APPROVED

Director of Brightum LLC

________________ O.I. Korchagin

01 July 2024

Initial version as of 01.07.2024

Current version as of 01.07.2024

POLICY TOWARD PERSONAL DATA PROCESSING

Brightum LLC (UNP 193263674, location: Minsk, Nezavisimosty Ave., 186, premises 1201

(office No.8)), operator of TRADEX cryptoplatform and the owner of the internet portal

https://tradex.by (hereinafter – SITE) (hereinafter – TRADEX), hereby informs its USERS on

policy applied on the SITE with regard to USER personal data.

This policy toward personal data processing (hereinafter – POLICY) is based on norms of

Belarus legislation and international legislation in the area of personal data protection, as well

as requirements of the HTP Supervisory Board (hereinafter – Legislation). These principles and

norms shall be applied at processing of USER personal data when using TRADEX

cryptoplatform for protections of USER personal life.

This POLICY aims to ensure and guarantee informing of all USERs on what personal data on

users and visitors are collected by TRADEX, how it is done and with what purposes.

This POLICY is an integral part of USER AGREEMENT.

This POLICY shall be applied to all information submitted by USERS to TRADEX.

USERS – all individuals registered as users on SITE of TRADEX cryptoplatform.

When USER provides a respective mark to agree with USER AGREEMENT and this POLICY

on the SITE and further supplies personal data via TRADEX cryptoplatform means

unconditional agreement of USER with this POLICY. If USER does not agree with these

conditions, he or she shall abstain from using TRADEX cryptoplatform.

A user by registering on SITE and leaving his or her personal data gives his or her consent to

receive to mobile phone number or e-mail address specified at registration SMSs and e-mails

from TRADEX related to operations on TRADEX cryptoplatform, as well as SMSs and e-mails

with information on new products, promotions, special offers, etc.

Terms in this POLICY are used in accordance with USER AGREEMENT and Legislation

currently in force.

1. USER PERSONAL DATA

1.1. TRADEX shall process personal data of USERS following their direct consent while

concluding and implementing USER AGREEMENT for rendering services of cryptoplatform

operator in accordance with the Legislation currently in force, including those aimed at

improving SITE services.

1.2. Any information related to USER shall be considered as personal data.

1.3. Personal data processing – any action or a number of actions imposed on personal data,

including their collection, systematization, storage, amendment, use, anonymization, blocking,

distribution, provision, and deleting.

1.4. When agreeing with this POLICY USER provides his or her consent for processing of

the following USER personal data:

POLICY TOWARD PERSONAL DATA PROCESSING

1.4.1. any data, which allow to directly identify USER (for example, real name of user, e-mail

address, phone number, etc.);

1.4.2. any data, which on the basis of which it is possible to identify USER separately on in

combination with other available information;

1.4.3. other information obtained in the process of USER identification and verification;

1.4.4. data on operations (transactions) performed by USER on TRADEX cryptoplatform;

1.4.5. data on USER payment instruments, including banking card, electronic wallet, virtual

wallet data;

1.4.6. technical information on hardware used (IP-address, software version, etc.);

1.4.7. data on USER behavior and procedure of TRADEX cryptoplatform functionality

utilization;

1.4.8. any other additional data, which was voluntarily submitted by USER in the framework of

conclusion and performance of USER AGREEMENT, as well as received by TRADEX from

other sources in accordance with this POLICY and Legislation.

1.5. When agreeing with this POLICY USER shall provide consent to TRADEX for performing

the following action with USER personal data:

1.5.1. collection of personal data during USER identification and verification shall be

performed in accordance with requirements of Legislation currently in force;

1.5.2. systematization, storing, anonymizing of personal data with the purpose of performing

USER AGREEMENT shall be performed in accordance with business processes of

cryptoplatform operator in the framework of TRADEX information system, which has

undergone technical audit;

1.5.3. use of personal data with the purpose of performing obligations under USER

AGREEMENT, as well as Legislation. Use of personal data shall be limited to purposes

specified by this POLICY;

1.5.4. change, blocking, deletion of personal data – in the framework of Legislation currently

in force, including those upon request of USER or other authorized persons;

1.5.5. provision and distribution of personal data – for the purpose of rendering services by

cryptoplatform operator in accordance with USER AGREEMENT. Provision of USER personal

data is possible only within purposes specified in this POLICY. Distribution of USER personal

data is possible only upon request of an authorized person according to Legislation.

