Privacy & Cookie Policy

Version 1.6

Last updated on: 18 October 2023

This Privacy & Cookie Policy (the “Privacy Policy”) is adopted by Programmable Equity OÜ (registry code 16320994, hereinafter “we” or “KOOS”).

We provide software and technology through our website www.koos.io and KOOS mobile application (the “KOOS Environment”) that helps companies and other organisations (the “Issuers”) to reserve and register virtual shares (the “Virtual Shares”) to pre-selected persons (the “Contributors").

In the KOOS Environment, the Contributors that comply with the conditions of the terms of the Virtual Shares can complete actions required by the Issuer to accept the Virtual Shares after which they will be registered as the holders of respective Virtual Shares (“Virtual Shareholders”) in the virtual share register (“Register”). The Virtual Shares are attached with certain rights, benefits and obligations, which are recorded in the terms and conditions of respective Virtual Shares (the “Terms of Virtual Shares”).

If the Issuer reserves and issues you Virtual Shares, the Issuer is the data controller of your personal data collected during your use of the KOOS Environment. For any personal data related requests and to see the privacy terms applicable in relation to Virtual Shares, please contact the Issuer. For any personal data related requests where KOOS acts as the controller as described in this Privacy Policy, please contact KOOS.

This Privacy Policy sets out the data processing principles adopted by KOOS.

Issuers using KOOS Environment have previously also issued and registered tokens which represent various rights as specified in respective terms and conditions of respective Virtual Shares. Although in these Terms we only use the term ‘virtual share’, they continue to apply also to our data processing activities in relation to such tokens. Therefore, references to ‘virtual shares’ in these Terms refer also to ‘tokens’ unless the context requires otherwise.

Unless otherwise defined in the Privacy Policy, the terms such as personal data, data subject, data processing, controller and processor are used in the meaning given to them in Article 4 of the General Data Protection Regulation (2016/679/EU; the “GDPR”).

In case these Terms are published also in a language other than English and there is any discrepancy or conflict between the English version and the version in other language, then the English language version shall prevail.

1. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?
   1. When Issuers have decided to reserve and/or issue Virtual Shares to Contributors we process personal data that is submitted to us by respective Issuers (i.e., contact details) and personal data that Issuers have asked us to collect from Contributors or Virtual Shareholders. In such situations, we act as the data processor for the Issuer.
   2. We process your personal data that is submitted to us directly by you while using KOOS Environment in relation to the Virtual Shares. In such situations, we act as the data processor for Issuer.
   3. We also process personal data that is submitted to us directly by you if you contact us with a query or question via KOOS Environment or via any other channel (by sending an e-mail, for example). In such a case we process your personal data included in the inquiry to the extent that is necessary to respond to you. In such situations, we act as data controller.
   4. We also process usage data collected during your use of KOOS Environment through cookies, if you have consented to use of such cookies. Please see our Cookie Policy section below for more details. In such situations, we act as data controller.
   5. The personal data we process through KOOS Environment may include the following:
      1. contact details: first and last name, email address and mobile number to enable us to provide services to Issuers as a data processor to Issuer;
      2. usage data: information about how KOOS Environment is used, to amend and better adapt the experience to you as data controller;
      3. identity data: if at the request of the Issuer we need to collect your identity data, we may require your first name and last name, date of birth, address details (country of residence; city or county, municipality; street, house and apartment number and postal code), username, personal identification code or other identifier, identity document number, issue and expiry dates of the document, and a copy of an identity document as a data processor to Issuer. This data may vary from country to country, and we may be required to verify your input from other sources. If you accept the Virtual Shares as a legal person, we may request information about the representatives of legal person (first name and last name, title of the representative);
      4. virtual share data: through the KOOS Environment, Issuers register the information about reserved and issued Virtual Shares per each Contributor or the Virtual Shareholder, this includes the number of Virtual Shares, information on transfers of Virtual Shares, and other details related to Virtual Shares. We receive and process such data as a data processor to Issuer;
      5. payment details: in order to make payments to you under a Virtual Share, the Issuer needs to have your payment details and we may collect and process data about your payment account and other required payment details, e.g., the amount. We receive and process such data as a data processor to the Issuer.
   6. The source of information and our role regarding these types of personal data are summed up below:

      * We may process such personal data as the data controller on the basis of our own legitimate interests.

