GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE STATEMENT

Last Updated: 29th of December, 2024

At Jazzrabbit OÜ (“Company,” “we,” “us,” or “our”), we are committed to safeguarding your personal data and ensuring that it is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This GDPR Compliance Statement outlines our responsibilities as a data controller, explains how we protect your data rights, and details our obligations under the GDPR.

1. WHO WE ARE

• Business Name: Jazzrabbit OÜ

• Registry Code: 16489902

• VAT Number: EE102524219

• Registered Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia

• CEO: Aron Lukacs

For any questions, concerns, or requests relating to your personal data or this GDPR Compliance Statement, please contact us at:

• Email: aron.lukacs@gmail.com

• Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia

We may act as the data controller (and in certain circumstances, a data processor) for the personal data we collect and process in the course of providing our Service, known as Telegram to Metatrader.

2. DEFINITIONS

• Personal Data: Any information related to an identified or identifiable natural person, such as a name, email address, identification number, or any other data that can identify you.

• Data Controller: The organization that determines the purposes and means of the processing of personal data.

• Data Processor: The organization that processes personal data on behalf of the data controller.

• Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, use, or disclosure.

3. TYPES OF PERSONAL DATA WE COLLECT

Depending on how you interact with our Service, we may collect the following categories of personal data:

1. Identification & Contact Details:

   • Name, email address, and other registration information necessary for creating and managing user accounts.

2. Telegram & Trading Data:

   • Telegram username or channel details, metadata about received messages, MT4/MT5 account ID, usage logs (e.g., timestamps of signals, trade executions).

3. Payment Information:

   • We utilize Stripe to process payments. While Stripe collects your payment card details, we only receive non-sensitive payment identifiers (e.g., transaction ID) and subscription status.

4. Technical & Usage Data:

   • IP address, device information, browser type, and analytics data collected via Google Analytics and Facebook Pixel.

   • Cookies and similar tracking technologies for session management and feature enhancement.

4. LEGAL BASES FOR PROCESSING

We process personal data in accordance with the GDPR, relying on one or more of the following legal bases:

1. Contractual Necessity: Where processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract (e.g., providing our trade-copying Service).

2. Legitimate Interests: For fraud prevention, improving our Service, customer support, or general business operations. We always evaluate whether our legitimate interests are overridden by your fundamental rights and freedoms.

3. Consent: Where you have given clear and explicit consent (e.g., for certain marketing communications or optional cookies). You may withdraw this consent at any time.

4. Legal Obligation: Where we are required to process data to comply with applicable laws and regulations (e.g., tax, accounting, or regulatory obligations).

5. PURPOSES FOR DATA PROCESSING

We may use your personal data for the following purposes:

• Service Delivery: To create and maintain your account, enable automated trading signals from Telegram to MT4/MT5, and to provide customer support.

• Billing & Payment: To process subscription fees and other payments via Stripe.

• Analytics & Improvements: To monitor and analyze usage trends, optimize performance, and improve user experience using tools like Google Analytics and Facebook Pixel.

• Security & Fraud Prevention: To protect our Service and your data from unauthorized access, misuse, or other security threats.

• Compliance: To comply with applicable laws, regulatory requirements, and legal processes.

6. DATA RETENTION

We retain personal data only for as long as is necessary for the purposes described above, unless a longer retention period is required or permitted by law. Factors that determine retention periods include:

• The duration of our relationship with you.

• Legal obligations (e.g., accounting and tax requirements).

• Dispute resolution or enforcement of contractual obligations.

Once personal data is no longer required, we securely delete or anonymize it.

7. YOUR GDPR RIGHTS

Under the GDPR, you have certain rights regarding your personal data. Subject to certain legal exceptions and limitations, these rights include:

1. Right of Access: Obtain confirmation about whether we process your personal data and request a copy of such data.

2. Right to Rectification: Request correction of any inaccurate or incomplete personal data.

3. Right to Erasure (“Right to be Forgotten”): Request the deletion of personal data under specific conditions (e.g., where data is no longer necessary or if you withdraw consent).

4. Right to Restrict Processing: Request to limit the processing of your personal data in certain scenarios (e.g., if you contest the accuracy of the data).

5. Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another data controller where technically feasible.

6. Right to Object: Object to the processing of personal data based on legitimate interests or direct marketing.

7. Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at [Your Contact Email]. We may require certain information to confirm your identity before fulfilling your request.

8. INTERNATIONAL DATA TRANSFERS

We may transfer your personal data to recipients in countries outside the European Economic Area (EEA) or your home country if necessary for the purposes set out in this Statement (e.g., when using non-EEA hosting providers or sub-processors). In such cases, we ensure a sufficient level of data protection, typically by implementing standard contractual clauses or other appropriate safeguards approved by the European Commission.

9. DATA SECURITY

We implement technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. These measures include (but are not limited to):

• SSL/TLS encryption for data in transit.

• Secure hosting environment provided by our server partners (Framer BV for front-end hosting and Render for back-end).

• Strict access controls for authorized personnel only.

• Regular reviews of data handling and security policies.

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

10. SUB-PROCESSORS

We use trusted third-party service providers (“sub-processors”) to help us deliver the Service. These include:

• Stripe for payment processing.

• Framer BV (www.framer.com) for hosting our front-end infrastructure.

• Render (https://render.com/) for back-end infrastructure hosting.

• Google Analytics and Facebook Pixel for analytics and marketing performance tracking.

Each sub-processor is carefully vetted to ensure compliance with applicable data protection laws. Where required, we have data processing agreements or equivalent contractual obligations in place to safeguard your personal data.

11. DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant data protection authorities without undue delay, in accordance with GDPR requirements.

12. COMPLAINTS

If you have concerns or questions about how we handle your personal data, please contact us at [Your Contact Email]. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority in the EU Member State where you reside or where the alleged infringement took place.

13. UPDATES TO THIS STATEMENT

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. When we do, we will revise the “Last Updated” date at the top. We encourage you to review this Statement periodically to stay informed.

14. CONTACT INFORMATION

If you have any questions, requests, or concerns regarding this GDPR Compliance Statement, please contact us at:

• Email: aron.lukacs@gmail.com

• Address: Jazzrabbit OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia

By using our Service, you acknowledge that you have read, understood, and agree to this GDPR Compliance Statement. We are dedicated to ensuring your personal data is protected and that you maintain full control over your privacy rights.