This privacy policy (“Privacy Policy”) governs the manner in which LAtrade Limited, a company duly incorporated under the laws of St. Vincent and Grenadines business number 26911 BC 2022 , doing business as LATOKEN and/or any affiliate, partner or agent accessible through the LATOKEN Website (collectively “LATOKEN”, ”we”) collects, uses, processes, stores and discloses information received from users of LATOKEN web-site https://latoken.com (”Website”) in order to provide you with services available through the Website (”Services”).

We respect the privacy of all users of the Website and ensure that Personal Data of the consumers is treated confidentially and in compliance with applicable laws and regulations.

This Privacy Policy applies to the Website, the Services and products offered by LATOKEN.

By accessing the Website or using our Services, you signify your acceptance to the terms of this Privacy Policy. Where we require your consent to process your Personal Data, we will ask for your consent to the collection, use, and disclosure of your Personal Data as described further below. We may provide additional disclosures or additional information about the data collection, use and sharing practices of specific Services, from time to time. Such notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data.

We reserve the right to modify this Privacy Policy at any time, and when required by law, we will notify you of changes to this Privacy Policy.

If you reside in the European Economic Area or Switzerland, or otherwise are subject to General Data Protection Regulation (EU) 2016/679 of 27.04.2016 (“GDPR”), please refer to Exhibit A to this Privacy Policy (attached below).

Personal Data is data that can be used to identify you directly or indirectly, or to contact you (“Personal Data”). The Privacy Policy covers all Personal Data that you voluntarily submit to us and that we obtain from third parties. This Privacy Policy does not apply to anonymized data, as it cannot be used to identify you.

We collect your Personal Data for the primary purposes of rendering you the Services. We may also use your Personal Data for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

For example, we collect Personal Data which is required under the law to open an account, add a payment method, or execute a transaction. We also collect Personal Data when you use or request Personal Data about our Services, subscribe to marketing communications, request support, complete surveys, sign up for or buy tickets to LATOKEN events. We may also collect Personal Data from you offline, such as when you attend one of our events, or when you contact customer support. We may use this Personal Data in combination with other information we collect about you as set forth in this Privacy Policy.

We may collect the following types of Personal Data (as applicable), without limitation:

• Personal Identification Data: Full name, date of birth, age, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
• Formal Identification Data: Tax ID number, passport number, driver’s license details, national identity card details, photograph identification cards.
• Financial Data: transaction history, trading data, and/or tax identification.
• Transaction Data: Information about the transactions you make on our Services.
• Online Identifiers: Geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses.
• Usage Data: Survey responses, information provided to our support team, authentication data, user ID, click-stream data and other data collected via cookies and similar technologies.

Much of the information listed above is collected directly from you when you submit it on the Website. This includes information such as contact details, registration information and service inquiries. If you do not want to share your information, you can choose not to participate in a particular type of service or activity.

The types of technologies we use include:

A cookie is a small amount of data that is sent to your browser from a Web server and stored on your computer’s hard drive. Cookies enable us to identify your browser as a unique user. Cookies may involve the transmission of information from us to you and from you to us. Cookies may also be used by another party on our behalf to transfer information to us in accordance with their privacy policy. Some cookies are "persistent cookies". They are used by us each time you access our Website. Other cookies are called "session cookies". Session cookies are used only during a specific browsing session and expire after a pre-determined amount of time. We may also use "analytics cookies" that allow web analytics services recognize your browser or device and, for example, identify whether you have visited our Website before, what you have previously viewed or clicked on, and how you found us. This information is provided anonymously for statistical analysis only. Analytics cookies are usually persistent cookies.

You may disable browser cookies in your browser. However, you may lose some features or functionality when you disable cookies. Please also note that disabling cookies is browser specific.

Like most standard website servers, we use log files. Log files track Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. We utilize this information to analyze trends, administer the Website, prevent fraud, track Website navigation in the aggregate, and gather broad demographic information for aggregate use. As part of providing personalized services, we use cookies to:

• provide you with personalized content based on your use of the Website;
• enable you to more easily use the Website by remembering and using contact information, purchasing information, and registration information;
• evaluate, monitor and analyze the use of the Website and their traffic patterns to help improve the Website and the Services;
• assist us with advertisement reporting functions such as to learn which ads are bringing users to the Website.

