Privacy Policy of Digital Conglomerate

Last updated: June 3, 2025

This document describes how Digital Conglomerate ("Digital Conglomerate", "We", "Us", "Our"), as the Data Controller, collects, processes, and stores Personal Data through its website(s), application(s), and service(s) (collectively, "our website/services").

Contact Information

Digital Conglomerate, LLC131 Continental Dr, Suite 305Newark, DE 19713, United States 📧 privacy@digitalconglomerate.llc

1. Legal Basis of Processing for Users in the European Union

In accordance with the provisions of Regulation (EU) 2016/679 — the General Data Protection Regulation ("GDPR") — we process personal data of individuals located in the European Union only when such processing is lawful. The lawful bases under which we may operate include:

Consent: When you have explicitly given us permission for one or more specific purposes.

Contractual necessity: When the processing is required to fulfill a contract to which you are a party or to take steps at your request before entering into a contract.

Legal obligation: When we are required to process your data to comply with a legal obligation to which we are subject.

Public interest or official authority: When the processing relates to a task carried out in the public interest or in the exercise of official authority vested in Digital Conglomerate.

Legitimate interest: When the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided such interests are not overridden by your fundamental rights and freedoms.

Should you require clarification regarding the legal basis that applies to any specific processing activity, including whether the provision of personal data is a statutory or contractual requirement, we encourage you to contact us.

2. Data Retention

Personal Data shall be retained only for as long as strictly necessary for the purpose for which it was collected. Where applicable, data may be held longer if required by law or if you have given explicit consent.

For contractual performance: Retained until the contract is fully executed.

For legitimate interests: Retained only as long as necessary to fulfill the interests.

With consent: Retained until the withdrawal of consent.

In some cases, we may be obligated to retain personal data for longer periods to comply with legal obligations or by order of a competent authority.

Once the relevant retention period has expired, your personal data will be securely deleted or anonymized. Consequently, after such deletion, you will no longer be able to exercise your rights of access, erasure, rectification, or data portability with respect to that data.

Addendum for UAE Users

For Users in the United Arab Emirates (UAE), personal data retention complies with Federal Decree-Law No. 45 of 2021 (PDPL):

Data is irreversibly anonymized or deleted upon expiry. Extended retention requires written approval from the UAE Data Office. Emirati nationals may request data repatriation per PDPL Art. 26.

3. Rights Under GDPR (EU Users)

Pursuant to the GDPR, you are entitled to exercise the following rights with regard to your personal data:

Right to withdraw consent: You may withdraw consent previously given at any time.

Right to object to processing: You may object to processing where it is carried out on legal grounds other than consent.

Right of access: You may obtain confirmation as to whether or not personal data concerning you is being processed, and where that is the case, gain access to the data and the processing details.

Right to rectification: You may request that inaccurate or incomplete data be corrected.

Right to restrict processing: Under certain circumstances, you may request the restriction of processing.

Right to erasure: You may request that your personal data be deleted under conditions set by law.

Right to data portability: You may receive your data in a structured, commonly used and machine-readable format and, where feasible, have it transmitted to another controller.

Right to lodge a complaint: You have the right to file a complaint with a supervisory authority, especially in the EU member state of your habitual residence, place of work, or where the alleged infringement took place.

Additionally, you are entitled to request detailed information about data transfers to third countries or international organizations, and the safeguards implemented by Digital Conglomerate to protect your data.

4. Right to Object to Processing

Where we process your personal data based on legitimate interests or in the public interest/exercise of official authority, you may object to such processing by presenting a ground relating to your particular situation.

Where your personal data is processed for direct marketing purposes, you may object at any time without providing any justification. Upon such objection, we will cease processing your data for direct marketing immediately.

5. How to Exercise Your Rights

To exercise any of the above rights, you may submit a request to us using the contact details listed in the "Contact Information" section of this policy.

Requests are free of charge and will be processed as quickly as possible, and always within one month from the date of receipt, unless an extension is permitted by applicable law.

If your data has been disclosed to third parties, we will notify those third parties of any correction, erasure, or restriction of processing, unless such notification proves impossible or requires disproportionate effort. Upon request, we will inform you about those recipients.

6. Further Information for Users in Switzerland

This section applies to Users located in Switzerland and supersedes any other conflicting or divergent provisions contained in this Privacy Policy, to the extent of such conflict.

Legal Basis and Rights under the Swiss Federal Act on Data Protection (FADP)

We collect and process personal data of Swiss users only in accordance with the principles and obligations outlined in the FADP. Swiss users are entitled to the following rights:

Right of access: You have the right to request confirmation and access to any personal data we process about you.

Right to object: You may object to the processing of your personal data, particularly in cases where such processing is not legally justified.

Right to restriction or deletion: You may request the restriction or deletion of personal data where legally permissible.

Right to data portability: You may request that your data be transferred to another controller, where feasible.

Right to correction: You may request rectification of inaccurate or outdated information.

To exercise these rights, please refer to the contact information provided above. Requests are responded to in accordance with the timelines and procedures required under Swiss law.

Further information on data categories, retention periods, and recipients can be found in the "Detailed Information on the Processing of Personal Data" section of this policy.

7. Legal Jurisdiction

This policy is governed by the laws of the State of Delaware, United States. Claims arising under U.S. state privacy laws (including CPRA, VCDPA, CPA, CTDPA, etc.) may only be brought by residents of the respective state. Non-resident claims are expressly waived unless required by federal law.

8. Further Information for Users in Brazil

This section applies to Users located in Brazil and supplements the rest of this Privacy Policy. In cases of conflict or divergence, the provisions of this section take precedence for Brazilian Users, in accordance with Law No. 13.709/2018 – the General Data Protection Law (Lei Geral de Proteção de Dados, or "LGPD").

Legal Bases for Processing

We only process your personal information if there is a valid legal basis under the LGPD. These include:

Your consent to the processing of your personal data for specific purposes;

Compliance with legal or regulatory obligations incumbent on us;

Execution of public policies set forth by law or regulation;

Studies conducted by research entities, preferably anonymized;

Performance of a contract or preliminary procedures related to a contract to which you are a party;

The exercise of rights in judicial, administrative, or arbitration proceedings;

Protection of life or physical safety of you or another individual;

Health protection in procedures conducted by health professionals or entities;

Our legitimate interests, provided your fundamental rights and freedoms are not infringed;

Credit protection, as regulated under the relevant legislation.

If you would like clarification regarding the specific legal basis that applies to any particular processing, you are encouraged to contact us.

Your Rights Under the LGPD

As a Brazilian data subject, you are entitled to exercise the following rights:

Confirm whether we are processing your personal information;

Access your personal data held by us;

Correct incomplete, inaccurate, or outdated information;

Request anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;

Know about the possibility of denying consent and the consequences of such denial;

Know with whom we share your personal information;

Port your personal data to another service provider (except anonymized data and respecting commercial secrets);

Request deletion of data processed based on consent;

Withdraw your consent at any time;

File a complaint with Brazil's National Data Protection Authority (ANPD);

Object to processing based on non-compliance with legal provisions;

Request review of automated decisions that affect your interests, including profiling.

You will not be subject to any form of discrimination for exercising your data protection rights.

How to Exercise Your LGPD Rights

You may exercise your rights by contacting us using the contact details provided in this Privacy Policy. If acting through a legal representative, you must submit proof of such authorization.

Your request should specify whether you wish to receive a simplified summary or a comprehensive report of the processed data. We will respond within 15 days of receiving your request, providing all relevant details as required by law.

If your request involves correction, anonymization, deletion, or blocking, we will notify all third parties with whom we have shared your data, unless this proves impossible or requires disproportionate effort.

International Transfers of Data

Your personal data may be transferred internationally in accordance with LGPD requirements. Transfers are permitted under the following circumstances:

When necessary for international legal cooperation among public entities;

When required to protect your life or physical safety or those of a third party;

When authorized by the ANPD;

When arising from international agreements;

When necessary for the execution of public policy or legal obligations;

When required for the performance of a contract or its preliminary procedures;

When necessary to exercise rights in judicial, administrative, or arbitration procedures.

9. Further Information for Users in the United Arab Emirates

This section applies to Users located in the United Arab Emirates (UAE) and is provided in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). In the event of any conflict with other provisions in this policy, this section shall prevail for UAE Users.

Rights Under the PDPL

UAE Users are entitled to the following rights:

Access: Request access to and copies of your personal data;

Correction: Request correction of inaccurate or incomplete personal data;

Erasure: Request deletion of personal data in certain circumstances;

Objection: Object to processing for direct marketing purposes or other legitimate grounds;

Restriction: Request that we suspend the processing of your personal data;

Portability: Request transfer of personal data to another data controller where technically feasible.

You may also be entitled to learn whether your personal data is transferred internationally and to understand the legal and security safeguards in place.

Exercising Your Rights

You may exercise your rights by submitting a request via the contact details provided. We aim to respond to such requests within one month, free of charge, except where excessive, repetitive, or manifestly unfounded.

Data Security and Cross-Border Transfers

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Where your personal data is transferred outside the UAE, such transfers are performed in accordance with the PDPL's data transfer mechanisms, which may include adequacy decisions, contractual safeguards, or your explicit consent.

Breach Notification

In the event of a data breach that may result in a high risk to your rights and freedoms, we will notify the UAE Data Office and, where appropriate, you, without undue delay.

10. Further Information for Users in the United States

This section applies to Users residing in the United States, particularly in the following states where comprehensive data privacy laws are in force: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, and Montana. In cases where this section conflicts with general provisions of this Privacy Policy, this section shall prevail for such Users.

10.1 Categories of Personal Information Collected

In the past twelve (12) months, we may have collected the following categories of Personal Information:

• Identifiers: Name, email address, IP address, unique device identifiers.
• Internet/Network Activity: Browsing behavior, device data, search and click history.
• Commercial Information: Records of products/services purchased or considered.
• Geolocation Data: Where applicable and disclosed in service settings.
• Professional or Employment Information
• Inferences: Derived insights from other data.

This information is collected from your direct interactions, through automated tracking technologies, or third-party integrations.

---

10.2 Strategic Handling of Sensitive Personal Information

We process "sensitive personal information" as defined under U.S. state laws only when essential for service functionality (e.g., payments, fraud prevention) or where legally required. This category is limited to:

• (a) Financial account numbers with access credentials;
• (b) Precise geolocation (within 1,850 feet);
• (c) Government-issued identifiers (e.g., passport, driver’s license).

We do not treat categories like race, religion, or sexual orientation as sensitive unless required by law or explicitly provided by you.

---

10.3 Use and Disclosure of Personal Information

We do not process your Personal Information for materially different purposes than originally disclosed without your explicit consent. Your information may be:

• Used for targeted advertising, profiling, or essential service delivery;
• Disclosed to vendors or affiliates for operational needs;
• Shared for fraud prevention or legal compliance (not considered "sale" under law);
• Sold/shared for behavioral advertising only where permitted by law.

We do not knowingly sell or share personal data of minors under 16 years of age.

---

10.4 Your Rights Under U.S. State Laws

Depending on your state, you may have the following rights:

• Right to Know: Categories and specific data we have collected about you.
• Right to Access: Obtain a copy of your personal data.
• Right to Deletion: Request deletion of your personal data (with exceptions).
• Right to Correction: Fix inaccuracies in your personal data.
• Right to Data Portability: Receive your data in a portable format.
• Right to Opt-Out: Of sale/sharing and targeted advertising.
• Right to Limit Use of Sensitive Info: Restrict use to essential services.
• Right to Non-Discrimination: No penalty for exercising your rights.

Additional State-Specific Rights

• California: Rights to limit sensitive data usage and opt out of "sharing."
• Virginia, Colorado, Connecticut, Texas, Oregon: Rights to opt out of profiling and targeted ads.
• Minnesota: Rights to review automated profiling logic and third-party disclosures.
• Utah, Iowa: Opt-out rights for targeted ads and sensitive data usage.

