Last updated January 22, 2024

We take privacy seriously. The purpose of this document is to provide you with information on Rio's use of your personal data in accordance with applicable law, including, but not limited to, the Cayman Islands Data Protection Act (as amended), the California Consumer Privacy Act (as amended) and, in respect of any EU data subjects, the EU General Data Protection Regulation (together, the "Data Protection Legislation").

https://rio.network is a website-hosted user interface (the “Interface”) that supports the staking and restaking of certain digital assets including Ether (“ETH”).

If you use the Interface, Rio will ask for, collect, and store Personal Data about you (your “Personal Data”). We would not be able to operate the Interface without the Personal Data you provide us, which is why we want you to know that we take our responsibility to protect your Personal Data very seriously. We also want to make very clear how we use your Personal Data so that you can make informed choices about your use of our Interface.

This document (our “Privacy Policy”) explains how we collect and use your Personal Data, how and with whom we share your Personal Data, and how we protect your Personal Data. This Privacy Policy applies to the Interface, and is subject to the Rio Terms of Service available at Rio Terms of Use (“Terms”). All undefined capitalized terms have the same definition used in our Terms of Service. If you have questions about this Privacy Policy, or have suggestions for how we can improve it, please contact us at hi@rio.network.

If you do not want us to collect Personal Data from you or share Personal Data with any third parties or otherwise disclose your Personal Data, you should not access our Interface.

1. Personal Data We Collect

In the table below, we provide the list of categories of Personal Data that Rio has collected within the last twelve months and some examples for a better understanding. We also have identified the main sources and purposes for collection:

2. Personal Data Shared with Third Parties

Except as described in this Privacy Policy and unless otherwise expressly authorized by you in writing, Rio will never share, sell, or communicate your Personal Data to or with anyone for any reason. We only share and disclose your Personal Data with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection.

3. Cookies and Trackers

We also use cookies and other activity tracking tools to help the Interface work better. These tools allow us to:

• Perform website analytics;

• Improve the advertisements you see;

• Prevent fraud and prevent attacks against Interface; and

• Advertise Rio products and services, and additional products and services from our partner companies.

We use cookies and trackers to assign you a unique identifier so we can record:

• Websites you visit;

• Length of time the advertisement was visible; and

• IP Address.

You can block cookies at any time using your web browser settings or Interface settings, but doing so may limit your browsing experience and your ability to use certain features of the Interface. We do not currently respond to “Do Not Track” or DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

How Long Do We Keep Your Personal Data?

We keep your Personal Data until you ask us to delete them or for as long as is necessary to fulfill the purposes outlined in this Privacy Policy. Even after we delete your Personal Data, we can retain copies of information about you for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to collect fees owed, to resolve disputes, to address problems with our services, to assist with investigations, to enforce our Terms or other applicable agreements or policies, or to take any other actions consistent with applicable law. If you ever decide to stop using Rio, you can just ask us to delete your Personal Data by emailing us at hi@rio.network. We expect to delete your personal data (at the latest) once there is no longer any legal or regulatory requirement or legitimate business purpose for retaining your personal data.

4. California Privacy Rights

As a California consumer, you have the following choices regarding our use and disclosure of your Personal Data subject to certain limitations under the California Consumer Privacy Act (“CCPA”):

• Right to know. You may request, up to twice in a 12-month period, the following information about the Personal Data we have collected, used, disclosed or sold about you during the past 12 months:

  • the categories and specific pieces of Personal Data we have collected about you;

  • the categories of sources from which we collected the Personal Data;

  • the business or commercial purpose for which we collected the Personal Data;

  • the categories of third parties with whom we shared the Personal Data; and

  • the categories of Personal Data about you that we disclosed for a business purpose and sold to third parties, and the categories of third parties to whom the information was disclosed or sold.

• Right to delete. You may request that we delete the Personal Data we have collected from you, subject to certain limitations under the CCPA.

• Right to opt-out from sale of Personal Data. You have the right to opt-out of the sale of your Personal Data. We do not sell your Personal Data.

• Non-discrimination. The CCPA provides that you may not be discriminated against for exercising these rights.

