Personal Information Protection Policy for the GDT website operated by Biozipcode, Inc. (Biozipcode Group)

Please note that the issuance and sale of Global Development Token (GDT) are conducted by Auring Ltd., a separate entity from Biozipcode, Inc. While Biozipcode, Inc. operates the GDT website and manages user information in accordance with this Privacy Policy, all token-related transactions—including allocation, pricing, and distribution—are the sole responsibility of Auring Ltd.

Auring Ltd. (Rodus Building, P.O. Box 3093, Road Town, Tortola, VG1110, British Virgin Islands.)

1. Scope of this Policy

This Privacy Policy applies to all personal information collected through the Global Development Token (“GDT”) website, token‑sale portals, and any related online services (collectively, the “Site”) provided by Biozipcode, Inc. (the “Company,” “we,” “our,” or “us”). It supplements any privacy clauses contained in the GDT White Paper and takes precedence over older versions.

2. Management of Personal Information

We maintain administrative, technical, and physical safeguards to keep personal information accurate, up‑to‑date, and protected against unauthorized access, loss, destruction, alteration, or leakage. Access is restricted to employees who require the data to perform their duties and who have received privacy and security training.

3. Categories of Data We Collect

4. Purpose of Use

We use personal information only for the purposes below and never beyond what is necessary:

1. Token‑Sale & Wallet Operations
   • Conduct KYC/AML checks and comply with the Travel Rule
   • Issue, transfer, burn, or stake GDT tokens and record transactions on‑chain
2. Customer Support & Business Communications
   • Respond to inquiries, provide technical assistance, and send important notices
3. Regulatory & Legal Compliance
   • Satisfy obligations under Japan’s Act on the Protection of Personal Information (APPI), the EU/UK GDPR, U.S. regulations, and other applicable laws
   • Cooperate with lawful requests from courts, regulators, or tax authorities
4. Security & Fraud Prevention
   • Monitor, detect, and prevent fraudulent or malicious activity affecting the Site, smart contracts, or token holders
5. Service Improvement & Analytics (aggregated or pseudonymized)
   • Analyze usage trends to enhance user experience, optimize page load times, and develop new utilities for GDT
6. Marketing (only with your explicit consent)
   • Send newsletters, event invitations, or promotional materials related to medical tourism, diagnostics, or future token utilities

5. Disclosure to Third Parties

We do not sell or rent personal information. We disclose it only:

• With Your Consent – when you authorize a specific disclosure
• Service Providers / Sub‑contractors – KYC vendors, cloud‑hosting providers, payment processors, and security auditors that process data under confidentiality agreements
• Regulators & Law‑Enforcement Agencies – when required by law, court order, or to enforce our Terms of Service
• Professional Advisors – lawyers, accountants, and auditors bound by confidentiality

Service providers may be located in jurisdictions such as Japan, the UAE, BVI, the U.S., or the EU. When transferring data internationally, we rely on adequacy decisions, contractual safeguards (Standard Contractual Clauses), or other lawful transfer mechanisms.

6. Security Measures

• AES‑256 encryption for data at rest and TLS for data in transit
• Multi‑factor authentication and role‑based access for internal systems
• Routine penetration tests and smart‑contract security audits
• Cold‑storage procedures for private keys and hardware‑wallet management

7. Data Retention

Identity, compliance, and transaction records are retained for the period required by financial, tax, and AML laws (typically five to seven years). Other data is deleted or anonymized once it is no longer necessary for the purposes stated above.

8. Your Rights

• Depending on your jurisdiction, you may have the right to:
• Access the personal information we hold about you
• Request correction or update of inaccurate data
• Request deletion or anonymization where legally permissible
• Object to or restrict certain processing activities
• Receive a copy of your data in a portable format (data portability)
• Withdraw consent at any time (marketing‑related processing)

Contact us as set out in Section 11; we will respond after verifying your identity.

9. Cookies & Similar Technologies

The Site uses cookies and local‑storage tools to remember preferences, perform analytics, and safeguard sessions. You can disable cookies in your browser; however, some Site functions—especially the token‑sale dashboard—may not work correctly.

10. Children’s Privacy

The Site is not directed to minors under 18. We do not knowingly collect personal information from anyone under 18; if we learn that we have inadvertently done so, we will delete it promptly.

11. Contact Information

Questions, requests, or complaints regarding personal information handling can be submitted via:

• E‑mail: privacy@gdt‑token.com
• Contact Form: gdt‑token.com/contact

Postal Address:
Privacy Office, Biozipcode, Inc.
6-2-6 Kojimachi, Chiyoda-ku, Tokyo 102-0083, PMO Kojimachi, 8th Floor.

12. Policy Changes

We review this Policy periodically to reflect technological advances, regulatory changes, or business needs. Updates become effective once posted on the Site; material changes will be announced via e‑mail or a Site banner. The revision date will appear at the top of the page.

Last updated: 30 July 2025