---

10.5 How to Exercise Your Rights

You may exercise your rights by:

• Emailing us at privacy@digitalconglomerate.llc
• Clicking "Your Privacy Choices" at digitalconglomerate.llc/opt-out
• Enabling Global Privacy Control (GPC) in your browser

To verify your identity:

• Account holders: We may ask for login verification.
• Non-account holders: We may request a match of at least 3 unique data points.
• Authorized agents must provide signed authorization.

Requests that are manifestly unfounded, excessive, or repetitive (≥3/year) may be denied or subject to a reasonable fee, as permitted by law.

---

10.6 Our Response Timeline

We strive to respond to all valid requests within legally mandated timelines:

• Standard response time: 30–45 days
• Extensions: Additional 45 days, if necessary, with notification
• Appeals: Denials can be appealed within your state law rights

We do not charge for processing unless the request is excessive. If a fee is legally allowed, we will inform you in advance.

---

10.7 Summary of Opt-Out and Compliance Mechanisms

• Primary Opt-Out Method: Global Privacy Control (GPC) browser signal
• Backup Method: Website link to privacy choices page
• Exemptions: Non-sensitive analytics in IA, TN, NH, NE do not require opt-out

---

10.8 Disclosures That Do Not Constitute a "Sale"

The following disclosures are not considered "sales" under U.S. law and are exempt from opt-out requirements:

• Disclosures made for fraud prevention
• Compliance with subpoenas or legal orders
• Internal security incident response

If GPC is disabled and no opt-out action is taken, we do not treat “Do Not Sell” signals as valid.

---

11. System Logs, Cookies, and Maintenance

For the proper operation and ongoing maintenance of our services, we may collect system logs and metadata that include technical details of your device and browsing behavior. This includes, but is not limited to, your IP address, browser type, operating system, referring URLs, and time stamps of access.

Additionally, we use cookies and other tracking technologies ("Trackers") to facilitate session management, preferences storage, analytics, and marketing. These technologies may be set directly by us or by third-party service providers. You may control or disable these features via your browser settings or through cookie banners provided on our site.

Please consult our Cookie Policy for a more detailed breakdown of types, purposes, and retention schedules of cookies used.

12. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in legal obligations, our data practices, or service features.

Users will be notified of material changes via prominent notice on our website or via direct communication, where feasible. The effective date of each update will be clearly stated at the top of this document.

Where the legal basis for processing changes or new consent is required, we will seek such consent prior to implementing changes.

13. Definitions

Personal Data / Personal Information: Any data that identifies or can be used to identify an individual, either directly or indirectly.

Sensitive Personal Information: A special category of data that includes, for example, health status, financial account numbers, precise geolocation, and racial or ethnic origin.

Usage Data: Automatically collected technical data, such as IP addresses, browser metadata, pages visited, and interaction logs.

Sale / Sharing: Transfer of Personal Information to a third party for monetary or other valuable consideration or for cross-context behavioral advertising.

Targeted Advertising: The use of Personal Data to deliver advertisements based on User activity across websites or applications.

Controller: The entity that determines the purposes and means of processing Personal Data — in this case, Digital Conglomerate.

Processor: A third-party entity that processes Personal Data on behalf of the Controller.

Service: The websites, applications, and other online tools offered by Digital Conglomerate.

Tracker: Any technology — including cookies, pixels, or scripts — used to collect or store user data.

14. Contact

For questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact:

Digital Conglomerate, LLC131 Continental Dr, Suite 305Newark, DE 19713, United States📧 privacy@digitalconglomerate.llc

15. Efficiency Disclosures

15.1 Jurisdictional Limitations

Rights requests under non-Delaware U.S. state laws are processed only for verified residents of that state. Non-resident requests may be denied.

15.2 Technical Safeguards

We automatically discard unverifiable or incomplete rights requests (e.g., mismatched identity data, unsigned agent authorizations).

15.3 Cost Recovery

Manifestly unfounded or excessive requests may incur reasonable fees, as permitted under CCPA/CPRA § 1798.145(h) and VCDPA § 59.1-579(D).