PRIMEONE PRIVACY POLICY

Data Controller:

PrimeOne
380 Portage Ave, Palo Alto, CA 94306 USA
Email: privacy@primeone.net
Website: www.www.primeone.net

Data Protection Officer:

Email: dpo@primeone.net
Address: 380 Portage Ave, Palo Alto, CA 94306 USA

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, fax number, postal address
• Professional Information: Company/organization name, job title, business contact details
• Account Information: Username, password, account preferences
• Identity Verification: National ID, passport, driving license, tax ID (where required by law, such as MiFID II)
• Employee Information: For PrimeOne employees – employment details, salary information, emergency contacts, photo, marital status, bank details, ethnicity (self-identified), employment history
• Communications: Content of messages, emails, and other communications with us

2.2 Information Collected Automatically

• Device Information: IP address, browser type and version, device identifiers
• Usage Data: Pages visited, time spent on pages, click-through rates, referral sources
• Technical Data: Operating system, time zone settings, browser plug-in types
• Location Data: General geographic location based on IP address

2.3 Information from Third Parties

• Information from our business partners and service providers
• Data from employees or agents of our institutional customers (where we act as processor)
• Publicly available information from legitimate sources

3.1 Purposes and Legal Bases

We process your personal data for the following purposes with the corresponding legal bases:

3.2 Legitimate Interests
Where we rely on legitimate interests, these include:

• Network and information security
• Fraud prevention and detection
• Business development and improvement of services
• Internal group administration
• Compliance with non-EU legal obligations

4.1 Categories of Recipients

• PrimeOne Group Companies: We may share data with our subsidiaries and affiliates for the purposes described in this policy
• Service Providers: Third-party processors who provide IT, payment, marketing, and other business services
• Business Partners: Organizations we work with to provide joint services (with your consent where required)
• Professional Advisors: Lawyers, accountants, auditors, and other advisors
• Regulatory Authorities: Financial regulators, tax authorities, and other government bodies where required by law
• Law Enforcement: Police, courts, and other authorities when legally required

4.2 International Transfers

We may transfer your personal data outside the European Economic Area (EEA) to:

• United States: Under adequacy decisions or appropriate safeguards (Standard Contractual Clauses)
• Other Countries: Only where adequate protection is ensured through:
• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules (where applicable)
• Other appropriate safeguards under GDPR Article 46

For copies of safeguards or further information about transfers, contact us at privacy@primeone.net.

We retain personal data for the longer of:

• Business Need: As long as necessary for the purposes for which it was collected
• Legal Requirements: 10 years or as required by applicable financial regulations
• Specific Categories:

• Account data: Duration of relationship + 7 years
• Employee data: Employment period + 7 years
• Marketing data: Until consent withdrawn or legitimate interests cease
• Regulatory compliance data: As required by applicable law (typically 5-10 years)

Data is securely deleted or anonymized when retention periods expire.

6.1 Individual Rights

You have the following rights regarding your personal data:

• Right of Access (Article 15): Obtain confirmation of processing and access to your personal data
• Right of Rectification (Article 16): Correct inaccurate or incomplete data
• Right of Erasure (Article 17): Request deletion of personal data in certain circumstances
• Right to Restrict Processing (Article 18): Limit how we use your data in specific situations
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making (Article 22): Not to be subject to solely automated decisions with legal effects
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time

6.2 How to Exercise Your Rights

To exercise your rights:

Email: privacy@primeone.net

Post: Data Protection Officer, PrimeOne, 380 Portage Ave, Palo Alto, CA 94306 USA

We will respond to valid requests within one month (extendable by two months for complex requests).

6.3 Right to Complain

You have the right to lodge a complaint with a supervisory authority:

Supervisory Authorities:

7.1 What We Use

We use cookies, web beacons, and similar technologies for:

• Strictly Necessary: Essential for website functionality
• Performance: Analytics and site improvement
• Functional: Enhanced user experience and preferences
• Marketing: Targeted advertising and content

7.2 Managing Cookies

• Cookie Settings: Manage preferences via our Cookie Declaration at www.www.primeone.net/legal/#cookie-policy
• Browser Settings: Configure your browser to block or delete cookies
• Opt-out Tools: Industry opt-out mechanisms for advertising cookies

For detailed cookie information, see our separate Cookie Policy.

We implement appropriate technical and organizational measures including:

• Encryption: Data encryption in transit and at rest using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection systems, and security monitoring
• Employee Training: Regular security awareness and data protection training
• Incident Response: Procedures for detecting, investigating, and responding to breaches
• Regular Audits: Security assessments and compliance reviews

9.1 Special Categories of Personal Data

We do not generally process special categories of personal data (sensitive data) except for employee ethnicity data (self-identified, with explicit consent) or where necessary for legal requirements.

9.2 Children’s Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16 without appropriate parental consent.

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will:

• Post updates on our website with the new effective date
• Notify you directly of material changes where required by law
• Obtain fresh consent where necessary for new processing purposes

11.1 Automated Decision-Making

We may use automated systems for:

• Fraud Detection: Automated screening for security purposes
• Service Personalization: Algorithm-based content recommendations
• Risk Assessment: Automated compliance checks

You have the right to obtain human intervention and contest automated decisions that significantly affect you.

11.2 Profiling

We may create profiles based on your usage patterns to:

• Improve service delivery
• Provide personalized experiences
• Detect fraudulent activity

11.3 Third-Party Links

Our services may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.

For any questions about this Privacy Policy or our data practices:

• Email: privacy@primeone.net
• Post: Data Protection Officer, PrimeOne, 380 Portage Ave, Palo Alto, CA 94306 USA
• Phone: 650-424-4500

Effective date: Aug. 7, 2025