The present Privacy Policy has been designed for the website https://www.esdt.tech/ and will be periodically reviewed and updated in accordance with all applicable laws and regulations. The purpose of this Information Note is to easily inform you about:

0. Definitions in accordance with GDPR

1. Who is ESDT.TECH

2. Where you can find us and how you can contact us

3. What Personal Data ESDT.TECH may process about you, how Your Personal Data is Processed through the Platform, the purpose, legal basis, and processing period

4. Disclosure of Your Personal Data to Third Parties

5. What your rights are and how you can effectively exercise them

6. Personal Data of children - we do not process the data of children under 16 years old

7. What security measures ESDT.TECH has taken to protect your Personal Data

8. Links to other websites

9. Updates to the Information Note

10. Information about the National Authority for the Supervision of Personal Data Processing

0. Definitions in accordance with GDPR

Personal Data means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Recipient means a natural or legal person, public authority, agency or another body to whom Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. This means that a security breach is more than just the loss of Personal Data;

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

GDPR Regulation means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller;

Processing Restriction means marking of stored Personal Data with the aim of limiting their processing in the future;

Third Party means a natural or legal person, public authority, agency or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.

1. Who is ESDT.Tech

ESDT.Tech (hereinafter referred to as "we" or "our") is the trade name of Cryoflame Design SRL, with its registered office located in Jac, no. 294, Salaj County, registered with the Trade Register under no. J31/166/2018, as the owner and administrator of the website: https://www.ESDT.Tech/ ("Platform" or "Website").

In accordance with the GDPR Regulation, considering the Personal Data processed through our Platform, we are considered Controllers, and our visitors and users are considered Data Subjects. We are fully committed to respecting the confidentiality and security of your Personal Data, ensuring that all Personal Data is processed only for specific, explicit, and lawful purposes, in accordance with the principles and provisions of the GDPR.

2. Where you can find us and how you can contact us

Regarding any information regarding Personal Data that we may process through our Platform, please feel free to contact us via email at contact@esdt.tech

3. What Personal Data ESDT.Tech can process about you, how your Personal Data is processed through the Platform, the purpose, legal basis, and processing period

At ESDT.Tech, we give high priority to protecting your rights over personal data, so in addition to complying with all relevant regulations, we have adopted industry best practices for Processing Personal Data. Our approach involves collecting personal data directly from you - giving you greater control over the information you wish to provide - and processing any personal data we collect only for the specific purposes described in this policy.

In addition, we have implemented rigorous security measures to protect your personal data and prevent unauthorized access or unintended disclosure.

Please note that Personal Data is considered any data that could directly or indirectly identify you as a person. Although personal data such as professional skills/education-related information is not considered Personal Data per se, as it may not directly lead to your identification, such data, combined with other data (your name, username, email address, description provided in your profile) could eventually identify you.

To easily identify the Personal Data we process, we have grouped them into several categories based on the purpose of processing, as follows:

CATEGORY 1 – USE OF THE PLATFORM AS A VISITOR

Personal Data – IP address, type and version of internet browser, operating system used, accessed page, website accessed before visiting the site (referrer URL), date and time of visit, preferences for social platforms, location.

Legal basis – art. 6 para. 1 lit. a), b), and f) of the GDPR Regulation, which allows us to Process Personal Data when necessary for the performance of a contract.

Collection method – directly from you by accessing our Platform.

Retention period – typically, the retention period of these Personal Data depends on each type of cookie implemented on the Platform, according to our cookie policy, without exceeding the necessary duration according to the purpose of processing and, in no case, a term of 5 years from the Processing date.

Processing purpose – ESDT.Tech processes these Personal Data collected through the website for the following purposes and for the following reasons:

- Standard technical connection data (essential) are necessary to ensure the functionality, optimization, and security of our website; to facilitate your access to our website (adjusting the size of the website according to the device used); to recognize and stop any abusive use of the website, etc.

- To ensure the security of the website, we use the services of a Third Party to check if the website is accessed by humans or robots by performing a task involving human interaction.

- Data necessary for improving services (non-essential), as well as for promotional purposes.

- We may collect aggregate analytical statistical data, as defined above, using cookies created by other companies, such as Google Analytics. According to the Google Analytics policy, "Google Analytics is a simple and easy-to-use tool that helps website owners measure how users interact with the content of a web page."

You can disable or restrict the sending of cookies by modifying the settings of the browser you are using. Also, already stored cookies can be deleted at any time.

For more information on how you can modify or delete data processed by each cookie, please refer to the Cookie Policy section.

