Privacy Policy & Cookie Policy

1.1 Data Controller

In accordance with Art. 4, paragraph 7 of EU Regulation 2016/679 (GDPR), the data controller for the data collected through this website and related services is STORMWAVE TECHNOLOGIES. The data controller is the natural or legal person, public authority, service, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The data controller is responsible for ensuring that personal data is processed lawfully, fairly, and transparently, in compliance with current regulations.

1.2 User Consent

In cases where the use of data requires user consent, such consent will be obtained in accordance with Art. 7 of the GDPR. Consent may be provided through the signing of an agreement or through any other adherence model that will be made available. The explicit or implicit consent of the user therefore constitutes the legal basis for the processing of personal data pursuant to Art. 6, paragraph 1, letter a) of the GDPR. The user has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by contacting the Provider at the contact details specified in this Privacy Policy.

1.3 Compatibility of Processing Purposes

If StormWave Technologies intends to process personal data for a purpose other than that for which it was collected, we will provide the user with all necessary information regarding the new purpose, in accordance with Art. 13, paragraph 3 of the GDPR. For further information on how processing for the new purpose is compatible with the original purpose, the user can contact us via email at: info@stormwave.co or at privacy@stormwave.co.

1.4 Place of Data Processing

Pursuant to Art. 3 of the GDPR, it is specified that the processing of personal data generated by the use of the website and the services offered by the Provider takes place in Canada. However, StormWave Technologies is committed to ensuring an adequate level of protection for personal data transferred outside the European Union, in accordance with the standards established by the GDPR. If personal data is transferred to a third country or an international organization, appropriate measures will be taken to ensure that personal data is processed with an adequate level of protection, in accordance with Arts. 44-50 of the GDPR.

1.5 Data Protection Officer (DPO)

In accordance with Art. 37 of the GDPR, StormWave Technologies has designated a Data Protection Officer (DPO) to monitor compliance with data protection regulations. The DPO can be contacted for any matters relating to the processing of personal data at the following contact details:

• Email: dpo@stormwave.co
• Postal address: StormWave Technologies, 1231 Pacific Blvd, Vancouver, V6Z 0E2, British Columbia, Canada.

1.6 Rights of Data Subjects

Users, as data subjects, have the right to exercise the rights provided for by Arts. 15-22 of the GDPR, including the right of access, rectification, erasure, restriction of processing, data portability, and objection to processing. To exercise these rights, users can contact the Provider at the contact details specified in this Privacy Policy.

2.1 Necessity of Data Collection

Among the information collected, some is essential for the conclusion and management of the services offered; others, although not essential, help us to offer high product standards and personalize the user experience. The collection of this data takes place in compliance with the principles of minimization and relevance established by Art. 5, paragraph 1, letter c) of the EU Regulation 2016/679 ("GDPR").

2.2 Categories of Personal Data Collected

By using the Site, we will collect some of the following Personal Data through your voluntary disclosure (hereinafter also referred to as "Personal Data" and/or "Data"). The Personal Data collected may include the following:

• Identity Data: includes name, surname, username, marital status, title, date of birth, and gender.
• Contact Data: includes email address, postal address, and telephone numbers.
• Support Personal Data: includes professional and occupational information.
• Transaction Data: includes details of payments between us and other details of purchases made by the customer.
• Information on Contacts with SW: includes storage of calls, instant messages on our site, emails, and generated documents.

2.3 Data Collected Through Portal Use

By using the Portal and our Services, the customer consents to the collection of their Personal Data, including:

• Analytical Data: may include cookies and other types of device identifiers, in accordance with our Cookie Policy.
• Commercial Data: includes webinar registration forms, news update registration, demo registration, etc.
• Correspondence and Access Data: includes page views and sponsored offers, information on clicks, as well as information regarding the websites you clicked on to access the Portal.

2.4 Automatic and Aggregated Processing

The above information is processed in an automated and aggregated form to verify the correct functioning of the site and for security reasons. This information will be processed according to the legitimate interests of the controller, as provided for by Art. 6, paragraph 1, letter f) of the GDPR.

2.5 Data Received from Third Parties

Additionally, we may also receive personal data from our business partners and other third parties, in compliance with current regulations and respecting the rights of data subjects.

2.6 Data Collected for Security Reasons

For security reasons (anti-spam filters, firewall, virus detection), automatically recorded data may also include Personal Data such as the IP address, which may be used, in accordance with applicable laws, to block attempts to damage the Site or harm other users, or in case of harmful or criminal activities. Such data is never used for the identification or profiling of the user, but only for the protection of the website and our users, in compliance with Art. 6, paragraph 1, letter f) of the GDPR.

