Privacy Policy

BitLease Technologies Ltd. A subsidiary of 49G Holding Incorporated in Abu Dhabi Global Market (ADGM)Registration No.: 34619

Last Updated: 21 March 2026

Effective Date: 21 March 2026

Version: 3.0

1. Introduction

1.1 About This Policy

BitLease Technologies Ltd. (“BitLease,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of your personal data. This Privacy Policy explains how we collect, use, store, share, protect, and delete your personal data when you access or use the BitLease platform, website, mobile application, APIs, and related services (collectively, the “Platform”).

We believe transparency is the foundation of trust, and this document is designed to give you a clear, complete picture of how your data is handled at every stage.

1.2 Who This Policy Applies To

This Policy applies to:

• Clients (Lessees): Individuals or entities entering into LTO Contracts
• Lessors (Capital Providers): Institutional entities entering into Investment Contracts
• Prospective Users: Individuals who register, begin onboarding, or submit inquiries but do not complete an LTO Contract
• Website Visitors: Individuals who visit our website without registering
• Partners and Vendors: Individuals representing partner or vendor organizations

1.3 Data Controller

BitLease Technologies Ltd. is the data controller for all personal data processed in connection with the Platform. We determine the purposes and means of processing your data and are accountable for its protection.

1.4 Applicable Law

We process your data in accordance with all applicable data protection legislation, including but not limited to:

• EU/EEA: General Data Protection Regulation (GDPR, Regulation (EU) 2016/679)
• UK: UK GDPR and the Data Protection Act 2018
• UAE/ADGM: ADGM Data Protection Regulations 2021
• UAE/DIFC: DIFC Data Protection Law (DIFC Law No. 5 of 2020) (where applicable)
• Singapore: Personal Data Protection Act 2012 (PDPA)
• Other jurisdictions: Applicable national data protection laws where BitLease operates or processes data

Where data protection requirements differ across jurisdictions, we apply the highest standard of protection applicable to the relevant data subject.

1.5 Nature of the Platform

BitLease is a structured digital asset financing platform that follows a business model based on a "Lease-to-Own" (LTO) structure, which is incorporated in ADGM as a subsidiary of 49G Holding. BitLease is not a cryptocurrency exchange, trading platform, or broker-dealer. It does not maintain an order book, allow peer-to-peer trading, or provide any spot, margin, or derivatives trading services. All "LTO" contracts are quoted in stablecoins. Any data processed through the platform is only used for purposes directly associated with structured financing, contract management, and operational activities, with no association with any trading/exchange activities.

1.6 US Persons

BitLease does not provide services to citizens, nationals, residents, or tax residents of the United States of America. If we determine that a user is a US person, their account will be restricted, and data will be handled in accordance with Section 6 (Retention) and applicable law.

2. Information We Collect

We collect only the information necessary to deliver, secure, and improve our services and to meet our legal obligations. Here is exactly what that includes.

2.1 Information You Provide Directly

Account Registration Data:

• Full legal name (as it appears on government-issued identification)
• Date of birth
• Nationality and citizenship(s)
• Country and address of residence
• Email address
• Phone number (mobile and/or landline)
• Account credentials (stored in encrypted, hashed form; BitLease cannot access your plain-text password)
• Preferred language and communication preferences

Identity Verification (KYC/KYB) Data:

• Government-issued identification documents: passport, national identity card, driver’s license, or residence permit
• Proof of address documents: utility bills (dated within 3 months), bank or financial institution statements, government correspondence, tenancy agreements
• Selfie or live photograph for facial recognition matching
• Biometric data: facial geometry data extracted during identity verification (processed by our verification partner, not stored by BitLease after verification completion; see Section 6)
• For Politically Exposed Persons (PEPs): declaration of PEP status, nature of public function, and associated persons
• Source of funds declaration: origin of the capital used for Down Payment and installments
• Source of wealth declaration (for Enhanced Due Diligence): explanation of overall wealth accumulation
• Employment status, employer name, and occupation (for affordability assessment purposes)

For Institutional Lessors (KYB):

• Certificate of incorporation or equivalent registration document
• Memorandum and articles of association (or equivalent constitutional documents)
• Register of directors and officers
• Beneficial ownership structure (down to individuals holding 10% or more, directly or indirectly)
• Authorized signatory documentation and powers of attorney
• Regulatory licenses and registrations
• Audited financial statements (most recent two fiscal years)
• AML/CFT policies and procedures (summary or attestation)

