RJV TECHNOLOGIES LTD COOKIE POLICY

Document Version: 1.0
Effective Date: January 1, 2026
Last Updated: July 2, 2025
Document Classification: Public Policy
Approval Authority: Chief Executive Officer
Review Cycle: Annual
Next Review Date: January 1, 2027
International Compliance Framework: European Union General Data Protection Regulation (GDPR), United Kingdom Data Protection Act 2018, California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Brazil Lei Geral de Proteção de Dados (LGPD), Canada Personal Information Protection and Electronic Documents Act (PIPEDA), Australia Privacy Act 1988, Singapore Personal Data Protection Act (PDPA), Japan Act on Protection of Personal Information (APPI), South Korea Personal Information Protection Act (PIPA), India Digital Personal Data Protection Act 2023 and all applicable international, federal, state, provincial, territorial and local privacy and data protection laws and regulations worldwide

---

CHAPTER I: FUNDAMENTAL DEFINITIONS AND SCOPE OF APPLICATION

Article 1: Interpretative Framework and Definitional Constructs

This Cookie Policy (“Policy”) constitutes a legally binding agreement between RJV Technologies Ltd and its global subsidiaries, affiliates, partners, and associated entities operating under any jurisdiction worldwide (“Company,” “we,” “us,” “our”), and any natural or legal person, regardless of geographical location, citizenship, residency, or domicile (“User,” “you,” “your,” “Data Subject”) who accesses, uses, or interacts with our digital properties, services, platforms, applications, or any associated technological infrastructure from any location worldwide.

This Policy applies with full legal force and effect across all jurisdictions where we operate, provide services, collect data or maintain any form of digital presence ensuring compliance with the most stringent applicable privacy and data protection laws regardless of the User’s location, our operational jurisdiction or the location of data processing activities.

For the purposes of this Policy the following definitions shall apply with full legal force and effect across all applicable jurisdictions:

“Cookies” means small text files, data packets, tracking technologies, identification mechanisms or similar technological instruments that are downloaded to, stored on, accessed from or otherwise interact with your device, browser, application or system when you visit our website, use our services, interact with our digital properties or engage with any content, advertisements or third party integrations associated with our services.

This comprehensive definition encompasses but is not expressly limited to HTTP cookies, secure cookies, session cookies, persistent cookies, first party cookies, third party cookies, flash cookies, Local Shared Objects (LSOs), web beacons, clear GIFs, pixel tags, tracking pixels, web bugs, action tags, local storage objects, session storage mechanisms, IndexedDB storage systems, WebSQL databases, HTML5 storage, browser fingerprinting techniques, device fingerprinting methodologies, canvas fingerprinting, audio context fingerprinting, WebGL fingerprinting, font fingerprinting, screen resolution fingerprinting, time zone fingerprinting, language fingerprinting, plugin fingerprinting, hardware fingerprinting, behavioural fingerprinting, keystroke dynamics analysis, mouse movement tracking, scroll behaviour analysis, cross device tracking identifiers, probabilistic identifiers, deterministic identifiers, hashed identifiers, encrypted identifiers, advertising identifiers, analytics identifiers, social media plugins, embedded content trackers, JavaScript tags, server side tracking, client side tracking, hybrid tracking mechanisms, machine learning algorithms for behavioural analysis, artificial intelligence powered identification systems and any other current, emerging or future technological mechanism, methodology or system that enables, facilitates or permits the collection, storage, processing, analysis, transmission, sharing or utilization of information about your device, browser, application, system, behaviour, preferences, interactions, activities or any other data points or characteristics.

“Personal Data” means any information, data point, characteristic, identifier or attribute relating to an identified or identifiable natural person (“Data Subject”) where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This definition aligns with and encompasses the broadest interpretation under GDPR, CCPA, CPRA, LGPD, PIPEDA and all other applicable international privacy laws including but not limited to biometric data, genetic data, health data, financial data, location data, behavioural data, inferential data, derived data, pseudonymized data, anonymized data that can be re identified, IP addresses, device identifiers, browser fingerprints and any other information that alone or in combination with other information could identify, relate to, describe, be associated with or be reasonably linkable to a particular individual.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction as well as any form of automated decision making, profiling, analytics, machine learning, artificial intelligence processing, algorithmic processing or any other technological or manual operation performed on data.