2.7 Communication Recording

We reserve the right to record any communication, whether electronic, telephonic, in person or otherwise, that we may have with our customers. Such recordings will be the exclusive property of SW and will constitute evidence of the communication. Telephone conversations may be recorded with the use of a warning notice, in compliance with current data protection regulations.

2.8 Purposes of Data Collection

The personal data collected is processed for the following purposes:

• Providing and managing the services requested by the user.
• Fulfilling contractual and legal obligations.
• Personalizing and improving the user experience.
• Managing contacts and communications with users.
• Preventing fraud and illicit activities.
• Conducting statistical analyses and monitoring the use of the site and services.

3.1 Data Collection via Telegram API

In the context of using Telegram bots developed by StormWave Technologies, data provided by users in private chats with the bot is collected through the Telegram API. The data collected includes:

• User ID;
• Username;
• First and last name (if provided);
• Application language;
• Messages interacting with the chatbot.

3.2 Limitations of Data Collection

No geolocation data, IP addresses, phone numbers, or emails are collected. Data collection is strictly limited to public data as specified in point 3.1 of Telegram's privacy policy (https://telegram.org/privacy/eu). This approach complies with the data minimization principles provided for by Art. 5, paragraph 1, letter c) of EU Regulation 2016/679 ("GDPR").

3.3 Data Management and Processing

The processing of data collected through Telegram bots is managed exclusively by StormWave Technologies and is not delegated to third parties. The personal data collected is used solely for the proper functioning of the produced bots, to authenticate and identify users, to send messages in the bot chat, and to provide updates on the bot and StormWave products. This processing is based on the legitimate interest of the data controller, in accordance with Art. 6, paragraph 1, letter f) of the GDPR.

3.4 Request for Membership to Specific Telegram Channels

To ensure an optimal user experience and in compliance with the purposes of the bot, the bot may require, for its use, membership to a specific Telegram channel. This requirement is implemented to verify the authenticity of users and to provide a personalized and secure service.

3.5 Data Retention

Data collected through Telegram bots is retained for the time strictly necessary to satisfy the purposes for which it was collected, in compliance with the principles of storage limitation established by Art. 5, paragraph 1, letter e) of the GDPR. Once the processing purposes have been achieved, the data will be deleted or anonymized, unless its retention is required to fulfill legal obligations.

3.6 User Rights

Users have the right to access their personal data, request its rectification or deletion, object to processing, and exercise the other rights provided for by Arts. 15-22 of the GDPR. Requests can be submitted to the Data Protection Officer (DPO) at the contact details specified in this Privacy Policy.

3.7 Moving Customers to StormWave Telegram Groups or Channels

To improve communication between the provider and the customer, StormWave Technologies reserves the right to move customers within Telegram groups or channels belonging to StormWave using the user's chat ID. This process is aimed at facilitating the dissemination of important information, updates on products and services, as well as providing more efficient and personalized customer support. Users will be informed of such movements and can always choose to leave the groups or channels in which they have been added. This data processing is carried out in compliance with current regulations and based on the legitimate interest of the data controller, as provided for by Art. 6, paragraph 1, letter f) of the GDPR.

3.8 Data Processing with Hash (and Salt if deemed necessary)

In the context of using the Telegram bots developed by StormWave Technologies, we adopt advanced hashing (and salting if deemed necessary) techniques to ensure the protection of users' personal data. These techniques are implemented to maintain an "anonymous memory" of the data, both for security reasons and for fraud prevention, especially for those users who access the chatbot and reject the terms of this document. The adoption of such techniques is crucial to prevent the abuse of technologies and free credits offered. Hashing converts personal data, such as the Telegram user ID, into a unique string of characters using secure cryptographic algorithms. Salting adds an additional level of security, combining the data with a unique value before hashing, ensuring that even identical data generate different hashes. These procedures ensure that anonymous data cannot be easily traced back to users without additional information, thus protecting the privacy and security of users in compliance with current regulations.

4.1 Consent to Cookie Use

By using the Portal, the Website, and SW Services, the user consents to the use and storage of cookies on their device, in accordance with Art. 6, paragraph 1, letter a) of EU Regulation 2016/679 ("GDPR"). A cookie consists of a reduced set of data transferred to the browser from a web server and can only be read by the server that performed the transfer. However, it is also possible to browse the Portal without cookies, although it is important to know that most browsers accept them automatically.

