Privacy Policy

This Privacy Policy (“Privacy Policy”) provides for the security measures we have implemented to protect and manage your Personal data, in accordance with applicable data privacy regulations listed below. We respect your privacy, and we are committed to protecting your personal data.

The privacy of your Personal data is important for us. We respect your rights to privacy and rights under GDPR are committed to complying with the requirements of GDPR in the collection and processing of your Personal data.

Privacy Policy explains how we use your Personal data in connection with usage of any of our products and services, access or use of the relevant areas of our Website, or when any agent provides your Personal data to us or any agent dealing with us on your behalf.

By using our products, services or our Website by our customer, he/she/it expressly agrees with this Privacy Policy and expressly consents to and agrees with Personal data processing as stipulated herein and by the applicable law.

All capitalized terms not otherwise defined elsewhere in Privacy Policy shall have the same meanings assigned to them in the Service Terms.

1. Definitions

The following terms has the meaning as defined below:

• controller of your Personal data means a legal entity that determines the purposes, conditions and manner of any processing activities that it carries out.

• customer means you as an individual if you use our Website, products or services, or a legal entity, where you act as a director, board member, employee, representative, or an owner or an ultimate beneficial owner etc.

• GDPR means the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced, or superseded and in force from time to time, and as transposed into member-state legislation.

• Personal data means any information which relates to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It does not include data where the identity has been removed (anonymous data).
• you, your means you, whether you visit our Website, use our products and services, or within our Website, contact us via digital methods of communication, or if our customer is a legal entity, means you acting as a director, board member, employee, representative, or an owner or an ultimate beneficial owner etc. of such legal entity.
• Website means https://thenumberx.com/ and/or any other website as we may operate from time to time.

2. Who we are

We are Number X Europe OÜ, registered at the legal address of Vesivärava tn 50-201, Tallinn, 10152, Estonia and/or Number X Ltd Level 7, 1 Canada Square, Canary Wharf, E14 5AB, London, UK (“Company”, “we”, “us” or “our”) being Personal data controller and is responsible for the processing of your Personal data.

Please note that all residents of the United States of America are considered as the customers of our US-based company: Number X LLC, 360 NW 27th St., 8th Miami, Florida, 33127, USA. If you are a U.S. resident, please go to the section US Privacy Policy and CCPA/CPRA Privacy Notice to familiarize yourself with the rules that apply to you.

Company provides products and services via Website.

3. What do we offer?

Our Website, the Service Terms contain detailed information about our products and services we offer.

We only use Personal data for the purposes specified in Privacy Policy. We only transfer your Personal data to third parties if it is needed as set forth below.

4. Personal data regime. Purpose of Personal data processing

We highly respect your privacy. Privacy Policy contains important information regarding processing, namely, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure etc. of your Personal data collected on Website or otherwise. We have developed Privacy Policy to assist you make an informed decision about whether or not to use our Website.

We reserve our right to update Privacy Policy from time to time and the most up to date version will be published on our Website. We shall not serve you, customer with a relevant notification of such update and continued usage of our Website and/or products, services will be taken to indicate your acceptance of the terms of this Privacy Policy insofar as it relates to our Website.

We process Personal data in scope being enough for the following purposes:

• Contractual Purpose. To enter into product, service agreement, its performance (which may require disclosure to relevant third parties as defined by us), for proper access to and quality improvement of features of our Website; to register a customer; to process and deliver our products and services and any Website, features to customer, including to execute, manage and process any instructions or orders our customer makes; to manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us;

• Analytical, operating, administration Purpose. To collect general and particular statistics of Website use, for sending communications, notices, updates, surveys; for customer service support and ancillary purposes; to collect statistics regarding use of our Website concerning visits and activities of customers, potential customers on our Website including the analytics services like Google Analytics etc. (this analysis helps us run our Website more efficiently and improve and personalise customer’s experience online); to keep our records updated and to study how customers use our products and services; to prevent abuse of our products and services and promotions; for compliance, quality assurance and training purposes; to manage our relationship with our customer which will include asking our customer to leave a review, take a survey or keeping our customer informed of our company's business and product development; to conduct research, compare information for accuracy and verification purposes, compile or analyse statistics relevant to the operations of our business;

• Marketing and Advertising Purpose. To send our customer welcome email following registration procedures; to send our customer occasionally our products and services updates, to manage relationship, evaluate business performance and build customers database; to contact our customer for surveys purposes, for other marketing purpose; for the direct marketing and promotional purposes; to advertise our products and services to our customers, potential customers and understand the effectiveness of the advertising we serve to our customers, potential customers. We could use your Personal data and decide which products, services and offers may be relevant for our customer.

• Compliance Purpose. To maintain accuracy of our records; to verify your Personal data for the purpose of managing our customer relationships and observing the Know Your customer (KYC) rules; to comply with legal and regulatory obligations with respect to Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), prevention of criminal activity and lawfully protect our legal interests, make relevant risk assessments and management; to use the services of financial institutions, banks, crime and fraud prevention companies, risk measuring companies; background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and resolving them;

• Communication Purpose. To contact the Customer for administrative purposes such as customer service, address technical or legal issues related to the products and service provided, or share updates and notifications about the products and services; to respond to customer’s requests and seek your feedback;

• Regulatory and Managerial Purpose. To facilitate our internal business operations, including fulfilment of any legal and regulatory requirements and monitoring, analysing and improving the performance and functionality of our Website and investigating breaches of or enforcement of any legal terms applicable to our Website; to protect our property, the Website or our legal rights including to create backups of our business records; to manage risk and protect our Website from fraud by verifying your identity and helping to detect and prevent fraudulent use of our Website.

We process Personal data only for purposes stipulated in Privacy Policy or those prescribed by the applicable law.

Legal basis for processing is:

• Processing is necessary for the entry into or performance of a contract between our customer and us (GDPR article 6 (1) (b)), for performance of the product, service agreement to which our customer is a party;

• A consent to the processing of Personal data (GDPR article 6 (1) (a));

• Processing is necessary for compliance with a legal obligation to which we are subject (GDPR article 6 (1) (c)), for compliance with a legal obligation to which we are subject, including, but not limited to, AML and CFT requirements;

• Processing is necessary for the purposes of the legitimate interests pursued by us (GDPR article 6 (1) (f)). We are processing Personal data for purposes set forth above under legitimate interest. As part of this, we must maintain and develop our Website, technical systems and IT-infrastructure, technical and organizational solutions that may also use your Personal data, in order to provide you with adequate products, services. We also process your Personal data for protection of your or another person vital interests;

• another basis prescribed by the law.

