7K

Tietosuojakäytäntö

Versio: 1.0Päivämäärä: Feb 05, 2026

PRIVACY AND PERSONAL DATA PROTECTION POLICY.

NovaWave Technology N.V.

Domain: www.fi.7k.bet

Date: 28 January 2026

1. General statement and commitment to data protection.

This Privacy and Personal Data Protection Policy sets forth the principles, obligations and operational guidelines adopted by NovaWave Technology N.V. in relation to the processing of personal data carried out through the domain www.fi.7k.bet. NovaWave recognizes that the protection of personal data is a fundamental right and an essential element of trust in digital services, particularly in environments that involve user registration, online interaction, authentication mechanisms, financial transactions and security monitoring.

NovaWave is fully committed to conducting all personal data processing activities in a lawful, fair and transparent manner, strictly in accordance with the General Data Protection Regulation and the applicable data protection legislation in force in Finland. This Policy reflects NovaWave’s internal governance framework for privacy and data protection and demonstrates its commitment to accountability, proportionality, security and respect for the rights and freedoms of natural persons.

2. Applicable legal framework.

All personal data processing activities performed by NovaWave in connection with the operation of the website www.fi.7k.bet are governed by Regulation (EU) 2016/679, the General Data Protection Regulation, which applies directly and uniformly throughout the European Union and the European Economic Area, including Finland.

In addition to the GDPR, NovaWave complies with the Finnish Data Protection Act 1050/2018, which supplements the GDPR at national level and establishes specific provisions concerning supervision, remedies, procedures and certain national options permitted under European law.

Where personal data processing involves the storage of information or access to information stored on the user’s terminal equipment, such as through cookies or similar technologies, NovaWave also observes the applicable Finnish legislation on electronic communications and privacy in digital services, including the Act on Electronic Communications Services and related regulatory guidance issued by Finnish authorities.

3. Identification of the data controller.

For the purposes of the GDPR and applicable Finnish data protection legislation, the data controller responsible for determining the purposes and means of the processing of personal data described in this Policy is:

NovaWave Technology N.V., a limited liability company duly registered with the Curaçao Chamber of Commerce and Industry under registration number 162293, with its registered address at Schottegatweg Oost 10, Unit 1-9, Bon Bini Business Center, Curaçao.

NovaWave acts as the central entity responsible for defining data protection policies, ensuring compliance with applicable laws, implementing technical and organizational measures and responding to data subject requests relating to the processing of personal data carried out through www.fi.7k.bet.

4. Scope of this Policy.

This Policy applies to all personal data processing activities carried out by NovaWave in connection with the provision, administration, maintenance and security of the services made available through the domain www.fi.7k.bet. It applies to all users, visitors, customers, partners and any other individuals whose personal data is processed in the context of these services.

The Policy applies regardless of the form or medium through which personal data is collected, whether online or offline, whether provided directly by the data subject or obtained indirectly from authorized third parties, and regardless of the technologies or systems used for processing.

This Policy must be read together with other contractual or informational documents published by NovaWave, including terms and conditions and specific notices, without prejudice to the primacy of mandatory data protection laws.

5. Types of personal data processed.

Depending on the nature of the relationship established with the data subject and the functionalities used on www.fi.7k.bet, NovaWave may process different categories of personal data.

Personal data provided directly by users may include identification data such as full name, date of birth, nationality and preferred language, as well as account-related data such as username, authentication credentials and account settings. Contact data such as email address, telephone number and residential address may also be processed for communication and support purposes.

Where required for security, compliance or verification purposes, NovaWave may process verification data, including copies or extracts of identification documents, proof of address, age verification information and payment-related verification data. Such processing is strictly limited to what is necessary to meet legal, regulatory and contractual requirements.

During the use of the website, NovaWave may automatically process technical and usage data, including IP address, device identifiers, browser and operating system information, access timestamps, navigation data, interaction logs and approximate location data derived from technical parameters. This information is used primarily to ensure service stability, prevent fraud, detect security incidents and improve the overall performance and reliability of the platform.

