GDPR Notice

Scope and Controller

This GDPR Notice applies to the processing of personal data by KATE-BOSWORTH Net, the Knowledge And Trends Exchange for blockchain and traditional markets, accessible in the United States of America and globally. It covers processing carried out in the context of offering our services to individuals in the European Economic Area (EEA), the United Kingdom (UK), Switzerland, and in compliance with applicable United States privacy laws.

Controller: KATE-BOSWORTH Net, owned by Eva van den Bergh. Postal address: 5009 Roosevelt Way NE, Seattle, WA 98105, United States. Contact email: [email protected].

Effective date of this notice: 2025-09-30.

Categories of Personal Data Collected

• Identifiers and contact information: name, username, email address, postal address, country/region, and similar identifiers.
• Account and profile data: credentials (stored in encrypted/hashed form), preferences, watchlists, saved articles, alerts, and communications settings.
• Commercial information: subscription tier, order history, transaction-related details (processed via payment providers; we do not store full payment card numbers).
• Internet or network activity: IP address, device identifiers, browser type, operating system, referring/exit pages, timestamps, page views, clicks, and interaction data.
• Geolocation data: approximate location derived from IP address. We do not collect precise geolocation without your explicit consent.
• User content and communications: inquiries, feedback, survey responses, comments, and support requests.
• Inferences: derived insights about interests and preferences for content personalization.
• Blockchain-related information: public wallet addresses you choose to provide or connect, on-chain activity associated with those addresses, and related metadata.
• Cookie, pixels, and similar technologies data: identifiers and events necessary for site functionality, analytics, and (where permitted) advertising.
• Sensitive data: we do not intentionally collect sensitive personal information (such as precise geolocation, government IDs, or health data). Limited authentication data (e.g., hashed passwords or multi-factor tokens) may be processed for security.

Sources of Personal Data

• Directly from you: when you create an account, subscribe, contact support, or participate in features.
• Automatically: through cookies and similar technologies when you use our services.
• Third parties and service providers: payment processors, analytics providers, and marketing service providers.
• Public and open sources: blockchain networks and explorers, and publicly available datasets.

Purposes of Processing

• Service delivery: to operate, maintain, and provide our website, analytics, research, and user features.
• Account administration: registration, authentication, preferences, and customer support.
• Analytics and improvement: measuring performance, debugging, research, and product development.
• Personalization: tailoring content, alerts, and recommendations.
• Communications: service notifications, transactional messages, and—with your consent—marketing.
• Security and fraud prevention: detecting, preventing, and responding to security incidents and abuse.
• Compliance: meeting legal obligations, enforcing terms, and responding to lawful requests.

Legal Bases for Processing (EEA/UK/Switzerland)

• Consent: for non-essential cookies, marketing communications, and connecting a wallet address.
• Contract: to provide requested services, subscriptions, and account functionality.
• Legitimate interests: to secure our services, prevent fraud, understand service usage, and improve offerings, balanced against your rights.
• Legal obligation: to comply with applicable laws, regulations, and lawful requests.

Sharing and Disclosure

We do not sell personal information for monetary consideration. We may “share” personal information (as defined under certain U.S. state laws) for cross-context behavioral advertising only where permitted by law and subject to your consent or opt-out rights. We disclose personal data to the following categories of recipients:

• Service providers and processors: hosting, cloud infrastructure, analytics, email delivery, customer support, and security vendors operating under written agreements.
• Payment processors: to process transactions and fraud prevention.
• Professional advisors: auditors, legal counsel, and accountants under confidentiality.
• Authorities and legal parties: when required by law or to protect rights, safety, and security.
• Corporate transactions: in connection with mergers, acquisitions, or asset transfers, subject to appropriate safeguards.

Cookies and Similar Technologies

We use the following categories of cookies and similar technologies:

• Essential: required for website functionality and security.
• Functional: to remember preferences and enhance features.
• Analytics: to understand usage and improve performance.
• Advertising: to measure and deliver ads where permitted.

Where required, we will obtain your consent for non-essential cookies. You may manage preferences via your browser settings, our consent tools (where available), or by contacting us at [email protected]. We will honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing where applicable.

Cross-Border Data Transfers

We are based in the United States. If you are in the EEA/UK/Switzerland, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses and supplementary measures where required. You may contact us to obtain a copy of relevant transfer safeguards, subject to redactions to protect confidentiality.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Notice, including to comply with legal, accounting, or reporting requirements. Retention periods depend on factors such as account status, legal obligations, dispute resolution needs, and security requirements. Note: information written to public blockchains cannot be altered or erased by us due to the immutable nature of such networks.

Security

We implement appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege practices, logging, and periodic reviews. No method of transmission or storage is completely secure; if you believe your account or data has been compromised, please contact us immediately at [email protected].

Your Rights under GDPR (EEA/UK/Switzerland)

• Access: obtain confirmation and a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion in applicable circumstances.
• Restriction: request limited processing.
• Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Object: object to processing based on legitimate interests and to direct marketing.
• Withdraw consent: at any time, where processing is based on consent.
• Complaint: lodge a complaint with a supervisory authority in your country of residence or place of work.

To exercise your rights, contact [email protected]. We will respond within one month, extendable by two months for complex requests, and we may take reasonable steps to verify your identity.

United States State Privacy Rights

Residents of certain U.S. states (including California, Virginia, Colorado, Connecticut, and Utah) have rights regarding their personal information. This section serves as a Notice at Collection and describes categories collected, purposes, retention criteria, and rights.

• Categories: identifiers, contact information, commercial information, internet/network activity, geolocation (approximate), user content, inferences, and cookie data; sensitive personal information is not collected except limited authentication data.
• Purposes: as described in “Purposes of Processing.”
• Retention: as described in “Data Retention.”
• Sale/Sharing/Targeted Advertising: we do not sell personal information for money. We may share limited identifiers for cross-context behavioral advertising only with your consent where required. You may opt out at any time, including via GPC signals.

Your state privacy rights may include:

• Access, correction, deletion, and portability.
• Opt-out of sale/sharing/targeted advertising.
• Limit use of sensitive personal information (where applicable; we do not use sensitive PI for inferring characteristics).
• Non-discrimination for exercising your rights.

To exercise rights or submit an appeal of a rights request decision (as required in some states), contact [email protected]. We will respond within 45 days, extendable once by an additional 45 days when reasonably necessary. Authorized agents (California) should provide proof of authorization; we may require verification of the consumer’s identity and confirmation of the request.

Children’s Data

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. We do not knowingly sell or share personal information of consumers under 16. If you believe a child has provided personal information to us, please contact [email protected] to request deletion.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. We may use limited profiling to personalize content and measure engagement; you may object or opt out where applicable.

How to Contact Us

Controller: KATE-BOSWORTH Net, owned by Eva van den Bergh.

Postal address: 5009 Roosevelt Way NE, Seattle, WA 98105, United States.

Email: [email protected].

Updates to This Notice

We may update this Notice from time to time to reflect changes in our practices or legal requirements. We will post the updated version with a new effective date. Material changes will be communicated through appropriate channels. Your continued use of our services after an update signifies your acknowledgment of the changes.