🔐Privacy Policy

Last Updated: 01 December 2024 Version: 2.0

PRELIMINARY DECLARATIONS AND COMPREHENSIVE CONSENT AGREEMENT

This Privacy Policy and Data Protection Notice (hereinafter collectively referred to as the “Policy”, “Agreement”, or “Privacy Notice”) constitutes a legally binding and irrevocable agreement between Exohood Labs Limited (hereinafter referred to as “Exohood Labs,” “the Company,” “the Organisation,” “the Controller,” “we,” “us,” or “our”), a non-profit organisation duly registered and existing under the laws of England and Wales, with its registered office situated at 793 Commercial Rd, London E14 7HG, United Kingdom, and any natural or legal person, entity, or organisation (hereinafter referred to as “you,” “your,” “user,” “end-user,” “data subject,” or “client”) who accesses, browses, downloads, installs, registers for, subscribes to, or otherwise utilises any of our services, applications, platforms, websites, or digital properties, including but not exclusively limited to exohood.com, exohood.org, exohood.app, exoland.xyz, exania.ai, ginette.io, virtalia.io, exouniverse.xyz, akaiquest.com, exopcs.com and paycosmo.com (collectively referred to as the “Services,” “Platforms,” or “Digital Properties”).

By accessing, utilising, or engaging with any aspect of our Services, you hereby explicitly, unequivocally, and irrevocably acknowledge, warrant, represent, and consent to the collection, processing, storage, analysis, transmission, and utilisation of your personal data, including but not limited to sensitive personal information, in accordance with the extensive terms, conditions, and provisions set forth in this Policy. You furthermore acknowledge and accept that this consent shall remain valid and binding for the entire duration of your relationship with Exohood Labs and shall survive the termination of such relationship for the purposes specified herein.

1. COMPREHENSIVE LEGAL FRAMEWORK AND JURISDICTIONAL SCOPE

1.1. Legal Framework and Regulatory Compliance

This Policy has been meticulously drafted, reviewed, and implemented in strict accordance with and shall be exclusively governed by the following comprehensive legal and regulatory frameworks, including any subsequent amendments, modifications, or supplementary legislation thereto:

a) The General Data Protection Regulation (EU) 2016/679 (“GDPR”) and all associated implementing legislation; b) The United Kingdom General Data Protection Regulation (“UK GDPR”) as incorporated into UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018; c) The Data Protection Act 2018 of the United Kingdom, including all amendments and supplementary regulations; d) The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”); e) The Computer Misuse Act 1990; f) The Freedom of Information Act 2000; g) The Environmental Information Regulations 2004; h) Any and all applicable international data protection and privacy legislation in force from time to time in jurisdictions where the Company operates or processes personal data.

1.2. Territorial and Jurisdictional Application

The provisions contained within this Policy shall apply globally and without territorial limitation to all processing of personal data carried out by or on behalf of Exohood Labs, regardless of: (i) the geographical location of the data subject; (ii) the physical location of any processing activities; (iii) the jurisdiction in which the data subject normally resides; (iv) the location of any servers, data centres, or other technical infrastructure utilized in the processing of personal data; and (v) the means and mechanisms by which personal data is collected, processed, or transmitted.

2. DEFINITIONS AND INTERPRETATIONS

2.1. Comprehensive Definitions

For the purposes of this Policy and all associated documentation, the following extensive definitions shall apply and shall be interpreted broadly to provide maximum protection for Exohood Labs:

2.1.1. “Personal Data” shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This definition shall be interpreted in the broadest possible manner to include any and all information that could potentially be linked to an individual, whether directly or through aggregation with other data.

2.1.2. “Processing” shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. This definition encompasses any action taken with regard to personal data, regardless of the technological means employed or the intended purpose of such actions.