It may be impracticable to deal with you on an anonymous basis or using a pseudonym.

We may be able to provide you with limited information in the absence of your identifying yourself but generally we will be unable to provide you with any information, products and/or services unless you have identified yourself.

5. Types of Personal data

We classify our Personal data into the following three types:

5.1 Directly collected Personal Data

This refers to the information, which a customer directly provides us (e.g., by filling the website forms). We usually collect and store information including in paper, physical and electronic form provided by our customer when communicating with us by telephone, email, web-based form, letter, facsimile or other means, including, but not limited to, when:

• customer contacts us over the phone;

• we provide you with our services via telephone, email or our Website;

• we provide customer, potential customer with assistance or support for our products or services;

• customer participates in our functions, events or activities or on our social media pages;

• customer, potential customer requests that we provide information concerning our products or services;

• our customer uploads or submits information to us or our Website; or

• our customer completes any forms requesting information, including on registration with us, completes any survey or provides feedback to us concerning our products or services.

5.2 Indirectly collected Personal data

This kind of information relates to the customer, but he/she/it does not provide it directly (e.g., an IP address).

5.3 Automatically collected / generated Personal data

Our system collects this type of information automatically. Though such information isn't provided by a customer, it relates to you and according to the Article 4 (1) of the GDPR is considered to be Personal data. It has 2 subtypes:

• Static. This information doesn't usually change once it's created. For instance, an internal user id;

• Dynamic. This subtype changes based on the activities performed by you.

We also collect information from your computer or mobile device automatically when you browse our Website. This information may include Technical Data, Profile and Customer support data, Usage Data as detailed below.

The device you use to access our Website may collect information about you including your location using longitude and latitude coordinates obtained through GPS, Wi-Fi or cell site tri- angulation. For information about your ability to restrict the collection and use of such information, please use the settings available on your device.

We may use statistical analytics software tools and software known as cookies which transmit data to third party servers located overseas. To our knowledge, our analytic providers do not identify individual users or associate your IP address with any other data held by them.

6. What Personal data do we collect?

Depending on whether and how you use our Services, Website, we will collect, use, store and transfer different kinds of your Personal data, grouped in the following categories:

This information is not exhaustive, and is laid out to give you an idea about use of fundamental collected information. We will record all information collected and purposes for which we process that Personal data.

Furthermore, we treat certain categories of Personal data to be sensitive, and such sensitive data requires additional safeguards. We will only collect, use, store, and transfer your sensitive data if we can meet both the legal basis requirement and at least one of the required extra conditions.

The extra conditions include:

• circumstances prescribed by regulations: Personal data is processed in the conditions prescribed by regulations;

• information made public by you: the sensitive data has become public as a result of your actions;

• consent: you have provided your consent to the processing of your sensitive data.

• judicial proceedings: the processing is required for the purpose of or in connection with any legal proceedings, for seeking legal advice, or for establishing, exercising, or defending legal rights;

• public functions: the processing is necessary for the exercise of any functions conferred on any person by or under an enactment.

7. Lawfulness of Processing and Disclosure

You consent to these terms and conditions of processing of your Personal data. We take all reasonable means to ensure that your Personal data is treated securely and in compliance with this Privacy Policy, when we process your Personal data for one of the legal purposes specified in this Privacy Policy. We protect your Personal data under internationally recognized standards, employing physical, technological, and administrative security measures to minimize the risks of loss, misuse, unauthorized access, disclosure, and alteration. Firewalls and data encryption are among the measures we employ, as well as physical access controls to our data centers, and information access authorization controls.

We also limit access to Personal data only for those employees, contractors, advisors, auditors who require it to fulfil their job or service duties. Our employees, contractors are trained on procedures of Personal data processing, including limitations on the release of information. Access to Personal data is limited to those of our employees and contractors whose work needs it. We perform periodic evaluations to ensure that proper information processing policies and procedures are understood and followed. All of our physical, electronic, and procedural safeguards are designed to comply with applicable laws and regulations.

When you provide your Personal data over our Website, it is securely sent across the Internet using industry standard encryption. Your Personal data will be held encrypted on secure servers.

We will endeavour to take all reasonable steps to keep secure and protect any Personal data which we hold about you, including:

• using computer safeguards such as Secure Socket Layer (SSL) technology to ensure that your information is encrypted and sent across the Internet securely;
• placing password protection and access control over our information technology systems and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
• taking regular back-ups of our electronic systems.

Notwithstanding that we will take all reasonable steps to keep your Personal data secure, data transmission over the internet is never guaranteed to be completely secure. We do not and cannot warrant the security of any information you transmit to us or from any online services.

8. How we use Personal data for communicating with you and direct marketing

We may communicate with you by phone, email, SMS or push notification, to inform you about existing and new products and services that may be of interest to you.

We will ensure that any email we send as direct marketing complies with the GDPR and contains an ‘unsubscribe’ option so that you can remove yourself from any further marketing communications. To opt-out of communications via SMS, reply with “STOP”. You may decline marketing messages sent by push notifications by refusing the relevant permission in your phone or tablet settings, however this setting will prevent you from receiving other messages from us via push notification. You may also opt-out of receiving marketing materials from us using the contact details set out below.

You can also call or write to us to request that your details be removed from our direct marketing list. We will endeavour to remove your details from our direct marketing list within a reasonable time (ordinarily 5 working days).

Our direct marketing list may be operated by software and servers located overseas and your Personal data may be sent overseas as part of our marketing.

We will also send communications that are required or necessary to send to users of our Website that contain information about important changes or developments to or the operation of the Website or as well as other communications you request from us. You may not opt out of receiving these communications but you may be able to adjust the media and format through which you receive these notices.

9. Third Parties

We have taken steps to ensure that third parties engaged by us in processing your Personal data, have suitable technical and organizational measures in place to protect this Personal data, and we will also ensure that they are GDPR compliant. We have taken steps to ensure that third parties engaged by us, protect the confidentiality and security of Personal data, and ensure that Personal data is processed only for products, service providing and in compliance with applicable law.

