1. PERSONAL DATA

In this Privacy Policy, “Personal Data” shall have the meaning given to it in the Data Protection Legislation.

2. WHAT WE COLLECT

Personal Data You Disclose to Us. We gather Personal Data that you willingly provide to us, either to express your interest in acquiring details about our company or products and Services, to engage with our Services, or when contacting us through different channels.

2.1. The Personal Data we collect may include the following:

(a) Contact Details. Your contact details such as title, name, postal address, email address, phone number, date of birth, residential address, personal identification number, social media handle, information from your device or equipment used to access and/or use the Site (including network activity, geolocation data, and any internet-protocol address (“IP address”)).

(b) KYC Personal Data. Information about you which we are obliged to check for legal or regulatory reasons, such as your date of birth, country of residence, nationality, any ownership interest in any entity or asset you hold, and other like information concerning your identity and background (which may include, where applicable, sensitive information such as any criminal record you have and any sanction or embargo enacted against you).

(c) Service Personal Data. Information about you which we obtain in order to provide our Services, including access and use of the Site and/or Services. Depending on the circumstances and the nature of your relationship with us, such information may include, without limitation: your assets and liabilities; any directorship / partnership you hold; your business dealings with us or our Affiliates; any digital-asset, smart-contract, or protocol address ("Wallet") information, associations, and/or identifiers; transaction data or history (such as your blockchain transaction history and other information associated with a linked address or Wallet); certain information needed to transfer or allocate tokens.

(d) Other Personal Data. Information you provide to us via feedback or customer support, bug report, or otherwise correspond with us, or which we may obtain as part of our dayto- day business operations, including but not limited to, your attendance at conferences, seminars and other events hosted or sponsored by GAS, and your preference with respect to marketing communication sent by GAS.

3. WHEN WE MAY COLLECT, USE AND/OR DISCLOSE YOUR PERSONAL DATA

3.1. We collect, use and/or disclose your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We generally do not collect your Personal Data:

(a) unless it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided consent (whether written or by conduct) to the collection and usage of your Personal Data for those purposes; or

(b) collection and use of Personal Data without consent is permitted or required by the relevant data protection laws. We will seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorised by law).

3.2. To provide our Services. We may collect and use your information for the provision of the Services, including to:

(a) register you as a new customer or user for our Services pursuant to your request;

(b) enable you to access and use our Services;

(c) process and complete transactions, and send you related information, including purchase confirmations and invoices;

(d) send information, including confirmations, technical notices, updates, security alerts and support and administrative messages;

(e) conduct Know Your Customer due diligence checks to verify your identity for the purposes of and/or in connection with the provision of our Services to you;

(f) perform obligations in the course of or in connection with our provision of the Services requested by you and/or enforce obligations owed to us;

(g) verifying your digital wallet or identity, where we are required to do so (whether by law or otherwise);

(h) managing your relationship with us;

(i) contacting you in respect of any matters relating to your use of the Services.

3.3 For analytics and operational purposes. We may process and use information about how you use our Services to better understand how they are being used so we can improve them. We may also process and use your information to manage our business operations and comply with our internal policies and procedures. We may also provide information about how you use our Services to certain clients, as part of the measurement, analytics and business services provided to them.

3.4 To protect our Services. We may process and use your information as part of our efforts to keep our Services safe and secure. These actions can include, but not limited to, restriction from accessing our Services, rate limiting, and permanent blocklisting.

3.5 To respond to user inquiries and request feedback. We may process and use your information to respond to your inquiries, solve any potential issues you may have, or request feedback. We may contact you about your use of our Services.

3.6 For marketing and advertising purposes. We may process and use your information to send you marketing and communication information about the Services, promotions, upcoming events, and other news about Services offered by us and our selected partners.

3.7 To comply with appropriate law enforcement. We may use your Personal Data as deemed necessary or fitting to adhere to relevant laws, lawful requests, and legal procedures, including responding to subpoenas or government authority inquiries.

3.8 Other purposes. We may also process and use your information for any purposes set out in the applicable Terms and Conditions and any other business purposes related to or in connection with the above.

(collectively, the “Purposes” and each, a “Purpose”).

