At RAND, we know that you care about your personal information and want to know how we will treat it. That is why we will explain in our Privacy Policy, in a clear and transparent manner, how and when we collect, share and protect your personal information. We will also explain how to exercise your rights.

Please note that anonymized information or purely statistical data used by RAND will not be considered personal data.

‍

About Us

RAND PROTOCOL, S.L. (formerly PASELIA INVEST, S.L.) provided with C.I.F. B-42893925 and domiciled at Plaça Pau Vila, number 1, office 2A2, 08039 Barcelona, pursuant to the deed granted on February16, 2021, before the Notary of Barcelona, D. Salvador Farrés Reig on folio 200of volume 47,710, page number b-560.134 (hereinafter, “RAND”).

‍

Information and consent

By reading and accepting this Privacy Policy, the user (the "User" or "Users") is informed of the circumstances under which their personal data will be processed.

In addition, if legal basis is needed for processing your data, your free, informed, specific and unequivocal consent will be requested for the personal data you provide via the website www.rand.network (hereinafter, the “Website”) and the RAND application (hereinafter, the “Application”) or any other forms dependent on the Website and the Application, are processed by RAND, as well as data derived from your browsing and any other data that you may provide in the future.

The data requested in the forms on the Website and in the Application are, in general, mandatory (unless otherwise specified in the required field) to fulfill the purposes for which they are being collected.

Therefore, if they are not provided or are not provided correctly, they cannot be addressed, not withstanding that you may freely view the content of the Website and the Application, except for specific content or certain functionalities of the Website and the Application, limited to registered Users.

Please read this Privacy Policy carefully before using or registering with RAND.

What personal data does RAND access about me?

If you register on the Website and/or Application, we will process the following information about you:

· Identification data: full name, complete identity document, date of birth (age), gender and image.

· Contact and communication details: telephone number, email address and postal address, country of residence

· IP address

· Bank details: such as, name of the bank, name of the account, account holder(s), currency, IBAN.

-Browsing Data: TheWebsite and Application servers may automatically detect your IP address, domain name, unique device identifier, browser fingerprint, device fingerprint and cookie IDs when you have set them in your browser.

-Data we obtain from third parties: we may obtain data from third parties such as personal data or information on international lists for the prevention of money laundering and terrorist financing.

If you do not register, and you simply browse the Website, we will process the following information about you:

· Contact and communication details: email address

-Browsing Data: The Website and Application servers may automatically detect your IP address, domain name, unique device identifier, browser fingerprint, device fingerprint and cookie IDs when you have set them in your browser.

Where does the data we process about you come from?

• From the User: This is the data that you provide to us by filling out forms on the Website and/or Application, or through any interaction you make with RAND.
• The cookies inserted on the Website and/or the Application and the use of similar technologies (see corresponding section in this Privacy Policy and the Cookie Policy).      
• From third parties: such as business partners with whom RAND has signed a collaboration contract, third parties who provide a service to RAND for the effective provision of the service, or data obtained from international lists for the prevention of money laundering.

What are the purposes and legal bases for the processing of User data?

We may only process your personal data if we have an adequate legal basis for doing so. We may process your personal data for any or all of the purposes specified below and on the legal bases indicated:

‍With which recipients will the User's data be shared?

The personal data of RAND Users may be accessed by:

· Authorized personnel of RAND.

· Collaborators who provide services in favor of RAND for the purpose of managing the provision of services. In this case, such access to data on behalf of third parties will be regulated in the corresponding data processing contract in compliance with the applicable regulations.

· Authorities: We may share certain strictly necessary information with authorities such as the police, tax agencies or other authorities, if required by law.

‍

Is my data transferred outside the European Union?

The transfer of your personal data outside the European Union is not foreseen. In any case, if such circumstances change, you will be informed through this privacy policy and transfers to third countries not considered secure will be made protecting your data through the signing of Standard Contractual Clauses approved by the European Commission between the data exporter and the data importer.

‍

How long will RAND keep the data?

Your personal data will be kept for the time strictly necessary for the purposes of the processing for which they have been provided, and, in any case, following the principle of data minimization provided for in the applicable regulations.

If you are a RAND User, your data will be kept for the duration of your business relationship with RAND and from the moment you exercise your right to cancel your data or terminate your account, your data will be kept blocked for a period of five years in order to meet the legal responsibilities that may arise from the services provided and ten years in the case of conservation of personal data in compliance with the rules of prevention of money laundering.

‍

How can I exercise my rights?

You may (i) send a letter to RAND, at the address indicated in the header of this Policy, (ii) access your User area on the Application or the Website; or (iii) send an email to hello@rand.app, attaching a photocopy of your identity document, at any time and free of charge, for:

• Revoke the consents granted.
• Obtain confirmation about whether your personal data is being processed by RAND.
• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Obtain from RAND the limitation of data processing when any of the conditions provided for in the data protection regulations are met.
• Request the portability of the data provided in those cases provided for in the regulations.
• Contact the RAND DPO at the following address: hello@rand.app
• If you believe that the above rights have not been properly addressed by RAND, you may file a complaint with the Spanish Data Protection Agency at C/ Jorge Juan, 6, 28001 — Madrid.

‍

Changes to the Privacy Policy

Our Privacy Policy may be updated, due to changes and legal needs, as well as improvements and changes included in the way we offer and provide our services and application utilities. Therefore, we recommend that you visit and access our Privacy Policy periodically, in order to be able to access and learn about the latest changes that may have been incorporated.

In the event that such changes relate to the consent provided by the User, we will send you a separate and independent notice to collect it again.

If you have any questions or concerns about our Privacy Policy or would like to exercise any right or action regarding your personal data, please contact us at the following e-mail address: hello@rand.app.

‍

Privacy and blockchain

Public blockchains operate as ledgers, intended to immutably record transactions in networks of computer systems. Many of these public blockchains allow forensic analysis that can lead to de-anonymization and unintentional disclosure of private financial information, especially when blockchain data is combined with other data.

Since blockchains are decentralized or third-party networks that are not controlled or operated by RAND, we cannot delete, modify or alter personal data on such networks.