We may transfer your Personal data to third parties such as:

• to our related entities, employees, officers, agents, contractors, other companies that provide services to us, sponsors, government agencies or other third parties to satisfy the purposes for which the information was collected or for another purpose if that other purpose is closely related to the primary purpose of collection and an individual would reasonably expect us to disclose the information for that secondary purpose;

• to third parties who help us analyse the information we collect so that we can administer, support, improve or develop our business and the products, services we provide to a customer;

• to merchants and the recipients of funds to identify you as the sender of the funds and to a party whom sends you funds in connection with a transfer to you of funds;

• legal and regulatory authorities to whom we are obligated to disclose your Personal data under the law, AML and CFT requirements; agencies that deal with law enforcement; entities in cases of fraud or collusion prevention, identity verification, payment processing, credit reference; banks/financial institutions; courts;

• identification and verification service providers engaged by us for customers, your verification, performance of AML and CFT requirements, as well as other software service providers who assist us to provide products, services we provide to customers;

• to our professional advisers such as consultants, bankers, professional indemnity insurers, brokers and auditors so that we can meet our regulatory obligations, and administer, support, improve or develop our business;

• server hosts, which store our data, communication service providers, which help us stay in touch with you;

• to third parties, including those in the blockchain and fintech industry, marketing and advertising sectors, to use your information in order to let you know about products and services which may be of interest to you in accordance with GDPR;

• banking, financial service providers, helping us in products, services to our customer;

• to debt recovery agencies who assist us with the recovery of debts owed to us;

• to any other person, with your consent (express or implied);

• to facilitate the sale of all or a substantial part of our assets or business or to companies with which we propose to merge or who propose to acquire us and their advisers; and

• other third parties which services, facilities we use, in order to provide our Services and deal with certain processes necessary for the operation of the Website, perform internal procedures and law requirements.

In addition to the above recipients, we will disclose your Personal data if we are required to do so under law or if the disclosure is made in connection with either the normal operation of our business in a way that you might reasonably expect, for example, if such disclosure is incidental to IT services being provided to our business or for the resolution of any dispute that arises between you and us. This disclosure may involve your Personal data being transmitted overseas.

In the event of a proposed restructure or sale of our business (or part of our business) or where a company proposes to acquire or merge with us, we may disclose Personal data to the buyer and their advisers without your consent subject to compliance with GDPR. If we sell the business and the sale is structured as a share sale, you acknowledge that this transaction will not constitute the ‘transfer’ of Personal data.

Personal data shall not be processed (or cause to be processed) in a country that has not been designated by the European Commission as providing an adequate level of data protection unless it has put in place such measures as are necessary to ensure such transfer is in compliance with Personal data protection laws, except where otherwise required by applicable law.

We are obliged to disclose your Personal data in following cases:

• in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements;

• to protect, establish, or exercise our legal rights or defend against legal claims, including to collect a debt; to comply with a subpoena, court order, legal process, or other legal requirement;

• when we believe in good faith that such disclosure is required to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of Service Terms;

• to third parties in case of: merger, restructuring, joint venture, assignment, sale part of the business or the whole business.

If we are acquired or merged with a third-party entity, we reserve the right to transfer or assign the data we have collected from our customers as part of such merger, acquisition, sale, or other change of control. If we become involved in a merger, acquisition, or any form of sale of some or all our assets, we will notify customers, you before Personal data is transferred and become subject to a different privacy policy. We may not be able to control how your Personal data is treated, transferred, or used in the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights in general.

10. Where do we store Personal data?

Please note that we use our own and third party computer servers including our Website hosts, data backups and payment gateway(s), which may be located overseas and your Personal data will likely be stored and transmitted overseas as part of the normal operation of our business. To ensure the security and privacy of your Personal data, we take measures designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction.

11. How long do we store Personal data?

We store Personal data within the term of its processing by us, third parties engaged by us for Services providing, and additionally 5 years after cession of products, services providing, unless longer term is required by the applicable law.

12. Breaches Notifications

In case of Personal data breach, we shall notify the supervisory competent authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless Personal data breach is unlikely to result in a risk to the rights and freedoms of individuals.

If we become aware of a security breach, we may seek to notify you electronically so that you can take appropriate preventive measures. If a security breach occurs, we may make a notice on Website.

When Personal data breach is anticipated to result in a high risk to customers’, your rights and freedoms, we will inform you.

13. Your Rights

13.1 Obtain confirmation

You have the right to request confirmation that Personal data pertaining to you is being processed.

13.2 Access Personal Data

You have the right to access such data, or ask us to provide a copy of your Personal Data processed by us (GDPR, Article 15).

13.3 Request of information

You have the right to request the following additional information concerning your Personal data:

• the purposes of the processing;

• the categories of Personal data concerned;

• the recipient(s) or category(ies) of recipient to whom/which Personal data have been or will be disclosed;

• the criteria determining the period for which Personal data will be stored etc.

13.4 Request rectification

You have the right to rectify Personal data in case the data is incorrect or incomplete (GDPR, Article 16).

13.5 Right to Withdraw Consent for Data Processing

You are entitled to withdraw the consent granted for the processing of Personal data at any time (GDPR, Article 7). Withdrawal does not affect the lawfulness of the processing conducted before the withdrawal. If you withdraw your consent, we may not be able to provide certain products, services to you, but we will advise you if this is the case at the time you withdraw your consent;

13.6 Right to erasure

Sometimes called Right-to-be-forgotten (GDPR, Article 17). You have the right to revoke previously provided consent and have the Personal data erased from our system. In this case, third parties will no longer have access to your Personal data.

However, it does not mean that your data will be erased immediately; it will still be stored at our facility in order to comply with numerous statutory obligations, specifically a provision of the GDPR regulations, AML and CFT requirements, under which we are required to store any collected information for a minimum period of 5 years from relations termination, for the purposes of the prevention, detection, analysis and investigation of money laundering or funding of terrorism activities. Your Personal data will be erased from our records after this period has elapsed.

13.7 Restrict processing

You have the right to ask us to restrict the processing of Personal data in case the data is incorrect or incomplete or in case Personal data is processed unlawfully (GDPR, Article 18).