In certain circumstances, NovaWave may also receive personal data from third-party service providers, such as payment service providers, identity verification partners, fraud prevention services or analytics providers, always subject to appropriate contractual arrangements and legal safeguards.

6. Purposes of processing and legal grounds.

NovaWave processes personal data exclusively for specific and legitimate purposes and always on the basis of one or more lawful grounds provided for under the GDPR.

Personal data is processed to perform contractual obligations entered into with users, including the creation and management of user accounts, authentication and access control, provision of services requested by the user, processing of transactions and delivery of customer support.

Personal data is also processed to comply with legal obligations to which NovaWave is subject, including obligations related to security, record keeping, auditing, prevention of unlawful activities and compliance with lawful requests from competent authorities.

For purposes related to the protection of NovaWave’s infrastructure, users and services, personal data may be processed on the basis of NovaWave’s legitimate interests, including the prevention of fraud, detection of suspicious behavior, enforcement of contractual terms, cybersecurity monitoring and protection of systems against misuse or abuse.

Where processing activities are not strictly necessary for contractual performance or legal compliance, such as certain analytics or marketing activities, NovaWave relies on the data subject’s consent, which may be withdrawn at any time in accordance with applicable law.

7. Processing of children’s data and age requirements.

NovaWave does not intentionally target or provide its services to individuals who do not meet the applicable legal age requirements.

Under Finnish law, where the processing of personal data is based on consent in relation to the direct offering of information society services to a child, the minimum age for valid consent is thirteen years. Where this threshold is not met, consent must be provided or authorized by a holder of parental responsibility.

NovaWave reserves the right to implement appropriate age verification mechanisms and to restrict, suspend or terminate access to the services where age requirements are not satisfied or where inaccurate information has been provided.

8. Disclosure and sharing of personal data.

Personal data processed by NovaWave may be shared with third parties only where such sharing is necessary for the purposes described in this Policy and where appropriate safeguards are in place.

Such recipients may include service providers acting as data processors on behalf of NovaWave, including hosting providers, payment processors, identity verification services, customer support platforms, analytics providers, security vendors and professional advisors. All such parties are contractually bound to process personal data solely on NovaWave’s instructions and in compliance with applicable data protection laws.

Personal data may also be disclosed to public authorities, courts or law enforcement bodies where such disclosure is required by law or is necessary for the establishment, exercise or defense of legal claims.

NovaWave does not engage in the sale of personal data.

9. International transfers of personal data.

Due to the international nature of NovaWave’s corporate structure and service provider network, personal data may be transferred to and processed in jurisdictions outside Finland and outside the European Economic Area.

In all cases of international data transfers, NovaWave ensures that appropriate legal mechanisms and safeguards are implemented in accordance with the GDPR, including the use of adequacy decisions, standard contractual clauses approved by the European Commission and supplementary technical and organizational measures designed to ensure an equivalent level of data protection.

10. Data retention and storage principles.

NovaWave retains personal data only for as long as necessary to achieve the purposes for which it was collected and processed, taking into account legal, regulatory, contractual and operational requirements.

Retention periods vary depending on the nature of the data and the applicable obligations. Once personal data is no longer required, it is securely deleted, anonymized or otherwise rendered irreversibly inaccessible, unless continued retention is required by law.

11. Use of cookies and similar technologies.

The website www.fi.7k.bet uses cookies and similar technologies to ensure proper technical functionality, enhance security, remember user preferences and analyze website performance.

In accordance with Finnish legislation, non-essential cookies and similar technologies are used only after users have been provided with clear and comprehensive information and, where required, have given their consent. Users may manage their preferences through available tools and browser settings.

12. Information security and breach management.

NovaWave implements appropriate technical and organizational security measures designed to protect personal data against unauthorized access, accidental loss, alteration or disclosure. These measures are proportionate to the risks associated with the processing activities and are subject to regular review.

