PRIVACY AND PERSONAL DATA PROTECTION POLICY

1. INTRODUCTION

Lotus Advanced Intelligence, part of the Lotus iGaming Group (hereinafter referred to as “Lotus,” “Lotus AI,” “we,” or “Company”), is a technology and software company committed to transparency, integrity, and security in the processing of personal data. Our commitment is to ensure the protection of information belonging to users, clients, employees, and partners, in compliance with applicable legislation, in particular the Brazilian General Data Protection Law (LGPD – Law No. 13,709/2018) and the European Union General Data Protection Regulation (GDPR – EU 2016/679). This Privacy and Personal Data Protection Policy describes in detail how we collect, use, store, share, and protect personal data in the context of our operations, ensuring regulatory compliance and the privacy of data subjects. The Policy reaffirms our commitment to security, privacy, and transparency in the processing of personal data by Lotus, considering the principles and rights regarding data processing, in line with the guidelines set forth in the LGPD.

2. PURPOSE

This Policy aims to establish the guidelines, responsibilities, and essential information for Data Subjects regarding how Lotus AI processes their data, what the rights of the Data Subjects are, how they may exercise them, and the security measures adopted to ensure protection in the processing of personal data.

3. DEFINITIONS

For better understanding of this Policy, the following essential definitions apply:

• Personal Data: Any information related to an identified or identifiable natural person.
• Sensitive Data: Data related to racial or ethnic origin, religious beliefs, political opinions, trade union membership, health, sex life, genetic data, or biometric data.
• Data Subject: The natural person to whom the processed personal data refers.
• Controller: The natural or legal person responsible for making decisions regarding data processing.
• Processor: The person who processes data on behalf of the controller.
• Data Protection Officer (DPO): The professional designated to act as the communication channel between the company, data subjects, and data protection authorities.

4. DATA PROTECTION PRINCIPLES

Lotus AI adopts the following principles in personal data processing:

• Purpose: We process data only for legitimate, specific, and informed purposes.
• Adequacy: We ensure that data is processed in a manner compatible with the informed purpose.
• Necessity: We collect only the data essential to fulfill the declared purposes.
• Free Access: The data subject may access and review their data at any time.
• Data Quality: We maintain information that is accurate, complete, and up to date.
• Security: We implement strict measures to protect data against unauthorized access and leaks.
• Transparency: We provide clear and accessible information on data processing.
• Prevention: We adopt measures to prevent damage resulting from personal data processing.
• Non-Discrimination: We prevent data processing for unlawful or abusive discriminatory purposes.
• Accountability: We demonstrate compliance with applicable standards through audits and best practices.

5. LEGAL BASES FOR PROCESSING

Lotus processes personal data based on the following legal grounds:

• Consent of the data subject (Art. 7, I LGPD and Art. 6, 1(a) GDPR).
• Execution of contracts or preliminary procedures (Art. 7, V LGPD and Art. 6, 1(b) GDPR).
• Compliance with legal or regulatory obligations (Art. 7, II LGPD and Art. 6, 1(c) GDPR).
• Legitimate interest (Art. 7, IX LGPD and Art. 6, 1(f) GDPR).

6. COLLECTION, USE, AND STORAGE

Lotus AI collects and stores the following categories of personal data:

• Registration data: Name, CPF/NIF, address, phone number, e-mail.
• Financial data: Banking information, transaction history, payment data.
• Electronic data: IP address, cookies, geolocation, access logs, and platform interactions.
• Sensitive data: Only when strictly necessary and with the explicit consent of the data subject.

Personal data is securely stored for specific periods as required by regulatory and operational needs.

7. DATA SHARING

Data may be shared with third parties in specific circumstances, such as:

• Service providers and business partners, for service execution and technical support.
• Regulatory bodies and authorities, to comply with legal obligations.
• Companies within the same corporate group, ensuring that data protection is maintained.

8. INTERNATIONAL TRANSFERS

Should international data transfer be required, we ensure compliance by:

• Transferring only to countries with an adequate level of data protection as determined by ANPD and the European Union.
• Adopting Standard Contractual Clauses (SCCs).
• ImplementingBinding Corporate Rules (BCRs).

9. RIGHTS OF DATA SUBJECTS

Data subjects have the following rights:

• Confirmation of the existence of processing;
• Access to their data;
• Correction of incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
• Data portability to another service or product provider, upon express request;
• Deletion of personal data processed with the data subject’s consent, except as provided in Art. 16 of the LGPD;
• Information on public and private entities with which the controller has shared data;
• Information on the option not to provide consent and on the consequences of refusal;
• Revocation of consent at any time.

10. SECURITY MEASURES

Lotus implements strict technical and administrative security measures considered suitable to protect personal data, including:

• User access controls and authentication;
• Encryption and protection of stored and transmitted data;
• Continuous monitoring and periodic audits to detect vulnerabilities;

If a security incident occurs in the Lotus AI database that may cause damage or compromise the integrity or availability of personal data, we will notify the National Data Protection Authority (ANPD) and all affected data subjects, as required by ANPD Resolution CD/ANPD No. 15 of April 24, 2024 , within the established timeframe.

11. DPO CONTACT

Lotus informs that the contact details of the Data Protection Officer (DPO) are: [email protected]
You may also contact us via: ambiel.adv.br

For any questions regarding this Privacy and Personal Data Protection Policy, or to exercise your rights, you may contact us through the channels above.

12. POLICY CHANGES

Lotus may update this Policy periodically to reflect legislative changes or improvements in internal processes. Any updates will be communicated through our official channels.