Nevertheless, the AML/CFT Regulations require us to store your Personal data for at least 5 years after the end of the relationship between us and a customer. Biometrics are processed and stored so long as the other Personal data as set forth in this Privacy Policy. This period may be further extended in certain cases if so provided by and in accordance with the applicable legislation. Upon amendment or removal of your Personal data, it is archived and safekept separately from processed Personal data.

13.8 Receive Personal data

You have the right to receive Personal data concerning you provided to us, in a structured, commonly used and machine-readable format.

We are obliged and have provided all the information which you have right to receive (GDPR, Article 19). This Privacy Policy concludes all the information and is available to you on our Website at any point of time.

13. 9 Have Personal data transmitted

You have the right to have Personal data transmitted directly from one controller to another, where technically feasible (GDPR, Article 20). You may request the transfer Personal data to you or to a third party, and we will provide to you, or a third party you have chosen (where technically feasible), your Personal data; note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

13.10 Right to Object

You have the right to object (GDPR, Article 21), on grounds relating to your particular situation, where there is a reason to believe that we have no lawful grounds for processing Personal data, at any time to processing of Personal data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

13.11 Requests and Complaints

If you have any queries in relation to this policy, you wish to access or correct the Personal data we hold about you, or make a complaint, please contact us in writing at:

Email: [email protected]; or

Mail: Privacy Officer

Number X Europe OÜ

Vesivärava tn 50-201,

Tallinn, 10152

Estonia

You have the right to file complaints regarding processing of your Personal data to our Privacy Officer as set forth above.

We aim to acknowledge receipt of all privacy complaints from you within 5 working days and resolve all complaints within 30 business days. Where we cannot resolve a complaint within that period, we will notify you of the reason for the delay as well as advising the time by which we expect to resolve the complaint.

In order to disclose information to you in response to a request for access we may require you to provide us with certain information to verify your identity. GDPR may prescribe exceptions which may affect your right to access your Personal data.

In the event that you believe that there has been a breach of GDPR, we invite you to contact us as soon as possible.

If you are not satisfied with our handling of a complaint or the outcome of a complaint you have the right to lodge a complaint with an appropriate authority:

Estonian Data Protection Inspectorate

39 Tatari St., 10134 Tallinn

telephone (from abroad add +372) 627 4135

e-mail [email protected]

Website: https://www.aki.ee/en

Should we lawfully receive your Personal data from a third party, you will have the same rights regarding information in question as related to information you provided to us directly or we have collected during cooperation with you.

14. Implementation of changes

Our Privacy Policy is reviewed and updated on a regular basis to ensure that any new obligations and technologies, as well as any changes to our business operations and practices, are taken into account, as well as that it remains abreast of the changing regulatory environment. Any Personal data we store will be subject to our most recent Privacy Policy.

If we decide to update our Privacy Policy, we will post those changes here and other places we deem necessary.

If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, in some cases, may provide you with additional notice (such as adding a statement to the Website homepage or sending you a notification). We recommend you review the Privacy Policy whenever you access our Website or otherwise interacts with us to stay informed about our information practices and the ways you can help us to protect your privacy.

15. Use of Cookies

When you visit our Website or the website of any of our partners, we and our partners may use cookies and other tracking technology (“Cookies”) to recognise you and customise your online experience. Cookies are small files that store information on your computer, mobile phone or other device. They enable us to recognise you across different websites, services, devices and/or browsing sessions. Cookies also assist us to customise online content and advertising, save your preferences for future visits to the Website, measure the effectiveness of our promotions, prevent potential fraud and analyse your and other users’ interactions with the Website.

If you do not wish to grant us the right to use cookies to gather information about you while you are using our Website, then you may set your browser settings to delete, disable or block certain Cookies.

You may be requested to consent to use of Cookies when you access certain parts of our Website, for example, when you are asked if you want the Website to “remember” certain things about you.

Certain aspects and features of the Website are only available through use of Cookies. If you disable Cookies, your use of the Website may be limited or not possible or parts of our Website may not function properly when you use them.

16. Conclusion

Please acknowledge, by implementing some rights given by GDPR (erasure, stop processing), you will be deprived of some features of the Website, and in some cases, where applicable, we may be forced to close your access to our Website. Despite the rights exercised by you, we anyway could proceed with your Personal data processing, if required by law.

We are committed to protecting the privacy of Personal data and make every effort to disclose the processing details clear and simple to understand.

Should you have any questions concerning the information above, please, don't hesitate to contact us as set forth above.

US Privacy Policy and CCPA/CPRA Privacy Notice

This US Privacy Policy and CCPA/CPRA Privacy Notice (“US Privacy Policy”) provides for the security measures we have implemented to protect and manage the Personal data of USA residents and who are Number X LLC, 360 NW 27th St., 8th Miami, Florida, 33127, USA (hereinafter - “Number X”, "we", "us" or "our") customers, in accordance with applicable data privacy regulations listed below. We respect your privacy, and we are committed to protecting your personal data.

If you are a California resident, you can learn more about how we use your information and your privacy rights by reviewing the CCPA/CPRA Privacy Notice below.

1. Policy Statement

Protecting and securing information and the systems that process and maintain Number X’s data is a critical part of our operations. Your data, intellectual property, and partner information stored and supported by Number X’s information systems is vital to our success. Number X shall protect the confidentiality, integrity, availability and safety of your Personal Information, regardless of how the information is created, distributed, or stored. Security measures will be tailored accordingly so that cost-effective controls can be applied commensurate with the risk and sensitivity of the information and systems, in accordance with all statutory, regulatory, and contractual obligations. This US Privacy Policy will always be posted on our Website, so you will remain informed. Number X reserves the right to change, amend or revise this US Privacy Policy at any point in our sole discretion.

2. General

Number X is committed to protecting and respecting your privacy. This US Privacy Policy governs Number X’s collection, processing, and use of all US residents’ Personal Identifying Information. You acknowledge and understand that by visiting, accessing our Website or using the services of Number X, you consent to the policies and practices stated in the US Privacy Policy. You also agree that the US Privacy Policy is subject to the terms and conditions set forth in the Service Terms.

To best understand this US Privacy Policy, please find some basic definitions which will assist in your reading of the US Privacy Policy:

Personal Identifying Information: ("Personal Information" or "PII"): means any information relating to an identified or identifiable natural person (i.e. "Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, economic, cultural or social identity of that natural person (e.g. your name, address, email address, tax identification number, etc.)

Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of Consumers' personal information, that does business in the State of California.

CCPA and/or CPRA refers to the California Consumer Privacy Act (the "CCPA") as amended by the California Privacy Rights Act of 2020 (the "CPRA").

Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

For the purposes of the CCPA/CPRA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

Data Subject: means an identified or identifiable person or entity.

Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information.

Data Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.

Website: means any Website under common ownership or control of Number X used for providing our services to you.

Third Party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Personal Data Processing: any operation or set of operations performed on personal data (e.g., collection, storage, use, disclosure erasure).

IP Address: a unique string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over a network.

Pseudonymization: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Information are not attributed to an identified or identifiable natural person.

Definitions and interpretations not included in this Section should be checked in the Service Terms and other policies available on the Website. In cases where some definitions are not explained on the Website, you should interpret them according to the definitions provided in applicable laws. If you are not sure what some definitions mean, feel free to contact us by sending an email to [email protected] for assistance.

3. Purpose

The purpose of this US Privacy Policy is to inform you of your rights as a customer of Number X. Your privacy is important to us, and we believe it is fundamental that you understand what Personal Information we collect, why we collect it, as well as how we use and store it. Specifically, this US Privacy Policy is meant to inform you:

• Who is Number X and how we may work with you

• What Personal Information we may collect from you

• Why we are collecting this Personal Information from you

• How we process and utilized your Personal Information

• Your rights to access, amend, or request records of your Personal Information

• How we secure your Personal Information when working with third party vendors

• The security procedures we use to protect your Personal Information

• How we store your Personal Information and how long we retain it

• To inform you about marketing and our official pages on social media

• To aware you of external links, fraud/phishing/email scam, unsolicited submissions, and changes to this US Privacy Policy

• How to contact Number X, or our regulators, to register a complaint in regard to the management or security of your Personal Information.

4. Number X

Number X LLC 360 NW 27th St., 8th Miami, Florida, 33127, USA launched in the United States to broaden the reach of the Number X related services and service residents in the United States in a safe and regulated manner. Number X is a cross-border Merchant of record for global digital businesses.

Founded in 2022, we believe that every cross-border business should be able to scale as fast as a local business, without any regulatory and tax hurdles.

Number X offers ecommerce companies a completely different approach to distribution of digital goods. Instead of maintaining a complex payment infrastructure, we cover every aspect of payment processing on target markets, taking away 100% of the pain of regulations, taxes, chargebacks, user support, and interaction with local authorities. It’s faster, safer and simpler.

5. Gathering and Use of Personal Information

5.1. Information we collect

As a US based entity, Number X is mandated to collect Personal Information for all users seeking its services in any capacity. This US Privacy Policy in conjunction with our Service Terms governs the use of the information we collect.

Consistent with our obligations, when you order our services or visit our Sites, we will ask you to provide information to verify your identity. Please note if you refuse to provide this Personal Information, we will not be able to provide our services to you.

The types of Personal Information for an individual customer which we collect may include:

• Full legal name

• Proof of identity (e.g. driver’s license, passport, or government issued ID)

• Address

• Mobile phone number

• Email address

• Date of birth

• Internet Protocol (“IP”) address, internet browser and operating system information, geolocation details

• Banking details, including account number, routing number and payment card data

• Employment details

• Information to corroborate the stated source of your funds

• Photographic images, which may include video footage

• Additional Personal Information at the discretion of our Compliance and Legal Department.

• Institution or corporate legal name and "doing business as" ("DBA") name

• Employer Identification Number ("EIN"), Tax Identification Number ("TIN") or similar

• Full legal name of all authorized account customers and beneficial owners

• Email addresses of all authorized account customers

• Mobile phone numbers of all authorized account customers

• Contact information of all authorized account customers and beneficial owners

• Proof of identity (e.g. driver’s license, passport, or government issued ID) of all authorized account customers and beneficial owners

• Personal Information for each authorized account customers and beneficial owners

• Proof of legal existence (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable)

• Proof of beneficial ownership (e.g. operating agreement, share registry, capitalization table, schedule K-1, or other comparable legal documents as applicable)

• Additional business records at the discretion of our Compliance and Legal Department.

We require your Personal Information only for the purposes of providing to you the services requested from Number X and to satisfy the legal requirements from our obligations. If you refuse to share your Personal Information, we will not be able to provide our services to you. We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our systems, and detect fraud and security threats within the normal course of our business. Such third-party service providers are subject to strict confidentiality obligations. Additionally, we may be compelled to share your Personal Information with law enforcement, government officials, and regulators.

5.2. Purposes of using Personal Information

Reasons we can share your personal information include:

• To provide and maintain our services;

• To manage your account: to manage your registration as a customer of the service(s);

• For the performance of a contract;

• To contact you;

• To provide you with special offers and general information;

• To manage your requests;

• To ensure security of your account;

• To comply with legal obligation purposes such as tax reporting;

• To provide you with information about products and promotions that may be of interest to you;

• For market research;

• For business transfers;

• For other purposes: we may use your Personal Information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service(s), products, services, marketing, and your experience.

You can limit the dissemination of your Personal Information regarding special offers and general information, information about products and promotions, market research and other purposes.

6. Tracking Technologies and Cookies

Number X uses cookies and similar tracking technologies to track the activity on our Website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Website. The technologies we use may include:

6.1. IP Addresses

We may collect information about your computer or device used to access our Website, including your IP address, operating system and browser type. Such information is collected for the limited purposes of; system administration, to report aggregate information for our internal statistics, to ensure that you are in a jurisdiction which we are authorized to operate, and to ensure that your account has not been compromised by detecting irregular or suspicious logins or transactions.

6.2. Web Beacons

Certain sections of our service(s) and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users and customers who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

6.3. Cookies

Number X uses a browser feature known as a "cookie", which assigns a unique identification to your computer. Cookies are typically stored on your computer's hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our Sites, analyze trends, and administer the Website. The information collected from cookies allows us to determine such things as which parts of our Website are most visited and difficulties our visitors may experience in accessing our Website. With this knowledge, we can improve the quality of your experience on the Website by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails and to provide you with a more personalized experience when using our Website. We may use third party service provider(s), to assist us in better understanding the use of our Website. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Website, what products are browsed, and general transaction information. Our service provider(s) analyzes this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Website and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Website. Our service provider(s) is/are contractually restricted from using information they receive from our Website other than to assist us.

