Privacy Policy

Article I: Binding Nature and Incorporation

1.1 Binding Contract and Incorporation by Reference

This Policy constitutes a legally binding agreement between CLÖCKH and each User of the Platform. This Policy is incorporated by reference into the CLÖCKH Terms of Service (the "Terms"), which Terms are available at getclockh.com/terms and govern Users' access to and use of the Platform. By creating an Account, accessing the Platform, submitting information via the Platform, or otherwise using any Platform features or services, Users expressly acknowledge that they have read, understood, and agree to be bound by this Policy in its entirety. References to "you," "your," or "User" throughout this Policy refer to the individual or entity accessing or using the Platform.

1.2 Scope and Application

This Policy applies to all Personal Information collected by CLÖCKH through or in connection with the Platform, including but not limited to: (a) information provided directly by Users during account creation, profile completion, transaction processing, or communications; (b) information collected automatically through Users' interactions with the Platform, including device information, usage patterns, and telemetry data; (c) information obtained from third-party sources including identity verification services, payment processors, social media platforms, and public records databases; and (d) information derived or inferred from analysis of collected data. This Policy does not apply to information collected by third-party websites, applications, or services linked from the Platform, which third-party sites and services are governed by their own privacy policies.

1.3 Mandatory Arbitration and Dispute Resolution

1.4 Amendments and Updates

CLÖCKH reserves the right, in its sole and absolute discretion, to modify, amend, supplement, or replace this Policy at any time to reflect changes in data practices, legal or regulatory requirements, technological capabilities, business operations, or for any other reason deemed appropriate. Material changes to this Policy shall be communicated to Users via: (a) email notification sent to the email address associated with the User's Account; (b) prominent in-app notification or banner displayed upon the User's next login or Platform access; or (c) prominent notice on the CLÖCKH website homepage at getclockh.com. Material changes shall take effect thirty (30) calendar days following notice to Users unless: (i) a shorter period is required by law or regulation; (ii) the change is necessary for immediate implementation due to security, fraud prevention, or legal compliance needs; or (iii) the change is favorable to Users and CLÖCKH elects to implement immediately. Users' continued use of the Platform following the effective date of amendments constitutes express acceptance of the amended Policy.

Article II: Definitions and Interpretation

2.1 Defined Terms

To ensure precision, clarity, and legal enforceability, the following capitalized terms shall have the meanings ascribed to them throughout this Policy:

(a) "Account" means the User profile and associated credentials (username, password, authentication factors) created by a User to access and use the Platform, which Account may contain both a Client Profile and a Service Provider Profile.

(b) "Aggregated Data" means data that has been combined, compiled, or summarized from multiple sources or individuals in such manner that it no longer identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to, any specific individual. Aggregated Data is not considered Personal Information under this Policy and may be used by CLÖCKH without restriction for purposes including but not limited to research, analytics, product development, and marketing.

(c) "Anonymized Data" means data that has been processed using technical and organizational measures to ensure that the data can no longer be attributed to a specific data subject without use of additional information, where such additional information is kept separately and is subject to technical and organizational measures to ensure non-attribution. Anonymized Data is not considered Personal Information under this Policy.

(d) "Cookies" means small text files, typically containing a unique identifier string, placed on a User's device (computer, smartphone, tablet) by a web server for purposes of storing information that can be retrieved by the originating server or by other servers authorized to access the cookie. Cookies may be session cookies (which expire when the User closes their browser) or persistent cookies (which remain on the device for a specified period or until manually deleted).

(e) "Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information. For purposes of this Policy, GDPR, and T&T DPA, Zaboca Holdings Inc. is the Data Controller with respect to all Personal Information collected via the Platform.

(f) "Data Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Information on behalf of the Data Controller. Caimite Technologies Limited acts as a Data Processor with respect to certain data processing activities conducted on behalf of Zaboca Holdings Inc.

(g) "Data Subject" means an identified or identifiable natural person whose Personal Information is collected, processed, stored, or transmitted by CLÖCKH. For purposes of this Policy, "Data Subject" is synonymous with "User" when referring to individuals whose Personal Information CLÖCKH processes.

(h) "Personal Information" means any information relating to an identified or identifiable natural person ("Data Subject"), including but not limited to: name, email address, postal address, phone number, date of birth, government-issued identification numbers, financial account information, payment card information, biometric information, IP addresses, device identifiers, geolocation data, employment information, education information, professional credentials, transaction history, browsing history, communications, User Content, and any other information that alone or in combination with other information can be used to identify, contact, or locate an individual or to identify an individual in context.

(i) "Platform" means the CLÖCKH online marketplace platform, including the websites accessible at getclockh.com (marketing site) and clockh.co (application interface), the CLÖCKH mobile applications (iOS and Android), the CLÖCKH desktop applications, and all associated software, technology, infrastructure, interfaces, tools, features, functionality, content, and services provided by CLÖCKH via any medium.

(j) "Processing" or "Process" means any operation or set of operations performed on Personal Information, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.

(k) "Sensitive Personal Information" means Personal Information that reveals or relates to: (i) racial or ethnic origin, religious or philosophical beliefs, political opinions, or trade union membership; (ii) genetic data or biometric data processed for the purpose of uniquely identifying a natural person; (iii) health data or data concerning a natural person's sex life or sexual orientation; (iv) government-issued identification numbers such as Social Security numbers, driver's license numbers, or passport numbers; (v) financial account numbers, credit card numbers, debit card numbers, or security codes or access codes; (vi) precise geolocation data; or (vii) any other category of information designated as "sensitive" under applicable data protection laws.

(l) "Third-Party Service Provider" means any natural or legal person, other than CLÖCKH or Caimite Technologies Limited, that provides services to CLÖCKH or that CLÖCKH integrates with the Platform, including but not limited to payment processors, identity verification services, background check services, cloud hosting providers, analytics providers, customer support platforms, and communication service providers.

(m) "User Content" means any content, materials, information, data, text, images, photographs, graphics, videos, audio, messages, communications, reviews, ratings, or other materials of any kind that Users submit, post, upload, transmit, display, or otherwise make available via the Platform.

2.2 Interpretation

In the interpretation and construction of this Policy: (a) article, section, and subsection headings are provided for convenience and ease of reference only and shall not affect interpretation; (b) the singular includes the plural and vice versa, and each gender includes all genders; (c) the words "including," "includes," "such as," or similar phrases shall be deemed to mean "including but not limited to"; (d) references to laws, regulations, or statutes include all amendments, supplements, and successor provisions; (e) "writing" and "written" include electronic communications; and (f) this Policy shall be construed as if drafted jointly by the parties.

Article III: Data Controller and Processor Roles

3.1 Data Controller Designation

Zaboca Holdings Inc. is the Data Controller for all Personal Information collected via the Platform and is responsible for determining the purposes and means of Processing Personal Information. Zaboca Holdings Inc. is responsible for compliance with all applicable data protection laws and regulations, including GDPR, CCPA/CPRA, and T&T DPA.

3.2 Data Processor Designation

Caimite Technologies Limited, a wholly-owned subsidiary of Zaboca Holdings Inc., acts as a Data Processor with respect to certain data processing activities conducted on behalf of Zaboca Holdings Inc., including but not limited to: (a) regional technical operations and infrastructure management; (b) user support and customer service; (c) data storage and backup services; and (d) such other processing activities as may be directed by Zaboca Holdings Inc. from time to time. Caimite Technologies Limited processes Personal Information solely on behalf of and under the instructions of Zaboca Holdings Inc. and does not determine the purposes or means of Processing.

3.3 Data Processing Agreement

The relationship between Zaboca Holdings Inc. (Data Controller) and Caimite Technologies Limited (Data Processor) is governed by a written Data Processing Agreement that complies with GDPR Article 28 and other applicable data protection laws. The Data Processing Agreement sets forth the subject matter, duration, nature, and purpose of the processing; the types of Personal Information processed; the categories of Data Subjects; the obligations and rights of the Data Controller; and the Data Processor's obligations regarding confidentiality, security, sub-processing, data subject rights, data breach notification, and deletion or return of Personal Information upon termination.

