Privacy Policy and AML

Privacy Policy
The data controller (hereinafter: “Data Controller”) of personal data collected on the webpage https://giftoin.com/ is Giftoin Ltd., a private company registered under the laws of the State of Israel, with registration No. 516533684 AND GIFTOIN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, established and operating in accordance with the laws of the Republic of Poland, with its registration number KRS: 0000997519, NIP: 5213988736; having its seat at Warsaw, at 22B/21a Bartycka Street, 00-716 Warsaw, Republic of the Poland; electronic mail address: contact@giftoin.com. Company is also entered in the Polish Register of Virtual Asset Service Providers under position RDWW-518.

All capitalized terms used in this Privacy Policy t have the meaning defined for them in the Terms of Services (https://giftoin.com/terms-of-service)

Users personal data is processed on the basis of :

a) article 6 (1b) of regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"), i.e, processing is necessary for the performance of services provided by the Company – E-Services and Service Agreement within the meaning of the Terms of Service (https://giftoin.com/terms-of-use virtual currencies and means of (hereinafter: “Services”). The legal basis of processing is contractual necessity.

b) article 6 (1c) of GDPR, i. e. processing is necessary for compliance with a legal obligation to which the Data Controller is subject; i.e. the data processing is necessary in order to comply with the Data Controller’s legal obligation, such as tax obligations or obligations under Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU; Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (text with EEA relevance), hereinafter the ‘AML Directive’, and the Polish Act of 26 October 2017 on the Prevention of Money Laundering and Terrorism Financing, hereinafter the Polish Act of 1st March 2018 on counteracting money laundering and financing terrorism (Polish Journal of Laws 2022, item. 593, 655, 835, 2180, 2185 - consolidated text) – “AML Act”;

c) article 6(1f) of GDPR, i.e. the Data Controller’s legitimate interest including, without limitation, improving the quality of services and adapting them to the needs of the Users, interested parties and visitors, responding to your requests, making the website and the services more effective, safeguarding the security of the Controller’s website, sending out the newsletter and marketing the Controller’s own Services;

d) article 6(1a) GDPR i.e. freely given consent for data processing concerning a request submitted via the contact form available at https://giftoin.com/customer-service or using the contact data available at https://giftoin.com, wherein making contact with the Data Controller along with providing Personal data is treated as an expression of the required consent;

E-Services and Service Agreement are not intended for persons younger than eighteen (18) years of age. The Data Controller has no intention of processing their personal data. If User is younger than 18, he or she should not use the Data Controller’s E-Services and Services and should not send any information about him or herself.

Users personal data will be processed for the necessary period of time. As a rule it will be necessary for the proper performance of Services and the fulfillment of obligations of the Data Controller resulting from applicable laws. Users has been advised the Data Controller will be entitled to process User's personal data longer if such obligation arises from the law and in order to claim or defend against claims by third parties. Depending on the scope of personal data and the purposes of their processing, they may be stored for a different period. In any case, a longer period of process of personal data is applicable.

User has the right to: a) access his/her personal data, and learn if personal data is being processed or shared with other entities; b) correct the incorrect data and complete the incomplete data; c) demand deleting his/her data; d) demand limiting processing of his/her personal data, e) raise objections to the processing of his/her personal data, f) transfer his/her personal data, g) file a complaint to the supervisory body: Prezes Urzędu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warszawa, Polska Tel. +48 22 53 10 440; e-mail:kancelaria@uodo.gov.pl; web page: https://uodo.gov.pl/

Users can use the above rights and obtain detailed information about them by contact with Data Controller: contact@giftoin.com.

Based on Users personal data, the Data Controller will not make automated decisions, including decisions resulting from profiling.

The recipients of Users personal data will be only entities authorized to obtain personal data on the basis of legal provisions, i.e. a provider of accounting and banking services, a provider of technology-related services (support of Data Controller’s websites), courier service providers, and printing and delivery of correspondence mail.

The Data Controller makes every effort to ensure all means of physical, technical and organizational protection of personal data against their accidental or deliberate destruction, accidental loss, alteration, unauthorized disclosure, use or access in accordance with all applicable regulations.

Users personal data is processed electronically and manually, in accordance with the methods and procedures related to the processing purposes referred to in point. 2 of this clause.

The Data Controller may transfer personal data to third countries, i.e. countries located outside the European Economic Area. Users data may be transferred solely to third countries or third parties which were recognised by a decision of the European Commission as offering an adequate level of data protection. The list of countries confirmed by a decision of the European Commission to offer an adequate level of protection can be found at the link. If no decision of the European Commission confirming an adequate level of protection referred to in Article 45(3) of the GDPR has been issued, Users personal data may be transferred to a third country solely on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by a Polish supervisory authority and approved by the Commission, an approved code of conduct, or an approved certification mechanism (Article 46 of the GDPR). If no decision of the European Commission confirming an adequate level of protection referred to in Article 45(3) of the GDPR has been issued and in the absence of the safeguards listed in Article of the 46 of the GDPR, including binding corporate rules, Company will ask Users to grant his/her express consent for a transfer to a third country or international organization after advising Users about the possible risks of such transfer pursuant to Article 49(1)(a) of the GDPR. In connection with the transfer of Users data outside the EEA Users may request information about safeguards used in this respect, obtain a copy of such safeguards or information about the place in which they are shared by contacting the Data Controller.