4.2 Types of Cookies Used

Within the Portal, cookies can be classified as follows:

• Essential Cookies: These cookies are necessary for the operation of the website and cannot be disabled in our systems. They are usually only set in response to actions performed by the user that amount to a request for services, such as setting privacy preferences, logging in, or filling out forms. These cookies allow users to be authenticated and prevent fraudulent use of user accounts.
• Functional Cookies: These cookies allow the site to provide advanced functionality and customization. They collect information about how customers use the Portal and Services, and can be used to identify and resolve operational issues. These cookies may be set by us or by third-party providers whose services have been added to our pages.
• Analytical Cookies: These cookies allow us to count visits and traffic sources, enabling us to measure and improve the performance of our site. They help us understand which pages are the most and least popular and how visitors move around the site. All information collected by these cookies is aggregate and therefore anonymous.
• Advertising Cookies: These cookies may be set through our site by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant advertisements on other sites. They enable the most efficient management of pages, services, and financial products that may be included on our website, providing an engaging online experience, including through personalized advertising content.

4.3 Withdrawing Consent and Managing Cookies

You can withdraw your consent to the use of cookies at any time by changing your browser settings to reject cookies or to alert you when a cookie is sent to your device. Please note, however, that if you delete cookies or refuse to accept them, you may not be able to use all the features offered, store your preferences, and some services may not be displayed correctly. This management is in accordance with Art. 7, paragraph 3 of the GDPR, which allows for the withdrawal of consent at any time.

4.4 Additional Information on Cookies

For more information on the cookies used, including third-party cookies, and for a more detailed description of the purposes for which they are used, please refer to our dedicated Cookie Policy. It provides details on how you can manage your cookie preferences through browser settings and other available tools.

5.1 General Processing Principles

Users' personal information is processed using automated and manual methods, strictly to the extent and for the time necessary for the specific purposes for which such information was originally collected, in accordance with Art. 5, paragraph 1, letters b) and e) of EU Regulation 2016/679 ("GDPR").

5.2 Awareness and Voluntariness of Data Provision

Personal information processed through StormWave Technologies' services and products should be considered provided by the user in a conscious and voluntary manner. Therefore, StormWave is not responsible for any violations of laws or false statements provided by users. It is the user's responsibility to ensure they have the necessary permission to enter personal data of third parties or content protected by national and international laws, including intellectual property rights, in accordance with Art. 6 of the GDPR.

5.3 Data Security

StormWave uses secure physical and digital systems to store users' personal data. It is guaranteed that personal data is protected against unauthorized access, disclosure, or destruction through appropriate technical and organizational measures, in accordance with Art. 32 of the GDPR. Such measures include, but are not limited to, data encryption, user authentication systems, and access management procedures.

5.4 Data Processing Duration

Personal data is processed and stored only for the time necessary to achieve the purposes for which it was collected. However, in accordance with European regulations, personal data will be kept for no longer than 6 months after any deletion request by the user, unless there is a need for retention to comply with legal and tax obligations, or for the exercise of legal rights. In particular:

• Personal data in the form of a deed will be kept for a maximum of 12 years after the conclusion of the commercial relationship.
• Personal data in the form of recorded communication, whether telephone, electronic, in person or otherwise, will be kept for a maximum of 10 years after the conclusion of the commercial relationship.

5.5 Sharing of Personal Data

As part of the processing of personal data, StormWave may share data with:

• Other related companies that provide financial services and other back-office services;
• Specialized service providers and consultants responsible for providing StormWave with administrative, IT, financial, regulatory, compliance, insurance, research, or other services;
• Intermediary agents with whom a reciprocal relationship has been established;
• Credit institutions, courts, and tax and regulatory agencies, if required by them in accordance with a legal obligation;
• Any other party expressly authorized by the user.

5.6 Obligations of Third Parties

All the above-mentioned parties, in order to cooperate with StormWave, must agree to be bound by the obligations contained in this Policy and comply with the requirements of the GDPR. Third parties must adopt adequate security measures to protect users' personal data and ensure the confidentiality and integrity of the information.

