Privacy Policy (EU GDPR Version)

PRIVACY POLICY (EU GDPR VERSION) Effective Date: 02 February 2026 This Privacy Policy explains how DRA Consultancy Limited ("Company", "we", "us", "our") collects, uses, and protects personal data in accordance with the UK GDPR, EU GDPR, and applicable data protection laws. Company details: DRA Consultancy Limited 15 Irish Town Gibraltar Company Number: 122210 By accessing or using our website or software, you acknowledge that you have read and understood this Privacy Policy. DATA CONTROLLER For the purposes of applicable data protection laws, DRA Consultancy Limited is the data controller in respect of personal data processed under this Privacy Policy. SCOPE OF THIS POLICY This Privacy Policy applies to: Visitors to our website Individuals who submit contact details or register interest Clients who license and use the software This Policy applies only to personal data processed by the Company and should be read alongside the Software as a Service User Agreement. DATA MINIMISATION PRINCIPLE We adhere strictly to the principle of data minimisation. We collect and process only the minimum amount of personal data necessary to operate, secure, and improve the website and software. PERSONAL DATA WE COLLECT 4.1 Data You Provide Voluntarily We may collect limited personal data that you choose to provide, including: Email address Name or business name (if provided) Country of residence Communications sent to us You are not required to provide personal data beyond what is necessary to communicate with us or access the software. 4.2 Automatically Collected Technical Data When you access our website or software, we may collect limited technical data, including: IP address (anonymised or truncated where technically feasible) Browser type, device type, operating system Date and time of access Pages viewed and interaction events System performance and error logs This data is used solely for analytics, performance monitoring, and security. 4.3 Data We Explicitly Do Not Collect We do not collect or store: Private keys or wallet seed phrases Exchange account passwords Payment card details Government-issued identification (unless required under Section 10 below) TRADING AND EXCHANGE DATA The Company does not custody digital assets and does not access withdrawal permissions. Where the software interacts with third-party exchanges using API credentials provided by the client: Data processed relates solely to software operation and execution logic Such data is not used to identify individuals The Company does not use trading data for profiling or marketing PURPOSES OF PROCESSING We process personal data only for the following purposes: Operating and maintaining the website and software Providing access to licensed software Monitoring system performance and stability Improving functionality and reliability Responding to enquiries and operational communications Detecting and preventing security incidents We do not process personal data for automated decision-making that produces legal or similarly significant effects under Article 22 GDPR. LAWFUL BASIS FOR PROCESSING Under GDPR, we process personal data on the following lawful bases: Performance of a contract (Article 6(1)(b)) Legitimate interests (Article 6(1)(f)), limited to security, system integrity, and service improvement Consent (Article 6(1)(a)), where you voluntarily submit contact details Where additional compliance-related data is required, processing may also be based on compliance with a legal obligation (Article 6(1)(c)). ANALYTICS AND PERFORMANCE DATA We use analytics tools strictly to: Measure website usage Monitor system performance Identify technical issues Analytics data is aggregated where possible and is not used for behavioural profiling or combined with personal identifiers to create user profiles. DATA SHARING AND PROCESSORS We do not sell personal data. We may share limited data with: Infrastructure, hosting, and analytics providers acting as data processors Professional advisers where required by law Authorities where legally required All processors are contractually bound to process data only on our instructions and in accordance with GDPR. POTENTIAL FUTURE DATA COLLECTION AND COMPLIANCE OBLIGATIONS The Company may, in the future, be required to collect additional information from users or clients in order to comply with legal, regulatory, contractual, or risk management obligations, including but not limited to identity verification or "know your customer" (KYC) requirements. Where such requirements apply: Any additional data collection will be limited to what is strictly necessary Users will be informed at the time such information is requested Processing will be carried out in accordance with applicable data protection laws Failure to provide required information may result in restricted access or refusal of service The Company does not currently conduct KYC checks unless and until such requirements become applicable. INTERNATIONAL DATA TRANSFERS Personal data may be processed outside your country of residence. Where data is transferred outside the UK or EEA, appropriate safeguards are applied, including adequacy decisions or Standard Contractual Clauses where applicable. DATA RETENTION Personal data is retained only for as long as necessary to: Fulfil the purposes set out in this Policy Comply with legal and regulatory obligations Data that is no longer required is securely deleted or anonymised. DATA SECURITY We implement appropriate technical and organisational measures to protect personal data, including access controls, secure infrastructure, and monitoring. Despite these measures, no system can be guaranteed to be fully secure. YOUR GDPR RIGHTS Subject to applicable law, you may have the right to: Access personal data we hold about you Rectify inaccurate or incomplete data Request erasure of personal data Restrict or object to processing Withdraw consent where applicable Lodge a complaint with a supervisory authority Requests may be submitted using the contact details below. We may require verification of identity. THIRD-PARTY LINKS Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those third parties. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time. The current version will always be published on the website. Continued use of the website or software constitutes acceptance of the updated Policy. CONTACT INFORMATION For privacy-related enquiries or rights requests, contact: DRA Consultancy Limited 15 Irish Town Gibraltar Email: draconsultancy4u@gmail.com