Privacy Policy

I. Abstract

Your personal data belongs to you and you have the right to understand and control how it’s used
If you want to exercise your rights over your personal data, you can contact us any time via e-mail or
through our app.
If you share data with us, we’ll be transparent about how we’re using it. We clearly and simply explain
how we collect and use your personal data in this privacy policy.
We give you clear choices and simple tools to exercise your rights. If we collect data, we’ll tell you why.
We deploy industry standard and bank grade security, which is independently tested and audited to
keep your personal data secure and protected. We will never sell your personal data

II. About us

OttCT is made up by different companies. Those include Infi DOO, incorporated under the laws of North
Macedonia, VAT 4080020589874; Alis Grave Nil, incorporated under the law of Bulgaria, VAT
BG147158613. Some additional services may also be provided by other businesses partnering with us.
We will let you know with which company you are dealing. The OttCT company or its partner providing
the relevant product or service to you will be responsible for processing your personal data for that
product or service. This OttCT company or partner is known as the ‘controller’ of your personal data.

III. Why do you need to read this notice?

Personal data is any data that can be used to personally identify you. In order to comply with the
relevant legislation and provide you with top notch service we will collect quite a few pieces of personal
data about you.
It is important for you to know that your personal data belongs to you. As such you have the right to
know and manage who collects and uses your personal data.
You should know that we will be collecting your personal data
a. When you use our app and other services
b. When you register on our webpage, or fill in our online questioners
c. When you interact with us using phone, e-mail, or other means of communications such as
social media
This policy explains what information we collect, how we use it, and your rights if you want to change
how we use your personal data. We think it is important for you to know it, and advise you to read it
through.

IV. What personal data do we collect?

We collect all the information you will provide to us when you:
– Fill in any form;
– Correspond with us;
– Respond to any of our surveys;
– Register to use our app;
– Create an account for any of our additional services, or additional services we provide jointly
with other companies;
– Provide billing or other financial details, including bank card and wallet data
– Take part in any online or offline promotions of our company or affiliated company;
– Take part in online discussions, leave in-app messages, or speak with our customer support or
social media team members;
– Contact us or engage our team members for any other reason.
We will collect the following information about you:
– Your data, address, day of birth;
– Your e-mail address, phone number, details of the device you use;
– Your registration information;
– Your bank account or card information;
– Identification documents information, country of birth and/or residence, place of
communication (including IP address);
– Where relevant your tax information, such as tax identification number;
– Information you provide when applying for additional services by us or any of our partnering
companies;
– Records of our private discussions with you;
– Records of your discussions or opinions that you have decided to share publicly with us;
– Your images, photos, or other relevant information that you shared privately in a KYC process,
or you decided to make public through social media, public discussions or other means where
we are one of the receiving parties;
– Other information that a law or authority in the EU or your country deemed necessary for us to
collect while dealing with you in the future. Where appropriate we will provide a notice to you if
and when such circumstances arise.
If you provide us with the personal data of other people (such as a joined account holders, or spouse or
family), you confirm that they are aware of the content of this policy.
Whenever you use our website or the app, we might collect the following information:
– technical information, including the internet protocol (IP) address used to connect your computer
to the internet, your login information, the browser type and version, the time zone setting, the
operating system and platform, the type of device you use, a unique device identifier (for example,
your device's IMEI number, the MAC address of the device's wireless network interface, or the

mobile phone number used by the device), mobile network information, your mobile operating
system and the type of mobile browser you use
– information about your visit, including the links you’ve clicked on, through and from our website
or app (including date and time), services you viewed or searched for, page response times,
download errors, length of visits to certain pages, page interaction information (such as scrolling
and clicks), and methods used to browse away from the page
– information on transactions and your use of our products or the products of our partner
companies (for example, payments into and out of your account), including the date, time, amount,
currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the
transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's
and receiver's name and registration information, messages sent or received, details of device used
to arrange the payment and the payment method used
– information stored on your device, including if you give us access to contact information from your
contacts list. We will regularly collect this information in order to stay up to date (but only if you
have given us permission to do so).
We also collect information and contact details from publicly available sources, such as media stories,
online registers or directories, and websites for enhanced due diligence checks, security searches, and
KYC purposes.

