Dear User,

As of May 25, 2018, all entities processing personal data are required to apply the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter " GDPR").

Accordingly, the administrator of this website www.tokenguard.io (hereinafter the " Tokenguard Platform"), which is Block Solutions spółka z ograniczoną odpowiedzialnością based in Warsaw, address: ul. Foksal 3/5, 00-366 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under the number KRS 752060, NIP: 7252284130, REGON: 381666258 (hereinafter " Tokenguard"), in order to comply with the information obligation set out in Articles 13 and 14 of the GDPR, informs that the provisions of this Privacy Policy (hereinafter " Privacy Policy") apply to the personal data of the Users of the Tokenguard Platform.

In this Privacy Policy, we would like to provide you with information about us and the nature, scope and purposes of data processing, and thus familiarize you with the processing of your personal data within the Tokenguard Platform.

Tokenguard respects Users' right to privacy and states that it makes every effort not to collect any data except that which is necessary for the proper functioning of Tokenguard Service or that which collection is intended to enhance the usefulness of the Tokenguard Platform.

Privacy Principles

In the interest of the security of your personal information, we have implemented procedures to prevent breaches of security and comply with applicable law, including but not limited to:

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
2. The Personal Data Protection Act of 10 May 2018. (Journal of Laws of 2019, item 1781 as amended);
3. The Act on the provision of services by electronic means of July 18, 2002 (Journal of Laws of 2020, item 344 as amended).

Tokenguard protects your personal data against unauthorized access, loss, destruction or unauthorized modification, as well as against processing in violation of applicable laws.

Basis of the process personal data

By using the Tokenguard Platform, you acknowledge and agree to the collection, storage, use, disclosure and other exploitation of your Personal Data by Tokenguard under the terms of this Privacy Policy. The processing of your Personal Data is necessary for the performance of our contractual obligations to you and the provision of our Service to you under the terms of the Tokenguard Terms and Conditions that you have accepted, as well as for our business needs.

We process your data for the following purposes and on the following grounds:

1. When you conclude an agreement with us for the use of the Tokenguard Platform –we process your data to the extent necessary for the conclusion and performance of this agreement. Otherwise, we would not be able to provide you with the Service and you would not be able to use it. Failure to provide such data will prevent us from concluding and performing the agreement (Article 6(1)(b) GDPR);
2. By concluding an agreement with us with us for the use of the Tokenguard Platform on behalf of and forthe benefit of your organization – we process your data on the basis of a legitimate interest within the meaning of Article 6(1)(f) of the GDPR, which is our performance of our rights and obligations under that contract. otherwise, we would not be able to provide the organisation you represent with the service and the organisation would not be able to use the service;
3. When you use the Tokenguard Platform as an End User – we process your data on the basis of a legitimate interest within the meaning of Article 6(1)(f) of the GDPR, which is our performance of our rights and obligations under this contract for the benefit of the Customer on whose behalf and for whose benefit you use the Tokenguard Platform. Providing your personal data may be a business obligation or may be necessary for the

Customer to fully benefit from the services provided on the Tokenguard Platform; iv.Legitimate interests of the Administrator on the basis of Article 6(1)(f) of the GDPR). Such legitimate interests are in particular:

• ensuring the security of the service (e.g. checking that no unauthorised person logs into your account),
• making statistical measurements, improving our services and adjusting them to your needs and convenience (e.g. personalizing content on services),
• to conduct direct marketing or promotion of our services,
• for marketing purposes and to customise the content of our services, we may also analyse the content that you have viewed or viewed on the pages you have visited and how they were launched or displayed,
• to assert, preserve, or defend against claims.

v.Processing is necessary in order to comply with legal obligations under the law (legal basis Article 6(1)(c) GDPR).

Collected data

In order to enter into and perform the contract entered into with you or the Customer on whose behalf or for whose benefit you use the Tokenguard Platform and thereby provide the services on the Tokenguard Platform, we may ask you to provide the following personal data:

1. Identifying information – including but not limited to your first and last name, which we use to verify your identity,
2. Contact information – including but not limited to your phone number, email address, other communication channels you use to contact us for further information. We use this to verify you as our User and to contact you for various reasons depending on the purpose.