6.1 Main Processing Purposes

Users' personal data is processed for the following purposes, in accordance with Art. 6 of EU Regulation 2016/679 ("GDPR"):

• Execution of Contracts and Pre-contractual Commitments: Personal data is processed to execute the contract or to fulfill pre-contractual commitments made with the user. This includes managing information requests, preparing and negotiating contracts, and executing them (Art. 6, paragraph 1, letter b) of the GDPR).
• Account Registration: To allow the registration of an account on the Platform, necessary to access the services offered by StormWave. This process includes identity verification and user profile configuration (Art. 6, paragraph 1, letter b) of the GDPR).
• Management and Execution of Contractual Relationships: To allow the conclusion, management, and execution of any contractual relationship with the user, including invoicing for services provided, sending service communications related to the contract, and administrative management of contractual relationships (Art. 6, paragraph 1, letter b) of the GDPR).
• Compliance with Legal Obligations: To allow compliance with legal obligations to which StormWave is subject, including those relating to tax, accounting, anti-money laundering, and other applicable regulations (Art. 6, paragraph 1, letter c) of the GDPR).
• Complaint and Dispute Management: To manage complaints and disputes, recover credits, prevent fraud and illegal activities, and exercise rights and protect StormWave's legitimate interests, such as the right to defense in court (Art. 6, paragraph 1, letter f) of the GDPR).

6.2 Marketing Purposes

Only with the clear consent of the user, personal data may be processed for marketing purposes, in accordance with Art. 6, paragraph 1, letter a) of the GDPR. Marketing activities may include:

• Traditional Marketing Channels: Sending marketing communications through traditional channels, such as ordinary letters or phone calls.
• Digital Marketing Channels: Sending marketing communications through digital channels, such as email, TV messages, SMS, MMS, banner ads, app and browser notifications, newsletters, and other forms of electronic communication.

6.3 Consent and Withdrawal of Consent

Consent for the processing of personal data for marketing purposes may be withdrawn at any time by the user, without affecting the lawfulness of processing based on consent before its withdrawal, in accordance with Art. 7, paragraph 3 of the GDPR. The user can exercise this right by contacting StormWave at the contact details provided in this Privacy Policy.

6.4 Legitimate Interests of the Controller

In addition to the specifically mentioned purposes, personal data may be processed to pursue StormWave's legitimate interests, provided that such interests do not override the user's fundamental rights and freedoms. These legitimate interests include Platform management and maintenance, information security, fraud prevention, and conducting aggregate statistical analyses (Art. 6, paragraph 1, letter f) of the GDPR).

6.5 Processing of Data for Profiling Purposes

StormWave may process users' personal data for profiling purposes, in order to analyze or predict aspects relating to personal preferences, interests, or the behavior of users, with the explicit consent of the user. Profiling will be carried out in compliance with legal provisions and will ensure appropriate measures to protect the rights and freedoms of data subjects, as provided for by Art. 22 of the GDPR.

7.1 Rights of Data Subjects under the GDPR

In accordance with EU Regulation 2016/679 ("GDPR"), users, as data subjects, have several rights regarding their personal data. These rights include:

• Right of Access (Art. 15): Users have the right to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and information regarding the purposes of processing, categories of personal data processed, recipients or categories of recipients to whom the data has been or will be disclosed, the data retention period, the existence of the right to request rectification or erasure of personal data, restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, the source of personal data, and the existence of automated decision-making, including profiling.
• Right to Rectification (Art. 16): Users have the right to obtain the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, they have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to Erasure (Art. 17): Users have the right to obtain the erasure of personal data concerning them without undue delay, and StormWave has the obligation to erase personal data without undue delay in the cases provided for by Art. 17 of the GDPR.
• Right to Restriction of Processing (Art. 18): Users have the right to obtain restriction of processing in the cases provided for by Art. 18 of the GDPR, such as when they contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data.
• Right to Data Portability (Art. 20): Users have the right to receive the personal data concerning them, which they have provided to StormWave, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from StormWave, in the cases provided for by Art. 20 of the GDPR.
• Right to Object (Art. 21): Users have the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them based on Art. 6, paragraph 1, letters e) or f), including profiling based on those provisions.
• Right to Withdraw Consent (Art. 7, paragraph 3): Users have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right Not to be Subject to Automated Decision-Making (Art. 22): Users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

7.2 Right to Lodge a Complaint

In case of a violation of their rights, users have the right to lodge a complaint with the competent supervisory authority. In Canada, the responsible authority for personal data protection is the Privacy Commissioner of Canada. Users may also lodge a complaint with the supervisory authority of their country of residence within the European Union, in accordance with Art. 77 of the GDPR.

7.3 Exercising Rights

To exercise the rights listed above, users can contact StormWave at the following contact details:

• Email: privacy@stormwave.co
• Postal address: StormWave Technologies, 1231 Pacific Blvd, Vancouver, V6Z 0E2, British Columbia, Canada.

