Finrate AG — Privacy Policy

Applicable to all Finrate AG events, sub-event brands, websites, and digital services, including (without limitation) the Digital Asset Yield Summit (DAYS), the Hyperliquid Forum, and any successor, affiliated, or future event series.

Effective date: 1 April 2026 Version: 1.0 Last reviewed: 13 May 2026

This Privacy Policy describes how Finrate AG collects, uses, discloses, and protects personal data in connection with our events and digital services. It does not govern the contractual relationship between you and Finrate AG — that is set out in our Terms of Service, available at the same legal page. By submitting personal data to us, registering for, attending, or participating in any Finrate AG event, or accessing any of our websites, applications, or digital services, you acknowledge that you have read and understood this Privacy Policy, and you accept its terms to the extent permitted by applicable law.

1. Who We Are and What This Policy Covers

1.1 Controller

Finrate AG, a stock corporation (Aktiengesellschaft) duly incorporated under the laws of Switzerland with registered office at Schützengasse 79000, St. Gallen, Switzerland, and registered in the Swiss commercial register under number CHE-167.367.032 MWST (hereinafter "Finrate", "we", "us", "our", or the "Controller"), is the sole legal entity and the sole data controller for the processing of personal data described in this Privacy Policy.

All event series, conferences, summits, forums, networking gatherings, and related programmes operated by Finrate — including the Digital Asset Yield Summit ("DAYS"), the Hyperliquid Forum, and any past, present, or future sub-brand, derivative, or successor event (collectively, the "Events") — are organised by Finrate AG as a single legal entity. Sub-event names and logos are trading names of Finrate AG and do not constitute separate controllers.

1.2 Services Covered

This Policy applies to personal data we process in connection with (collectively, the "Services"):

  • our corporate website, event websites, microsites, and landing pages;
  • our registration, application, enquiry, waitlist, sponsorship, speaker, partner, media, and contact forms (whether hosted directly by us or by HubSpot or equivalent providers on our behalf);
  • our ticketing, checkout, badging, check-in, and access-control systems;
  • our networking application and event operating system, including profile management, connection requests, meeting requests, in-app messaging, push notifications, agenda management, and invite-code redemption (collectively, the "Networking App");
  • our email, SMS, push notification, and other communication channels;
  • our in-person Events in any city or jurisdiction, including without limitation Miami, New York, London, Singapore, Abu Dhabi, and Zurich;
  • our virtual, hybrid, livestreamed, recorded, and on-demand sessions and content.

1.3 Persons Covered

This Policy applies to all natural persons whose personal data is processed by Finrate, including: prospective, current, and former attendees, delegates, ticket-holders, and waitlisted parties; speakers, moderators, and panellists; sponsors, exhibitors, partners, and their personnel; visitors to our websites and users of the Networking App; persons acting on behalf of an attendee (for example, an assistant purchasing a ticket on behalf of a principal); and any other person whose data we receive in connection with our operations (each, a "Data Subject").

1.4 Legal Framework

This Policy is designed to comply with Applicable Data Protection Laws, including:

  • the Swiss Federal Act on Data Protection (revFADP);
  • Regulation (EU) 2016/679 (the "GDPR") and applicable national implementing laws;
  • the UK Data Protection Act 2018 and UK GDPR;
  • the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") and other U.S. state privacy laws;
  • the Singapore Personal Data Protection Act 2012 ("PDPA");
  • the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, the DIFC Data Protection Law No. 5 of 2020, and the ADGM Data Protection Regulations 2021;
  • any other applicable national, federal, state, or local data protection or privacy laws in jurisdictions where we operate or where Data Subjects are located.

1.5 Relationship to Other Documents

This Privacy Policy is incorporated into our Terms of Service by reference. Where you also enter into a separate written agreement with us (such as a speaker, sponsor, partner, or supplier agreement), that agreement may include additional or specific privacy commitments. In the event of a conflict, the more specific written agreement prevails for the activities it covers, except where Applicable Data Protection Laws require otherwise.