[Content continues with extensive definitions of all relevant terms…]

3. COMPREHENSIVE DATA COLLECTION AND PROCESSING ACTIVITIES

3.1. Categories of Personal Data Collected and Processed

In the course of providing our Services and maintaining our legitimate business interests, Exohood Labs shall collect, process, analyse, store, and transmit an extensive range of personal data, including but not expressly limited to the following comprehensive categories:

3.1.1. Essential Identity and Authentication Information: This category encompasses, in the most comprehensive manner possible, all information related to your identity, authentication, and verification, including but not limited to: your full legal name as it appears on government-issued identification documents; any and all previous names, aliases, or pseudonyms you may have used; your date and place of birth; nationality and citizenship status (including multiple citizenships if applicable); government-issued identification numbers (including but not limited to national insurance numbers, social security numbers, passport numbers, driver’s license numbers, and any other form of government-issued identification); biometric data (including but not limited to facial recognition data, fingerprint data, voice recognition data, and any other biometric identifiers); signature specimens; personal photographs; video recordings of identity verification sessions; and any other information that may be necessary for identity verification and authentication purposes.

3.1.2. Contact and Communication Information: The Company shall collect and maintain comprehensive contact information including, but not limited to: all current and previous residential addresses; postal addresses; email addresses; telephone numbers (including mobile, landline, and emergency contact numbers); facsimile numbers; social media handles and identifiers; professional networking profiles; and any other means of contact or communication that you may utilize or make available to us.

3.1.3. Technical and Device Information: The Company shall systematically collect and process comprehensive technical information pertaining to the devices, systems, and networks through which you access our Services, including but not limited to: Internet Protocol (IP) addresses (both IPv4 and IPv6); Media Access Control (MAC) addresses; device identifiers; hardware specifications; operating system information and version numbers; browser types and versions; plug-in types and versions; screen resolutions; colour depths; time zone settings; language preferences; keyboard layouts; device orientation data; battery status information; network connection type and speed; mobile network information; carrier data; and any other technical parameters that may be necessary for the proper provision and optimization of our Services.

3.1.4. Financial and Transactional Information: In connection with the provision of our Services, the Company shall collect and maintain extensive financial and transactional information, including but not limited to: bank account details; payment card information (including card numbers, expiration dates, and security codes); cryptocurrency wallet addresses; transaction histories; payment records; billing addresses; credit history; credit scores; tax identification numbers; source of funds declarations; investment preferences; trading histories; account balances; financial statements; asset holdings; and any other financial information necessary for the processing of transactions or compliance with regulatory obligations.

4. LAWFUL BASIS FOR PROCESSING AND LEGITIMATE INTERESTS

4.1. Primary Legal Bases for Processing

The Company processes personal data on the following exhaustive legal grounds, each of which provides independent and sufficient justification for the processing activities described herein:

4.1.1. Contractual Necessity: The Company shall process personal data where such processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This basis encompasses all processing activities that are fundamentally required for the provision of our Services, including but not limited to: account creation and management; service delivery; transaction processing; technical support provision; and feature accessibility.

4.1.2. Legal and Regulatory Obligations: The Company shall process personal data where such processing is necessary for compliance with legal and regulatory obligations to which the Company is subject, including but not limited to: anti-money laundering regulations; counter-terrorism financing requirements; tax reporting obligations; financial services regulations; consumer protection laws; data protection legislation; court orders; legal proceedings; regulatory investigations; and any other legal obligations that may arise in jurisdictions where the Company operates.

4.1.3. Legitimate Interests: The Company shall process personal data where such processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The Company’s legitimate interests include, but are not limited to:

a) Protecting the security, integrity, and functionality of our Services; b) Preventing fraud, unauthorized access, and other malicious activities; c) Improving and optimizing our Services and user experience; d) Conducting business analytics and market research; e) Developing new products and services; f) Marketing and promoting our Services; g) Maintaining accurate records and documentation; h) Enforcing our terms, conditions, and policies; i) Protecting our legal rights and interests.

