Privacy Policy

Digital Smart LLC respects your privacy and is committed to protecting and respecting your
personal data. This privacy policy aims to give you information on how we collect and
process any personal data i.e. information about a Client (as defined below) who is a natural
person on the basis of which that Client can be identified (hereinafter the data) in
accordance with the applicable data protection legislation and best practice.

We strive to create the most secure infrastructure of any broker in the world. In this privacy
policy we would like to tell why you can trust us with your data and rest assured that your
data is safe.

It is important that you read this privacy policy together with any other privacy policy we
may provide on specific occasions when we are collecting or processing your data about you
so that you are fully aware of how and why we are using your data.

In this Privacy Policy, unless the context otherwise requires, expressions defined herein shall
have the meaning ascribed to them in the Terms & Conditions.

Please note that this Privacy Policy is addressed to current and prospective Clients. If you are
an Digital Smart employee, contractor or a third-party service provider, your personal
information will be used in connection with your employment contract, your contractual
relationship or in accordance with our separate policies which are available by contacting us
at the contact details listed in the section OUR CONTACT DETAILS below.

If you are participating in our affiliate program and/or introducing broker program, we will
process the data provided under our agreement with you to exercise our rights and perform
our obligations under or in connection with the relevant agreement and the term Client in
this Privacy Policy shall be read to include the term affiliate and/or introducing broker (as
applicable).

1. WHO WE ARE

Digital Smart LLC, is a company registered in St. Vincent and the Grenadines with company
registration number 898 LLC 2021 and having its registered address at First Floor, First St.
Vincent Bank Ltd Building, James Street, Kingstown, Saint Vincent and the Grenadines
(hereinafter  “Digital Smart” and/or “Company”). Digital Smart is the controller and
responsible for the data of the Client disclosed to us in order to register for a Trading
Account, Demo Account and/or to make use of any other services offered by Digital Smart
through the website (hereinafter “Website”) (this term shall at all times include Website’s
desktop and mobile versions).

This Privacy Policy is issued on behalf of Digital Smart the company responsible for
collecting and/or processing your data when you use the Trading Platform through the
Website, either for a Trading Account or a Demo Account (or their mobile/desktop versions)
(hereinafter the Service(s)). In Digital Smart we respect your privacy and we are committed
to protect your data, which we collect, use and/or have access to.
The Company takes measures to implement advanced data protection policies and
procedures and to update them from time to time for the purpose of safeguarding the Client's
data and the Client’s account. Your data is protected by the legal, administrative and
technical measures that we take to ensure the privacy, integrity and accessibility of data. To
prevent security incidents with your data, we use a mixed organizational and technical
approach based on the results of annual risk assessment.

The Company shall not divulge any private information of its Clients and former Clients
unless the Client approves in writing such disclosure or unless such disclosure is required
under applicable law or is required in order to verify the Client's identity or it is required for
Digital Smartto perform its contractual obligations under any agreement concluded with the
Client. The Clients' information is processed only by the employees of the Company and/or
trusted third parties which provide specific support services, dealing with the specific Client's
Accounts and necessary for the provision of our services. All such information shall be stored
on electronic and physical storage media according to applicable law.