“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data.

“Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

“Consent” means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they by a statement or by a clear affirmative action, signify agreement to the Processing of Personal Data relating to them meeting the highest standards required under applicable privacy laws including GDPR Article 7, CCPA Section 1798.140 and equivalent provisions under all applicable jurisdictions.

“Legitimate Interest” means the lawful basis for Processing Personal Data when it is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data in accordance with applicable legal frameworks and subject to proper balancing tests and impact assessments.

Article 2: Territorial Scope and Jurisdictional Application

This Policy applies to all Processing activities conducted by RJV Technologies Ltd regardless of whether the Processing takes place within or outside the boundaries of any specific jurisdiction, provided that such Processing activities relate to:

The offering of goods or services to Data Subjects located in any jurisdiction worldwide irrespective of whether payment is required from such Data Subjects or the monitoring of behaviour of Data Subjects taking place within any jurisdiction worldwide including but not limited to tracking, profiling, behavioural analysis, predictive analytics or any other form of monitoring or surveillance.

This Policy is designed to ensure compliance with the most stringent requirements under all applicable privacy and data protection laws worldwide, including but not limited to the European Union General Data Protection Regulation (Regulation 2016/679) the United Kingdom Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Brazil Lei Geral de Proteção de Dados (Law No. 13,709/2018), the Canada Personal Information Protection and Electronic Documents Act, the Australia Privacy Act 1988, the Singapore Personal Data Protection Act 2012, the Japan Act on Protection of Personal Information, the South Korea Personal Information Protection Act, the India Digital Personal Data Protection Act 2023 and any other current or future privacy, data protection or cybersecurity laws and regulations enacted in any jurisdiction worldwide.

In the event of conflicting requirements between different jurisdictions we shall apply the most protective standard for Data Subjects while maintaining compliance with all applicable legal obligations.

CHAPTER II: COMPREHENSIVE COOKIE CLASSIFICATION AND TECHNICAL SPECIFICATIONS

Article 3: Essential and Strictly Necessary Cookies

Essential Cookies are those that are absolutely necessary for the provision of our services and the basic functionality of our digital properties.

These cookies are deployed without requiring explicit consent as they are essential for the performance of the contract between the User and the Company or for compliance with legal obligations.

Technical Implementation and Functionality: Essential Cookies include but are not limited to session management cookies that maintain user authentication states, load balancing cookies that distribute traffic across our servers, security cookies that implement fraud prevention and cybersecurity measures, accessibility cookies that maintain user accessibility preferences and functional cookies that remember user language preferences, regional settings or other basic functional preferences necessary for service delivery.

Data Processing Characteristics: These cookies typically store minimal data necessary for functionality, implement appropriate security measures including encryption where feasible, maintain data minimization principles and are automatically deleted upon session termination or within the shortest possible timeframe consistent with their essential function.

Legal Basis: The legal basis for processing Essential Cookies is the performance of a contract with the Data Subject (GDPR Article 6(1)(b)) compliance with legal obligations (GDPR Article 6(1)(c)) or legitimate interests (GDPR Article 6(1)(f)) where the legitimate interest is the provision of basic website functionality that the User has explicitly requested.

Article 4: Analytics and Performance Measurement Cookies

Analytics Cookies are deployed to collect information about how Users interact with our digital properties enabling us to analyse website performance, understand user behaviour patterns, identify technical issues, optimize user experience and improve our services through data driven insights.

Comprehensive Data Collection Scope: These cookies may collect and process a wide range of information including but not limited to pages visited, time spent on each page, click patterns, scroll behaviour, form interactions, error messages encountered, browser type and version, operating system information, screen resolution, device type, referral sources, search terms used to find our website, exit pages, bounce rates, conversion events, goal completions, ecommerce transaction data, demographic information inferred from behaviour patterns, geographic location information, session recordings, heatmap data, user journey analysis, A/B testing results, multivariate testing outcomes, cohort analysis data, retention metrics, engagement metrics, and any other behavioural or technical data points that contribute to performance analysis and optimization.