CATEGORY 2 – SOCIAL MEDIA PLATFORMS

Personal Data – related to each user, such as: user's social media accounts; any other information that users decide to provide us when contacting us on social platforms; any other information that users decide to provide us when contacting us by email; comments and/or posts on our profiles.

Since the internet is not a secure space, please do not send us or limit, as much as possible, the personal data communicated through social platforms or by email.

Processing purpose – the above-mentioned Personal Data is processed for customer support purposes.

Legal basis – Art. 6 para. 1 lit. b) of the GDPR Regulation, which allows us to Process personal data when necessary for the performance of a contract or for steps prior to entering into a contract.

Collection method – Personal data is collected directly from users when they decide to contact us through social platforms.

Retention period – Personal Data is stored for the purpose of proving the fulfillment of contractual obligations between the parties for a period between 30 days and 1 year, depending on the nature of the request (complaint, warranty request, contractual request, general request, etc.).

In general, Personal Data is retained for a limited period depending on the purpose of processing and the legal provisions applicable to each category of data.

CATEGORY 3 – CONTACT FORM

Personal Data – name, email address, phone number, as well as any other Personal Data you include in the contact form.

Processing purpose – Personal Data is processed for the purpose of putting you in contact with us and being able to communicate your requests;

Legal basis – art. 6 para. 1 lit. b) of the GDPR Regulation, which allows us to process Personal Data when necessary for the performance of a contract or for steps prior to entering into a contract and art. 9 para. 2 lit. h) which allows us to process Personal Data when it is necessary for the provision of services (including information);

Collection method – directly from you by completing the form on the Platform;

Retention period – Personal Data is stored for the purpose of proving the fulfillment of contractual obligations between the parties for a period between 30 days and 1 year, depending on the nature of the request (complaint, warranty request, contractual request, general request, etc.);

In general, Personal Data is retained for a limited period depending on the purpose of processing and the legal provisions applicable to each category of data.

CATEGORY 4 – PURCHASING DIGITAL ASSETS THROUGH THE PLATFORM

Personal Data – name, surname, address, your public address linked to your electronic wallet.

Indirect Data – as a result of interacting with our Platform and considering our contractual relationship, we come into contact with a series of data that could indirectly lead to your identification such as your interest in the Web 3 domain or your financial situation, considering the value and number of non-fungible digital assets purchased, as well as other assets in your electronic wallet.

TO AVOID ANY MISUNDERSTANDING, PERSONAL DATA COLLECTED INDIRECTLY MAY RESULT FROM YOUR ACTIVITY WITHIN THE PLATFORM, AND WE DO NOT SPECIFICALLY QUERY YOUR WALLET.

Processing purpose – Personal data is processed to allow you to purchase the desired quantity of digital or physical assets.

Legal basis – Art. 6 para. 1 lit. b) of the GDPR Regulation, which allows us to Process personal data when necessary for the performance of a contract.

Collection method – directly from you, by completing the necessary data in the form available on the Platform.

Retention period – Your Personal Data is stored and Processed for a period of approximately 5 years, or for a shorter period, as necessary to manage our contractual relationship.

4. Disclosure of Your Personal Data to Third Parties

During the normal course of our business activities, ESDT.Tech will not disclose or transfer, for direct marketing purposes, your Personal Data to Third Parties, whether these individuals are located in Romania, the EU, or outside the EU.

Our Employees

ESDT.Tech employees who have access to Personal Data have been trained to respect the security and confidentiality of the Personal Data they have access to in the course of their professional activities. Employee access to Personal Data is limited to the information necessary to perform their specific tasks.

Suppliers

We conduct our daily activities to the highest standards, so sometimes we choose to cooperate with other companies to facilitate various technical or administrative processes, such as: email archiving services, data storage, security data archiving, legal services, etc. Thus, we may engage in contractual relationships with providers that are not established in the European Economic Area (EEA), and such circumstances could entail the disclosure of your Personal Data outside the EEA.

However, we are fully committed to protecting the confidentiality and security of your Personal Data. In cases where we need to disclose your Personal Data to third-party providers, we will verify if each provider complies with the GDPR Regulation and if it has implemented sufficient measures to protect the Personal Data they may receive from us.

Legal Requirements

Your Personal Data may be transmitted to government authorities and/or law enforcement agencies if required by applicable law.

5. What Are Your Rights and How Can You Effectively Exercise Them

ESDT.Tech, as the Data Controller, ensures technical and organizational measures to ensure that your rights (as a Data Subject) are respected:

Right of access: You have the right to obtain confirmation of whether Personal Data concerning you are being Processed by us and, in this case, to access your Personal Data and information about how they are Processed.