You may control the cookies through your browser settings. We use both session and persistent cookies for the purposes set out below:

Necessary / Essential Cookies Type: Session Cookies Administered by us with purpose: these cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate customers and customers and prevent fraudulent use of their accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Cookies Policy / Notice Acceptance Cookies Type: Persistent Cookies Administered by us with purpose: these cookies identify if you have accepted the use of cookies on the Website.

Tracking and Performance Cookies Type: Persistent Cookies Administered by third parties with purpose: these cookies are used to track information about traffic to the Website and how you use the Website. The information gathered via these cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these cookies to test new pages, features, or new functionality of the Website.

6.4. Analytics

Number X uses Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the website and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online resources. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (gtm.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

7. Disclosure of Personal Information

The Personal Information we collect and the practices of using such information as described herein are done for the purposes of providing you with the best customer experience possible, as well as protecting you from the risk of fraud and improper use. The Personal Information collected is sought to best serve you as the customer and to continue to maintain and improve Number X to meet your needs.

7.1. Third-Party Service Providers, Regulators, Law Enforcement

Number X may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our Website and systems, and detect fraud and security threats throughout the normal course of our business. Any third party which receives or has access to your Personal Information is required to protect such Personal Information and only to use it for the limited purposes necessary to carry out the services they are explicitly contracted to provide. Such third parties, aside from law enforcement or regulatory authorities, are contractually bound by the same security and confidentiality policies and responsibilities as Number X. Number X does not sell customer Personal Information to third-parties for the purposes of marketing.

We ensure that all third-parties are bound by obligations under the US Privacy Policy. Number X represents that we will only enter into contracts with future third parties that are bound by terms no less protective than the obligations of this US Privacy Policy and are consistent with all applicable data protection laws. Number X will keep records of all transfers of Personal Information to third parties. Records of these transfers may be provided to you, upon request.

7.2. Change in Ownership

Number X may share your Personal Information with financial institutions, insurance companies or other companies in an anonymized format to an interested buyer or seller of the business or business assets. In the case of a merger, divestiture, corporate reorganization, or asset sale of the business, we will notify you prior to the non-anonymized transfer of your Personal Information. Similarly, we will notify you if through such an event you would become subject to a different privacy policy. We encourage you to exercise all of your rights regarding the sharing of your Personal Information.

7.3. Staff Non-Disclosure of Personal Information

Our staff is subject to strict confidentiality policies that prevent the disclosure of your Personal Information for any purpose outside the scope of their responsibilities. Our staff will not disclose any of your Personal Information to any unauthorized entity or individual, except in circumstances detailed in the Privacy Policy herein.

8. Your Rights

You have the right to access your Personal Information. If you are located in the United States, European Economic Area, or the Channel Islands and have questions regarding the processing, use, or storage of your Personal Information, you may contact us at [email protected] at Number X LLC 360 NW 27th St., 8th Miami, Florida, 33127, USA.

8.1. Requesting Your Personal Information

If you choose to submit a written request for your Personal Information to [email protected] we will provide you with a copy of all of your all the Personal Information retained by Number X . Additional minimal charges may be incurred by you to offset administrative costs associated with providing you additional copies of your Personal Information.

8.2. Updating or Amending Your Personal Information

At any point you may correct, update, amend or revise your Personal Information by sending an email to [email protected] When possible, you may be required to update your Personal Information on your account profile page by logging into our Website. To ensure the accuracy and integrity of your Personal Information we may request additional Personal Information and/or identification documentation. If you refuse to provide the Personal Information requested, we reserve the right to not provide our services to you.

8.3. Removing Your Personal Information

At any point, you may also request the closure of your account. Upon closure, your Personal Information will only be stored by Number X to satisfy our obligations. We are required to store customer records for a period of five years after the closure of the account.

8.4. Automated Data Processing

In order to efficiently provide Number X’s services to you, we employ a series of automated processing systems to reduce the risks of fraud, money laundering and/or abuse of our services. Through these automated systems, we carry out an analysis of your identification, transactional and behavioral patterns based on the information provided to us. If you do not wish this automated processing to be carried out, please contact us at [email protected] and we will review your application manually. Increased wait times may apply for applications that are processed manually.

9. Security

Number X have implemented technical and organizational security measures to ensure the confidentiality, integrity and accountability of your Personal Information. Through a constant process of reevaluation and testing we pride ourselves on our abilities to protect your Personal Information from loss, misuse, manipulation or destruction. Examples of measures we take to protect your Personal Information include:

• Pseudonymization and TLS 1.3 encryption of personal data

• Access control

• The ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services

• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

• Only authorized personnel, who are subject to strict confidentiality agreements, have access to your Personal Information.

Number X conducts testing and evaluations of our technical and organizational measures effectiveness on a regular basis. Technical and organizational security measures will be reviewed on a rolling basis to consider all legal and technical developments. Additionally, we perform ongoing due diligence on third-party vendors which may have access to your Personal Information.

In the event of a data breach or the failure of our security measures, we will notify you immediately. Number X may retain a data protection and breach notification security advisory firm which monitors all applicable reporting requirements for the United States and other jurisdictions which we operate.

10. Retention of Personal Information

10.1. Your Personal Information is held on servers located in the European Economic Area at some of the most secure facilities in the world.

Access to this information is under strict access controls. Members of Number X staff whose offices are outside of the United States or European Economic Area are under strict contractual obligations to adhere to the same principles of data security and processes as those within the European Economic Area and United States.

10.2. We do not store your payment method, unless you create an account to conduct future transactions.

The payment method information that you provide to make instant digital asset purchases are passed through a third-party payment processor which is based in the European Economic Area and bound to the same regulations as Number X. Additionally, Number X has contractual agreements with the payment processors to further safeguard your rights. We are required to store Personal Information associated with a transaction for a period of five years after the transaction is processed.

11. Marketing Data Processing, Advertising and Social Pages

11.1. We may use your Personal Information for marketing purposes if you provide your consent during registration or post-registration by checking marketing preferences boxes in your account profile page.

