Effective Date: 25 February 2026 This Privacy Notice explains how SIA Anastrade2025 (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you use the ArcadeDock website and related services (the “Site”). 1. Controller and Contact Data Controller: SIA Anastrade2025 Reg. No. 40203707175 • VAT No. LV40203707175 Stacijas iela 93–9, Ludza, Ludzas nov., LV-5701, Latvia Privacy / support contact: support@arcadedock.store If you have questions about this Privacy Notice or how we handle personal data, please contact us using the details above. 2. Personal Data We May Collect Depending on how you use the Site, we may collect the following categories of personal data: a) Information you provide directly - Email address - Support messages and other communications you send to us - Information you provide during checkout or transaction-related communication (if transaction functionality is available) b) Transaction and order-related metadata - Product identifiers (e.g., selected product/offer) - Displayed currency selection - Timestamps and transaction status events - Basic fulfillment/reveal status records - Risk review or verification status flags (where applicable) c) Technical and usage data - IP address (or derived location at a general level) - Browser type, device type, operating system - Referrer pages, pages viewed, session events, timestamps - Error logs and diagnostic information d) Preference data - Language preference (e.g., EN/RU) - Currency display preference (e.g., USD/EUR) - Cookie/local storage preferences (where used) We do not intentionally collect more personal data than is reasonably necessary for the purposes described below. 3. How We Collect Personal Data We collect personal data: - directly from you (for example, when you contact us or provide an email in a checkout flow); - automatically through your use of the Site (logs, device/browser data, session events); - from service providers or technical tools used to operate the Site (for example, hosting, analytics, or security tools), where applicable. 4. Purposes of Processing and Legal Bases (GDPR) We may process personal data for the following purposes and legal bases (where GDPR or similar laws apply): a) To provide and operate the Site Purpose: deliver pages, maintain functionality, remember language/currency preferences, troubleshoot errors. Legal basis: legitimate interests (operating, securing, and improving the Site); consent where required for certain cookies/tools. b) To communicate with you and provide support Purpose: respond to requests, support inquiries, and transaction-related messages. Legal basis: legitimate interests; contract or steps prior to entering into a contract (where applicable). c) To process and manage transactions (if/when transaction functionality is available) Purpose: process checkout information, confirm status, manage fulfillment flow, prevent errors. Legal basis: contract or steps prior to entering into a contract; legitimate interests (service reliability, fraud prevention). d) To prevent fraud, abuse, and unlawful activity Purpose: detect suspicious behavior, protect the Site, enforce terms, comply with risk controls. Legal basis: legitimate interests; legal obligation (where applicable). e) To comply with legal obligations Purpose: comply with accounting, tax, sanctions, consumer protection, recordkeeping, and lawful requests. Legal basis: legal obligation. f) To improve the Site and performance Purpose: analyze traffic, fix usability issues, monitor performance. Legal basis: legitimate interests; consent where required by law for analytics/cookies. 5. Cookies, Local Storage, and Similar Technologies We may use cookies, local storage, and similar technologies for: - essential site operation and security; - remembering preferences (such as language and display currency); - analytics and performance measurement (where implemented). Where required by applicable law, we will request consent before using non-essential cookies or similar technologies. You can usually control cookies through your browser settings. Blocking some technologies may affect certain Site functions or preferences. 6. Data Sharing and Recipients We may share personal data with: - hosting and infrastructure providers; - analytics, monitoring, or security service providers; - customer support or communication service providers; - payment-related service providers, if and when transaction/payment functionality is available; - legal, regulatory, or law enforcement authorities where required by law or to protect rights and security. We do not sell personal data as “sell” is commonly understood in consumer marketing contexts. We share personal data only where reasonably necessary for the purposes described in this Notice. 7. International Data Transfers Our service providers may process personal data in countries outside your country of residence, including outside the EU/EEA. Where required by applicable law, we take reasonable steps to use appropriate safeguards for international transfers (for example, contractual safeguards or reliance on adequacy decisions, where applicable). 8. Data Retention We retain personal data only for as long as necessary for the purposes described in this Notice, including: - to operate and secure the Site; - to respond to support requests; - to maintain transaction-related records (where applicable); - to comply with legal, tax, accounting, and dispute-resolution obligations; - to prevent fraud and misuse. Retention periods may vary based on data type, legal requirements, and legitimate business needs. 9. Your Rights (GDPR / EEA, where applicable) If GDPR or similar laws apply to you, you may have the right to: - be informed about processing of your personal data; - access your personal data; - request rectification of inaccurate data; - request erasure of your data in certain cases; - request restriction of processing in certain cases; - object to processing based on legitimate interests; - request data portability in certain cases; - withdraw consent (where processing is based on consent), without affecting prior lawful processing; - lodge a complaint with a supervisory authority. These rights are subject to legal conditions and exceptions. We may ask for reasonable verification of identity before responding to a request. 10. Security We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. No system is completely secure, and we cannot guarantee absolute security. 11. Children’s Privacy The Site is not directed to children, and we do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, please contact us and we will take appropriate steps. 12. Complaints and Supervisory Authority If you have concerns about how we handle personal data, please contact us first at support@arcadedock.store. If you are in the EU/EEA (or another jurisdiction with similar rights), you may also have the right to lodge a complaint with your local data protection authority (supervisory authority). 13. Changes to This Privacy Notice We may update this Privacy Notice from time to time. The updated version will be posted on the Site with a revised Effective Date. Your continued use of the Site after changes become effective is subject to the updated Privacy Notice.