Last updated: March 31, 2023

Welcome and thank you for your interest in Cosmic FOMO. This Privacy Policy (“Policy”) governs how Tothemoon Development Ltd., a company registered in accordance with legislation of Cyprus with its registered office at 6 Themistokli Dervi, Flat 4D, Nicosia 1066, Cyprus (“Company,” “we,” “us,” and “our”), collects, uses and discloses information, when you access or use of our online, digital, or mobile services, including our websites, software, applications, games, and any of our other products and services related to our game Cosmic FOMO (collectively, the “Service”) or when you otherwise interact with us.

You should carefully read this Policy before using the Service. If you do not agree with all of these Terms, you may not use the Service.

1. Applicability and Acceptance of Policy

1.1. This Policy defines the Personal Data, explains how Personal Data is collected, used, processed, and disclosed.

1.2. This Policy shall come into effect at the moment you first access or use the Service. By accessing, browsing or using the Service you irrevocably and unconditionally accept and adhere to provisions of this Policy without any exemptions, limitations and/or exclusions.

1.3. In the event you disagree with any provision of this Policy or would not like to provide your consent for processing of your Personal Data, you shall not use the Service.

2. Information about the Data Controller

2.1. The data controller of the data collected through the Service is Tothemoon Development Ltd., a company registered in accordance with legislation of Cyprus with its registered office at 6 Themistokli Dervi, Flat 4D, Nicosia 1066, Cyprus. Contact details: info@cosmicfomo.com.

3. Legal Grounds for Personal Data Processing

3.1. We process your Personal Data on the basis that it is:

3.1.1. necessary for the performance of a contract, therefore, where we have a contract with you, we will process your Personal Data in order to fulfil that contract (in particular, to provide access to the Service under the Terms of Use);

3.1.2. authorized by your Consent, which you give us as it is set out in section 4 hereof;

3.1.3. necessary for compliance with our legal obligation, in particular, when we are obliged to respond to a court order or a regulator;

3.1.4. necessary for performance our legitimate interests;

3.1.5. permitted by applicable laws.

4. Consent to Personal Data Processing

4.1. EU Persons Consent to Personal Data processing

4.1.1. If you are an EU Person and to process your Personal Data we need to receive your consent, as it is prescribed by GDPR, we will process your Personal Data only in the case we have received from you a freely given, specific, informed and unambiguous indication of your wishes by which you signify agreement to the processing of your Personal Data (“Consent”).

4.1.2. You may give your Consent by ticking a box when using the Service or by sending us any of your Personal Data through prescribed forms. In the case you tick the respective box, you irrevocably and unconditionally consent and agree that the Company shall be entitled to process your Personal Data as it is indicated by your Consent.

4.1.3. Your Consent covers all processing activities with your Personal Data carried out for the same purpose or purposes. When the Processing has multiple purposes, your Consent should be deemed given for all of them.

4.1.4. You have the right to withdraw your Consent at any time. You can submit such a request by sending us an email to info@cosmicfomo.com. Your withdrawal of Consent shall not affect the lawfulness of your Personal Data processing based on Consent before its withdrawal.

4.1.5. Except as required or enabled by law we will not use or disclose your Personal Data for any purpose for which you refuse Consent or later withdraw your Consent. If you withdraw Consent, you agree that in spite of this withdrawal, we may continue to use those Personal Data previously provided to us to the extent that we are contractually or otherwise legally obliged to do so and to the extent necessary to enforce any contractual obligation you may have towards the Company or in any other way permitted by law.

4.2. Non-EU Persons Consent to Personal Data processing

4.2.1. If you are not an EU Person, by transferring to us your Personal Data via the Service or otherwise, you irrevocably and unconditionally consent and agree that the Company shall be entitled, in accordance with this Policy:

• to Process in any manner, including to collect, store, use, disclose, share and transfer (including cross-border), your Personal Data so provided to us, as well as your Personal Data collected from your use the Service (i.e. your Personal Data which we collect automatically and/or from other sources); and

• to use cookies and web beacons (pixel tags) to collect your Personal Data and associate the Personal Data with your computer and web browser.

5. Collection of Personal Data

5.1. General Provisions

5.1.1. The type of Personal Data we collect depends on how you are interacting with us. In many cases, you can choose whether or not to provide us with Personal Data, but if you choose not to, you may not get full functionality of the Service. When you use the Service, you may provide us with the following types of Personal Data: (i) Personal Data that you voluntarily disclose that is collected on an individual basis; (ii) Personal Data collected automatically when you use the Service; and (iii) Personal Data which we collect from sources other than the Service.

