Privacy Policy

OGF (BVI) Ltd. ("we," "our," or "us") takes the protection of personal data ("Personal Data") very seriously. Please read this Privacy Policy carefully.

This Privacy Policy applies to the CROSS Governance Voting Service (the "Service") operated by us. It explains how we handle the personal information collected when you use the Service, outlines your rights regarding your Personal Data, and describes how you can contact us if you have any questions. We process your personal information responsibly and in compliance with applicable laws and regulations.

By using, accessing, linking to, or engaging with the Service, you consent to the collection, use, disclosure, storage, and security of your information as described in this policy. If you do not agree with this policy, please do not use, access, or link to the Service.

There must be a valid basis for using your personal data, which is referred to as the "legal grounds for processing" under certain laws. We process your personal data based on the following grounds:

• Your Consent: This means that, as the data subject, you have agreed and consented to the processing of your personal data for the specified purposes.
• Legal Obligation: The processing of your personal data is necessary for us to comply with our legal obligations.

We collect the following personal data. The types of personal data we collect may vary depending on how you use or interact with our Service. The information below is essential for providing our Service, and without it, we will not be able to provide the requested services. We do not collect additional categories of personal data without informing you.

We may process your personal data for the following purposes:

• To Provide and Operate Our Service: Your personal data is used to process governance voting, handle staking and delegation, calculate voting power, communicate regarding service usage, and for other customer support purposes.
• To Safeguard Our Service and User Information: Your personal data is used to identify and address violations, investigate suspicious activities, detect, prevent, and respond to harmful or illegal actions, and detect fraudulent activities.
• To Respond to Customer Support Inquiries: Your personal data may be used to manage your inquiries and requests by sending emails or communicating with you in other ways.
• To Improve Service Quality: Your personal data may be used for analytical purposes to help us better understand usage patterns, allowing us to enhance the quality of our Service.
• To Comply with Legal and Regulatory Obligations: Your personal data may be used to enforce our service terms, comply with laws, legal processes, or legal obligations, exercise or defend legal claims, detect, prevent, or address fraud, comply with requests from law enforcement, regulatory, and tax authorities (both domestic and international), resolve security or technical issues, or otherwise protect the property and legal rights of the company or others.

We retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy or as instructed by you. This includes retaining data for legal, accounting, or other obligations. However, exceptions apply in cases where longer retention periods are required or permitted by law, and we may retain your personal data for the duration necessary for legal claims, complaints, lawsuits, or regulatory procedures.

Voting and staking data recorded on the blockchain cannot be modified or deleted due to the inherent nature of blockchain technology and remains permanently and publicly accessible.

We entrust the development, operation, and maintenance of the Service to NEXUS Co., Ltd. ("NEXUS"). NEXUS processes personal data within the scope necessary for service operation in accordance with our instructions, and performs tasks including blockchain network operation, voting system development and maintenance, and customer support.

Additionally, cloud service providers may be used for data storage and service operation.

Voting and staking data is recorded on the CROSS blockchain network and is publicly accessible to validator nodes and network participants due to the inherent nature of the blockchain.

When handling personal data through third parties, we make reasonable efforts to ensure that the data is processed securely in compliance with applicable requirements, such as Data Processing Agreements (DPAs).

The Company is a global service provider based in the British Virgin Islands. If you reside outside the British Virgin Islands, your personal information will be transferred internationally in the course of using our Service.

When transferring personal information to regions outside of your jurisdiction, the Company will make reasonable efforts to implement appropriate safeguards to protect the rights of data subjects.

We may disclose your personal data to the extent required by legal obligations or when we believe in good faith that disclosure is necessary to comply with legal processes. In such cases, the receiving entity may not be able to ensure the same level of security for your personal data.

Additionally, we may disclose your personal data in connection with the transfer of business or corporate restructuring.

You have specific rights regarding the personal data we collect and process. You may exercise these rights concerning the personal data we process about you.

• Right of Access or Right to be Informed: You have the right to obtain information about our data processing activities concerning you, and to confirm whether we are processing personal data about you. If so, you may obtain a copy of such personal data along with certain related information.
• Right to Rectification or Correction: You have the right to request the correction of any inaccuracies in the personal data we hold about you without undue delay, as well as the completion of incomplete personal data.
• Right to Deletion or Erasure: You have the right to request the anonymization, deletion, or removal of your personal information when appropriate. However, data recorded on the blockchain cannot be modified or deleted due to its technical nature.
• Right to Withdraw Consent: If we rely on your consent as the legal basis for processing your personal data, you can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights provided to you under law.
• Identity and Authority Verification: To respond appropriately to your privacy rights requests, we may need to verify your identity and may request additional information.
• Response Time and Format for Your Requests: We will acknowledge receipt of your request within 30 business days and inform you of the expected response time. Typically, we will respond within 30 business days from the date of receipt. However, if more time is required (up to 30 days), we will inform you of the reason for the delay. We do not charge fees to process your request. However, if your request is excessive, repetitive, or manifestly unfounded, we may charge a fee.

We take the security of your personal data seriously and have established a dedicated team with expertise in information security. We implement technical, administrative, and physical measures designed to protect your personal data, and we will continuously improve and maintain these measures. These measures include encryption and deletion.

Cookies are small text files that are downloaded to your device when you visit a website. More general information about cookies can be found at www.allaboutcookies.org.

We use essential cookies. Essential cookies are strictly necessary for the use of our Service and are essential for enabling various functions such as normal service operation and basic settings related to personal information. As the Service cannot be provided without these cookies, you cannot refuse the use of essential cookies.

The Service is not intended for children, and the Company does not knowingly collect personal information from children. To use the Service, you must be legally capable of entering into a contract.

We reserve the right to amend this Privacy Notice at any time to reflect changes in the law, our data collection, use or sharing practices or advances in technology. We will make the revised Privacy Notice accessible throughout the Service. You should review this Privacy Notice periodically. The "Date of Last Revision" included at the top of this Privacy Notice will indicate when it was last updated.

By continuing to access or use the Service, you are confirming you have read and understand the latest version of this Privacy Notice.

If you have any questions about this privacy policy or concerns related to your personal data or this privacy policy, please contact us at:

Email: privacy@ogfcorp.com

It may take up to one month to respond to your inquiry.