Privacy Policy

Please carefully read this Privacy Policy ("Policy"), which governs how RocketPool Limited, a company
registered in accordance with legislation of Hong Kong with its registered office 8/F., China Tower Hong Kong,
8-12 Hennessy Road, Wan Chai, Hong Kong ("Company", "we"), collects, uses and discloses information, when
you access the Company's website https://redrock.pro as such term is described in Terms of Use ("Service"), or
when you otherwise interact with us.

1. Applicability and Acceptance of Policy
1.1. This Policy defines the Personal Data, explains how Personal Data is collected, used, processed, and
disclosed.
1.2. This Policy becomes effective upon your express consent to this Policy. By accessing the Service,
clicking a checkmark at the “I agree with the Privacy Policy” button, you unconditionally accept and adhere to
provisions of this Policy without any exemptions, limitations and/or exclusions.
1.3. In the event you disagree with any provision of this Policy or would not like to provide your consent
for processing of your Personal Data, you shall leave this Service.
2. Information about the Data Controller
2.1. The data controller of this Service is RocketPool Limited, a company registered in accordance with
legislation of Hong Kong with its registered office 8/F., China Tower Hong Kong, 8-12 Hennessy Road, Wan
Chai, Hong Kong. Contact details: support@redrock.pro
3. Legal Grounds for Personal Data Processing
3.1. We process your Personal Data on the basis that it is:
3.1.1. necessary for the performance of a contract, therefore, where we have a contract with you, we will
process your Personal Data in order to fulfill that contract (in particular, to provide access to the Service and
render Services available through it);
3.1.2. authorized by your Consent, which you give us as it is set out in section 4 hereof;
3.1.3. necessary for compliance with our legal obligation, in particular, when we are obliged to respond to
a court order or a regulator;
3.1.4. necessary for performance our legitimate interests;
3.1.5. permitted by applicable legislation.
3.2. We process the Personal Data for a number of legitimate interests, including to provide and improve
the Service, administer our relationship with you and our business, for marketing, and in order to exercise our
rights and responsibilities as specified in section 6 of the Agreement.
4. Consent to Personal Data Processing
4.1. Including are an EU Person, to process your Personal Data we need to receive your consent, as it is
prescribed by GDPR or other applicable law, we will process your Personal Data in the case we have received
from you a freely given, specific, informed and unambiguous indication of your wishes by which you signify
agreement to the processing of your Personal Data ("Consent").
4.2. By accessing the Service, clicking a checkmark at the “I agree with the Privacy Policy” button, you
directly and voluntarily agree that you are clearly informed of the data's intended use, and you give us
individual, explicit, active, informed Consent.
4.3. Your Consent covers all processing activities with your Personal Data carried out for the same purpose
or purposes. When the Processing has multiple purposes, your Consent should be deemed given for all of them,
unless otherwise provided by this Policy.
4.4. By agreeing to the Policy, you also give your Consent to the Company's entrust of Processing of certain
Personal Data to third parties ("Processor").
4.5. The following Processors may be involved in the processing of Personal Data on behalf of the
Company:
● Yandex LLC, which performs the function of mailbox hosting (notifications) and processes the
following types of Personal Data:
● email;
● login;
● referral code;
● google authenticator;
4.5.1. Yandex Cloud LLC, which processes the following types of Personal Data:
● email;
● login;
● referral code;
● google authenticator.
4.6. You have the right to withdraw your Consent at any time. You can submit such a request by sending
us an email to support@redrock.pro
4.7. Your withdrawal of Consent shall not affect the lawfulness of your Personal Data processing based on
Consent before its withdrawal.
4.8. Except as required or enabled by law we will not use or disclose your Personal Data for any purpose
for which you refuse Consent or later withdraw your Consent. If you withdraw Consent, you agree that in spite of
this withdrawal, we may continue to use those Personal Data previously provided to us to the extent that we are
contractually or otherwise legally obliged to do so and to the extent necessary to enforce any contractual obligation
you may have towards the Company or in any other way permitted by law.
5. Collection of Personal Data
5.1. General Provisions
5.1.1. The type of Personal Data we collect depends on how you are interacting with us. In many cases, you
can choose whether or not to provide us with Personal Data, but if you choose not to, you may not get full
functionality of the Service. When you visit Service, you may provide us with the following types of Personal
Data: (i) Personal Data that you voluntarily disclose that is collected on an individual basis; (ii) Personal Data
collected automatically when you use the Service; and (iii) Personal Data which we collect from sources other
than the Service.
5.2. Personal Data You provide to Us
5.2.1. In order to fulfill our obligation to provide you with the opportunity to apply for participation in the
Project, we are entitled to ask you to provide us with your Personal Data in the specific application on the Service,
including:
● crypto wallet address(es);
● sub-account email;
● email.
Personal Data hereof is collected only when voluntarily offered, and solely for purposes that are clearly identified
on the Service or in this Policy.
5.2.2. The Company shall be entitled to combine Personal Data collected in the course of your interaction
with different sections of the Service with any other relevant available information.
5.3. Personal Data We Collect Automatically
5.3.1. Personal Data collected by or transmitted to the Company in the course of accessing, interacting and
operating of the Service may include, without limitation, the following Personal Data:
● password hash;
● TOTP secret or hash of one-time e-mail codes (2FA, optional);
● IP address and port of the device;
● date/time of connections;
● HTTP requests to API;
● error messages SessionID;
● UI-prefs (theme, language);
● Yandex Metrica / GA4;
● Watcher-token (UUID of public read-only link).
5.4. Data We Collect from Other Sources. We may also receive information about you from other sources,
which we can access for the purpose of fulfilling our obligations under the Terms of Use, such as when you give
us access to your data on third-party platforms that may be used to fulfill our obligations. Please carefully read
the privacy policy and the terms and conditions of such platforms before using.
5.5. Technical Data you provide to Us
5.5.1. We collect your Technical Data, which is not Personal Data, but is necessary for the purpose of
providing Services:
● worker name (device ID in the pool);
● ASIC model / firmware;
● hashrate, uptime.

