1. Introduction
1.1 Overview of the Privacy Policy
This Privacy Policy (“Policy”) governs the manner in which CaizStable and its affiliates, subsidiaries, and associated entities (collectively, “CaizStable”, “Company”, “we”, “us”, or “our”) collect, process, store, use, disclose, and protect Personal Data of individuals who interact with our platforms, websites, applications, and services (hereinafter collectively referred to as the “Services”).
This Policy is designed to ensure compliance with applicable data protection and privacy laws, including but not limited to:
a. The General Data Protection Regulation (EU) 2016/679 (“GDPR”);
b. The California Consumer Privacy Act, 2018 as amended by the California Privacy Rights Act, 2020 (“CCPA/CPRA”);
c. Other applicable data protection laws in jurisdictions where CaizStable operates.
By accessing, using, or interacting with our Services, you (“User,” “Data Subject”) acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. Where required by law, explicit consent will be obtained before processing Personal Data.
If you do not agree with any provisions of this Privacy Policy, you are advised to immediately discontinue your use of our Services.
1.2 Scope and Applicability
This Privacy Policy applies to:
a. All Users, including visitors, customers, partners, merchants, vendors, or any individuals accessing, interacting with, or utilizing CaizStable’s platforms, applications, and related services;
b. All processing activities involving Personal Data, whether collected directly from Users, automatically through technological means, or from third-party sources;
c. Any processing of Personal Data carried out by CaizStable in the capacity of Data Controller or, where applicable, in the capacity of Data Processor on behalf of third parties;
d. Personal Data collected through, but not limited to, online platforms, mobile applications, electronic communications, blockchain-based transactions, and financial interactions.
This Policy does not apply to:
a. Third-Party Websites and Services: Any data processing activities carried out by external websites, platforms, or services that are linked to or integrated with CaizStable’s Services but operate independently of CaizStable. Users are encouraged to review such third-party privacy policies.
b. Anonymized and Aggregated Data: Information that has been irreversibly anonymized and cannot be used to identify an individual.
c. Data Processing Outside CaizStable’s Control: Personal Data processed by Users or third parties outside the scope of CaizStable’s Services, including data voluntarily shared on public forums, social media, or external blockchain networks.
1.3 Key Definitions
For the purposes of this Privacy Policy, the following terms shall have the meaning ascribed below, unless otherwise required by applicable law:
a. “Personal Data”: Any information that directly or indirectly identifies, relates to, describes, or is reasonably capable of being associated with a natural person (“Data Subject”), including but not limited to name, email address, financial data, IP addresses, device identifiers, and blockchain transaction records.
b. “Data Subject”: Any identified or identifiable natural person whose Personal Data is collected, processed, or stored by CaizStable.
c. “Processing”: Any operation or set of operations performed on Personal Data, whether by automated means or otherwise, including but not limited to collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, restriction, erasure, or destruction.
d. “Data Controller”: The entity that determines the purposes and means of Processing Personal Data. In this case, CaizStable AG acts as the Data Controller unless otherwise stated.
e. “Data Processor”: A third party that processes Personal Data on behalf of and under the instructions of the Data Controller.
f. “Consent”: Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they, by a statement or a clear affirmative action, signify agreement to the Processing of their Personal Data.
g. “Legitimate Interest”: A legal basis for Processing Personal Data where such Processing is necessary for the legitimate interests pursued by CaizStable or a third party, provided that such interests are not overridden by the rights and freedoms of the Data Subject.
h. “Data Protection Authority (DPA)”: The independent public authority responsible for monitoring and enforcing data protection laws in its respective jurisdiction.
i. “International Data Transfer”: The transmission of Personal Data outside of the jurisdiction where it was originally collected, subject to legal safeguards such as Standard Contractual Clauses (SCCs) or an adequacy decision under the GDPR.
j. “Anonymization”: The process of irreversibly altering Personal Data so that it cannot be re-identified directly or indirectly.
k. “Pseudonymization”: The technique of processing Personal Data in such a way that it cannot be attributed to a specific individual without additional information, which is kept separately and secured.
l. “Blockchain Transactions”: Digital transactions recorded on a decentralized ledger, which may include wallet addresses and cryptographic signatures, subject to limited erasure rights due to the immutable nature of blockchain technology.
