JEWEL PRIVACY POLICY

1. Purpose of Privacy Policy

Jewel Bancorp Ltd. (“Jewel” “Jewel Bank” or “the Bank”) respects and protects the privacy of our clients and visitors to our website. This Jewel Bank Privacy Policy (the "Policy") outlines the online privacy practices of Jewel with respect to individuals who visit our website, www.dltjewel.com, access our online and mobile applications, and visit our social media pages, whether through desktops, laptops, tablets, smart phones, or other mobile devices (together, the “Site").

This Policy also outlines our privacy practices for consumers who apply for and/or obtain services from us, such as deposits, loans, insurance, custody services or credit card services (the “Services”). The information Jewel collects and uses is limited to the purpose for which our customers engage us, our services, and other purposes expressly described in this Policy. Any discussion of your use of the Service in this Policy is meant to include your interactions with Jewel. The Policy is designed to comply fully with among other laws, the Bermuda Personal Information Protection Act 2016 ("PIPA").

2. What do we mean by Personal Information?

In this Policy, personal information means all information related to an identifiable individual. It does not refer to anonymous aggregated information (information not pertaining to any one individual and cannot be traced to any individual) or information related to a business entity. Except as described in this Policy, Jewel will not give, sell, rent or loan any personal information to any third party.

Personal information does not include Usage Data which we define as encoded or anonymized information or aggregated data that we may collect about a group or category of services, features or users which does not contain personally identifying information. Usage Data helps us understand trends in usage of the Service so that we can better consider new features or otherwise tailor the Service. In addition to collecting and using Usage Data ourselves, we may share Usage Data with third parties, including our customers, partners and service providers, for various purposes, including to help us better understand our customers’ needs and improve the Service as well as for advertising and marketing purposes. We do not share Usage Data with third parties in a way that would enable them to identify you personally.

In this Policy, sensitive personal information means any personal information relating to an individual's place of origin, race, colour, national or ethnic origin, sex, sexual orientation, sexual life, marital status, physical or mental disability, physical or mental health, family status, religious beliefs, political opinions, trade union membership, biometric information or genetic information.

The safeguarding of sensitive personal information will be proportionate to the risk of unlawful or unauthorized access to the sensitive personal information. The Bank will obtain explicit consent for the use of sensitive personal information and use sensitive personal information to carry out legal obligations, where there is a public interest and where such information is already available to the public, as well as processing legal claims and to protect an individual's vital interest and the individual is not capable of providing consent.

If you are viewing this information from a country within the European Economic Area (including the European Union) see Section 28 “Notice to European Visitors” for an explanation of the legal grounds for us processing and transferring your personal information.

3. Terms of Use

Please review our Terms of Use, which govern your use of our Sites and are also incorporated into this Privacy Policy by reference.

4. The Information We May Collect from You

If you are our customer or have begun to apply for a product or service, the types of personal information we collect depends on the product or service. We collect your personal information when you open an account or apply for a loan; sell or trade in digital assets, use Online Banking or enroll in a service; or use one of our other financial products or services.

The information Jewel can collect from you can include:

• Your name, home address and other contact information
• Your identifying numbers (such as a Bermuda Social Insurance Number/UK National Insurance Number/or U.S. Social Security Number)
• Your financial history and transactions
• Your account balances and payment history
• Your consumer report information
• The identity of your assets held with Jewel
• Your investment experience
• Network information resulting from surfing our Site (such as your internet protocol (IP) address, length of time on our Site, cookies, applications used on our Site, type of device you are using, type of operating system, pages opened; and other interactions with our Site
• Network information regarding transactions that result from using the Services
• Usage information, such as information about how you use the Service and interact with us
• Feedback and surveys, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us

We may receive information about you from information services and consumer reporting agencies. Some special information, such as any criminal history, may be collected for certain limited purposes.

We do not collect, and we will never ask you to share your private keys or similar information.

5. Our Social Media Pages

On our Sites, you remain anonymous unless you register for, apply for or use a product or service or otherwise choose to disclose your identity to us (for example, by logging into Online Banking, choosing to register on the Site or select “like” on a Jewel social media page). We may collect information generated by your computer or device, including the IP address (a numeric address assigned automatically to computers and mobile devices when they access the Internet) or other identifiers. We also may collect your location when you log on or when you register to receive or request location-based content.

