ROSEON.FINANCE

Roseon Finance Limited, a company registered in Nevis (No. C52663) (the “Company”), declares the following

Roseon.Finance Terms and Conditions (“T&Cs”), in relation to:

I. any information the Company collects about the User when he/she visits the Company’s Website, uses

the Platform and/or services, or otherwise interacts with any member of the Company’s Team.

II. how the Company uses, shares, stores, and secures the information; and

III. how the User may access and control that information.

1. User Information.

1.1. The Company may collect any ''Personal Information'', which is any data, information, or combination of

data and information that is provided by the User to the Company, or through the use of the Company’s

products, services, Platform and Website and that relates to an identifiable individual.

1.2. The Company collects the Personal Information when it is provided by the User or when the User visits the

Website or uses the Platform.

1.3. The Company does not collect sensitive data or special category data about the User. This includes details

about race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or sexual

orientation.

2. Information Usage.

2.1. The Company will only use any Personal Information that the applicable law allows to and in particular:

2.1.1. to provide customer support and personalized features, and to protect the safety and security of the

Platform and Website;

2.1.2. to satisfy a legitimate interest which is not overridden by the User’s fundamental rights or data

protection interests, for example for research and development, and in order to protect the

Company’s legal rights and interests;

2.1.3. when the User consents to do so for a specific purpose;

2.1.4. when the Company needs to comply with a legal or regulatory obligation.

2.2. When the User has given consent to use any Personal Information for a specific purpose, he/she has the right

to withdraw said consent at any time by contacting the Company, but this will not affect any use of the Personal

Information that has already taken place.

2.3. The Company does not share any Personal Information with any company outside its own group, if applicable,

for marketing purpose, unless there is an express specific consent to do so.

2.4. For visitors to or users of the Website or Platform who are located in the European Union, the legal bases for

processing their information is published in the Legal Bases Table at the end of this policy under Clause 9.

3. Information Sharing.

3.1. The Company shares Personal Information with third parties that helps it operate, provide, support, improve,

and market its Platform, Website, products and services, for example third-party service providers who provide

website and application development, data storage and backup, infrastructure, payment processing, customer

support, business analytics, Anti-Money Laundering (''AML'') and Know Your Customer checks (''KYC'') and

other relevant services.

3.2. Third-party service providers have access to the Personal Information only for the purpose of performing their

services and in compliance with applicable laws and regulations. These third-party service providers are

required to maintain confidentiality and security of all Personal Information that they process on the

Company’s behalf and to implement and maintain reasonable security measures to protect the confidentiality,

integrity, and availability of any Personal Information.

3.3. The Company takes reasonable steps to confirm that all third-party service providers process Personal

Information in a manner that provides at least the same level of protection as is provided under this Privacy

Policy. Where any third-party service provider is unable to satisfy these requirements, any reasonable steps

to prevent or stop non-compliant processing will be taken.

3.4. The Company may share Personal Information on aggregated or de-identified basis with third parties for

research and analysis, profiling, and similar purposes to help the improvement of products and services.

3.5. If the Users use any third-party software in connection with our products or services, for example any third

party software that the Platform integrates with, third-party software provider can gain access access to the

Personal Information. Policies and procedures of third-party software providers are not controlled by the

Company, and this Privacy Policy shall not cover how any Personal Information is collected or used by third

party software providers. The User is encouraged to review the privacy policies of third-party software

providers before using third-party software.

3.6. The Platform or Website may contain links to third-party websites over which the company has no control. If

the Users follow a link to any of these websites or submit information to them, any Personal Information will

be governed by their policies. We encourage the User to review the privacy policies of third-party websites

before submitting any information to them.

3.7. The Company may share any Personal Information with government and law enforcement officials to comply

with applicable laws or regulations.

4. Information Storage

4.1. All Personal Information provided by the User is stored on the Company’s servers or on third-party servers to

which only the Company has access to within the boundaries of relevant laws and regulations.

4.2. The Company only retains Personal Information for so long as it is reasonably necessary to fulfill the purposes

they were collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

5. International Transfer of Information

5.1. The Company collects any Personal Information globally and transfers, processes, and stores any Personal

Information outside the User’s country of residence where the Company’s or any third-party service providers

operate for the purpose of providing the products and services.

5.2. Some of the countries in which the Company or third-party service providers are operating or are located may

not have the privacy and data protection laws that are equivalent to those in the User’s country of residence. When

Personal Information is shared with these companies or third-party service providers, use is made of contractual

clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of any Personal Information.