—
2. Data Controller and Contact Information
2.1 Identity of the Data Controller
CaizStable, in its capacity as Data Controller, determines the purposes and means of processing Personal Data in accordance with applicable statutory and regulatory requirements.
In certain circumstances, CaizStable may act as a Data Processor where it processes Personal Data on behalf of a third-party Data Controller, in which case the respective Data Processing Agreement (DPA) or contractual obligations shall govern such processing activities.
2.2 Contact Details for Privacy Concerns
For any inquiries, requests, or concerns relating to the processing of Personal Data, Data Subjects may contact our designated Data Protection Officer (“DPO”) or Privacy Compliance Team through the following channels:
Data Protection Officer (DPO):
\[Full Name/DPO Contact\]
\[Registered Office Address\]
\[Email Address for Privacy Inquiries\]
Data Subjects are encouraged to contact CaizStable’s DPO for the following purposes:
a. Exercise of Data Subject Rights under GDPR, CCPA, or any other relevant legislation (including access, rectification, erasure, restriction, portability, and objection to processing);
b. Withdrawal of Consent where processing is based on explicit user consent;
c. Objections to Automated Decision-Making or Profiling where applicable;
d. Filing of Complaints regarding the processing of Personal Data;
e. Clarifications Regarding International Data Transfers, including the implementation of Standard Contractual Clauses (SCCs) or other safeguards;
f. Request for Deletion or Restriction of Personal Data subject to legal retention obligations;
g. Inquiries Regarding Data Security Measures implemented by CaizStable;
h. Lodging Complaints with Supervisory Authorities where applicable under GDPR or equivalent regulatory frameworks.
2.3 Supervisory Authority and Right to Lodge Complaints
If a Data Subject believes that CaizStable has processed Personal Data unlawfully or in violation of their rights under applicable data protection regulations, they have the right to file a complaint with their relevant Data Protection Authority (DPA).
2.4 Updates to Contact Information
CaizStable reserves the right to update or modify its contact details, DPO information, or designated privacy representatives as required under evolving regulatory frameworks. Any such changes shall be duly reflected in this Privacy Policy, and Users shall be notified where required by law.
—
3. Types of Data Collected
3.1 Personal Data Collected
For the purposes of this Privacy Policy, Personal Data refers to any information that directly or indirectly identifies, relates to, describes, or is reasonably capable of being associated with an individual (“Data Subject”).
CaizStable may collect, process, store, and use the following categories of Personal Data:
a. Identity and Contact Information
b. Financial and Transactional Data
c. Account and Authentication Information
d. Device and Technical Data
e. Communications and Customer Support Data
f. Marketing and Preferences Data
3.2 Sensitive Personal Data
Under GDPR (Article 9), CCPA, and other applicable regulations, certain types of Personal Data qualify as Sensitive Personal Data (also referred to as Special Category Data under GDPR).
CaizStable does not intentionally collect or process Sensitive Personal Data, unless explicitly required for regulatory compliance or where consent has been obtained. Such data may include:
a. Biometric Data (e.g., facial recognition, fingerprint scans used for identity verification)
b. Health-related Data (where necessary for regulatory purposes)
c. Political Opinions, Religious or Philosophical Beliefs
d. Racial or Ethnic Origin
e. Sexual Orientation or Gender Identity
f. Criminal Records or Convictions
Where processing of Sensitive Personal Data is required, CaizStable shall seek explicit consent from the Data Subject and implement appropriate security measures.
3.3 Non-Personal Data
CaizStable may also collect Non-Personal Data, which refers to anonymized or aggregated data that does not directly identify an individual.
Examples of Non-Personal Data include:
a. Aggregated statistical data regarding service usage
b. Market trend analysis based on anonymized user activity
c. De-identified transaction patterns for analytics purposes
Non-Personal Data may be used for business intelligence, research, and product development, provided that it cannot be re-identified to a specific Data Subject.
3.4 Third-Party Tracking Technologies
CaizStable may allow third-party analytics providers (such as Google Analytics, Facebook Pixel, or blockchain analytics tools) to collect information regarding User interactions. Users can opt-out of certain tracking technologies through their browser settings or by using privacy-enhancing tools.
3.5 User Control and Data Minimization
CaizStable adheres to the principle of data minimization, collecting only the data strictly necessary for the provision of services and ensuring that Users retain maximum control over their Personal Data.
a. Users may access, modify, or delete their Personal Data in accordance with applicable laws.
b. Users may manage Cookie preferences through browser settings or opt-out mechanisms.
c. Users may request further details regarding data processing activities via our [Data Protection Officer Contact Information].