3.4 Third-Party Processors

CLÖCKH engages Third-Party Service Providers to perform certain data processing activities on behalf of CLÖCKH. All Third-Party Service Providers that process Personal Information on behalf of CLÖCKH are contractually bound to process Personal Information in accordance with CLÖCKH's instructions, to implement appropriate technical and organizational security measures, to assist CLÖCKH in responding to data subject requests, to notify CLÖCKH of data breaches, and to comply with applicable data protection laws. CLÖCKH remains responsible for the acts and omissions of its Third-Party Service Providers to the extent required by applicable law.

3.5 Contact Information for Data Controller

For inquiries, requests, or complaints regarding CLÖCKH's processing of Personal Information or regarding this Policy, Users may contact CLÖCKH's Data Protection Officer at:

Data Protection Officer
Zaboca Holdings Inc.
Email: privacy@zaboca.org
Address: c/o registered agent, Delaware

Article IV: Categories of Personal Information Collected

4.1 Account and Profile Information

When Users create an Account or complete a profile on the Platform, CLÖCKH collects the following categories of Personal Information: (a) name (first name, middle name, last name, legal name); (b) email address; (c) phone number; (d) postal address (street address, city, state/province, postal code, country); (e) date of birth; (f) gender (optional); (g) profile photograph or avatar; (h) biographical information, professional summary, or description; (i) professional credentials, licenses, certifications, or qualifications; (j) employment history, education history, or experience; (k) portfolio items, work samples, or demonstration materials; (l) preferred language; (m) time zone; and (n) any other information Users voluntarily provide in their Account or profile.

4.2 Identity Verification Information

To verify Users' identities, prevent fraud, and comply with legal obligations, CLÖCKH may collect the following categories of Sensitive Personal Information: (a) government-issued identification numbers such as Social Security numbers, tax identification numbers, passport numbers, national identification numbers, or driver's license numbers; (b) government-issued identification documents such as copies of passports, driver's licenses, national identity cards, or birth certificates; (c) biometric information such as facial recognition data or fingerprints (if required by applicable law or if User consents); (d) background check results, criminal records checks, or credit checks; and (e) proof of professional licenses, certifications, or credentials.

4.3 Financial and Payment Information

To facilitate transactions and payments via the Platform, CLÖCKH collects the following categories of Sensitive Personal Information: (a) payment card information including credit card numbers, debit card numbers, card expiration dates, and CVV/security codes (collected and processed by our Payment Partner, not stored by CLÖCKH); (b) bank account information including account numbers, routing numbers, and account holder names (collected and processed by our Payment Partner, not stored by CLÖCKH); (c) payment method preferences; (d) billing address; (e) transaction history including amounts paid, amounts received, dates, transaction descriptions, and parties involved; (f) tax information including tax identification numbers, tax forms (such as IRS Form W-9 or Form W-8), and tax withholding information; and (g) invoices, receipts, and payment confirmations.

4.4 Communications and User Content

CLÖCKH collects the following categories of Personal Information related to Users' communications and User Content: (a) messages, correspondence, or communications sent via the Platform's messaging system, including text messages, video call recordings (if User consents to recording), or voice messages; (b) emails sent to or from CLÖCKH's support team or other CLÖCKH personnel; (c) phone calls with CLÖCKH's support team or other CLÖCKH personnel (which may be recorded for quality assurance, training, or dispute resolution purposes, with notice to Users); (d) reviews, ratings, or feedback submitted by Users regarding other Users or regarding Services; (e) project descriptions, proposals, bids, quotes, contracts, or agreements entered into via the Platform; (f) dispute submissions, evidence, or documentation submitted in connection with dispute resolution proceedings; and (g) any other User Content submitted via the Platform.

4.5 Device and Technical Information

When Users access or use the Platform, CLÖCKH automatically collects the following categories of Personal Information about Users' devices and Platform interactions: (a) IP address; (b) device type, model, manufacturer, and operating system; (c) browser type, version, and language settings; (d) screen resolution and display settings; (e) unique device identifiers or mobile advertising identifiers; (f) network information including internet service provider, connection type, and network performance data; (g) geolocation data including precise GPS coordinates (if User grants location permissions) or approximate location derived from IP address; (h) Platform usage data including pages visited, features used, buttons clicked, search queries, time spent on pages, navigation paths, and session duration; (i) error logs, crash reports, and diagnostic data; and (j) information collected via Cookies and similar tracking technologies as described in Article XIV.

4.6 Information from Third-Party Sources

CLÖCKH may collect Personal Information about Users from third-party sources, including but not limited to: (a) identity verification services that provide verification of Users' identities, addresses, or credentials; (b) background check services that provide criminal records checks, credit checks, or employment verification; (c) payment processors (our Payment Partner) that provide information regarding payment methods, transaction status, or fraud detection; (d) social media platforms, if Users choose to link their social media accounts to their CLÖCKH Account or if Users use social login features; (e) public records databases including property records, business registration records, or professional licensing databases; (f) marketing partners, data brokers, or analytics providers that provide demographic, interest, or behavioral data; and (g) other Users who provide information about a User in the course of communications, transactions, reviews, or disputes.

Article V: Methods of Information Collection

5.1 Direct Collection from Users

The majority of Personal Information collected by CLÖCKH is provided directly by Users through: (a) completing registration forms or account creation processes; (b) completing profile information or verification processes; (c) entering payment information or connecting payment methods; (d) submitting project descriptions, proposals, bids, or quotes; (e) sending messages, communications, or User Content via the Platform; (f) submitting reviews, ratings, or feedback; (g) contacting CLÖCKH's customer support; (h) responding to surveys, questionnaires, or feedback requests; or (i) otherwise voluntarily providing information to CLÖCKH.

5.2 Automatic Collection via Platform Interactions

CLÖCKH automatically collects certain Personal Information when Users access or use the Platform, including device information, IP addresses, geolocation data, and usage data, as described in Section 4.5. This information is collected via: (a) server logs that record information about each request made to CLÖCKH's servers; (b) Cookies and similar tracking technologies as described in Article XIV; (c) software development kits (SDKs) embedded in CLÖCKH's mobile applications; (d) analytics services that track User interactions and generate usage reports; and (e) monitoring tools that detect errors, crashes, performance issues, or security incidents.

5.3 Collection from Third-Party Sources

As described in Section 4.6, CLÖCKH collects certain Personal Information from third-party sources including identity verification services, background check services, payment processors, social media platforms, public records databases, and marketing partners. CLÖCKH collects such information through: (a) API integrations that allow CLÖCKH to query third-party databases or services; (b) data feeds or data sharing agreements with third-party providers; (c) social login features that allow Users to authenticate using social media credentials; or (d) user-initiated connections between the Platform and third-party services.

5.4 Derived and Inferred Information

CLÖCKH may derive or infer certain Personal Information from analysis of collected data, including but not limited to: (a) User preferences, interests, or behavior patterns based on analysis of Platform usage data; (b) creditworthiness, reliability, or risk profile based on analysis of transaction history, reviews, dispute history, and other factors; (c) demographic information or attributes based on analysis of profile information or usage patterns; (d) predictions or propensities regarding Users' likelihood to engage in certain behaviors or transactions; and (e) any other insights, scores, or classifications generated through data analysis, machine learning, or algorithmic processing.

Article VI: Legal Bases for Processing Personal Information

6.1 Legal Bases Under GDPR

For Users located in the European Economic Area (EEA), the United Kingdom, or Switzerland, CLÖCKH processes Personal Information only where CLÖCKH has a legal basis for such processing under GDPR. The legal bases for CLÖCKH's processing activities are as follows:

(a) Consent (GDPR Article 6(1)(a)): CLÖCKH processes certain Personal Information based on Users' consent, including: (i) collection of precise geolocation data (when User grants location permissions); (ii) recording of video calls or phone calls (when User consents to recording); (iii) use of certain Cookies and tracking technologies (when User consents via Cookie banner); (iv) sending marketing communications (when User opts in to receive marketing emails); and (v) any other processing for which CLÖCKH specifically requests and obtains User consent. Users may withdraw consent at any time as described in Article XI.