Advanced Analytics Capabilities: Our analytics implementation may include advanced features such as cross device tracking to understand user journeys across multiple devices, predictive analytics to forecast user behaviour and preferences, machine learning algorithms to identify patterns and anomalies, artificial intelligence powered insights generation, real time analytics processing, historical trend analysis, comparative benchmarking, segmentation analysis, attribution modelling and integration with business intelligence systems.

Third Party Analytics Providers: We may utilize third party analytics services including but not limited to Google Analytics, Adobe Analytics, Mixpanel, Amplitude, Hotjar, Crazy Egg, FullStory, LogRocket and other industry standard analytics platforms.

When utilizing third-party services we ensure appropriate data processing agreements are in place, conduct due diligence on third party privacy practices, implement data minimization where possible and provide transparency about third party involvement in our privacy notices.

Legal Basis and Consent Requirements: The legal basis for Analytics Cookies varies by jurisdiction and specific implementation.

In jurisdictions requiring explicit consent for non essential cookies we obtain freely given, specific, informed and unambiguous consent before deploying Analytics Cookies.

In jurisdictions permitting legitimate interest as a legal basis we conduct balancing tests to ensure our legitimate interests do not override User rights and freedoms.

Article 5: Advertising and Marketing Cookies

Advertising Cookies are sophisticated tracking mechanisms designed to create detailed user profiles for targeted advertising, personalized marketing, cross platform campaign optimization and revenue generation through advertising partnerships and affiliate marketing programs.

Comprehensive Advertising Data Processing: These cookies enable extensive data collection and processing activities including but not limited to behavioural profiling based on browsing history, purchase history and interaction patterns, demographic inference through data analysis and third party data enrichment, interest categorization and preference modelling, lookalike audience creation, custom audience development, retargeting campaign implementation, dynamic creative optimization, real time bidding participation, cross device identity resolution, offline to online attribution, multi touch attribution modelling, lifetime value calculation, churn prediction, propensity scoring and comprehensive advertising performance measurement.

Advanced Targeting and Personalization: Our advertising technology stack implements sophisticated targeting capabilities including contextual targeting based on page content and user context, behavioural targeting utilizing historical user behaviour patterns, demographic targeting based on inferred or declared demographic information, geographic targeting utilizing location data and IP geolocation, temporal targeting based on time of day and day of week patterns, device targeting optimized for specific device types and capabilities, platform targeting across web, mobile and connected TV environments, lookalike modelling to identify similar users to existing customers, custom audience creation based on first party data and dynamic creative personalization that adapts advertising content in real time based on user characteristics.

Third Party Advertising Networks and Partners: We maintain partnerships with numerous third party advertising networks, demand side platforms, supply side platforms, data management platforms, customer data platforms and marketing technology providers including but not limited to Google Ads, Facebook Advertising, Amazon Advertising, Microsoft Advertising, The Trade Desk, Adobe Advertising Cloud, Salesforce Marketing Cloud, Oracle Data Cloud and other industry leading advertising technology companies.

These partnerships enable programmatic advertising, real time bidding, cross platform campaign execution and comprehensive attribution measurement.

Data Sharing and Monetization: Advertising Cookies may facilitate data sharing arrangements with advertising partners, affiliate networks, marketing agencies and other third parties for the purpose of advertising optimization, audience extension, collaborative filtering and revenue generation.

All data sharing arrangements are governed by appropriate data processing agreements, privacy safeguards and user consent mechanisms where required by applicable law.

User Rights and Control Mechanisms: Users maintain comprehensive rights regarding Advertising Cookies including the right to consent or refuse consent, the right to withdraw consent at any time, the right to access information about advertising profiles created about them, the right to rectify inaccurate advertising data, the right to delete advertising profiles, the right to port advertising preference data and the right to object to advertising processing based on legitimate interests.

