Privacy Policy

1. Introduction

Nemasoft Ltd ("Nemasoft", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect information about you when you use our trading platform, website, mobile applications, and related services (collectively, the "Services"). This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation. Nemasoft Ltd is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact our Data Protection Officer at privacy@nemasoft.org.

2. Data We Collect

3. How We Collect Your Data

We collect personal data through the following means: • Directly from you: When you register an account, complete identity verification, make deposits or withdrawals, contact our support team, or respond to surveys. • Automatically: Through cookies, web beacons, and similar tracking technologies when you interact with our platform. See our Cookie Policy for more details. • From third parties: Identity verification providers, credit reference agencies, sanctions screening services, payment processors, and fraud prevention databases. • From public sources: Regulatory registers, company registries, and publicly available information where relevant to compliance obligations.

4. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases: • To provide and manage our Services (contractual necessity): Account creation, trade execution, fund management, and customer support. • To comply with legal and regulatory obligations (legal obligation): Identity verification, AML/KYC checks, transaction monitoring, tax reporting, and regulatory record-keeping. • To protect our legitimate interests (legitimate interests): Fraud prevention, platform security, risk management, and improving our Services. • With your consent: Sending marketing communications, using non-essential cookies, and processing data for purposes beyond those listed above. We will not use your data for automated decision-making that produces significant legal effects without your explicit consent, except where required by law.

5. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data with: • Regulatory and law enforcement authorities: Where required by applicable law, court order, or regulatory obligation, including financial regulators, tax authorities, and law enforcement agencies. • Identity verification and compliance providers: Third-party KYC, AML, and sanctions screening services to fulfil our regulatory obligations. • Payment processors and banking partners: To facilitate deposits, withdrawals, and fund transfers. • Technology and infrastructure providers: Cloud hosting, data storage, analytics, and platform infrastructure providers operating under strict data processing agreements. • Professional advisers: Lawyers, auditors, and consultants bound by confidentiality obligations. • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to equivalent privacy protections. All third parties are required to process your data in accordance with applicable data protection law and our instructions.

6. International Data Transfers

Nemasoft operates globally and your personal data may be transferred to, and processed in, countries outside the United Kingdom or European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including: • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or the European Commission; • Transfers to countries with an adequacy decision from the UK or EU; • Binding Corporate Rules where applicable. You may request details of the specific safeguards in place for any international transfer by contacting privacy@nemasoft.org.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements. As a regulated financial services provider, we are required to retain certain records for a minimum of five (5) years following the end of our business relationship with you, and in some cases up to seven (7) years or longer where required by law. When data is no longer required, we securely delete or anonymise it in accordance with our data retention schedule.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include: • End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256); • Multi-factor authentication for account access; • Role-based access controls limiting data access to authorised personnel only; • Regular penetration testing and security audits; • Incident response procedures and breach notification protocols. While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. You are responsible for keeping your account credentials confidential.

9. Your Rights

Under UK GDPR and applicable data protection law, you have the following rights regarding your personal data: • Right of access: Request a copy of the personal data we hold about you (Subject Access Request). • Right to rectification: Request correction of inaccurate or incomplete data. • Right to erasure: Request deletion of your data where there is no compelling reason for its continued processing ("right to be forgotten"). • Right to restriction: Request that we restrict processing of your data in certain circumstances. • Right to data portability: Receive your data in a structured, machine-readable format and transfer it to another controller. • Right to object: Object to processing based on legitimate interests or for direct marketing purposes. • Rights related to automated decision-making: Not be subject to solely automated decisions that produce significant legal effects. To exercise any of these rights, please submit a request to privacy@nemasoft.org. We will respond within 30 days. We may need to verify your identity before processing your request. Some rights are subject to legal exceptions, particularly where we are required to retain data for regulatory compliance.

10. Marketing Communications

We may send you marketing communications about our products, services, and promotions where you have given your consent or where we have a legitimate interest in doing so as an existing client. You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, updating your preferences in your account settings, or contacting us at privacy@nemasoft.org. Opting out of marketing will not affect the delivery of transactional or service-related communications necessary for your account.

11. Children's Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete that information. If you believe we may have collected data from a minor, please contact us at privacy@nemasoft.org.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via an in-platform notice. We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Complaints

If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF Website: ico.org.uk Helpline: 0303 123 1113 If you are located in the EEA, you may also contact your local data protection supervisory authority.

14. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact: Data Protection Officer Nemasoft Ltd 1 Financial District London, EC2V 8RT United Kingdom Email: privacy@nemasoft.org Phone: +44 (0)20 7000 0000