Crypto Dispensers Privacy Policy

We at Crypto Dispensers (defined below) respect and protect the privacy of visitors to our websites and our customers. This Privacy Policy describes our information handling practices when you access our services, which include our content on the websites located at CryptoDispensers.com or any other websites, pages, features, or content we own or operate (collectively, the "Site(s)") or when you use the Crypto Dispensers mobile app any Crypto Dispensers API or third party applications relying on such an API, and related services (referred to collectively hereinafter as "Services").

Please take a moment to read this Privacy Policy carefully. If you have any questions about this Policy, please submit your request via our Support Portal at help@cryptodispensers.com

• ACCEPTANCE OF THIS PRIVACY POLICY

By accessing and using our Services, you signify acceptance to the terms of this Privacy Policy. Where we require your consent to process your personal information, we will ask for your consent to the collection, use, and disclosure of your personal information as described further below. We may provide additional "just-in-time" disclosures or information about the data processing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data.

If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our Services.

• CHANGES TO THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by email (sent to the email address specified in your account), by means of a notice on our Services prior to the change becoming effective, or as otherwise required by law.

• THE PERSONAL INFORMATION WE COLLECT

Personal information is data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.

1. Information you provide to us

To establish an account and access our Services, we'll ask you to provide us with some important information about you. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services (e.g. you will need to provide your bank account number if you'd like to link that account to CD), or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information.

Please note that we may not be able to serve you as effectively or offer you our Services if you choose not to share certain information with us. Any information you provide to us that is not required is voluntary.

We may collect the following types of information from you:

• Personal Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.

• Formal Identification Information: Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.

• Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.

• Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.

• Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.

• Employment Information: Office location, job title, and/or description of role.

• Correspondence: Survey responses, information provided to our support team or user research team.

• Information we collect from you automatically

We receive and store certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

• Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.

When you use certain features of our service, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device's GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device's settings menu. We may also collect this information even when you are not using the app if this connection is enabled through your settings or device permissions. The legitimate interests that we pursue with this processing is the identification of location-specific problems (i.e. coverage problems for SMS-sending purposes) and other statistical information, which helps us improve our services.

• Usage Data: Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.

We collect information about your interactions with our service such as your usage of any Apps or Functionalities, and other interactions with our service. The legitimate interests that we pursue with this processing is a collection of crash reports and other statistical information, which helps us improve our services.

For example, we may automatically receive and record the following information on our server logs:

• How you came to and use the Services;

• Device type and unique device identification numbers;

• Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);

• How your device interacts with our Sites and Services, including pages accessed and links clicked;

• Broad geographic location (e.g. country or city-level location); and

• Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.

We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third-party site.

• Information collected from third parties

From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include:

• Public Databases, Credit Bureaus & ID Verification Partners: We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like World-Check use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanction lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others. World-Check's Privacy Policy, available at https://www.refinitiv.com/en/products/world-check-kyc-screening/privacy-statement/, describes its collection and use of personal data.

• Blockchain Data: We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.

• Joint Marketing Partners & Resellers: For example, unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.

• Advertising Networks & Analytics Providers: We work with these providers to provide us with de-identified information about how you found our Sites and how you interact with the Sites and Services. This information may be collected prior to account creation - for more information on how you can manage collection of this data, please see our Cookie Policy.

• ANONYMIZED AND AGGREGATED DATA

Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated customer data (i.e. information about our customers that we combine together so that it no longer identifies or references an individual customer).

Crypto Dispensers may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.

Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators

• HOW YOUR PERSONAL INFORMATION IS USED

Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising; and for loss prevention and anti-fraud purposes. We may use this information in the following ways:

1) To maintain legal and regulatory compliance

Most of our core Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. For example, CD must identify and verify customers using our Services in order to comply with anti-money laundering laws across jurisdictions. This includes collection and storage of your photo identification. In addition, we use third parties to verify your identity by comparing the personal information you provide against third-party databases and public records. When you seek to link a bank account to your CD Account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not provide personal information required by law, we will have to close your account.

2) To enforce our terms in our user agreement and other agreements

CD handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted user agreement or agreements for other Services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your personal information collected for these purposes. The consequences of not processing your personal information for such purposes is the termination of your account.

3) To detect and prevent fraud and/or funds loss

We process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our services and to protect you against account compromise or funds loss.

4) To provide Services

We process your personal information to provide the Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact information, and payment information. We cannot provide you with Services without such information.

5) To provide Service communications

We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.