Financial and Transaction Data:

• LTO Contract details: asset type, quantity, Down Payment amount, installment schedule, contract duration, effective APR-equivalent
• Complete payment history: installments paid, dates, amounts, methods (all in stablecoins)
• Buyout records: date, asset valuation, deductions, surplus returned
• Full Settlement records: date, amount paid, ownership transfer confirmation
• Contract termination records: date, reason, settlement calculations, surplus returned
• LTO Wallet activity: deposits, withdrawals, balances
• Wallet addresses associated with your account (for ownership transfer purposes)
• Stablecoin transaction records
• LTO Staking Delegation preferences, yield records, and commission data
• Affordability assessment inputs and outcomes

Communications Data:

• Customer support tickets, emails, chat transcripts
• Complaint submissions and resolution correspondence
• Feedback forms, surveys, and testimonials
• Records of consent given or withdrawn
• Any other information you voluntarily provide

2.2 Information We Collect Automatically

Device and Technical Data:

• IP address (used for security, geolocation at country/region level, and fraud detection)
• Device type, manufacturer, model, and operating system version
• Browser type, version, and language settings
• Screen resolution and viewport dimensions
• Unique device identifiers (device ID, advertising ID)
• Network information (ISP, connection type)

Usage and Behavioral Data:

• Pages, screens, and features accessed
• Time spent on each page/screen
• Navigation paths and click/tap patterns
• Contract simulation interactions (assets viewed, terms explored, calculators used)
• Search queries within the Platform
• Login timestamps, session durations, and session frequency
• Error logs and crash reports
• Performance metrics (page load times, API response times)

Cookies and Similar Technologies: Detailed in Section 10.

2.3 Information From Third Parties

We do not purchase personal data from data brokers or third-party marketing lists.

3. How We Use Your Information

We process your data only for specified, explicit, and legitimate purposes. Each processing activity has a defined legal basis under applicable data protection law. Here is what that looks like in practice.

3.1 Contract Performance (GDPR Art. 6(1)(b) / Equivalent)

Processing necessary to perform our contract with you or to take pre-contractual steps at your request:

• Creating, verifying, and managing your account
• Processing LTO Contract applications and affordability assessments
• Executing LTO Contracts: asset acquisition, escrow, installment processing
• Administering active contracts: payment tracking, amortization, statement generation
• Processing Buyouts: asset valuation, deduction calculation, surplus return
• Processing Full Settlements: balance calculation, ownership transfer
• Processing contract terminations: settlement calculation, surplus return, final statements
• Calculating and displaying asset valuations using Platform Reference Prices
• Administering LTO Staking Delegation and yield distribution
• Providing customer support and resolving service issues
• Communicating contract-related information: payment reminders, due date notifications, contract status updates, settlement confirmations, ownership transfer confirmations
• Generating account statements and tax-relevant transaction summaries

3.2 Legal and Regulatory Compliance (GDPR Art. 6(1)(c) / Equivalent)

Processing necessary to comply with our legal obligations:

• KYC/KYB identity verification under AML/CTF regulations (FATF Recommendations, EU AMLD 5/6, UAE AML Law, UK MLR 2017, Singapore CDSA/TSOFA)
• Ongoing customer due diligence and periodic re-verification
• Enhanced Due Diligence for high-risk clients, PEPs, and high-value contracts
• Sanctions screening: initial and ongoing monitoring against all applicable sanctions lists
• Transaction monitoring: detecting suspicious patterns, filing Suspicious Transaction Reports (STRs) / Suspicious Activity Reports (SARs) with relevant Financial Intelligence Units (FIUs)
• Record-keeping as mandated by financial services regulations, leasing regulations, and AML law
• Tax reporting under Common Reporting Standard (CRS), Foreign Account Tax Compliance Act (FATCA), and jurisdiction-specific tax obligations
• Responding to lawful requests from regulatory authorities, law enforcement, and courts
• Compliance with data protection authorities’ requests and directions
• Meeting audit and inspection requirements imposed by financial regulators