2. Contact

Finrate AG — Privacy Office

Address: Schützengasse 79000, St. Gallen, Switzerland Email: info@stakingrewards.com

Where we are required by law to appoint a representative in the European Union under Article 27 GDPR, in the United Kingdom under Article 27 UK GDPR, or in any other jurisdiction, the identity and contact details of any such representative will be published on our website at the location of this Policy.

3. Information We Collect

The categories below describe the personal data we may process. The specific data in respect of any particular Data Subject depends on how that person interacts with us.

3.1 Information You Provide Directly

  • Identity and contact data: full name, preferred name, professional title, employer or organisation, business email, business phone, country, LinkedIn URL, X handle, Telegram handle, and equivalent professional identifiers.
  • Professional and institutional data: industry, sub-industry, role seniority, areas of professional focus, asset class coverage, organisation type, and similar profile information.
  • Registration and ticketing data: ticket and pass type, ticket holder vs. ticket purchaser identity (relevant where one person purchases on behalf of another), invite codes, promotional codes, badge details, group affiliation, session and side-event selections, dietary requirements, accessibility requirements, and t-shirt size where requested for speakers.
  • Financial and payment data: billing name and address, VAT or tax identifier, invoice details, last four digits of payment card, card brand, billing country, transaction reference, and payment status. Full payment card numbers are not stored by Finrate and are processed by our payment processor.
  • Networking App profile data: profile photograph, short and long biography, preferred topics, professional insights and content you choose to publish, links to your professional profiles, and any other content you submit to your profile.
  • Connection, meeting, and messaging data: connection requests sent and received, accepted and declined connections, meeting requests, meeting slot selections, in-app messages and message metadata, and read or delivery receipts.
  • Communications: the content of correspondence with us, including emails, in-app messages, support tickets, survey responses, and feedback.
  • Sensitive information (limited): where you voluntarily disclose information that may constitute special categories of personal data — such as health information for accessibility or dietary purposes — we process it on the basis of your explicit consent and only for the limited purpose you provide it. We discourage you from providing such information unless strictly necessary.
  • Speaker-proxy and assistant data: where a personal assistant, executive assistant, or other delegate acts on behalf of a principal (for example, purchasing or managing a ticket), we record the relationship to ensure correct attribution. Both parties are Data Subjects under this Policy.

3.2 Information Collected Automatically

  • Device and technical data: IP address, device identifiers, operating system, browser type, language and locale, time zone, screen size, app version, and crash or diagnostic data.
  • Usage and analytics data: pages and screens viewed, features used, search queries, click and scroll events, session duration, referring and exit URLs, and similar telemetry collected via our analytics events and analytics sessions logging.
  • Push subscription data: where you grant your device permission, we store the push subscription endpoint and associated keys necessary to deliver in-app and push notifications.
  • Approximate location: derived from your IP address; precise location only where you grant device permission (for example, for venue navigation).
  • Cookies and similar technologies: see Section 11.

3.3 Information from Third Parties

We may receive personal data about you from:

  • your employer, sponsor, or organisation, where they register you, nominate you, or include you in a delegation;
  • event partners, sponsors, exhibitors, media partners, and co-marketing partners, in accordance with our agreements with them;
  • public and commercial professional databases, social and professional networks (including LinkedIn), industry directories, and similar sources, for invitation, business-development, and audience-curation purposes;
  • our service providers and processors, including HubSpot (CRM and forms), Supabase (database and application infrastructure), Stripe (payments), Twilio SendGrid (email), Vercel (hosting), and equivalent providers;
  • authorities, courts, and regulators, where lawful and necessary;
  • other Data Subjects (for example, where another attendee sends you a connection request, meeting request, or message).

3.4 Information We Generate or Infer

We may generate or infer information from the data described above, including segmentation, engagement scoring, networking match signals, attendee outreach lists, and similar derived data, used to operate, improve, and personalise the Services.