5) To provide customer service

We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

7) To ensure quality control

We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.

8) To ensure network and information security

We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services.

9) For research and development purposes

We process your personal information to better understand the way you use and interact with Our Services. In addition, we use such information to customize, measure, and improve Our Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services.

10) To enhance your experience

We process your personal information to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.

11) To facilitate corporate acquisitions, mergers, or transactions

We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.

12) To facilitate corporate acquisitions, mergers, or transactions

Based on your communication preferences, we may send you marketing communications (e.g. emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.

13) For any purpose

We may disclose your personal information for any purpose you consent to. The following chart summarizes how we use the categories of personal information we collect from consumers:

Personal Information Category (see “The Personal Information We Collect” heading above for more information) Sources of Personal Information Purpose of Collecting Personal Information Disclosure of Personal Information (see “Why We Share Personal Information with Other Parties” heading below for more information)

(A) Identifiers such as Personal Identification Information Information you provide us; Information collected from third parties Sections 1, 2, 3, 4, 5, 6, 8, 9, 11, 12 - Third party identity verification services

- Financial institutions

- Service providers

- Professional advisors

(B) Customer records such as signature Information you provide us; Information collected from third parties Sections 1, 2, 5, 6, 11 - Third party identity verification services

- Financial institutions

- Service providers

(C) Protected classifications under California and federal law, including gender, age and citizenship Information you provide us; Information collected from third parties Section 1 - Third party identity verification services

- Professional advisors

(D) Commercial information such as records of services purchased, obtained, or considered Information you provide us; Information we collect from you automatically; Information collected from third parties Section 3, 4, 5, 6, 8, 9, 10, 11, 12 - Third party identity verification services

- Financial institutions

- Service providers

- Professional advisors

(E) Biometric information Information you provide us Section 1 - Third party identity verification services

- Financial institutions

(F) Usage Data Information we collect from you automatically Sections 2, 3, 4, 6, 7, 8, 9, 10, 12 - Third party identity verification services

- Service providers

- Professional advisors

(G) Online Identifiers Information we collect from you automatically Sections 1, 3, 9, 12 - Third party identity verification services

- Service Providers

(H) Sensory data, such as audio, electronic, visual information Not collected Not applicable Not applicable

(I) Professional or employment-related information Information you provide us; Information collected from third parties Sections 1, 12 - Third party identity verification services

- Service providers

(J) Inferences about preferences, characteristics, predispositions, etc. Information you provide us; Information we collect from you automatically Sections 9, 10, 12 - Service providers

- Professional advisors

We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time, and as required under the applicable law, we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to so limit the use of your personal information, certain features or CD Services may not be available to you.

• EEA Data Subjects

• Legal Bases for Processing your Information

For individuals who are located in the European Economic Area, United Kingdom or Switzerland (collectively “EEA Residents”) at the time their personal data is collected, we rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”). We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect CD's or your, property, rights, or safety, or where we have obtained your consent to do so. Below is a list of the purposes described in our policy with the corresponding legal bases for processing.

Section & Purpose of Processing Legal Bases for Processing

(2) To enforce our terms in our user agreement and other agreements

(4) To provide Crypto Dispensers's Services

(5) To provide Service communications

(6) To provide customer service

(7) To ensure quality control Based on our contract with you or to take steps at your request prior to entering into a contract.

(9) For research and development purposes

(10) To enhance your experience

(11) To facilitate corporate acquisitions, mergers, or transactions

(12) To engage in direct marketing activities Based on our legitimate interests. When we process your personal data for our legitimate interests, we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.

(1) To maintain legal and regulatory compliance

(3) To detect and prevent fraud and/or funds loss

(8) To ensure network and information security Based on our legal obligations. obligations, the public interest, or in your vital interests.

(10) To enhance your experience

(12) To engage in third party marketing activities

(13) For any purpose Based on your consent.

• Marketing

Direct Marketing: Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means (email or SMS) based on our legitimate interests, as permitted by applicable law, or your consent. To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via our Support Portal. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services.

Third Party Marketing: We will obtain your express consent before we share your personal information with any third parties for marketing purposes.