2. DATA USAGE

1. We may collect, use, store and transfer different kinds of data about you which we have
grouped together as follows:

● Identity Data includes first name, last name, and patronymic (if available), date of
birth gender, passport, ID, Driver’s number, and copy of photo.
● Contact Data includes billing address, email address and telephone numbers.
● Financial Data includes bank account, payment card details and tax identification
number (including but not limited to social security number, income tax
identification number, national insurance number).
● Transaction Data includes details about the transactions performed by you, details
about payments, withdrawals, exchanges, trading history, profit, balance, deposited
and withdrawal amount methods, and any other details in relation to the services you
have made use of through our Website.
● Technical Data includes internet protocol (IP) address, your login data, browser
type and version, time zone setting and location, browser plug-in type and versions,
operating system and platform, and other technologies on the devices you use to
access the Website and use of cookies stored on your device.
● Profile Data includes your Client’s account details, username and password,
transactions made by you, your interests, preferences, feedback and/or information
received through your interaction with us within the course of providing our services
and survey responses.
● Usage Data includes information about how you use the Website, products and
services, registration date, account category, trading cluster, number of complaints,
number of requests filed and IP history.
● Marketing and Communication Data includes your preferences in receiving
marketing from us and your communication preferences.
● Special Categories of Data/ ‘Sensitive’ Data includes details about your
religious belief, annual income, biometric data and/or criminal convictions and
offenses.
● Conformity Data includes details about your education, employment status,
trading experience, self-assessment test.
● Banking Data includes details of the number of payment wallets and/or
information of your bank card, including information of the issuing bank, card
 number, cardholder name, card expiration date, payment system, card validation
code (CVV2 / CVC2), and photos of both sides of the bank card.
● Data in KYC (Know your customer) includes identity document information,
including copies of recently dated Utility Bills, Identity Card, Passport, and/or
Driver’s License.
● Economic Profile Data includes details on occupation, purpose of investment,
annual income, net wealth, expected annual amount of investment and sources of
funds.
● Location Data includes details on your actual location when interacting with our
Website (for example, a set of parameters that determine regional settings of your
interface, namely residency country, time zone, and the interface language)
● Audio Data includes full voice recordings of calls that you receive from us or make
to us. (the above collectively referred to as Personal Data)

2. Aggregated Data includes statistical or demographic data for any purpose. Such data can
be derived from your data but may not be considered personal data in law as it will not
directly or indirectly reveal your identity. An example of such Aggregated Data could be that
we aggregate your Usage Data to calculate the percentage of users accessing a specific
website feature and/or services/product preference.
Notwithstanding the above, if Digital Smart combines Aggregate Data with data in a way that
the end result can in any way identify the data subject, Digital Smart shall treat such
combined data as data which will be treated as per the provisions herein contained.

Processing of your data is carried out by Digital Smart following the principles of lawfulness,
fairness, transparency, and always adhering to the intended purpose of data processing, the
principle of data minimization, accuracy, limited data storage, data integrity, confidentiality
and accountability.

In general Digital Smart collects and process the Personal Data, for any of the following
reasons:

1. To perform its contract with you,

2. To comply with its legal obligations including without limitation to applicable
anti-money laundering and terrorist financing laws and regulations (hereby referred
to as Money-Laundering Law), and/or
3. To safeguard its legitimate interest

The Client acknowledges that all or part of the data concerning the Client's account and
related transactions will be stored by the Digital Smart and may be used by the Company in
case of dispute between the Client and the Company.

The Client is responsible for updating any data provided to us in case of any change.
Although we will strive to keep your data up to date and review and inspect any information
provided by you, we may not be able to always do so without your help. The Client
acknowledges that Digital Smart holds neither commitment nor responsibility to the Client
due to any aforesaid review or inspection of information.

3. HOW IS YOU PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:
Direct Interactions. You will provide to us your Identity, Contact and Financial Data
online through the Website and/or by filling in online forms and/or by corresponding with
us by emails or otherwise. Data may be submitted to us by you when you wish to:

1. Register for a Trading Account;

2. Register for a Demo Account;
3. Subscribe to our publications and ongoing updates;
4. Request marketing and promotions to be sent to you;
5. Enter a competition, promotion or survey; and/or
6. Give us feedback or contact us.

We require to collect the above data in order that we are able to (i) provide our services
efficiently, (ii) to comply with our ongoing legal obligations, including, inter alia, to prevent
fraud and money laundering acts.

If you fail to provide the data when requested we may not be able to perform the contract we
have or are trying to enter into with you (for example, to provide you with our services). In
this case, we may have to cancel a service you have with us but we will notify you if this is the
case at the time. It is important that the data we hold about you is accurate and current.
Please keep us informed if your data changes during your relationship with us.

