Definitions

• User — any individual or legal entity who interacts with our services, including website access and participation in financial services provided by the Firm.
• Personal Data — any information that directly or indirectly identifies a user.
• KYC (Know Your Customer) — the process used to verify the identity of clients to comply with financial regulations.
• AML (Anti-Money Laundering) — policies and measures designed to prevent money laundering and terrorism financing.
• 2FA — Two-factor authentication for additional security in accessing user accounts.
• Financial Audit Data — Any information related to financial activities that may be reviewed as part of the auditing process.

Types of Collected Data

• Account creation data — full name, email address, phone number, country of residence.
• KYC Data — government-issued ID, proof of address, photo for identity verification.
• Transaction Data — financial transaction records, investment portfolio details, payment details, and transaction history.
• Audit Data — financial reports, audit results, and related documents provided for financial auditing purposes.
• Technical Data — IP address, browser type, operating system, device information, and usage data through cookies.
• Communication Data — messages, emails, and support inquiries exchanged with customer service teams.

Purposes of Data Processing

• To provide access to investment, auditing, and financial services offered by the Firm.
• To comply with legal obligations, such as KYC, AML regulations, and tax reporting requirements.
• To ensure the security of user accounts, including the use of two-factor authentication (2FA) and secure logins.
• To manage financial transactions, audit processes, and the accounting of investments.
• To provide customer support, address inquiries, and improve service quality.
• To send marketing communications and financial updates (subject to user consent).

Disclosure of Data to Third Parties

We may disclose user data to the following third parties:

• Third-party KYC and AML service providers.
• Payment and transaction processing partners.
• Hosting, cloud, and IT service providers.
• External auditors and financial consultants involved in investment auditing and reporting.
• Regulatory bodies or government authorities when required by law.

Data Storage and Security

Personal data is stored securely in data centers within the UK and the European Economic Area (EEA). We utilize industry-standard security measures to safeguard user data, including:

• Data encryption (AES-256) for both data in transit and at rest.
• Password hashing with bcrypt and unique salts.
• Role-based access control (RBAC) for managing internal data access.
• Regular penetration testing and security audits by third-party experts.

Cookies and Trackers

We use cookies for essential functionality, analytics, and marketing purposes. Users can manage cookie preferences through their browser settings.

User Rights

Users have the following rights regarding their personal data:

• Request access to their personal data.
• Request correction or deletion of inaccurate or incomplete data.
• Limit or restrict data processing in certain circumstances.
• Request data portability.
• Withdraw consent at any time, where applicable.
• File a complaint with the Information Commissioner’s Office (ICO) or other relevant supervisory authority.

Cross-Border Data Transfer

We may transfer personal data outside the UK and the EEA. Such transfers will be governed by appropriate safeguards, including the use of the International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCC), or other legally approved mechanisms.

Policy Updates

We reserve the right to update this Policy. Any changes will be posted on this page, with the updated version's effective date clearly indicated.

Contact Information

If you have any questions regarding this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer (DPO) at:

• Email: privacy@Crix Prime.com