• WHY WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES

We take care to allow your personal information to be accessed only by those who require access to perform their tasks and duties, and to share only with third parties who have a legitimate purpose for accessing it. Crypto Dispensers will never sell or rent your personal information to third parties without your explicit consent. We will only share your information in the following circumstances:

• With third party identity verification services in order to prevent fraud. This allows CD to confirm your identity by comparing the information you provide us to public records and other third-party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with the provision of identity verification and fraud prevention services. For example:

o We may use Onfido, Limited (collectively “Onfido”) to verify your identity by determining whether a selfie you take matches the photo in your government issued identity document. The information collected from your photo may include biometric data. Onfido Privacy Policy.

o If you are based in the US, CD may use Plaid, Inc. ("Plaid") to verify your bank account and confirm your bank account balance prior to approving a transaction. Information shared with Plaid is treated by Plaid in accordance with its Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy.

• With financial institutions with which we partner to process payments you have authorized.

• With service providers under contract who help with parts of our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with (other than those mentioned above) include:

o Network infrastructure

o Cloud storage

o Payment processing

o Transaction monitoring

o Security

o Document repository services

o Customer support

o Internet (e.g. ISPs)

o Data analytics

o Information Technology

o Marketing

• With companies or other entities that we plan to merge with or be acquired by. You will receive prior notice of any change in applicable policies.

• With companies or other entities that purchase CD assets pursuant to a court-approved sale or where we are required to share your information pursuant to insolvency law in any applicable jurisdiction.

• With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.

• With law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our User Agreement or any other applicable policies.

If you establish a CD Account indirectly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on a CD website) will be shared with the owner of the third party website or application and your information will be subject to their privacy policies.

• THIRD-PARTY SITES AND SERVICES

If you authorize one or more third-party applications to access your CD Services, then information you have provided to CD may be shared with those third parties. A connection you authorize or enable between your CD account and a non-CD account, payment instrument, or platform is considered an “account connection.” Unless you provide further authorization, these third parties are not allowed to use this information for any purpose other than to facilitate your transactions using CD Services. Please note that third parties you interact with may have their own privacy policies, and CD is not responsible for their operations. Information collected by third parties, which may include such things as contact details or location data, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

Examples of account connections include:

• Merchants: If you use your CD account to conduct a transaction with a third-party merchant, the merchant may provide data about you and your transaction to us.

• Your Financial Services Providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction.

Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party's privacy practices. Please review the privacy notice of any third-party that will gain access to your personal information.

• Electronic Fund Transfers (“EFTs”) and Account Balances.

Crypto Dispensers has partnered with financial services software company Sila Inc. to offer you EFTs. When you create a Crypto Dispensers Account, you might also be prompted to sign up for a Sila Account. You authorize Crypto Dispensers to share your identity and banking information with Sila Inc. to open and support your Crypto Dispensers Account. It is your responsibility to make sure the data you provide us is accurate and complete. You must comply with Sila Inc.’s privacy policy (the “Sila Privacy Policy”) when creating or using your Crypto Dispensers Account. The Sila Privacy Policy may be modified from time to time, and the governing version is incorporated by reference into this Privacy Policy. Any term not defined in this paragraph but defined in the Sila Privacy Policy assumes the meaning as defined in the Sila Privacy Policy.

• California Privacy Rights

If you are a resident of the State of California, under the California Consumer Privacy Act (CCPA), you have the right to request information on how to exercise your disclosure choice options from companies conducting business in California. Specifically:

Exercising the right to know. You may request, up to twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:

o the categories and specific pieces of personal information we have collected about you;

o the categories of sources from which we collected the personal information;

o the business or commercial purpose for which we collected the personal information;

o the categories of third parties with whom we shared the personal information; and

o the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.

• Exercising the right to delete. You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.

• Exercising the right to opt-out from a sale. You may request to opt out of any “sale” of your personal information that may take place.

• Non-discrimination. The CCPA provides that you may not be discriminated against for exercising these rights.

To submit a request to exercise any of the rights described above, you may contact Crypto Dispensers either via email to help@cryptodispensers.com or contact us via postal mail, proper postage prepaid, at:

Virtual Assets LLC, Attn: Your California Privacy Rights

7021 W 153rd St. Suite 3, Orland Park, IL 60462, United States

Please indicate your preference as to how you would like us to respond to your request (i.e., email or postal mail).

All requests sent via postal mail must be labeled “Your California Privacy Rights” on the envelope or postcard and clearly stated on the actual request. For all requests, please include your name, street address (if you would like a response via postal mail), city, state, and zip code. We may need to verify your identity before responding to your request, such as verifying that the email address or contact information from which you send the request matches your email address or contact information that we have on file. Authentication based on a government-issued and valid identification document may be required. We will not accept requests via telephone or fax. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.

