Privacy Policy

Privacy Policy

Last updated: June 16, 2025

Your privacy is important to us. Hilter Ltd. (“Hilter”, “we”, or “us”) wants you to be familiar with how we collect, use, disclose, and protect your Personal Information.

This Privacy Policy (“Policy”) explains how we collect, use, and disclose your Personal Information when you visit or use services made available through our websites (“Websites”) and associated platforms operated by us from which you are accessing this Policy (collectively, the “Services”), including:

• The Hilter network, through which you are able to access and interact with a foundational layer for regulated assets (“Hilter Blockchain”);
• The Hilter Wallet, through which you are able to manage your digital assets.

This Policy also describes other important topics relating to your privacy and your rights.

Consent

By using the Services, or by otherwise choosing to submit Personal Information to Hilter, you consent to the collection, use, and disclosure of your information as outlined in this Policy, to the extent such processing is based on your consent.

At any time, you have the right to withdraw your consent to future collection and use of your information where processing is based on consent, subject to reasonable notice and legal, contractual, and technological limitations. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You may withdraw your consent or exercise your privacy rights:

• through any in-app or account settings that we make available for that purpose (where applicable); and/or
• by writing to the e-mail address set out in the Contact Us section below.

Modifications

We may change this Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by revising the effective date at the top of the Policy or placing a notice on our Websites and associated platforms through which you use our Services, or, at our discretion, contacting you using any contact information you have provided.

We encourage you to review the Policy whenever you access the Services to stay informed about our information practices.

Information that We Collect

Hilter may collect various categories of Personal Data when you access its Website, register on the Hilter Platform, utilize Hilter Services, or engage with the company through any communication channel or medium.

1. Information Provided Directly by You

This includes, but is not limited to:

• Identity Data: Your full name, date and place (or country) of birth, personal photograph or selfie, scanned copies or photos of identification documents (such as passport, national ID, or driver's license — both sides), email address, any declared official position or social status, and information regarding sanctions status.
• Contact & Communication Data: Permanent and current residential addresses, phone numbers, social media handles or profile information, and any messages exchanged via social networks or other communication platforms.
• Employment Data: Information about your profession, industry, and employment status.
• Financial Data: Bank account details, digital asset wallet addresses, source of funds or crypto assets, transaction records, and details of assets held within the Hilter Platform.
• Other Voluntarily Provided Data: Any other personal information you choose to share with Hilter.

2. Information Automatically Collected

When you use the Hilter Platform, certain data is collected automatically, including:

• Technical Information: Device specifications, network-related data, internet connectivity details, account access metadata, browser type and version, time zone settings, installed browser extensions, operating system and platform, screen resolution, geolocation data (where enabled in your device settings and permitted by applicable law), and font rendering details.
• Usage & Activity Data: Visit logs (including URLs visited on or via the Hilter Platform, with timestamps), cookie and Terms acceptance, service interactions or searches, referring or exit pages, viewed files (e.g., HTML, graphics), page response times, loading errors, page access durations, user interactions (clicks, mouse movements), and exit paths. More information is available in our Cookies Policy.
• Service-Generated Information: Data generated through your use of Hilter Services, such as asset holdings, account status, loyalty tier, transaction logs, activity history, IP logs, and location data.

3. Information from Third Parties

Hilter may obtain Personal Data about you from third-party sources strictly for purposes such as account setup, identity verification, sanctions screening, fraud prevention, and legal due diligence, in line with regulatory requirements (for example, from KYC/AML providers, sanctions lists, banks, payment service providers or business partners).

Hilter does not seek or collect any other Personal Data from third parties beyond what is specified above. Please be aware that if you choose not to provide required information — especially when mandated by law or necessary for contractual obligations — we may be unable to initiate or continue offering certain Services.

How Do We Use Your Personal Information?

