PRIVACY POLICY

Tangem AG (“Tangem”, "us", "we", or "our"), a company organized and existing under the laws of Switzerland, operates the “tangem.com” and the “shop.tangem.com” websites and the Tangem mobile applications ("Services").

This Privacy Policy (the “Privacy Policy”) is applicable between you as user of our Services (“you”, “User”) and us as operator of the Services. This Privacy Policy applies to the use of any Personal Data we collect or that you provide to us in connection with your use of the Service. The purpose of this Privacy Policy is to inform you how your Personal Data is collected, processed, used, and disclosed when you use our Services.

We can assure you that we comply with the European General Data Protection Regulation (“GDPR”) and any other applicable laws and regulations and that we process your personal data lawfully, fairly and transparently.

We use your data to provide and improve our Services. By using the Services, you agree to the collection and use of Personal Data in accordance with this Privacy Policy.

DEFINITIONS

SERVICES

Service means the tangem.com, shop.tangem.com websites and the Tangem mobile applications operated by Tangem.

PARTNER SERVICE

Partner Service means a service or feature offered by a third-party partner directly to users of the Services.

PERSONAL DATA

Personal Data means all information making you directly or indirectly identifiable (e.g. your name, first name, address, phone number or email address but also the IP address of your computer, for example, or the information relating to your browsing of our Website).

DEVICE INFORMATION

Device Information means Personal Data collected automatically, either generated by the use of the Services or from the Services’ infrastructure itself (for example, the duration of a website visit).

DATA CONTROLLER

Data Controller means the natural or legal person determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

DATA PROCESSORS

Data Processor means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Partner Service in order to process your data more effectively as stated in this Privacy Policy.

RESPONSIBLE PERSON / REPRESENTATIVE IN THE EU

Responsible Person for the Personal Data collected is Patrick Storchenegger (“Responsible Person”). For any matters relating to data protection you may contact Patrick Storchenegger by letter to the following address: Tangem AG, Baarerstrasse 10, 6300 Zug, Switzerland Representative in the EU according to article 27 of GDPR is: Patrick Storchenegger.

DATA WE COLLECT

We collect several different types of Personal Data for various purposes described in this Privacy Policy.

PERSONAL DATA YOU PROVIDE US

If you sign up for our newsletter or product deck or chat with us through our Services, you will be asked to provide the following and you may provide it:

When you make a purchase or attempt to make a purchase through our Services, a Partner Service may ask you to provide Personal Data including, but not limited to, the following:

If provided, your email address may be used to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

PERSONAL DATA COLLECTED AUTOMATICALLY LIKE DEVICE INFORMATION / WEBSITE COOKIES / GOOGLE ANALYTICS

When you use the Services, we may automatically collect certain information that your browser sends, including information about your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When you access the Services by or through a mobile device, we may automatically collect information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We collect Device Information and Tracking Cookies Data using the following technologies:

- “Cookies”. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. For more information about cookies, and how to disable cookies, visit  http://www.allaboutcookies.org.

Two types of cookies may be used on the Website - "session cookies" and "persistent cookies". Session cookies are temporary cookies that remain on your device until you leave the Services. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or "lifetime" of the specific cookie and your browser settings).

We collect “Necessary Cookies” and “Performance Cookies” which do not identify you as an individual.

If you do not agree to our use of Cookies, you should set your browser settings accordingly or not use our Services. By continuing to use our Services without changing your settings, you are agreeing to our use of Cookies and the terms with regard to Cookies of this Privacy Policy.

- “Log files”. Log files track actions occurring in the Services, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Services.

- “Google Analytics”. Google Analytics is a web analytics service offered by Google Inc. that tracks and reports website traffic (such as navigation path, length of stay, returning or new user, end device). Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. We do not use the information and personal data collected by Google Analytics to identify individuals unless we become aware of specific indications of illegal use. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:  http://www.google.com/intl/en/policies/privacy/. We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245. You can also opt-out of Google Analytics here:  https://tools.google.com/dlpage/gaoptout. By continuing to use our Services without opting out to Google Analytics, you are agreeing to the collection of data by Google Analytics.

- “Firebase”. Firebase is analytics service for mobile applications, provided by Google Inc. You may opt-out of certain Firebase features by following the instructions provided by Google in their Privacy Policy:  http://www.google.com/intl/en/policies/privacy/. For more information on what type of information Firebase collects, please visit the Google Privacy Terms web page:  http://www.google.com/intl/en/policies/privacy/.

PURPOSE OF THE COLLECTION OF PERSONAL DATA

Tangem uses the Personal Data you provided to us for the following purposes:

Tangem uses the Personal Data collected automatically like Device Information and Tracking Cookies Data for the following purposes:

LEGAL BASIS FOR PROCESSING PERSONAL DATA UNDER GENERAL DATA PROTECTION REGULATION (GDPR)

Tangem’s legal basis according to the GDPR for collecting and using the personal Data described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Tangem may process your Personal Data because:

RETENTION OF DATA

The retention period of Personal Data processed by Tangem may vary depending on common practice, and considered in accordance with the legal obligations and the applicable limitation rules. In any way, Tangem will process and store the Personal Data only for the period necessary to achieve the purpose of storage or as far as this is granted by the applicable laws or regulations.