3.5 Photography, Video, and Audio at Events

Our Events are professionally documented. We capture still photography, video, audio, livestreams, and broadcast recordings of sessions, panels, networking activity, audience reactions, venue scenes, and ambient imagery. By attending an Event, you may appear in incidental and feature recordings.

The terms on which we record, use, and licence such material are set out in our Terms of Service. This Privacy Policy describes the data we process; the contractual licence you grant is governed by the Terms. You may exercise the rights described in Section 12, including objection and request for removal of identifying material, in accordance with applicable law.

4. How and Why We Use Personal Data

We process personal data for the following purposes:

4.1 Operating the Services

  • registering you for, and admitting you to, Events;
  • issuing tickets, passes, badges, invoices, receipts, and confirmations, including generation of QR-coded PDF tickets and calendar invites delivered by email;
  • processing payments, refunds, chargebacks, and reconciliation;
  • operating the Networking App, including profile creation, connection requests, meeting scheduling, messaging, push and in-app notifications, agenda management, invite-code redemption, and check-in;
  • operating speaker, sponsor, and exhibitor onboarding workflows, including profile submission, asset upload, and approval;
  • providing customer support and handling enquiries, complaints, and disputes.

4.2 Marketing and Audience Development

  • inviting you to future Events and side-events of potential interest;
  • sending newsletters, programme updates, research, and editorial communications;
  • conducting market research, audience profiling, and segmentation;
  • personalising content and recommendations across the Services;
  • operating and measuring marketing campaigns.

4.3 Security, Trust, and Compliance

  • preventing, detecting, and investigating fraud, abuse, harassment, code-of-conduct violations, and unlawful activity;
  • auditing invite-code redemption and promotional-code usage to prevent misuse;
  • complying with applicable laws, including tax, accounting, audit, and record-keeping obligations under Swiss law and the laws of other jurisdictions in which we operate;
  • conducting sanctions, anti-money-laundering, anti-bribery, and reputational due diligence on counterparties and, where appropriate, attendees;
  • responding to lawful authority requests, subpoenas, court orders, and similar legal process;
  • establishing, exercising, and defending legal claims.

4.4 Improvement and Analytics

  • monitoring, measuring, and improving the Services;
  • identifying and fixing bugs, errors, and performance issues;
  • conducting research and development using aggregated, pseudonymised, or anonymised data where feasible;
  • ensuring the security, integrity, and availability of our systems.

5. Legal Bases for Processing

Where the GDPR, the revFADP, the UK GDPR, or equivalent laws apply, we rely on one or more of the following legal bases:

| Legal basis | Description | Typical examples | |---|---|---| | Contract | Processing necessary to perform a contract with you or take pre-contractual steps at your request (Art. 6(1)(b) GDPR). | Registering you for an Event; operating the Networking App; processing your ticket purchase; speaker and sponsor onboarding. | | Legal obligation | Processing necessary to comply with a legal obligation (Art. 6(1)(c) GDPR). | Tax and accounting records; responses to lawful authority requests; sanctions screening. | | Legitimate interests | Processing necessary for our legitimate interests or those of a third party, not overridden by your interests, rights, or freedoms (Art. 6(1)(f) GDPR). | B2B marketing to professional contacts; security and fraud prevention; analytics and improvement; due-diligence and reputational checks; event documentation; defending legal claims. | | Consent | Processing based on your specific, informed, freely given, and unambiguous consent (Art. 6(1)(a) GDPR), or explicit consent for special categories (Art. 9(2)(a)). | Optional profile fields; non-essential cookies; push notifications; sharing your details with a sponsor at your request; dietary and accessibility information. | | Vital interests | Processing necessary to protect vital interests (Art. 6(1)(d) GDPR). | Medical emergencies at a venue; safety-critical communications. |

Where we rely on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal and without affecting processing carried out on another lawful basis.