When you engage with Jewel Bank on our social media pages, you can make certain information from your social media profile, postings, and other interactions available to us as well as other participants on these platforms. You may be able to control what data you share, and with whom, through the privacy settings on these social media sites. Any information you share or interactions you may have while participating on those platforms is subject to the privacy policies and terms of use of those social media platforms. Jewel Bank may but is not obligated to monitor and archive conversations with Jewel Bank social media accounts and on Jewel Bank social media pages. Jewel Bank monitors and may archive the conversations you have with our representatives on such sites.

Please note that when you visit Jewel Bank's pages on social media sites where your information is shared with us, the use of that information is subject to our Terms of Use and this Policy.

6. Disclosure of Personal Information To Third Parties

6.1. Extent and Purpose for Sharing Your Information:Extent and Purpose for Sharing Your Information:

We do not sell your personal information. We will only disclose or share your personal information with a third party under the following circumstances:

• With affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for any purpose or basis that is consistent with this Privacy Policy.
• With our service providers. We may disclose your personal information to those service providers, as further described below, where their privacy policy is disclosed to the public or where they agree to abide by our Privacy Policy. Such service providers include our web site hosts, email providers, outside customer support, database managers and cloud storage providers.
• With banks and similar financial institutions. We may disclose your personal information to those banks, their affiliates and similar financial institutions, as is necessary to complete a transaction with you.
• For business engagements. We may share personal information when we do a business engagements or negotiate such engagements. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• With our professional advisers. We may disclose your personal information with our advisers and experts who require such information to assist us. Such advisers include our accountants, lawyers, bankers, auditors, insurers and business consultants. In all such cases, our advisers and experts must first agree to comply with our Privacy Policy before receiving such information.
• With law enforcement. We may disclose your personal information with law enforcement, including regulators, and government entities involved in public safety and security, law enforcement and compliance with current laws.
• With other parties where you agree to such disclosure. We may disclose your personal information with those other entities as you request or that you agree to such disclosure.

6.2. Business Partners Who We May Share Personal Information With

As mentioned above, we use the following service providers for clients, and they have their own privacy policies. Any such provider that has rules that are less stringent than our Privacy Policy will be required to adhere to the terms of our Privacy Policy:

6.3. Transfer of Personal Information to an Overseas Third Party

Where the Bank transfers your personal information to an overseas third party for that overseas third party to use your personal information on behalf of the Bank or for the third party's own business purposes, the Bank remains ultimately responsible for compliance with PIPA and the obligation thereunder.

Prior to making a transfer of personal information to an overseas third party, the Bank will assess the level of protection afforded by the overseas third party, and where it is comparable or superior to the protections provided for under PIPA, the Bank will proceed to transfer the personal information to the relevant third party. Where the level of protection afforded by the third party is not comparable, the Bank will enter into a contract with the third party to ensure the overseas third party is contractually obligated to only use your personal information in compliance with the provisions of PIPA.

The Bank may transfer information to overseas third parties certified under the Asia Pacific Economic Cooperation Cross Border Privacy Rules, which is an approved certification mechanisms for transfers of personal information to overseas third parties by the Privacy Commissioner and any additional certification mechanisms recognized by the Privacy Commissioner.

6.4. Intermingled Web Sites or Social Networks

We are not responsible for any content provided by third parties that may have links from our Site or social networks where we maintain a profile page, such as LinkedIn or Facebook. If you provide these third parties with information, the collection and use of that information will be subject to their privacy policies and will not be subject to this policy.

We also may use third parties to provide other services on our behalf. For example, third-parties may host microsites and moderate our social media pages. These third parties are contractually obligated to comply with Jewel Bank’s privacy and security standards and are limited in their use of information collected on our behalf.