6. Use of Personal Data
6.1. We use Personal Data for the following purposes:
6.1.1. Provision of mining and payout services;
6.1.2. Account and worker statistics support;
6.1.3. Enhanced security (2FA, anomaly detection);
6.1.4. Delegation of rights (sub-accounts);
6.1.5. Public monitoring (watcher-link);
6.1.6. Analytics and service development;
6.1.7. Compliance with legal requirements upon request.

7. Disclosure of Personal Data
7.1. The Company treats Personal Data as confidential and may not pass on or use any such data without
valid legal grounds.
7.2. We will only disclose your Personal Data in the following circumstances:
7.2.1. with your Consent or at your instruction;
7.2.2. with companies under common control or ownership with us or our offices internationally;
7.2.3. for everyday business purposes, such as to process transactions, maintain accounts, respond to court
orders and legal investigations;
7.2.4. in connection with a merger or sale of our Company assets, or if we do a financing or are involved in
an acquisition, or any other situation where Personal Data may be disclosed or transferred as one of our business
assets;
7.2.5. if we believe your actions are inconsistent with our terms of use of the Service or applicable legislation,
or to protect the rights, property and safety of any assets of the Company or third parties.
7.3. The Company may without limitations share aggregated or de-identified information, which cannot
reasonably be used to identify you.
7.4. You can at any time report the misuse of your Personal Data and/or ask us to restrict access to your
Personal Data in accordance with this Policy and applicable law.

8. Transmission of Personal Data
8.1. The transmission of Personal Data or any other information (including communications by email) over
the Internet or other publicly accessible networks is not one hundred percent secure. The Company is not liable
for the security of any Personal Data or any other information you are transmitting over the Internet, or third-party
content.
8.2. Information about you may be transferred to, and processed in countries other than the country in which
you are a resident. We have taken appropriate safeguards to require that your information will remain protected
in accordance with this Privacy Policy.
8.3. Personal Data of EU Persons transmitted to a recipient outside the European Economic Area may be
processed by a staff member operating outside the European Economic Area (EEA) who works for us or for one
of digital Content developers or copyright owners. Such staff may be engaged in amongst other things, the
fulfilment of your order, the processing of your payment details and the provision of support Platforms. By
submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably
necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

9. Protection of Personal Data. Security Measures
9.1. We take appropriate security, administrative and technical measures to protect any Personal Data you
provide regarding the collection, storage and processing of Personal Data, as well as security measures to protect
your Personal Data against unauthorized access, modification, disclosure or destruction.
9.2. Personal Data is safeguarded from unauthorised access and unlawful processing or disclosure, as well
as accidental loss, modification or destruction, through state-of-the-art technical and organisational measures.
These are adjusted and updated continuously in tandem with technical developments and organizational changes.
Additionally, Personal Data protection audits and other controls are carried out on a regular basis. However, no
computer security system is entirely foolproof, and the Internet is not a secure method of transmitting information.
As a result, we do not assume any responsibility for the Personal Data you submit to or receive from us through
the Internet, or for any unauthorized access or use of that information, and we cannot and do not guarantee that
information communicated by you to us or sent to you by us will be received, or that it will not be altered before
or after its transmission to us. You agree to not hold the Company liable for any loss or damage of any sort incurred
as a result of any misappropriation, interception, modification, deletion, destruction or use of information provided
through the Service.
10. Retention of Information
10.1. In accordance with applicable laws and as needed to fulfill our obligations, we may hold your Personal
Data. This requirement is conditioned by a need to comply with legal obligations and resolve possible disputes.
10.2. Your Personal Data is stored on a server that we rent in a special third-party cloud infrastructure, unless
otherwise provided by this Policy. We do not transfer your Personal Data to such third-party cloud infrastructure,
unless otherwise provided by this Policy.
10.3. Personal Data will be retained by the Company for a period of 5 years from the date it is provided.
10.4. The Company may retain your Personal Data until your consent is withdrawn or the Terms of Use are
terminated. After the Terms of Use are terminated, the data may be stored for a period of time to comply with
legal and regulatory requirements, resolve disputes and prevent money laundering, fraud and other illegal
activities.