The Data Controller is allowed to amend this Privacy Policy at any time. User shall be notified of any amendments by publication of an updated, modified Privacy Policy on the Data Controller’s website. It is recommended to read through the contents of the Privacy Policy regularly.

Cookies
Cookies are small data files that are stored on the hard disk of the person who visits a Web page, for keeping statistics and facilitating the User’s access to the Website. Cookies are harmless to the User’s computer system or its files, and in no way do they provide access and knowledge of the visitor’s documents or computer files. If you do not like the use of cookies, you can prevent the setting of cookies by adjusting the settings on your browser. However, you should be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Therefore, it is recommended that you do not disable cookies, but if you do so, the Data Controller bears no responsibility for any dysfunctionality of this website. Website https://giftoin.com/ uses cookies for your automatic recognition as a registered User after you log (log in) or in case you wish to browse secure subpages, for your automatic recognition when using E-Services and concluding/performing Service Agreement, which are necessary for the storage of technical data, to improve the performance of our website, to personalize your interface and personalization of our website operation, or in order to provide online content that corresponds to your choices and interests. When you access our website or use our services, we, or companies we hire to track how our website is used, may place small data files called “cookies” on your computer. Sometimes our page uses cookies provided by trusted third parties. Cookies placed on the User’s end device may also be used by advertisers and partners cooperating with the Data Controller. It is recommended to read the privacy policy of these entities in order to learn the rules of using cookies used in the statistics. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which the User uses the Website. For this purpose, they can save information about the User’s navigation path or the time of staying on a given page. In terms of information about User preferences collected by the Google advertising network, the User may view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/

In order to manage cookie settings, the User should select the web browser / system from the list below and follow the instructions:

Firefox.
Google Chrome.
Internet Explorer.
Safari 8 (Yosemite).
Safari on iPhone, iPad or iPod touch.
AML Policy
Giftoin ("Giftoin") is committed to conducting its business in accordance with all applicable laws and regulations, enhancing its reputation in the market. This policy records Giftoin's approach to identifying, mitigating, and managing the risk that Giftoin products and services might be involved in facilitating money laundering or financing terrorism. Giftoins has internal AML policy according to Polish law.

Description of money laundering and terrorism financing Giftoin defines money laundering ("ML") as an activity designed to conceal or disguise the true origin of criminally derived proceeds to make them appear to have been sourced from legitimate sources.
Terrorist Financing ("TF") is considered to provide financial support to terrorism or terrorist organizations to enable them to carry out acts of terrorism.

Objectives of Giftoin's AML/CTF policy Giftoin has established an AML/CTF policy that sets the core principles for managing ML/TF risk. The policy is global and outlines group-wide standards to meet regulatory and ethical obligations in the economies in which Giftoin does business. This contributes to the stability, integrity, and strength of the global financial system and protects Giftoin from reputational damage and regulatory action.

**The core principles ** Giftoin has adopted the following core principles:
Giftoin opposes the crimes of money laundering and terrorist financing and maintains a framework to identify and mitigate the risk that its products and services could be used for such purposes.
Giftoin will endeavor to provide its products and services only for legitimate purposes to customers whose identities Giftfoin has been able to ascertain reasonably.
Giftoin will take reasonable steps to ensure that sufficient funding and resources are available for the implementation and performance of activities required by Giftoin's AML/CTF Program. • Giftoin employees are required to attend AML/CTF training to understand their obligations under the relevant laws, rules, and regulations.
Giftoin will monitor its customers, their transactions, and their employees, consistent with the level of money laundering and terrorist financing risk they represent.
Giftoin will manage new and revised changes to Giftoin's products, business processes, and systems to ensure that money laundering and terrorist financing risks are identified and managed. Know Your Customer ("KYC") Giftoin endeavors to follow all KYC policies and procedures relevant to the regions in which it operates. Applicable KYC policies and procedures to establish and verify the identity and bona fides of customers will also be complied with.

**These will include: ** Customer acceptance procedures that identify types of customers and transactions likely to pose a higher than average risk Giftoin and require a higher level of due diligence; • Procedures to establish if customers are known or suspected money launderers, terrorists, or otherwise engaged in criminal activity (e.g., reviewing customers against government/United Nations/regulators' lists of proscribed persons);
Enhanced Due Diligence is undertaken where a transaction or a counterparty results in a heightened level of financial crime or reputational risk; A risk-based periodic review of existing customer records to maintain currency and completeness; • Ongoing monitoring of transactions conducted by customers using a risk-based approach; • Procedures prohibiting accounts/relationships, including payment processing, with shell banks; • A clear statement on what records must be kept on customer identification and individual transactions and their retention period; and
Regular compliance reviews and independent audits of AML/CTF program and procedure documents and execution against established standards.

Suspicious Activity

Giftoin staff is trained and made aware of "red flags", or anything that is unusual or out of the ordinary when dealing with customers and customer-related information. Giftoin has the relevant procedures and processes in place to ensure that any genuinely suspicious matters are detected and escalated for review by senior management. Giftoin AML/CTF training program Giftoin has a robust AML/CTF Training Program to educate employees in implementing and maintaining Giftoin's AML/CTF Program. Relevant employees undergo initial AML/CTF training when they join Giftoin. In addition, there are ongoing training requirements for all relevant employees.