2. PRINCIPLES OF USER PERSONAL DATA PROCESSING

2.1. TRADEX strives to protect private life of USERS and their confidentiality right when

processing personal data regardless of any ways and methods to collect such data taking into

account the following standards of their processing:

2.1.1. Receipt of consent.

Personal data shall be processed after receiving USER consent based on norms of Legislation.

If a USER does not agree with personal data processing, he/she should abstain from using

TRADEX cryptoplatform.

2.1.2. Lawfulness, fairness, and transparency.

Personal data shall be process in accordance with Legislation, fairly and transparently for USER.

2.1.3. Limitation by purpose.

Personal data shall be collected and processed in order to achieve particular, declared in advance

lawful purposes.

2.1.4. Data minimization.

Collection of USER personal (including the volume and content of the data) shall be adequate

(proportionate) and relevant to declared purposes, and shall ensure a fair balance of interests of

all interested parties at all stages of such processing. TRADEX strives to collect the minimum

volume of information necessary to perform the respective task.

2.1.5. Limitation of storage period.

USER personal data shall be stored for certain period necessary to achieve declared purposes. If

POLICY TOWARD PERSONAL DATA PROCESSING

it is not necessary to use stored data any more, TRADEX shall take measures to destroy or stop

processing USER personal data within reasonable period taking into account functional and

legal requirements related to personal data storage and confidentiality.

2.1.6. Accuracy.

Personal data shall be accurate, reliable, complete and up-to-date for achieving purpose of their

processing. TRADEX shall take measures to ensure reliability of processed personal data.

2.1.7. Transparency.

TRADEX shall openly inform on the fact of USER personal data collection, personal data

collection and processing purposes.

2.1.8. Integrity and confidentiality.

Personal data shall be processed by way ensuring its security, including protection from

unauthorized or unlawful processing, as well as accidental loss, destruction or damage.

2.2. TRADEX shall be obliged to inform USERS about the cases of violation of Legislation and

rules for managing USER personal data, if there is a high risk that such violations may result in

violation of USER rights and lawful interests.

3. TYPES OF USER PERSONAL DATA

3.1. Data independently populated by USERS:

 Full name;

 Phone number;

 E-mail;

 Citizenship;

 Date and place of birth;

 Place of residence and (or) stay, copies of proving documents;

 Details and scan of document proving identity;

 Data supplied during video/audio conferences with USER, records of the said

video/audio conferences;

 Other data specified by TRADEX in accordance with Legislation.

3.2 Data automatically collected when using services:

 Technical data about device and internet connection. With the help of server logs and

other tools TRADEX shall register data on device used by USER, the way the device is

connected to cryptoplatform services, including data on operation system, browser version, IP-

addresses, and unique identification files. Usually the data are used to obtain anonymous

(depersonalized) and aggregate statistics, but it also can be linked with USER account (profile).

This information gives possibility to analyze how services are used, and adjust them to USER

device so that to simplify and make more comfortable cryptoplatform utilization.

 Data on service utilization. When USER uses cryptoplatform functionality, the

information on that is registered in server logs. TRADEX shall use the information to prevent

service misuse, law offences and crimes, improve services, and ensure display of personalized

and relevant content.

 Location data. When USER uses cryptoplatform, TRADEX identifies approximate

location of USER based on IP-address. This information is used, for example, for statistical

research, as well as to display up-to-date data, advertisements, and other personalized content.

 Cookie files and other locally stored content. When USER uses cryptoplatform,

TRADEX shall use various tools to recognize USER and simplify use of the cryptoplatform.

