GDPR Compliance Statement

Effective date: January 17, 2026

By using our services, websites and applications, you entrust us with some of your personal data. This is a great responsibility for us and we will make every effort to protect your data and keep it under your control.

This statement of compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as "GDPR") is addressed to our users and to our current and potential clients to familiarize them with our privacy policies and standards.

WHO ARE WE?

FinPlot sp. z o.o. with its registered office at ul. Złota 59, 00-120 Warszawa, Poland (hereinafter "FinPlot" or "Company"), is the owner of the electronic portal www.finplot.io (websites, systems) and all rights to it, equipment, software and equipment necessary for its operation.

FinPlot undertakes to comply with GDPR and strictly observe and protect data subjects in accordance with other applicable privacy regulations, depending on the jurisdiction of our operations.

GDPR COMPLIANCE

According to GDPR, FinPlot acts as a data controller for your personal data if you are:

• A user or guest of our portal or website
• A participant in our events
• A subscriber to our newsletters, mailings and social media accounts
• A current or potential client, supplier or business partner
• A shareholder or member of the Company's bodies

OUR PRIVACY PRINCIPLES

We are committed to adhering to the privacy principles and rules contained in GDPR, and in particular we strive to ensure:

• Your control over your information
• Transparency regarding the scope and purpose of data processing
• Lawfulness, fairness, necessity of processing for a specific purpose
• Accuracy, updating and deletion or anonymization when the processing purpose is achieved
• Security of processing, storage and transmission of data

DATA PROCESSING VERIFICATION

We are guided by the GDPR principle of accountability and conduct audits to identify and assess what personal data we have, where it comes from, how and why it is processed, and whether and to whom it is disclosed. The result of such an audit is documented and stored in a register of processing activities.

OUR POLICIES

The following policies and trainings have been implemented at the corporate and employee level to meet the requirements and principles of GDPR and other applicable data protection regulations:

• Online Privacy Policy – our policies and principles for the protection of personal data of data subjects outside the company
• Internal Privacy and Security Policies – a set of requirements for employees and a list of their obligations, data protection procedures, response to data subjects, response to data breaches, data retention and deletion rules, etc.
• Data Protection and Security Training – our mandatory awareness course aimed at familiarizing our employees with policies and procedures before granting them any access to personal data

HOW WE PROTECT PERSONAL DATA

To protect personal data, we use state-of-the-art security measures, including:

• Antivirus protection
• Vulnerability control
• Data encryption
• Intrusion detection system
• HTTPS protocol encryption for all data transmission

FinPlot is hosted on cloud services that provide comprehensive data protection and are certified according to ISO/IEC 27001:2013, 27017:2015, 27018:2019, and 9001:2015.

INCIDENT RESPONSE POLICY

The Company has defined a procedure for responding to information security incidents. Within the applied procedure, requirements for logging events of IT system elements are defined. Procedures for identifying and eliminating vulnerabilities in software and hardware components of the used infrastructure have also been defined and implemented.

ACCESS POLICY

The Company's access policy to information services provides for the use of a role-based model. This access model assigns minimum access rights necessary to perform official duties. Access rights to information services are regularly reviewed and updated.

YOUR RIGHTS

Under GDPR, you have the following rights:

• Right to information about data processing
• Right of access to your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

CONTACT

For questions regarding GDPR compliance or data protection, contact:

privacy@finplot.io

FinPlot sp. z o.o.
ul. Złota 59, 00-120 Warszawa, Poland
NIP: 5272941847 | REGON: 528473916