3.3 Legitimate Interests (GDPR Art. 6(1)(f) / Equivalent)

Processing necessary for our legitimate interests, balanced against your rights and interests:

You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

3.4 Consent (GDPR Art. 6(1)(a) / Equivalent)

Processing based on your freely given, specific, informed, and unambiguous consent:

• Sending marketing communications about new products, features, or promotions
• Processing biometric data for identity verification (where consent is the appropriate legal basis)
• Setting non-essential cookies and tracking technologies
• Sharing data with partner organizations for co-marketing purposes
• Any other processing for which we specifically request your consent

Your right to withdraw: You may withdraw consent at any time by (i) updating your preferences in Platform settings; (ii) clicking “unsubscribe” in marketing emails; or (iii) contacting privacy@bitlease.com

Withdrawal does not affect the lawfulness of processing performed before withdrawal. Withdrawing marketing consent will not affect your access to the Platform or your LTO Contracts.

4. Data Sharing and Disclosure

4.1 Foundational Principle

BitLease does not sell, rent, or trade your personal data. Under no circumstances.

We share your information only as described below, and only to the minimum extent necessary for the specified purpose.

4.2 Service Providers (Data Processors)

We engage carefully selected third-party service providers who process data on our behalf:

All service providers are bound by Data Processing Agreements (DPAs) requiring them to:

1. Process data only on our documented instructions;
2. Implement appropriate technical and organizational security measures;
3. Maintain confidentiality;
4. Assist with data subject rights requests;
5. Delete or return data upon termination of the processing agreement;
6. Submit to audits and inspections.

4.3 Regulatory and Legal Disclosure

We may be required to disclose your data to:

1. Financial regulatory authorities: VARA, MiCA-designated authorities, FCA, MAS, or equivalent bodies, in response to supervisory requests, examinations, or investigations;
2. Financial Intelligence Units: For STR/SAR filing under AML obligations. Note: we are legally prohibited from informing you if an STR/SAR has been filed (tipping-off prohibition);
3. Tax authorities: Under CRS, FATCA, and jurisdiction-specific tax reporting obligations;
4. Law enforcement: In response to valid legal process (court orders, warrants, subpoenas) related to criminal investigations;
5. Courts and tribunals: In connection with legal proceedings;
6. Insolvency practitioners: If required in connection with insolvency proceedings, to the extent permitted by law.

Where legally permitted, we will notify you of regulatory or legal requests involving your data.

4.4 Client-Lessor Data Separation: An Absolute Firewall

This section reflects the fundamental architecture of the BitLease model and is central to how we protect your privacy:

Client data and Lessor data are permanently, structurally, and irrevocably separated.

1. No Client personal data is shared with any Lessor. Not names, not identifiers, not transaction details, not contract terms, not payment history. Nothing;
2. No Lessor personal data is shared with any Client.
3. Lessors receive only aggregated, anonymized, non-reversible portfolio performance metrics necessary for their investment contracts. These metrics cannot be disaggregated to identify individual Clients.
4. This separation is enforced at the database architecture level, not merely by policy. Client records and Lessor records exist in logically separated data stores with independent access controls.
5. No BitLease employee has simultaneous access to both client-identifying and lessor-identifying data in connection with the same transaction. Operational roles are segregated accordingly.

This firewall mirrors the confidentiality protections that banks maintain between depositor data and borrower data. A Client of a bank does not know which depositors’ funds were used for their loan, and the reverse is equally true. BitLease applies the same principle with additional technical enforcement.

4.5 No Data Sharing for Trading, Exchange, or Market-Making Purposes

Because BitLease is not an exchange, broker, or market maker:

1. We do not share your data with any trading counterparties, exchanges, liquidity providers, market makers, or order-flow purchasers.
2. We do not sell or provide your transaction data, order data (we have no orders), or behavioral data to any third party for trading, analytics, or market intelligence purposes.
3. Your data is used exclusively for LTO contract administration, regulatory compliance, solvency operations, and platform improvement.

4.6 Corporate Transactions

In the event of a merger, acquisition, corporate restructuring, or substantial asset sale:

1. Your data may be transferred to the successor entity as part of the transaction.
2. You will be notified at least thirty (30) days before the transfer takes effect;
3. The successor entity will be bound by the terms of this Privacy Policy until it publishes its own policy, which must provide equivalent or greater protection.
4. You will have the opportunity to delete your account before the transfer, subject to legal retention obligations and active contract settlement.