Automated Technologies or Interactions. When using our services, your device

automatically transmits to us its technical characteristics. Locale (a set of parameters that
determine regional settings of your interface, namely, residence country, time zone and the
interface language) is used for the purpose of providing you with the best possible service
within our platform. Using the information about IP address, cookies files, information
about browser and operating system used, the date and time of access to the site, and the
requested pages addresses allows us to provide you with the optimal operation on our web
application, mobile and/or desktop versions of our application and monitor your behaviour
for the purpose of improving the efficiency and usability of our Services. We use web
analytics tools to track performance of our website and marketing source of user by cookies
in order to optimize our marketing costs and provide users with better experience. You may
at any time request that we refrain from any such transmissions (to the degree this is
possible and subject to any of our legal obligations) by sending your request to the support
team using our details in the OUR CONTACT DETAILS below using the registered email
address you disclosed and registered with us through your Account. We will address your
request within 30 business days.

About Cookies:

A cookie is a small amount of data that often includes a unique identifier that is sent to your
computer or device browser from a website's computer and is stored on your device's hard
drive for tracking site usage. A website may send its own cookie to your browser if your
browser's preferences allow it, but, to protect your privacy, your browser only permits a
website to access the cookies it has already sent to you, not the cookies sent to you by other
websites. Many websites do this whenever a user visits their website in order to track online
traffic flows. When you visit our Website, our system automatically collects information
about your visit, such as your Technical Data, including inter alia to, your browser type, your
IP address and the referring website.

Cookies stored may determine the path the Client took on our site and used to anonymously
identify repeat users of the website and what pages were most popular for Clients. However,
 the Company protects the Client’s privacy by not storing the Client’s names, personal details,
emails, etc. Using cookies is an industry standard and is currently used by most major
websites. Stored cookies allow the Website to be more user-friendly and efficient for Clients
by allowing Digital Smart to learn what information is more valued by Clients versus what
isn’t. You can set your browser not to save any cookies of this website and you may also
delete cookies automatically or manually. However, please note that by doing so you may not
be able to use all the provided functions of our website in full.

Please see our Cookies Policy for further details.

4. PURPOSE FOR WHICH WE WILL USE YOUR DATA AND ON WHAT LEGAL BASIS

1. We process the aforementioned data in compliance with the applicable legislation as

amended from time to time in order to (i) be able to perform our contractual obligations
towards the Client and offer them the best possible service, (ii) provide our Services
efficiently, (iii) comply with our legal obligations, including, inter alia, to prevent fraud and
money laundering acts, and (iv) protect our legitimate interests and your vital interests.

2. We process all data based on the following legal basis:

1. For compliance with our legal obligations;

2. For the performance of our contractual obligations towards the Client;

3. For the purposes of safeguarding our legitimate interests and your interests and
fundamental rights do not override those interests; and/or

4. On the basis of your consent.

3. Indicatively we set out below, a description of all the ways we plan to use your data and
which of the legal bases we rely on to do so. We have also identified what our legitimate
interests are where appropriate. Note that we may process the data for more than one lawful
ground depending on the specific purpose for which we are using your data.

LAWFUL BASIS FOR

PROCESSING INCLUDING
BASIS OF LEGITIMATE
- PURPOSE ACTIVITY TYPE OF DATA INTEREST
1. To accept to register you as a Client
2. To notify you about changes to our
terms or privacy policy
3. To communicate with you and 1. Identity Data
provide you with secure 2. Profile Data
identifications, authentication and 3. Contact Data
support services 4. Data in KYC 1. Necessary to perform our contract
4. To confirm you are at age of 5. Financial Data with you
majority as recognized and declared by 6. Economic 2. Necessary to comply with our legal
a. the laws of your jurisdiction Profile Data obligations
 1. To perform our Scoring Processing 1. Necessary to perform our contract
under which a Client is scored on a 1. Banking Data with you
b scale basis with regard to the level of 2. Economic 2. Necessary to comply with our legal
. risk he is to Digital Smart Profile Data obligations