6. The Networking App: Visibility and Connection-Gated Reveal

The Networking App is designed around the principle of connection-gated visibility, reflecting institutional norms in the audience we serve.

6.1 Profile Visibility

Upon registration, a baseline profile is created from your registration information. The baseline profile is visible to other registered participants of the same Event for the purpose of facilitating networking, and typically includes your name, professional title, employer, country, and headshot where provided.

Optional profile fields (such as biography, preferred topics, insights, and links to professional profiles) are processed on the basis of your consent indicated by your act of providing them, and you may remove them at any time through the Networking App.

6.2 Connection Gating

Direct contact channels (email, phone, Telegram, and similar) are not publicly visible. Such channels become visible to a counterparty only where (a) you have opted in to expose the relevant channel and (b) you and the counterparty have both accepted a mutual connection or you have explicitly chosen to share your details (for example, by accepting a meeting request, scanning a sponsor badge, or expressly consenting in-app).

6.3 Meeting Requests and Messaging

Meeting requests, meeting slots, and in-app messages are stored on our infrastructure to enable delivery, history, moderation, and compliance. Finrate staff do not routinely review user messages but reserve the right, to the extent permitted by law, to access, retain, or disclose any content where we believe in good faith that doing so is necessary to comply with law, enforce our Terms, respond to claims of rights violations, investigate suspected fraud or abuse, or protect the rights, property, or safety of Finrate, our users, or the public.

6.4 Algorithmic Matching

The Networking App may suggest potential connections, sessions, or content based on attributes you provide and your interactions with the App. Such matching does not produce legal or similarly significant effects on you within the meaning of Article 22 GDPR; we do not engage in solely automated decision-making, including profiling, that produces such effects.

6.5 Invite Codes and Speaker Proxies

We operate invite-code and promotional-code systems to admit qualifying participants and to record speaker-proxy arrangements (where a personal assistant or delegate acts on behalf of a principal). We log invite-code redemption attempts for audit, rate-limiting, and abuse-prevention purposes; access to those audit logs is restricted to authorised Finrate personnel.

7. Forms, CRM, and Communications

7.1 HubSpot

We use HubSpot, Inc. ("HubSpot") as our customer relationship management and marketing automation provider. Information you submit through our forms is transmitted to HubSpot and stored on our behalf as a processor. We also synchronise selected records between our infrastructure and HubSpot for marketing, sales, and post-event follow-up.

7.2 SendGrid

We use Twilio SendGrid, Inc. ("SendGrid") to deliver transactional and marketing email, including ticket and confirmation emails. SendGrid processes delivery, open, click, bounce, and unsubscribe metadata on our behalf.

7.3 Stripe

We use Stripe, Inc. and its affiliates ("Stripe") to process payments. Stripe acts as an independent controller in respect of payment data for fraud prevention and compliance, and is bound by its own privacy notice. We do not store full payment card numbers.

7.4 Push and In-App Notifications

Where you grant your device permission, we deliver push notifications via our backend infrastructure and may use third-party push services on the major mobile platforms. You may revoke push permissions at any time through your device settings; doing so will not affect your registration or access to the Services.

8. Disclosures and Recipients

We disclose personal data to the following categories of recipients, in each case subject to written agreements or legal frameworks that restrict use to the purposes disclosed:

8.1 Service Providers

Our processors and sub-processors include HubSpot (CRM and forms); Stripe (payments, acting as independent controller); SendGrid (email delivery); Supabase, Inc. (database, authentication, storage, edge functions); Vercel, Inc. (application and website hosting); cloud infrastructure providers used by our processors (including AWS, Google Cloud, and Microsoft Azure); analytics and observability providers; identity-verification and anti-fraud providers; survey and audience-research providers; and event-operations, venue, ticketing, badging, and on-site technology providers.