To submit a request to exercise any of the rights described above, you may email us at hi@rio.network or send a letter to 190 Elgin Avenue George Town Grand Cayman, Cayman Islands KY 1-9008. We will verify your identity before responding to your request by verifying that the email address from which you send the request matches your email address that we have on file.

Consumer Request by an Authorized Agent

If any authorized agent submits a consumer request under the CCPA on your behalf, we require the authorized agent to submit the following information so that we can confirm their authority to act on your behalf:

• Evidence of authorization to act on behalf of the California consumer: (1) California Secretary of State authorization, (2) notarized written permission from the California consumer, or (3) power of attorney.

• Evidence of identity of the California consumer: (1) first and last name, (2) email address, and (3) password.

5. Your Data Protection Rights Under the General Data Protection Regulations (GDPR)

If you are a resident of the European Economic Area, you have the following data protection rights:

• If you wish to access, correct, update, or request deletion of your Personal Data, you can do so at any time by emailing hi@rio.network. If you request deletion of your Personal Data, your Personal Data will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.

• In addition, you can object to the processing of your Personal Data, ask us to restrict the processing of your Personal Data, or request portability of your Personal Data. Again, you can exercise these rights by emailing hi@rio.network.

• You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing hi@rio.network.

• Similarly, if we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

• You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. To find contact details, click here.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

6. Cayman Islands Data Protection Rights

Where applicable, under the Cayman Islands Data Protection Act (as amended), you have certain data protection rights, including the right to:

• be informed about the purposes for which your personal data are processed;

• access your personal data;

• stop direct marketing;

• restrict the processing of your personal data;

• have incomplete or inaccurate personal data corrected;

• ask us to stop processing your personal data;

• be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);

• complain to the Cayman Islands Data Protection Ombudsman;

• and require us to delete your personal data in some limited circumstances.

Legal Basis for Processing Personal Data

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only (i) where we need the Personal Data to carry out our obligations under the Terms; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Interface and communicating with you as necessary to operate the Interface, for example when responding to your queries, improving our Interface, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

7. International Data Transfers

Due to the international nature of our business, your Personal Data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under the Data Protection Legislation. In such cases, we will process Personal Data or procure that it be processed in accordance with the requirements of the Data Protection Legislation, which may include having appropriate contractual undertakings in legal agreements with service providers who process Personal Data on our behalf.

In particular, we may store and process your Personal Data in the United States. If you use the Interface from outside the United States, you acknowledge we may transfer your Personal Data to, and store your Personal Data in, the United States, which may have different data protection rules than in your country, and Personal Data may become accessible as permitted by applicable law, including to law enforcement and/or national security authorities in the United States and/or the Cayman Islands.

8. Automated Decision-Making

We will store and process your Personal Data in the United States. If you use the Interface from outside the United States, you acknowledge we will transfer your Personal Data to, and store your Personal Data in, the United States, which may have different data protection rules than in your country, and Personal Data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States.

9. How We Protect Your Privacy

We are committed to protecting the privacy and confidentiality of your Personal Data. We limit access to your Personal Data to our authorized employees or agents and we contractually require our business partners and service providers to limit their use of your Personal Data. We also maintain physical, technical, and administrative safeguards to protect your Personal Data against loss, misuse, damage or modification, and unauthorized access or disclosure.

10. Third-Party Links

The Interface may contain links to other websites or apps. Your access to and use of such linked sites is not governed by this Privacy Policy but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the Personal Data practices of such third-party websites. Please review the privacy policies of such sites before you disclose your Personal Data to them.

11. Children’s Privacy

The Interface is not intended for children. We do not knowingly collect, use, sell, or share any Personal Data from anyone under the age of 16. If we become aware that a child under the age 16 has provided Personal Data to us, we will delete it. We do not market products or services for use by children.

12. Changes to this Privacy Policy; Other Policies

We may change this Privacy Policy from time to time to reflect changes in our practices concerning the collection, use, and sharing of Personal Data. The revised Privacy Policy will be effective immediately upon posting to the Interface, by notification through the Interface or through email. If you continue to use the Interface after we make changes then you will be deemed to have agreed to the changes, so please check this Privacy Policy periodically for updates.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact: hi@rio.network.