Additionally, we may notify existing customers about our products or services that are similar to those we have already provided based on our legitimate interest.

11.2. You have the right to withdraw your consent for us to process your Personal Information for marketing purposes.

To exercise this right, you can uncheck the marketing preferences boxes in your account profile or contact us at [email protected]

11.3. We maintain a strong presence on various social media platforms to stay connected with our customers and keep them updated on our latest developments.

Our social fan pages include LinkedIn, Telegram and Instagram.

Here is the list of our social pages:

LinkedIn - https://www.linkedin.com/company/number-x-usa/

Telegram - https://t.me/numberx_uk

Instagram - https://www.instagram.com/numberxdigital/?igshid=MzRlODBiNWFlZA%3D%3D

Please verify that you are on the correct website, to do it you can use the links provided above to access these pages directly.

11.4. We encourage our customers to follow and engage with us on our social media pages.

However, please note that any information shared on these platforms is subject to the respective social media platform's privacy policy and terms of service. We do not have control over the information collected by these platforms and are not responsible for their actions.

11.5. We may use social media advertising to promote our services and reach a wider audience.

Such advertising may involve the use of cookies or similar technologies to collect data about your browsing behavior. If you do not wish to receive targeted advertising from us, you can adjust your social media platform's settings or opt-out of targeted advertising by following the instructions provided by the respective social media platform.

11.6. Please note that any content posted by you on our social media pages is subject to the respective social media platform's terms of service and community guidelines.

We reserve the right to moderate or remove any content that violates these guidelines or our company policies.

12. Miscellaneous

12.1. External Links

This US Privacy Policy applies only to our Website. There may be links on our Website that will direct you to websites hosted by third-parties. Accessing those third-party sites will require you to leave our Website. Once you have left our Website, this US Privacy Policy will no longer apply.

We do not control third-party sites or any of the content contained therein. You acknowledge that by leaving our Website, Number X is not responsible or liable for any of those third-party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, for each site that you visit.

12.2 Fraud, Phishing and Email Scam Disclaimer

Customer support is only provided through the Number X Website and is always provided free of charge. Number X will never ask you your password.

If you discovered what you believe is fraud, phishing, or a scam which impersonates Number X, please email us at [email protected]

12.3 Unsolicited Submissions

Any unsolicited information, documents or materials submitted to Number X, by you or anyone acting on your behalf, will not be entitled to the protections contained in the US Privacy Policy. Number X is unable to consent to the obligations, confidentiality or nondisclosure for any unsolicited information you submit to us. By submitting unsolicited information, regardless of the medium of communication, you acknowledge that such information or materials will not be considered confidential or proprietary.

12.4 Changes

Number X reserves the right to change the US Privacy Policy at any point to meet our changing needs and regulatory requirements. As always, our latest version of the US Privacy Policy will be posted herein. We will also take all reasonable steps to notify customers of any changes to the US Privacy Policy, by way of notifications on the website, mobile application, or email to all customers.

13. Contact Information

13.1 Protection of Personal Information in the United States

As an United States entity, Number X has many methods which ensure that your Personal Information is protected. If you would like to contact the regulators directly regarding concerns with this US Privacy Policy, you may contact them at:

Federal Trade Commission: https://www.ftc.gov

Consumer Financial Protection Bureau: https://www.consumerfinance.gov

Department of Commerce: https://www.commerce.gov

13.2 Feedback and Resources

Tell us how we can improve, or if you have any questions, comments, or concerns regarding our US Privacy Policy, please send us an email at [email protected]

CCPA/CPRA Privacy Notice

Number X LLC 360 NW 27th St., 8th Miami, Florida, 33127, USA (hereinafter "we", "us" or "our") are committed to protecting and respecting your privacy.

This Privacy Notice for California Residents supplements the information contained in our US Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California (hereinafter, "User", “Consumer”, "you" and derived).

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months. Please note that the categories and examples provided in the list below are those defined in the California Consumer Privacy Act / California Privacy Rights Act. This does not mean that all examples of that category of personal information were in fact collected by us but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. Please note that only certain categories of personal information would only be collected if you provided such personal information directly to us. Additionally, please be aware that some information is collected automatically.

1. Identifiers, such as your real name, user ID, postal address, email address, a copy of your identification (such as your driver’s license or passport), your social security number and/or other government identification or registration data, IP address, domain name, and other similar identifiers.
2. Personal Information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)):
• Financial information, such as bank account information, routing number;
• Transaction Information, such as public blockchain data;
• Credit and Fraud Information, such as credit investigation, credit eligibility, identity or account verification, fraud detection, or as may otherwise be required by applicable law;
• Correspondence, such as information that you provide to us in correspondence, including account opening and customer support;
• Institutional Information, such as for institutional customers, we may collect additional information, including institution’s legal name, Employer Identification Number (“EIN”) or any comparable identification number issued by a government, and proof of legal existence (which may include articles of incorporation, certificate of formation, business license, trust instrument, or other comparable legal document);
• Device Information, such as hardware, operating system, browser, device model, screen width, screen height;
• Telephone number;
• Usage Data, such as system activity, internal and external information related to Number X web pages that you visit, clickstream information;
• Additional Information, as permitted by law or required to comply with legal obligations, which may include criminal records or alleged criminal activity, or information about any person or corporation with whom you have had, currently have, or may have a financial relationship. Personal Information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned.
3. Commercial information, such as information about your transactions and transaction history, account balances.
4. Internet or other Electronic Network Activity Information, such as information related to browsing history, search history, and information regarding a consumer’s interactions with Number X website, or advertisement.
5. Geolocation data to the extent we need to verify your location for anti-fraud purposes depending on the Services provided and your use of them.
6. Sensory data: audio, electronic, visual, thermal, olfactory, or similar Information, such as images and videos collected for identity verification, audio recordings left on answering machines.
7. Biometric Information, such as scans of your face geometry extracted from identity documents.
8. Professional or employment-related information, such as your occupation, source of funds.
9. Inferences drawn from the above information, which may include inferences about preferences, characteristics, and behavior.
10. Sensitive Personal Information, such as government-issued verification numbers (i.e. Social Security Number or equivalent, driver’s license number, passport number), and biometric information (i.e. scans of your face geometry extracted from identity documents).