Information we collect is used by Hilter and its service providers to:

• Provide you with the functionality of the Services and fulfil your requests.
• Create your account and associated decentralized identity to enable you to access the Services.
• Create and maintain your Hilter Wallet to enable you to access the Services.
• Send you technical notices, updates, security alerts, and support and administrative messages.
• Respond to your comments, questions and requests and provide you customer service.
• Communicate with you about products, services, and events we think will be of interest to you (where permitted by law and, where required, with your consent).
• Understand users and potential users and their interests in Hilter products and services; manage our relationship with users; enhance user experience on our platforms and applications; and improve our platforms and applications.
• Monitor and analyze trends, usage and activities in connection with our Services so that we can improve our Services.
• Conduct audits to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements.
• Carry out any other purpose for which the information was collected and for which you have provided your consent.
• Verify your identity and comply with our client identification, anti-money laundering, counter-terrorist financing, sanctions and other regulatory obligations.
• Prevent fraud and abuse: we process your Personal Data to monitor and detect security incidents, to protect against malicious, deceptive, fraudulent or illegal activity, including money laundering, terrorism financing and other criminal activities, and to hold those responsible for such activity.

We may aggregate and anonymize Personal Information so that it may not be used to identify you or any other individual. We do so to generate data for our use, which we may use and disclose for any purpose, if permitted by applicable law.

Disclosure of Your Personal Information

We do not sell your Personal Information. We only disclose your Personal Information as described in this Policy and in accordance with applicable law.

We may disclose your Personal Information to:

• Service Providers and Processors: Third-party vendors that provide services on our behalf, such as cloud hosting and infrastructure, customer support, analytics, identity verification and KYC/AML services, sanctions screening, payment and banking partners, communication tools, and professional advisors (e.g., legal, compliance, audit). These parties are authorized to use your Personal Information only as necessary to provide these services to us and are contractually required to protect your Personal Information with a level of protection at least equivalent to that described in this Policy.
• Affiliates: Our group companies, to the extent necessary to operate the Services, provide support, or for internal administrative purposes, consistent with this Policy.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, reorganization, or similar event, in which Personal Information may be disclosed as part of the transaction subject to appropriate safeguards and, where required, additional notices.
• Legal and Regulatory Authorities: Competent law enforcement, regulatory, government or judicial authorities, where we believe disclosure is necessary (i) to comply with applicable law, regulation, legal process or enforceable governmental request; (ii) to enforce our terms and conditions; (iii) to protect the security or integrity of the Services; or (iv) to protect the rights, property, or safety of Hilter, our users, or others.
• With Your Consent: We may share your information with third parties when you have provided your explicit consent to such sharing for a specific purpose.

Where required by applicable law (for example, where personal data would be shared with third-party analytics or artificial intelligence providers), we will clearly disclose such sharing to you and obtain your explicit permission before doing so.

Security

Hilter uses physical, technological, and organizational security measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.

Hilter stores Personal Data collected via its Platform or other channels on secure servers located within a cloud infrastructure in the European Union. The company is certified under ISO 27001 and employs a range of security practices tailored to the nature of its services. These include appropriate administrative, technical, human, and physical safeguards designed to protect Personal Data from accidental loss, unauthorized access or use, alteration, or disclosure.

Technical security measures may include, but are not limited to, firewalls, encryption protocols, and other network protections.

Access to Personal Data is strictly limited to authorized personnel — such as employees, agents, contractors, or relevant third parties — who require such access for legitimate business or legal purposes. These individuals or entities operate strictly under Hilter’s instructions and are bound by confidentiality obligations. All personnel with access rights are thoroughly vetted, regularly re-evaluated, and required to uphold strict data confidentiality at all times.

However, while we have taken steps to help protect your Personal Information, we cannot fully eliminate security risks associated with Personal Information. No security measures can provide absolute protection. We cannot ensure or warrant the security of any information you provide to us.

Storage and Retention

The retention period of Personal Data varies depending on its category and intended use:

Certain types of data may be automatically deleted according to predefined schedules or scripts, or upon your request, where this is technically feasible and legally permitted. For instance, if you opt out of receiving marketing communications, your email address will be retained on a suppression list to ensure you are not contacted again for promotional purposes.

Other categories of information — such as account-related data — may be stored for extended periods, in line with your contractual relationship with us, relevant industry standards, and our legitimate business interests. These interests may include, for example, the prevention of misuse or abuse of promotions and similar forms of activity.

Some data may also be retained for internal business purposes aligned with our legitimate interests, including service and product enhancement, fraud detection and prevention, record-keeping, complaint handling, or the enforcement and defense of legal rights.

