PRIVACY POLICY

BIOMETRIC TECHNOLOGY, INC., registered in the State of Delaware, USA (hereinafter referred to as the “Company”), undertakes to protect the confidentiality and security of the personal data of users of the PRM Platform (hereinafter referred to as the “Platform”). This Policy sets out the procedures for the collection, processing, storage, and transfer of personal data.

1. General provisions

1.1. This Policy applies to all users of the Platform, including agents (hereinafter referred to as “Agents”) and customer decision-makers (hereinafter referred to as “DMs”).

1.2. Acceptance of this Policy is a mandatory condition for Agent registration.

1.3. The Company complies with the requirements of the laws of the United States, the Republic of Kazakhstan, and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller and Data processor

2.1. Data Controller: BIOMETRIC TECHNOLOGY, INC., Delaware, USA.

2.2. Data Processor: the Company's operational office located in the Republic of Kazakhstan.

2.3. Contact for data inquiries: email agent@biometric.vision

3. Data we collect

3.1. Agent Data:

• full name, date of birth, country of residence;
• email, phone number;
• passport information, individual identification number;
• bank account details for payment purposes;
• tax identification details;
• biometric data (photographs and video images of the face for verification purposes).

3.2. Decision-maker Data:

• full name, position;
• work phone number, email.

3.3. Technical data: IP address, cookies, activity log on the Platform.

4. Purposes of Data Processing

We process personal data for the following purposes:

• registration and identification of the Agent (including biometric verification and KYC procedures);
• conclusion and performance of agency agreements;
• conducting transactions and interaction with customers;
• compliance with legal obligations (including tax, anti-money laundering (AML), and know-your-customer (KYC) requirements);
• analytics and improvement of the Platform’s performance.

5. Legal basis for Processing

5.1. Data is processed out on the basis of:

• the data subject’s consent;
• performance of a contract;
• the Company’s legitimate interests in protecting its rights and ensuring security.

6. Data Retention

6.1. An Agent's personal data is retained for the duration of their account and 3 (three) years after its deletion.

6.2. Decision Maker data is retained for no more than 12 (twelve) months after the end of interaction with the client.

6.3. Biometric data is retained only for the duration of identification and deleted within 30 (thirty) days after the completion of verification.

7. Data Transfer to Third Parties

7.1. We do not sell personal data.

7.2. Data may be transferred to:

• electronic signature services (e.g., DocuSign, PandaDoc);
• tax and governmental authorities (in accordance with applicable law);
• technical service providers for data hosting.

7.3. Cross-Border Data Transfer: data may be transferred to servers located in the United States and processed in the Republic of Kazakhstan.

8. Data Security Measures

8.1. The Company uses encryption, multi-level authorization, and access control systems.

8.2. Access to personal data is granted only to authorized employees who have signed a non-disclosure agreement (NDA).

9. Rights of Data Subjects

9.1. An Agent has the right to:

• request access to their personal data;
• request rectification, deletion, or restriction of processing;
• withdraw consent to processing;
• lodge a complaint with a supervisory authority.

9.2. Requests for access, deletion, and other actions with personal data are processed by the Company within 30 (thirty) calendar days.

10. Cookies and Analytics

10.1. The Platform uses cookies for authorization and analytics purposes.

10.2. An Agent may disable cookies, however this may affect the proper functioning of the Platform.

11. Amendments to this Policy

11.1. The Company may update this Policy by notifying Agents at least 5(five) business days in advance.

11.2. The current version of the Policy is always available on the Platform.

12. Contact information

Email: agent@biometric.vision

Address: 605 GEDDES STREET, WILMINGTON, New Castle, DE, 19805