8.2 Event Partners, Sponsors, and Exhibitors

Sponsors, exhibitors, and partners are independent controllers in respect of personal data they receive from you, whether by scanning your badge, your visit to their booth, your submission of a business card or contact information, your acceptance of a meeting request, or your opt-in via the Networking App or registration form. Finrate is not responsible for the privacy practices of sponsors, exhibitors, or partners; we encourage you to review their privacy notices.

We may publish aggregated, anonymised, or pseudonymised attendee statistics (such as composition by industry, region, or seniority) for marketing purposes; such information is not personal data once effectively anonymised.

8.3 Corporate Transactions

We may disclose personal data in connection with the negotiation, evaluation, financing, or completion of any actual or proposed corporate transaction, including a merger, acquisition, sale of assets or business lines, financing, reorganisation, insolvency, or similar transaction. In such circumstances, personal data may be transferred to the counterparty, advisor, financier, or successor entity, which may continue to process it in accordance with this Policy or a successor policy providing substantially equivalent protection.

8.4 Legal and Protective Disclosures

We disclose personal data where we believe in good faith that disclosure is necessary or appropriate to: comply with law, regulation, legal process, or government request; enforce our Terms or this Policy; detect, prevent, investigate, or address fraud, security incidents, or unlawful or harmful activity; protect the rights, property, safety, or security of Finrate, our personnel, our users, our partners, or the public; or establish, exercise, or defend legal claims.

8.5 Professional Advisors

We disclose personal data to our legal, tax, accounting, audit, and insurance advisors in connection with the operation of our business.

8.6 With Your Direction or Consent

We disclose personal data where you direct or consent to disclosure, including content you publish through your profile, in-app messages you send, or information you elect to share with sponsors or other attendees.

8.7 No Sale or Cross-Context Behavioural Advertising

Finrate does not sell personal information for monetary or other valuable consideration and does not share personal information for cross-context behavioural advertising, in each case within the meaning of the CCPA/CPRA and equivalent state laws.

9. International Data Transfers

Finrate operates globally. Personal data may be collected, stored, accessed, and processed in Switzerland, the European Economic Area, the United Kingdom, the United States, and any other jurisdiction in which we or our service providers operate, including jurisdictions whose data protection laws may differ from, and provide a lower standard of protection than, the laws of your country of residence.

Where we transfer personal data from Switzerland, the EEA, or the United Kingdom to a third country that has not been the subject of an adequacy decision, we implement appropriate safeguards, which may include: the European Commission's Standard Contractual Clauses (2021); the UK International Data Transfer Addendum or the UK International Data Transfer Agreement; the Swiss FADP addendum to the SCCs; certification under approved transfer frameworks (including the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks where applicable); and supplementary technical, organisational, and contractual measures.

You may request a copy of the relevant safeguards by contacting us at the address in Section 2, subject to redactions to protect confidential commercial terms.

10. Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal, regulatory, tax, accounting, and reporting obligations, to establish, exercise, or defend legal claims, and to operate our business. Indicative retention periods are:

  • Registration, ticketing, and event-participation records: up to ten (10) years after the relevant Event, reflecting the longest applicable record-keeping period across the jurisdictions in which we operate;
  • Payment, invoicing, and tax records: minimum ten (10) years where required by Swiss law, and longer where required by other applicable tax law;
  • Networking App profiles, connections, meeting requests, and messaging history: for the duration of the Event and up to twenty-four (24) months thereafter, unless you delete your account earlier; pseudonymised or aggregated data may be retained longer;
  • Analytics and telemetry data: typically retained in raw form for up to twenty-four (24) months, after which it is aggregated or deleted;
  • Marketing contacts: until you withdraw consent or object, with periodic review and a default review trigger after thirty-six (36) months of inactivity;
  • Photography, video, and audio recordings of Events: retained indefinitely for archival, editorial, and promotional purposes, subject to the rights described in Section 12;
  • Records relating to disputes, investigations, or legal claims: for the duration of any applicable limitation period plus a reasonable buffer;
  • Security, audit, and access logs (including invite-code validation attempts): as required to operate, monitor, and secure our systems.