4.1.4. Explicit Consent: Where required by applicable law and in certain specific circumstances, the Company shall process personal data based on the data subject’s explicit, informed, and unambiguous consent. By accepting this Policy and using our Services, you hereby grant such consent for all processing activities described herein. You acknowledge and agree that this consent:

a) Is freely given, specific, informed, and unambiguous; b) Extends to all processing activities described in this Policy; c) Remains valid for the entire duration of your relationship with the Company; d) Survives the termination of such relationship for legitimate purposes; e) May be withdrawn at any time, subject to the conditions and limitations set forth in this Policy.

5. DATA SHARING AND THIRD-PARTY PROCESSORS

5.1. Authorised Data Sharing

The Company reserves the right to share personal data with carefully selected and vetted third parties under the following comprehensive circumstances:

5.1.1. Service Providers and Processors: The Company may engage third-party service providers and data processors to assist in the provision of our Services. Such entities may include, but are not limited to:

a) Cloud storage and hosting providers; b) Payment processors and financial institutions; c) Identity verification and authentication services; d) Analytics and market research providers; e) Marketing and advertising partners; f) Customer support and communication platforms; g) Technical infrastructure providers; h) Professional advisors and consultants.

5.1.2. Corporate Transactions: The Company may share personal data in connection with any merger, acquisition, consolidation, reorganization, sale of assets, bankruptcy, or similar corporate event. In such circumstances, you acknowledge and agree that your personal data may be transferred to the relevant third parties as part of the transaction.

5.1.3. Legal Requirements: The Company may share personal data where required by law, regulation, court order, or governmental request, or where the Company reasonably believes that such disclosure is necessary to:

a) Comply with legal obligations; b) Protect the rights, property, or safety of the Company, our users, or others; c) Prevent or investigate possible wrongdoing; d) Enforce our terms, conditions, and policies; e) Respond to claims of alleged violations of law or contracts.

6. INTERNATIONAL DATA TRANSFERS

6.1. Cross-Border Data Processing

The Company may transfer personal data to countries outside the United Kingdom and European Economic Area (EEA) under the following comprehensive framework:

6.1.1. Adequacy Decisions: Where the recipient country has been deemed to provide an adequate level of protection for personal data by the relevant authorities, transfers may occur without additional safeguards.

6.1.2. Standard Contractual Clauses: Where transfers occur to countries without an adequacy decision, the Company shall implement appropriate safeguards through the use of Standard Contractual Clauses (SCCs) approved by the relevant authorities.

6.1.3. Binding Corporate Rules: Where applicable, the Company may rely on Binding Corporate Rules approved by supervisory authorities for intra-group transfers of personal data.

7. DATA SECURITY MEASURES

7.1. Technical and Organisational Security Measures

The Company implements and maintains appropriate technical and organisational security measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These comprehensive measures include, but are not limited to:

7.1.1. Technical Security Measures: a) Advanced encryption protocols for data at rest and in transit; b) Multi-layer firewalls and intrusion detection systems; c) Multi-factor authentication mechanisms; d) Regular security assessments and penetration testing; e) Real-time monitoring and alerting systems; f) Automated backup and recovery systems; g) Network segmentation and access controls; h) Security incident and event management (SIEM) systems; i) Advanced threat protection and prevention mechanisms; j) Secure development lifecycle practices.

7.1.2. Organisational Security Measures: a) Regular security awareness training for all personnel; b) Strict access control policies and procedures; c) Background checks for employees and contractors; d) Confidentiality agreements and data protection clauses; e) Incident response and business continuity plans; f) Regular security audits and compliance assessments; g) Documentation of security procedures and controls; h) Physical security measures for facilities and equipment; i) Vendor risk assessment and management procedures; j) Security governance and oversight mechanisms.

7.2. Acknowledgment of Security Limitations

Notwithstanding the implementation of the aforementioned security measures, you explicitly acknowledge and agree that:

a) No method of transmission over the Internet or electronic storage is completely secure; b) The Company cannot guarantee absolute security of personal data; c) You transmit personal data to the Company at your own risk; d) The Company shall not be liable for any security breaches that occur despite its reasonable security measures.