6. User’s rights

6.1. The User has the following right to:

6.1.1. be informed of what the Company does with the relevant Personal Information;

6.1.2. request a copy of relevant Personal Information the Company holds;

6.1.3. require the Company to correct any inaccuracy or error in any Personal Information held; 6.1.4.

request erasure of any relevant Personal Information, except the one held for record keeping purposes,

to complete transactions, or to comply with legal obligations);

6.1.5. object to or restrict the processing of any relevant Personal Information (including for marketing

purposes);

6.1.6. request to receive some of the relevant Personal Information in a structured, commonly used, and

machine readable format, and request that it is transferred to another party; and

6.1.7. withdraw consent at any time where the Company is relying on consent to process the relevant

Personal Information (although this will not affect the lawfulness of any processing carried out before such

consent withdrawal).

6.2. The Platform enables Users to update certain information about themselves.

6.3. The User may opt out of receiving marketing materials from the Company by expressly contacting it. However

the User will continue to receive notifications or information that are necessary for the use of the Company’s

products or services.

6.4. As a security measure, the Company may need specific information from the User to help confirm his/her

identity when processing any privacy requests or when you exercise the rights stated in this Clause.

6.5. Any request under paragraph 6.1 will normally be addressed free of charge. However, the Company may

charge a reasonable administration fee if the request is clearly unfounded, repetitive, or excessive.

6.6. The Company will respond to all legitimate requests approximately within one (1) month. Occasionally, it may

take longer than one (1) month if the request is particularly complex or if the users have made a number of

requests.

7. Policy Changes

7.1. The Company reserves the right to amend this Privacy Policy from time to time by posting the updated Privacy

Policy on the Platform or Website. By continuing to use the Company’s Platform and/or Website after the changes

come into effect, the User agrees to be bound by the revised policy.

8. Children Privacy Policy

8.1. The Company’s products and services are not directed or intended for individuals not major of age in their

Country of residence. The Company does not knowingly collect any personal information from individuals not

major of age and if this will be detected, steps will be taken to delete such information.

9. European Union Users - GDPR

9.1. If the User is visiting the Company’s Website or using the Platform from the European Union (''EU''), that may

differ from privacy laws under other jurisdictions. The User acknowledges that he may be transferring relevant

Personal Information to the Company for storage and processing in other Countries around the world for the

purposes described under this Privacy Policy. The Company takes the utmost care in protecting any relevant

Personal Information and have put in place adequate mechanisms to protect it when it is transferred

internationally.

9.2. The Legal Basis for collecting and using any relevant Personal Information if the User is a Citizen or resident

of the EU, will depend on the Personal Information concerned and the specific context in which it is collected:

• Performance of a contract. The use of any relevant Personal Information may be necessary to perform

the terms and conditions or other policies under which we provide our Services or operate our Website.

• Consent. The User consent is needed if technical information such as cookie data and geolocation data

is necessary; and any relevant Personal Information is used for marketing purposes. The User may

withdraw his/hers consent at any time by contacting the Company directly.

• Legitimate interests. The Company may use any Personal Information for its legitimate interests to

improve its Website, Platform or Services, for security purposes, and fraud prevention, and to share

information with any affiliates for internal administration. In such circumstances the Company ensures that

these interests are not overridden by the User’s data protection interests or fundamental rights and

freedoms.

9.3. Legal Basis Table

Processing purpose

Type of data processed

Legal basis

To register a User on the

Platform

Account Data

Contract performance

To enable the User to access

products and services

Account Data, Transaction Data,

Support Data, Technical Data

[and User Content]

Contract performance

To process User Payments or

other contributions

Account Data, Transaction Data,

Financial Data

Contract performance

To administer and maintain he

safety and security of the

Platform and Website

Technical Data

Contract performance

To study the usage of products

or services

Transaction Data, Support Data,

Technical Data, Usage Data

Legitimate interest to improve

the Platform and Website

To gather feedback on products,

services, or features

Account Data

Legitimate interest to improve

the Platform and Website

9.4. Rights under EU law:

If the User’s relevant Personal Information is subject to the protections offered by EU law, he/she may:

• Access, correct, update or request deletion of any relevant Personal Information, at any time by contacting

the Company using the contact details provided on the Website (in accordance with applicable data

protection laws); the Company may charge a reasonable fee for any manifestly unfounded, excessive or

repetitive requests;

• Object to the processing of any relevant Personal Information, ask the Company to restrict processing of

any relevant Personal Information or request portability of any relevant Personal Information for the

legitimate interests set out above. In certain circumstances the Company may not be able to stop using

the Personal Information, with motivated cause.

• Withdraw consent at any time if the Company collected and processed any relevant Personal Information

with consent;

• Opt-out of any marketing communications that the Company (or any third party to whom the Company

disclosed the Personal Information with consent) may send;

• Complain to a data protection authority about the Company’s collection and use of any relevant Personal

Information.

These rights apply only for Users who are subjected to EU law.

9.5. The Company is the Data Controller in relation to its Platform and Website and is responsible for any relevant

Personal Information. The User may contact the Company through its Website if he/she has any concerns about

this Policy and any relevant Personal Information.