1. Necessary to perform our contract

1. To confirm the information with you
c. provided by You under (a) above in 2. Necessary to comply with our legal
relation to your location. 1. Location Data obligations

1. To secure authentication,
identification and support services via 1. Necessary to perform our contract
social networks protocols and use the with you
d links to your accounts in social 2. Necessary to comply with our legal
. networks for these purposes. 1. Technical Data obligations

1. To process and deliver your

transactions and requests (Deposits; 1. Necessary to perform our contract
Trades; Withdrawals) with you
2. Manage payments, fees and 2. Necessary for our legitimate interest
charges; 1. Banking Data (recover charges owed to us, make a
3. To collect and recover money owed 2. Transaction withdrawal in case of breach of our
e. to us. Data contract)

1. Performance of our contract with

you
2. Necessary to comply with our legal
obligations
3. Necessary for our legitimate
interests (take reasonable steps to
1. To administer and protect our confirm that you do not use any ways
business and Website (including to manipulate our platform & for
troubleshooting, data analysis, testing, 1. Identity Data running our business, provision of
system maintenance, support, 2. Contact Data administration and IT services,
f. reporting and hosting of data) 3. Technical Data network security, to prevent fraud)

1. To deliver relevant Website content

and advertisements to you and
measure or understand the
effectiveness of the advertising we 1. Identity Data
serve to you 2. Contact Data
2. To provide you with an optimal 3. Profile Data 1. Necessary to perform our contract
operation on our web application, 4. Usage Data with you
mobile and/or desktop versions of our Technical Data 2. Necessary for our legitimate
application and monitor your behavior 5. Marketing and interests (to study how customers use
for the purpose of improving the Communication our products/services, to develop
g. efficiency and usability of our services. Data them, to grow our business)

h 1. to study how customers use our 1. Transaction 1. Necessary for our legitimate
. products/services, to develop them, to Data interests (including statutory
 grow our business and to inform our limitations provisions by applicable
marketing strategy; laws)
2. statutory limitations

1. Identity Data
2. Profile Data
1. To inform you about any of the 3. Contact Data 1. Necessary to perform our contract
following: 4. Technical Data with you
— new services and/or products we 5. Usage Data 2. Necessary for our legitimate
may offer; 6. Transactions interests (to study how customers use
— Any new development and/or 7. Marketing and our products/services, to develop our
features of the current Communication products/services and grow our
i. products/services we offer Data business)

1. To send direct marketing of our

services to you always within the
boundaries of our legitimate interests.
2. To send to you newsletters, 1. Identity Data
push-messages and calls to keep you 2. Profile Data
in touch with our new feature and new 3. Contact Data
development of the current 4. Data that may
products/services we offer, news and be provided by 1. Necessary to perform our contract
events and the efficient provision of you during your with you
the full scope of our services. activity at the 2. Necessary for our legitimate
Please note that we will never use your Website. interests (to provide effective and
data to communicate to you and/or Marketing and personalized customer services to you
promote any third party marketing Communication and to update you in relation to our
j. material. Data services that are available to you.

1. To allow us to provide you with the

optimal operation on our Website,
mobile and desktop versions of our
application and monitor your behavior
for the purpose of improving the
efficiency and usability of our Services. 1. Necessary to perform our contract
2. To use analytics tools to track 1. Location Data with you
performance of the Website and 2. Technical Data 2. Necessary for our legitimate
marketing source of our Clients in 3. Usage Data interests (to provide effective and
order to optimize our marketing costs 4. Marketing and personalized customer services to you
and provide you with better Communication and to update you in relation to our
k. experience. Data services that are available to you).

1. to allow us to monitor and train our

employees for your benefit 1. Necessary to perform our contract
2. to safeguard your or our interests in with you
case of a dispute 2. Necessary to comply with our legal
3. to take steps for fraud prevention obligations
4. to improve the services provided to 3. Necessary for our legitimate
l. you Audio Data interests
 1. To confirm that your annual income
corresponds with your employment 1. Necessary to comply with our legal
status obligations
m 2. To confirm that you have no 2. Necessary to protect your vital
. criminal history. Sensitive Data interests.