Where reasonable and practicable to do so, we will collect your Personal Data only from you. However, from time to time, we may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit bureaus, ID verification partners, marketing partners, social media platforms and others.

We take care to allow your Personal Data to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We will never sell or rent your Personal Data. We may share your Personal Data in the following circumstances:

- We share your Personal Data with third party identity verification services in order to prevent fraud or violation of applicable laws (including anti-money laundering and counter-terrorism financing regulations). This allows us to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your Personal Data that can be used solely in connection with provision of identity verification and fraud or law violation prevention services.

- We may share your Personal Data with service providers under contract who help with parts of our business operations such as marketing or technology services. Our contracts require these service providers to only use your Personal Data in connection with the services they perform for us and prohibit them from selling your Personal Data to anyone else.

- We may share your Personal Data with third parties and/ or financial institutions with which we partner to purchase any virtual assets, goods, services or to process payments which you have authorized. The shared Personal Data may include the data provided by the user during obboarding and KYC. Such partners may include any third party accessible through our Website and accessed by the user for the purpose of using the services of such third party, purchasing their virtual assets, any goods or services. Such third parties include (but are not limited to): XasPay Sp. z.o.o., EU Internet Ventures B.V. (dba Banxa), Light Technology Limited (dba. Transak).

- We may share your Personal Data with law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms of Use or any other applicable policies.

- We may share and transfer (including by way of cross-border transfer) Personal Data with a third party for the purpose of rendering the Services which will be made to our Website or systems, including via the use of your credit and debit card. The Personal Data will be shared with such third party after you elect to execute such monetary payments by using the Services of the third party.

- We may transfer any non-personal data (i.e. data that does not identify an individual person) provided by you through your use of the Services on our Website to a third party in order to allow a third party to perform preliminary examinations of non-personal data for the purpose of determining if you are qualified to use the services of such third party (including the history of your transactions on the our Website which will be provided without any identifying information and solely for the purpose of performing the preliminary examinations).

- We may share and transfer (including by way of cross-border transfer) Personal Data with the providers or issuers of tokens that you acquired using our Website or systems if provider/issuer is located in the EU or countries with the level of data protection in a non-EU country considered adequate by the EU commission. The Personal Data may be shared with such third party after you elect to acquire tokens during initial offering, as a result of trading or in any other way using our Website or systems.

If you establish a LATOKEN account indirectly on a third party website or via a third party platform, any information that you enter on that website or application (and not directly on the Website) will be shared with the owner of the third party website or platform and your information will be subject to their privacy policies.

If you are located in, or a resident of, Singapore, you specifically and voluntarily consent to the transfer of your Personal Data to us and service providers outside Singapore, for the specific purposes of performing identity verification or checking, to enable us to prevent fraud and comply with our legal obligations. Other jurisdictions may not have protections in place for Personal Data as extensive as those within Singapore. However, we require our service providers to treat your Personal Data in strict confidence and use appropriate security measures to protect it. You may revoke your consent to this section at any time by emailing [email protected] with the subject line "Revoke Singapore Data Consent".

We use multiple security measures to ensure confidentiality your Personal Data. We aim to only keep your Personal Data for as long as we need it. We store your electronic records in secure systems. Access to your Personal Data is permitted only for authorized employees.

We use asymmetric encryption of data sent from your computer to our systems so no one else can access it. We do not store user passwords on our systems. We use Secure Sockets Layered (SSL) technology to ensure that your Personal Data is fully encrypted and sent across the Internet securely. Each user may opt to use Two Factor Authentication as an extra layer of security that requires not only a password and username on your login at the Website.

We do not knowingly request to collect Personal Data from any person under the age of 18. Any services of LATOKEN or its partners are forbidden for any person under the age of 18. If a user submitting Personal Data is suspected of being younger than 18 years of age, we will require the user to close his or her account and will not allow the user to continue using the Services. We will also take steps to delete the Personal Data as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent their access to our Services.