In the event of a personal data breach, NovaWave applies internal incident response procedures to assess the impact and, where required by law, notify the competent supervisory authority and affected data subjects within the legally prescribed timeframes.

13. Rights of data subjects.

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) and the Finnish Data Protection Act (Act 1050/2018), NovaWave recognizes and fully respects the rights of data subjects as fundamental elements of the lawful, fair and transparent processing of personal data. The exercise of these rights is directly connected to the core data protection principles established by the GDPR, including the principles of lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

Data subjects have the right to obtain confirmation as to whether or not their personal data is being processed by NovaWave and, where that is the case, the right to access such personal data. This right of access includes the ability to receive clear and comprehensive information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, as well as information about the existence of automated decision-making processes, where applicable. The right of access is intended to ensure transparency and to enable data subjects to verify the lawfulness of the processing.

Data subjects also have the right to request the rectification of inaccurate personal data concerning them without undue delay, as well as the right to have incomplete personal data completed, taking into account the purposes of the processing. This right reflects the principle of accuracy and ensures that personal data processed by NovaWave remains correct, up to date and relevant.

Under the conditions established by the GDPR, data subjects may request the erasure of their personal data, commonly referred to as the “right to be forgotten”. This right applies, for example, where personal data is no longer necessary in relation to the purposes for which it was collected or processed, where the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing, or where the personal data has been unlawfully processed. The exercise of this right is subject to legal and regulatory exceptions, including situations where retention is required to comply with a legal obligation or to establish, exercise or defend legal claims.

Data subjects have the right to request the restriction of the processing of their personal data in certain circumstances, such as where the accuracy of the personal data is contested, where the processing is unlawful and the data subject opposes erasure, or where the data is no longer needed by NovaWave but is required by the data subject for the establishment, exercise or defense of legal claims. When processing is restricted, the personal data may, with the exception of storage, only be processed with the data subject’s consent or for limited legally permitted purposes.

Where the processing of personal data is based on legitimate interests, data subjects have the right to object at any time to such processing on grounds relating to their particular situation. NovaWave will then assess whether it has compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or whether the processing is necessary for the establishment, exercise or defense of legal claims. Data subjects also have an unconditional right to object to the processing of their personal data for direct marketing purposes.

Where applicable, and where the processing is based on consent or on a contract and is carried out by automated means, data subjects have the right to data portability. This right allows data subjects to receive their personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller, where technically feasible, without hindrance from NovaWave. The purpose of this right is to strengthen user control over personal data and promote interoperability between services.

When the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal and does not apply where processing is based on another lawful ground provided for under the GDPR.

All requests relating to the exercise of data subject rights may be submitted through the contact channels made available by NovaWave. Such requests will be handled in a transparent, diligent and timely manner, in accordance with the procedures and time limits established by the GDPR and Finnish data protection law. NovaWave may request additional information to verify the identity of the requester in order to ensure the security and confidentiality of personal data and to prevent unauthorized disclosure.

14. Amendments to this Policy.

NovaWave may update this Privacy and Personal Data Protection Policy to reflect changes in applicable legislation, regulatory guidance, technological developments or internal practices. Any updated version will be published on www.fi.7k.bet and will indicate the date on which it becomes effective.

GLOSSARY:

Personal data means any information relating to an identified or identifiable natural person, including information that can directly or indirectly identify an individual by reference to identifiers such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processing refers to any operation or set of operations performed on personal data, whether by automated means or not, including but not limited to collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure or destruction of personal data.

Data subject is the identified or identifiable natural person to whom the personal data relates and whose data is processed by the data controller in the context of the services provided.

Data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller and strictly in accordance with its documented instructions.

GDPR refers to Regulation (EU) 2016/679 of the European Parliament and of the Council, known as the General Data Protection Regulation, which establishes the legal framework for the protection of personal data within the European Union and the European Economic Area.

Finnish Data Protection Act refers to Act 1050/2018 of Finland, which supplements and specifies the application of the GDPR at national level, including provisions on supervision, procedures and remedies.

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.