4. If you are an existing Client of the Website where we have a legitimate interest in
communicating with you, or if you have given us your consent we will collect and process
your personal data to communicate with you in case of support and/or sending newsletters,
push-messages and calls to keep you in touch with our new features, news and events and
the efficient provision of the full scope of our services. We will also use your data to send you
marketing information regarding our services that we believe may be of interest to you via
email or otherwise.

5. Our Website is not intended for children and we do not knowingly collect data relating to
children. As we do not allow users under the age of 18 to use our services, we need to obtain
your birth date in order to confirm the Clients’ age checks.

5. OPTING OUT

If you do not want to receive any marketing newsletters or transmit your data to the
third-parties for marketing purposes, you can configure your preferences. Such configuring
can be done when (i) opening an account or (ii) when receiving such advertising content or
(iii) by logging in and going to My Account > Personal Details > Notification Settings. You
may also send to the Company, at any time, an email to support@capitalbear.com using
the registered email address you disclosed and registered with us through your Account
asking the Company to cease from sending such advertising content or sending your data to
the third-parties for marketing purposes. The aforesaid mark removal and/or e-mail received
by Digital Smart will oblige us to cease sending advertisement content to you within 7
(seven) business days.

6. DISCLOSURE OF DATA

We may share your data with the parties for the purposes set out above.

We require all Digital Smart affiliated and/or related companies and any third parties
processing data on our behalf to respect your data and to treat it in accordance with the
provisions of the General Data Protection Regulation and applicable local legislation as
amended from time to time. We take all reasonable steps so that our third-party service
providers do not use your personal data for their own purposes and only permit them to
process your data for specific purposes and in accordance with our instructions.

In general, your data is used by the processors of the Digital Smart.

In addition, a transfer of your data to another legal entity may occur as part of a transfer of
our business or parts thereof in form of a reorganization, sale of assets, consolidation,
merger or similar.

With regard to the transfer of data to recipients outside the related and/or affiliated entities
of the Company, we note that we strive to maintain discretion with respect to client related
matters and assessments of which we acquire knowledge. We may disclose data that
concerns you only if (i) we are legally required to do so; (ii) if required when you expressly
order us to process a transaction or any other service and (iii) it is required for the provision
of our services under our contractual relationship and/or (iv) protection of our legitimate
interests and applicable legislation as amended from time to time.

External Third Parties. Your data is shared with third party organizations/entities
including but not limited to:

A. Service Providers. We may share your data with our trusted third party service
providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT
infrastructure, our websites, manage our payment solutions, perform statistical analysis,
marketing and advertising purposes, sending newsletters, provide customer support and
perform other important services for us.

B. Other Digital Smart affiliates/ related companies. We may also disclose your data
to other Digital Smart affiliates and/or related companies in order for them to provide us
with the relevant services.

C. State authorities. The Client's details that are provided and/or that will be provided by
the Client during his/her activity on the site may be disclosed by the Company to official
authorities. The Company will make such disclosure only if required to be disclosed by the
Company by applicable law or court order and to the minimum required extent.

D. Other disclosures. In addition to where you have consented to a disclosure of the data
or where disclosure is necessary to achieve the purpose(s) for which, it was collected, data
may also be disclosed in special situations, where we have reason to believe that doing so is
necessary to identify, contact or bring legal action against anyone damaging, injuring, or
interfering (intentionally or unintentionally) with our rights or property, users, or anyone
else who could be harmed by such activities, or otherwise where necessary for the
establishment, exercise or defense of legal claims.

Where reasonably possible, management shall ensure that third parties collecting, storing or
processing personal information on behalf of the Company have:

a. Signed agreements to protect personal information consistent with this Privacy Policy and
information security practices or implemented measures as prescribed by applicable laws;

b. Signed non-disclosure agreements or confidentiality agreements which includes privacy

clauses in the contract; and

c. Established procedures to meet the terms of their agreement with third party to protect
personal information.