Article 6: Social Media Integration Cookies

Social Media Cookies are deployed through social media plugins, widgets, sharing buttons, embedded content and integration features that connect our digital properties with social media platforms and enable social functionality, content sharing, social authentication and social advertising capabilities.

Social Platform Integration Scope: Our social media integrations encompass major platforms including but not limited to Facebook, Instagram, Twitter, LinkedIn, YouTube, TikTok, Pinterest, Snapchat, Reddit, Discord, Telegram, WhatsApp, and emerging social platforms.

These integrations enable diverse functionality including social login and authentication, content sharing and distribution, social commenting systems, social media feed embedding, social advertising pixel implementation, social analytics and measurement, influencer collaboration tools, user generated content aggregation, social commerce capabilities and community building features.

Data Collection Through Social Integration: Social Media Cookies facilitate extensive data collection including social media account information accessible through platform APIs, social network connections and relationship data, social media activity and engagement patterns, content sharing behaviour and preferences, social media profile information and demographics, social graph analysis and network mapping, social media advertising interaction data, cross platform identity resolution, social media sentiment analysis and social influence measurement.

Cross Platform Data Sharing: Social media integrations often involve data sharing between our platform and social media companies enabling advanced advertising targeting, audience creation, conversion tracking, attribution measurement, lookalike modelling and social advertising optimization.

This data sharing is governed by the respective social media platforms’ terms of service, privacy policies and data processing agreements.

User Control and Privacy Settings: Users can control Social Media Cookies through multiple mechanisms including platform specific privacy settings, social media account privacy controls, browser cookie management, our consent management platform and direct communication with social media platforms regarding data processing practices.

CHAPTER III: COMPREHENSIVE CONSENT MANAGEMENT FRAMEWORK

Article 7: Consent Collection and Management

Our consent management system implements industry leading standards for obtaining, recording, managing and honouring user consent across all categories of cookies and data processing activities ensuring full compliance with the most stringent international privacy regulations.

Consent Collection Methodology: We obtain consent through a comprehensive, multi layered approach that includes prominent cookie consent banners displayed upon first visit, detailed cookie preference centres accessible at all times, granular consent options for each cookie category and specific processing purpose, clear and plain language explanations of each consent option, prominent accept and reject buttons with equal visual prominence, specific consent mechanisms for sensitive data processing, separate consent collection for third party data sharing and additional consent confirmation for high risk processing activities.

Consent Validity Requirements: All consent collection mechanisms ensure that consent is freely given without coercion or penalty, specific to particular processing purposes and cookie categories, informed through comprehensive explanations of processing activities, unambiguous through clear affirmative action rather than silence or inactivity, easily withdrawable through accessible mechanisms, documented with appropriate record keeping and regularly refreshed to account for changing processing purposes or legal requirements.

Consent Management Platform Features: Our consent management platform provides comprehensive functionality including real time consent preference management, historical consent decision tracking, consent withdrawal mechanisms, consent renewal workflows, cross device consent synchronization, consent preference import and export capabilities, consent audit trails and reporting, integration with advertising and analytics platforms, automated consent compliance monitoring and comprehensive consent analytics and insights.

Consent Documentation and Record-Keeping: We maintain detailed records of all consent transactions including the identity of the Data Subject, the date and time of consent, the specific processing purposes consented to the version of the privacy policy or cookie policy in effect at the time of consent, the method of consent collection any subsequent modifications to consent preferences, consent withdrawal requests, fulfilment and all supporting documentation demonstrating compliance with applicable consent requirements.

Article 8: Consent Withdrawal and Preference Management

Users maintain absolute control over their consent preferences with the ability to modify, withdraw or update their choices at any time through multiple accessible channels and mechanisms.

Withdrawal Mechanism Accessibility: Consent withdrawal is facilitated through multiple channels including prominent links in all marketing communications, dedicated privacy preference centres accessible from all pages of our website, direct communication channels including email and customer support, automated withdrawal processing systems, mobile application privacy settings and integration with browser based consent management tools.