(b) Performance of Contract (GDPR Article 6(1)(b)): CLÖCKH processes Personal Information as necessary to perform the Terms of Service contract between CLÖCKH and Users, including: (i) creating and maintaining User Accounts; (ii) facilitating transactions between Clients and Service Providers; (iii) processing payments and transferring funds; (iv) providing Platform features and functionality; (v) communicating with Users regarding their Accounts, transactions, or Platform use; (vi) providing customer support; and (vii) enforcing the Terms of Service and resolving disputes.

(c) Legitimate Interests (GDPR Article 6(1)(f)): CLÖCKH processes Personal Information based on CLÖCKH's or third parties' legitimate interests, where such interests are not overridden by Users' data protection rights, including: (i) fraud prevention, security monitoring, and risk assessment; (ii) improving, developing, and enhancing the Platform; (iii) analyzing usage patterns and generating analytics; (iv) conducting research and data analysis; (v) marketing and promoting the Platform; (vi) protecting CLÖCKH's legal rights and interests; (vii) complying with legal and regulatory obligations; and (viii) any other processing necessary for CLÖCKH's legitimate business operations.

(d) Legal Obligation (GDPR Article 6(1)(c)): CLÖCKH processes Personal Information as necessary to comply with legal obligations imposed on CLÖCKH by applicable laws and regulations, including: (i) tax reporting and withholding obligations; (ii) anti-money laundering (AML) and counter-terrorism financing (CTF) obligations; (iii) Know Your Customer (KYC) and identity verification requirements; (iv) data protection laws requiring CLÖCKH to respond to data subject requests; (v) legal process such as subpoenas, court orders, or government investigations; and (vi) any other legal or regulatory obligations.

(e) Vital Interests (GDPR Article 6(1)(d)): CLÖCKH may process Personal Information where necessary to protect the vital interests (life or physical safety) of Users or other persons, such as in emergency situations or where User safety is at risk.

6.2 Legal Bases Under T&T DPA

For Users located in Trinidad & Tobago, CLÖCKH processes Personal Information in accordance with the Trinidad & Tobago Data Protection Act 2011 and related regulations. CLÖCKH processes Personal Information only where processing is: (a) necessary for the performance of a contract to which the User is a party; (b) necessary for compliance with a legal obligation; (c) necessary to protect the vital interests of the User or another person; (d) necessary for the performance of a task carried out in the public interest; (e) necessary for the purposes of legitimate interests pursued by CLÖCKH or by a third party, except where such interests are overridden by the interests or fundamental rights of the User; or (f) based on the User's unambiguous consent.

6.3 Legal Bases Under CCPA/CPRA

For Users located in California, CLÖCKH processes Personal Information in accordance with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. CLÖCKH collects and processes Personal Information for the business purposes and commercial purposes described in Article VII. California residents have specific rights regarding their Personal Information as described in Article XV.

Article VII: Use of Personal Information

7.1 Platform Operations and Service Delivery

CLÖCKH uses Personal Information to operate, provide, maintain, and deliver the Platform and Services, including to: (a) create, maintain, and manage User Accounts; (b) verify User identities and credentials; (c) facilitate connections between Clients and Service Providers; (d) enable Users to post projects, submit proposals, negotiate terms, and enter into Project Contracts; (e) process transactions, payments, and fund transfers via our Payment Partner; (f) provide messaging, communication, and collaboration tools; (g) enable Users to submit and view reviews, ratings, and feedback; (h) provide customer support, technical assistance, and dispute resolution services; (i) send transactional communications including account notifications, payment confirmations, transaction updates, and security alerts; and (j) perform any other functions necessary to deliver the Platform's core features and functionality.

7.2 Safety, Security, and Fraud Prevention

CLÖCKH uses Personal Information to protect the safety and security of the Platform, Users, and CLÖCKH, and to detect, prevent, and respond to fraud, abuse, and illegal activity, including to: (a) verify User identities and authenticate Users; (b) conduct background checks, criminal records checks, or credit checks on Service Providers; (c) detect and prevent fraudulent accounts, transactions, or payment methods; (d) monitor for suspicious activity, unusual patterns, or potential security threats; (e) investigate suspected violations of the Terms of Service, Community Guidelines, or applicable laws; (f) respond to reports of misconduct, abuse, harassment, or illegal activity; (g) enforce the Terms of Service and other Platform policies; (h) comply with legal obligations including anti-money laundering (AML) and counter-terrorism financing (CTF) requirements; (i) respond to legal process including subpoenas, court orders, or government investigations; and (j) protect CLÖCKH's legal rights, property, and interests.

7.3 Platform Improvement and Development

CLÖCKH uses Personal Information to analyze, improve, develop, and enhance the Platform, including to: (a) understand how Users interact with the Platform and which features Users find most valuable; (b) identify bugs, errors, performance issues, or usability problems; (c) test new features, functionality, or design changes; (d) develop new products, services, or features; (e) personalize User experiences and customize Platform content or recommendations; (f) conduct research, data analysis, and statistical analysis; (g) generate insights regarding User behavior, preferences, or trends; (h) train and improve machine learning models, algorithms, or artificial intelligence systems; and (i) measure the effectiveness of Platform features and marketing campaigns.

7.4 Marketing and Communications

CLÖCKH uses Personal Information to communicate with Users and to market the Platform, including to: (a) send operational communications such as account notifications, policy updates, and service announcements; (b) send marketing emails, newsletters, promotional offers, or product announcements to Users who have opted in to receive marketing communications; (c) display personalized advertisements or content on the Platform or on third-party websites or applications; (d) measure the effectiveness of marketing campaigns and advertisements; (e) conduct surveys, questionnaires, or feedback requests; (f) invite Users to participate in beta testing, focus groups, or research studies; and (g) promote CLÖCKH's services, events, or partnerships. Users may opt out of marketing communications as described in Section 11.6.

7.5 Legal Compliance and Protection of Rights

CLÖCKH uses Personal Information to comply with legal obligations and to protect CLÖCKH's legal rights and interests, including to: (a) comply with applicable laws, regulations, and legal requirements; (b) respond to legal process including subpoenas, court orders, search warrants, or requests from law enforcement or regulatory authorities; (c) comply with tax reporting and withholding obligations; (d) comply with payment card industry (PCI) standards and payment processor requirements; (e) comply with export control laws and economic sanctions; (f) enforce the Terms of Service, this Policy, and other Platform policies; (g) pursue legal remedies or defend against legal claims; (h) protect CLÖCKH's intellectual property rights; (i) protect against liability; and (j) comply with audits, investigations, or regulatory examinations.

7.6 Aggregated and Anonymized Data

CLÖCKH may aggregate or anonymize Personal Information to create Aggregated Data or Anonymized Data, which CLÖCKH may use for any purpose without restriction, including to: (a) conduct research and data analysis; (b) generate reports, statistics, or insights regarding Platform usage, industry trends, or market conditions; (c) develop benchmarks or performance metrics; (d) create data products or services; (e) market or promote the Platform; and (f) share with third parties for research, analytics, or business purposes. Aggregated Data and Anonymized Data do not identify specific individuals and are not considered Personal Information under this Policy.

7.7 Other Business Purposes

CLÖCKH may use Personal Information for other business purposes consistent with the purposes described in this Article VII or as disclosed to Users at the time of collection, including to: (a) facilitate mergers, acquisitions, asset sales, or other business transactions; (b) manage business operations, finance, accounting, and record-keeping; (c) conduct internal audits, quality assurance, or compliance reviews; (d) manage vendor relationships and third-party service providers; (e) protect against or respond to natural disasters, emergencies, or security incidents; and (f) pursue any other legitimate business purposes consistent with this Policy and applicable law.

Article VIII: Disclosure and Sharing of Personal Information

8.1 Disclosure to Other Users

CLÖCKH discloses certain Personal Information to other Users to facilitate transactions and interactions via the Platform. When Users create profiles, post projects, submit proposals, or engage in transactions, the following information may be visible to other Users: (a) name, profile photograph, and biographical information; (b) professional credentials, experience, or qualifications; (c) reviews, ratings, and feedback from other Users; (d) project descriptions, proposals, bids, or quotes; (e) transaction history (limited to transactions with the viewing User); (f) availability, response time, or activity status; and (g) any other information Users choose to include in their public profiles or project postings. Users should exercise caution and discretion when sharing Personal Information via the Platform and should not share information they wish to keep private.