5.1.2. The Website contains links to other third-party websites that may collect Personal Data about you, including through cookies or other technologies. If you use our links to visit other websites this Policy will not apply to your use of, and activity on those other websites. You should consult these other third parties' privacy policies as we have no control over them and are not responsible for any information that is submitted to or collected by these third parties.

5.2. Personal Data You provide to Us

5.2.1. In order to fulfill our obligations under Terms of Use, We are entitled to ask you to provide us with your Personal Data, including, but not limited:

• Name and surname (for different marketing activities);

• Passport details (for different marketing activities);

• e-mail;

• phone number;

• cryptocurrency wallet address;

• other data necessary for performance of Company`s obligations in accordance with any relevant marketing activities.

Personal Data hereof is collected only when voluntarily offered, and solely for purposes that are clearly identified on the Service or in this Policy.

5.2.2. The Company may collect the Personal Data from you in a variety of ways and circumstances, including, but not limited to subscription to a newsletter, filling out a form, providing us with feedback.

5.3. Personal Data We Collect Automatically

5.3.1. Personal Data collected by or transmitted to the Company in the course of accessing, interacting and operating of the Service may include, without limitation, the following Personal Data:

• device information, which may include (but is not limited to) information about the computer or mobile device you use to access the Website, including the hardware model, operating system and version, the web browser you use, and other device identifiers;

• server log information, which may include (but is not limited to) your login details, the date and time of visits, the pages viewed, button clicks, input form changes (without the values being entered), Errors. your IP address, time spent at our website and the websites you visit just before and just after our website;

• information collected by cookies and other tracking technologies. We and our service providers use various technologies to collect information when you interact with our website, including cookies and web beacons. ‘Cookies’ are small data files that are stored on your device when you visit our website which enable us to collect information about your device identifiers, IP address, web browsers used to access our website, pages or features viewed, time spent on pages and links clicked. Web beacons are graphic images that are placed on a website or in an email that is used to monitor the behavior of the user visiting the website or sending the email. They are often used in combination with cookies.

5.4. Data We Collect from Other Sources. We may also receive information about you from other sources, such as when you log in to our website by using your account credentials for a separate third-party service. We will receive information from that service as indicated in the relevant third party's authorization screen.

6. Use of Personal Data

6.1. We use Personal Data for the following purposes.

6.1.1. to provide access to the Service;

6.1.2. to handle your orders and requests, including requests for technical support and assistance;

6.1.3. to provide you with additional benefits due to you as a result of your participation in different marketing activities available on the Service;

6.1.4. to properly fulfil tax-related and accounting obligations imposed by applicable laws;

6.1.5. to detect, investigate, and prevent illegal activities or conduct that may violate the Terms of use and this Privacy Policy;

6.1.6. to personalize your experience with our Service;

6.1.7. to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes;

6.1.8. to conduct internal research and development and to improve, test and enhance the features and functions of our website;

6.1.9. to provide you with marketing materials as permitted by law;

6.1.10. to meet our internal and external audit requirements, including our information security obligations;

7. Disclosure of Personal Data

7.1. The Company treats Personal Data as confidential and may not pass on or use any such data without valid legal grounds.

7.2. We will only disclose your Personal Data in the following circumstances:

7.2.1. with your Consent or at your instruction;

7.2.2. with companies under common control or ownership with us or our offices internationally;

7.2.3. for everyday business purposes, such as to process transactions, maintain accounts, respond to court orders and legal investigations;

7.2.4. in connection with a merger or sale of our company assets, or if we do a financing or are involved in an acquisition, or any other situation where Personal Data may be disclosed or transferred as one of our business assets;

7.2.5. if we believe your actions are inconsistent with our Terms of use of the Service or applicable legislation, or to protect the rights, property and safety of any assets of the Company or third parties;

7.3. The Company may without limitations share aggregated or de-identified information, which cannot reasonably be used to identify you.

8. Transmission of Personal Data

8.1. The transmission of Personal Data or any other information (including communications by e-mail) over the Internet or other publicly accessible networks is not one hundred percent secure. The Company is not liable for the security of any Personal Data or any other information you are transmitting over the Internet, or third-party content.

8.2. Information about you may be transferred to, and processed in countries other than the country in which you are a resident. We have taken appropriate safeguards to require that your information will remain protected in accordance with this Policy.

8.3. Personal Data of EU Persons transmitted to a recipient outside the European Economic Area may be processed by a staff member operating outside the European Economic Area (EEA) who works for us or for one of Digital Content developers or copyright owners. Such staff may be engaged in amongst other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

9. Protection of Personal Data. Security Measures

9.1. We take appropriate security, administrative and technical measures to protect any Personal Data you provide regarding the collection, storage and processing of Personal Data, as well as security measures to protect your Personal Data against unauthorized access, modification, disclosure or destruction.