—
4. Sources of Data Collection
Personal Data may be collected directly from Users, automatically through technological means, or from third-party sources as detailed below.
4.1 Direct Collection from Users
CaizStable directly collects Personal Data from Users when they voluntarily provide such data through various means, including but not limited to:
a. Account Registration and Identity Verification
– When Users create an account on CaizStable’s platforms, they provide Personal Data, including full name, email address, phone number, nationality, and government-issued identification (where required).
– For compliance with Know-Your-Customer (KYC) and Anti-Money Laundering (AML) regulations, additional documentation such as proof of address, financial information, and source of funds documentation may be required.
b. User Communications and Support Requests
– When Users interact with CaizStable’s customer support services, engage in correspondence (via email, chat, or calls), or submit inquiries, the provided Personal Data is collected for identity authentication and service improvement.
c. Financial Transactions and Payment Processing
– When Users engage in monetary transactions, including deposits, withdrawals, purchases, and sales involving cryptocurrencies, fiat currencies, or digital assets, financial and transactional data is collected to process payments, maintain transaction records, and comply with financial regulations.
d. Marketing, Surveys, and User Preferences
– When Users subscribe to newsletters, promotional emails, or participate in surveys and contests, data such as email addresses, responses, and marketing preferences are collected.
– Users have the right to opt out of marketing communications at any time.
e. User-Generated Content and Community Interactions
– When Users post content, comments, reviews, or interact within forums and social communities hosted by CaizStable, Personal Data is collected in accordance with the User’s consent and Terms of Use.
f. Contractual and Business Communications
– When entering into agreements with CaizStable (e.g., merchant partnerships, service contracts, or affiliate programs), Users provide contractual information, tax identification numbers, and banking details.
4.2 Automated Data Collection (Usage Data, IP Address, Device Information)
CaizStable employs automated data collection technologies to gather information about Users’ interactions with its websites, mobile applications, and digital services. Such data is collected passively and does not require direct input from Users.
a. Device and System Data
b. Internet and Network Activity Data
c. Cookies, Web Beacons, and Tracking Technologies
d. Blockchain and Transactional Data
e. Automated Fraud Prevention and Security Systems
Users may exercise their rights under GDPR, CCPA, or other applicable laws to request access, restriction, or deletion of certain automatically collected data, subject to legal retention obligations and technical feasibility.
4.3 Third-Party Data Sources
CaizStable may receive Personal Data from legitimate third-party sources, including:
a. Regulatory and Compliance Authorities
b. Financial Institutions and Payment Service Providers
c. Identity Verification and KYC Service Providers
d. Marketing and Advertising Partners
e. Publicly Available Information
f. Law Enforcement and Legal Disclosures
4.4 User Control Over Data Collection
Users may control the collection, processing, and use of their data by:
a. Adjusting privacy settings in their CaizStable account.
b. Managing Cookie preferences via browser settings.
c. Opting out of marketing communications.
d. Requesting access, modification, or deletion of Personal Data as per GDPR, CCPA, DPDP Act, or other applicable laws.
CaizStable shall process such requests within legally mandated timeframes and in compliance with applicable regulatory frameworks.
—
5. Legal Basis for Processing Personal Data
Pursuant to Article 6 of the GDPR and corresponding legal provisions under other applicable laws, CaizStable shall process Personal Data only where it has a valid legal basis for such processing. The legal bases relied upon by CaizStable are detailed below.
5.1 Consent of the User
Where required by law, CaizStable shall obtain the explicit, specific, and informed consent of Users before processing their Personal Data.
Conditions for Valid Consent:
a. Consent must be freely given, specific, informed, and unambiguous (Article 4(11) GDPR).
b. Users must provide a clear affirmative action (e.g., ticking a box, clicking “I agree,” or providing biometric verification where applicable).
c. Users must be able to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
d. Where required by law (e.g., for Special Categories of Personal Data under Article 9 GDPR), consent must be explicit.
5.2 Contractual Necessity
CaizStable processes Personal Data where it is necessary for the performance of a contract to which the User is a party, or to take pre-contractual steps at the User’s request.
