This policy sets out the basis on which DAOGenics Ltd. (collectively “DeBio”, "we", “us” and ”our”) collect personal data from you and how we process such data.

Your privacy is important to us. It is DeBio's policy to respect your privacy and comply with any applicable law and regulation regarding any personal data we may collect about you, including any data you may provide through this Application when you sign up to or purchase a service or product.

By visiting, accessing, or using our platform, website, and services (“Services”) or any other applications or software we provide from time to time (collectively our "Application"), you accept and consent to the practices set out below. Further, you acknowledge that every personal data that you have provided or will provide is yours to share and is true and accurate.

1. COLLECTION OF PERSONAL DATA

1.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

1.2 For the purposes outlined in Clause 2, we may collect, use, store, and transfer the following personal data about you:

(a) information you give us – information that you provide us (which may include identities of genetic analysts involved in the delivery of the Services such as profile picture, first name, last name, username or similar identifier, email and phone number, date of birth and gender) by filling in forms on our Services or in our Application, or by corresponding with us (by phone, email or otherwise), for example:

(i) when you register for an account with us for our Services or Application;

(ii) when you make payment for using our Services or Application;

(iii) when you report any problem to us;

(iv) when you use certain features on our Services or in our Application;

(v) when you request any support from us; or

(vi) when you complete any survey or questionnaire we send you.

(b) information we collect about you – information automatically collected when you visit or use our Services or Application, includes but not limited to:

(i) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet and your log-in information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

(ii) the content, communications, and other information that you provide or share;

(iii) all communication that you made when you are using the Services or Application; and

(iv) information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Services or Application (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

1.3 Any third party information that you provide, by way of using our Services or Application, you undertake and warrant to us that you are authorized to share and disclose such third party information to us and the same third party has given informed consent to you to the collection, processing, use, and disclosure by us of their information, including any personal data. If we receive personal data about you from a third party, we will protect it as set out in this privacy policy.

1.4 Please note that labs will collect your genetic samples to provide test results as part of the Services. However, the labs do not have access to data that may identify to whom such samples belong to.

2. USES MADE OF THE PERSONAL DATA

2.1 We will only use your personal data when the law allows us to. Most commonly, we use your personal data for the following purposes or circumstances:

In relation to the Services and Application

(a) Request Service, Request Test, and Genetic Analysis Service include providing you with and granting you access to our Services and Application, including to make suggestions and recommendations to you relating to the Services and Application, and processing your orders;

(b) improving and developing our Services and Application;

(c) researching, designing and launching new features or products;

(d) presenting content and information on our Services or in our Application in the most effective manner for you and for the device you use;

(e) providing you with alerts, updates, materials or information about our services or other types of information that you requested or signed up to;

(f) providing customer service and support to you in relation to your use of our Services and Application;

(g) notifying you regarding any changes to our Services or Application, including any changes to the terms of use or privacy policy of our Services and Application;

(h) communicating with you and responding to your questions or requests;

(i) handle complaints made by or related to you in connection with the Service or Application, which will be stored to prevent and detect fraud, infringement, and other potential misuse;

(j) for direct marketing purposes (please see further details in Clause 2.3 below);

2.2 Your personal data will not be further processed in a manner that is incompatible with the purposes in Clause 2.1. above. Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.

Compliance

(a) verifying your compliance with the terms and conditions governing the use of our Services and Application, including but not limited to our terms of use and this privacy policy;

(b) complying with laws and regulations applicable to us in or outside of Indonesia;

(c) responding or taking part in legal proceedings, including seeking professional advice;

(d) complying with any mandatory investigations pursuant to any applicable laws and regulations, to prevent or take action regarding unlawful and illegal activities, suspected fraud, potential threat to the safety or security of any person, violation to the terms and conditions governing the use of our Services and Application, including but not limited to our terms of use and this privacy policy, or as defense against legal claims as necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;

(e) fulfill any legal, regulatory and compliance requirements that apply to us and our Services and Application based on the applicable laws and regulations, as well as compliance with applicable agreements relating to the implementation of our Services and Application;

(f) implement the instructions or policies of the government, regulatory bodies, or authorized agencies;

(g) carry out our obligations in relation to any agreement with our business partners or contractors;

(h) process our internal process such as audit and taxation matters;

Others

(i) conduct surveys, research, evaluations, data analytics, academic study and/or product or services development, either by us or other third parties; and

(j) purposes directly related or incidental to the above.

