Privacy Policy and Website Terms of Use

for registered visitors of Tiwala Solutions Kft.

Tiwala Solutions Kft. registered seat: 1131 Budapest, Mosoly utca 40 / A 1. em. 3 .; Cg .: 01-09-343101)
as data controller (“Tiwala” or “Data Controller”) shall respect the privacy rights of its customers and
partners (“Data Subject” or “User”), in particular the data protection rights thereof as per the
Regulation (EU) 2016 / 679 of the European Parliament and the Council (“GDPR”) and shall apply these
rules in all cases in the course of your business and shall be deemed to be applicable together with the
provisions herein.

I. Principles of data processing

Personal data
1. shall be processed in a lawful and fair manner, that is transparent for the data subject
(’lawfulness, fair trial and transparency’),
2. shall be collected only for specified, explicit and legitimate purposes and shall not be treated
in a way incompatible with those purposes (’purpose limitation’); further data processing for
purposes of archiving in the public interest, for scientific and historical research purposes or
for statistical purposes shall not be considered as incompatible with the original purpose,
3. shall be appropriate and relevant as regards the purposes of the data processing and shall be
limited to the necessary level (’data saving’),
4. shall be accurate and up to date where necessary, all reasonable steps must be taken to ensure
that personal data which are inaccurate for the purposes of data processing shall be erased or
rectified without delay (’accuracy’),
5. must be stored in a form which permits identification of data subjects for no longer than is
necessary for the purposes for which the personal data are processed; personal data may be
stored for a longer period only if the personal data is being processed for the purpose of
archiving in the public interest, for scientific and historical research purposes or for statistical
purposes (’storage limitation’),
6. processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against accidental loss,
destruction or damage, using appropriate technical or organisational measures (’integrity and
confidentiality’),
7. The data controller shall be responsible for, and be able to demonstrate compliance with, data
processing principles (‘accountability’).

II. The Data Controller

Details of the Data Controller:

Tiwala Solutions Kft.
registered seat: 1131 Budapest, Mosoly utca 40/A 1st floor 3.,
Company registration number: 01-09-343101
Contact: [email protected]

III. Purpose and legal basis of data processing

The Data Controller shall process the personal data provided by the Data Subject or disclosed in any
way (including the documents submitted by the Data Subject to the Data Controller and in any other
form) in accordance with the legislation on business secrets and data protection only for the following
purposes:

- Providing User Access to a Virtual Purchase and Sale Service (’Service’)

 - Activities related to the promotion of, raising awareness on and sale of the Service
- Customer service activities, contact
- Direct inquiries, sending newsletters

The Data Controller shall process the personal data of the Data Subject on the basis of the Data
Subject's consent (Article 6 (1) (a) of the GDPR) and the enforcement of the legitimate interests of the
Data Controller (Article 6 (1) (f) of the GDPR).

The Data Controller shall inform the Data Subjects that it has confirmed the necessity and
proportionality of the data processing by performing an interest balance test before processing the
data in order to enforce its legitimate interests. The data controller shall make the details of the
balance of interests available to the Data Subject upon request.

IV. Scope and source of processed data

For the above purposes, the Data Controller processes the following personal data in the course of its
activities: surname and first name, e-mail address.

The Data Controller shall obtain the processed personal data from the Data Subject.

V. COOKIE POLICY

During the visit to the Data Controller's website, a so-called cookie may be placed on the Data Subject's
computer. Some cookies are essential for the proper functioning of the website, others collect
information about the use of the website in order to increase the user experience. Some cookies
disappear when you close your browser, and there are some with longer availability on your computer.
The following cookies are used on the Data Controller's website:

Session Cookies:

Session cookies are required to browse the website and use the features that guarantee the proper
functioning thereof. These cookies are valid for the duration of the visit and are automatically deleted
at the end of the session or by closing the browser.
The proper operation of the website shall be ensured in accordance with the legal authorization set
out and provisions of Section 13 / A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce
Services and Information Society Services.

The session cookies used by the website are as follows:

• JWT_token: A technical cookie containing a session ID.

This cookie helps the content management system to handle the user's pageviews as a
continuous session so that certain basic functions such as registration and login can work
properly. Closing the browser window will delete them from the visitor's computer.

Activity Analysis Cookies:

With the help of cookies analyzing user activity, the Data Controller collects information about the
Data Subject's website usage habits for a proper improvement of the website.

• Certain functions of Google Analytics

 Detailed information about the service is available at the following link:
https://www.google.com/analytics/terms/us.html

For some user Activity Analysis Cookies, it is not excluded that you will not only transmit anonymous
information from the Data Subject by using technical means and measures to avoid access to personal
data (eg data masking) and continue to use the extracted information to analyze visitor behavior
anonymously.

• Smartlook

A service used for heat map analytics that collects information about the location of clicks and
the movement of the mouse.

Detailed information (available in English only):

https://www.smartlook.com/help/privacy-statement/

Targeted Advertising Cookies

The purpose of using these cookies is twofold: to ensure that you can select and display advertisements
of interest to the Data Subject or held by the Data Controller on third-party websites. These cookies
typically record the fact of page visits, certain product pages visited, forms, thank you page visits,
duration, and the device used.
The Targeted Advertising Cookies used by the Website are as follows:

• Google Adwords

Detailed information related tot he service is available at the following link:

https://www.google.com/intl/hu/policies/privacy

• Facebook
Detailed information about the service is available at the following link: https://hu-
hu.facebook.com/policies/cookies/

Check cookie settings, disable cookies

Detailed information about the cookie settings of each browser can be found at the following links:
• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Safari

VI. Duration of data processing

Data Controller shall process personal data until the purpose of data processing is fulfilled. In
exceptional cases, by a fulfillment of statutory requirements, the Data Controller may process the
personal data of the Data Subject even after the termination of the legal relationship.

VII. Data processing

The Data Controller shall hereby inform the Data Subject that it uses the following data processors
within the course of providing the Service:

- Tiwala Solutons Kft. (oepartion of ATMs, execution of financial transactions,

customer authentication, management of customer service) hu.coincash.eu
- Zendesk (operation of customer service system) www.zendesk.com
- Zendesk Chat (Zopim) (operation of live chat system) www.zendesk.com
- SEON.io (using security risk assessment service) www.seon.io
- Cloudflare (use of cyber security service) www.cloudflare.com
- Smartlook (marketing tool, service for improving user experience)
www.smartlook.com
- Amazon Web Services (server service) https://aws.amazon.com/
- WEB and FLOW Ltd. (static ( https://hu.webbandflow.co.uk/altalanos-
szerzodesi-feltetelek.html )

VIII. Data transfer

The Data Controller shall be obliged for data provision towards the court, prosecutor, infringement
authority, administrative authority, investigating authority or other bodies in order to provide
information, disclose data, transfer documents or make documents available. In this context, the data
provision shall be only to the extent strictly necessary to achieve the purpose of the authority ordering
the data provision - provided that the authority has specified the exact scope of the data as well as the
exact purpose. The Data Controller shall not be held liable for the execution of such data transfers and
the possible consequences thereof, no claim may be made against him.

IX. The Data Subject’s rights

1. Right for transparent information and communication

The Data Controller shall take appropriate measures to provide the Data Subject with all
information and notification relating to the processing of personal data in a concise, transparent,
understandable and easily accessible form, texted in written form in a clear and intelligible
language.

2. Rights for information and access to personal data

The Data Controller shall, at the time when personal data are obtained, provide the Data Subject
with all of the following information:
- The identity and the contact details of the Data Controller and the Data Controller's
representative,
- Contact details of the Data Protection Officer,
- The purposes of the processing for which the personal data are intended as well as the legal
basis for the processing,
- Identity of the person or entity concerned with the data transfer,
- The period for which the personal data will be stored,
- the existence of the right to request from the controller access to and rectification or erasure
of personal data or restriction of processing concerning the data subject or to object to
processing as well as the right to data portability
- The right to lodge a complaint with a supervisory authority,
 - the existence of the right to withdraw consent at any time,
- whether the provision of personal data is a statutory or contractual requirement, or a
requirement necessary to enter into a contract, as well as whether the data subject is obliged
to provide the personal data and of the possible consequences of failure to provide such data.

3. Access right of the Data Subject

The Data Subject shall have the right to obtain confirmation from the Data Controller as to whether
or not personal data concerning him or her are being processed, and, where that is the case, access
to the personal data and the following information.

4. Right to rectification

The Data Subject shall have the right to obtain the rectification of inaccurate personal data
concerning him or her from the Data Controller without delay.

5. Right to erasure, to be forgotten

The Data Subject shall have the right to obtain from the Data Controller the erasure of personal
data concerning him or her without delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were
collected or otherwise processed
- The Data Subject withdraws its consent having provided legal basis for the processing, and
there is no other legal ground for the processing,
- The Data Subject objects to the processing and there are no overriding legitimate grounds
therefor, or the Data Subject objects thereto,
- The personal data have been unlawfully processed,
- The personal data have to be erased for compliance with a legal obligation in Union or
Member State law to which the controller is subject
- the personal data have been collected in relation to the offer of information society services

The Data Controller shall hereby inform the Data Subjects that it shall not be obliged to fulfill the
request to exercise the right to erasure or to be forgotten tot he extent that a data processing may
be necessary:
- For exercising the right of freedom of expression and information,
- for compliance with a legal obligation which requires processing by Union or Member State
law to which the controller is subject or for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller
- For reasons of public interest in the area of public health
- For archiving purposes in the public interest, scientific or historical research purposes or
statistical purposes
- for the establishment, exercise or defence of legal claims.

6. Right to restriction of processing

The Data Subject shall have the right to obtain from the Data Controller restriction of processing
where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the
controller to verify the accuracy of the personal data
- The processing is unlawful and the data subject opposes the erasure of the personal data and
requests the restriction of their use instead
 - The Data Controller no longer needs the personal data for the purposes of the processing, but
they are required by the Data Subject for the establishment, exercise or defence of legal
claims;
- The Data Subject has objected to processing; pending the verification whether the legitimate
grounds of the controller override those of the Data Subject.

7. Right to data portability

The Data Subject shall have the right to receive the personal data concerning him or her, which he
or she has provided to the Data Controller, in a structured, commonly used and machine-readable
format and have the right to transmit those data to another controller without hindrance from the
Data Controller to which the personal data have been provided, where
- The processing is based on consent, and
- The processing is carried out by automated means.

In exercising his or her right to data portability, the Data Subject shall have the right to request the
personal data transmission directly from one controller to another, where technically feasible.

8. Right to object

The Data Subject shall have the right to object, on grounds relating to his or her particular situation,
at any time to processing of personal data concerning him or her, including profiling based on the
referred provisions. The Data Controller shall no longer process the personal data unless the Data
Controller demonstrates compelling legitimate grounds for the processing which override the
interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of
legal claims.

9. Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning him or her or similarly
significantly affects him or her.

X. Restrictions

Union or Member State law applicable to the Data Controller may restrict the application of the rights
included in Section VIII, provided that the restriction respects the content of fundamental rights and
freedoms and that the measure is necessary and proportionate to protect:
- National security
- Dfence
- Public security
- The prevention, investigation, detection or prosecution of criminal offences or the execution
of criminal penalties, including the safeguarding against and the prevention of threats to public
security
- Other important objectives of general public interest of the Union or of a Member State, in
particular an important economic or financial interest of the Union or of a Member State,
including monetary, budgetary and taxation a matters, public health and social security
- The protection of judicial independence and judicial proceedings
- The prevention, investigation, detection and prosecution of breaches of ethics for regulated
professions
- A monitoring, inspection or regulatory function connected, even occasionally, to the exercise
of official authority
 - The protection of the data subject or the rights and freedoms of others
- The enforcement of civil law claims.

XI. Remedy

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
(hereinafter: ’Data Breach’), the Data Controller shall notify the Hungarian National Authority for Data
Protection and Freedom of Information (’NAIH’) as competent supervisory authority without delay but
at the latest within 72 hours from discovering such breach. Personal data breaches that are considered
to be unlikely to result in a high risk to the rights and freedoms of natural persons shall be exceptions
thereto.

Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural
persons, the Data Controller shall inform the Data Subject about such breach without undue delay, by
describing the nature of the personal data breach using clear and plain language.

The Data Controller shall inform the Data Subject that in case of violation of his / her data protection
rights, he / she may file a complaint with the NAIH or apply to a court by means of a claim. The Data
Subject shall also have the right to bring proceedings before the court having competence as per the
the place of residence or stay.

If the Data Controller may cause damage to another person by an illegal processing of the Data
Subject's data or violating the data security requirements, it shall compensate that, and if this may
violate the Data Subject's privacy rights, the Data Subject may claim for damages. The Data Controller
shall be released from the liability for the damage caused and the obligation to compensate the
damages if it proves that the damage or the violation of the privacy rights of the Data Subject was
caused by an unavoidable cause outside the scope of data processing.

Contact details of the NAIH is available at the following website: https://www.naih.hu

The Data Subject shall be entitled to seek for judicial remedy in the event of a violation of his / her
rights.

XII. Data security

The Data Controller shall take appropriate technical and organizational measures to take into account
the state of science and technology and the costs of implementation, as well as the nature, scope,
circumstances and purposes of data processing and the varying likelihood and severity of risks to the
rights and freedoms of natural persons. guarantees a level of data security commensurate with the
degree of risk, including:
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of
processing systems and services,
- The ability to restore the availability and access to personal data in a timely manner in the
event of a physical or technical incident,
- a process for regularly testing, assessing and evaluating the effectiveness of technical and
organisational measures for ensuring the security of the processing.

XIII. TERMS OF USE

By using the internet service available on the coincash.eu server or by opening any of its pages
(the "Website"), the user acknowledges without limitation or reservation that he is subject to the
provisions of these terms of use and applicable legislation.

LIMITATION AND EXCLUSION OF LIABILITY

Tiwala shall make every effort to ensure the accuracy of the information on the Website. Tiwala
shall hereby exclude any liability for any direct (eg computer failure) or indirect (eg lost profits)
damages resulting from inaccurate information, disruption, unavailability of the Website or any
other event occurring during a visit to the Website. The parties involved in the creation and
operation of the Website shall not be liable for any errors or deficiencies in the content of the
Website.

Tiwala reserves the right to change or delete a disclosed inaccurate or erroneous content at
any time without notice. The information on the Website shall be for information purposes only
and shall not constitute consultancy or recommendations.

The User shall hereby undertake that the use of the information downloaded and accessed
through the Website is solely at his own responsibility and risk.

The Website may contain links to websites outside of Tiwala's Website. Tiwala has no control
over, and shall not be responsible for, the content, accuracy or operation of any third party
websites.

If the User may operate an external website and wishes to create a link to this Website, he / she
can do that by entering the exact URL of the homepage of this Website (eg the use of deep
links is not permitted). The link should not in any way give the impression that Tiwala supports or
would be related to the external website. The use of "framing" or similar solutions shall be
prohibited and the User shall be obliged to ensure that the link to the website opens in a new
window.

INTELLECTUAL PROPERTY RIGTHS

Tiwala is the sole owner of the copyright, trademark and other intellectual property rights
related to the contents on the Website and those have been used with Tiwala's permission. The
User shall have the right to browse the Website and to reproduce the content there by printing,
saving or transmitting it to other persons for private purposes.

Tiwala shall provide its express written permission for any use of the content on the Website in
any form beyond your personal use. Tiwala shall only allow an access to and download of
information on the Website for the purpose of accessing and using the Tiwala Services.
Copying, publishing or amendment of the Website materials for commercial use shall be
prohibited, and a resale of information printed or viewed on the Website as well as the
permission shall be subject to restrictions as the User shall be obliged to comply with all
intellectual property legislation and other requirements herein in this Website Terms of Use, and
the User shall not be entitled to amend the materials downloaded from the Website.

Tiwala shall not otherwise grant any express or implied right to the User under any intellectual
property or trade secret regulations.

Tiwala shall enforce its intellectual property rights to the fullest extent permitted by law.

AMENDMENT OF THE TERMS OF USE

Tiwala reserves the right for unileateral amendment of this Terms of Use with a simultenous
notification to the Users. Tiwala shall notify the already registered User about the change of the
Terms of Use as per the first entry after the change having taken effect. The User shall expressly
accept the modified terms and conditions and shall acknowledge them as binding thereon
by entering its profile after the information and further using the services placed on the Website.
If the User may not accept the amended terms and conditions, he / she shall be no longer
entitled to use the services of the Website subject to registration and may not enforce any
claim in this connection.

1 May 2022

Tiwala Solutions Kft.