Remedial action shall be taken in response to misuse or unauthorized disclosure of personal

information by a third party collecting, storing or processing personal information on behalf
of Digital Smart.

If you want to obtain further information on any data transfers mentioned above please
contact us using the registered email address you disclosed and registered with us
through your Account through the points of contact listed in the Section OUR
CONTACT DETAILS below.
7. DATA RETENTION

We store your data for as long as reasonably necessary to fulfill the purposes we collected it
for, including for the purposes of satisfying any legal, tax, accounting or reporting
requirements. We may retain your personal data for a longer period in the event of a
complaint or if we reasonably believe there is a prospect of litigation in respect to our
relationship with you.

To determine the appropriate retention period for your data, we consider the amount, nature
and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of
your data, the purposes for which we process your data and whether we can achieve those
purposes through other means, and the applicable legal, tax, accounting and other
requirements.

We shall keep your data (including call recordings) during our contractual relationship and
for a minimum period of 5 (five) years from the date of termination of the Platform/Service
used by the Client.

In general, all other data is stored for a period of 30 (thirty) business days after the date of
termination of the provision of our services unless there is any other legal reason to keep it.

At the expiration of the data retention period the data is erased by irreversible destruction
and we also inform all third parties, to whom the data was transferred, regarding such
erasure and request implementation of similar actions on their part.

8. YOUR RIGHTS AND HOW TO WITHDRAW CONSENTS AND UNSUBSCRIBE

We ask you to provide us with true, accurate and updated information on your identity and
not misrepresent yourself to be another individual or legal entity. Any changes in your
identifying details shall be notified to the Company immediately and in any case no later
than the 7th day from the date of such changes. If your data is incorrect or incomplete, please
contact our support services at the contact details listed in the section OUR CONTACT
DETAILS below in order to change your data.

Under certain circumstances, you have rights in accordance with applicable legislation and
our policies as amended from time to time. Some of the rights are rather complex and
include exemptions, thus we strongly advise you to contact us (at the contact details listed in
the section OUR CONTACT DETAILS below). You can find a summary of your rights below
in this section.

A. The right to access. You have a right to obtain the confirmation as to whether or not
your data are being processed by us. In addition, you have a right to obtain more detailed
information about the data kept and the processing undertaken by us and under certain
circumstances the right to receive a copy of this data. In order to access and view your data
without downloading it, please go to the 'Access my data' in your personal cabinet, by logging
onto your Account, go to Personal Data and  at the bottom of the page you can proceed
with your request by selection - Access my Data.  In addition, you have a right to obtain
more detailed information about the data kept and the processing undertaken by us and
under certain circumstances the right to receive a copy of this data.
B. The right to rectification. You have the right to have inaccurate data about you
rectified, and, taking into account the purpose of the processing, to have incomplete data
completed.

C. The right to erasure. This enables you to ask us to delete or remove personal data
where there is no good reason for us continuing to process it. In order to Delete your Account
and all of the personal data currently stored in our system you can do so, by logging into your
Account go to – Personal Data  section and then Account Settings and at the Bottom of
the Page you can proceed with your request by selecting- Terminate Account – Delete My
Account and all of its data. Please note however that we may not always be able to
comply with your request of erasure for specific legal reasons which will be notified to you, if
applicable, at the time of your request. In case if you want to obtain complete erasure of your
data (to apply the “right to be forgotten”), please note that we may not always be able to
comply with your request of erasure for specific legal reasons which will be notified to you, if
applicable, at the time of your request.

D. The right to restriction of processing. You have the right to request the restriction
of processing of your personal data (a) if it is not accurate;(b) where processing may be
unlawful but you do not want us to erase your data; (c) where you need us to hold the data
even if we no longer require it; or (d) where you may have objected to our use of your data
but we need to verify whether we have overriding legitimate grounds to use it.