Examples of Processing Based on Contractual Necessity:
a. User Account Registration: Processing User details to create and maintain an account.
b. Transaction Execution: Facilitating deposits, withdrawals, or trades involving cryptocurrencies, fiat currencies, or digital assets.
c. Service Delivery: Providing access to digital wallets, blockchain services, or smart contract functionalities.
d. Customer Support: Responding to User inquiries related to contractual rights and obligations.
Failure to provide Personal Data required for contractual necessity may result in inability to provide services, including account suspension, payment failure, or service denial.
5.3 Legal Obligation
CaizStable may process Personal Data where it is necessary to comply with a legal obligation to which it is subject.
Examples of Processing Based on Legal Obligation:
a. Know-Your-Customer (KYC) and Anti-Money Laundering (AML) Compliance
b. Tax Reporting and Compliance
c. Regulatory Audits and Investigations
d. Responding to Law Enforcement Requests
Users may not object to processing under legal obligation, except where exemptions apply under specific laws (e.g., GDPR exemptions for certain rights).
5.4 Legitimate Interest
CaizStable may process Personal Data where it is necessary for the purposes of legitimate interests pursued by CaizStable or a third party, provided that such interests are not overridden by the User’s fundamental rights and freedoms.
Examples of Processing Based on Legitimate Interest:
a. Fraud Prevention and Security Monitoring
b. Product Development and Improvement
c. Customer Relationship Management (CRM)
d. Legal Defense and Risk Management
e. Corporate Transactions (Mergers & Acquisitions, Business Transfers)
Users may object to processing based on legitimate interests by submitting a request to the Data Protection Officer (DPO).
5.5 Public Interest or Official Authority
In limited circumstances, CaizStable may process Personal Data where such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
Examples of Processing Based on Public Interest or Official Authority:
a. Financial Sanctions and AML Reporting
b. Cybersecurity and Threat Intelligence Sharing
c. Compliance with Governmental Orders or Public Policy Directives
Users have the right to request further information on the legal basis for processing where Public Interest or Official Authority is relied upon.
—
6. Purpose of Data Processing
Personal Data is collected, processed, and retained solely for legitimate business purposes, which are detailed below.
6.1 Service Provision and Account Management
CaizStable processes Personal Data to provide Users with access to and functionality of its platforms, applications, and services, including but not limited to cryptocurrency transactions, digital wallets, smart contracts, and blockchain-based financial services.
Specific Processing Activities Include:
a. User Account Creation and Management.
b. Transaction Processing and Execution.
c. Wallet and Key Management.
d. Smart Contract Operations.
e. Subscription-Based Services.
Failure to provide Personal Data required for service provision may result in denial of access to the platform, account suspension, or restricted service functionality.
6.2 Identity Verification and Fraud Prevention
To maintain a secure and compliant platform, CaizStable processes Personal Data for the purposes of identity verification, fraud prevention, and risk mitigation.
Specific Processing Activities Include:
a. Know-Your-Customer (KYC) Verification.
b. Transaction Monitoring and Fraud Detection.
c. Multi-Factor Authentication (MFA) and Security Checks.
d. Account Activity Audits.
e. Blacklist Screening and Sanctions Compliance.
Users who fail identity verification may be denied access to certain services, restricted from executing financial transactions, or reported to regulatory authorities where legally mandated.
6.3 Compliance with Legal and Regulatory Obligations
CaizStable is legally obligated to process Personal Data to ensure compliance with statutory, regulatory, and financial laws, including but not limited to:
a. AML (Anti-Money Laundering) and CTF (Counter-Terrorism Financing) Regulations.
b. Financial Action Task Force (FATF) Guidelines and EU Anti-Money Laundering Directives (AMLD 5 & 6).
c. Local Tax Regulations (e.g., FATCA, CRS, and other international tax reporting standards).
d. Regulatory Filings, Audits, and Investigations mandated by law enforcement agencies.
e. Judicial or Governmental Orders, including compliance with subpoenas and court rulings.
Specific Processing Activities Include:
a. Retention of Financial Records.
b. Tax Reporting and Disclosures.
c. Regulatory Reporting and Investigations.
Users cannot object to processing activities conducted under legal obligation, except in circumstances where statutory exemptions apply.
6.4 Marketing and Promotional Activities (With Opt-out Options)
Subject to applicable laws and User consent (where required), CaizStable may process Personal Data for marketing, promotional, and advertising purposes.