8. DATA RETENTION AND DELETION

8.1. Retention Periods and Criteria

The Company shall retain personal data for as long as necessary to fulfil the purposes outlined in this Policy, subject to the following extensive retention guidelines:

8.1.1. Active Account Retention: Personal data associated with active accounts shall be retained for the entire duration of the account’s existence and for a period of up to seven (7) years following account closure or termination, or such longer period as may be required by applicable law or regulatory requirements.

8.1.2. Regulatory Compliance Retention: Personal data required for compliance with legal and regulatory obligations shall be retained for the period specified by applicable laws and regulations, which may extend beyond the termination of the business relationship.

8.1.3. Legitimate Business Purposes: Personal data may be retained for legitimate business purposes, including but not limited to: a) Financial record-keeping and auditing; b) Risk assessment and management; c) Fraud prevention and detection; d) Security incident investigation; e) Legal claims and disputes; f) Business analytics and improvement; g) Historical record-keeping and archival purposes.

8.2. Data Deletion and Destruction

8.2.1. Deletion Methods: When personal data is no longer required, it shall be securely deleted or destroyed using appropriate technical methods, which may include: a) Secure overwriting of electronic data; b) Physical destruction of storage media; c) Anonymization or pseudonymization techniques; d) Third-party certified destruction services.

9. USER RIGHTS AND CONTROL MECHANISMS

9.1. Data Subject Rights

While the Company acknowledges certain statutory rights of data subjects, these rights are subject to various limitations, conditions, and exceptions. The following rights may be exercised by submitting a written request to the Company:

9.1.1. Right of Access: You have the right to request confirmation of whether the Company processes your personal data and to receive a copy of such data, subject to: a) Verification of your identity; b) Technical feasibility; c) Protection of trade secrets; d) Protection of others’ rights and freedoms; e) Reasonable time and resource constraints.

9.1.2. Right to Rectification: You have the right to request correction of inaccurate personal data and to have incomplete personal data completed, subject to: a) Provision of supporting documentation; b) Technical feasibility; c) Reasonable verification procedures.

[Content continues with detailed explanations of other data subject rights…]

10. COOKIES AND TRACKING TECHNOLOGIES

10.1. Comprehensive Cookie Usage

The Company employs an extensive array of cookies and tracking technologies across its Services, including but not limited to:

10.1.1. Essential Cookies: Cookies that are strictly necessary for the functioning of our Services, including: a) Authentication cookies; b) Security cookies; c) Load balancing cookies; d) Session management cookies.

10.1.2. Analytical and Performance Cookies: Cookies that help us understand how users interact with our Services, including: a) Analytics cookies; b) Performance monitoring cookies; c) User behavior tracking cookies; d) Error logging cookies.

11. CHILDREN’S PRIVACY AND AGE RESTRICTIONS

11.1. Age Restrictions and Verification

11.1.1. Minimum Age Requirements: The Company’s Services are explicitly not designed for, intended for, or targeted at individuals under the age of eighteen (18) years. The Company implements the following strict measures regarding age restrictions:

a) Absolute prohibition of use by individuals under thirteen (13) years of age; b) Requirement of parental or legal guardian consent for users between thirteen (13) and eighteen (18) years of age; c) Implementation of age verification mechanisms; d) Regular monitoring for potential underage usage; e) Immediate termination of accounts suspected of being operated by underage users.

11.1.2. Age Verification Procedures: The Company reserves the right to implement and maintain rigorous age verification procedures, which may include: a) Document-based verification; b) Third-party age verification services; c) Biometric age estimation technology; d) Parent or guardian verification systems; e) Additional verification steps for high-risk activities.

12. DATA BREACH NOTIFICATION AND INCIDENT RESPONSE

12.1. Comprehensive Incident Response Protocol

In the event of a personal data breach, the Company shall follow these extensive notification and response procedures:

12.1.1. Internal Response Procedures: a) Immediate activation of the incident response team; b) Documentation of the breach circumstances and scope; c) Implementation of containment measures; d) Investigation of the breach cause and impact; e) Development of remediation strategies; f) Implementation of preventive measures; g) Post-incident analysis and reporting.

