PRIVACY POLICY – ROXOM INSIGHTS

Effective Date: September 16, 2025

1. Introduction & Scope

This Privacy Policy explains how Beat the Chain Ltd. (“Company” “we,” “us”) collects, uses, and shares personal data when you interact with our services.

Scope. This Policy applies to: (i) the website https://insights.roxom.com; (ii) our newsletters. It also covers communications you send us (e.g., press or contact forms).

Third parties and embeds. The Website may include integrations or links to third-party services (e.g., YouTube, X/Twitter, Instagram, or others). We do not control those parties’ privacy practices; your interactions with them are governed by their own policies.

2. Who We Are & Contact

Data Controller. Beat the Chain Ltd. (“Company”), Cricket Square, Hutchins Drive, PO Box 2681, George Town, Grand Cayman, KY1-1111, Cayman Islands.

How to contact us about privacy. For questions about this Policy or to exercise your data rights, email us at [email protected].

3. Data We Collect

3.1 Data you provide:

• Contact & communications: information you submit via contact, press, or newsletter forms (e.g., name, email address, company, message).
• Content you voluntarily provide in connection with events (e.g., RSVP, logistics queries).

3.2 Data collected automatically:

• Identifiers & technical: IP address, device/OS type, browser type/version, language, time zone.
• Usage & measurement: page views, referring URLs, access timestamps, interaction events (e.g., clicks).
• Error logs/telemetry: via Sentry, we capture technical information about exceptions and failures to diagnose issues.

3.3 Cookies & similar technologies: We use Google Analytics (via Google Tag Manager) and Sentry. See our Cookie Notice for details.

3.7 Sources & storage: Data may come from you, your device/browser, and third parties. We store and process data on AWS (US-East) and with the vendors listed in this Policy.

4. Data Protection Principles

In accordance with the Data Protection Act (2021 Revision) of the Cayman Islands, the processing of personal data carried out by Company is governed by the following core principles:

• Fair and lawful processing: data is processed transparently and in compliance with the Law.
• Purpose limitation: data is obtained only for specified and legitimate purposes.
• Data minimisation: data must be adequate, relevant, and not excessive in relation to the purpose for which it is collected.
• Accuracy: data must be accurate and kept up to date.
• Storage limitation: data is not retained longer than necessary.
• Security: appropriate technical and organisational measures are applied to prevent unauthorised access, loss, or damage.
• International transfers: data is transferred only to countries or territories that ensure an adequate level of protection.

5. Purposes & Legal Bases

• 5.1 Operating the Website: Legal basis: legitimate interests.
• 5.2 Measurement and analytics: We use Google Analytics to gather aggregate metrics. Legal basis: legitimate interests.
• 5.3 Error monitoring: We rely on Sentry to capture minimal technical telemetry. Legal basis: legitimate interests.
• 5.6 Legal compliance: Legal basis: legal obligation and/or legitimate interests.

6. Sharing (Recipient Categories)

6.1 Processors: hosting/CDN/infrastructure (AWS – US-East), analytics (Google Analytics), tag management (Google Tag Manager), error monitoring (Sentry).

6.2 External Websites: When we embed content through third parties (e.g., YouTube, X/Twitter, Instagram), such third parties may collect data directly from your browser/device under their own privacy policies.

6.7 No sale of personal data. We do not sell your personal data and do not operate as a data broker.

7. International Transfers

We may transfer, store, and process personal data outside your country of residence. We use AWS (US-East) for infrastructure/hosting and work with providers such as Google and Sentry that may process data in the United States or other jurisdictions. Where applicable, we implement recognized transfer mechanisms.

8. Retention

Company will not retain personal data for longer than is necessary to fulfill the purpose for which it was collected or processed. Once the relevant purpose has been fulfilled, personal data will be deleted, anonymised, or securely archived.

8.2 Children’s Data: Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

9. Your Rights & How to Exercise Them

Subject to applicable law, you have the right to:

1. Access: obtain confirmation and a copy of your data.
2. Rectification: correct inaccurate or incomplete data.
3. Erasure: request that we delete your data where applicable.
4. Portability: receive the data you provided in a structured, machine-readable format.
5. Objection: object to processing based on legitimate interests.
6. Withdraw consent: where processing relies on consent, you may withdraw it at any time.
7. No direct marketing: you can opt out of newsletters/promotional emails at any time.

How to exercise. Email [email protected] specifying the right and providing enough information for ID verification.

10. Information Security

Company shall adopt and maintain appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, and accidental loss, destruction, or damage. Such measures include access controls, encryption, periodic security audits, and restricted access to authorised personnel only.

11. Personal Data Breach Notification

Company shall notify, without undue delay and no later than five (5) days after becoming aware of a personal data breach, both the affected data subject(s) and the Ombudsman.

12. Changes to this Policy

Company may modify or update this Privacy Policy on a regular basis. Changes will take effect from the date of publication on this site, unless otherwise expressly stated.

13. Contact

If you have questions or wish to exercise your rights, contact [email protected] or write to: Beat the Chain Ltd., Cricket Square, Hutchins Drive, PO Box 2681, George Town, Grand Cayman, KY1-1111, Cayman Islands.