E. The right to data portability. To the extent the legal basis for the processing is your
consent, and such processing is carried out by automated means, you have the right to
receive your data in a structured, commonly used and machine-readable format. However,
this right does not apply where it would adversely affect the rights and freedoms of others
and/or in case it may be technically impossible to do so.

F. The right to object. Subject to the legal basis on which the processing activity is based,
you may object to processing of your personal data. Please note that in some cases, we may
have compelling legitimate grounds to process your information which we need to comply
with.

G. The right to withdraw consent. To the extent that the legal basis for the processing is
your consent, you have the right to withdraw from that consent at any time. This may apply
to marketing purposes and/or with regards to the transfer of your data to third parties. In
case you withdraw from a consent given, then we will cease to process your data, unless and
to the extent the continued processing is permitted or required according to the applicable
data regulation or other applicable laws and regulations. The withdrawal from your consent
will in no event affect the lawfulness of processing based on consent before its withdrawal.

H. The right to complain to the data protection supervisory authority. We do our

best to ensure that we protect your data, keep you informed about how we process your data
and comply with the applicable data protection regulation. In case you are not satisfied with
the processing and protection of your data or the information you have received from us,
then we urge you to inform us in order for us to improve. Please also do not hesitate to
contact us, if you want to make use of your rights.

If you want to exercise any of your rights mentioned above and/or obtain more information
regarding your rights and/or our policies and procedures please contact us through the
points of contact listed in the Section OUR CONTACT DETAILS below. Please also provide
us with relevant information to take care of your request, including your full name and email
address so that we can identify you. We will respond to your request without undue delay.

We may need to request specific information from you to help us confirm your identity and
ensure your right to access your data (or to exercise any of your other rights). This is a
security measure to ensure that personal data is not disclosed to any person who has no right
to receive it. We may also contact you to ask you further information in relation to your
request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take
longer than a month if your request is particularly complex or you have made a number of
requests. In this case, we will notify you and keep you updated.

We may charge you a reasonable administrative fee for any unreasonable or excessive
requests we may receive, and for any additional copies of the data you may request.

9. DATA SECURITY

We have put in place appropriate security measures to prevent your data from being
accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition,
we limit access to your data to those employees, agents, contractors and other third parties
who have a business need to know. They will only process your data on our instructions and
they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data breach and will notify you
of a breach where we are legally required to do so.

Your help is always valuable in ensuring that your data is kept safe. Upon registration to the
Website (or its mobile version), the Client will be asked to choose a username and password
to be used by the Client on each future login and for the performance of transactions and use
of the Company's Services. In order to protect the Client's privacy and operation with the
Website sharing registration details (including without limitation, username and password)
by the Client with other persons or business entities is strictly prohibited. The Company shall
not be held responsible for any damage or loss caused to the Client due to improper use
(including prohibited and unprotected use) or storage of such username and password,
including any such use made by a third party, and whether or not known to or authorized by
the Client.

Any use of the Website with the Client's username and password is Client's sole
responsibility. The Company shall not be held responsible for any such use, including for
validation that Client is actually operating in his/her account.

The Client is obliged to forthwith notify the Company's client service of any suspicion for
unauthorized use of the Client’s account. You may contact us at any time through the points
of contact listed in the Section OUR CONTACT DETAILS below.

Encryption of your data in transit. Encryption provides a high level of security and
privacy for your data. When you enter your data in our platform we use strong encryption
technologies (such as Transport Layer Security) to protect your data during transmission
from your devices to our servers.
For providing more trust and security we use digital EV (Extended Validation) Certificates
issued by trusted Certificate Authorities. You can see the ‘Green Bar’ in the supported
browser versions which confirms what all transmitted data is secure.

Protection of your data in our infrastructure. We make it a priority to develop

services that are secure "by default". The "default" security of our services means that all new
services and features are designed with strict security requirements in mind before we even
begin development. This is the key to guaranteed protection and privacy of all data that our
services handle and store, once the service or new feature is released.