8.2 Disclosure to Caimite Technologies Limited

As described in Article III, Caimite Technologies Limited acts as a Data Processor and processes certain Personal Information on behalf of Zaboca Holdings Inc. for purposes including regional technical operations, user support, data storage, and other processing activities directed by Zaboca Holdings Inc. Caimite Technologies Limited is contractually obligated to process Personal Information solely in accordance with Zaboca Holdings Inc.'s instructions and to implement appropriate security measures to protect Personal Information.

8.3 Disclosure to Payment Partner

CLÖCKH shares certain Personal Information with our Payment Partner (the third-party payment processing service provider retained by CLÖCKH) to facilitate payment processing, fund transfers, and transaction management. Personal Information shared with our Payment Partner includes: (a) name, email address, and contact information; (b) payment method information including payment card numbers, bank account numbers, or other payment credentials (entered directly by Users into our Payment Partner's secure systems); (c) transaction details including amounts, dates, parties, and descriptions; (d) identity verification information as required by our Payment Partner; and (e) any other information necessary for our Payment Partner to process payments and comply with applicable laws and regulations. Our Payment Partner's use of Personal Information is governed by its own privacy policy and terms of service, and Users should review those documents. CLÖCKH is not responsible for our Payment Partner's data practices except to the extent required by law.

8.4 Disclosure to Third-Party Service Providers

CLÖCKH shares Personal Information with Third-Party Service Providers that perform services on behalf of CLÖCKH, including but not limited to: (a) cloud hosting and infrastructure providers that store data and operate CLÖCKH's servers; (b) content delivery networks (CDNs) that deliver Platform content to Users; (c) email service providers that send transactional and marketing emails on CLÖCKH's behalf; (d) SMS/text messaging providers that send text messages on CLÖCKH's behalf; (e) customer support platforms and helpdesk software providers; (f) analytics providers that analyze Platform usage and generate reports; (g) identity verification services that verify Users' identities, addresses, or credentials; (h) background check services that conduct criminal records checks, credit checks, or employment verification; (i) fraud detection and prevention services; (j) marketing and advertising platforms; (k) survey and feedback tools; and (l) any other third-party service providers that assist CLÖCKH in operating the Platform or conducting business. All Third-Party Service Providers are contractually obligated to use Personal Information only for the purposes for which it was disclosed and to implement appropriate security measures.

8.5 Disclosure for Legal Reasons

CLÖCKH may disclose Personal Information to law enforcement, regulatory authorities, courts, government agencies, or other third parties when CLÖCKH believes in good faith that disclosure is necessary or appropriate to: (a) comply with applicable laws, regulations, legal process, or governmental requests; (b) respond to subpoenas, court orders, search warrants, or requests from law enforcement or regulatory authorities; (c) enforce the Terms of Service, this Policy, or other Platform policies; (d) detect, prevent, or respond to fraud, security incidents, or illegal activity; (e) protect the rights, property, safety, or interests of CLÖCKH, Users, or the public; (f) respond to claims that User Content violates the rights of third parties; (g) comply with tax reporting, AML/CTF, or other regulatory obligations; or (h) pursue legal remedies or defend against legal claims. CLÖCKH may disclose Personal Information without notice to Users if prohibited by law from providing notice or if CLÖCKH believes in good faith that notice would be inappropriate or would jeopardize an investigation.

8.6 Disclosure in Business Transactions

If CLÖCKH is involved in a merger, acquisition, asset sale, financing, bankruptcy, reorganization, dissolution, or other business transaction, Personal Information may be disclosed, transferred, or sold to the acquiring or surviving entity, to potential buyers or investors, to advisors (such as attorneys, accountants, or investment bankers), or to other parties involved in the transaction. In such events, CLÖCKH will require the receiving party to honor this Policy or to provide Users with notice of any changes to data practices. If CLÖCKH's ownership or control changes, the new owner or controller may use Personal Information in accordance with this Policy or as permitted by applicable law.

8.7 Disclosure with User Consent

CLÖCKH may disclose Personal Information to third parties with Users' consent or at Users' direction. For example, if Users choose to link their CLÖCKH Account to a third-party service (such as a social media platform or calendar application), CLÖCKH may disclose Personal Information to that third-party service to facilitate the integration. Users may withdraw consent or disconnect third-party integrations via their Account settings.

8.8 Public Disclosure

Certain Personal Information may be publicly visible on the Platform or indexed by search engines, including: (a) User profiles including names, photographs, biographical information, and credentials; (b) project postings, proposals, or bids; (c) reviews, ratings, and feedback; (d) public comments or forum posts (if applicable); and (e) any other information Users choose to make public via the Platform. Users should exercise caution when sharing Personal Information publicly and should not share information they wish to keep private. CLÖCKH is not responsible for the use or misuse of publicly available information by third parties.

8.9 No Sale of Personal Information

CLÖCKH does not sell Personal Information to third parties for monetary consideration. For purposes of the California Consumer Privacy Act (CCPA), CLÖCKH does not "sell" Personal Information as that term is defined in the CCPA. However, CLÖCKH may share Personal Information with third parties for certain business purposes as described in this Article VIII, which may constitute "sharing" under the CCPA. California residents have the right to opt out of the sharing of Personal Information as described in Article XV.

Article IX: Data Retention

9.1 Retention Principles

CLÖCKH retains Personal Information for as long as necessary to fulfill the purposes for which it was collected, to provide the Platform and Services, to comply with legal obligations, to resolve disputes, to enforce agreements, and for other legitimate business purposes. The retention period for Personal Information depends on the type of information, the purposes for which it is used, and applicable legal requirements. CLÖCKH applies the following principles when determining retention periods: (a) Personal Information is retained only for as long as necessary to achieve the purposes for which it was collected; (b) Personal Information is deleted or anonymized when it is no longer needed for such purposes; (c) Personal Information is retained for longer periods when required by law or when necessary for legitimate business purposes such as fraud prevention, dispute resolution, or record-keeping; and (d) Users' rights to request deletion of Personal Information are honored subject to legal and operational exceptions as described in Article XI.

9.2 Retention Periods by Category

The following retention periods apply to different categories of Personal Information, subject to exceptions as described in this Article IX:

(a) Account and Profile Information: Retained for the duration of the User's Account and for up to seven (7) years following Account closure, or longer if required by law or necessary for legal, regulatory, or business purposes such as fraud prevention, dispute resolution, or tax compliance.

(b) Transaction and Payment Information: Retained for the duration of the User's Account and for up to ten (10) years following the transaction date, or longer if required by law or necessary for tax reporting, accounting, audit, dispute resolution, or regulatory compliance purposes.

(c) Communications and User Content: Retained for the duration of the User's Account and for up to five (5) years following Account closure, or longer if necessary for dispute resolution, legal proceedings, or enforcement of agreements.

(d) Identity Verification and Background Check Information: Retained for the duration of the User's Account and for up to seven (7) years following Account closure, or longer if required by law or necessary for fraud prevention, AML/CTF compliance, or regulatory purposes.

(e) Device and Technical Information: Retained for up to two (2) years from the date of collection, or longer if necessary for security monitoring, fraud detection, or legal compliance purposes.

(f) Marketing and Analytics Data: Retained for up to three (3) years from the date of collection, or until the User opts out of marketing communications or requests deletion, whichever occurs first.

9.3 Legal and Regulatory Requirements

Notwithstanding the retention periods specified in Section 9.2, CLÖCKH may retain Personal Information for longer periods when required by applicable laws or regulations, including but not limited to: (a) tax laws requiring retention of financial records for specified periods (typically seven to ten years); (b) anti-money laundering (AML) and counter-terrorism financing (CTF) laws requiring retention of identity verification and transaction records; (c) payment card industry (PCI) standards requiring retention of certain payment information; (d) employment and labor laws requiring retention of employment records; (e) intellectual property laws requiring retention of records to support intellectual property rights; and (f) any other legal or regulatory requirements imposing minimum retention periods.

9.4 Litigation and Dispute Resolution

If Personal Information is subject to pending or anticipated litigation, dispute resolution proceedings, government investigations, or legal holds, CLÖCKH may retain such information for as long as necessary to resolve the matter, even if the retention period specified in Section 9.2 has expired. CLÖCKH may also retain Personal Information as necessary to enforce agreements, protect CLÖCKH's legal rights, or comply with discovery obligations in legal proceedings.

