# Privacy and Cookies Policy ## Introduction NodeLink is committed to protecting your privacy. This Privacy Policy outlines the types of personal information we collect from our users when you access the NodeLink Platform (hereinafter “**Platform**”), how we use it, and the steps we take to ensure it remains secure. By using the Platform, you agree to the terms of this Privacy Policy. Last Updated: **April 2026** 1\. Personal Data we collect and how we use it | Types of personal data | Purposes of processing | Legal basis | How long the data is stored | | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | --------------------------- | | First name, last name, email address, phone number, and any information in your communications, support tickets, or AI Chatbot transcripts. | Creating an account for the user. Contacting the user in case this is necessary for account-related issues. Providing automated customer support and maintaining records for the defense of potential legal claims. | Art 6(1)(b) and Art 6(1)(f) in the GDPR | 5 Years | | First name, last name, email address. | To communicate with you regarding account-related updates. | Art 6(1)(c) in the GDPR. | 5 Years | | First name, last name, email address. | To communicate with you regarding promotional offers. | Art 6(1)(a) in the GDPR. | Until consent withdrawal | | Your username, password, other authentication credentials. | Allowing the user the access to their account to use the service offered by NodeLink. | Art 6(1)(b) in the GDPR | 5 Years | | Information related to your transactions on the Platform, such as token conversions, deposits and withdrawals. | Providing the service to the user. | Art 6(1)(b) in the GDPR | 5 Years | | Information about your interactions with NodeLink, including browsing activity, preferences, and AI Chatbot metadata. | To analyse the user’s behavior on the Platform and the usage of its features, in order to make modifications to the Platform and improve user experience. | Art 6(1)(f) – the legitimate interest of NodeLink to improve user experience on the Platform. | 5 Years | | Data related to KYC & AML verification: your address, date of birth, ID number, proof of address, business name, registration number. | To ensure compliance with regulatory authorities’ instructions and international legislation. | Art 6(1)(c) – the legitimate interest of NodeLink to ensure compliance with AML and KYC related legal obligations. | 5 Years | ## 2. Information Sharing 2.1 We may share your personal information with third parties under the following circumstances: 2.1.1 With service providers: to assist in the operation of NodeLink and provide services on our behalf and ensure KYC/AML verification, payment and wallet management services, analytics and customer support. The legal basis for the processing of your personal data in this case is either Art 6(1)(b) or legitimate interest under Art 6(1)(f) in the GDPR. 2.1.2 We utilize third-party AI processors (such as OpenAI) to facilitate our chatbot functionality. These providers process data in accordance with their own privacy policies and terms of service. 2.1.3 With affiliates: for business purposes, including but not limited to marketing and advertising. The legal basis for disclosing your personal data in this case is either Art 6(1)(a) or Art 6(1)(f) in the GDPR. 2.1.4 With legal authorities: in response to legal requests, court orders, or as required by applicable law. The legal basis for disclosing your personal data in this case is the legitimate interest of NodeLink to process personal data for the establishment, exercise or defence of legal claims under Art 6(1)(f) in the GDPR. 2.2 In cases where the third parties are in the role of a data processor pursuant to the GDPR, we share your personal data with third parties only if NodeLink has signed a data processing agreement with the third party, according to Art 28(3) in the GDPR. 2.3 We may also access your personal data related to KYC/AML verification, previously collected by another company (the original controller) and shared with us, solely for the regulatory compliance, AML, fraud prevention and compliance with other legal obligations. Such access is limited to data necessary to perform these compliance activities and is conducted under a formal data sharing agreement, or similar arrangement, with the original data controller. 2.4 International Data Transfers: As NodeLink operates globally, your personal data may be transferred to, and processed in, countries outside of the European Economic Area (EEA), including the British Virgin Islands. Where personal data is transferred outside the EEA to a jurisdiction that is not subject to an adequacy decision by the European Commission, such transfers are strictly protected via the implementation of Standard Contractual Clauses (SCCs) approved by the European Commission, or other equivalent statutory safeguards in accordance with Chapter V of the GDPR. ## 3. Data Security 3.1 We implement appropriate technical and organizational measures to safeguard your personal information against unauthorized access, disclosure, alteration, or destruction. 3.2 Sensitive data is encrypted during transmission and storage, access to your information is restricted to authorized personnel only, and regular security audits and assessments are conducted to maintain high security standards. ## 4. Your rights 4.1 You have the following rights regarding your personal information: 4.1.1 to request access to and obtain a copy of your personal information; 4.1.2 to request the correction of inaccurate or incomplete personal information; 4.1.3 to request the deletion of your personal information under certain circumstances; 4.1.4 to request that NodeLink restricts personal data processing pursuant to Art 18(1) in the GDPR; 4.1.5 to object to the processing of your personal information for specific purposes; 4.1.6 to request the transfer of your personal information to another data controller; 4.1.7 to access and update your personal information; 4.1.8 to file a complaint with the relevant data protection supervisory authority. 4.2 Please note that the data subject can exercise his or her rights, taking into account relevant restrictions in the GDPR and other applicable data protection related legal acts. ## 5. Third-Party Links 5.1 The Platform may contain links to third-party or featured websites or services or integrate third-party tools (such as AI chat widgets). We are not responsible for the privacy practices or content of these third parties. Please review the privacy policies of these websites or services before providing any personal information. ## 6. Cookies 6.1 The Platform uses cookies and similar tracking technologies to ensure essential functionality, analyze user traffic, and improve your overall experience. 6.2 We utilize essential cookies that are necessary for the Platform to operate securely, as well as analytical and functional cookies to understand user behavior and remember your preferences. 6.3 You can control or delete cookies through your internet browser settings. Please note that disabling essential cookies may impact the functionality and performance of the Platform. ## 7. Changes to This Policy 7.1 We reserve the right to update or modify this Privacy & Cookies Policy at any time. Any updates or modifications will be posted on the website and continued use of the Platform constitutes acceptance of the updated or modified Privacy & Cookies Policy. 7.2 An up-to-date version of the Privacy & Cookies Policy will always be available on the Platform. ## 8. Contact information If you have any questions or concerns regarding this Privacy & Cookies Policy, please raise a ticket and our support team will take care of you. Entity: NODELINK LTD Email: Address: Aleman, Cordero, Galindo & Lee Trust (BVI) Limited, 3rd Floor, Yamraj Building, Market Square, P.O. Box 3175, Road Town, Tortola, British Virgin Islands. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nodelink.now/legal-docs/privacy_and_cookies_policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.