11. Your Rights in relation to Personal Data
11.1. The Company is committed to making sure you can exercise your respective rights effectively and free
of charge. The Company will ensure each your request related to your Personal Data be reviewed in a timely
fashion.
11.2. You have the following rights relating to your Personal Data in accordance with any applicable laws,
including GDPR:
11.2.1. Right to access. You can request access to your Personal Data and obtain a copy of such Personal Data
in a format acceptable to you (e.g. PDF, DOC, DOCX, etc.). You can submit such request by email
support@redrock.pro After your request is received, our privacy team reviews the form and conducts the
requestor's identity verification, without undue delay. Upon successful verification, you are provided with a copy
of your Personal Data.
11.2.2. Right to data portability. You have the right to receive your Personal Data, which you have provided
to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to
another service provider without hindrance from us.
11.2.3. Right to erasure ("Right to be forgotten") and right to rectification. You are entitled to request
erasure or rectification of your Personal Data by email support@redrock.pro We will handle requests for
Personal Data to be rectified or deleted, unless there is a legal requirement that prohibits such requests to be
fulfilled. When a request is fulfilled, you will be informed that your Personal Data is changed or erased and is not-
longer collected, however, to fulfil our legal requirements the Company will store information about each
requestor for the purposes of providing evidence that a request has been fulfilled.
11.2.4. Right to object. At all times, you are entitled to object to Processing of your Personal Data. Right to
object can be exercised by email support@redrock.pro Upon receipt of the request, the Company ceases the
Processing, unless there is a legal or statutory ground for such Processing.
11.2.5. Right to be informed. If you are inquiring about Processing activities conducted with respect to your
Personal Data, the Company, without undue delay, will provide information about: (i) purposes of Processing;
(ii) categories and types of Personal Data; (iii) the recipients or categories of recipients to whom the personal data
have been or will be disclosed to, in particular recipients in third party countries or international organizations
(iii) retention period; (v) source of the relevant Personal Data; (vi) privacy rights and information on data
portability; (vii) where the personal data are not collected from the data subject, any available information as to
their source; (viii)the existence of automated decision-making, including profiling, referred to in Article 22(1)
and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the
significance and envisaged consequences of such processing for the data subject; (ix) information as to whether
personal data are transferred to a third country or to an international organization. Where this is the case, the data
in subject to, shall have the right to be informed of the appropriate safeguards relating to the transfer. However,
all information about the categories of Personal Data and Processing operational conducted by the Company is
available in this Policy.
11.2.6. Right to lodge a complaint with a supervisory authority. Supervisory authority means an
independent public authority, for example, which is established by an EU member state pursuant to Article 51
GDPR or any other applicable law.
12. Minimum age
12.1. The minimum age to use the Service is 18 years of age. The Company will not knowingly collect
Personal Data from minors.
12.2. If minors, when using the Service, have provided their personal data without parental consent, including
data that is provided purposefully and data that is collected automatically, parents of minors may submit a request
to the Company's email to stop processing the personal data of such minors.

13. Alterations to Policy
13.1. We have the right, at our discretion, to update this Policy at any time. We recommend that you
frequently check this Policy to find any changes and stay informed about how we help protect the Personal Data.
13.2. By using the Service, you will acknowledge and agree that it is your responsibility to periodically
review this Policy and be aware of the changes.
13.3. The subsequent use of the Service after changes to this Policy will also be considered as your
acceptance of these changes.
13.4. This Policy may from time to time be translated into other languages. To the extent that any discrepancy
may exist between the English version of this Policy and its version in another language, the English version
prevails.
14. Data Protection Officer
14.1. The Company appoints an expert on data privacy who works independently to ensure that the Company
is adhering to the policies and procedures set forth in the GDPR (data protection officer). Data protection officer
assists the Company to monitor internal compliance, inform and advise on data protection obligations, provide
advice regarding data protection impact assessments (DPIAs) and act as a contact point for data subjects and the
supervisory authorities.

15. Feedback
15.1. We welcome your questions and suggestions with respect to the implementation or amendment of this
Policy. Please use this feedback for communicating with us: support@redrock.pro