• HOW WE PROTECT AND STORE PERSONAL INFORMATION

We understand how important your privacy is, which is why CD maintains (and contractually requires third parties it shares your information with to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfill their job responsibilities. Full credit card data is securely transferred and hosted off-site by payment vendors like Worldpay, (UK) Limited, Worldpay Limited, or Worldpay AP Limited (collectively “Worldpay”) in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to CD or Crypto Dispensers staff. However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity. You are responsible for keeping this password confidential. We ask you not to share your password with anyone, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

If you know or have reason to believe that the credentials of your Online account have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Account, please contact us following the instructions in the Contact Us section below. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Online account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.

• RETENTION OF PERSONAL INFORMATION

We store your personal information securely throughout the life of your CD Account. We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.

• Personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws.

• Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.

• Content that you post on our website such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).

• Recording of our telephone calls with you may be kept for a period of up to six years.

• Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.

• CHILDREN'S PERSONAL INFORMATION

We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, CD will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

• CROSS BORDER TRANSFERS

To facilitate our global operations, CD may transfer, store, and process your information within our family of companies, partners, and service providers based throughout the world, including Ireland, Japan, the UK, the US, the Philippines, and possibly other countries. We contractually obligate recipients of your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws. By communicating electronically with CD, you acknowledge and agree to your personal information being processed in this way.

If you have a complaint about our privacy practices and our collection, use or disclosure of personal information please submit your request via our Support Portal.

• YOUR PRIVACY RIGHTS

Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information identified below. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, CD has absolute discretion in providing you with those rights.

Your rights to personal information are not absolute. Depending upon the applicable law, access may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

• Access and portability. You may request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller.

• Rectification of incomplete or inaccurate personal information. You may request us to rectify or update any of your personal information held by CD that is inaccurate. You may do this at any time by logging in to your account and clicking the Profile or My Account tab.

• Erasure. You may request to erase your personal information, subject to applicable law. If you close your CD Account, we will mark your account in our database as "Closed," but will keep certain account information, including your request to erase, in our database for a period of time as described above. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account, and to comply with CD's legal obligations. However, if you close your account, your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.

• Withdraw consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of CD's processing based on consent before your withdrawal.

• Restriction of processing. In some jurisdictions, applicable law may give you the right to restrict or object to us processing your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

• Automated individual decision-making, including profiling. CD relies on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

• Objection to Processing. In some jurisdictions, applicable law may entitle you to require us not to process your personal information for certain specific purposes (including profiling for marketing purposes) where such processing is based on a legitimate interest. If you object to such processing we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing, or such processing is required for the establishment, exercise or defense of legal claims. Please note that Data Controllers which are regulated financial institutions, such as credit institutions, e- money institutions or similar are obliged under AML laws to make risk profiling of their customers upon opening of the relationship and constantly during the relationship and this is a legitimate reason. In case you do not wish us to process your personal data for certain specific purposes, which are legitimate purposes to us, you shall have to close your account or we may have to stop providing you some or all of the Services, subject to all conditions for the closing of the account, specified above in this Section. Where your personal information is processed for direct marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to the contact e-mails below.

• How to make a privacy request

You can make privacy rights requests relating to your personal information by going to your User Account or, if you cannot access the Dashboard, by contacting us via our Support Portal. Our Dashboard also allows you to set your communication preferences and make individual rights requests relating to your personal information. We strongly encourage you to make any individual rights requests through the Privacy Rights Dashboard because it ensures that you have been authenticated already (based on the KYC information you have provided to open your account and by providing the necessary login credentials and multi-factor authentication to access the account). Otherwise, when we receive an individual rights request via other intake methods, we may take steps to verify your identity before complying with the request to protect your privacy and security.

• How to lodge a complaint

If you believe that we have infringed your rights, we encourage you to first submit a request via our Support Portal so that we can try to resolve the issue or dispute informally. If that does not resolve your issue, you may contact the CD Data Protection Officer at help@cryptodispensers.com

Should CD engage in any of the activities listed in this section, your ability to exercise these rights will be made available to you in your account settings. You can exercise your rights by going to your Privacy Rights Dashboard or contacting us via our Support Portal so that we may consider your request.

If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf or are unable to verify their identity.

• HOW TO CONTACT US

If you have questions or concerns regarding this Privacy Policy, or if you have a complaint, please contact us on our support page or by sending an email to help@cryptodispensers.com

‍