Article I.

Introduction

STEADY STATELIMITED, NMFD LIMITED AND STEADYSTATEUSA, LLC (collectively hereinafter referred toas, “Steady State” or "Company", "we", "us" or "our") are committed to protecting and respecting the privacy of our users and/or customers.

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the website www.steadystate.finance  (our "Website") access any services, which include any content on our Website, including but not limited to any other websites, pages, features, or content we own or operate (collectively, “Sites” or “Services”). This Privacy Policy also describes our practices for collecting, using, maintaining, handling, protecting, and/or disclosing the aforementioned information.

We may modify this Privacy Policy from time to time which will be indicated by changing the date at the top of this page. If any material changes are made, we will notify you by: email (sent to the email address specified in your account, if you have one; or to the email address entered here. or by means of a notice on our Website prior to the change becoming effective, or as otherwise required bylaw.

If you reside within the European Union (EU), European Economic Area (EEA), or Switzerland, Collective Risk Services CIC will be the data controller responsible for processing your Personal Information (defined in Section 3.02(b)).

Please take a moment to read this Privacy Policy carefully. If you have any questions about this Policy, please submit your request via email to: contact@steadystate.finance[2] 

Article II.

Acceptance of this Privacy Policy

By accessing and using our Services, you signify acceptance to the terms of this Privacy Policy. Where we require your consent to process your Personal Information, we will ask for your consent to the collection, use, and disclosure of your Personal Information as specifically defined below. We may provide additional "just-in-time"disclosures [3] or information about the data processing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data.

IF YOU DO NOT AGREE WITH OR YOUARE NOT COMFORTABLE WITH ANY ASPECT OF THIS PRIVACY POLICY, Y.OU SHOULDIMMEDIATELY DISCONTINUE ACCESS OR USE OF OUR SITES AND/OR SERVICES.

Article III.

Personal Information and Data

Section 3.01

Information Collection Purposes

"Personal Information"(defined in Section 3.02(b)) is information that identifies you personally or by which your identity can reasonably be ascertained.

We collect Personal Information in order to:

(a)    Provide our Services efficiently and effectively;
(b)    Develop, enhance, market and deliver products and Services to you;
(c)    Provide information to you about developments and new products, including changes and enhancements to the Site;
(d)    Provide you with news and other matters of general interest to you about Steady State; and
(e)    Comply with Steady State’s legal and regulatory requirements.

 

Section 3.02

Information Users provide to Steady State

To establish an account and/or access our Services, we may ask you to provide us with some important information about yourself. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services, or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information. If you choose not to share certain information with us, we may not be able to serve you as effectively or offer you our Services. Any information you provide to us that is not required is voluntary.

Depending on the type of Services we provide to you or your relationship with Steady State, we may collect the following types of Personal Information from you:

(a)    Personal Identification Information

Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.

(b)    Formal Identification Information

Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.

(c)    Institutional Information

Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.

(d)    Financial Information

Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.

(e)    Transaction Information

Information about the transactions you make on our or through our Services, such as the name of the recipient, your name, the amount, and/or timestamp.

(f)     Employment Information

Office location, job title, and/or description of role.

(g)    Correspondence

Survey responses, information provided to our support team or user research team.

(h)    Other Information

Audio, electronic, visual and similar information, such as call and video recordings.

Section 3.03

Information Investors provide to Steady State

Notwithstanding Section 3.02, if you are an investor in Steady State, we may ask you to provide us with additional important information either required to comply with applicable laws or regulations, necessary to provide the requested services or products, or which may be relevant for certain specified purposes, including but not limited to the collection of personal identification and financial information necessary to effectuate investment.

Section 3.04

Information we collect from you automatically

To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and Services, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access.

Information collected automatically includes:

(a)    Online Identifiers

Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.

(b)    Usage Data

Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies. Please read our Cookie Policy at [LINK[4] ] for more information. For example, we may automatically receive and record the following information on our server logs:

1) How you came to and use the Services;
2) Device type and unique device identification numbers;
3) Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
4) How your device interacts with our Sites and Services, including pages accessed and links clicked;
5) Broad geographic location (e.g. country or city-level location); and
6) Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.

(c)    External Links

We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third party site.

Section3.05

Information we collect from our affiliates and third parties

From time to time, we may obtain information about you from our affiliates or third party sources as required or permitted by applicable law. These sources may include:

(a)    Our Steady State Family of Companies

Our “family of companies” is the group of companies related to us by common control or ownership (“Affiliates”). In accordance with applicable law, if you link your various Steady State accounts, we may obtain information about you from our Affiliates as a normal part of conducting business so that we may offer our Affiliates’ services to you.

(b)    Public Databases, Credit Bureaus & ID Verification Partners

We obtain information about you from public data bases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like World-Check use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to assess risk and ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others.