7.4 Response to Requests

StormWave is committed to responding to users' requests regarding their rights within one month of receiving the request, as provided for by Art. 12 of the GDPR. This period may be extended by two months, if necessary, taking into account the complexity and number of requests. In such cases, StormWave will inform the user of the extension and the reasons for the delay within one month of receiving the request.

8.1 Security Measures

StormWave Technologies adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 of EU Regulation 2016/679 ("GDPR"). These measures include protection against unauthorized access, loss, disclosure, or destruction of personal data, through the use of physical and digital security systems, data encryption, and access control policies.

8.2 Access to Data

In addition to the Provider, access to personal data is limited to those involved in the organization of the Portal, such as administrative, commercial, marketing, legal staff, and system administrators, as well as external parties such as technical service providers, mail carriers, hosting providers, IT companies, and communication agencies. All employees and related parties are bound by confidentiality principles and have accepted strict conduct obligations, in accordance with Art. 29 of the GDPR.

8.3 Staff Training

StormWave ensures that its staff is adequately trained on data security policies and privacy protection procedures, in accordance with Arts. 24 and 39 of the GDPR.

8.4 Emergency Procedures

In the event of a personal data breach, StormWave is committed to promptly notifying the competent supervisory authority within 72 hours of becoming aware of the breach, as provided for by Art. 33 of the GDPR, and to the data subjects if the breach represents a high risk to their rights and freedoms, in accordance with Art. 34 of the GDPR.

9.1 Right to Revoke

Users have the right to revoke their consent to receive informational or marketing communications at any time. To exercise this right, users can send an email to privacy@stormwave.co, explicitly expressing their desire to opt-out of such communications, in accordance with Art. 7, paragraph 3 of the GDPR.

9.2 Limitations of Communications

Even after opting out of marketing communications, users may continue to receive information related to the use of the website or their account, such as notifications regarding changes to terms of service, security updates, inspections, or other communications necessary for managing the contractual relationship, in accordance with Art. 6, paragraph 1, letter b) of the GDPR.

9.3 Opt-Out Procedures

StormWave may provide an opt-out link at the bottom of all electronic marketing communications, allowing users to easily revoke their consent to future communications.

9.4 Data Retention

In the event of consent revocation, the user's personal data related to marketing communications will be deleted or anonymized, unless retention is necessary for fulfilling legal obligations or managing disputes, as provided for by Art. 17 of the GDPR.

10.1 Acceptance of Privacy Policy

10.1.1 By providing their personal data and using the Portal and Services of StormWave Technologies, the user expressly and fully accepts this Privacy Policy. This explicit consent complies with Art. 7 of EU Regulation 2016/679 ("GDPR"), which establishes the conditions for consent.

10.1.2 By continuing to use the website, the user acknowledges having had the opportunity to read, review, and consider this Privacy Policy, and accepts it in all its parts. In case of lack of understanding or acceptance of the Privacy Policy, the user is required to immediately cease the use of the site and associated services, in accordance with Art. 6, paragraph 1, letter a) of the GDPR.

10.1.3 The acceptance of this Privacy Policy implies that the user consents to the processing of their personal data as described in the document, including the collection, use, storage, and sharing of the data, in compliance with the applicable legal provisions.

10.2 Modifications to Privacy Policy

10.2.1 StormWave Technologies reserves the right to modify, revise, or update this Privacy Policy at any time, to reflect legislative changes, technological developments, or changes in business practices, in accordance with Art. 12 of the GDPR, which establishes the obligation to inform data subjects of any changes to data protection policies.

10.2.2 Users will be informed of relevant changes through notices published on the website or through other appropriate means (e.g., email, in-app notifications, social channels), ensuring they have the opportunity to take note of the new conditions before they become effective. This notification process is in accordance with Art. 13, paragraph 3, and Art. 14, paragraph 4 of the GDPR.

10.2.3 Changes to the Privacy Policy will become effective from the moment of their publication on the website, unless otherwise specified. By continuing to use the site and services after the changes come into effect, the user automatically accepts the new conditions of the Privacy Policy.

10.2.4 In the event of substantial changes requiring new consent, StormWave Technologies will request it again from users, in accordance with Art. 7 of the GDPR.

11.1 Governing Law

This Privacy Policy is governed by and interpreted in accordance with Canadian law and applicable international data protection regulations, including the GDPR.