Specific Processing Activities Include:
a. Direct Marketing and Email Communications.
b. Personalized Advertisements and Retargeting.
c. Affiliate and Referral Programs.
d. Participation in Contests, Surveys, and Rewards Programs.
User Rights and Opt-out Mechanisms:
a. Users may opt out of marketing communications.
b. Legally Required Communications: Users cannot opt out of transactional emails, security notifications, or service updates.
6.5 Service Improvement and Analytics
To optimize the performance, security, and User experience of its platforms, CaizStable processes Personal Data for research, analytics, and service improvement. All data used for analytics and service improvements is anonymized or pseudonymized where possible to ensure User privacy and compliance with data minimization principles.
6.6 Customer Support and Communications
CaizStable processes Personal Data to provide efficient and secure customer support services. Customer support interactions may be recorded for quality assurance, compliance verification, and dispute resolution purposes.
—
7. Sharing and Disclosure of Personal Data
CaizStable shall not engage in the sale, lease, or unauthorized disclosure of Personal Data without the lawful basis for such sharing, and where required, we shall obtain the User’s consent prior to disclosure.
7.1 Internal Sharing within CaizStable Entities
For operational, compliance, and risk management purposes, Personal Data may be shared among CaizStable’s affiliated entities, subsidiaries, and business divisions where necessary to:
a. Provide Seamless Access to Services
b. Risk and Fraud Prevention Measures
c. Regulatory and Compliance Obligations
All intra-group transfers of Personal Data are governed by legally binding data processing agreements and standard contractual clauses (SCCs) where required under GDPR.
7.2 Third-Party Service Providers
CaizStable may engage third-party vendors, contractors, and service providers to support the operation, maintenance, and enhancement of our Services. Personal Data may be disclosed to such entities only to the extent necessary for the performance of their contractual obligations.
7.3 Regulatory and Law Enforcement Authorities
CaizStable may disclose Personal Data where required to comply with legal and regulatory obligations, including requests from government agencies, financial regulators, and law enforcement bodies. Such disclosures shall be limited to the minimum amount of data necessary.
User Rights and Notification:
a. Where permitted by law, Users will be notified if their Personal Data has been requested by a government authority or law enforcement agency.
b. In cases where notification is prohibited due to legal constraints or national security reasons, CaizStable shall comply with applicable legal requirements.
7.4 Business Transfers (Mergers, Acquisitions, and Restructuring)
In the event of a merger, acquisition, consolidation, reorganization, or sale of assets, Personal Data may be transferred as part of the transaction. Where such a transfer occurs, CaizStable shall ensure that appropriate data protection safeguards are implemented in compliance with GDPR, CCPA, and other applicable laws.
—
8. International Data Transfers
In accordance with Articles 44-49 of the GDPR, CaizStable ensures that Personal Data transfers outside the European Economic Area (EEA) and the United Kingdom (UK) are subject to appropriate safeguards to protect the rights and freedoms of Data Subjects.
—
9. Data Retention Policy
This Data Retention Policy outlines the principles governing the storage, retention, and deletion of Personal Data processed by CaizStable.
9.1 Duration of Data Storage
CaizStable shall retain Personal Data for the following durations:
a. User Account and Identity Data: Retained for the lifetime of the User’s account and for an additional seven (7) years following account termination, in compliance with financial and legal record-keeping obligations.
b. Transaction and Financial Records: Retained for a minimum of seven (7) years post-transaction in accordance with AML/CTF regulations, tax laws, and financial audit requirements.
c. Know-Your-Customer (KYC) and Anti-Money Laundering (AML) Data: Retained for five (5) to ten (10) years from the date of account closure or last transaction, as required by FATF guidelines, AML Directives, and regulatory mandates.
d. Customer Support and Communications Data: Retained for three (3) years following the resolution of the inquiry, unless a longer retention period is required for dispute resolution or regulatory purposes.
e. Marketing and Analytics Data: Retained for a maximum of three (3) years, unless the User withdraws consent prior to the expiration of this period.
f. Legal Claims and Dispute Resolution Data: Retained for the duration of legal proceedings and up to seven (7) years following the resolution of a claim, in accordance with statutory limitation periods.
g. System Logs and Security Data: Retained for twelve (12) months, unless required for an active investigation or regulatory compliance.