(c)    Blockchain Data

We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under any of our terms, conditions, contract or policies, as applicable to you, to analyze transaction trends for research and development purposes.

(d)    Joint Marketing Partners & Resellers

For example, unless prohibited by applicable law,joint marketing partners or resellers may share information about you with usso that we can better understand which of our Services may be of interest toyou.

(e)    Advertising Networks & Analytics Providers

We work with these providers to provide us with de-identified information about how you found our Sites and how you interact with the Sites and Services. This information may be collected prior to account creation.

Article IV.

How Your Personal Information is Used

Our primary purpose in collecting Personal Information is to provide you with a secure, smooth, efficient, and customized experience. We generally use Personal Information to create, develop, operate, deliver, and improve our Services, content and advertising; and for loss prevention and anti-fraud purposes.

We may use this information in the following ways:

(a)    To maintain legal and regulatory compliance;

Most of our core Services are subject to laws and regulations requiring us to collect, use, and store your Personal Information in certain ways. For example, Steady State must identify and verify customers using our Services in order to comply with anti-money laundering laws across jurisdictions. This includes collection and storage of your photoidentification. In addition, we use third parties to verify your identity by comparing the Personal Information you provide against third-party databases and public records. When you seek to link a bank account to your Steady State Account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not provide Personal Information required by law, we will have to close your account.

(b)    To enforce our terms in our user agreement and other agreements;

Steady State handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted user agreement or agreements for other Services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your Personal Information collected for these purposes. The consequence of not processing your Personal Information for such purposes is the termination of your account.

(c)    To detect and prevent fraud and/or funds loss;

We process your Personal Information in order to help detect, prevent, and mitigate fraud and abuse of our services and to protect you against account compromise or funds loss.

(d)    To provide Steady State’s Services;

We process your Personal Information to provide the Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact information, and payment information. We cannot provide you with Services without such information. Third parties such as identity verification services may also access and/or collect your Personal Information when providing identity verification and/or fraud prevention services.

(e)    To provide Services based communications;

We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.

(f)     To provide customer service;

We process your Personal Information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your Personal Information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

(g)    To ensure quality control;

We process your Personal Information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process Personal Information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.

(h)    To ensure network and information security;

We process your Personal Information in order to enhance security, monitor and verify identity or service access, combat spam orother malware or security risks and to comply with applicable security laws andregulations. The threat landscape on the internet is constantly evolving, whichmakes it more important than ever that we have accurate and up-to-date informationabout your use of our Services. Without processing your Personal Information,we may not be able to ensure the security of our Services.

(i)     For research and development purposes;

We process your Personal Information to betterunderstand the way you use and interact with Steady State's Services. Inaddition, we use such information to customize, measure, and improve SteadyState's Services and the content and layout of our website and applications and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services.

(j)     To enhance your experience;

We process your Personal Information to provide a personalized experience, and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.

(k)    To facilitate corporate acquisitions, mergers, or transactions;

We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.

(l)     To engage in marketing activities;

Based on your communication preferences, we may send you marketing communications (e.g. emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.

(m)  To protect the health and safety of our employees and visitors, our facilities and our property and other rights; and

If you visit one of our locations, to maintain security at such locations, you may be photographed or videotaped.

(n)    For any purpose that you provide your consent.

We will not use your Personal Information for purposes other than those purposes we have disclosed to you, without your permission. From time to time, and as required under the applicable law, we may request your permission to allow us to share your Personal Information with third parties. In such instances, you may opt out of having your Personal information shared with third parties, or allowing us to use your Personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your Personal Information, certain features orSteady State Services may not be available to you.

Article V.

How We Protect and Store Personal Information

We understand how important your privacy is, which is why Steady State maintains (and contractually requires third parties it shares your information with to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the Personal Information you entrust to us.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US and elsewhere in the world where our facilities or our service providers are located. We protect your Personal Information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal Information only for those employees who require it to fulfill their job responsibilities.

However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own Personal Information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we can not ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us.

If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in the “How To Contact Us” section below.

Article VI.

Retention of Personal Information

We store your Personal Information securely throughout the life of your Steady State Account. We will only retain your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your Personal Information are described below.

(a)    Personal Information Collected

Personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws.

(b)    Contact Information

Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.

(c)    Content On Website

Content that you post on our website such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).

(d)    Telephone Recording

Recording of our telephone calls with you may be kept for a period of up to six years.

(e)    Cookies & BrowserData Collection

Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiryof the cookie. For more information, see our Cookie Policy at: [LINK]

Article VII.

Children’s Personal Information

Steady State’s general audience websites are not directed to children under the age of 18 and do not knowingly request or collect Personal Information from children under the age of 18. If a user submitting Personal Information is suspected of being younger than 18 years of age, Steady State will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

Article VIII.