Tokenguard may also acquire the following categories of data:

1. Device information – among other things, information about your devices or browsers, that indicates your online behavior or device usage. Information about your devices is collected by the System, and information about your browsers is collected by our cookie tags and pixels. This is often required for network security reasons. This includes, but is not limited to, your IP address, the date and time you accessed the System, the length of your stay, the amount of data transferred, the referring URL (if you came to our website from another website or through an advertisement), the pages visited on our website, your browser type (language and software version), browser add-ons, device ID and features, device type and version, operating system.

Recipients of personal data

The recipients of your personal data may be:

1. entities providing services ensuring appropriate technical and organizational solutions of the Administrator (e.g. IT service providers, entities providing maintenance services);
2. entities providing legal services, in case of the need to assert due claims (including courts or enforcement authorities) or financial services (e.g. banks);
3. entities entitled on the basis of commonly binding legal regulations;
4. entities entitled to perform inspection, supervision or audit, including also Administrator's bodies or certification bodies.

We will attempt to notify you of lawful requests for your data, unless prohibited by law or decision court or if the request is urgent. We may challenge such requests if we believe they are overly broad, vague or unlawful.

Term of keeping the data

Processing period.

We process your data for as long as you use the Tokenguard Platform. As soon as you stop using our services without requesting that we delete your data, we will keep it until your account on the Tokenguard Platform is terminated.

Retention Period.

If you choose to terminate your account, all of your Data held by Tokenguard will be deleted, except for Data needed for Tokenguard to comply with its legal obligations under the law and to meet statutory limitation periods. The Data will not be deleted, but only minimized to the extent necessary. The Data will be stored no longer than until the end of the calendar year in which the longest limitation period for potential claims under civil contractual or tort liability related to the cooperation within the Tokenguard Platform expires, as permitted under applicable law.

Your rights

Withdrawal of consent.

You may withdraw your consent – in cases requiring your consent to processing – for future processing at any time. However, this does not affect the lawfulness of the processing based on the consent given before the withdrawal. In certain cases, we may continue to process your data after you have withdrawn your consent if we have another legal basis for doing so or if your withdrawal of consent was limited to specific processing activities.

Right of Access

You have the right to obtain (i) confirmation as to whether we are processing your data and, if so, (ii) more detailed information about that data. Such more detailed information includes, but is not limited to, the purposes of the processing, the categories of Data, the potential recipients or the period of storage.

Right to rectification

You have the right to have inaccurate Data concerning you rectified by Tokenguard. If the Data we are processing is incorrect, we will correct it without undue delay and notify you of such corrections. Note: (i) you can correct your Data in the settings.

Right to erasure

You have the right to delete the Data that we hold about you. If you choose to do so, please go to your account settings in the System. Deletion of Data may limit or prevent your use of the System.

Right to data portability

You have the right: (i) to receive a copy of your Data in a structured, commonly used and machine-readable format, and (ii) to have that Data transferred to another Data Controller without hindrance from us.

Right to object

You have the right to object at any time to the processing of Data based on our legitimate interest. This also applies to profiling based on these provisions. You also have the right to object to the processing of Data for marketing purposes.

Right to Restrict Processing

You have the right to restrict our processing of your Data in the following cases:

1. you are of the opinion that the processing of your Data is unlawful, but you do not want it deleted;
2. you still need the Data to establish or assert legal claims or to defend against such claims; or'
3. you have objected to the processing on the basis pursuant to Section 6 above.

Exercise of Your Rights

In order to exercise your rights as well as if you have any questions about the Administrator's privacy practices and processing of your Personal Data, please contact us as follows:

1. at email address: contact@tokenguard.io or
2. in writing by sending correspondence to the following address: [_].

Please note, that each such request, demand or objection will be previously verified by us in accordance with the applicable data protection regulations. These rights are not unlimited, the regulations provide for exceptions to their application.

Right to lodge a complaint

You also have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of your personal data violates the provisions of the GDPR.

Transfer of data to non- European Economic Areacountries

Your personal data may be transferred outside the European Economic Area (EEA) to entities that meet an adequate level of protection, by:

1. working with processors of personal data in countries for which a relevant European Commission decision has been issued,

2. using standard contractual clauses issued by the European Commission.

Automated processing of data

Your personal data will be processed by automated means (including profiling), however this will not produce any legal effect on you or similarly significantly affect you.

Amendments to the Privacy Policy

We periodically review and update our Privacy Policy to reflect changes due to our ongoing business operations. You can always check the date of the Privacy Notice to find out when we last made changes. We will notify you when we make significant changes that you should be aware of.