9.2 Criteria for Determining Retention Periods
CaizStable determines data retention periods based on the following legal and business factors:
a. Legal and Regulatory Obligations
b. Contractual Necessity
c. Legitimate Business Interests
d. Data Subject Rights and Requests
e. Statutory Limitation Periods for Legal Claims
—
10. User Rights and How to Exercise Them
Users have the following data protection rights, subject to the conditions and limitations imposed by applicable laws.
10.1 Right to Access (Right of Access under Article 15 GDPR)
Users have the right to request confirmation as to whether CaizStable is processing their Personal Data and, if so, to obtain:
a. A copy of their Personal Data being processed.
b. The purpose of processing and the categories of data collected.
c. Information on third parties with whom data has been shared.
d. Details of international data transfers and the safeguards in place.
e. The data retention period applicable to their Personal Data.
Requests for access shall be processed within one (1) month from the date of submission, extendable by two (2) additional months in complex cases, as permitted under Article 12(3) GDPR.
10.2 Right to Rectification (Right to Correction under Article 16 GDPR)
Users have the right to request the correction of inaccurate or incomplete Personal Data held by CaizStable. This includes:
a. Updating outdated information (e.g., address, contact details).
b. Correcting typographical or factual errors.
c. Completing missing information relevant to data processing.
CaizStable shall process rectification requests without undue delay, typically within one (1) month, unless a legal or contractual obligation prevents such modification.
10.3 Right to Erasure (Right to be Forgotten under Article 17 GDPR)
Users have the right to request the deletion of their Personal Data under the following circumstances:
a. Data is no longer necessary for the purpose for which it was collected.
b. The User withdraws consent (where processing is based on consent).
c. The User objects to processing, and there are no overriding legitimate interests.
d. Personal Data was unlawfully processed.
e. Deletion is required to comply with a legal obligation.
# 10.3.1 Exceptions to the Right to Erasure
CaizStable may refuse deletion requests where:
a. Retention is required for legal compliance, regulatory, or financial reporting purposes.
b. Personal Data is needed for legal claims or dispute resolution.
c. Personal Data is recorded on an immutable blockchain ledger (where erasure is technically infeasible).
10.4 Right to Restrict Processing (Article 18 GDPR)
Users may request temporary restriction of their Personal Data processing where:
a. The accuracy of the data is contested, pending verification.
b. Processing is unlawful, but the User opts for restriction instead of deletion.
c. The data is no longer required for processing, but the User requires it for legal claims.
d. The User has objected to processing (pending assessment of legitimate interests).
During restriction, CaizStable shall suspend processing except for:
a. Storing the data.
b. Processing with the User’s consent.
c. Processing for legal claims or regulatory obligations.
10.5 Right to Data Portability (Article 20 GDPR)
Users have the right to request a structured, machine-readable copy of their Personal Data that they have provided to CaizStable and to transfer such data to another service provider where:
a. Processing is based on User consent or a contract.
b. Processing is carried out by automated means.
10.6 Right to Object to Processing (Article 21 GDPR)
Users have the right to object to processing of their Personal Data where processing is based on:
a. Legitimate interests pursued by CaizStable.
b. Direct marketing purposes (Users can object at any time).
c. Automated decision-making or profiling that significantly affects them.
Upon objection, CaizStable shall:
a. Cease processing, unless overriding legitimate grounds exist.
b. Immediately stop processing for direct marketing purposes.
10.7 Right to Withdraw Consent (Article 7(3) GDPR)
Where processing is based on User consent, Users have the right to withdraw consent at any time, without affecting the lawfulness of processing conducted prior to withdrawal.
Effects of Withdrawing Consent:
a. Services requiring consent-based processing may become unavailable.
b. Withdrawal does not affect previous processing based on valid consent.
c. Certain data retention obligations may still apply (e.g., AML/KYC regulations).
10.8 Right to Lodge a Complaint with Data Protection Authorities
Users have the right to lodge a complaint with their relevant Supervisory Authority if they believe their data protection rights have been violated.
10.9 How to Exercise User Rights
Users may exercise their rights by:
a. Submitting a written request to CaizStable’s Data Protection Officer (DPO).
b. Using automated tools available within CaizStable’s platform (where applicable).
c. Providing identity verification to authenticate their request.
All requests shall be processed within the statutory timeframe prescribed by applicable laws.