California Privacy Rights

Section 8.01

Information for California Residents

In addition to the rights provided for above, if you are a California resident, you have the right to request information from us regarding whether we share certain categories of your Personal Information with third parties for the third parties' direct marketing purposes.

To the extent we share your Personal Information in this way, you may receive the following information:

(a)    the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and

(b)    the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

Section 8.02

Categories of Personal Information Collected

Pursuant to the California Consumer Privacy Act of2018 (“CCPA”), California residents have certain rights in relation to their Personal Information, subject to limited exceptions. Any terms defined in the CCPA have the same meaning when used in this California Privacy Rights section. This section describes the categories of Personal Information Steady State has collected, the categories of Personal Information Steady State has disclosed, and a description of California residents’ rights.

 [1]This should be a page available somewhere on the Legal Notice/Updates Footer or Header

 [2]Insert domain for this.

 [3]Just in Time disclosure concerns the pop-up that appear on specific services or parts of the website. Not currently applicable to SST, but included for future.

 [4]Link to cookie policy

PersonalInformation Category (corresponds to categories inCCPA§1798-.140(o)(1))

Sourcesof Personal Information and Why We Collect This information

Disclosureof Personal Information

(A)Identifiers such as Personal Identification Information

Information you provide us; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity sverification services  
• Financial institutions  
• Service providers    
• Professional advisors    
• Our Affiliates- wfsdfs

(B)Customer records such as signature

Information you provide us; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity verification services  
• Financial institutions    
• Service providers

(C) Protected classifications under California and federal law, including gender, age and citizenship

Information you provide us; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity verification services
• Professional advisors

(D) Commercial information such as records of services purchased, obtained, or considered

Information you provide us; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity verification services
• Financial institutions    
• Service providers    
• Professional advisors    
• Our Affiliates

(E) Biometric information

Information you provide us; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity verification services  
• Financial institutions

(F) Usage Data

Information you provide us; Information we collect from you automatically; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity verification services  
• Service providers    
• Professional advisors    
• Our Affiliates

(G) Online Identifiers

Information you provide us; Why we collect this information: see Section 3

• Third party identity verification services  
• Service Providers

(H)Sensory data, such audio, electronic, visual information

Information we collect from you automatically; Why we collect this information: see Section 3

Not Applicable

(I)Professional or employment-related information

Information you provide us; Information collected from third parties; Why we collect this information: see Section 3

• Third party identity verification services  
• Service providers    
• Our Affiliates

(J) Inferences about preferences, characteristics, predispositions, etc.

Information you provide us; Information we collect from you automatically; Information collected from third parties; Why we collect this information: see Section 3

• Service providers    
• Professional advisors    
• Our Affiliates

 

Section 1.01

California Residents’ Rights Regarding Personal Information Collection

 

Under the CCPA, you may have the following consumer rights. Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA:

 

(a)    For Personal Information collected by us during the preceding 12months preceding your request that is not otherwise subject to an exception, California residents have the right to access and delete their Personal information. Steady State will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services.

 

(b)    To the extent we sell your Personal Information to third parties,you also have the right to request that we disclose to you: (i) the categories of your Personal Information that we sold, and (ii) the categories of third parties to whom your Personal Information was sold. You have the right to direct us not to sell your Personal Information. Steady State does not sell your Personal Information in its ordinary course of business and will never sell your Personal Information to third parties without your explicit consent.

 

Should SteadyState engage in any of the activities listed in this section, your ability to exercise these rights will be made available to you in your account settings. You can exercise your rights by contacting us via email at contact@steadystate.finance[1] ] so that we may consider your request.

We will need to verify your identity before processing your request. In order to verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems.

Although we try to limit the Personal Information collected in connection with a request to exercise your rights, certain requests may require us to obtain additional Personal information from you. In certain circumstances, we may decline a request to exercise the right to know and right to deletion, particularly where we are unable to verify your identity.

If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.

Article II.

Do Not Track

Some Internet browsers - like Internet Explorer, Firefox, and Safari - include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, we do not currently process or respond to "DNT" signals.

Article III.

Changes to This Privacy Policy

We may make changes to this Privacy policy.  We encourage you to review the Policy whenever you access or use our website to stay informed about our information practices and the choices available to you.  If you do not agree to the revised Policy, you should discontinue your used of Steady State’s website and services.      

Article IV.

How To Contact Us

If you have questions or concerns regarding this Privacy Policy, or if you have a complaint, please contact at contact@steadystate.finance, [2] or by writing to us at the address listed in Article I.

 [1]steadystate.finance

 [2]Contact@steadystate.finance