1. About this notice

This privacy notice (“Notice”) explains how and why NDSE Cyber Ltd and our group companies (also referred to as “COMPANY”, “we”, “our” and “us”) use data about those individuals that either:

• Use our TestNet version of the Protocol (the “TestNet”);
• Communicate with us in relation to the TestNet, points awarded for joining TestNet (“Points”), swapping the Points for $NAORIS tokens (“$NAORIS”) after Token Generation Event (TGE) and launch of the MainNet, referrals and other related matters; or
• Use our website https://naorisprotocol.network/testnet (the “Website”) in relation to the above;

You should read this Notice, so that you know what we are doing with your data. Please also read any other privacy notices that we make available to you, that might apply to our use of your personal data in specific circumstances outside the scope of this Notice, which primarily concerns our processing of your data in relation to or in connection with the TestNet.

2. Who we are and our contact details

2.1 We are NDSE Cyber, Ltd (a corporation incorporated under the law of the Bahamas, with Head Office at Albany Financial Center, Suite 502, South Ocean Boulevard, Nassau, Bahamas SP-63158, with contact email at support.tn@naoris.com).

2.2 Our contact for data protection purposes is João Ferreira Santos, Head of Compliance (joaosantos@.com).

3. Our data protection responsibilities

In this notice we refer to the following terms, which have the following meanings:

• “Personal data” is any information that relates to an identifiable natural person. Your name, address, and contact details are all examples of your personal data, if they identify you. We do not collect your personal data when you use our TestNet but may collect your email address if you request support.
• The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation, and transmission.
• “Metadata” is the aggregated system data we collect through browsers and Chrome extensions when you use our TestNet. This does not personally identify you, and we do not hold other data which, when combined with this data, would enable us to identify you. This means it does not comprise personal data. Naoris is the proprietor and controller of the metadata collected from you during your use of our TestNet. This means that we make decisions about how and why we process your metadata.

4. What types of personal data do we collect and where do we get it from?

With our Testnet services we do not collect personal data. Notwithstanding this, we may collect your email address if you use our support services. The metadata we collate or aggregate does not comprise personal data as it cannot be used to personally identify. The table below sets out the different types of data we collect and the sources we collect it from. Typically, you provide us with personal data directly when you communicate with us via the Enterprise Website https://www.naorisprotocol.com. We also obtain some metadata from other sources, and create some metadata ourselves, as set out in the table.

Category	Type of data	Collected from
Contact Information	Email address	You
Transaction Information	Amount of Points, $NAORIS, and other details relating to your Points swap; Wallet information including address; Metadata (including Technical Information below) from your use of TestNet.	Systems used for the transactions
Website Information	Details of your online browsing activities history while using the Chrome extensions on our Website, location of user’s mouse pointer namely: Browser metadata including: - Browser type and version - Chrome extensions active on our Website - System language - General browsing activity while interacting with our Website (e.g., actions performed, but no browsing history outside the Website)	Device used to access the Website Our Website
Technical Information	Details of your operating system and version Device-related metadata, such as: - Operating system type and version - Device specifications (e.g., CPU type, screen resolution) Details of your online browser, rendering engine, browser plugins (including name and version), Chrome extensions used on our Website Details of the browsers and rendering engine used by you IP address (public and private) and other online identifiers/web beacons/ extension version numbers and permissions Geolocation data (from ISP) Canvas information to optimize the Website’s performance Functionality supported by your device, such as speech recognition status (is it ‘on’ or ‘off’) Cookies. Please see our Cookie Notice for more information at [LINK]	Device used to access the Website Our Website

Please be aware that we cannot communicate with you or administer the TestNet or Point swap without your metadata.

If any of the personal data you have given to us changes, please inform us without delay by contacting support.tn@naoris.com
We do not collect any other data other than set out in the table above.

5. What do we do with metadata, and why?

We process browser-related metadata for particular purposes in connection with your use of the TestNet, Point swap or engagement with us, and to protect your privacy.

6. Sensitive Information

We do not collect or process sensitive information.

7. Who do we share your data with, and why?

We do not share your metadata with any third party.

Inside the Group:
We are part of a group of companies. Therefore, we may collect your email address if you use our support services. The metadata we collate or aggregate does not comprise personal data as it cannot be used to personally identify you, and also to manage the Testnet, your Points, Points swap and other transactions.

Access rights between members of our group are limited and granted only on a need to know basis, depending on job functions and roles.

Outside the Group:
From time to time we may ask third parties to carry out certain business functions for us, such as IT support. These third parties may process your metadata on our behalf (as our processor). We will disclose your metadata to these parties so that they can perform those functions. Before we disclose your metadata to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your metadata. Examples of these third-party service providers include service providers and/or sub-contractors, which include IT systems software and maintenance, and server hosting providers.

In certain circumstances, we will also disclose your metadata to third parties who will receive it as controllers of your metadata in their own right, for example where:
(a)      We buy, sell or transfer our business (or part of it) in connection with a share or asset sale or outsourcing, we may disclose or transfer your metadata to the prospective seller, buyer or transferor and their advisors.

We have set out below a list of the categories of recipients with whom we are likely to share your metadata:

(a)      IT support, our project management application, cloud platform and data hosting providers;

(b)     consultants and professional advisors including legal advisors and accountants.

8. Where in the world is your metadata transferred to?

We may transfer your metadata to external recipients that are established in jurisdictions other than your own. We do not transfer metadata.

Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your metadata as is provided to it under the laws in your jurisdiction.

We will always seek to ensure that adequate protections are put in place when transferring your metadata from within to outside the UK or European Economic Area. For more information regarding the transfers undertaken by us and the protections put in place, please contact us using the details set out at the end of this Notice.

9. How do we keep your metadata secure?

We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your metadata from unlawful or unauthorised processing and accidental loss, destruction or damage. This includes our information security policies and procedures and confidentiality agreements with our staff and independent contractors.

10. How long do we keep your metadata for?

We will only retain your metadata for a limited period of time for the duration of the Testnet service in relation to support services for no longer than is necessary for the purposes for which we are processing your metadata. For example, any data relating to support tickets logged by you and their status will be deleted by us from our project management tool within 2 months of your support request being closed in the support portal, although it may be retained in the support portal after this date in line with the data protection policies of the support portal provider. In relation to our metadata…

Please also see the information in our cookie policy at [LINK] regarding Cookies and our retention policy for information gathered through cookies or extensions.

11. How do we communicate with you?

We will use your email address to communicate with you:

• to administer our relationship with you;
• to reply to your ticket raised through our support services

12. What are your privacy rights and how can you exercise them?

Where our processing of your metadata is based on your consent (please see the table above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your metadata for that purpose, unless there is a lawful basis we can rely on – in which case, we will let you know.

Where our processing of your metadata is based on the legitimate interests you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

13. Updates to this Notice

We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We will update you on material changes to this notice. We also encourage you to check this notice on a regular basis.

14. Where can you find out more?

If you want more information about any of the subjects covered in this Notice or if you would like to discuss any issues or concerns with us, you can contact support.tn@naoris.com