7. Retention of Your Information

We retain your personal information for as long as it is necessary and relevant to fulfill the purposes outlined in this Privacy Policy, including providing Services, resolving disputes, enforcing our Terms of Use, complying with applicable banking, insurance and securities laws and regulations, and all other purposes described in this Privacy Policy. In any event, it is Jewel’s general policy to retain your personal information gathered from a portal of our website or in connection with a Service will be retained for at least 2 years. Information collected through social networks is retained for the period designated by such social networks. Visitors from the European Economic Area have additional rights regarding information retention. See Section 28 “Notice to European Visitors” below.

In order to determine the retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Third-Party Applications, Plug-Ins, Widgets and Links to Third-Party Web sites

Within our Sites, there may be embedded applications, plug-ins, widgets, as well as links to third-party sites that may offer you goods, services, or information. Some of these sites may appear within our site. When you click on one of these applications, plug-ins, widgets, or links, you will leave our site and will no longer be subject to Jewel Bank’s Privacy Policy and privacy practices. We are not responsible for the information collection practices of the other sites that you visit, and we urge you to review their privacy policies before you provide them with any personally identifiable information. Third-party sites may collect and use information about you in ways that are different from the practices of Jewel Bank.

9. Log Files

As is true with most Sites, Jewel gathers certain information automatically and stores it in log files. This information includes internet protocol addresses, browser, internet service provider, referring/exit pages, operating system, date/time stamp, and click stream data as well as certain personal information such as user name, user email address and other information that may be included in open textual fields. We generally use this information as we would Usage Data to analyze trends, administer and maintain the Platform, or track activity within the Service. Our application log files are subject to the same strict data security policies and procedures as the application databases for our Service.

We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you, to improve marketing, analytics, or site functionality.

10. Cookies and Similar Technologies

Technologies such as cookies, beacons, tags and scripts are used by Jewel and our marketing partners, affiliates, or analytics or service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to keep an Agent or End-User logged into the Service and to remember relevant information when the Agent or End-User returns to the Service, to understand their preferences and improve their user experience, and track and analyze usage, navigational and other statistical information from visitors to the Jewel Sites. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

You can generally accept or decline the use of cookies through a functionality built into your web browser.

If you want to learn more about cookies, or how to control or delete them, please visit aboutcookies.org for detailed guidance.

In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here.

Many jurisdictions require or recommend that website operators inform users as to the nature of cookies they utilize and, in certain circumstances, obtain the consent of their users to the placement of certain cookies. If you are a customer of Jewel, it is your responsibility to inform the individuals with whom you interact using the Platform, including your Agents and End- Users as to the types of cookies utilized in the Service and, as necessary, to obtain their consent. You can find out more about each cookie by viewing our current cookie list. In addition, if you require more specific information as to the nature of the cookies utilized in the Service for purposes of fulfilling these obligations, please contact us by email at privacy@dltjewel.com.

We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as Flash to collect and store information. To manage Flash LSOs please click here.

11. Private Security Keys

As part of our ongoing efforts to enhance our online security and protect your information, we may place a private key on your desktop or mobile device to help us identify the device as belonging to you. The use of a private key on your device assists you in conducting your Online Banking transactions.

12. Use of Customer Biometrics

As part of our ongoing efforts to enhance our online security and protect your information, we may use some customer biometric information. We may ask you to authenticate an online transaction with the use of your fingerprint, facial, or eye biometric information. There could be other forms of biometrics we may also choose to offer for authentication as well. Also, we may look at how you use your mouse or keyboard on a PC or how you move your finger over a screen on our mobile app to help determine if you are the real user during an online session. The use of biometrics on your device assists you in conducting your Online Banking transactions.

13. Telephone Carrier Information

As part of our ongoing efforts to enhance our online security and protect your information, we may access your operator (Digicel, CellOne, AT&T, Sprint, T-Mobile, Verizon, or any other branded operator) to use your regular phone number, your mobile phone number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, to allow verification of your identity and to compare information you have provided to Jewel Bank with your wireless operator account profile information for the duration of the business relationship. The use of mobile carrier data on your device assists you in conducting your Online Banking transactions.

14. Web Browser 'Do Not Track' Signals

We do not respond to Web browser 'do not track' signals at this time.

15. Web Analytics

We may use web analytics tools that use cookies to collect anonymous information about pages visited, links that are clicked and other information about the use of our Sites. We aggregate and use this information to better understand site activity and to improve our products and services.

16. How we Use Your Information: Non-Identifying Information

The following are some of the ways in which we may use non-identifying information:

• To advertise and market our products and services to you.
• To present targeted messages, including ads, to you.
• To determine whether our ads or other promotional activities are effective;
• To learn more about how consumers use our Sites.
• To provide location-based services that you may request and
• To manage fraud and security risks, including, but not limited to, detecting and preventing fraud or criminal activity.

17. How We Use Your Information: Identifying Information

If you are a Jewel Bank customer or have begun to apply for a product or service, the reasons we use your information may include: we may contact you about your account, including to resolve issues around transactions, handle maintenance of your account, alert you about fraud or unusual activity on your account, or for debt collection purposes. Because we need to be able to contact you to run our businesses and offer you services, you cannot opt out of this contact. We may use any phone number, including any mobile phone number you have given us to contact you about these or other issues. If you give us a mobile number, please be aware that you may incur additional fees from your carrier. By giving us your mobile number, you also agree that we may contact you by text message and carrier charges may apply. You further agree that we may call the phone number you have provided to us to contact you about your account using an automated dialer and/or pre-recorded message.

17.1. Ways of Use

Other ways we may use personal information we collect from you alone or in combination with information we have collected from other sources include:

• To provide products and services.
• To present targeted messages, including ads, to you.
• To process your application for our products or services.
• To service your account(s) (for example, to respond to questions about your accounts).
• To report to credit bureaus.
• To advertise and market our products and services to you.
• To learn more about how customers use our Sites and interact with our products and services.
• To manage fraud and security risks, including, but not limited to, detecting and preventing fraud or criminal activity.
• To safeguard your data.
• To respond to court orders or legal investigations.
• In other ways as required or permitted by law or with your consent.

17.2. Conditions of Use

The Bank will only use personal information about you where it is permissible under law, which may include the following conditions:

• With your consent.
• For the performance of a contract between you and the Bank or for the taking of steps at your request with an intention of entering into a contract.
• Where the use of your personal information is to comply with a provision of law that authorizes or requires such use.
• Where the use of the personal information is for the purpose of complying with an order made by a court, individual or body having jurisdiction over the organisation.
• Where the use of the personal information is necessary in order to collect a debt owed to the Bank or for the Bank to repay to you money owed by the Bank.
• Where the use of the personal information is reasonable to protect or defend the Bank in any legal proceeding.

18. How We May Share Your Information

We may share our customers' and potential customers' personal information for our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus. We may share our customers' personal information to offer our products and services to you. We may also share your information in the event of a sale or transfer of all or some of our assets. We do not share your personal information with other companies, such as for the purposes of jointly marketing a product to you with a third-party entity. We do not sell exchange or otherwise share your information to any third party.

19. Telephone and Electronic Communication Monitoring or Recording

Monitoring, storing and analysis of telephone conversations has become a staple of communications and customer relations training. Jewel is committed to improving the customer experience, and, accordingly, employs telephone call reviews as part of its training and team improvement procedures. Jewel, including its agents and service providers, may monitor, record electronically, and retain telephone conversations and electronic communications between you (including anyone acting on your behalf) and us.

20. Your Choices

Jewel Bank customers may instruct us not to share personal and financial information with our affiliates (companies we own or control or under the common control of Jewel shareholders) and outside companies that we do business with by logging on to Online Banking at dltjewel.com and changing your “Affiliate Information Sharing” preferences.

Jewel Bank customers also may exercise these choices by calling (203) 529-5491. To opt out of receiving Jewel Bank email marketing, follow the directions at the bottom of the marketing email or send a message with the word “Unsubscribe” in the subject line or by selecting the “unsubscribe” button within the email. ‬‬‬

21. The Rights of Individuals

21.1. Rights

The Bank recognises that individuals have specific rights conferred on them by PIPA, including:

• The right to access personal information about the individual in the custody or under the control of the Bank;
• The right to be informed about the purposes for which personal information has been and is being used by the Bank;
• The right to know the names of the persons or types of persons to whom and circumstances in which the personal information has been and is being disclosed;
• The right to make a written request to the Bank to correct an error or omission in any of the personal information which is under the control of the Bank;
• The right to request the Bank to cease, or not to begin, using personal information for the purposes of advertising, marketing or public relations or where the use of personal information is likely to cause substantial damage or substantial distress to the individual or to another individual;
• The right to request that the Bank erase or destroy personal information about the individual where that personal information is no longer relevant for the purposes of its use;
• The right to restrict the processing of the individual's personal information;
• The right to be informed of a personal information breach (unless the breach is unlikely to be prejudicial); and
• The right to complain to the Privacy Commissioner.

Individuals have the right to access their own personal information and receive information about its use. Unless it is reasonable in all circumstances to provide access, the Bank may refuse a request or may not grant access to an individual to their personal information, for the reasons set out below.

The Bank may refuse to provide access to personal information on the following grounds, where the personal information:

• Is subject to legal privilege.
• Would reveal confidential information of the Bank or of a third party that is of a commercial nature and it is not unreasonable to withhold the information.
• Is being used for a current disciplinary or criminal investigation or legal proceedings, and refusal does not prejudice the right of the individual to receive a fair hearing.
• Was used by a mediator or arbitrator, or was created in the conduct of a mediation or arbitration for which the mediator or arbitrator was appointed by the court or by an agreement.
• The disclosure of the personal information would reveal intentions of the Bank in relation to any negotiations with the individual to the extent that the provision of access would be likely to prejudice those negotiations.

Unless it is reasonable in all circumstances to provide access, the Bank must not provide access to personal information where the disclosure of personal information:

• Could reasonably be expected to threaten the life or security of an individual.
• Would reveal personal information about another individual.
• Would reveal the identity of an individual who has in confidence provided an opinion about another individual and the individual providing the opinion does not consent to the disclosure of their identity.

The Bank may consider providing an individual with their personal information where the Bank can reasonably redact information and provide the personal information to the individual who requested it.

21.2. Procedure For Making A Subject Access Request

In order to obtain a copy or examine personal information you must make the request in writing to the Bank, which can be provided in email to the Privacy Officer at privacy@dltjewel.com or be provided by hand to the Bank to the attention to the Privacy Officer at the address provided in Section 26 below.

The Bank will promptly acknowledge the request in writing and inform you if any further information is required to complete the request. A copy of the personal information must be provided within 45 days, or the Bank may extend the period by no more than 30 days (or as permitted by the Privacy Commissioner) where a considerable amount of personal information is requested and the request would interfere with the operations of the Bank, or more time is needed to consult with a third party. The Bank shall inform you in writing of any extension and the expected time of response.

The Bank may charge you a fee for access to the personal information, and such fee will be determined by the Bank, except where such request results in the correction of an error or omission in the personal information about you that is under the control of the Bank.

An individual is only entitled to their own personal information and certain information about the data, but not to information relating to other people (unless the information is also about them or they are acting in a legal capacity on behalf of someone else). The Bank will maintain a record of the details of requests received. . The Privacy Officer may request the advice of the Privacy Commissioner or Bermuda counsel to advise further where required.

22. How We Protect Your Information

We employ industry standard security measures designed to protect your personal information from unauthorized access and use. These measures include device safeguards and secured files and buildings, as well as oversight of our third-party service providers and employee training.

Jewel has put in place appropriate security safeguards to ensure the security of personal information against the risk of loss, unauthorized access, destruction, use, modification or disclosure or other misuse. Jewel has put in place procedures to deal with any suspected data security breaches and will notify you and the Privacy Commissioner or any other relevant regulator of a suspected breach where Jewel has a legal obligation to do so. Jewel will provide to the Privacy Commissioner a notice that describes the nature of the breach, the likely consequence for that individual and the measures taken and to be taken by the Bank to address the breach.

In addition, Jewel has limited access of personal information to those employees, agents, contractors, and other third parties who have a need to know. Those persons will only process your personal information on your instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Privacy Officer.

However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Sites and Services are responsible for maintaining the security of any password, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected.