9.5 Deletion and Anonymization

When Personal Information is no longer needed for the purposes for which it was collected and when retention is not required by law or for legitimate business purposes, CLÖCKH deletes or anonymizes the information. Deletion means permanent removal of Personal Information from CLÖCKH's systems such that it cannot be recovered or reconstructed. Anonymization means processing Personal Information in such a way that it can no longer be attributed to a specific individual. Anonymized Data is not considered Personal Information and may be retained indefinitely for research, analytics, or business purposes.

9.6 Backup and Archival Systems

Personal Information may remain in CLÖCKH's backup systems, disaster recovery systems, or archival storage for technical reasons even after deletion from active systems. CLÖCKH maintains backups to protect against data loss and to ensure business continuity in the event of system failures or disasters. Personal Information in backup systems is deleted in accordance with CLÖCKH's backup retention policies, typically within ninety (90) days to one (1) year of deletion from active systems, or as soon as technically feasible. Personal Information in backup systems is not accessible for ordinary business purposes and is used only for disaster recovery or system restoration purposes.

Article X: Security Measures and Data Protection

10.1 Security Commitment

CLÖCKH is committed to protecting Personal Information and implements reasonable technical, administrative, and physical security measures designed to safeguard Personal Information against unauthorized access, disclosure, alteration, destruction, loss, or misuse. CLÖCKH employs industry-standard security practices and technologies and continuously evaluates and improves security measures in response to evolving threats, technological advances, and regulatory requirements. However, no system is perfectly secure, and CLÖCKH cannot guarantee the absolute security of Personal Information. Users acknowledge that transmission of information over the internet and storage of information on networked systems involve inherent security risks.

10.2 Technical Security Measures

CLÖCKH implements the following technical security measures to protect Personal Information: (a) encryption of data in transit using Transport Layer Security (TLS) or other secure protocols; (b) encryption of sensitive data at rest using industry-standard encryption algorithms; (c) secure authentication mechanisms including password hashing, multi-factor authentication, and session management; (d) network security controls including firewalls, intrusion detection systems, and network segmentation; (e) access controls and permission management to limit access to Personal Information to authorized personnel only; (f) regular security testing including penetration testing, vulnerability scanning, and security audits; (g) secure software development practices including code reviews, security testing, and patch management; (h) monitoring and logging of system activity to detect and respond to security incidents; and (i) data loss prevention (DLP) tools and technologies to prevent unauthorized exfiltration of data.

10.3 Administrative Security Measures

CLÖCKH implements the following administrative security measures to protect Personal Information: (a) security policies and procedures governing the handling, storage, and transmission of Personal Information; (b) employee training and awareness programs regarding data protection, privacy, and security best practices; (c) background checks and confidentiality agreements for employees and contractors with access to Personal Information; (d) access control policies that grant access to Personal Information on a need-to-know basis and principle of least privilege; (e) incident response plans and procedures for detecting, responding to, and recovering from security incidents; (f) vendor management and due diligence processes to ensure that Third-Party Service Providers implement adequate security measures; (g) regular security audits, risk assessments, and compliance reviews; and (h) designation of a Data Protection Officer responsible for overseeing data protection and privacy matters.

10.4 Physical Security Measures

CLÖCKH and its Third-Party Service Providers implement physical security measures to protect data centers, servers, and other facilities where Personal Information is stored or processed, including: (a) physical access controls such as locked doors, access badges, biometric authentication, and security personnel; (b) video surveillance and monitoring of facilities; (c) environmental controls such as fire suppression systems, temperature and humidity controls, and power redundancy; (d) secure disposal of physical media containing Personal Information, such as shredding or destruction; and (e) physical security policies and procedures governing access to facilities and handling of equipment.

10.5 Payment Information Security

CLÖCKH does not store payment card numbers, bank account numbers, or other sensitive payment credentials on CLÖCKH's own systems. Instead, payment information is collected and processed directly by our Payment Partner, which is certified as compliant with the Payment Card Industry Data Security Standard (PCI-DSS). Our Payment Partner encrypts payment information during transmission and storage and implements strict security controls to protect payment information. CLÖCKH receives only limited payment information from our Payment Partner, such as the last four digits of payment card numbers and payment method types, which information is used solely for transaction processing, customer support, and record-keeping purposes.

10.6 Employee and Contractor Access

Access to Personal Information is restricted to employees, contractors, and service providers who require access to perform their job functions and who are bound by confidentiality obligations. CLÖCKH employees and contractors with access to Personal Information receive training on data protection, privacy, and security best practices and are required to comply with CLÖCKH's security policies and procedures. CLÖCKH conducts background checks on employees and contractors with access to sensitive Personal Information and terminates access immediately upon termination of employment or contractor relationships.

10.7 Third-Party Security

CLÖCKH requires Third-Party Service Providers that process Personal Information on behalf of CLÖCKH to implement security measures consistent with this Article X and to comply with applicable data protection laws. CLÖCKH conducts due diligence on Third-Party Service Providers before engaging them and periodically reviews their security practices to ensure ongoing compliance. CLÖCKH's agreements with Third-Party Service Providers require them to notify CLÖCKH of security incidents involving Personal Information and to cooperate with CLÖCKH in responding to such incidents.

10.8 Security Incident Response

In the event of a security incident involving unauthorized access to, disclosure of, or loss of Personal Information, CLÖCKH will: (a) investigate the incident to determine the nature, scope, and impact of the breach; (b) take steps to contain the breach and mitigate harm; (c) notify affected Users in accordance with applicable data breach notification laws; (d) notify regulatory authorities as required by law; (e) cooperate with law enforcement investigations; (f) implement remedial measures to prevent similar incidents in the future; and (g) document the incident and CLÖCKH's response for compliance and audit purposes. CLÖCKH will provide notice of security incidents to affected Users without unreasonable delay, and in any event within the timeframes required by applicable law (typically within 72 hours for GDPR-covered incidents).

Article XI: User Rights and Control Over Personal Information

11.1 Overview of User Rights

Users have certain rights regarding their Personal Information under applicable data protection laws, including GDPR, CCPA/CPRA, and T&T DPA. The specific rights available to Users depend on the User's location and the applicable legal framework. This Article XI describes the rights generally available to Users and the procedures for exercising those rights. Additional rights specific to California residents are described in Article XV.

11.2 Right of Access

Users have the right to request access to the Personal Information that CLÖCKH holds about them. Upon receiving a verified access request, CLÖCKH will provide Users with: (a) confirmation of whether CLÖCKH is processing Personal Information about the User; (b) a copy of the Personal Information CLÖCKH holds about the User; (c) information about the categories of Personal Information collected, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared; (d) information about the retention period for the Personal Information or the criteria used to determine the retention period; and (e) any other information required by applicable law. CLÖCKH will provide this information in a commonly used electronic format unless otherwise requested by the User.

11.3 Right to Rectification or Correction

Users have the right to request correction of inaccurate or incomplete Personal Information. Upon receiving a verified correction request, CLÖCKH will take reasonable steps to correct the Personal Information and will notify any third parties to whom the information was disclosed (unless such notification is impossible or involves disproportionate effort). Users may also correct certain Personal Information directly via their Account settings without submitting a formal request. Users are encouraged to keep their Account information accurate and up-to-date.

11.4 Right to Deletion or Erasure

Users have the right to request deletion of their Personal Information in certain circumstances, including when: (a) the Personal Information is no longer necessary for the purposes for which it was collected; (b) the User withdraws consent on which processing is based and there is no other legal basis for processing; (c) the User objects to processing based on legitimate interests and there are no overriding legitimate grounds for processing; (d) the Personal Information was unlawfully processed; or (e) deletion is required to comply with a legal obligation. CLÖCKH will honor deletion requests subject to the following exceptions: (a) Personal Information that CLÖCKH is required to retain by law or regulation; (b) Personal Information necessary to complete a transaction or provide a service requested by the User; (c) Personal Information necessary to detect, prevent, or respond to security incidents, fraud, or illegal activity; (d) Personal Information necessary to exercise free speech or other legal rights; (e) Personal Information necessary for internal uses reasonably aligned with User expectations; (f) Personal Information necessary for legal claims, compliance, or regulatory purposes; and (g) Personal Information in backup or archival systems, which will be deleted in accordance with CLÖCKH's backup retention policies.