2.3 We intend to use your personal data in direct marketing (i.e., offering or advertising products or services by sending the relevant information directly to you). For the purpose of this clause:

(a) the personal data that may be used in direct marketing are those that you provide to us or we collect from you under Clause 1.1 above;

(b) the type of Services that may be offered or advertised will be determined by us from time- to-time;

(c) the relevant data may be sent to you by us;

(d) you may opt out any time by sending a written request to the contact provided in Clause 11. We will cease to send you marketing information without charge.

3. DISCLOSURE OF YOUR INFORMATION

3.1. We will keep your personal data that we hold confidential but you agree we may provide your personal data to:

(a) personnel, agents, advisers, auditors, contractors, financial institutions, and service providers in connection with our Services and/or Application (for example staff engaged in the fulfilment of your request, the processing of your payment, and the provision of support services);

(b) our overseas offices, affiliates, business partners, market researchers, and counterparts (on a need-to-know basis only);

(c) persons under a duty of confidentiality to us;

(d) the relevant parties where we are anticipating or exercising corporate actions such as mergers, acquisitions, transfer out of the Services, sell or transfer all or a portion of our business or assets, or in the unlikely event of bankruptcy or insolvency;

(e) persons to whom we are required to make disclosure under applicable laws and regulations in or outside of Indonesia, such as, tax authorities, regulators, and other authorities based in Indonesia who require reporting of processing activities in certain circumstances;

(f) actual or proposed transferees of our operations (or a substantial part thereof) in or outside of Indonesia;

3.2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. In addition, at our sole discretion, we will reasonably audit algorithm or other automated program to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. Please note that the end-user’s datasets will remain in our Network’s Privacy Cloud Storage.

4. COOKIES

4.1 Our Services or Application use cookies to distinguish you from other users of our website by storing, generally non-personally identifiable, information (e.g., session information such as the number of times you visit our Services or Application and the location from which you are accessing the Services or Application). Note that some limited information is personally identifiable for the purposes of:

(a) managing and customizing your experience on the Services or Application;

(b) analysing trends and improving our Services or Application for our users; and

(c) delivering content tailored to your interests and the manner in which you browse our Services or Application.

Any other information is anonymized and/or aggregated to produce statistical reports that enable us to evaluate the use of our Services or Application; and to make improvements to, and increase efficiency when you browse our Services or Application.

4.2 We use first party cookies that are set by us. Cookies are small files which are placed on your computer when you access a website or app – amongst other things, they help the website user to navigate efficiently between pages and the website operator to track usage of the site.

4.3 By using our Services and Application, you agree to the use of cookies and other technologies as set out in this privacy policy. If you do not agree to such use, you may either disable our cookies by adjusting your settings, or refrain from using our Services or Application. Your browser will enable you to disable, control or delete cookies if you wish. Further information about disabling our cookies can be found in the “Help” section of your browser or at www.allaboutcookies.org. However, you should note that if you choose to do this, it may have an impact on the quality of your browsing experience.

5. THIRD-PARTY SITES

Our Services or Application or our communication with you may from time to time contain links to third-party websites over which we have no control. If you follow a link to any of these websites, please note that they have their own practices and policies. We encourage you to read the privacy policies or statements of these websites understand your rights. We accept no responsibility or liability for any practices of third-party websites.

6. DATA SECURITY

6.1 If a password, a private key, or a secret phrase (collectively “password”) is used to help protect your accounts and account information, it is the responsibility of you to keep the password confidential.