We also ask that you do your part by taking precautions such as keeping your User ID and password safe, running an updated version of your virus protection software, and notifying us immediately if you suspect fraudulent activity.

You can learn more about safeguarding your information here.

23. Protecting Children

If you are under the age of majority in your jurisdiction of residence, additional consents are required. You may only use the Services with the consent of, or under the supervision of, your parent or legal guardian.

Jewel does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Platform. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children never to provide personal information through our Platform without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to Jewel through our Platform, please contact us, and we will use commercially reasonable efforts to delete that information.

24. Data Protection Principles

The Bank is committed to using and safeguarding your personal information to the highest standard. In order to ensure that these standards are met, the Bank adopts the following privacy principles:

• The lawful, fair and transparent use of personal information.
• The use of personal information for a specific purpose or such purposes as are related to these.
• The use of information is adequate to fulfill the stated purpose, relevant and not excessive.
• Keeping personal information for only as long as required for the intended purpose.
• The use of personal information and sensitive personal information securely.

Jewel will ensure that any personal information used is accurate and kept up to date to the extent necessary for the purposes of that use.

25. Changes to Our Online Privacy Policy

We may add to or change this Policy from time to time and will post the revised Policy on this site. Your continued use of our site or any online service following changes to the Policy will constitute your agreement to any changes.

Any modifications to this Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Site (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site or Services after the posting of any modified Policy indicates your acceptance of the terms of the modified Policy.

26. How to Reach Us

The Chief Risk and Compliance Officer of Jewel has been designated the Privacy Officer of Jewel (the equivalent of the Data Protection Officer under the General Data Protection Regulation, which governs data protection and privacy for our European visitors).

As the Privacy Officer, the Chief Risk and Compliance Officer will be responsible for ensuring compliance with PIPA and the provisions of this Policy and will also have primary responsibility for communicating on behalf of the Bank to the Privacy Commissioner. If you have any questions about our privacy practices and measures, complaints or concerns related to this Policy, or you would like to review or request changes to your personal information, please contact our Chief Risk Compliance Officer, Adam Dean, at privacy@dltjewel.com or write us at:

Jewel Bank
The Swan Building
26 Victoria Street
Hamilton HM12, Bermuda

27. Notice to California Residents

Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, California USA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

28. Notice to European Visitors

28.1. Introduction

At the time of this last update of this Privacy Policy, the European Economic Area consists of the nations included in the European Union, Iceland, Lichtenstein, and Norway. Visitors from the European Economic Area are protected, and subject to, the General Data Protection Regulation, a regulation promulgated by the European Union (“GDPR”). Such persons are afforded certain protections under the GDPR.

References to “personal data” in the GDPR refers to “personal information” described in this Privacy Policy. References to “data subjects” in the GDPR refer to those individuals whose personal information is protected under this Privacy Policy.

28.2. Sensitive Data

Some of the information you provide us may constitute “sensitive data” as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents and financial information.

28.3. Legal Bases for Processing

We will only use your personal information, as permitted by the GDPR and other applicable law.

We are required to inform you of the precise legal bases for processing your personal information. Below is a table which lists the purpose for our processing and its legal basis. If you have questions about the legal bases under which we process your personal information, contact us at privacy@dltjewel.com.

28.4. Use for New Purposes

We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.

28.5.Your Rights

Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

• Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
• Access. Provide you with information about our processing of your personal information and give you access to your personal information.
• Correct. Update or correct inaccuracies in your personal information.
• Delete. Delete your personal information.
• Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
• Restrict. Restrict the processing of your personal information.
• Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to privacy@dltjewel.com. In order to process your request, we may request specific information from you to help us confirm your identity. We reserve the right to decline your request as expressly required by applicable law. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at the above or submit a complaint to the data protection or privacy regulator in your jurisdiction.

Cross-Border Data Transfer

Your personal data will be transferred to, processed, and stored securely in the United States. Data protection and privacy laws in the United States may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the United States as set forth in this Privacy Policy by visiting our site or using our Services.

Whenever we transfer your personal information out of the European Economic Area to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.

Please contact us if you would like to have further information on the transfer of your personal information out of the European Economic Area.

29. References

Jewel Terms of Use