11.5 Right to Object and Restriction of Processing

Users have the right to object to certain types of processing of Personal Information, including: (a) processing based on legitimate interests; (b) direct marketing; and (c) profiling. Upon receiving a verified objection, CLÖCKH will cease processing the Personal Information for the specified purpose unless CLÖCKH demonstrates compelling legitimate grounds for processing that override the User's interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defense of legal claims. Users also have the right to request restriction of processing in certain circumstances, such as when the accuracy of Personal Information is contested or when processing is unlawful but the User does not wish to have the information deleted. When processing is restricted, CLÖCKH will store the Personal Information but will not otherwise process it except with the User's consent or for legal purposes.

11.6 Right to Opt Out of Marketing

Users have the right to opt out of receiving marketing communications from CLÖCKH at any time. Users may opt out by: (a) clicking the "unsubscribe" link in marketing emails; (b) adjusting Account settings to disable marketing communications; (c) replying "STOP" to marketing text messages; or (d) contacting CLÖCKH at privacy@zaboca.org. Opting out of marketing communications does not affect Users' receipt of transactional, operational, or policy-related communications, which Users may not opt out of without closing their Account.

11.7 Right to Data Portability

Users have the right to receive a copy of their Personal Information in a structured, commonly used, and machine-readable format and to transmit that information to another controller without hindrance from CLÖCKH. This right applies to Personal Information that: (a) the User provided to CLÖCKH; (b) is processed based on consent or performance of a contract; and (c) is processed by automated means. Upon receiving a verified portability request, CLÖCKH will provide the Personal Information in a portable format such as JSON, CSV, or XML, as appropriate.

11.8 Right to Withdraw Consent

Where CLÖCKH processes Personal Information based on User consent, Users have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal. Users may withdraw consent by: (a) adjusting Account settings; (b) disabling permissions in device settings (such as location permissions); (c) opting out of Cookies via the Cookie banner or browser settings; or (d) contacting CLÖCKH at privacy@zaboca.org. Upon withdrawal of consent, CLÖCKH will cease processing Personal Information for the purposes for which consent was given, except to the extent CLÖCKH has another legal basis for processing.

11.9 Exercising User Rights

To exercise any of the rights described in this Article XI, Users may submit a request via the following methods: (a) email: privacy@zaboca.org; (b) mail: Zaboca Holdings Inc., Data Protection Officer, c/o registered agent, Delaware; or (c) via the Account settings or privacy controls within the Platform (where available). Requests must include sufficient information to allow CLÖCKH to verify the User's identity and to locate the User's Personal Information in CLÖCKH's systems. CLÖCKH may request additional information or documentation to verify the User's identity before responding to the request. Users may also authorize an agent to submit requests on their behalf by providing the agent with written authorization and proof of the User's identity.

11.10 Response Time and Fees

CLÖCKH will respond to verified User rights requests without undue delay and in any event within the timeframes required by applicable law, typically: (a) within one (1) month for GDPR requests (extendable by two additional months for complex or numerous requests); (b) within forty-five (45) days for CCPA requests (extendable by an additional forty-five days for complex requests); or (c) within thirty (30) days for T&T DPA requests. CLÖCKH will not charge a fee for responding to requests unless the requests are manifestly unfounded, excessive, or repetitive, in which case CLÖCKH may charge a reasonable fee to cover administrative costs or may refuse to respond to the request. Users will be notified of any fees before CLÖCKH processes the request.

11.11 Right to Lodge a Complaint

Users have the right to lodge a complaint with a data protection authority if they believe CLÖCKH has violated their data protection rights. For Users in the European Economic Area, the United Kingdom, or Switzerland, the relevant data protection authority is the supervisory authority in the User's country of residence or place of work. For Users in Trinidad & Tobago, the relevant authority is the Trinidad & Tobago Data Protection Authority. For Users in California, complaints may be submitted to the California Attorney General's Office. Contact information for data protection authorities is available on their respective websites.

Article XII: Children's Privacy

12.1 Age Restrictions

The Platform is not intended for use by children under the age of eighteen (18) years or under the age of majority in the User's jurisdiction, whichever is greater. CLÖCKH does not knowingly collect, use, or disclose Personal Information from children under the applicable age of majority. Users must be at least eighteen (18) years of age or the age of majority in their jurisdiction to create an Account or use the Platform. By using the Platform, Users represent and warrant that they meet the minimum age requirements.

12.2 Parental Consent

If CLÖCKH learns that it has collected Personal Information from a child under the applicable age of majority without verifiable parental consent (where required by law), CLÖCKH will take steps to delete that information as soon as reasonably practicable. If a parent or guardian becomes aware that their child has provided Personal Information to CLÖCKH without parental consent, they should contact CLÖCKH immediately at privacy@zaboca.org, and CLÖCKH will delete the child's Personal Information from CLÖCKH's systems.

12.3 Compliance with Children's Privacy Laws

CLÖCKH complies with applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions. CLÖCKH does not knowingly collect Personal Information from children under thirteen (13) years of age in the United States without verifiable parental consent. CLÖCKH does not condition a child's participation in any online activity on the child's disclosure of more Personal Information than is reasonably necessary to participate in the activity.

Article XIII: International Data Transfers

13.1 Cross-Border Transfers

The Platform is operated from the United States, and Personal Information collected via the Platform is transferred to, stored in, and processed in the United States and potentially in other countries where CLÖCKH, Caimite Technologies Limited, or CLÖCKH's Third-Party Service Providers maintain facilities or operations. These countries may have data protection laws that differ from the laws of the User's country of residence and may not provide the same level of data protection as the User's home country. By using the Platform, Users consent to the transfer of their Personal Information to the United States and other countries for processing in accordance with this Policy.

13.2 Legal Mechanisms for Transfers

For transfers of Personal Information from the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions with restrictions on international data transfers, CLÖCKH relies on the following legal mechanisms to ensure adequate protection of Personal Information: (a) Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant authorities; (b) adequacy decisions issued by the European Commission or other relevant authorities recognizing that certain countries provide adequate protection for Personal Information; (c) Binding Corporate Rules (BCRs) if applicable; (d) explicit consent from Users for the specific transfer; or (e) any other legal mechanism recognized under applicable data protection laws. CLÖCKH evaluates the adequacy of protection provided in destination countries and implements supplementary measures where necessary to ensure that Personal Information transferred internationally receives a level of protection substantially equivalent to that provided in the User's home jurisdiction.

13.3 Data Localization

Where required by applicable law, CLÖCKH may store copies of Personal Information in the User's country of residence or in specific geographic regions. For example, Personal Information of Users in Trinidad & Tobago may be stored or processed in Trinidad & Tobago by Caimite Technologies Limited in addition to being transferred to the United States. CLÖCKH complies with data localization requirements under applicable laws, including requirements to obtain consent for cross-border transfers or to implement specific safeguards for international transfers.

13.4 U.S. Government Access

Users acknowledge that Personal Information stored or processed in the United States may be subject to access by U.S. government authorities, law enforcement agencies, or national security agencies under applicable U.S. laws, including the Foreign Intelligence Surveillance Act (FISA), the USA PATRIOT Act, and other laws authorizing government access to data. CLÖCKH will disclose Personal Information to U.S. government authorities only when required by law and will, where legally permitted, provide notice to affected Users and challenge overly broad or unlawful requests for information.

13.5 Regional Considerations

For Users in specific regions or jurisdictions, the following additional considerations apply to international data transfers:

(a) European Economic Area, United Kingdom, and Switzerland: Transfers of Personal Information from these jurisdictions to the United States or other countries outside the EEA/UK/Switzerland are governed by GDPR and UK data protection law and are subject to the safeguards described in Section 13.2. Users in these jurisdictions have the right to obtain information about the safeguards CLÖCKH uses for international transfers and to obtain a copy of the relevant transfer mechanism (such as Standard Contractual Clauses) by contacting privacy@zaboca.org.

(b) Trinidad & Tobago: Transfers of Personal Information from Trinidad & Tobago to countries outside Trinidad & Tobago are governed by the Trinidad & Tobago Data Protection Act 2011. CLÖCKH obtains User consent for cross-border transfers where required and implements appropriate safeguards to protect Personal Information transferred internationally.