Withdrawal Processing and Implementation: Upon receiving a consent withdrawal request we implement the following comprehensive process where immediate cessation of the processing activities covered by the withdrawn consent, deletion or anonymization of data collected under the withdrawn consent where legally permissible, notification to third party processors and partners regarding consent withdrawal, updated consent preferences across all systems and platforms, confirmation communication to the User regarding successful withdrawal processing and ongoing monitoring to ensure continued compliance with withdrawal preferences.

Granular Preference Management: Our preference management system enables Users to make granular choices including specific cookie categories and subcategories, individual third party partners and processors, specific processing purposes and activities, particular data types and sensitivity levels, marketing communication preferences, advertising personalization options, analytics and measurement participation, social media integration preferences and cross device tracking preferences.

CHAPTER IV: THIRD-PARTY RELATIONSHIPS AND DATA SHARING

Article 9: Comprehensive Third Party Partner Ecosystem

Our digital operations involve extensive relationships with third party service providers, technology partners, advertising networks, analytics providers and other entities that may place cookies on User devices or receive data collected through our cookie implementation.

Categories of Third Party Partners: Our third party ecosystem includes but is not limited to cloud infrastructure providers for hosting and data storage, content delivery networks for performance optimization, analytics and measurement providers for website and marketing analytics, advertising networks and demand side platforms for programmatic advertising, social media platforms for social integration and advertising, email marketing platforms for communication delivery, customer relationship management systems for customer data management, payment processors for transaction processing, fraud prevention services for security and risk management, customer support platforms for user assistance, marketing automation platforms for campaign management, affiliate networks for partnership marketing, survey and feedback platforms for user research, personalization engines for content optimization, search engine optimization tools for website optimization and cybersecurity providers for threat detection and prevention.

Data Processing Arrangements: All third party relationships are governed by comprehensive data processing agreements that specify the scope of data processing, technical and organizational security measures, data retention and deletion obligations, incident response and breach notification procedures, audit rights and compliance monitoring, data subject rights implementation, sub processor management and oversight, cross border data transfer safeguards and termination and data return procedures.

Due Diligence and Vendor Management: We conduct thorough due diligence on all third party partners including privacy policy and practice reviews, security certification and compliance verification, data handling procedure assessment, incident response capability evaluation, business continuity and disaster recovery planning review, financial stability and business continuity assessment, legal compliance and regulatory standing verification and ongoing monitoring and periodic reassessment of partner practices and capabilities.

Transparency and User Control: We provide comprehensive transparency regarding third party relationships through detailed partner listings in our privacy documentation, specific consent options for third party data sharing, direct communication channels with third party partners where applicable, coordination of data subject rights requests across the partner ecosystem and comprehensive reporting on third party data processing activities.

Article 10: Cross Border Data Transfers and International Compliance

Our global operations necessitate cross border data transfers to various jurisdictions worldwide requiring comprehensive compliance with international data transfer regulations and implementation of appropriate safeguards.

International Data Transfer Framework: We implement a comprehensive framework for international data transfers including adequacy decision reliance where available, Standard Contractual Clauses implementation for transfers to jurisdictions without adequacy decisions, Binding Corporate Rules for intra group transfers, certification and code of conduct adherence where applicable, specific authorization requests for high risk transfers, additional safeguards implementation including encryption and pseudonymization, transfer impact assessments for all cross border processing and ongoing monitoring of transfer destination jurisdiction developments.

Transfer Safeguards and Security Measures: All international data transfers are protected by appropriate technical and organizational measures including encryption in transit and at rest, access controls and authentication mechanisms, audit logging and monitoring systems, incident response and breach notification procedures, data minimization and purpose limitation enforcement, retention period management and automated deletion, pseudonymization and anonymization where possible and regular security assessments and penetration testing.

Jurisdictional Risk Assessment: We conduct comprehensive assessments of data transfer destinations including legal framework analysis for privacy and data protection, government surveillance and data access laws evaluation, judicial system independence and rule of law assessment, political stability and regulatory environment review, cybersecurity infrastructure and incident response capabilities analysis and ongoing monitoring of developments that may affect transfer adequacy.