3.9 We will only use your Personal Data for the Purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original Purpose. The Purposes listed above may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

3.10 The Purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).

4. WHEN YOUR PERSONAL DATA MAY BE DISCLOSED TO THIRD PARTIES

4.1. We may disclose your personal data described above to third parties or in specific situations without further notice to you, unless required by applicable law. Such disclosures may occur in the following instances:

(a) Performance of Services. When necessary for fulfilling obligations related to your Platform Transactions or your use of the Platform and our Services, we may disclose personal data to third parties involved in delivering these services.

(b) Business Transfers. When necessary for fulfilling obligations related to your Platform Transactions or your use of the Platform and our Services, we may disclose personal data to third parties involved in delivering these services.

(c) Staff, Affiliates and Service Providers.To support our business operations and provide the Services, we may share your information with our employees, officers, affiliates, employees and officers of our affiliates, third-party service providers, agents, professional advisors and sub-contractors, insofar as is reasonably necessary to achieve the Purposes stated in this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us. Service providers includes those offering hosting and cloud services, IT support, email communication and newsletter services, advertising and marketing services, payment processing, customer relationship management, customer support, and analytics services. These third parties may access, process, or store personal data as needed to perform their functions, in accordance with our instructions.

(d) Professional Advisors.We may share personal data with our professional advisors, such as legal and accounting firms, when necessary for them to provide services to us.

(e) Legal Requirements. While we do not voluntarily share Personal Data with government authorities or regulators, we may disclose your information when required to do so by law, regulation, court order, or other legal obligation.

(f) Compliance with Applicable Laws. We may share your information to comply with applicable laws, regulations, codes of practice, guidelines, rules, lawful requests or legal process.

4.2 For the purposes of registration, verification or provision of any of our Services, we may rely on third parties who may collect, use, disclose or process your personal data for their own purposes, and without our involvement or reference to us. We are not liable or responsible for the collection, use, disclosure or processing of your Personal Data by such third parties.

5. THIRD-PARTY LINKS AND WEBSITES

5.1. The Services may link to or embed third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications.

5.2. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link to a third-party website, service, or application does not imply an endorsement by us. Any data collected by third parties is not covered by this privacy notice. You should review the policies of such third parties and contact them directly to respond to your questions.

6. HOW INFORMATION IS SECURED

6.1. We will only keep your Personal Data for as long as it is necessary for the Purposes set out in this privacy policy unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We will delete such information as soon as it is reasonable to assume that such retention no longer serves the Purpose which the Personal Data was collected, and is no longer necessary for legal or business needs.

6.2. We take reasonable measures to protect your Personal Data from unauthorized access, use, or disclosure. However, no method of transmission over the internet or electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. However, no security measures are failsafe and we cannot guarantee the security of your Personal Data. You use the Services at your own risk.

7. USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

We may deploy one or more of the following technologies to collect Internet Activity Information in order to enhance your user experience, understand how you interact with our Services, and improve our offerings:

6.2. We take reasonable measures to protect your Personal Data from unauthorized access, use, or disclosure. However, no method of transmission over the internet or electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. However, no security measures are failsafe and we cannot guarantee the security of your Personal Data. You use the Services at your own risk.

(a) Cookies. These are small text files placed on your device that allow us to uniquely identify your browser or store information and settings. Cookies help improve your experience by enabling smooth navigation between pages, remembering your preferences, supporting specific functionalities, analyzing user activity and patterns, and facilitating targeted advertising.

(b) Local Storage Technologies. Technologies such as HTML5 may be used to provide functionality similar to cookies but with the ability to store larger amounts of data. This information can be stored directly on your device, including outside your browser, in relation to specific applications.

(c) Web Beacons (Pixel Tags/Clear GIFs). These help us confirm when a webpage or email has been accessed or opened, or when specific content has been viewed or clicked. Web beacons are typically used to track user engagement and optimize the content we deliver.

8. DATA PROTECTION OFFICER

8.1. If you have a complaint regarding the way in which we handle your Personal Data, please contact our Data Protection Officer in the first instance. You can do so by emailing your complaint to ops@gvrnadmin.io

8.2. We will endeavour to respond satisfactorily to any request, query, or complaint you may have in respect of your Personal Data, but if you are dissatisfied with our response and wish to make a formal complaint, or if you simply wish to learn more about your rights, you can contact the BVI’s Office of the Information Commissioner once it is established. Please note that as at the date of this Privacy Policy, the Office of the Information Commissioner has not been established yet.