(c) Other Jurisdictions: For Users in other jurisdictions with restrictions on international data transfers, CLÖCKH complies with applicable local laws and regulations governing cross-border transfers and implements appropriate safeguards as required by law.

Article XIV: Cookies and Tracking Technologies

14.1 Use of Cookies

CLÖCKH uses Cookies and similar tracking technologies to collect information about Users' interactions with the Platform, to recognize Users across sessions and devices, to personalize User experiences, to analyze Platform usage, and to deliver targeted advertising. Cookies are small text files placed on Users' devices by web servers. When Users visit the Platform, CLÖCKH's servers send Cookies to Users' devices, and Users' browsers store the Cookies and send them back to CLÖCKH's servers on subsequent visits. This allows CLÖCKH to recognize Users and to collect information about their Platform usage.

14.2 Types of Cookies Used

CLÖCKH uses the following types of Cookies:

(a) Strictly Necessary Cookies: These Cookies are essential for the Platform to function properly and cannot be disabled without significantly impairing Platform functionality. Strictly necessary Cookies are used for purposes such as: (i) authenticating Users and maintaining login sessions; (ii) remembering User preferences and settings; (iii) enabling core Platform features such as messaging, transactions, and account management; (iv) detecting and preventing fraud or security threats; and (v) load balancing and distributing traffic across servers. Strictly necessary Cookies are exempt from consent requirements under GDPR and other privacy laws.

(b) Performance and Analytics Cookies: These Cookies collect information about how Users interact with the Platform, including which pages Users visit, how long Users spend on each page, which features Users use, and whether Users encounter errors. Performance and analytics Cookies are used to: (i) understand how Users use the Platform; (ii) identify usability issues or areas for improvement; (iii) measure the effectiveness of Platform features; (iv) generate aggregated usage statistics; and (v) optimize Platform performance and user experience. CLÖCKH uses third-party analytics services such as Google Analytics to collect and analyze this information. Performance and analytics Cookies do not identify individual Users and typically collect only aggregated or anonymized data.

(c) Functionality Cookies: These Cookies enhance Platform functionality and personalize User experiences by: (i) remembering Users' preferences, settings, or choices; (ii) personalizing content, recommendations, or search results based on Users' past behavior; (iii) enabling social media features such as sharing content on social media platforms; (iv) providing chat or customer support features; and (v) improving accessibility features. Functionality Cookies may be set by CLÖCKH or by third-party service providers integrated with the Platform.

(d) Targeting and Advertising Cookies: These Cookies are used to deliver personalized advertisements to Users on the Platform or on third-party websites or applications. Targeting and advertising Cookies: (i) track Users' browsing behavior across websites to build profiles of Users' interests; (ii) deliver advertisements that are relevant to Users' interests; (iii) measure the effectiveness of advertising campaigns; (iv) limit the number of times Users see the same advertisement; and (v) provide reports to advertisers about campaign performance. Targeting and advertising Cookies may be set by CLÖCKH or by third-party advertising networks and platforms.

14.3 Other Tracking Technologies

In addition to Cookies, CLÖCKH uses the following tracking technologies:

(a) Web Beacons or Pixels: Small, transparent image files embedded in web pages or emails that allow CLÖCKH to track whether Users have viewed a particular web page or opened a particular email. Web beacons are often used in combination with Cookies to collect information about User behavior.

(b) Local Storage: Technologies that allow websites to store data locally on Users' devices, including HTML5 local storage, session storage, and IndexedDB. Local storage is used for purposes similar to Cookies but can store larger amounts of data and may persist even after the browser is closed.

(c) Software Development Kits (SDKs): Code libraries embedded in mobile applications that collect information about Users' interactions with the application, device information, and other data. SDKs are used for purposes such as analytics, crash reporting, advertising, and integration with third-party services.

(d) Device Fingerprinting: Techniques that collect information about Users' devices, browsers, and settings to create a unique "fingerprint" that can be used to recognize devices across sessions or websites. Device fingerprinting is used for purposes such as fraud detection, security monitoring, and analytics.

14.4 Third-Party Cookies and Tracking

The Platform may include Cookies or tracking technologies set by third parties, including: (a) analytics providers such as Google Analytics; (b) advertising networks and platforms; (c) social media platforms; (d) customer support tools; (e) content delivery networks; and (f) other third-party service providers. These third parties may collect information about Users' online activities over time and across different websites or applications. CLÖCKH does not control third-party Cookies or tracking technologies and is not responsible for third parties' data practices. Users should review the privacy policies of these third parties to understand how they collect and use information.

14.5 Cookie Consent and Management

When Users first visit the Platform, CLÖCKH displays a Cookie banner that provides information about CLÖCKH's use of Cookies and requests Users' consent for non-essential Cookies (such as analytics, functionality, and advertising Cookies). Users may accept all Cookies, reject non-essential Cookies, or customize their Cookie preferences via the Cookie banner. Users may also manage Cookies via their browser settings:

(a) Browser Cookie Settings: Most web browsers allow Users to: (i) view and delete Cookies; (ii) block or restrict certain Cookies; (iii) receive notifications when Cookies are set; and (iv) configure default Cookie preferences. Users can access browser Cookie settings via the browser's settings or preferences menu. Instructions for managing Cookies in common browsers are available at the following links:

• Chrome: chrome://settings/cookies
• Firefox: about:preferences#privacy
• Safari: Preferences → Privacy
• Edge: edge://settings/privacy

(b) Opt-Out Tools: Users may opt out of certain third-party tracking and advertising by using industry opt-out tools such as: (i) Network Advertising Initiative (NAI) opt-out tool: optout.networkadvertising.org; (ii) Digital Advertising Alliance (DAA) opt-out tool: optout.aboutads.info; (iii) European Interactive Digital Advertising Alliance (EDAA) opt-out tool: youronlinechoices.eu; or (iv) Google Analytics opt-out browser add-on: tools.google.com/dlpage/gaoptout.

(c) Mobile Device Settings: Mobile device users may limit tracking via device settings, such as: (i) iOS: Settings → Privacy → Tracking; (ii) Android: Settings → Google → Ads. Users may also reset their mobile advertising identifiers to limit tracking by advertising networks.

(d) Do Not Track Signals: Some browsers support "Do Not Track" (DNT) signals that request websites not to track Users' online activities. The Platform does not currently respond to DNT signals, as there is no industry consensus on how to interpret or implement DNT. However, Users may use the Cookie management options described above to limit tracking.

14.6 Impact of Disabling Cookies

Users may disable or block Cookies via browser settings or opt-out tools. However, disabling or blocking Cookies may impair certain Platform features or functionality. Specifically: (a) disabling strictly necessary Cookies will prevent Users from logging in, maintaining sessions, or using core Platform features; (b) disabling performance and analytics Cookies will prevent CLÖCKH from collecting usage data, which may limit CLÖCKH's ability to identify and fix issues or improve the Platform; (c) disabling functionality Cookies will prevent the Platform from remembering User preferences or personalizing content; and (d) disabling advertising Cookies will not reduce the number of advertisements Users see but may make advertisements less relevant to Users' interests.

Article XV: California Privacy Rights

15.1 Applicability

This Article XV applies to Users who are California residents as defined by the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"). California residents have specific privacy rights under the CCPA in addition to the rights described in Article XI. This Article XV describes those additional rights and how California residents may exercise them.

15.2 Right to Know

California residents have the right to request that CLÖCKH disclose: (a) the categories of Personal Information CLÖCKH has collected about the resident; (b) the categories of sources from which the Personal Information was collected; (c) the business or commercial purpose for collecting, selling, or sharing Personal Information; (d) the categories of third parties to whom CLÖCKH discloses Personal Information; and (e) the specific pieces of Personal Information CLÖCKH has collected about the resident. California residents may submit up to two (2) requests to know within a twelve (12) month period.

15.3 Right to Delete

California residents have the right to request deletion of Personal Information that CLÖCKH has collected about them, subject to certain exceptions described in Section 11.4. Upon receiving a verified deletion request, CLÖCKH will delete the resident's Personal Information from CLÖCKH's records (and will direct service providers to delete the information) unless an exception applies.