It is an important to us that your Personal Data is up to date. We will take reasonable steps to make sure that your Personal Data is accurate, complete and up-to-date. If you find that the Personal Data we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

If you have any queries or complaints about our Privacy Policy, please contact us at [email protected].

This Exhibit A governs handling of Personal Data pursuant to General Data Protection Regulation (EU) 2016/679 of 27.04.2016 or any equivalent applicable legislation (collectively, “GDPR”). In particular, GDPR applies to you if you reside in the European Economic Area or Switzerland. LATOKEN is the data controller (“Data Controller”) with respect to your Personal Data, and as Data Controller determines the means and purposes of processing data in relation to the Services, where the purposes and means of such processing are determined by the GDPR.

You have rights to transparent information, communication and modalities for the exercise of your rights as the Data Subject under GDPR. Your principal rights under GDPR are:

• the right to be informed;
• the right to access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to object to processing;
• the right to data portability;
• the right to complain to a supervisory authority;
• the right to withdraw consent;

You have the right to be informed about the collection and use of Personal Data. Information must be concise, transparent, intelligible, easily accessible, and written in clear and plain language.

You have the right to request details of Personal Data which we hold about you under GDPR, this includes access to Personal Data, together with certain additional information. Additional information includes details of the purposes of the processing, the categories of Personal Data. The rights and freedoms of others are not affected.

You have “the right to be forgotten”, to the erasure of your Personal Data without undue delay. It applies in following circumstances:

• Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• you withdraw consent to consent-based processing;
• you object to the processing under certain rules of applicable data protection law;
• the processing is for direct marketing purposes;
• Personal Data have been unlawfully processed.

However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

In some circumstances, you have the right to restrict the processing of your Personal Data. Those circumstances include: you contest the accuracy of Personal Data; processing is unlawful but you oppose erasure; Personal Data is no longer needed for the purposes of processing, but you require Personal Data for the establishment, exercise or defense of legal claims; you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your Personal Data.

You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.

To the extent that the legal basis for our processing of your Personal Data is consent; or that the processing is necessary for the performance of an agreement to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that processing of your Personal Data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your Personal Data by an email notice to us at [email protected]

In general, we use Personal Data to create, develop, operate, deliver, and improve our Services, advertising, and for loss prevention and anti-fraud purposes. We may process your Personal Data if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of LATOKEN, our users or others. In particular, we may use this information in the following ways:

Some of our Services are subject to laws and regulations requiring us to collect and use your Personal Identification Data, Formal Identification Data, Financial Data, Transaction Data, Online Identifiers, and/or Usage Data in certain ways. For example, we must identify and verify users using our Services in order to comply with anti-money laundering and terrorist financing laws in a number of jurisdictions. The consequences of not processing your Personal Data for such purposes is the termination of your account as we cannot perform the Services in accordance with legal and regulatory requirements. Pursuant to GDPR, we process this Personal Data to comply with our legal obligations.

We handle sensitive information, such as your Personal Identification Data and Financial Data, so it is very important for us and our users that we are actively monitoring, investigating, preventing and mitigating any potentially prohibited or illegal activities, enforcing our agreements with third parties, and/or violations of our posted Terms of Use agreement or agreement for the Services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your Personal Data collected on our Services for these purposes. The consequences of not processing your Personal Data for such purposes is the termination of your account as we cannot perform our Services in accordance with our terms. Pursuant to GDPR, we process this Personal Data based on our contract with you.

We process your Personal Data when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your Personal Data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services. Pursuant to GDPR, we process this Personal Data based on our contract with you.

We process your Personal Data for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process Personal Data for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. Our basis for such processing is based on the necessity of performing our contractual obligations with you. Pursuant to GDPR, we process this Personal Data based on our contract with you

We process your Personal Data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. Without processing your Personal Data, we may not be able to ensure the security of our Services. Pursuant to GDPR, we process this Personal Data to satisfy our legal obligations.