CHAPTER V: COMPREHENSIVE DATA SUBJECT RIGHTS AND REMEDIES

Article 11: Fundamental Rights Implementation

Data Subjects enjoy comprehensive rights regarding their Personal Data processed through our cookie implementation with full implementation across all applicable jurisdictions and processing activities.

Right to Information and Transparency: Data Subjects have the right to receive clear, comprehensive, and accessible information about all data processing activities including the identity and contact details of the data controller and data protection officer, the purposes of processing and legal basis for each purpose, the categories of Personal Data collected and processed, the recipients or categories of recipients of Personal Data, details of international data transfers and safeguards, retention periods for different categories of data and comprehensive information about Data Subject rights and how to exercise them.

Right of Access and Data Portability: Data Subjects have the right to obtain confirmation of whether Personal Data concerning them is being processed, access to their Personal Data in a structured commonly used and machine readable format, information about the processing activities including purposes, categories, recipients and retention periods, the right to receive copies of their Personal Data and the right to transmit their Personal Data to another controller where technically feasible.

Right to Rectification and Accuracy: Data Subjects have the right to obtain rectification of inaccurate Personal Data without undue delay, the right to have incomplete Personal Data completed through supplementary statements, notification of rectification to all recipients of the Personal Data and implementation of rectification across all systems and platforms where the data is processed.

Right to Erasure and Deletion: Data Subjects have the right to obtain erasure of their Personal Data without undue delay where the Personal Data is no longer necessary for the original purposes consent has been withdrawn and there is no other legal ground for processing, Personal Data has been unlawfully processed, erasure is required for compliance with legal obligations or the Data Subject objects to processing based on legitimate interests and there are no overriding legitimate grounds for processing.

Right to Restriction and Objection: Data Subjects have the right to obtain restriction of processing where the accuracy of Personal Data is contested, processing is unlawful but the Data Subject opposes erasure the controller no longer needs the Personal Data but the Data Subject requires it for legal claims or the Data Subject has objected to processing pending verification of overriding legitimate grounds.

Data Subjects also have the absolute right to object to processing for direct marketing purposes and the right to object to processing based on legitimate interests.

Article 12: Rights Exercise Procedures and Response Framework

We maintain comprehensive procedures for Data Subject rights exercise ensuring efficient, thorough and compliant responses to all rights requests.

Rights Request Submission Channels: Data Subjects may submit rights requests through multiple channels including dedicated online forms with secure submission and tracking capabilities, direct email communication to our designated data protection contact, postal mail to our registered office address, telephone communication to our customer support team, in person requests at our physical locations where applicable and through authorized representatives or legal counsel where appropriate.

Request Verification and Authentication: All rights requests undergo appropriate verification and authentication procedures including identity verification through government issued identification documents, account verification through existing customer authentication systems, additional verification steps for sensitive requests or high risk processing, authorization verification for requests submitted by representatives or third parties and fraud prevention measures to protect against unauthorized access or malicious requests.

Response Timeframes and Communication: We respond to rights requests within the timeframes required by applicable law typically within one month of receipt with possible extensions up to two additional months for complex requests.

All responses include comprehensive information about actions taken, explanations of any limitations or restrictions on rights exercise, information about appeal procedures and regulatory complaint options and follow up communication regarding ongoing compliance with rights requests.

Rights Request Fulfilment and Implementation: Rights request fulfilment involves comprehensive implementation across all systems and platforms including automated deletion and anonymization procedures, manual review and verification of automated processes, notification to third party processors and partners, verification of completion across all data repositories, documentation of fulfilment activities and compliance, and ongoing monitoring to ensure continued compliance with rights requests.

CHAPTER VI: SECURITY MEASURES AND DATA PROTECTION

Article 13: Comprehensive Technical and Organizational Measures

We implement state of the art technical and organizational measures to ensure appropriate security of Personal Data processed through our cookie implementation protecting against unauthorized access, alteration, disclosure or destruction.