12.1.2. External Notification Requirements: The Company shall notify relevant parties of data breaches as follows:

a) Supervisory Authorities:

• Notification within 72 hours of breach awareness;

• Detailed description of the breach nature and scope;

• Assessment of potential consequences;

• Description of measures taken or proposed;

• Contact information for further communication.

b) Affected Data Subjects:

• Prompt notification when high risk to rights and freedoms is identified;

• Clear and plain language description of the breach;

• Specific recommendations for risk mitigation;

• Contact information for additional inquiries;

• Resources for identity theft protection where applicable.

13. POLICY UPDATES AND MODIFICATIONS

13.1. Policy Evolution and Amendment Procedures

13.1.1. Company Rights and Discretion: The Company reserves the absolute and unilateral right to modify, amend, supplement, or update this Policy at any time, with such modifications becoming immediately effective upon publication. The Company may exercise this right:

a) Without prior notice to users; b) At its sole and absolute discretion; c) As frequently as deemed necessary; d) For any reason or no reason; e) With immediate binding effect upon all users.

13.1.2. User Responsibilities: You acknowledge and agree that:

a) It is your sole responsibility to regularly review this Policy; b) Your continued use of the Services following any modifications constitutes acceptance of such modifications; c) You waive any right to receive specific notice of each modification; d) You are bound by any modifications whether or not you have reviewed them; e) You must cease using the Services if you do not agree with any modifications.

14. LIMITATION OF LIABILITY AND INDEMNIFICATION

14.1. Comprehensive Limitation of Liability

14.1.1. Scope of Limitation: To the fullest extent permitted by applicable law, and notwithstanding any other provision of this Policy or any other agreement, you explicitly acknowledge, accept, and agree that Exohood Labs, its directors, officers, employees, agents, partners, suppliers, and licensors shall not be liable for:

a) Any direct, indirect, incidental, special, consequential, punitive, or exemplary damages; b) Loss of profits, revenue, data, use, goodwill, or other intangible losses; c) Damages resulting from interrupted or corrupted data transmission; d) Damages resulting from unauthorized access to or alteration of your data; e) Damages resulting from errors, omissions, interruptions, deletions, or delays in operation or transmission; f) Damages resulting from any use or inability to use the Services; g) Damages resulting from any reliance placed on information obtained through the Services; h) Damages resulting from viruses, malware, or other malicious code; i) Damages resulting from force majeure events.

14.1.2. Indemnification Obligations: You agree to defend, indemnify, and hold harmless the Company and its affiliates from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys’ fees) arising out of or relating to:

a) Your violation of this Policy; b) Your use of the Services; c) Your violation of any third-party rights; d) Your violation of any applicable laws or regulations; e) Any content or data you submit through the Services.

15. GOVERNING LAW AND JURISDICTION

15.1. Legal Framework and Dispute Resolution

15.1.1. Governing Law: This Policy shall be governed by and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is explicitly excluded.

15.1.2. Jurisdiction and Venue: Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales. You hereby irrevocably submit to the personal jurisdiction of such courts and waive any objection to venue in such courts.

15.1.3. Dispute Resolution Process: Any disputes shall be resolved through the following progressive steps:

a) Informal negotiation and good faith efforts to resolve; b) Formal written notice of dispute; c) Mandatory mediation period; d) Binding arbitration or litigation as determined by the Company; e) Enforcement of judgment in any court of competent jurisdiction.

16. CONTACT INFORMATION AND DATA PROTECTION OFFICER

For any queries, concerns, or requests related to this Policy or your personal data, please contact:

Data Protection Officer Exohood Labs Limited 793 Commercial Rd London E14 7HG United Kingdom

Email: privacy@exohood.com

Response Times:

• General Inquiries: Within 5 business days

• Data Subject Rights Requests: Within 30 calendar days

• Urgent Privacy Concerns: Within 72 hours

• Data Breach Related: Within 24 hours