9.2. Personal Data is safeguarded from unauthorised access and unlawful processing or disclosure, as well as accidental loss, modification or destruction, through state-of-the-art technical and organisational measures. These are adjusted and updated continuously in tandem with technical developments and organizational changes. Additionally, Personal Data protection audits and other controls are carried out on a regular basis. However, no computer security system is entirely foolproof and the Internet is not a secure method of transmitting information. As a result, we do not assume any responsibility for the Personal Data you submit to or receive from us through the Internet, or for any unauthorized access or use of that information, and we cannot and do not guarantee that information communicated by you to us or sent to you by us will be received, or that it will not be altered before or after its transmission to us. You agree to not hold the Company liable for any loss or damage of any sort incurred as a result of any misappropriation, interception, modification, deletion, destruction or use of information provided through the Service.

10. Retention of Information

10.1. In accordance with applicable laws and as needed to fulfill our obligations, we may hold your Personal Data. This requirement is conditioned by a need to comply with legal obligations and resolve possible disputes.

10.2. The Company may retain your Personal Data until your Consent is not withdrawn or Terms of use are terminated. Provided however that we try not to store any of your Personal Data longer that it is necessary to provide you access to the Service or to respond to your inquiry.

11. Your Rights in relation to Personal Data

11.1. The Company is committed to making sure you can exercise your respective rights effectively and free of charge. The Company will ensure each request related to your Personal Data be reviewed in a timely fashion.

11.2. You have the following rights relating to your Personal Data in accordance with any applicable laws, including GDPR:

11.2.1. Right to withdraw data protection consent

You have the right to withdraw your consent to processing of your personal data at any time.

11.2.2. Right to access.

As a data subject you have the right to obtain from us free information about your personal data processed at any time and a copy of this information. Furthermore, you will have access to the following information: the purposes of the processing; the categories of personal data concerned; where possible, the envisaged period for which the personal data will be processed, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; where the personal data are not collected directly from you, any available information as to their source; and the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.

11.2.3. Right to restriction of processing

You have the right to obtain from the Company restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;

• the processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead;

• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and/or

• you have objected to processing pursuant to applicable laws.

11.2.4. Right to data portability.

You have the right to receive the Personal Data concerning you, which you have provided to a Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.

11.2.5. Right to erasure ("Right to be forgotten") and right to rectification.

You have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

You have the right to obtain from us the erasure of Personal Data concerning you as soon as possible, and we shall have the obligation to erase Personal Data without undue delay where required by the law, including when:

• the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

• there is no longer a legal ground for the processing;

• you object to the processing and there are no overriding legitimate grounds for the processing;

• the Personal Data has been unlawfully processed;

• the Personal Data must be erased for compliance with a legal obligation in accordance with the applicable law to which we are subject.

11.2.6. Right to object.

You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you. We shall no longer process the personal data in the event of the objection, unless we can demonstrate reasonable grounds for the processing, which override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims..

11.2.7. Right to be informed.

You have the right to be informed about the collection and use of your Personal Data. To ensure this right we provide you with this Policy.

11.2.8. Right to lodge a complaint with a supervisory authority.

12. Children`s Privacy

12.1. The minimum age to use the Service is 18 years. The Company will not knowingly collect Personal Data from children under this age. Insofar as certain countries apply a higher age of consent for the collection of Personal Data, the Company requires parental consent before Personal Data associated with such a child is collected. The Company encourages parents to instruct their children to never give out personal information when online.

13. Alterations to Policy

13.1. We have the right, at our discretion, to update this Policy at any time. We recommend that you frequently check this Policy to find any changes and stay informed about how we help protect the Personal Data.

13.2. By using the Service, you will acknowledge and agree that it is your responsibility to periodically review this Policy and be aware of the changes. The subsequent use of the Service after changes to this Policy will also be considered as your acceptance of these changes.

13.3. This Policy may from time to time be translated into other languages. To the extent that any discrepancy may exist between the English version of this Policy and its version in another language, the English version prevails.

14. Data Protection Officer

14.1. The Company appoints an expert on data privacy who works independently to ensure that the Company is adhering to the policies and procedures set forth in the GDPR (data protection officer). Data protection officer assists the Company to monitor internal compliance, inform and advise on data protection obligations, provide advice regarding data protection impact assessments (DPIAs) and act as a contact point for data subjects and the supervisory authorities.

15. Feedback

15.1. We welcome your questions and suggestions with respect to the implementation or amendment of this Policy. Please use this feedback for communicating with us: info@cosmicfomo.com.