority body

Commission for personal data protection

Address: Sofia, 2 Prof. Tsvetan Lazarov blvd.

Tel.: +3592/91 53 518

e-mail:[email protected]

website: www.cpdp.bg

We process your personal data based on:

• Your consent
• The necessity to perform a contract
• Our legitimate interests

Please note that residents of the United States, Canada, and Singapore are not eligible to participate in the Game due to legal and regulatory restrictions.