Right to data portability: You have the right to receive some of your Personal Data, which you have provided to us, in a structured, commonly used, and machine-readable format, and you also have the right to transmit this data to another Controller, without hindrance from us, if technically feasible.

Right to object: You have the right to object to the Processing of your Personal Data, when Processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your Personal Data are Processed for direct marketing purposes.

Right to rectification: You have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data concerning you. The rectification shall be communicated to each recipient to whom the data have been transmitted, unless this proves impossible or involves disproportionate effort (demonstrable).

Right to erasure ("right to be forgotten"): You have the right to obtain from us the erasure of Personal Data concerning you without undue delay, and we have the obligation to erase Personal Data without undue delay where one of the following grounds applies: Your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise Processed; you withdraw your consent on which the Processing is based and there is no other legal ground for Processing; you object to Processing, and there are no overriding legitimate grounds for the Processing; your Personal Data have been Processed unlawfully; your Personal Data have to be erased for compliance with a legal obligation; your Personal Data have been collected in relation to the offer of information society services.

Right to restriction of Processing: You have the right to obtain from us restriction of Processing where one of the following applies: you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of your Personal Data; the Processing is unlawful, and you oppose the erasure of the Personal Data and request the restriction of their use instead; we no longer need your Personal Data for the purposes of the Processing, but they are required by you for the establishment, exercise, or defense of legal claims; you have objected to Processing pending the verification whether our legitimate grounds override yours.

Right not to be subject to a decision based solely on automated Processing: You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Therefore, we hereby declare that ESDT.Tech does not use applications, algorithms, artificial intelligence, or automated processes to make automated decisions (without human intervention) that produce legal effects.

Exercising the rights mentioned above can be done at any time. To exercise these rights, we encourage you to submit your written request (together with your contact details) in electronic format to the email address indicated in Section 2 above.

6. Personal Data of Children

ESDT.Tech does not collect Personal Data of children under the age of 16. Therefore, if you are under 16 years old, please do not provide us with any kind of Personal Data.

7. Security Measures Adopted by ESDT.Tech to Protect Your Personal Data

We have taken responsibility for implementing appropriate technical and organizational measures regarding the protection of the confidentiality and security of your Personal Data. We have taken all reasonable measures to protect your Personal Data against deterioration, loss, misuse, unauthorized access, alteration, destruction, or disclosure, as follows:

a. Only individuals nominated by ESDT.Tech have access to our archiving system. To access the system, they use individual accounts and passwords that are changed periodically.

b. All our employees, collaborators, and service providers who come into contact with Personal Data must act in accordance with the principles and policies regarding the Processing of Personal Data. They have been informed and have undertaken to comply with the GDPR by signing Data Processing Agreements or as a result of the law.

c. Our employees and collaborators have access to Personal Data to perform their professional tasks and only in accordance with the stated purpose of data collection.

d. Computers accessing the archiving system are password-protected and have antivirus, antispam, and firewall security updates.

e. Personal Data is printed only by authorized users if necessary for conducting our business or fulfilling our legal obligations.

Please also carefully select the Personal Data you choose to submit, considering that the internet or emails are not impenetrable spaces, and a technical error can cause an unfortunate event regarding your Personal Data.

8. Links to Other Websites

On our website, you can find links to other organizations. This Privacy Notice does not cover the Personal Data processed by these organizations. If you decide to access the links of other organizations, we encourage you to carefully read their privacy notices, which can be found on their websites. In general, the privacy notice can be accessed in the bottom section of the website.

9. Updates to the Privacy Notice

Considering that we are constantly developing our services, we are confident that our platform may soon have new features, so our Privacy Notice will be updated accordingly.

To keep you informed, we always publish the latest version of the Privacy Notice on our website, without any specific notification in this regard.

We assure you that the way we collect and process your Personal Data is in accordance with the provisions of the GDPR.

We encourage you to constantly review this Privacy Notice to stay informed about the categories, purposes, and methods in which ESDT.Tech processes your Personal Data.

If you have any questions about this Privacy Notice, please contact us at the email address indicated in Section 2 above.

10. Information about the National Supervisory Authority for Personal Data Processing

If you believe that your rights provided by Regulation no. 679/2016 have been violated, you can address us directly or the Data Protection Supervisory Authority: the National Supervisory Authority for Personal Data Processing "ANSPDC", by filing a complaint.

Contact details of the authority:

Complaints link: https://www.dataprotection.ro/?page=Plangeri_pagina_principala

Contact link: https://www.dataprotection.ro/?page=contact&lang=ro

Website: https://www.dataprotection.ro/

Address: B-dul G-ral. Gheorghe Magheru, nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania