Privacy Policy

1. Introduction

In today's digital financial landscape, the protection and responsible handling of personal data is a top priority. Cobalt Financial Technologies Inc. is dedicated to providing leading financial management solutions with a strong commitment to safeguarding data. While our main focus is on small businesses, our interaction with various stakeholders requires us to process information, some of which pertains directly to you.

This Privacy Policy (the "Policy") outlines how Cobalt collects, uses, and shares your personal data ("Personal Information"). Furthermore, it clarifies your rights concerning your data when you engage with our services. For this Policy's purpose, "Cobalt," "we," "our," and "us" refer to Cobalt Financial Technologies Inc. and its affiliated entities, while "you" and "your" mean individuals or entities interacting with our services.

Given the varying data protection regulations across different regions, we've incorporated specific provisions based on users' locations:

• "Additional Disclosures for California Residents"
• "Additional Disclosures for Virginia Residents"
• "Additional Disclosures for Nevada Residents"
• "Additional Disclosures for Data Subjects in the European Economic Area, Switzerland, and the United Kingdom"

For any questions or feedback, please refer to the "Contact Us" section below.

2. Applicability of this Policy

This Policy is applicable to: (a) our suite of financial management solutions, inclusive of the tools and platforms facilitating access and utilization of these services (for example, app.joincobalt.com and our mobile applications) (termed as "Services"), (b) joincobalt.com (hereafter "Website"), and (c) all communication channels we employ, ranging from emails, promotional materials, to any venue, digital or physical, where our business intersects with you—this includes events like conferences or engagements on third-party social platforms (collectively branded as the "Business" alongside Services and Website).

In the realm of data protection, distinctions exist between entities that dictate the goals and mechanisms of data handling and those that merely process data under directives. The Cobalt Platform Agreement or any other documented contract ("the Agreement"), in tandem with stipulations set by our partnering financial institutions, delineates the contours of our Services offered to a business client (defined as a "Company"). When Cobalt manages Personal Information under the directive of a Company to deliver the agreed-upon Services, such actions are governed by the Agreement's clauses and the directives of the Company, sidelining this Policy. If your intention is to exercise rights over Personal Information that we're handling on a Company's behalf, it's recommended to liaise directly with the relevant Company. Communications we receive in this context might be relayed to the Company for further action. It's pertinent to note that our accountability doesn't extend to the privacy practices of our business clients, which may deviate from our Policy's provisions.

Additionally, this Policy doesn't encompass third-party applications or services interfacing with our Services or any offerings rendered by different entities under their distinct terms and privacy stipulations (collectively termed "Third-Party Services"). To illustrate, a Company might synchronize its Services account ("Cobalt Account") with external systems such as accounting software, email platforms, HR databases, bank accounts at various financial institutions, e-commerce solutions, among others. While these Third-Party Services amplify the efficacy of our offerings, they function outside our Service umbrella, operating under their proprietary terms and policies.

If you're not in agreement with the stipulations of this Policy, we advise refraining from accessing or using our Services, Website, or any other facet of our Business.

3. Data Processing by Cobalt

At Cobalt, we meticulously handle and process information through our various Service channels, Websites, and additional business interactions. If you provide details about another person, it implies you possess the requisite permissions to do so and have made sure to abide by any required disclosures and received any mandatory permissions before sharing the data. If you suspect any information is shared with us inappropriately, kindly alert us as described in the "Contact Us" section below.

A. Information Directly Submitted to Cobalt

When you actively engage with our Business, we receive:

• Personal Details: Including your full name, email, phone number, professional designation, employer, and physical address.
• Engagements and Feedback: Encompassing any outreach to our sales or support teams, feedback on products, or general business communications.
• Submitted Documents: Such as documents, files, or any data you share, potentially including details about you or your business.
• Third-Party Contacts: Data about your colleagues, potential referrals, or vendors—essentially their contact details.
• Job Application Materials: Covering details from your resume, academic transcripts, written samples, and references, enabling us to evaluate your application.

Should you, or anyone from your Company, initiate the process to create a Cobalt Account, we might collect relevant personal and company-specific details. This data aids us in ensuring the identity of potential customers, aligning with the regulatory environment, and enhancing your Cobalt account experience.

As a part of delivering our Services, we access more in-depth information from or about a Company and its Authorized Users, such as:

• User Data: Login credentials, contact details, and other particulars used by a Company to manage its Authorized Users.
• Transaction Insights: Details related to your financial transactions, like purchase details, payment method, location, and any associated notes.
• Connected Service Data: Data associated with Third-Party Services linked to Cobalt, which might be shared during account creation or post that phase.
• Operational and Workflow Data: Information about your Company's financial limits, approval processes, and related workflows.
• Travel Details: Business trip bookings and schedules.
• Receipts & Invoices: Information for invoice payment and receipt processing, including photos or e-mails.
• Vendor Information: Essential data about your Company's vendors, including their payment details and tax-related information.

B. Data Autonomously Collected by Cobalt

When using our platforms and Services, certain data gets automatically recorded:

• Usage Patterns: Data around the content you engage with, the features you use, and your overall interaction duration.
• Device Insights: Details about your browsing device, its operating system, your internet service provider, and identifiers such as IP addresses.
• Geographic Data: Approximate locations derived from your IP address or company details.

We employ various technological tools, such as log files, cookies, pixels, device fingerprinting, and SDKs to optimize our data processing. For an in-depth understanding, please consult our Cookie Policy. Altering your device settings might allow you to limit certain data collections, but could potentially restrict some features. Refer to our "Analytics and Advertising" and "Your Rights and Choices" sections for more clarity.

C. Data Cobalt Gathers from Other Sources

We collate data from various external sources, which could include:

• Financial Partners: Such as banks or accounting service providers that facilitate our Services.
• Identity & Compliance Verification Entities: They enhance our understanding of businesses and help maintain security and regulatory compliance.
• Business Vendors and Users: For instance, a merchant might share their payment and tax details for smoother transaction processes.
• Service Providers: Those who assist in our Business operations.
• Social Media and Ad Platforms: To refine our marketing strategies.
• Marketing & Partnership Entities: Our collaborators for marketing and referral programs.
• General Data Providers: Offering insights into industries, trends, and other relevant business arenas.
• Public Data: Information in the public domain helping us in due diligence and potential customer identification.

The data spectrum we gather from these sources could encompass all categories specified in prior sections. We ensure that the data acquired from external sources adheres to all applicable laws and obligations.

4. How Cobalt Uses Information

Cobalt values the trust you place in us. We utilize the information in alignment with business and commercial objectives, as detailed in this Policy. Furthermore, Cobalt leverages this data to optimize our Services, Website, and overall Business operations:

Delivering and Upgrading our Services, Website, and Business. To facilitate, oversee, and enhance our Services, Website, and diverse facets of our Business. This includes steps like customer verification, ensuring optimal platform experience, addressing any technical glitches, preventing interruptions, and gauging usage patterns and user behaviors.

Engaging with You. We dispatch announcements, updates, security warnings, details about alterations to our policies, terms, and to support any administrative communications.

Safety and Fraud Mitigation. Our aim is to sustain the security of our Business, and to manage any potential risks. This involves diagnosing and resolving any Service-related issues, probing suspicious actions, curbing potentially fraudulent or unauthorized transactions, safeguarding against breaches of our guidelines, terms, and defending against potential threats, sometimes using automated systems.

Adherence to Legal Requirements and Rights Assertion. To meet legal, regulatory, and contractual mandates. This covers liaising with governmental bodies, judiciary, and regulators as per the prevailing laws, retaining records to validate adherence to laws and regulations, defending our lawful rights, and seeking available legal recourses.

Cobalt Advantages. Should you or your organization opt to benefit from our rewards or incentive schemes, we analyze eligibility and administer these programs efficiently.

Innovation and Business Augmentation. We constantly strive to refine our Services and Business facets to serve our users better. This could involve enhancements based on your utilization patterns, feedback, or transactional information.

Review and Research Initiatives. For internal reporting, inspection, and research goals, such as undertaking focus group discussions and opinion surveys.

Promotions and Outreach. To conceptualize, dispatch, and assess promotional material, marketing initiatives, and details regarding our products, special offers, events, and Services. Occasionally, we might resort to personalized advertising techniques, including those driven by specific interests. We respect your choices; if you've linked external accounts or services to Cobalt, we ensure not to use this data for promotional intents on external platforms.

Generating Anonymized Information. We strive to create anonymized data by eradicating or concealing details that could lead to your identification. This is further consolidated or combined with other data sets.

Based on Your Instructions. To cater to any other requirement you signify, particularly as conveyed through your or your organization's interaction with our Service utilities. Say, if you direct us to integrate your Cobalt Account with a third-party platform or service, we heed to that request.

Informed Consent. Beyond the scenarios enlisted above, should there arise a need to utilize the gathered data in any other context, we'll ensure to notify you first and proceed only post your consent.

Notwithstanding the above, Cobalt might utilize non-identifiable data for any function deemed permissible by governing laws or contractual obligations binding us. For an insight into your rights and options concerning the management of your Personal Information, please consult the "Your Rights and Choices" segment that follows.

5. Disclosure of Information by Cobalt

Cobalt is committed to maintaining the trust of its users. We outline our practices concerning the disclosure of information in this Privacy Policy. The parties to whom we disclose information encompass:

Service Collaborators. We share information with partners that process data on Cobalt's behalf. They aid us in services such as data management, website maintenance, analytical solutions, and user support. Cobalt enforces contractual terms to deter these partners from using or revealing your information beyond what is necessary for our services. However, we might allow them to handle non-personal data (like aggregated or anonymized data) for diverse purposes, unless restricted by law or contract. Detailed data about our service collaborators is accessible on our Security Portal.

Affiliate Entities. Information might be disclosed to our affiliated entities and divisions.

Business Patrons. Cobalt shares data with our business patrons to facilitate them in availing our Services. For instance, we may share details with your firm for transaction processing, to provide Services, to report on your Cobalt account's activity, cater to queries, and ensure legal adherence. Moreover, companies can designate specific roles to authorized personnel, each with distinct access and permissions. Such designations may allow certain company members, like your finance team or manager, to view your Service activity. Our business patrons operate independently, and their data processing is governed by their respective terms and policies.

Connected Platforms. We share data with Third-Party Services and their providers if integrated with our Services by you or your organization.

Identity and Customer Verification. To ensure a secure environment, we share data as required to confirm your identity and other compliance checks.

Banking Associates. Cobalt collaborates with banking partners to back their identification, risk management, and regulatory compliance. This might necessitate sharing contact details, identifying particulars, and company documentation to ensure your firm's eligibility for financial products and services, including payment tools and international transfers, via Cobalt.

Merchants and Console Users. Relevant data might be shared with businesses that your company transacts with or seeks support from, such as notifying a vendor about your company's payment status.

Credit Bureaus and Financial Institutions. Information concerning your company and its Cobalt account might be shared with credit agencies to affirm your company's credentials, report its financial conduct, or highlight any financial inconsistencies.

Cobalt Benefits. We might share data related to your and your company's Cobalt account to determine eligibility for specific benefits and ensure the effective management of these schemes.

Promotion and Publicity. We disclose data to advertisers, platforms, analytical agencies, and other stakeholders for marketing and advertising motives. For additional insights into our online advertising, refer to the "Analytics and Advertising" segment. If you've linked external financial accounts with your Cobalt account, rest assured, this information will not be used for promotional activities on third-party platforms.

Business Transitions. In scenarios involving potential mergers, acquisitions, or asset transfers, pertinent information might be disclosed.

Security, Fraud Prevention, and Legal Mandates. Cobalt may disclose data to adhere to legal norms, scrutinize dubious activities, and on lawful requisitions from regulators, law enforcement, financial institutions, or other governing bodies. This is to ensure our platform's integrity and safeguard our users' interests.

Referrals and Collaborative Marketing. Information may be shared with our associates for streamlining referral partnerships or executing joint marketing initiatives. If a referral led you or your company to Cobalt, we might share details with the referring partner to confirm your registration status and compute the referral incentive.

Upon Your Instruction. Information is disclosed based on your explicit instructions.

With Prior Notice and Your Consent. For any purpose not listed above, we'll disclose information post notifying you and obtaining your approval.

Above all, Cobalt may disclose non-identifiable data (like aggregated or de-identified data) for any legitimate purpose, unless explicitly restricted by laws or contractual terms binding us. To learn about your rights and choices concerning how your information is shared, please review the "Your Rights and Choices" section that follows.

6. Analytics and Interest-Based Advertising

Within the parameters of laws pertinent to Cobalt's operations, we employ analytical services like Google Analytics to decode the ways users interact with our platform and utilize our services. Simultaneously, we collaborate with agencies, promotional partners, ad networks, and technological service providers to showcase Cobalt's advertisements across diverse digital platforms and services. As such, you might come across our ads on platforms like Google, LinkedIn, and Facebook, as well as on a range of other websites and digital services.

To enrich this advertising process, we integrate tracking technologies into our platform and communication channels, such as emails. These technologies might also be part and parcel of the ads we circulate on third-party platforms and services. Some of these tracking tools are designed to monitor your activities over diverse intervals and on various services. The objective behind this is to recognize and synchronize the multiple devices you might employ, ensuring that the ads and content relayed to you are aligned with your preferences and interests, a strategy commonly referred to as "Interest-based Advertising".

For a comprehensive understanding of the tracking tools Cobalt deploys, and to get acquainted with your rights and choices concerning analytics and Interest-based Advertising, please navigate to the "Your Rights and Choices" section that follows. It's worth noting that even if you decide against tailored advertising, you'll still encounter advertisements, which could include those from Cobalt.

7. Data Transfer

Cobalt's operations are rooted in the United States. Consequently, any Personal Information you provide to us may be channeled to, processed, utilized, overseen, and housed within the United States and potentially other jurisdictions. It's crucial to recognize that the data protection protocols and regulations in the United States or these other jurisdictions may not mirror those of your residing country.

For personal data streams originating from the European Economic Area, Switzerland, or the United Kingdom, Cobalt pledges to embed robust safeguards. This might entail the adoption of standardized contractual clauses relevant to the data in question. For in-depth insights on these data transfers and the corresponding safeguards we've institutionalized, please consult the "Additional Disclosures for Data Subjects in the European Economic Area, Switzerland, and the United Kingdom" segment that follows.

8. Additional Important Information

Security: At Cobalt, we prioritize your safety. We've implemented a combination of organizational, technical, and administrative strategies to safeguard your Personal Information against theft, loss, unauthorized access, alteration, misuse, and unauthorized disclosure. However, it's essential to understand that while we strive to protect your data, no digital transmission or information security system can guarantee absolute security.

Use by Minors: Cobalt's Services and overall business operations are not targeted towards minors. We consciously refrain from gathering personal data from children below the age of 13, as defined by the U.S. Children's Privacy Protection Act or "COPPA." Furthermore, we do not knowingly engage in the "sharing" or "selling" of personal information of minors below the age of 16, especially those residing in California, as defined under the California Privacy Rights Act. If you, as a guardian or parent, suspect any breaches concerning this guideline, kindly reach out to us as described in the "Contact Us" section below.

Modifications to this Privacy Policy: Cobalt reserves the privilege to modify and republish this Policy as needed. In situations where we maintain a professional relationship with you, or you are affiliated with a Company or recognized as an Authorized User, we may notify you of any updates through our Website, your Company's Cobalt Account, or directly using the Contact Information you've provided. On the other hand, for individuals without a direct engagement with us, such as website visitors, our notifications will appear prominently on our website. The revised privacy notice takes effect either upon its online posting or its direct communication to you. We urge you to revisit this Policy periodically to remain informed about how we manage, use, and possibly share your Personal Information.

9. Your Rights and Choices

Region-Specific Rights: Depending on where you are located, you may be entitled to specific rights regarding your personal data. For details based on your location, please refer to the end of this Policy.

Cobalt Account: Cobalt's offerings are primarily tailored for business clientele. Access to a Cobalt Account is reserved for employees or Authorized Users linked with a business having an established Cobalt Account. The data within a business's Cobalt Account is shaped by our mutual Agreement. Should you have queries about how we process Personal Information on a company's behalf, please engage with that company's administrative heads. As an Authorized User, you might have permissions to view, modify, or eliminate certain information within the Cobalt Account. However, the company and its designated administrators hold the primary responsibility for such data management.

Choices Regarding Tracking Technologies:

• Cookies and Pixels: Most digital devices and browsers are set to accept cookies. You can guide your browser or device to reject or remove cookies via its settings. For adjusting your cookie preferences for our site, refer to our provided link. When employing multiple devices or browsers, ensure each is set according to your preference.
• Do Not Track: Some browsers offer a "Do Not Track" feature, signaling sites to limit user tracking. It's essential to recognize that there's no unanimous agreement on how these signals should be treated. Hence, until there's a legal mandate, Cobalt does not interact with these signals. If you're residing in California, there are provisions to decline sales or sharing based on these signals. For more, review the "Additional Disclosures for California Residents" section.

Remember, if you alter or eliminate certain tracking features, it may impact our platform's functionality for you.

Analytics and Advertising Choices: Google extends options to opt out from specific data collections:

• Google Analytics
• Google Display Advertising

Cobalt collaborates with various companies for targeted advertisements. A majority of these partners are affiliated with the Digital Advertising Alliance ("DAA") or the Network Advertising Initiative ("NAI"). For insights and to opt-out from specific ad targeting, visit:

• DAA-based advertising
• NAI-affiliated advertising

Selecting to opt-out signifies that associated partners will not display certain targeted ads to you. However, it doesn't translate to an ad-free experience. Any targeted advertising is conducted within legal constraints.

Keep in mind, opting out is browser or device-specific. Cobalt isn't accountable for the functionality or adherence of third-party opt-out options.

Communication Preferences:

• E-mails: To stop receiving our promotional emails, follow the provided steps in our emails. Additionally, preferences can be modified through links provided for non-customers and Authorized Users. Do note, emails related to business operations or transactions cannot be opted out of.
• Text or SMS Messages: If you've chosen to get SMS updates about our services, you can exit anytime by texting "STOP" to the provided number. Upon sending "STOP," you'll receive a confirmation and won't get further messages. We guarantee not to market, rent, or sell your messaging consent data. For specifics, please view the Agreement.

Do remember that opting out is linked to the email or number provided and won't impede future communications.

10. Contact Us

Where applicable, to exercise your rights regarding your Personal Information, or if you have any more general questions or concerns about this Policy, our data practices, or our compliance with applicable law, please contact us by email.

In order to exercise your rights concerning your Personal Information, please note that for verification purposes, we might need additional details from you. If verification is unsuccessful, we may refuse your request.

11. Additional Disclosures for California Residents

These disclosures are specifically tailored for California residents as per relevant regulations.

Notice of Collection:

As mandated by the California Consumer Privacy Act enriched by the California Privacy Rights Act ("CPRA"), businesses are required to provide explicit disclosures and avenues to exercise user rights. Within the previous year, Cobalt has accumulated the following personal data as stipulated by the CPRA:

• Identifiers: This encompasses names, email addresses, postal addresses, and online identifiers (like IP addresses).
• Customer records: This includes phone numbers, billing addresses, and bank-related information.
• Data indicating protected classifications under California or federal laws, such as gender.
• Commercial or transactional details, which includes records of products or services availed, contemplated, or purchased.
• Digital activity data: This covers browsing history, application interactions, search records, and interaction with emails or advertisements.
• Approximate geolocation data.
• Details regarding employment and educational background.
• Inferences based on the above data regarding your anticipated behavior and preferences.

For an in-depth understanding of the data we accumulate, its sources, and its uses, kindly revert to the "Data Processing by Cobalt" and "How Cobalt Uses Information" sections. The disclosure of this data to third parties is elaborated in the "Disclosure of Information by Cobalt" segment.

Right to Knowledge, Rectification, and Deletion:

California residents have the prerogative to:

• Understand the categories and specific pieces of personal information collected.
• The origin of such data.
• The intent behind its collection and any business or commercial purposes for its use.
• Understand any third parties with whom the data might be shared.

Moreover, unless exceptions apply, you have the right to correct or erase the personal data we have on record.

To practice any of these rights, please reach out to us as described in the "Contact Us" section. For verification purposes, we might need additional details from you. If verification is unsuccessful, we may refuse your request.

If Cobalt has processed your data as a service provider for another enterprise, it's advisable to contact the respective enterprise for your data rights.

Further Notice and Opt-Out:

Cobalt's primary business revolves around financial solutions for businesses, not the sale of personal information. Nevertheless, under CPRA guidelines, specific marketing practices might be interpreted as "sharing" or "selling" even without monetary exchange. Such definitions cover disclosures for cross-context behavioral advertising or disclosures exchanged for value. As per these broad definitions, we might collect, share, or sell categories of personal data for business motives. If our advertising methodologies are classified as "share" or "sale" of your data, you can opt out by adjusting your cookie preferences for our Website or activating Global Privacy Control on your browser. Since these settings are browser or device-specific, you'll have to set them individually.

Data Retention:

Cobalt retains every category of personal data for the duration deemed reasonably necessary for its intended purpose. This also helps us to meet legal requirements, address disputes, deter fraudulent activity, and enforce our contracts.

Authorized Representatives:

You can nominate an authorized agent to forward requests on your behalf. However, we might ask for documentary proof of the agent's authorization and validate your identity personally.

Right to Non-Discrimination:

You reserve the right to not undergo any prejudicial treatment by Cobalt for asserting your rights.

Shine the Light:

Californian users can demand (i) a list of personal data categories shared with third parties for their direct marketing endeavors in the preceding year; and (ii) the categories of such third parties. To action this request, please reach out to us as described in the "Contact Us" section. We might ask for further details to verify your identity and are obligated to cater to one request per calendar year.

12. Additional Disclosures for Virginia Residents

The Virginia Consumer Data Protection Act ("VCDPA") grants additional rights specifically to the residents of Virginia. This section is dedicated to elucidating those rights and is exclusively applicable to Virginia residents operating in a personal or household capacity.

As a Virginia resident, under the VCDPA, you are endowed with the following rights:

1. To ascertain if we are handling your personal data.
2. To access the personal data we have about you.
3. To amend any inaccuracies present in your personal data.
4. To request the removal of your personal data.
5. To receive a copy of your personal data that you've previously shared with us, presented in a format that's both portable and easily accessible.
6. To decline the processing of your personal data concerning targeted advertising, selling of the personal data, or any profiling that leads to decisions having legal or similarly significant implications on you.

Cobalt, primarily engaged in delivering superior financial solutions to businesses, is committed to ensuring the highest standards of data privacy. If you wish to exercise any of the rights mentioned above, kindly reach out to us as described in the "Contact Us" section. For verification purposes and to process your request efficiently, we may need specific details from you to corroborate your identity.