We collect this personal information to underwrite and set up your account, as well as to provide and promote our Services to you.

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources. Directly from you: for example, from the forms you complete on our Website, preferences you express or provide through our Service, or from your purchases on our Website. Indirectly from you: for example, from observing your activity on our Website. Automatically from you: for example, through cookies we or our Service Providers set on your Device as you navigate through our Website. From Service Providers: for example, third-party vendors to monitor and analyze the use of our Service, third-party vendors to provide advertising on our Service, third-party vendors to deliver targeted advertising to you, third-party vendors for payment processing, or other third-party vendors that we use to provide the Service(s) to you.

Use of Personal Information

We may use or disclose personal information we collect for "business purposes" or "commercial purposes" (as defined under the CCPA/CPRA), which may include the following examples:

• To operate our Website and provide you with our Service(s).

• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our Service(s).

• To fulfill or meet the reason you provided the information. For example, if you share your contact information to ask a question about our Service(s), we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

• As described to you when collecting your personal information or as otherwise set forth in the CCPA/CPRA.

• For internal administrative and auditing purposes.

• To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including, when necessary, to prosecute those responsible for such activities.

• Other one-time uses.

Disclosure of Personal Information

We may use or disclose and may have used or disclosed in the last twelve (12) months all of the categories of personal information provided in the section Categories of Personal Information Collected for business or commercial purposes. Use and disclosure of Sensitive Personal Information. We recognize the importance of protecting your sensitive personal information, as defined by applicable California law. If we collect, use, or share sensitive personal information, we limit its use or disclosure to only those business purposes that are permitted by law. These purposes may include processing transactions, fulfilling orders, providing customer service, and conducting internal audits or analysis. We may also disclose sensitive personal information as required by law, to protect our legal rights, or to comply with a court order or legal process.

Share of Personal Information

We may share, and have shared in the last twelve (12) months, your personal information certain identified in the above categories with the following categories of third parties:

• Service Providers, which include IT and cloud hosting companies, auditors, analytics providers, advertising partners, ad networks for business purposes.

• Affiliates and subsidiaries of Number X.

• Payment providers.

• Our business partners.

• Third party vendors to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

Sale of Personal Information

As defined in the CCPA/CPRA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the Business to a third party for valuable consideration. This means that we may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit. We do not sell personal information as the term sell is commonly understood. We do allow Service Providers to use your Personal Information for the business purposes described in our US Privacy Policy, for activities such as advertising, marketing, and analytics, and these may be deemed a sale under CCPA/CPRA. We may sell and may have sold in the last twelve (12) months the following categories of personal information:

• Identifiers

• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

• Commercial information

• Internet or other Electronic Network Activity Information

Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact sold but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return.

Sale of Personal Information of Minors Under 16 Years of Age

Minors are not permitted to use Number X Services. If you are a parent or guardian and believe that Number X has information of a child under the age of 18 please contact us immediately at [email protected] so we remove any such information from our database.

Your CCPA Privacy Rights

You have rights that you can exercise in relation to your personal information. In particular:

• Right to know about the personal information we collect about you and how it is used and shared. You may ask for information about the categories of personal information we have collected about you, the categories of sources from which your personal information has been collected, the business or commercial purpose for collecting or selling your personal information, as well as the categories of third parties with whom we may share or to whom we sell your personal information and the categories of personal information that have been provided to such third parties. You may also ask us for a copy of the specific pieces of personal information we have collected about you in a machine-readable format.

• Right to delete. You have the right to request the deletion of your Personal Information. Please note that we may not be able to fully address your request in certain circumstances, such as when we need to complete a transaction for you, detect and protect against fraudulent or illegal activity, exercise our rights, or comply with a legal obligation. If we are unable to fulfill your request, we will inform you of the reason why.

• Right to opt-out of the Sale of Personal Information. We do not sell the Personal Information of consumers. However, you have the right to direct us to not sell your Personal Information at any time by sending a request to the contact email stated below.

• Right to correct. You may ask us to correct inaccurate information that we have about you.

• Right to limit. You have the right to request us to only use your sensitive personal information (f. e., your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the Services.

• Right to nondiscrimination. We will not discriminate against you for exercising any of your consumer’s rights listed above. This means that we will not deny you Services, charge you different fees, or provide you with a lower level of Services if you exercise your privacy rights.

Exercising Your CCPA/CPRA Data Protection Rights

You may exercise any of your privacy rights by contacting us through one of the communication channels provided in the Contact Us section of this US Privacy Notice.

You may authorize a person to act on your behalf in relation to exercising these rights, but we may need to take certain steps to verify the request made is legitimate, i.e., that it is indeed coming from you and that it is made on your behalf. For example, we may require your signed permission demonstrating that you have authorized the agent to submit the request on your behalf.

Your request to us should: (1) provide sufficient information that allows Us to reasonably verify You are the person about whom we collected personal information or an authorized representative and (2) describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with the required information if we cannot: (1) verify your identity or authority to make the request, (2) and confirm that the personal information relates to you.

We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice. Any disclosures we provide will only cover the 12-month period preceding the verifiable request's receipt.

For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

Please note that where we use and disclose personal information for purposes related to security, fraud detection and other similar purposes, some of your rights may be limited. As such, please consider that there might be cases where your request cannot be fulfilled. For example, as permitted by the CCPA, it is possible that we may not comply with a request to delete your personal information if we need that information for the purpose of detecting security incidents, or protecting against malicious, deceptive, fraudulent, or illegal activities, where such information is necessary to record our contractual dealings or your transactions or where required or otherwise permitted by law.

Contact us

If you want to know more about your rights, or you want to exercise them, or you have any questions or concerns regarding this Privacy Notice you can reach us by [email protected]

Compliance with Local Regulations - Japan and South Korea

For users accessing our services from Japan and South Korea, we want to assure you that we are committed to compliance with local data protection regulations, including the Act on the Protection of Personal Information (Japan) and the Personal Information Protection Act (South Korea).

If you are a resident of Japan or South Korea and have any concerns or inquiries regarding the handling of your personal information, please reach out to us at [email protected] We encourage you to use this email for all communications related to privacy matters.

Your privacy is important to us, and we are dedicated to addressing any questions or concerns you may have in a timely and transparent manner.

Thank you for choosing our services.