5. International Data Transfers

5.1 Overview

BitLease operates globally and may transfer your data to countries with different data protection standards than your country of residence. We ensure that all international transfers are protected by appropriate safeguards.

5.2 Transfer Mechanisms

5.3 Transfer Impact Assessments

Before transferring data to a new jurisdiction, we conduct a Transfer Impact Assessment evaluating the legal framework, government access practices, and enforceability of data subject rights in the destination country. Where risks are identified, we implement supplementary technical measures (such as encryption and pseudonymization) to mitigate those risks.

6. Data Retention

6.1 Principles

We retain your data only as long as necessary for the purposes for which it was collected, or as required by law. When retention is no longer justified, data is securely deleted or irreversibly anonymized.

6.2 Retention Schedule

6.3 Deletion and Anonymization

Upon expiry of the retention period:

1. Personal data is securely deleted using industry-standard methods (cryptographic erasure for encrypted data; secure overwriting for unencrypted data);
2. Where full deletion is not technically feasible (e.g., backup systems), data is isolated from active processing and deleted at the next scheduled backup rotation;
3. Where data has ongoing statistical or analytical value, it is irreversibly anonymized such that no individual can be identified directly or indirectly. The anonymized data is retained only for as long as needed.

7. Data Security

7.1 Our Commitment

Your data protection is not just an exercise in compliance, but an integral part of the trust that underpins the BitLease concept. Without trust in data security from both the Clients and the Lessors, the Direct Counterparty model cannot function effectively. Security has been designed into the system, rather than being an afterthought.

7.2 Technical Security Measures

Encryption:

• All data is encrypted at rest using AES-256
• All data is encrypted in transit using TLS 1.3
• Digital asset private keys secured via MPC (Fireblocks), never stored whole
• Database-level encryption with customer-managed encryption keys (CMEK), where available

Access Security:

• Multi-factor authentication (MFA) is mandatory for all user accounts and all internal staff accounts
• Hardware Security Modules (HSMs) for cryptographic key management
• Role-based access controls (RBAC) with the principle of least privilege
• Privileged access management (PAM) for administrative access
• Just-in-time (JIT) access provisioning for sensitive operations

Infrastructure Security:

• 24/7 Security Operations Center (SOC) monitoring
• Intrusion detection and prevention systems (IDS/IPS)
• Web application firewalls (WAF) and DDoS mitigation
• Network segmentation and micro-segmentation
• Regular vulnerability scanning (automated, continuous)

Testing and Audit:

• Annual penetration testing by independent, certified security firms
• Regular red team exercises
• Continuous automated security scanning
• SOC 2 Type II audit program
• Periodic third-party security assessments

7.3 Organizational Security Measures

• Mandatory security awareness training for all employees (onboarding + annual)
• Background checks for all employees with access to personal data
• Confidentiality and non-disclosure agreements for all staff and contractors
• Clean desk and clear screen policies
• Segregation of duties (especially between Client-facing and Lessor-facing teams)
• Documented security policies, reviewed and updated annually
• Supply chain security assessments for all service providers

7.4 Data Breach Response

We maintain a documented incident response plan compliant with applicable notification requirements:

Detection: Continuous monitoring with automated alerting for potential breaches.

Assessment: Rapid assessment of scope, severity, and affected data subjects within 24 hours of detection.

Notification:

1. Regulatory notification: Within 72 hours of a confirmed breach to the relevant supervisory authority (per GDPR Art. 33; equivalent timelines under UK DPA, DIFC DPL, PDPA);
2. Individual notification: Without undue delay where the breach poses a high risk to your rights and freedoms (per GDPR Art. 34; equivalent requirements);
3. Content: Notifications include: nature of the breach, categories and approximate number of data subjects affected, likely consequences, measures taken and proposed, and contact point for further information.

Remediation: Root cause analysis, containment, remediation, and preventive measures.

Documentation: All breaches, including those not requiring notification, are logged in an internal breach register with full documentation.

8. Your Rights

8.1 Overview

Depending on your jurisdiction and applicable law, you have a range of rights regarding your personal data. We are committed to facilitating the exercise of these rights promptly and free of charge (unless requests are manifestly unfounded or excessive).