We process your Personal Data to better understand the way you use and interact with the Services. In addition, we use such information to customize, measure, and improve the Services and to develop new services. Without such processing, we cannot ensure quality of the Services. Our basis for such processing is based on legitimate interest. Pursuant to GDPR, we process this Personal Data to satisfy our legitimate interests as described above.

We process your Personal Data to provide a personalized experience and implement the preferences that you may request. For example, you may choose to provide us with access to certain Personal Data stored by third parties. Without such processing, we may not be able to ensure your continued receiving of part or all of our Services. Pursuant to GDPR, we process this Personal Data to satisfy our legitimate interests as described above.

Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt out of our marketing communications at any time by contacting us at [email protected]. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services. Pursuant to GDPR, we process this Personal Data to satisfy on your consent.

We will not use your Personal Data for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your Personal Data with third parties. You may opt out of having your Personal Data shared with third parties or allowing us to use your Personal Data for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to so limit the use of your Personal Data, certain features or the Services may not be available to you.

We will not disclose any of your personally identifiable information except when we have your permission or under special circumstances, such as when we believe in good faith that the law requires it or under the circumstances described below. These are some of the ways that your information may be disclosed: Service Providers We occasionally hire other companies (“Data Processors”), to provide limited services on our behalf, including Website development and operation, sending email, analyzing website use, processing payments, providing investor information and processing data. We will only provide such providers the information they need to deliver the service, and they are contractually prohibited from using that information for any other reason. To make an informed decision on whether to provide your Personal Data to us using the Website, we need to make you aware of the organizations that act as Data Processors for us in the provision of our Services to you. We will let you know of such Data Processors in due course, you can also direct your inquiries as to current Data Processors to [email protected]. Data in Aggregate Format We may disclose depersonalized aggregated data and user statistics to prospective partners and other third parties. Depersonalized data is data that does not identify an individual person. Other We also may disclose your information in special cases, for example, when we believe that we must disclose information to identify, contact or bring legal action against someone who may be violating our Terms of Use, or may be causing damage to or interference with our rights or property, other Website users or customers, or anyone else who may be harmed by such activities. We may disclose or access account information when we believe in good faith that applicable laws require it and for administrative and other purposes that we deem necessary to maintain, service and improve our products and services.

We offer our users choices for the collection, use and sharing of Personal Data. You may contact us at [email protected] if you wish to edit your private information and we will use commercially reasonable efforts to accommodate your request. If you believe that any inaccurate or inappropriate information has been obtained or provided to others through your use of the Website, please contact a representative of LATOKEN at [email protected].

We will try to limit the storage of your Personal Data to the extent that storage is necessary to serve the purposes for which the Personal Data was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.

Remember to sign out of your account and close your browser window when you have finished your work. This is to ensure that others cannot access your account by using your computer when you are away from it. Because information sent through the Internet travels from computer to computer throughout the world, when you give us information, that information may be sent electronically to servers outside of the country where you originally entered the information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Information that you disclose by use of the Website, by posting a message or using e-mail, potentially could be collected and used or misused by others. This may result in unsolicited messages from third parties or use of such information by third parties for their own purposes, legal or illegal. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any information you transmit to us or from our Services, and you do so at your own risk. Once we receive your transmission, we use commercially reasonable efforts to ensure its security on our systems.

In the case of a Personal Data breach, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify you of such breach. If a breach is likely to result in a high risk to the rights and freedoms of individuals, we must inform you directly and without undue delay

A Personal Data breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just losing Personal Data. Personal Data breaches can include:

• access by an unauthorized third party;
• deliberate or accidental action (or inaction) by a data controller or data processor;
• sending Personal Data to an incorrect recipient;
• computing devices containing Personal Data being lost or stolen;
• alteration of Personal Data without permission;
• loss of availability of Personal Data.

You may reach LATOKEN Data Protection Officer at [email protected]. You can contact us any time to exercise any of your rights in relation to your Personal Data or if you have any additional questions about collection and storage of Personal Data by contacting us at [email protected].

You can also complain about our processing of your Personal Data to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place.