To secure your data, we use the pseudonymisation which allows most of our services to
operate without using your actual data. Instead of that, our services use a system ID that
can't be traced back to identify you.

The Company is always vigilant about the security of your data stored in our infrastructure.
Because of that we locate all our equipment which is used for your data processing in secure
data centers. Network access to this equipment is isolated from the Internet. We use network
segmentation for isolation of services which need different levels of security from each other.
In addition, we restrict logical access to your data for our employees on a "need to know"
basis. So, only the personnel that really require access to your data for the purpose of
providing you with our best service, will have access to it.

Threats protection. Our Company is highly knowledgeable about modern threats to data
security and privacy, and we are well prepared to combat them. All events that occur in our
infrastructure are continuously monitored, analyzed and responded to, which allows us to
ensure proper protection of your data, keeping it safe from threats, vulnerabilities, and the
effects of malware.

In the event of a failure that affects the accessibility of your data, we have data backup and
recovery procedures in place that will help us restore your data in a short time. To guarantee
quick recovery, we use high availability mode enabled for most critical databases which
allows us to minimize downtime.

Employee awareness of data security. Our employees may handle your data in order to
provide you with first-class service. To guarantee the security and confidentiality of your
data, we monitor all employees’ actions with access to your data in our systems and grant
access strictly on a "need to know" basis: only employees who need access will receive it. We
hold regular training sessions to make sure that each employee understands the principles
that the Company follows to achieve robust data security and privacy.

If you choose not to give your personal information. In the context of our business
relationship we may need to collect data by law, or under the terms of a contract we have
with you. Without this data, we are, in principle, not in a position to close or execute a
contract with you.

If you choose not to give us this data, it may delay or prevent us from meeting our
obligations. It may also mean that we cannot perform services needed to run your accounts
or policies.

To what extent we carry automated decision-making and profiling. In establishing

and carrying out a business relationship, we generally do not use automated
decision-making. If we use this procedure in individual cases, we will inform you of this
 separately. In some cases, we may proceed with profiling in order to evaluate certain
personal aspects. We shall inform you accordingly in case we perform any profiling. In
general, any data collection that is optional would be made clear at the point of collection.

10. OUR CONTACT DETAILS

If you have any questions about this privacy policy, including requests relating to the data,
please contact our support team using the details set out below.

The entity responsible for your data processing is Digital Smart LLC and you can contact us
using the details set out below.

Address: First Floor, First St. Vincent Bank Ltd Building, James Street, Kingstown, Saint
Vincent and the Grenadines

Email: support@capitalbear.com

To enable us to process your request, please contact us using the registered email address
you disclosed and registered with us through your Account. We may require that you provide
us with proof of your identity, such as by providing us with a copy of a valid form of
identification. This is to ensure that we appropriately protect the personal data we hold from
unauthorized access requests and comply with our security obligations.

If you have any questions, or want more details about how we use your data, you may contact
us at the above contact details and we will be happy to provide you with further details.

11. LINKS TO OTHER WEBSITES

We may provide links to third party websites in our Website. These linked websites are not
under our control, and we therefore cannot accept responsibility or liability for the conduct
of third parties linked to our websites, including without limitation to the collection or
disclosure of your data. Before disclosing your data on any other website, we encourage you
to examine the terms and conditions of using that website and its privacy policies.

12. CHANGES TO THIS PRIVACY POLICY

1. This Privacy Policy was last updated 27 May 2022. We reserve the right, at our discretion, to
add, modify or remove portions of this Privacy Policy in the future to ensure that the
information herein provides relevant and adequate information about our collecting and
processing of your data.

2. This privacy policy may be supplemented by other information received from the Digital
Smartgroup and other terms and conditions applicable to the Website or which you have
agreed to as part of your interaction with us.

3. In case of updates, we will post the revised Privacy Policy on our website. Changes will take
effect as soon as the revised version is made available on our website. Your comments and
feedback are always welcome. You may contact us at any time through the points of contact
listed in the Section OUR CONTACT DETAILS above.