8.2 Rights Applicable in All Jurisdictions Where We Operate

Right of Access (GDPR Art. 15; PDPA s.21; DIFC DPL Art. 33): You may request confirmation of whether we process your data, a copy of that data, and information about how it is processed. We will provide this in a structured, commonly used format.

Right to Rectification (GDPR Art. 16; PDPA s.22; DIFC DPL Art. 34): You may request correction of inaccurate data or completion of incomplete data. We will correct verified inaccuracies without undue delay.

Right to Erasure / “Right to be Forgotten” (GDPR Art. 17; DIFC DPL Art. 35): You may request deletion of your data. We will comply unless retention is required by law. There are specific limitations you should be aware of:

1. KYC/AML records: Cannot be deleted during the mandatory 7-year retention period (or longer as required by jurisdiction). This is a legal obligation that overrides the right to erasure.
2. Transaction records: Cannot be deleted during the 10-year retention period;
3. STR/SAR records: Cannot be deleted without regulatory approval;
4. Active contract data: Cannot be deleted while an LTO Contract is active.
5. We will inform you of any restrictions and their legal basis.

Right to Restrict Processing (GDPR Art. 18; DIFC DPL Art. 36): You may request restriction of processing while (i) you contest accuracy; (ii) processing is unlawful but you prefer restriction over deletion; (iii) we no longer need the data but you require it for legal claims; or (iv) you have objected to processing pending verification.

Right to Data Portability (GDPR Art. 20; DIFC DPL Art. 38): You may receive your data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller. This applies to data you provided to us, processed by automated means, based on consent or contract.

Right to Object (GDPR Art. 21; DIFC DPL Art. 37): You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds. You have an absolute right to object to direct marketing at any time.

Rights Related to Automated Decision-Making (GDPR Art. 22; DIFC DPL Art. 40): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Where we use automated decision-making (e.g., in affordability assessments or risk scoring):

1. We inform you that automated processing is used.
2. We explain the logic involved in general terms.
3. You may request human review of the automated decision.
4. You may express your point of view and contest the decision.

Right to Withdraw Consent: Where processing is based on consent, withdrawal is available at any time via platform settings or by contacting us.

Right to Lodge a Complaint: You may file a complaint with the relevant supervisory authority:

• EU/EEA: Your national Data Protection Authority (list at edpb.europa.eu)
• UK: Information Commissioner’s Office (ICO), ico.org.uk
• UAE/ADGM: ADGM Registration Authority, adgm.com
• UAE/DIFC: Commissioner of Data Protection, at edpb.europa.eu (where applicable)
• Singapore: Personal Data Protection Commission (PDPC), pdpc.gov.sg

8.3 How to Exercise Your Rights

Submit a request: privacy@bitlease.com or through the Privacy section in your platform settings.

Identity verification: We will verify your identity before processing any request. This is to protect your data from unauthorized access. We may ask for additional verification if the request is sensitive or unusual.

Response timeline:

• Acknowledgment: Within 5 business days
• Substantive response: Within 30 calendar days (GDPR, UK GDPR, DIFC) or 30 business days (PDPA)
• Extension: If the request is complex, we may extend by an additional 60 calendar days (GDPR) or as permitted, with a written explanation provided within the initial 30-day period

Cost: Free, unless requests are manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse, with explanation).

9. Financial Data Protection: Enhanced Safeguards

Given the financial nature of BitLease’s services, we apply protections that go beyond standard data protection requirements.

9.1 Banking-Grade Confidentiality

Although BitLease is not a bank, we apply confidentiality standards equivalent to banking secrecy. obligations:

1. Your financial data, contract terms, payment history, and portfolio details are treated as strictly confidential;
2. Access to financial data is restricted to authorized personnel on a need-to-know basis;
3. Financial data is never used for marketing purposes without your explicit consent.
4. Financial data is never shared with third parties except as strictly necessary for service delivery or legal compliance.

9.2 PCI DSS Compliance

Where applicable, BitLease complies with Payment Card Industry Data Security Standard (PCI DSS) requirements. Credit/debit card numbers are never stored on BitLease systems. They are tokenized by our PCI-compliant payment processor.