Cookie file is a small file of data (text fragment), which is transferred to USER browser from

SITE. Such files contain information, which SITE afterwards may read and simplify

cryptoplatform and its services utilization for USERS.

3.3. Data from other sources. TRADEX may receive data from other sources, for example,

from advertisement partners, resources and tools for collection of third party statistical data,

POLICY TOWARD PERSONAL DATA PROCESSING

which help to analyze user activities, USER preferences and improve cryptoplatform services.

TRADEX may receive data from partners, for example, on what will be going on after USER

presses advertisement banner on SITE. Such information allows evaluating efficiency of banner

advertisement and make it more relevant for USERS.

4. PURPOSE OF PERSONAL DATA UTILIZATION

4.1. TRADEX shall process USER personal data for USER identification and verification, as

well as for other aspects of rendering services of cryptoplatform operator, service improvement

and development, as well as for provision of personalized recommendations and offers,

personalized content, prevention of violations attempts, as well as in commercial (advertisement,

marketing) purposes. Personal data shall be used for analytical purposes: to understand market

trends.

4.2. TRADEX shall store information provided by USERS when contacting user support and

other services of TRADEX in order to be able to contact USERS and provide answer to their

request. TRADEX shall store all remarks and proposals supplied by USERS to TRADEX as

they help to improve services rendered by TRADEX.

4.3. TRADEX shall recommend USERS content and services based on their behavior and

interests. TRADEX shall also use personal data to configure banner advertisements and other

commercial content on SITE according to USER preferences. Based on such information

advertisement campaigns will be run. Advertisers placing banner advertisements on SITE can

get access to USER personal information and user preferences to display banner advertisement

relevant to USER, however, it is strictly prohibited for them to user the data in other purposes

other than placement of banner advertisement on SITE.

4.4. From time to time, TRADEX shall send to USERS marketing letters (mailing) via e-mail

or other channels (for instance, in social networks), if USER has not unsubscribed from such

mailing. The mailing may contain information on special offers from third parties.

4.5. TRADEX shall use personal data of USERS so that to offer personalized services relevant

to USER needs and interests, as well as for improvement of SITE interface. Information

collected with this purpose shall be aggregated and anonymized. However, TRADEX may also

use this information not in anonymous form in solving technical issues that certain USERS come

across.

4.6. TRADEX shall use technical information and information on USER activities in order to

prevent various service violation and criminal activities on SITE. Service violation means fraud,

spamming, fishing, offers of sexual nature, attempts to log under other persons’ accounts

(profiles), as well as other actions prohibited by USER AGREEMENT and Legislation.

4.7. Purpose of USER personal data processing is also to obtain statistics on tendencies in the

segment of TRADEX activities to be used to improve cryptoplatform, as well as to expand range

of products and services. The statistics may be collected with the help of analysis performed by

both TRADEX and other engaged companies. Such companies shall analyze information

confidentially and delete it after completing their task.

4.8. Collected personal data may be stored and processed in centralized database in order to

understand user activity with regard to all cryptoplatform services.

4.9. TRADEX shall collect and process USER personal data in order to comply with Legislation.

This includes legislative norms related to prevention of money laundering and financing of

terrorism. In cases specified by Legislation TRADEX shall be entitled to transfer USER personal

data to authorized persons.

5. PROVISION OF PERSONAL DATA TO THIRD PARTIES

5.1. USER personal data may be given to third parties being subcontractors of TRADEX to

render services to TRADEX, and well as to other companies to be used in the purposes for which

the information was collected, and only in purposes specified in this POLICY (in particular,

providers of telecom and other information services, financial organizations, payment

POLICY TOWARD PERSONAL DATA PROCESSING

companies, marketing partners). If possible, the information will be supplied in anonymous

(anonymized) form, however, in some cases the information may allow identification.