Advanced Technical Security Measures: Our technical security framework includes end to end encryption for data in transit and at rest using industry-standard encryption algorithms and key management systems, multi factor authentication and access controls for all systems and platforms, network security measures including firewalls, intrusion detection and prevention systems and network segmentation, secure coding practices and regular security code reviews, automated vulnerability scanning and penetration testing, security information and event management (SIEM) systems for real time monitoring, incident response and forensic capabilities, backup and disaster recovery systems with regular testing and continuous security monitoring and threat intelligence integration.

Organizational Security Measures: Our organizational security framework includes comprehensive privacy and security training for all personnel, background checks and security clearances for personnel with access to Personal Data, clear roles and responsibilities for data protection and security, documented policies and procedures for all data processing activities, regular privacy impact assessments and data protection impact assessments, vendor security assessments and ongoing monitoring, incident response plans and procedures with regular testing, business continuity and disaster recovery planning and regular security audits and compliance assessments.

Data Minimization and Purpose Limitation: We implement strict data minimization principles ensuring that only necessary Personal Data is collected and processed, data processing is limited to specified, explicit and legitimate purposes, data retention periods are appropriate and automatically enforced, data access is restricted to authorized personnel on a need to know basis and regular data purging and anonymization procedures are implemented.

Privacy by Design and Default: Our systems and processes implement privacy by design and default principles including proactive rather than reactive measures, privacy as the default setting without requiring action from the Data Subject, full functionality accommodation without compromising privacy, comprehensive security measures throughout the data lifecycle, visibility and transparency for all stakeholders and respect for user privacy preferences and choices.

Article 14: Incident Response and Breach Notification

We maintain comprehensive incident response capabilities and breach notification procedures to ensure rapid detection, containment and remediation of any security incidents or data breaches.

Incident Detection and Classification: Our incident detection capabilities include automated monitoring systems for unusual activity or access patterns, employee reporting mechanisms for suspected incidents, third party notification systems for partner related incidents, user reporting channels for suspected privacy violations, security vulnerability discovery and assessment and comprehensive incident classification and severity rating systems.

Incident Response Procedures: Upon detection of a potential incident we implement comprehensive response procedures including immediate incident containment and threat mitigation, forensic investigation and evidence collection, impact assessment and affected data identification, affected individual notification within required timeframes, regulatory notification as required by applicable law, third party partner and processor notification, remediation and recovery activities and comprehensive incident documentation and reporting.

Breach Notification Requirements: We comply with all applicable breach notification requirements including notification to supervisory authorities within 72 hours of becoming aware of qualifying breaches, notification to affected Data Subjects without undue delay where the breach is likely to result in high risk to rights and freedoms, public notification where required by applicable law or where notification to affected individuals would involve disproportionate effort and comprehensive documentation of all notification activities and compliance measures.

CHAPTER VII: RETENTION POLICIES AND DATA LIFECYCLE MANAGEMENT

Article 15: Data Retention Framework

We maintain comprehensive data retention policies that ensure Personal Data is retained only as long as necessary for the purposes for which it was collected with appropriate deletion or anonymization procedures implemented at the end of retention periods.

Category Specific Retention Periods: Different categories of Personal Data are subject to specific retention periods including Essential Cookie data retained for the duration of the session or as necessary for basic functionality, Analytics data retained for up to 26 months unless a shorter period is specified by the Data Subject, Advertising data retained for up to 12 months unless consent is withdrawn earlier, Social Media integration data retained in accordance with social platform policies and user preferences and account and transaction data retained in accordance with legal and regulatory requirements.

Automated Deletion and Anonymization: We implement automated systems for data deletion and anonymization including scheduled deletion procedures that automatically remove Personal Data at the end of retention periods, anonymization algorithms that render data non personally identifiable while preserving utility for analytics and research, pseudonymization techniques that replace identifying information with artificial identifiers and comprehensive audit trails documenting all deletion and anonymization activities.

Legal Hold and Litigation Preservation: In cases where legal holds or litigation preservation requirements exist we implement appropriate procedures to preserve relevant data while continuing to comply with privacy obligations including legal hold notifications and compliance procedures, data preservation and segregation systems, regular review and assessment of legal hold requirements and coordination with legal counsel and regulatory authorities as required.