V. What are the legal bases for us to collect your personal data?

OttCT must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be
one of the following:

– Keeping to our contracts and agreements with you
We need certain personal data to provide our services and cannot provide them without this personal
data.
– Legal obligations
In some cases, we have a legal responsibility to collect and store your personal data. Those might
include for example, anti-money laundering laws, where we must hold certain information about our
customers. Other such cases would include tax obligations and following court orders.
– Legitimate interests
We sometimes collect and use your personal data because we have a legitimate reason to use it
and this is reasonable when balanced against your human rights and freedoms. Such interest may
include assisting law authorities or protecting vulnerable customers.

– Substantial public interest
Where we process your personal data, or your sensitive personal data (sometimes known as special
category personal data), to adhere to government regulations or guidance, such as our obligation to
support you if you are or become a vulnerable customer
– Consent
Where you've agreed to us collecting your personal data, or sensitive personal data, for example when
you tick a box to indicate you’re happy for us to use your personal data in a certain way. We explain
more about how we use your personal data in the “How do we use your personal data?” section below.

VI. How do we use your personal data?

Whenever you sign up with our app, or apply for or use a product or service in the OttCT platform, we’ll
use your personal data to:
– check your identity, and the identity of joint account holders (as part of our Know Your Customer
process)
– decide whether or not to approve your application
– meet our contractual and legal obligations relating to any products or services you use
– help you understand the AI, DLT assets and other elements of the ecosystem
– exercise other rights we or our partners have under any agreement with you
– provide you with customer support services.
We may record and monitor any communications between you and us, including phone calls, social
media communication and to maintain appropriate records, check your instructions, analyze, assess
and improve our services, and for training and quality control purposes.
We also use your personal data to do the following:
– to personalize your in-app experience and marketing messages about our products and services so
they’re more relevant and interesting to you (where allowed by law). This may include analyzing how
you use our products, services and your transactions.
– if you agree, provide you with information about our partners’ promotions or offers which we think
you might be interested in
– if you agree, allow our partners and other organizations to provide you with information about their
products or services
– measure or understand the effectiveness of our marketing and advertising, and provide relevant
advertising to you
– ask your opinion about our products or services
We use your personal data to manage our website and the app, (including troubleshooting, data
analysis, testing, research, statistical and survey purposes), and to make sure that content is presented
in the most effective way for you and your device.

We additionally use your personal data to:
– verify your identity if you contact our customer support or social media teams
– allow you to take part in interactive features of our services
– tell you about changes to our services
– help keep our website and the app safe and secure
We prepare anonymous statistical datasets about our customers’ spending patterns:
– for forecasting purposes
– to understand how customers use our services
– to comply with governmental requirements and requests
These datasets may be shared internally or externally with others, including non-Revolut companies. We
produce these reports using information about you and other customers. The information used and
shared in this way is never personal data and you will never be identifiable from it. Anonymous
statistical data cannot be linked back to you
We use your personal data:
– to share it with other organizations (such as
government authorities, law enforcement authorities, tax
authorities, fraud prevention agencies)
– if this is necessary to meet our legal or regulatory
obligations
– to identify and support vulnerable customers
– in connection with legal claims
– to help detect or prevent crime
We will not sell your personal data to other companies or individuals.

VII. Do we make automatic decisions about you or utilize AI in decision making?

Yes. In some products we might make automatic decisions about you.
This means that we may use technology that can evaluate your personal circumstances and other
factors to predict risks or outcomes. This is sometimes known as profiling. We do this for the efficient
running of our services and to ensure decisions are fair, consistent and based on the right information
Regardless of this we are committed to the NGI value of human-centric AI. In the context of this policy
this means that you will be able to request a human supervised decision to overrule any automatic
made decision concerning you. Further, we will not allow automatic decisions to be made for any
feature that is concerning your fundamental rights.

VIII. How we use your personal data for marketing?

If you sign up to our services, and where national laws allow, we’ll assume you want us to contact you
by post, push notification, email, and text message with information about OttCT products, services,

offers and promotions. Where national laws require us to get your consent to send marketing messages,
we’ll do so in advance.
We use your personal data to personalize marketing messages about our products and services so they
are more relevant and interesting to you (where allowed by law). This may include analyzing how you
use our services and your transactions.
You can object to profiling for direct marketing purposes. You can also adjust your preferences or tell us
you don't want to hear from us at any time.
If you do not want to receive personalized marketing messages, and opt out from receiving them, you
will not receive any marketing communications. However, you may still receive generic information
about our products and services in the app.