5.2. Personal data may be passed to third parties, for example, when making payments, sending

service messages, or when storing information on server of a third party. However, terms and

conditions of TRADEX contract with partners and contractors protect USER right for

confidentiality and prohibit use of data by the partners and contractors in other purposes.

5.3. if there are grounds to believe that law offence of crime was committed by means of the

cryptoplatform, personal data of USER and information on the cryptoplatform utilization may

be passed to competent in investigation bodies upon official request of such bodies and

according to Legislation.

5.4. Personal data may be passed to the respective bodies at TRADEX initiative in order to

prevent planned law violations or crimes, if there are solid reasons to believe that illegal actions

may be performed with regard to third parties or cryptoplatform services.

5.5. TRADEX shall be entitled to provide USER personal data to other state bodies in

accordance with Legislation requirements, as well as to structural units of HTP, if necessary.

5.6. TRADEX shall not use, sell, hand over, or disclose USER personal data in any other way

or with any other purpose, which are not specified in this POLICY, if it is not stipulated by court

decision, or in case of prior explicit consent for it.

5.7. If personal data handed over to third parties when TRADEX renders services under contract,

such third parties shall be obliged to process the data confidentially, and not use the information

in any other purposes.

6. USER RIGHTS

6.1. USER shall be entitled:

6.1.1. To revoke his/ her consent for personal data processing any time without explaining

any reasons.

Within fifteen days after receiving such application, TRADEX shall stop processing personal

data, shall delete it and inform USER about it, if there are no other grounds for such actions with

personal data specified by Legislation.

If there is no technical possibility to delete personal data, TRADEX shall take measures to

prevent further personal data processing, including their blocking, and shall inform personal

data subject within the same period.

6.1.2. To receive information related to his/her personal data processing, containing:

 name (last name, name, middle name (if any) and location (living (staying) address) of

operator;

 acknowledgement of the fact of personal data processing by operator (authorized

person);

 his/her personal data and source of the data;

 legal ground and purpose of personal data processing;

 period for which his/her consent was given;

 name and location of authorized person being state body, legal entity of Belarus, other

organization, if such entity is charge of processing of such personal data;

 other information stipulated by Legislation.

TRADEX within five working days after receipt of the application, if different period is not

specified by Legislation, shall provide requested information in accessible form, or inform him/

her on reasons to reject the information provision.

6.1.3. To demand change of his/her personal data if such personal data is incomplete,

outdated, or inexact. For that USER shall submit application accompanied by respective

documents and (or) their copies certified in due course that prove necessity to change personal

data.

Within fifteen days after receipt of such application TRADEX shall introduce respective

POLICY TOWARD PERSONAL DATA PROCESSING

changes to his/her personal data and notify the USER about it or shall notify the USER about

reasons to refuse making such changes, if another procedure of making changes is not specified

by Legislation.

USER shall be entitled to demand notification by third parties to whom personal data were

transferred on facts of errors (inaccuracies) corrections contained in it and facts of the data

deletion (destructions).

6.1.4. To obtain information on provision of his/her personal data to third parties once

within a calendar year free of charge, if not otherwise specified by Legislation.

Within fifteen days after receipt of such application, TRADEX shall provide to USER

information on which personal data and to whom were supplied within the year preceding the

date of application submission, or shall inform subject of personal data on reasons to refuse

providing such information. The information may not be provided in cases stipulated by

Legislation.

6.1.5. To demand free of charge termination of his/her personal data processing, including

its deletion, if there is not ground for personal data processing specified by Legislation.

Within fifteen days after receipt of such application TRADEX shall stop processing personal

data, as well as delete them (ensure termination of personal data processing, as well as its

deletion by authorized person) and inform USER about it.

If there is no technical possibility to delete personal data, TRADEX shall take measures to

prevent further personal data processing, including its blocking, and shall inform USER within

the same period.

TRADEX shall be entitled to refuse USER demand to terminate his/her personal data processing

and(or) its deletion, if there are grounds for personal data processing specified by Legislation,

including the case when it is necessary for declared purposes of the data processing with USER

notification within fifteen days period.