9. WITHDRAWING YOUR CONSENT

9.1. The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to us at the contact details provided below.

9.2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within fourteen (14) business days of receiving it.

9.3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue to grant you access and/or use of our Site and Services and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us via email.

9.4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under the Data Protection Legislation and/or applicable laws.

10. HOW TO ACCESS OR CORRECT YOUR PERSONAL DATA

10.1. If you wish to make (a) an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data, or (b) a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request via email to us at the contact details provided below.

10.2. Please note that we reserve the right to charge you a reasonable administrative fee for an access request to retrieve Personal Data relating to you.

10.3. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not legally permitted to do so under the Data Protection Legislation).

11. SAFEGUARDING YOUR PERSONAL DATA

11.1. To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have or will implement appropriate administrative, physical and technical safeguards. These include limiting the collection of Personal Data, enforcing strong authentication and access controls (such as secure password practices and restricting data access to a need-to-know basis), encrypting data, maintaining up-to-date antivirus protection, regularly updating our operating system and other software, securely erasing storage devices before disposal, applying web security measures against risks, and conducting regular security reviews and testing.

11.2. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. However, no security measures are failsafe and we cannot guarantee the security of your Personal Data. You use the Site and our Services at your own risk.

12. ACCURACY OF PERSONAL DATA

We generally rely on Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is up-to-date, complete and accurate, please update us if there are changes to your Personal Data by via email at the contact details provided below. Any failure to do so may affect or impact your continued use of our Site and/or Services.

13. WHEN WE MAY RETAIN YOUR PERSONAL DATA

13.1. We may retain your Personal Data for as long as it is necessary to fulfil the Purpose for which it was collected, or as required or permitted by the Data Protection Legislation and/or applicable laws.

13.2. In the event that retention of Personal Data is no longer necessary for any business or legal purposes or when the purpose for which the Personal Data was collected is no longer being served by the retention of the Personal Data, we will remove, destroy or anonymise the Personal Data.

14. TRANSFER OF PERSONAL DATA OUTSIDE THE BVI

14.1. Due to the international nature of GAS business operations and the markets in which we operate, your Personal Data may be transferred outside the BVI to third party recipients as described in Section 4, who could be located anywhere in the world, including, without limitation, Bermuda, Cayman Islands, Canada, Dubai, Europe, Hong Kong, Singapore, and the USA.

14.2. The abovementioned overseas destinations may not have laws that protect your Personal Data in the same way the Data Protection Legislation does. This does not mean that your Personal Data is inevitably put at risk but it can mean that there is less formal legal protection for your Personal Data.

14.3. Where we share your Personal Data with recipients who are located outside the BVI, we will, wherever possible, take all appropriate steps that are within our control to ensure that adequate legal safeguards are in place for your Personal Data which are shared with such recipients (for example, by obtaining contractual assurances from the recipients).

14.4. Where we are unable to put in place such adequate safeguards, we may nevertheless share your Personal Data with such recipients but we will do so only to the extent the applicable legal exemptions permit, and we will ensure that any of your Personal Data we share with such recipients is kept to the minimum necessary.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in law or changes in how we run our business, but where such revision becomes necessary in the future, we will announce the changes on our website at https://gvrnadmin.io/privacy-policy. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

16. GOVERNING LAW AND DISPUTE RESOLUTION

16.1. This Privacy Policy and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation is shall be governed and construed in accordance with the laws of the British Virgin Islands.

16.2. Any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity or termination, that cannot be resolved amicably between the Parties within thirty (30) days from receipt of a notice of dispute shall be referred to and finally resolved by binding arbitration administered by the Singapore International Arbitration Centre (SIAC) and conducted in accordance with the Arbitration Rules of the Singapore International Arbitration Centre ("SIAC Rules") for the time being in force, which rules are deemed to be incorporated by reference in this clause. The number of arbitrators shall be three (3), with each party appointing one (1) arbitrator and the third arbitrator appointed by the first two (2) arbitrators. The arbitration proceedings shall be conducted, and the award shall be rendered in the English language in Singapore. The parties acknowledge that any award rendered pursuant to this Section shall be final, binding and enforceable.

17. CONTACT US

If you have any enquiries or feedback on our Privacy Policy and procedures, or if you wish to make any request, you may contact us at ops@gvrnadmin.io.