IX. What are your rights?

a. You have the right to be told how we use your personal data

If you ask, we’ll provide a copy of the personal data we hold about you. We can’t give you any personal
data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or
personal data which is linked to settlement negotiations with you. We also won't provide you with any
communication we've had with our legal advisers

b. You can ask us to correct your personal data

You can have incomplete or inaccurate personal data corrected. Before we update your file, we may need to
check the accuracy of the new personal data you have provided
c. You can ask us to delate your personal data

We will delate all the personal data you have provided, safe for the data the law requires us to keep for
taxation, audit, or other regulatory provided issues.

d. You have the right to request not to have your personal data to be used for marketing
purposes

Please refer to Part VIII of this policy for further details

e. You can ask us to restrict the processing of your personal data

You should let us know which personal data you would like us to restrict processing, and we will inform
you if your request in permissible by law. Following that check we will stop processing the specific data
in question.

f. You have the right to ask us to carry human review of automated decision making

Please refer to Part VII of this policy for further details.
g. You can withdraw your permissions

At any time, you can withdraw your permissions in whole or in part for us to process your personal data.
In some circumstances that might interfere with the normal provision of services and we will inform you

about that issue. You withdrawing a permission in such circumstances will be considered as terminating
prematurely the contract for the provision of the service in question.

X. How to exercise your rights?

To exercise your rights you need to contact us (either through our webpage or app) and inform us of
your intentions.
For security reasons, we can't deal with your request if we’re not sure of your identity, so we may ask
you for proof of ID. If a third party exercises one of these rights on your behalf, we may need to ask for
proof that they’ve been authorized to act on your behalf.
We will promptly inform you as soon as your request has been satisfied, or the legal reasons we may not
comply with your instructions.

XI. Do we share your personal data?

We would share your personal data within our team and the OttCT partners. We will share personal
data in order to
– Provide you with the best service
– Inform you on our products and services
When we share your data with our partners, we will make sure they are following the industry standard
for safekeeping of the data. Further, you will be informed which of our partners holds your data, so you
would be able to exercise the rights in this policy in full.
Upon receiving your consent we may share some of your personal data with other customers or
community members. We will explicitly ask for your permission in this case and will not assume it.
We may share some of your personal details when it is legally required or strictly necessary with some
of our suppliers, such as Internet suppliers, IT infrastructure operators, phone companies,
telecommunication suppliers. When sharing your personal data is necessary we will make sure that
those companies follow a GDPR level personal data protection protocols.
Further, we may need to share some of your personal data with state authorities, national revenue
services or upon request from courts. In some cases we might be prohibited from letting you know that
law enforcement authority has asked us for your data. Whenever possible we will make our best to let
you know when such requests are made.
When we use social media for marketing purposes, your personal data (limited to only your name, email
address and app events) may be shared with the social media platforms so that they can check if you
also hold an account with them. That data will not be publicly shared, unless we have your explicit
permission.

XII. How do we protect your personal data?

We recognize the importance of protecting and managing your personal data. Any personal data we
process will be treated with the utmost care and security. This section sets out some of the security
measures we have in place

We use a variety of physical and technical measures to:
– keep your personal data safe
– prevent unauthorized access to your personal data
– make sure your personal data is not improperly used or disclosed
Electronic data and databases are stored on secure computer systems with control over access to
information using both physical and electronic means. Our team receives data protection and
information security training. We have detailed security and data protection policies which staff are
required to follow when they handle your personal data.
While we take all reasonable steps to ensure that your personal data will be kept secure from
unauthorized access, we cannot guarantee it will be secure during transmission by you to our app, a
website or other services. We use HTTPS (HTTP Secure), where the communication protocol is encrypted
through Transport Layer Security for secure communication over networks, for all our app, web and
payment-processing services.

OttCT is your first AI tool that helps you invest in crypto with piece of mind by detecting fake news and fraudulent behavior on crypto social media content.

Legal