6.1.6. Not to be subject to a decision made solely on the basis of automated handling of

personal data.

6.1.7. To receive transparent information on procedure for implementation of the above

said rights.

6.1.8. To appeal TRADEX actions in accordance with Legislation.

6.2. In order to realize rights specified by this POLICY and Legislation USER shall submit a

written application (scan of the application) to TRADEX address.

6.3. USER application shall contain:

 Last name, name, middle name (if any);

 Living (staying) address;

 Date of birth of personal data subject;

 USER identification number, if such number is absent – number of document proving

USER identity;

 Essence of demands;

 Personal signature or digital signature

6.4. If according to USER AGREEMENT cryptoplatform operator cannot provide

services without personal data, which USER requests to destroy, TRADEX shall be

entitled to stop providing such services unilaterally (data necessary for identification,

verification, etc.)

7. PERSONAL DATA STORAGE

7.1. TRADEX shall store collected personal data of USER within the whole period of USER

AGREEMENT validity for which USER is a party, and within 5 (five) years after expiration of

USER AGREEMENT, as the data storage period is required according to Legislation.

7.2. USER personal data shall not be stored in cryptoplatform system longer than it is necessary

for realization of purposes for which they were collected. When the purposes for which the

POLICY TOWARD PERSONAL DATA PROCESSING

personal data were collected are reached, or storage of the personal data is not required any

longer by Legislation, TRADEX shall take measures to destroy, aggregate, or anonymize the

personal data.

8. PERSONAL DATA SECURITY

8.1. TRADEX shall store and process USER personal data by reliable and secure way.

TRADEX shall follow procedures, principles and measures, which guarantee USER

confidentiality taking into account Legislation requirements.

8.2. USER personal data shall be accessed in accordance with TRADEX internal regulations

regarding work with risks and information protection.

8.3. TRADEX shall continuously improve ways of collection, storage, and processing of USER

personal data.

8.4. TRADEX shall limit access of its employees, contractors, and partners to USER personal

data, as well as impose on them strict contractual obligations, violation of which shall entail

responsibility.

9. CHANGE OF POLICY

9.1. TRADEX undertakes to update POLICY regularly so that to inform USERS on all changes

in approach to processing of USERS personal data. If any material changes are adopted, USERS

will be informed about them separately. All other changes to POLICY shall be reflected on

SITE.

9.2. If any questions with regard to POLICY arise, USER may contact User Support Service of

TRADEX or via e-mail specified in para.10.3. of the POLICY.

10. AUTHORIZED PERSONS, CONTACTS

10.1. The officer responsible for information security shall be the authorized person responsible

for internal control and personal data protection. His/her function shall include:

10.1.1. Development, update and implementation of this POLICY.

10.1.2. Ensuring compliance of the personal data processing process with the requirements

established by Legislation currently in force.

10.1.3. Defining and implementing security measures to protect personal data from

unauthorized access, use, disclosure, modification or destruction.

10.1.4. Ensuring the training of employees on the Policy and procedures of personal data

protection, as well as compliance with the adopted security measures.

10.1.5. Cooperating with personal data protection authorities and other regulatory bodies in case

of incidents or inquiries related to personal data.

10.1.6. Receiving USER's applications on issues related to this Policy.

10.1.7. Keeping records of cases of violation of legislation and rules of handling personal data

of USERS, as well as keeping records of actions that constitute handling of personal data of

customers in a form and manner that enables processing of such data and prompt response.

10.2. TRADEX undertakes to inform USERS of the current information about the contact details

of the officer (department) responsible for ensuring information protection with regard to

personal data protection by posting this POLICY on SITE, as well as to inform USERS of any

changes in such information in a timely manner.

10.3. Electronic address of an officer (department) responsible for ensuring information

protection with regard to personal data – pdata@tradex.by.

Brightum LLC

220056 Minsk, Nezavisimosty Ave., 186, premises 1201 (office No.8)

UNP 193263674