15.4 Right to Correct

California residents have the right to request correction of inaccurate Personal Information that CLÖCKH maintains about them. Upon receiving a verified correction request, CLÖCKH will use commercially reasonable efforts to correct the inaccurate Personal Information.

15.5 Right to Opt Out of Sale or Sharing

California residents have the right to opt out of the "sale" or "sharing" of their Personal Information. CLÖCKH does not "sell" Personal Information for monetary consideration. However, CLÖCKH may "share" Personal Information with third parties for cross-context behavioral advertising purposes, which may constitute "sharing" under the CCPA. California residents may opt out of such sharing by: (a) clicking the "Do Not Share My Personal Information" link in the footer of the Website; (b) adjusting privacy settings in their Account; or (c) contacting CLÖCKH at privacy@zaboca.org. CLÖCKH will honor opt-out requests within fifteen (15) business days.

15.6 Right to Limit Use of Sensitive Personal Information

California residents have the right to direct CLÖCKH to limit the use of their Sensitive Personal Information to uses authorized by the CCPA, which include: (a) performing services reasonably expected by the resident; (b) ensuring security and integrity; (c) short-term, transient use; (d) performing services on behalf of CLÖCKH; and (e) verifying or maintaining the quality of services. However, CLÖCKH uses Sensitive Personal Information only for the purposes authorized by the CCPA, and therefore California residents' exercise of this right may not materially change CLÖCKH's data practices. California residents may submit a request to limit use of Sensitive Personal Information by contacting privacy@zaboca.org.

15.7 Right to Non-Discrimination

California residents have the right to exercise their CCPA rights without suffering discriminatory treatment. CLÖCKH will not: (a) deny goods or services to California residents who exercise their CCPA rights; (b) charge different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties; (c) provide a different level or quality of goods or services; or (d) suggest that California residents will receive a different price or rate for goods or services or a different level or quality of goods or services. However, CLÖCKH may offer financial incentives or price or service differences if reasonably related to the value provided to CLÖCKH by the resident's Personal Information.

15.8 Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. Authorized agents must provide: (a) proof of authorization from the resident, such as a power of attorney or written permission signed by the resident; (b) verification of the resident's identity; and (c) verification of the agent's identity. CLÖCKH may require the resident to verify their identity directly or to confirm that they authorized the agent to submit the request on their behalf.

15.9 Verification of Requests

To protect California residents' privacy and security, CLÖCKH verifies the identity of individuals who submit CCPA requests before responding to the requests. The verification method used depends on the type of request and the sensitivity of the Personal Information involved. For requests to know categories of information or for requests to opt out, CLÖCKH verifies the requestor's identity to a reasonable degree of certainty by matching information provided in the request to information CLÖCKH already has about the requestor. For requests to know specific pieces of information or for requests to delete, CLÖCKH verifies the requestor's identity to a reasonably high degree of certainty by requiring the requestor to provide additional information or documentation.

15.10 Response Time

CLÖCKH will respond to verified CCPA requests within forty-five (45) days of receipt, or within ninety (90) days if additional time is needed due to the complexity or number of requests. If CLÖCKH requires additional time, CLÖCKH will notify the requestor of the extension and the reason for the extension within the initial forty-five (45) day period. CLÖCKH will not charge a fee to respond to CCPA requests unless the requests are manifestly unfounded, excessive, or repetitive.

15.11 Categories of Personal Information Collected

For California residents, CLÖCKH collects the following categories of Personal Information as defined by the CCPA: (a) identifiers such as name, email address, IP address, and account credentials; (b) commercial information such as transaction history and payment information; (c) internet or other electronic network activity information such as browsing history and Platform usage data; (d) geolocation data; (e) professional or employment-related information; (f) education information; (g) inferences drawn from the above categories to create a profile about a consumer's preferences or characteristics; and (h) Sensitive Personal Information such as Social Security numbers, driver's license numbers, financial account information, precise geolocation data, and the contents of communications.

15.12 Business and Commercial Purposes

CLÖCKH collects and uses Personal Information for the business purposes and commercial purposes described in Article VII, including: (a) providing and operating the Platform; (b) processing transactions and payments; (c) customer support and communications; (d) security, fraud prevention, and compliance; (e) Platform improvement and development; (f) analytics and research; (g) marketing and advertising; and (h) legal compliance and protection of rights.

15.13 Disclosure of Personal Information

CLÖCKH discloses Personal Information to the categories of third parties described in Article VIII, including: (a) other Users; (b) Caimite Technologies Limited; (c) our Payment Partner; (d) other Third-Party Service Providers; (e) law enforcement and regulatory authorities; (f) parties involved in business transactions; and (g) other third parties with User consent. CLÖCKH does not sell Personal Information for monetary consideration but may share Personal Information with third parties for cross-context behavioral advertising purposes, which California residents may opt out of as described in Section 15.5.

15.14 Retention of Personal Information

CLÖCKH retains Personal Information for the retention periods described in Article IX, which vary depending on the category of information and the purposes for which it is used. Generally, Personal Information is retained for as long as necessary to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements.

15.15 Contact for California Privacy Rights

California residents may submit CCPA requests or inquiries by contacting CLÖCKH at privacy@zaboca.org or by mail at: Zaboca Holdings Inc., Data Protection Officer, c/o registered agent, Delaware.

Article XVI: General Provisions

16.1 Entire Agreement

This Policy, together with the Terms of Service, Refund and Cancellation Policy, and Community Guidelines (each as may be amended from time to time), constitutes the entire agreement between CLÖCKH and Users regarding the collection, use, disclosure, and protection of Personal Information, superseding all prior agreements, understandings, or representations (written or oral) relating to such subject matter.

16.2 Severability

If any provision of this Policy is held invalid, illegal, or unenforceable by a court, arbitrator, or regulator of competent jurisdiction, such provision shall be enforced to the maximum permissible extent, and the remaining provisions shall remain in full force and effect.

16.3 No Waiver

CLÖCKH's failure to enforce any provision of this Policy or to exercise any right or remedy shall not constitute a waiver of such provision, right, or remedy, nor prevent CLÖCKH from enforcing such provision or exercising such right or remedy at a later time. No waiver shall be effective unless made in writing and signed by an authorized representative of CLÖCKH.

16.4 Governing Law

This Policy and disputes arising hereunder are governed by the laws of the State of Delaware, United States, without regard to conflict of laws principles, except to the extent mandatory local data protection laws (GDPR, CCPA, T&T DPA) require application of specific legal standards or provide Users with rights that cannot be waived or limited by choice of law provisions.

16.5 Arbitration

Disputes arising from or relating to this Policy or CLÖCKH's data practices shall be resolved through binding arbitration in accordance with Article XIX of the Terms of Service, incorporated herein by reference. Users waive the right to jury trial and the right to participate in class actions as provided in the Terms of Service.

16.6 Assignment

Users may not assign, transfer, or delegate any rights or obligations under this Policy without CLÖCKH's prior written consent. CLÖCKH may freely assign, transfer, or delegate this Policy and its rights and obligations hereunder in connection with mergers, acquisitions, asset sales, or corporate reorganizations without notice to or consent from Users.

16.7 Headings

Article, section, and subsection headings are provided for convenience and ease of reference only and shall not affect the interpretation or construction of this Policy.

16.8 Language

This Policy is executed in the English language. If this Policy is translated into other languages for convenience or legal compliance purposes, the English version shall control in the event of conflicts or ambiguities between versions.

16.9 Force Majeure

CLÖCKH is not liable for delays or failures in performance of obligations under this Policy resulting from causes beyond CLÖCKH's reasonable control, including but not limited to acts of God, cyberattacks, government actions, pandemics, infrastructure failures, or third-party service provider outages.

16.10 Survival

Provisions of this Policy that by their nature should survive termination of a User's Account or cessation of use of the Platform shall survive, including but not limited to provisions regarding data retention, security obligations, dispute resolution, governing law, and limitations of liability.

Article XVII: Acknowledgment and Acceptance

END OF PRIVACY POLICY
Last Updated: January 21, 2026
© 2026 Zaboca Holdings Inc. All rights reserved.
CLÖCKH is a trademark of Zaboca Holdings Inc.