11. Cookies and Similar Technologies

Our websites and the Networking App use cookies, pixels, beacons, local storage, server logs, and similar technologies (collectively, "Cookies") to operate essential functions, remember preferences, authenticate sessions, measure and analyse usage, deliver and measure marketing, and improve the Services.

Where required by Applicable Data Protection Laws (including in the EEA, the UK, and Switzerland for non-essential Cookies), we will request your consent before placing non-essential Cookies, and you may withdraw your consent at any time using the "Cookie preferences" control available in the footer of our websites.

12. Your Rights

Subject to your jurisdiction and to the conditions and exceptions under Applicable Data Protection Laws, you may have some or all of the following rights:

  • Access — to obtain confirmation of whether we process your data and a copy of that data;
  • Rectification — to correct inaccurate or incomplete data;
  • Erasure / deletion — to request deletion of your data, subject to legal and operational exceptions;
  • Restriction — to limit our processing in defined circumstances;
  • Objection — to object to processing based on legitimate interests, and at any time to direct marketing;
  • Portability — to receive certain data in a structured, commonly used format;
  • Withdraw consent — at any time, without affecting prior lawful processing;
  • Non-discrimination — for exercising your rights under U.S. state privacy laws;
  • Opt out of sale / sharing / targeted advertising — though Finrate does not sell or share personal information for cross-context behavioural advertising;
  • Limit use of sensitive personal information — where applicable under U.S. state laws (we do not use sensitive personal information for purposes that would trigger this right);
  • Lodge a complaint — with a competent data protection supervisory authority (see Section 14).

12.1 How to Exercise Rights

To exercise any of these rights, contact us at info@stakingrewards.com. We will respond within the timeframes required by Applicable Data Protection Laws. We may require you to verify your identity before responding and may decline or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive, to the maximum extent permitted by law.

You may designate an authorised agent to act on your behalf, subject to verification of the agent's authority and your identity.

12.2 Photography, Video, and Audio: Opt-Out and Removal

If you do not wish to be the subject of posed or feature photography or video, please notify the registration or accreditation desk on arrival. We will use commercially reasonable efforts to honour your request for identifying or featured content, subject to the practical limitations of a live event. You may request, by contacting info@stakingrewards.com, the removal of identifying photography or video of you from our active marketing channels; we will consider such requests in good faith in accordance with applicable law, balancing your interests against our and the public's legitimate interests in editorial, journalistic, archival, and contractual use. We cannot guarantee removal of incidental crowd or audience footage, of content already disseminated by third parties, or of content captured by attendees, journalists, or sponsors operating under their own editorial or contractual rights.

12.3 Limits and Exceptions

Your rights are not absolute. We may decline or limit a request to the extent permitted or required by law, including where: the data is necessary for the performance of a contract or compliance with a legal obligation; the data is needed to establish, exercise, or defend legal claims; the data is processed solely for archival, statistical, scientific, or historical research within the meaning of applicable law; the request would adversely affect the rights and freedoms of others; or the data has been effectively anonymised.

13. Jurisdiction-Specific Disclosures

13.1 European Economic Area and Switzerland

Persons in the EEA and Switzerland have the rights described in Section 12 under the GDPR and the revFADP, respectively. The competent Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch). EEA Data Subjects may lodge a complaint with the supervisory authority of their habitual residence, place of work, or place of the alleged infringement.

13.2 United Kingdom

References to the GDPR shall be read as references to the UK GDPR where you are in the United Kingdom. The competent UK supervisory authority is the Information Commissioner's Office (ICO, ico.org.uk).

13.3 California (CCPA/CPRA)

California residents have the rights summarised in Section 12. The categories of personal information we collect, the sources, the business or commercial purposes, and the categories of recipients are described in Sections 3, 4, and 8. The categories map, to the extent applicable, to those enumerated in Cal. Civ. Code § 1798.140, including identifiers, customer records, commercial information, internet and network activity, geolocation, professional and employment-related information, and inferences. Finrate does not sell or share personal information for cross-context behavioural advertising. To submit a CCPA/CPRA request, contact info@stakingrewards.com. The competent regulator is the California Privacy Protection Agency (cppa.ca.gov).