If the storage purpose is not applicable anymore, or if the storage period prescribed by the applicable laws and regulations expires, the Personal Data is routinely erased in accordance with legal requirements.

TRANSFER OF DATA

Your data, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Tangem will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

DATA DISCLOSURE

We do not sell, lease, rent, or otherwise disclose your Personal Data to third parties except to the technical and logistic service provider of our Website and to suppliers, who are contractually bound to confidentiality, such as outsourcing service providers, logistics, storage providers, marketing and communication providers. When we do so we take steps to ensure they meet our data security standards, so that your Personal Data remains secure.

Tangem may further disclose your Personal Data in the good faith belief that such action is necessary to:

The transfer of data is for purpose of providing and maintaining the functionality of ourWebsite. This is our legitimate interest in the sense of Art. 6 Par.1 lit. b and lit f of GDPR.

If you pay by credit card through the website, we forward your credit card information to the credit card issuer and the credit card acquirer. If you choose to pay by credit card, you will be asked to provide all the necessary information. The legal basis for passing on the data lies in the fulfilment of an agreement in the sense of Art. 6 Par. Lit. b GDPR.

We transmit your Personal Data only to such our employees who are authorized to process them as part of their duties.

All Personal Data used by these third parties is solely used for the purposes of the services provided at your request. Any use for other purposes is strictly prohibited. In addition, any

Personal Data processed by third parties will be in accordance with the terms of this Privacy

Policy and in compliance with the GDPR and any other applicable laws and regulations. The third party providers we use will only collect and use your information to the extent necessary to enable them to perform the services they provide to us.

If the level of data protection in a country where a service provider is located does not correspond to the European data protection level, we contractually ensure that the protection of your personal data corresponds to that in the EU at all times by concluding agreements using the standard contractual clauses complying with the GDPR.

SECURITY OF DATA

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we guarantee to use commercially acceptable means to protect your Personal Data in accordance with the GDPR and other applicable laws and regulations, we cannot guarantee the absolute security and accept no liability of the transmission of your Personal Data through our Services.

We also periodically review and adjust security safeguards as the threat landscape evolves.

Ultimately no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, our policy is to take reasonable steps to investigate the situation and, where appropriate, communicate with affected individuals.

SERVICE PROVIDERS

We may engage the below mentioned Partner Service providers to facilitate our Services, to provide the Services on our behalf, to perform Services’ related services or to assist us in analyzing how our Service is used.

These Partner Services have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy.

We use Moonpay to provide you with the on-ramp and off-ramp services - you can read more about how Moonpay uses your Personal Data here: https://www.moonpay.com/privacy_policy.

You can read more about how Google uses your Personal Data here:  https://www.google.com/intl/en/policies/privacy/.

As described above, we use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at  http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by using the links below:

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:  http://optout.aboutads.info/.

By continuing to use our Services without opting out as described above, you are agreeing to the collection of data by the mentioned Partner Service providers.

DO NOT TRACK

Please note that we do not alter our Service’s data collection and use practices when we see a DoNot Track (“DNT”) signal from your browser.

Our third party partners, such as web analytics companies, may collect information about you and your online activities over time and across our Services and other online properties. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings.

YOUR DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)

Depending on your jurisdiction you may have certain data protection rights. Tangem aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact the Responsible Person as stated in this Privacy Policy.

In certain circumstances, you have the following data protection rights:

CUSTOMERS FROM CALIFORNIA

California law provides California customers with specific rights with regard to the collection, sale,and disclosure of their Personal Data. If you are a California resident, you have the following rights:

We do not sell your Personal Data or collect data to facilitate or enable third parties to advertise to you.

LINKS

The activation of certain links in the Services may cause you to leave the Services. Tangem does not review any of these linked websites and does not warrant or guarantee, either expressly or implicitly, the quality, pertinence, accuracy, completeness, update status, availability or legality of the content of these sites, nor will it be in any way responsible for the products, services, information and other content offered via these linked sites or the processing of your Personal Data through these websites. The same applies to websites offering links to the Services. Furthermore, prior written approval must always be obtained before a link from an external website or mobile application to Services can be created. We advise you to read the privacy policy applicable to such other websites before using them.

MINORS

You must be at least eighteen (18) years of age to register with and use the Services. This Service is not directed to children under 18. We do not intend to collect Personal Data from children under 18.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e‑mail at [email protected] or by mail using the details provided below:

Tangem AG

Re: Privacy Compliance

Baarerstrasse 10, Zug CH-6300, Switzerland

CHANGES TO THE PRIVACY POLICY

From time to time we may change this Privacy Policy in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. You can tell when changes have been made to the Privacy Policy by referring to the “Last Updated” legend at the top of this page. If we materially change the ways in which we use and disclose personal data, we will post a notice in the Services and send an email to our registered users. Your continued use of the Services following any changes to this Privacy Policy constitutes your acceptance of any such changes made.

LAST UPDATED: [June 27, 2022]