Should your personal data have been processed by Cobalt as a facilitator on behalf of a business partner and you intend to utilize any rights associated with such data, please direct your queries to the concerned business partner.

13. Additional Disclosures for Nevada Residents

Pursuant to Nevada statutes (NRS 603A.340), businesses are mandated to earmark a specific request address. This is for Nevada consumers to forward requests instructing the business not to sell particular types of personal information that the business has or will gather about the consumer. Within the scope of Nevada law, a sale constitutes the transfer of personal information in return for monetary compensation by the business to an external party. This external party may then license or further sell the personal data to additional third parties.

Cobalt, focusing primarily on providing advanced financial solutions to businesses, doesn't generally partake in the sale of personal information in the conventional sense. However, if you are a Nevada consumer and wish to forward a request in relation to our adherence to Nevada regulations, please reach out to us as described in the "Contact Us" section. We might ask for further details to verify your identity.

14. Additional Disclosures for Data Subjects in the European Economic Area, Switzerland, and the United Kingdom

Roles.

Cobalt may process personal data in line with the directives of or on behalf of our business clients, particularly when offering financial solutions under a specific agreement. Within this framework, Cobalt operates as a processor while the business client serves as the controller. Additionally, Cobalt may assume the role of a controller when deciding on the processing of personal data in various contexts outlined in this Policy, such as adhering to regulatory standards pertinent to our business model.

Lawful Basis for Processing.

European data protection statutes stipulate a "lawful basis" for processing personal data. Cobalt's lawful bases encompass: (a) instances where you have granted consent for processing for specific purposes, either to us or to our partners, service providers, or business clientele; (b) scenarios where processing is vital for contract fulfillment; (c) situations demanding processing in adherence to a legal mandate; or (d) circumstances where processing aligns with the legitimate interests pursued either by us or a third-party entity, provided your rights and foundational freedoms don't supersede these interests.

International Transfers.

Your personal data may be routed to our operational hubs in the United States or to our service associates or other third parties based in the U.S. or other nations. This could imply transferring your personal data to countries that adopt different data protection norms than those in the European Economic Area, Switzerland, or the United Kingdom.

While certain countries benefit from a European Commission and/or UK government adequacy resolution, Cobalt has incorporated relevant European Commission or UK government-endorsed standard contractual clauses with pertinent third parties. This ensures the shielding of your personal data through suitable measures. Cobalt might also employ other sanctioned data transfer mechanisms.

Your Data Subject Rights.

European regulations bestow specific rights concerning your personal data. Subject to applicable norms, you're entitled to access, rectify, request erasure of, or transfer your personal data, and to contest its processing. When our data processing stems from legitimate interests (as delineated above), you may possess the right to challenge this. Additionally, in select situations, you might hold the right to restrict your personal data's processing. These entitlements could be curtailed, for instance, when we can verify legitimate reasons for processing your personal data. Also, you have the privilege to request us not to subject your personal data to processing for marketing purposes or other materially distinct purposes from its original collection intent or any subsequent authorization on your part. Any consent-based data processing can be revoked at any juncture.

To action any of these rights, please reach out to us as described in the "Contact Us" section. We might solicit specific details for identity verification and efficient request processing. If Cobalt has processed your data as a processor on a business client's behalf and you wish to exercise your rights regarding such data, please consult our business client directly.

Retention of your Personal Data.

Be informed that Cobalt retains personal data as long as required to cater to the purposes it was garnered for from you and/or our business clientele. We might also continue to keep and employ your personal data to satisfy our legitimate interests, abide by or prove compliance with legal/regulatory mandates, resolve disputes, prevent fraudulent activities, and enforce our rights.

We earnestly hope to address any concerns about our data processing approach. Nevertheless, if you find our compliance lacking, reach out to us as described in the "Contact Us" section. You also reserve the right to submit a complaint with your jurisdiction's data protection regulator concerning unresolved issues. Such complaints can be submitted where you reside, work, or where any alleged breach of data protection norms transpired.