13.4 Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other U.S. states with comparable laws may have rights similar to those in Section 12. Submit a request to info@stakingrewards.com identifying your state of residence.

13.5 Singapore (PDPA)

By providing personal data, you consent to its collection, use, and disclosure for the purposes described in this Policy. You may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice. The competent regulator is the Personal Data Protection Commission (pdpc.gov.sg).

13.6 United Arab Emirates

For Events in the UAE and UAE Data Subjects, we process personal data in accordance with Federal Decree-Law No. 45 of 2021 and its implementing regulations, the DIFC Data Protection Law, and the ADGM Data Protection Regulations. The competent federal regulator is the UAE Data Office (dataoffice.gov.ae).

13.7 Other Jurisdictions

Where Data Subjects are located in any other jurisdiction, we process personal data in accordance with applicable local data protection laws. The absence of a specific section does not waive any non-derogable statutory right of any Data Subject.

14. Supervisory Authorities

You may lodge a complaint with a competent supervisory authority, including:

  • Switzerland: Federal Data Protection and Information Commissioner — edoeb.admin.ch;
  • EEA: the supervisory authority of your habitual residence, place of work, or place of the alleged infringement (edpb.europa.eu);
  • United Kingdom: Information Commissioner's Office — ico.org.uk;
  • Singapore: Personal Data Protection Commission — pdpc.gov.sg;
  • UAE: UAE Data Office — dataoffice.gov.ae;
  • California: California Privacy Protection Agency — cppa.ca.gov; Office of the Attorney General — oag.ca.gov.

We encourage you to contact us at info@stakingrewards.com in the first instance so that we may address your concern directly.

15. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, and the risks to Data Subjects. Measures include encryption in transit and at rest where technically practicable, access controls based on least privilege, multi-factor authentication for administrative access, audit logging, secure software development practices, vendor risk management, staff training, and incident response procedures.

No method of internet transmission or electronic storage is fully secure. While we use reasonable measures, we cannot guarantee absolute security. You are responsible for protecting credentials issued to you and for notifying us promptly of any actual or suspected unauthorised access to your account.

16. Children

Our Services are directed at professional and institutional audiences and are not intended for individuals under the age of 18 (or such higher age of majority as applies in the relevant jurisdiction). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected such data, we will delete it. If you believe a minor has provided personal data to us, please contact info@stakingrewards.com.

17. Third-Party Sites, Services, and Content

The Services may contain links to or embed third-party websites, applications, services, or content. We are not responsible for the privacy practices, content, security, or accuracy of any third-party sites or services. The inclusion of any link or embed does not imply endorsement. We encourage you to review the privacy notices of any third party before providing personal data to them.

18. Changes to this Policy

We may amend this Policy from time to time to reflect changes to our practices, the Services, or applicable law. The "Effective date" and "Last reviewed" dates at the top indicate when it was last updated. Material changes will be communicated by appropriate means, which may include posting on our websites or sending email notice to registered participants. Your continued use of the Services after any update constitutes your acknowledgement of, and to the extent permitted by law your agreement to, the updated Policy.

19. Interpretation

  • Headings are for convenience only;
  • "Including", "includes", and "in particular" are illustrative and not limiting;
  • The singular includes the plural and vice versa;
  • References to legislation include any successor legislation and implementing regulations;
  • If this Policy is translated into any language other than English, the English version shall prevail to the maximum extent permitted by law in the event of any inconsistency;
  • In the event of any conflict between this Policy and a more specific notice provided at the point of data collection, the more specific notice prevails to the extent of the conflict, unless that notice expressly states otherwise.

— End of Privacy Policy —

Please also see our Terms of Service, which governs the contractual relationship between you and Finrate AG.