Additionally, certain Personal Data must be retained in order to meet legal, audit, and regulatory obligations. These may include, but are not limited to, compliance with FATF (Financial Action Task Force) recommendations and applicable anti-money laundering laws, which may require us to store relevant Personal Data for a minimum of five (5) years after the termination of our business relationship. In specific situations, this retention period may be extended if mandated by applicable law.

When you request deletion of your account or certain Personal Data, we will delete or anonymize such information without undue delay, unless we are required or permitted to retain it for a longer period under applicable law (for example, to comply with AML/CTF requirements) or for the establishment, exercise or defence of legal claims.

Your Rights

Your rights as a Data Subject may vary depending on your country of residence, citizenship, or the jurisdiction from which you access the Hilter Platform. Based on applicable privacy laws, including the General Data Protection Regulation (GDPR) and other regional legislation, you may be entitled to exercise one or more of the following rights.

Upon receiving your request through the contact details provided below, Hilter will respond without undue delay, and within legally established timeframes — generally within 30 days, with a possible extension of up to two additional months in accordance with Article 12 of the GDPR, unless otherwise specified by applicable data protection laws.

Your rights may include:

Right of Access

You have the right to confirm whether your Personal Data is being processed, and, if so, to access related information — including the purpose of processing, types of Personal Data collected, recipients of the data, and applicable retention periods.

Right to Rectification

You may request correction of any inaccurate Personal Data or completion of incomplete data.

Right to Erasure (“Right to be Forgotten”)

In certain circumstances, you have the right to request the deletion of your Personal Data, for example where it is no longer necessary in relation to the purposes for which it was collected, where you have withdrawn consent (where processing was based on consent), or where you have successfully objected to processing. This right may be limited where we are required to retain data by law or for legitimate business purposes (such as compliance with AML/CTF obligations or for the establishment, exercise or defence of legal claims).

Right to Restrict Processing

In certain circumstances, you may request that we limit the processing of your Personal Data (for example, while we verify the accuracy of your data or the basis of a legal claim).

Right to Data Portability

You are entitled to:

• receive your Personal Data in a structured, commonly used, and machine-readable format; and
• request the transmission of your data to another data controller, where technically feasible.

Right to Object to Processing

You have the right to object to the processing of your Personal Data for purposes such as profiling, direct marketing, or scientific, statistical, and historical research, where applicable. When you object to processing for direct marketing, we will stop processing your Personal Data for such purposes.

Right to Object to Automated Decision-Making

You may object to decisions made solely through automated processing — including profiling — that produce legal or similarly significant effects on you, and you may request human intervention in such decision-making, where required by law.

To ensure the protection of your privacy, Hilter may take reasonable steps to verify your identity before fulfilling your request. While we will make every reasonable effort to investigate and comply with valid requests in accordance with applicable law, certain limitations may apply. For example, we may withhold access to information if it compromises the rights or identity of another individual.

Hilter also reserves the right to decline requests that are, in its sole judgment, manifestly unfounded, excessive, or otherwise non-compliant with relevant legal standards.

Please note: if your request concerns publicly available Personal Data, you must contact the third-party source that published such information.

Hilter does not generally charge any fees for processing your rights requests. However, a reasonable administrative fee may apply if the request is deemed to be clearly unfounded or excessive, as permitted by applicable law.

You can exercise your rights by:

• using any in-app tools or account settings that we provide for privacy management (where available); and/or
• contacting us via the e-mail address provided in the Contact Us section below.

Children’s Privacy

Our Services are not directed to, and we do not knowingly collect Personal Data from, children under the age of 16 (or any higher age where required by applicable law). If we become aware that we have collected Personal Data from a child contrary to this Policy, we will take steps to delete such information as soon as reasonably practicable.

If you believe that a child has provided Personal Data to us, please contact us using the details in the Contact Us section below.

Contact Us

We value your opinion. If you have any comments or questions about this Privacy Policy, Hilter’s handling of your Personal Data, a possible Personal Data Breach, or if you wish to exercise your rights, please send an email to Hilter’s Support Service. Hilter will treat your requests or complaints confidentially.

Hilter’s Support Service: support@hilter.com