      Personal data	Provided to us	Our role
      Contact details	By the Issuer(s)	Data processor *
      Virtual share data	By the Issuer(s)	Data processor *
      Identity data, payment details and transaction details	By you at the request of the Issuer	Data processor *
      Usage data	Through your use of KOOS Environment	Data controller
      Contact details of your request	If you submit requests to us	Data controller

2. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
   1. We process your personal data to enable Issuers to reserve and/or issue Virtual Shares to you through KOOS Environment (please read the Terms of Virtual Shares under which the Virtual Shares are issued and privacy terms as adopted by the Issuer). Legal basis for such data processing by us as the data processor is an agreement with the Issuer. For information about the legal basis between you and the Issuer, please contact the Issuer.
   2. We may also process your personal data based on your consent. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process your personal data on the terms provided in the consent that you have granted to us. For example, based on your consent we may use cookies and process KOOS Environment usage data.
   3. We may process your personal data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation or if information is requested from us by the court or other authority. Legal basis for such data processing is GDPR Article 6-1-(c).
   4. In certain specific situations we might also process your personal data where this is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). As an example, we may need to process your usage data in the role of the data controller to protect our legal interests in the event of any legal disputes. In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment.
3. WHEN DO WE SHARE YOUR PERSONAL DATA?
   1. To the extent this is necessary for the provision of services to Issuers through KOOS Environment and as agreed with Issuer, we may use sub-processors and share your personal data with certain third parties, incl. payment service providers facilitating payments under the respective Terms of Virtual Shares.
   2. We may share your personal data with third party suppliers providing services to us, e.g., IT service suppliers, operators of the mobile device operating systems, or other service providers. At the moment of adopting this Privacy Policy, we use the following service providers:
      1. Contractors and companies that support us on specific aspects of our business such as IT, accounting, and legal advice; and
      2. Google Analytics, LinkedIn Insight Tag and HubSpot to analyse the use of our KOOS Environment (see Cookies).
4. HOW LONG IS YOUR PERSONAL DATA RETAINED?
   1. As a data processor, we retain your personal data as long as we have a valid agreement with the Issuer or as long as requested by Issuer. Please contact the Issuer (your data controller) if you want to have more detailed information concerning the retention periods of your data related to the services made available by Issuers through KOOS Environment.
   2. When we are in a role of data controller, we retain your personal data until the end of applicable limitation periods. If we process your data related to the request you have made to us, applicable retention period is 3 years as of deletion of your user account in KOOS Environment or termination of the respective Terms or Virtual Shares. Retention period related to use of cookies is provided in Section 6.
5. HOW DO WE PROTECT YOUR PERSONAL DATA?
   To protect your personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.
6. COOKIES
   1. KOOS Environment uses cookies. This section incorporates our cookie policy (the Cookie Policy) that applies when you use our koos.io website (the Website).
   2. Cookies are small data files stored on your hard drive by a website. Cookies help us monitor and improve the functionality and usage of KOOS Environment. We can use cookies to see which areas and features are popular and to count visits to our KOOS Environment to recognise you as a returning visitor and to tailor KOOS Environment.
   3. The cookies we use on our Website are:
      1. strictly necessary cookies that are essential to help you move around the Website and use its features. No information identifying a visitor is collected;
      2. performance cookies that collect information about how visitors use our Website and help us improve site performance. No information identifying a visitor is collected;
      3. functional cookies that help us record visitor preferences and allow for personalized content. Your activity on other websites is not tracked;
      4. targeting cookies that deliver adverts relevant to a visitor’s interests. These cookies record which websites you have visited and share the information with other organizations.
   4. The specific cookies that our KOOS Environment uses are the following:

      Cookie	Description	Duration	Type
      XSRF-TOKEN	This cookie is set by KOOS and written to help with site security in preventing Cross-Site Request Forgery attacks.	Session (will be deleted after you close your browser)	Strictly necessary performance cookie
      SESSION	Enables login to KOOS Environment and navigate its pages.	Session (will be deleted after you close your browser)	Strictly necessary performance cookie
      _ga	Registers a unique anonymous ID that is used to generate statistical data on how the visitor uses the website.	Persistent (will not be deleted with the session, but after a certain expiration date	Performance cookie
      _ga_#	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit	Persistent	Performance cookie
      li_mc	Used by LinkedIn as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side	Persistent	Targeting cookie
      s_tslv	Used by Adobe to retain and fetch time since last visit in Adobe Analytics	Persistent	Targeting cookie
      gpv_pn	Used by Adobe to retain and fetch previous page visited in Adobe Analytics	Persistent	Targeting cookie
      s_ips	Used by Adobe to tracks percent of page viewed	Session	Targeting cookie
      s_tp	Used by Adobe to tracks percent of page viewed	Session	Targeting cookie
      lms_analytics	Used by LinkedIn to identify LinkedIn Members off LinkedIn for analytics	Persistent	Targeting cookie
      visit	Used by LinkedIn to determine whether to take a non-authenticated user to the registration page or the login page	Persistent	Functional cookie
      liap	Used byLinkedIn for non-www.domains to denote the logged in status of a member	Persistent	Targeting cookie
      _guid	Used to identify a LinkedIn Member for advertising through Google ads	Persistent	Targeting cookie
      lms_ads	Used to identify LinkedIn Members off LinkedIn for advertising	Persistent	Targeting cookie
      li_gc	Used by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes.	Persistent	Targeting cookie
      _gcl_au	Used by Google Analytics to measure ad and campaign performance and conversion rates for Google ads on a site visited	Persistent	Performance cookie
      bcookie	Used by LinkedIn to uniquely identify devices accessing LinkedIn to detect abuse on the platform	Persistent	Targeting cookie
      UserMatchHistory	LinkedIn Ads ID syncing.	Persistent	Targeting cookie
      AnalyticsSyncHistory	Used by LinkedIn to store information about the time a sync took place with the lms_analytics cookie	Persistent	Targeting cookie
      __hstc	Used by HubSpot to keep track of website visitors	Persistent	Targeting cookie
      hubspotutk	Used by HubSpot to register a visitor	Persistent	Targeting cookie
      __hssc	Used by HubSpot to keep track of sessions	Session	Performance cookie
      __hssrc	Used by Hubspot whenever a session cookie is changed	Session	Performance cookie

   5. The legal basis for using the cookies is your consent. You can delete or block cookies on KOOS Environment through your browser settings at any time. However, some cookies might be necessary for the functionality of KOOS Environment. Therefore, you understand that when blocking or deleting the cookies some features of KOOS Environment might not function correctly.
   6. For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
   7. In case you have any question concerning this Cookie Policy, you may contact us via contact details provided below.
7. YOUR RIGHTS
   1. We are dedicated ensuring that all data subject rights arising under applicable law are always guaranteed to you. You have:
      1. the right to withdraw consent for processing your personal data at any time. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;
      2. the right to access your personal data that we process;
      3. the right to request that we rectify any inaccurate personal data about you;
      4. the right to request that we erase your personal data and/or restrict processing of your personal data if we do not have valid legal basis for processing;
      5. the right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller;
      6. the right to object to the processing of your personal data.
   2. To exercise your data subject’s rights, please contact your data controller (in the context of provision of the services made available by Issuers through KOOS Environment the data controller is the respective Issuer). If we are the data controller, you may contact us on the details provided in Section 8.
   3. If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority in your jurisdiction (Data Protection Inspectorate in Estonia, address Tatari 39, Tallinn 10134, info@aki.ee or other competent authority in your jurisdiction).
8. CONTACT DETAILS
   Please note that if we act as a data processor, your first point of contact should always be the Issuer.
   
   If, however, you have any questions about this Privacy & Cookie Policy or if you have any concerns about how we use your personal data or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information:

   Name	Programmable Equity OÜ
   Address	Harju county, Viimsi Kristjani road 4, 74015
   E-mail	privacy@koos.io