6.2 We use reasonable and commercially acceptable technical, administrative, and physical security measures for the purpose of safeguarding all information you shared with us and preventing the loss, theft, misuse or unauthorized access, disclosure, copying, use, or modification of personal data by unauthorized parties.

6.3 Regardless of the steps and precautionary actions that we take, unauthorized entry or use, and hardware or software failure, may happen and compromise the security of personal data. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, even though we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6.4 You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our Services. We will notify you, which may include through electronic means, of any unauthorized access to your personal data that we process and store.

6.5 Further, we are not liable to nor can we fully control the actions of other users with whom you may choose to share your information. You hereby acknowledge that we are not responsible, in particular, for any third-party action or action on your part leading to loss, damage or harm to you or any other person. Further, we will not be liable for any loss incurred by you for any information loss or theft due to unauthorized access to your electronic devices through which you avail our Services or Application.

7. STORAGE AND CROSS BORDER DATA TRANSFER

7.1 We only keep your personal data for so long as it is necessary and permitted by applicable laws and regulations. This time period may depend on what we are using your data for, in accordance with this privacy policy. If your personal data is no longer required, we will make it anonymous by removing all details that identify you. However, if necessary, we may retain your personal data for our compliance with a legal, regulatory, tax, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

7.2 Your personal data is stored in decentralized systems, including but not limited to DeBio Blockchain Network and Interplanetary File System, and other data storage infrastructures that we use to provide the Services and Application. When you are using our Services or Application, your personal data may also be stored or processed outside of your country by our personnel who work for us in other countries, or by our third-party service providers, vendors, suppliers, partners, contractors or affiliates.

7.3 Please be aware that the locations to which we store, process, or transfer your personal data may not have the same data protection laws and regulations as the country in which you initially provided the data. We will comply with the applicable laws and regulations and use all reasonable efforts to ensure that our affiliates abroad and all such third-party service providers provide a level of protection that is comparable to our commitments under this privacy policy.

8. YOUR LEGAL RIGHTS

8.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

(a) withhold your personal data from us, with the understanding that your experience of our Application may be affected;

(b) check whether we hold personal data about you;

(c) access any personal data we hold about you;

(d) require us to correct inaccurate, out of date, incomplete, irrelevant, or misleading personal data we hold about you;

(e) to the extent permissible under applicable laws and technologically feasible taking into account reasonable implementation costs, require us to “delete” any personal data we hold about you by deleting all keys that enable decryption of that data, but please be aware that the encrypted data would remain permanently on the blockchain due to its immutable nature of data,

by sending your request in writing to the contact provided in Clause 11 and provide us with your valid proof of identity along with the personal data you wish to check, access or correct.

8.2 Any such request may be subject to a small administrative fee to meet our cost in processing your request.

8.3 You always retain the right to withhold personal data from us, with the understanding that your experience of our Application may be affected. We will not discriminate against you for exercising any of your rights over your personal data. If you do provide us with personal data you understand that we will collect, hold, use and disclose it in accordance with this privacy policy.

8.4 If you have previously agreed to us using your personal data for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.

8.5 If you believe that we have breached a relevant data protection law or regulation and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

8.6 We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

9. CHILDREN’S PRIVACY

9.1 We do not aim any of our Services directly at children under the age of 17, and we do not knowingly collect personal information about children under 17. If you are under the age of 17, please seek your parent or guardian’s permission before you provide any personal data to us. Without this consent, users under 17 years old will not be allowed to provide us with personal data. You hereby represent and warrant to us that you are at least 17 years old or that you have obtained consent from your parent/legal guardian to accept and comply with this privacy policy on your behalf and take accountability for your activities on our Application in relation to our Services.

10. CHANGES TO OUR PRIVACY POLICY

We may amend this policy from time to time by posting the updated policy to reflect updates to our Application, Services, business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy. If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

11. CONTACT US

If you have any questions, comments or requests regarding personal data, please address them to: support@debio.network

12. LANGUAGE

This privacy policy is made in both the English language and Indonesian language. In the event of any conflict between the English language version and the Indonesian language version of this privacy policy, the English language version will prevail.