PRIVACY POLICY  N63WATER ehf.

Preamble

Identity and contact details of the controller

Personal DataController: N63WATER ehf., (reg. no. 440625-0960) a company incorporated under the laws of Iceland with its registered office at Stokkseyri, 825 Stokkseyri – Iceland,

Contact phone: +35 47607053

Data ProtectionOfficer: david@n63water.is

(hereinafter referred to as the "Privacy Policy")

‍

Article I.

Purpose and scope of the Privacy Policy

1.     The Privacy Policy is an internal regulation of N63WATER ehf., (reg. no. 440625-0960) a company incorporated under the laws of Iceland with its registered office at Stokkseyri, 825 Stokkseyri – Iceland (hereinafter referred to as the"Company" or "Controller").

2.     Your privacy is our priority. We have committed to implement appropriate measures to ensure the protection, integrity and security of personal data obtained from you as the data subjects. Processing of your personal data is carried out in accordance with generally applicable legislation, particularly the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).

3.     The purpose of this Privacy Policy (the “Policy”) is to inform you how we process your personal data, about their categories, scope and purposes of processing as well as their recipients. In this Policy, you will also find the information about your rights related to the personal data processing.

4.     By providing your personal data to us, you accept this Policy and acknowledge that we may process your personal data as described herein and for the below-mentioned purposes. If you do not agree to this Policy, please do not provide any personal details to us..

‍

Article II.

Scope of personal data processing

1.     Personal data are processed to the extent that they have been provided by the relevant data subject, in particular in connection with the conclusion of a contractual or other legal relationship with the Controller, or which the Controller has collected in another way and processes them in accordance with applicable legal regulations or to fulfil the Controller's legal obligations.

2.      Personal data are processed to the extent necessary in relation to the defined purposes pursuant to Article VII of this Privacy Policy.

‍

Article III.

Sources and subjects of personal data

1.      Personaldata is obtained in the following ways:

-       directly from data subjects, who are cooperating persons and business partners;

-       directly from the data subjects, via telephone, e-mail, contact form, website, social networks, business cards, etc.;

-       from publicly accessible registers, lists and records (i.e. in particular from the Commercial Register, Trade Register, Land Register, Public Telephone Directory, etc.); and

-       from other subjects of personal data in the position of controllers or processors who transfer personal data for the purpose of direct marketing through the Controller.

‍

ArticleIV.

Personaldata processed

1.    We only collect personal data voluntarily provided or obtained via our RULL Application or our Website or via our communication in writing, by phone or in other form. We process only personal data that are relevant, adequate and limited to the scope necessary with regard to the purpose of the processing. We exert reasonable efforts to ensure that your personal data are accurate, complete and, where necessary, up to date.

2.     The personal data processed may include:

a.     your identification and contact data (e.g. first name, last name, e-mail address)

b.     yourUser Account data (e.g. cryptocurrency wallet data)

c.     bank data (e.g. payment account details)

d.     information necessary for your identification and check under the AML Act (e.g. data from your personal documents)

e.     further information provided by you or obtained by us when providing the agreed Services or necessary for the performance of the Agreement.

‍

Article VI.

Recipients of personal data

1.      On the basis of legal regulations or on the basis of a contractual relationship, the personal data controller transfers personal data to the following recipients:

-       financial institutions;

-       public institutions;

-       Processors;

-       state authorities in the context of the fulfilment of legal obligations stipulated by the relevant legal regulations; and

-       other recipients in the event of a transfer of personal data abroad – countries in the EU/outside the EU.

‍

Article VII.

Purpose of personal data processing

1.      The Controller processes personal data for the following purposes:

-       compliance with legal obligations by the Controller;

-       performance of contracts;

-       administrative needs of the Controller;

-       compliance with tax obligations;

-       protection of the Controller's rights;

-       archiving kept on the basis of legal regulations;

-       statistical purposes; and

-       processing of accounting records, financial statements, tax returns and payroll agenda.

Article VIII.

Method of processing and protection of personal data

1.      The processing of personal data is carried out by the Controller, while the Processing is carried out at the registered office of the Controller, in its establishments and branches, by individual authorised employees of theController.

2.      Processing takes place by means of computer technology, while manual processing of personal data in paper form is not excluded in compliance with all security principles for personal data management.

3.      To this end, the Controller has adopted technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to personal data, their change, destruction or loss, unauthorised transfers, unauthorised processing, as well as other misuse of personal data.

4.      All entities to whom personal data may be disclosed respect the data subjects' right to privacy and are obliged to comply with the applicable legislation on personal data protection.

Article IX.

Period of personal data processing

1.     Personal data of data subjects are processed in accordance with the deadlines specified in the relevant legal regulations and in the relevant contracts, and it is always the period necessary to ensure the rights and obligations arising from both the relevant legal regulations and the contractual relationship of the Controller.

‍

Article X.

Lawfulness of personal data processing

1.      The Controller processes personal data with the consent of the data subject, except in cases stipulated by law when the processing of personal data does not require consent from the data subject. In accordance with Article 6(1) of the Regulation. 1 GDPR, the Controller may process the following data of the data subject:

-       the data subject has given consent for one or more specific purposes;

-       the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject;

-       the processing is necessary for compliance with a legal obligation to which the Controller is subject;

-       the processing is necessary for the protection of the vital interests of the data subject or another natural person;

-       the processing is necessary for the purposes of the legitimate interests of the controller concerned or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

‍

Article XI.

Rights of the data subject

1.      In accordance with Article 12 of the GDPR in conjunction with Article 15 of theGDPR, the Controller shall, upon request, inform the data subject of the right of access to personal data and of the following information:

-       purpose of processing,

-       the categories of personal data concerned;

-       the recipients or categories of recipients to whom the personal data have been or will be disclosed;

-       the planned period for which the personal data will be stored,

-       any available information about the source of the personal data,

-       if not obtained from the data subject, whether automated decision-making, including profiling, is taking place.

2.      Any data subject who finds out or believes that the Controller or the processor carries out the processing of their personal data that is contrary to the protection of the private and personal life of the data subject or contrary to the law, in particular if the personal data are inaccurate with regard to the purpose of their processing, may:

-       ask the Controller for an explanation;

-       request that the Controller remove such a situation, in particular it may be blocking, correcting, supplementing or deleting personal data;

-       if the request of the data subject pursuant to paragraph 1 is found to be justified, the Controller shall immediately remove the defective situation;

-       if the Controller does not comply with the data subject's request pursuant to paragraph 1, the data subject has the right to apply directly to the supervisory authority, i.e. the Office for Personal Data Protection;

-       The procedure referred to in paragraph 1 shall not preclude the data subject from addressing his or her complaint directly to the supervisory authority.

3.      TheData Subject has the right to obtain the personal data concerning him or her that he or she has provided to the Controller in a structured, commonly used and machine-readable format and the right to transmit such data to another Controller.

4.      TheController shall provide the data subjects with the requested information without undue delay, no later than one month after receipt of the request. This period may be extended by a further two months, taking into account the complexity and number of requests, of which the data subject must be informed.

5.      The controller shall provide the data subject with all the information requested in a concise, transparent, comprehensible and easily accessible manner using clear and simple means. The Administrator does so free of charge.

‍

Article XII.

Contacting us

1.      If you have any comments relating to this Policy or to your rights related to the data processing, please contact us using the following e-mail address:[david@n63water.is].

‍