PRIVACY & COOKIE POLICY

Version 1.2

Last updated on: November 29, 2022

This Privacy & Cookie Policy (the “Privacy Policy”) is adopted by Programmable Equity OÜ (registry code 16320994, hereinafter “we” or “KOOS”).

We provide software and technology www.koos.io (the “KOOS Environment”) that helps companies and other organisations (the “Token Issuers”) to reserve and register tokens (the “Tokens”) to pre-selected persons (the “Contributors") as part of token programmes created by the Token Issuers (each such token programme, the “Programme”).

In KOOS Environment, the Contributors that comply with the conditions of the Programme can complete actions required by the Token Issuer to accept the Tokens after which they will be registered in the token register established for the respective Programme (“Register”) as the holders of respective Tokens (“Token Holders”).

If you participate in the Programme, data controller of your personal data collected upon the use of KOOS Environment in relation to your participation in the Programme is the Token Issuer. For any personal data related requests and to see the privacy terms applicable in relation to Tokens, please contact the Token Issuer.

This Privacy Policy sets out the data processing principles adopted by KOOS.

Unless otherwise defined in the Privacy Policy, the terms such as personal data, data subject, data processing, controller and processor are used in the meaning given to them in Article 4 of the General Data Protection Regulation (2016/679/EU; the “GDPR”).

1. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?
   1. When Token Issuers have decided to reserve and/or issue Tokens to Contributors we process personal data that is submitted to us by Token Issuers who issue and/or reserve Tokens to Contributors (i.e. contact details) and personal data that Token Issuers have asked us to collect from Contributors. In such situations, we act as the data processor for Token Issuer.
   2. We process personal data that is submitted to us directly while using KOOS Environment in relation to your participation in the Programme. In such situations, we act as the data processor for Token Issuer.
   3. We also process personal data that is submitted to us directly by you if you contact us with a query or question via KOOS Environment or via any other channel (by sending an e-mail, for example). In such a case we process your personal data included in the inquiry to the extent that is necessary to respond to you. In such situations, we act as data controller.
   4. We also process usage data collected in the course of your use of KOOS Environment through cookies, if you have consented to use of such cookies. Please see our Cookie Policy section for more details. In such situations, we act as data controller.
   5. The personal data we process through KOOS Environment may include the following:
      1. contact details: first and last name, email address and mobile number to enable us to provide services to Token Issuers as a processor to Token Issuer;
      2. usage data: information about how KOOS Environment is used, to amend and better adapt the experience to you as data controller;
      3. identity data: if at the request of the Token Issuer we need to collect your identity data, we may require your first name and last name, date of birth, address details (country of residence; city or county, municipality; street, house and apartment number and postal code) username, personal identification code or other identifier, identity document code and a copy of an identity document as a data processor to Token Issuer. This data may vary from country to country, and we may be required to verify your input from other sources. If you accept the Tokens as a legal person, we may request information about the representatives of legal person (first name and last name, title of the representative).
   6. The source of information and our role regarding these types of personal data are summed up below:

      Personal data	Provided to us	Our role
      Contact details	By the Token Issuer(s) which issued you Tokens	Data processor
      Usage data	By your use of KOOS Environment	Data controller
      Identity data	By you on the request of the Token Issuer who has reserved Tokens for you	Data processor
      Contact details, request	If you submit requests to us	Data controller

2. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
   1. We process your personal data to enable Token Issuers to reserve and/or issue Tokens to you through KOOS Environment (please read Token Terms and privacy terms as adopted by Token Issuer). Legal basis for such data processing for us is an agreement with Token Issuer. For information about legal basis between you and Token Issuer, please contact Token Issuer.
   2. We may also process your personal data based on your consent. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process your personal data on the terms provided in the consent that you have granted to us. For example, based on your consent we may use cookies and process KOOS Environment usage data.
   3. We may process your personal data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation or if information is requested from us by the court or other authority. Legal basis for such data processing is GDPR Article 6-1-(c).
   4. In certain specific situations we might also process your personal data where this is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment.
3. WHEN DO WE SHARE YOUR PERSONAL DATA?
   1. To the extent this is necessary for the provision of services to Token Issuers through KOOS Environment and as agreed with Token Issuer, we may use sub-processors and share your personal data with certain third parties.
   2. We may share your personal data with third party suppliers providing services to us, e.g. IT suppliers or other service providers. At the moment of adopting this Privacy Policy, we use the following service providers:
      1. Contractors and companies that support us on specific aspects of our business such as IT, accounting and legal advice; and
      2. Google Analytics to analyse the use of our KOOS Environment (see Cookies).
4. HOW LONG IS YOUR PERSONAL DATA RETAINED?
   1. As a data processor, we retain your personal data as long as we have a valid agreement with Token Issuer or as long as requested by Token Issuer. Please contact Token Issuer (your data controller) if you want to have more detailed information concerning the retention periods of your data related to the services made available by Token Issuers through KOOS Environment.
   2. When we are in a role of data controller, we retain your personal data until the end of applicable limitation periods. If we process your data related to the request you have made to us, applicable retention period is 3 years as of collection. Retention period related to use of cookies is provided in Section 6.
5. HOW DO WE PROTECT YOUR PERSONAL DATA?
   To protect your personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.
6. COOKIES
   1. KOOS Environment uses cookies. This section incorporates our cookie policy (the Cookie Policy) that applies when you use our koos.io website (Website).
   2. Cookies are small data files stored on your hard drive by a website. Cookies help us monitor and improve the functionality and usage of KOOS Environment. We can use cookies to see which areas and features are popular and to count visits to our KOOS Environment to recognise you as a returning visitor and to tailor KOOS Environment.
   3. The cookies we use on our Website are:
      1. strictly necessary cookies that are essential to help you move around the Website and use its features. No information identifying a visitor is collected;
      2. performance cookies that collect information about how visitors use our Website and help us improve site performance. No information identifying a visitor is collected;
      3. functional cookies that help us record visitor preferences and allow for personalized content. Your activity on other websites is not tracked;
      4. targeting cookies that deliver adverts relevant to a visitor’s interests. These cookies record which websites you have visited and share the information with other organizations.
   4. The specific cookies that our KOOS Environment uses are the following:

