“Gratis app” is a registered brand and trade name of “Eurotrade Investments RGB Ltd” (hereinafter the “Company”) a Cypriot Investment Firm (CIF) under the Registration Number HE317893, licensed and regulated by the Cyprus Securities and Exchange Commission (hereinafter the “CySEC”) under license 279/15 with registered address at 70, Kyrillou Loukareos Street, Kakos Premier Tower, 1st Floor, 4156, Limassol, Cyprus.

The Company is committed to protecting customers’ privacy. This Privacy Policy describes what Personal Data we collect, use and process and how this information is used in the course of our business.

The Company collects customer data for various reasons, which include:

• The provision of investment and ancillary services,
• To ensure compliance with the provisions of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007-2019,
• To communicate with customers,
• For marketing purposes,
• To defend its legal rights,
• For recruitment, employment and payroll, and
• For any other purpose similar or connected to the above or for any other purpose that the customer will provide personal data to us.

Customer’s data include name, address, identification details, postal and business address, mobile phone number, email, profession, bank account details, social insurance number, tax identification number, certificate of clean-criminal record, certificate of non-bankruptcy and other relevant details. This data is stored and processed by the Company throughout the validity period of the contract / relationship, in order to provide the requested services, handle requests and/or enquiries and perform payments. This data is also stored for a period of five years after the termination of the contract / relationship.

The Company may process the personal data set out above for any of the following purposes:

• Disclose personal data to the Cyprus Securities and Exchange Commission and/or the Central Bank of Cyprus, as per the relevant legal requirements,
• Disclose information that is essential to auditors, legal consultants, operational partners, support services partners and affiliates for the complete provision of the service to the customer,
• Provide information to the customer’s authorized representative,
• For compliance with a legal obligation of the Company,
• For the protection of the customer’s vital interests,
• For purposes of legitimate interests of the Company, such as legal actions against the customer, the detection and prevention of fraud and IT purposes (e.g. cyber-security, data loss prevention),
• Reveal to regulatory authorities, competent governmental authorities and agencies (other than tax authorities), law enforcement agencies, intergovernmental or supranational bodies, and other third parties with the requisite authority to request such information,
• Reveal information in response to criminal or civil legal process as requested by the competent courts of the relevant jurisdiction and as permitted under Cyprus Laws,
• Provide information for statistical purposes that do not include personal identification information but are of rather aggregate nature.

The Company takes all necessary steps to safeguard the Confidentiality, Integrity and Availability of its systems and services, e.g. to protect against cybersecurity threats, fraud, etc. Personal data is stored by the Company for a period of five years after the termination of the contract / relationship. After the lapse of this period this data is erased.

The following data is not erased: Data processed for the purposes of legitimate interest (e.g. an action against a customer), which are maintained until the legitimate purpose is completed.

The Company uses customer data for communicating and/ or promoting the provision of its services. These communications and/or promotions are in the form of emails.

Right of Access:

1. Customers may be informed in more detail about the Personal Data processes of the Company by:

   • Visiting the offices of the Company, completing, and submitting the relevant application form, or
   • Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

2. The right of access is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

Right to Erasure (“Right to be Forgotten”)

1. Customers may request the erasure of any of their Personal Data by:

   • Visiting the offices of the Company, completing, and submitting the relevant application form, or
   • Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

2. The right to erasure is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

Data Portability

1. Customers may exercise the right to data portability by:

   • Visiting the offices of the Company, completing, and submitting the relevant application form, or
   • Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

2. Data portability is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

Right of Updating, Rectification or Minimization of Personal Data

1. Customers may update their Personal Data or request the correction of any inaccurate Personal Data or data minimization, by:

   • Visiting the offices of the Company, completing, and submitting the relevant application form, or
   • Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

2. These rights are subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

Customers are informed that the associates of the Company are based within the EU and/or the EEA. These partners are contractually committed to the Company to provide appropriate security safeguards and to maintain the confidentiality of the customers’ Personal Data.

Customers can contact the Company for any information on its Privacy Policy by phone at +357 25 262 826, or by post at Makaria Centre, Office 501, 22 Leoforos Archiepiskopou Makariou 3, Larnaca 6017, Cyprus, or by email at [email protected]. The same contact details may be used for any inquiry or complaint.

Given its scale and complexity, the Company has not appointed a Data Protection Officer’s (“DPO”).

“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.

“Personal Data”: means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor”: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.