Privacy Policy

Jurisdiction:
Global

Date:
August 2023

Version:
1.1

Scope
This is the Privacy Notice of the Neon Exchange AG and the Nash Exchange B.V. (hereinafter “Nash Exchange” and/or “We”), a company duly incorporated under the Laws of Liechtenstein and the Netherlands, respectively. Nash Exchange is a fintech company active in the digital finance space. Our products form an integrated financial services platform.
Data protection is of a particularly high priority for us. The use of our Website (https://nash.io, hereafter the “Website”) is possible without any indication of personal data; however, if you want to use our services, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from you.
The processing of personal data, such as your name, address, e-mail address or telephone number (hereinafter “Data”), shall always be in line with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Nash Ex-change.
When you access our Website and/or use our Services, you acknowledge that you have read this Privacy Notice and understand its contents. Your use of our Services and any dispute over privacy is subject to this Privacy Notice and our User Agreement (including any applicable limitations on damages and the resolution of disputes).
Controller
Controller for the purposes of the GDPR, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Neon Exchange AG Nash Exchange B.V.
Landstrasse 123 Prinsengracht 769
9495 Triesen 1017 JZ Amsterdam
legal@nash.io
Collection of Data
We collect and process data about you when you provide it to us, when other sources provide it to us or when you use our services.

Nash Exchange Account
You have the possibility of registering for a Nash Exchange Account on the Website, which involves the indication of Data. Which Data is transmitted to us is determined by the respective input mask used for the registration of a Nash Exchange Account. All Data entered by you is collected and stored exclusively for internal use by Nash Exchange and for our own purposes. We may request transfer to one or more processors (e.g. a Provider) that also uses Data for an internal purpose. Such use of the Data is attributable to Nash Exchange.

Other Sources
In addition to the Data with which you provide us directly, we may also collect data by indirect means or receive it from third parties. Such data includes, but is not limited to, the following:
• Information from our other Services, such as:
o Transaction Data, which includes information about the type of virtual financial assets that are involved in the transactions you implement on and through the Website and the Services, including order volume, price, value, your transaction history, and the payments that we receive from you.
o Portfolio Information, which includes information about the virtual financial assets credited to your Account and the balances associated with your Account.
o Connection Information, which includes information about your internet connec-tion, the equipment you use to access the Website and the Services and usage details.
o Email Communications. To make our email more relevant to you, we may include a web beacon or other tools that provide us with a confirmation that you have opened an email that we have sent to you, if your computer supports such fea-tures. We may also compare our user list with lists that we receive from other sources, to avoid sending duplicate or unnecessary messages to our customers. You can adjust your communication preferences by contacting Nash Exchange via email at legal@nash.io.
o Comments and User Content. Certain features on the Website or Services may allow you to submit content that is designed to be visible to other users, such as comments, recommendations and other content on message boards, forums and chat rooms. Any information that you disclose in these submissions becomes pub-lic, along with your username, any image or photo, or other information that you have made available. The Website and the Services may also allow you to submit geolocation data that may be associated with your content (both within Nash Ex-change and publicly on the Website and the Services).
• Information from public registers (debt collection registers, commercial registers, land regis-ters);
• Information on compliance with legal requirements (e.g. combating money laundering and export restrictions);
• Information we receive from you through the contact form on the Website;
• Information about you that we receive from people around you (family, advisors, legal rep-resentatives, et al.) so that we can conclude contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney);
• Information related to your professional functions and activities;
• Information about you in correspondence and discussions with third parties;
• Creditworthiness information;
• Information from banks, insurance companies, distributors and other contractual partners of ours on the use or provision of services by you (e.g. payments made/purchases made); as well as
• References for applications.
Use of Data and Legal Basis
We process the Data collected in order to guarantee the performance of our Services or for contract processing, invoicing and communication purposes. The processing of Data is also necessary for the fulfilment of legal obligations and lies in our legitimate interest. Furthermore, we process per-sonal data, as far as permitted and necessary, for the following purposes, in particular but not lim-ited to those in which we (and also third parties) have a legitimate interest corresponding to the purpose:

• Providing our products and services and improving them over time;
• Allowing you to download and purchase products and services;
• Personalizing and managing our relationship with you, including introducing you to prod-ucts or services that may be of interest to you or providing customer support;
• Investigating, responding to, and managing inquiries or events;
• Working with and responding to law enforcement and regulators; and
• Researching matters relating to our business, such as security threats and vulnerabilities.
Where you have given your consent to the processing of your Data, we will process the Data within the Scope of, and based on, your consent to the contents of this Privacy Notice, insofar as we have no other legal basis. Given consent can be revoked for the future at any time.
Data Transfer to Third Parties and Trans-Border Data Flows
As part of our business activities, we may disclose Data to third parties (such as Providers, authori-ties and other business partners) in Liechtenstein, Switzerland, the EU or other countries for the purposes set out in this Privacy Notice and where appropriate. We may also be required to disclose Data in order to comply with legal or regulatory requirements.
If we transfer Data to a country without adequate legal data protection, we ensure an adequate level of protection by means of data transfer agreements (namely, on the basis of the so-called standard contractual clauses of the European Commission). We also may rely on the statutory exceptions of consent, contract and mandate processing, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data, or do so because it is necessary to pro-tect your integrity. Please contact us if you would like a copy of our data transfer agreements.
Duration of Storage
We will process and store the Data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators responsible for laws or regulations to which Nash Exchange is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, personal data are routinely blocked or erased in accord-ance with legal requirements.
Use of our Website
Each time you access our Website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
• Information about the browser type and the version used;
• The User's operating system;
• The IP address of the User;
• Date and time of access;
• Websites from which the User's system accesses our Website;
• Page viewed on the Website.
The IP addresses are stored in the log files of our system.
Purposes of data processing and legal basis
The temporary storage of the IP address by the system is necessary to enable delivery of the Website to the User's computer. For this purpose, the IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the Website. The data is also used to optimize the Website and to ensure the security of our information technology systems. Our legiti-mate interest in data processing also lies in these purposes.
Cookies
The Website uses cookies. Through the use of cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting. Cookies are text files that are stored in a computer system via an Internet browser. By means of a cookie, the information and offers on our Website can be optimized with the user in mind.
You may, at any time, prevent the setting of cookies through our Website by means of a correspond-ing setting of the Internet browser used and may thus permanently deny the setting of cookies. Fur-thermore, cookies already set may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our Website may be entirely usable.
Google Analytics
On our Website we use Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies, which are saved on your computer and which enable an analysis of the use of the Website. If individual pages of our Website are accessed, the following data is stored:
(1) The IP address of the User's calling system;
(2) The accessed website;
(3) The website from which the User has accessed the accessed website (referrer);
(4) The sub-pages accessed from the accessed website;
(5) The time spent on the website;
(6) The frequency with which the website is accessed.
As far as legally permitted, IP addresses are not stored completely and are only processed further in abbreviated form.
The information generated by Google’s cookies about your use of this website is usually transferred to a Google server in the USA and stored there. On our behalf, Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide us with other services relating to the Website. Google will shorten the User's IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the User's browser within the scope of Google Analytics is not merged with other Google data.
More information on Google: http://www.google.com/intl/de/analytics/learn/privacy.html.
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Plugins
On our Website, social plugins ("Plugins") from social networks can be used. However, this Privacy Notice only applies to our Website. We have no responsibility or liability for the content and activi-ties of any third-party websites that can be linked on our Website. For further information, please refer to the data protection information of the respective third-party website providers, such as:
• The applicable data protection provisions of Twitter:
https://twitter.com/privacy?lang=en
• YouTube's data protection provisions, which provide information about the collection, pro-cessing and use of personal data by YouTube and Google:
https://www.google.com/intl/en/policies/privacy/
• Medium's data protection provisions:
https://help.medium.com/hc/en-us/articles/213481328-Medium-Privacy-Policy
• LinkedIn's data protection provisions:
https://www.linkedin.com/legal/privacy-policy
• Instagram's data protection provisions:
https://help.instagram.com/402411646841720
Your Rights
You have the right to information, correction, limitation of data processing, deletion of your Data, objection, revocation of the declaration of consent for the future under data protection law and data transferability within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR) insofar as the corresponding requirements under Art. 17 GDPR have been met.
In addition, you have the right to assert your claims in court or to file a complaint with the respon-sible data protection authority.
Security
Nash Exchange has various technical, organizational and physical safeguards in place to help pro-tect your Data against unauthorized access. Under our security practices and policies, access to Data is authorized only for those who have a business need for such access, and sensitive records are to be retained only as long as necessary for business or legal needs and destroyed before dis-posal.
We work hard to protect Data that we collect from you and store. If you become aware of any unau-thorized attempt to access, use or disclose personal data, please email us immediately. We will work relentlessly to address any problems.

Contact Our Privacy Team
Please feel free to contact us if you have any questions about our Privacy Notice or practices. You may contact us at legal@nash.io.
Amendments to This Privacy Notice
We reserve the right to change this Privacy Notice at any time without notice. We will notify you of any changes by posting the updated Privacy Policy on our Website. If the Privacy Notice is part of an agreement with you, we will email you an updated Privacy Policy or otherwise provide you with ap-propriate information. Any changes we make will be effective from the date we post them on our Website.

Neon Exchange AG
Triesen, 21 August 2023