      Cookie	Description	Duration	Type
      XSRF-TOKEN	This cookie is set by KOOS and written to help with site security in preventing Cross-Site Request Forgery attacks.	Session (will be deleted after you close your browser)	Strictly necessary performance cookie
      SESSION	Enables login to KOOS Environment and navigate its pages.	Session (will be deleted after you close your browser)	Strictly necessary performance cookie
      _ga	Registers a unique anonymous ID that is used to generate statistical data on how the visitor uses the website.	Persistent (will not be deleted with the session, but after a certain expiration date	Performance cookie
      _ga_#	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit	Persistent	Performance cookie
      li_mc	Used by LinkedIn as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side	Persistent	Targeting cookie
      s_tslv	Used by Adobe to retain and fetch time since last visit in Adobe Analytics	Persistent	Targeting cookie
      gpv_pn	Used by Adobe to retain and fetch previous page visited in Adobe Analytics	Persistent	Targeting cookie
      s_ips	Used by Adobe to tracks percent of page viewed	Session	Targeting cookie
      s_tp	Used by Adobe to tracks percent of page viewed	Session	Targeting cookie
      lms_analytics	Used by LinkedIn to identify LinkedIn Members off LinkedIn for analytics	Persistent	Targeting cookie
      visit	Used by LinkedIn to determine whether to take a non-authenticated user to the registration page or the login page	Persistent	Functional cookie
      liap	Used byLinkedIn for non-www.domains to denote the logged in status of a member	Persistent	Targeting cookie
      _guid	Used to identify a LinkedIn Member for advertising through Google ads	Persistent	Targeting cookie
      lms_ads	Used to identify LinkedIn Members off LinkedIn for advertising	Persistent	Targeting cookie
      li_gc	Used by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes.	Persistent	Targeting cookie
      _gcl_au	Used by Google Analytics to measure ad and campaign performance and conversion rates for Google ads on a site visited	Persistent	Performance cookie
      bcookie	Used by LinkedIn to uniquely identify devices accessing LinkedIn to detect abuse on the platform	Persistent	Targeting cookie
      UserMatchHistory	LinkedIn Ads ID syncing.	Persistent	Targeting cookie
      AnalyticsSyncHistory	Used by LinkedIn to store information about the time a sync took place with the lms_analytics cookie	Persistent	Targeting cookie

   5. The legal basis for using the cookies is your consent. You can delete or block cookies on KOOS Environment through your browser settings at any time. However, some cookies might be necessary for the functionality of KOOS Environment. Therefore, you understand that when blocking or deleting the cookies some features of KOOS Environment might not function correctly.
   6. For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
   7. In case you have any question concerning Cookie Policy, you may contact us via contact details provided below.
7. YOUR RIGHTS
   1. We are dedicated ensuring that all data subject rights arising under applicable law are always guaranteed to you. In particular, you have:
      1. the right to withdraw consent for processing your personal data at any time. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;
      2. the right to access the personal data that we process about you;
      3. the right to request that we rectify any inaccurate personal data about you;
      4. the right to request that we erase your personal data and/or restrict processing of your personal data if we do not have valid legal basis for processing;
      5. the right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller;
      6. the right to object to the processing of your personal data.
   2. To exercise your data subject rights, please contact your data controller (in the context of provision of the services made available by Token Issuers through KOOS Environment the data controller is Token Issuer). If we are a data controller, you may contact us on the details provided in Section 8.
   3. If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable for your jurisdiction (Data Protection Inspectorate in Estonia address Tatari 39, Tallinn 10134, info@aki.ee or other competent authority in your jurisdiction).
8. CONTACTS
   Please note that if we act as a data processor, your first point of contact should always be the Token Issuer.
   If, however, you have any questions about this Privacy & Cookie Policy or if you have any concerns about how we use your personal or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information:

   Name	Programmable Equity OÜ
   Address	Harju county, Viimsi Kristjani road 4, 74015
   E-mail	privacy@koos.io