9.3 Transaction Monitoring and Privacy

In compliance with AML regulations, BitLease conducts ongoing automated transaction monitoring.

1. Monitoring is performed using rule-based and AI-assisted systems.
2. Monitoring is designed to detect potentially suspicious patterns, not to profile individuals for commercial purposes.
3. Where monitoring flags a transaction, trained compliance personnel conduct a manual review;
4. If a Suspicious Transaction Report (STR/SAR) is filed, we are legally prohibited from informing you (tipping-off prohibition under AML law);
5. Monitoring data is retained per AML record-keeping requirements (Section 6.2).

9.4 Platform Reference Price Data

Platform reference prices displayed to you are proprietary to BitLease:

1. Your individual pricing interactions are not shared with external parties.
2. Aggregated, fully anonymized pricing and volume data may be used for internal analytics, HyperHedge™ calibration, and regulatory reporting.
3. BitLease does not sell pricing data or user interaction data to any third party.

9.5 Affordability Assessment Data

Data collected for affordability assessments is:

1. Used solely for the purpose of assessing the suitability of the proposed LTO Contract;
2. Not shared with credit bureaus unless required by applicable law and disclosed to you;
3. Not used for marketing or cross-selling purposes;
4. Retained per the retention schedule in Section 6.2.

10. Cookies and Tracking Technologies

10.1 What We Use

10.2 Third-Party Analytics

We use [e.g., Google Analytics / Mixpanel / equivalent] with the following privacy protections:

1. IP anonymization enabled.
2. Data sharing with the analytics provider is limited to aggregated metrics.
3. No cross-site tracking;
4. User-level data is deleted after 14 months.

10.3 Managing Your Preferences

You can manage cookies via:

1. The cookie consent banner is displayed on the first visit.
2. The cookie settings panel is accessible at any time from the Platform footer.
3. Your browser settings (note: disabling essential cookies may prevent Platform use).

10.4 Do Not Track

BitLease honors the browser's “Do Not Track” (DNT) signals. When DNT is enabled, all non-essential tracking is disabled.

11. Special Categories and Sensitive Data

11.1 General Rule

BitLease does not intentionally collect special category data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, health data, sexual orientation) unless necessary for a specific, disclosed purpose.

11.2 Biometric Data

Facial geometry data collected during identity verification:

1. Is processed solely for the purpose of matching your face to your identity document;
2. Is processed by our verification partner, not by BitLease directly.
3. Is deleted immediately after verification is complete (match confirmed or rejected);
4. Is not retained by BitLease in any form;
5. Processing is based on your explicit consent (where required) or contractual necessity.

11.3 Data Revealing Other Sensitive Information

We acknowledge that certain non-sensitive data may indirectly reveal sensitive information (e.g., nationality may correlate with ethnicity). We apply the principle of data minimization and do not draw inferences from such data beyond what is necessary for our stated purposes.

12. Children’s Privacy

The Platform is restricted to individuals aged eighteen (18) or above, or the age of legal majority in their jurisdiction, whichever is greater. We do not knowingly collect data from minors. If we discover that data has been collected from a minor:

1. The data will be deleted promptly.
2. Any associated account will be terminated.
3. Any active LTO contract will be handled in accordance with applicable law regarding contracts with minors.

13. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services. We are not responsible for their privacy practices. We encourage you to review the privacy policy of any third-party service before providing personal data. Links to third parties do not constitute endorsement by BitLease.

14. Data Protection Officer

BitLease has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this policy and applicable data protection law.

Contact the DPO: Email: dpo@bitlease.com Postal: Data Protection Officer, BitLease Technologies Ltd., [Registered Address]

The DPO can be contacted directly by any data subject and operates with independence from business operations, as required by applicable law.

15. Changes to This Privacy Policy

15.1 Notification

Material changes to this policy will be communicated via

1. Email notification to the address associated with your account.
2. Prominent notice on the Platform;
3. At least thirty (30) days before the effective date.

15.2 Consent Refresh

Where changes materially affect the legal basis or scope of processing, we will seek renewed consent where required by law.

15.3 Version History

Previous versions of this Policy are available upon request from privacy@bitlease.com.

16. Contact Information

BitLease Technologies Ltd. A subsidiary of 49G Holding Ltd. Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates

ADGM Registration No.: 34619

Website: www.bitlease.com