CHAPTER VIII: COMPLAINTS, APPEALS, AND REGULATORY COMPLIANCE

Article 16: Complaint Resolution and Regulatory Cooperation

We maintain comprehensive procedures for handling complaints, appeals and regulatory inquiries related to our cookie practices and data processing activities.

Internal Complaint Resolution: Users may submit complaints through our internal complaint resolution process including dedicated complaint submission channels, prompt acknowledgment and response procedures, thorough investigation and resolution activities, regular communication with complainants regarding resolution progress, comprehensive documentation of complaint resolution activities and follow up procedures to ensure continued compliance and user satisfaction.

Regulatory Authority Cooperation: We maintain cooperative relationships with regulatory authorities worldwide including prompt response to regulatory inquiries and investigations, comprehensive cooperation with enforcement activities, voluntary compliance reporting and transparency measures, participation in regulatory guidance and standard setting activities and proactive communication regarding significant changes to data processing practices.

Appeal and Escalation Procedures: Users who are not satisfied with internal complaint resolution may escalate their concerns through designated supervisory authorities in their jurisdiction, independent dispute resolution mechanisms where available, judicial remedies as provided by applicable law and international cooperation mechanisms for cross border complaints.

CHAPTER IX: UPDATES, MODIFICATIONS, AND CONTINUOUS IMPROVEMENT

Article 17: Policy Updates and Change Management

This Policy is subject to regular review and updating to ensure continued compliance with applicable laws, incorporation of new technologies and processing activities and improvement based on user feedback and regulatory guidance.

Update Notification Procedures: All material changes to this Policy will be communicated through prominent notifications on our website, direct communication to users via email where contact information is available, notifications through our mobile applications and digital platforms and appropriate notice periods before changes take effect to allow users to review and respond to modifications.

Continuous Compliance Monitoring: We maintain ongoing compliance monitoring including regular legal and regulatory updates monitoring, privacy impact assessments for new processing activities, periodic compliance audits and assessments, user feedback collection, analysis and proactive engagement with privacy professionals and regulatory authorities.

Version Control and Historical Documentation: We maintain comprehensive version control for this Policy including historical versions and change documentation, effective date tracking and implementation timelines, user communication records and acknowledgment tracking and comprehensive audit trails documenting all policy modifications and compliance activities.

CHAPTER X: CONTACT INFORMATION AND DATA PROTECTION OFFICER

Article 18: Contact Information and Communication Channels

For all inquiries, requests, complaints or communication regarding this Cookie Policy or our data processing practices users may contact us through the following channels:

Primary Contact Information:
RJV Technologies Ltd
Data Protection Officer
Email: contact@rjvtechnologies.com
Telephone: +44 (0) 75 831 181 76
Postal Address: 21 Lipton Road London United Kingdom E1 0LJ

Regional Contact Information:
We maintain regional contact information for users in specific jurisdictions as required by applicable law with dedicated contact channels for European Union residents, California residents, Brazilian residents, Canadian residents and other jurisdictions with specific contact requirements.

Data Protection Officer: Our Data Protection Officer is available for all privacy related inquiries and maintains appropriate qualifications, independence and authority to ensure compliance with applicable privacy laws and regulations.

This Cookie Policy represents our comprehensive commitment to privacy protection, regulatory compliance and user rights protection across all jurisdictions and processing activities.

By maintaining the highest standards of privacy protection and transparency we ensure that our cookie practices meet and exceed applicable legal requirements while respecting user preferences and choices.

Document Authentication: This Policy has been reviewed and approved by qualified legal counsel, privacy professionals and executive leadership to ensure accuracy, completeness and legal compliance across all applicable jurisdictions.

IN WITNESS WHEREOF the parties have executed this Agreement as of the date first written above.

RJV TECHNOLOGIES LTD

Founder, Chairman & CEO
Ricardo Jorge do Vale
07/03/2025

---

This document constitutes a comprehensive legal agreement and should be reviewed regularly for updates and modifications.

Users are encouraged to review this Policy carefully and contact us with any questions or concerns regarding our cookie practices.