—
11. Security Measures
CaizStable undertakes to maintain comprehensive security measures to safeguard all the data being stored/processed by it, as if it were confidential data of CaizStable itself.
—
12. Links to Third-Party Websites
This section outlines the legal disclaimers and User responsibilities when accessing or interacting with such Third-Party Sites. Users acknowledge that their engagement with external platforms is at their own discretion and risk, and that CaizStable does not control, endorse, or assume liability for third-party content, practices, or policies.
12.1 Disclaimer for External Sites
a. No Endorsement or Control Over Third-Party Content
– CaizStable does not own, operate, or control Third-Party Sites linked on its platform.
– The inclusion of hyperlinks, embedded content, or API integrations does not constitute an endorsement, sponsorship, or affiliation with the Third-Party Site.
– CaizStable makes no representations or warranties regarding the accuracy, legality, security, or reliability of any Third-Party Site.
b. No Liability for Third-Party Content and Transactions
– Users accessing Third-Party Sites through links provided by CaizStable do so entirely at their own risk.
– CaizStable disclaims all liability for any losses, damages, fraudulent activities, or legal claims arising from:
– Misrepresentation, unauthorized transactions, or deceptive business practices of Third-Party Sites.
– Security breaches, malware, phishing attempts, or cyber threats on external websites.
– Collection, processing, or misuse of Personal Data by Third-Party Sites.
– CaizStable is not responsible for third-party compliance with applicable laws, including GDPR, CCPA, DPDP Act, or financial regulations.
c. Third-Party Terms and Privacy Policies Apply
– Users acknowledge that Third-Party Sites operate under their own terms of service and privacy policies, which may differ from those of CaizStable.
– Users should review and understand the terms, conditions, and privacy practices of any Third-Party Site before engaging with its services.
12.2 User Responsibility in Third-Party Interactions
a. Independent Verification and Due Diligence.
b. Caution Against Fraud, Phishing, and Cyber Threats.
c. User Acknowledgment of Risks — By engaging with Third-Party Sites, Users acknowledge and accept the inherent risks associated with third-party interactions and that CaizStable bears no responsibility for damages or claims resulting from third-party engagement. Further, all interactions with Third-Party Sites are undertaken at the User’s sole risk and discretion.
12.3 Modification or Removal of Third-Party Links
CaizStable reserves the right to modify, remove, or restrict access to any Third-Party Site link, integration, or reference:
a. At its sole discretion, without prior notice.
b. If a Third-Party Site is found to be non-compliant with applicable laws.
c. If a Third-Party Site is identified as a security or fraud risk.
—
13. Updates to the Privacy Policy
13.1 Notification of Changes
Users shall be notified of material changes to this Privacy Policy through:
a. Email notifications (where legally required or feasible).
b. Prominent notices on our platform, website, or application.
c. Updated policy versions with revision summaries, accessible via our Privacy Policy page.
Users are encouraged to periodically review this Privacy Policy to remain informed about how their Personal Data is processed. Continued use of CaizStable’s services after policy updates constitutes acceptance of the revised terms.
13.2 Effective Date of Amendments
All modifications, amendments, or updates to this Privacy Policy shall become effective on the date specified in the “Last Updated” section of this document.
a. For substantial policy revisions, Users shall be provided with a reasonable notice period before enforcement.
b. Where required by law, CaizStable shall seek renewed consent from Users before implementing changes that materially alter data processing purposes or legal bases.
Users who do not agree with the updated terms must discontinue use of CaizStable’s services and may request account deletion and data erasure in accordance with their Right to Erasure (GDPR Article 17).
—
14. How to Contact Us
14.1 Contact Details for Privacy Inquiries
Users may direct inquiries, requests, or concerns regarding this Privacy Policy, Personal Data Processing, or Data Protection Rights to CaizStable’s Data Protection Officer (DPO):
For general privacy-related questions, Users may also reach out via:
a. Privacy Inquiry Portal: [Insert URL]
b. Customer Support Email: [Insert Support Contact]
—
15. Compliance Statement
By accessing, using, or interacting with CaizStable’s Services, Users acknowledge that they have been provided with adequate notice regarding policy updates, contact information for privacy inquiries, and mechanisms to address grievances.
For further assistance, Users may contact CaizStable’s Data Protection Officer (DPO) or the relevant Supervisory Authority.
