With this information Mood Global Services B.V., with registered office in Amsterdam at Spinozastraat 47C, 1018 HJ Amsterdam, registered in the Dutch Company Register n° 85502081 VAT number 86364487 (hereinafter, the “Company” or “Mood Global Services B.V.” or the “Owner”), as owner of the processing of personal data, intends to provide transparent information on personal data processing.

This is compliant with EU Regulation 2016/679 (GDPR), Dutch AVG, AI Act (EU 2024/1689), Data Act (EU 2023/2854). Contact:

info@moodglobalservices.com.

Applies to users of Services via https://moodglobalservices.com/, https://moods.build/, SiteLab platform (AI‑powered web builder), including:

a) Legal consultancy financial/blockchain/AI regulation;

b) Smart Contract/NFT/tokenization solutions;

c) Brand Management;

d) SiteLab AI services (web generation via Gemini/Claude models, visual design, SEO).

Covers Platform, apps, APIs, partners. For cookies, see Cookie Policy.

The personal data received from the user (the 'Personal Data') are processed by the Company for the purposes of establishing the commercial relationship and the related Services offered. Furthermore, Personal Data received from credit agencies, debtor lists, business analysis providers, public registers, third-party anti-money laundering service providers and from publicly accessible sources (e.g. registers) may also be processed by the Data Controller. of companies, association registers, land registers, media, sanctions lists).

When using the Services of Mood Global Services B.V. or by interacting with the Platform, the following Personal Data may be processed:

Contact Information: When you request the company's services, Mood Global Services B.V. may process the following Personal Data:

if a natural person: name, surname, tax code, date of birth, residential address, telephone number, e-mail, date of birth, photo of the user;

if a legal person: name, registered office, tax code.

Data for due diligence: for the purposes of due diligence of the user pursuant to anti-money laundering legislation, depending on the activities actually carried out by the Company, one or more of the following Personal Data may be required: copy of a current identification document validity (passport, driving license, identity card); copy of documents proving the 'contact information' (by way of example, data from a utility bill in the user's name for verification of the relevant residence, data on the status of politically exposed persons, video data for the execution of the procedure remote user identification and authentication, biometric verification data, etc.).

Financial data: in the course of using the Services, Mood Global Services B.V. may collect and process one or more of the following Personal Data of the user: bank details (IBAN, BIC), information on the payment service provider, payment data, transaction ID.

Log data: in case of use of the Site, Mood Global Services B.V. will collect and process one or more of the following Personal Data of the user: IP address, transaction data, information about the computer or mobile device used, frequency of use of the Site, time of use of the Site, operating system, browser type, type of device used, unique device identification number, identification cookies, optional module data, crash reports, performance data, third-party cookies.

Company information: if you are someone other than a natural person, Mood Global Services B.V. will record and process one or more of the following Personal Data: company records, data relating to or concerning the beneficial owners, data or additional information on recent, past or planned commercial activities, other data necessary to determine/confirm the corporate structure, the beneficial owner or any existing powers of attorney relating to the company.

Support Requests: If you use our support service, Mood Global Services B.V. will record and process one or more of the following Personal Data: Personal Data provided to the support team or transmitted to any other employee and/or collaborator of Mood Global Services B.V..

Marketing data: if you visit the Website or social media pages of Mood Global Services B.V., Mood Global Services B.V. will record and process one or more of the following statistical and marketing data: number of visitors, frequency of use, clicks made, time of use, geographical location from which access is made, target groups, data from cookies and similar technologies ( Pixels, ClearGIF, etc.), behavior of the user(s), interests and preferences of the user(s), data on market research and target group surveys.

Application data: if the user and/or another person applies for a job offer on the website or via LinkedIn, one or more of the following data necessary for the hiring process may be subject to recording and processing : contact details, CV, personal qualifications, criminal record, credit report, copies of identification documents (such as passport, driving licence, ID), links to social media platforms.

Generally Mood Global Services B.V. does not process particular categories of Personal Data pursuant to art. 9, co. Of the Customers' GDPR.

In addition to personal identification data (screenshots of identity documents and related identification data, residence, status of politically exposed persons, video data, etc.), biometric data may also be collected (personal data resulting from specific technical processing in relation to the physical, physiological or behavioral characteristics of a person and which allow the unique identification of a person, for example, facial images, fingerprints). This processing of biometric data takes place exclusively on the basis of the user's explicit consent, which can be revoked at any time.

The biometric data will be processed exclusively by our data controller Gianluca Di Bella in order to carry out the user due diligence process.

Mood Global Services B.V. is controller for account, billing, marketing data.

Acts as processor for personal data in User Content (site texts, forms, uploads in SiteLab), where User is controller. Processing follows documented instructions and Data Processing Agreement (DPA).

DPA covers: subject/duration/purpose; data types/categories; processor obligations (confidentiality, security, SAR assistance, breach notification 48h); sub‑processors (list updated yearly, veto right); audits; return/deletion on termination.

DPA copy on request. Instructions conflicting with law not executed without adjustment.

In general, the user's Personal Data is collected to allow the Owner to provide the Services, fulfill legal obligations, respond to requests or enforcement actions, protect their rights and interests (or those of other users or third parties) , identify any malicious or fraudulent activities, as well as for the following purposes:

a) activities relating to pre-contractual information and any further activity instrumental to the signing and execution of the contract with third-party operators, including the activation of products and services offered by such operators;

b) periodically notify the user about the tariffs; respond to requests for assistance or information from the user; fulfillment of legislative or regulatory obligations (e.g. of a fiscal nature);

c) sending of commercial communications and newsletters, as described below, exclusively with the express consent of the user; And

d) profiling and statistics, as described below, exclusively with the express consent of the user.

Any use of cookies - or other tracking tools - by Mood Global Services B.V., unless otherwise specified, has the purpose of providing the Services used from time to time by the user, in addition to the additional purposes described in this information and in the cookie policy of Mood Global Services B.V..

If Mood Global Services B.V. should ask the user to provide further Personal Data not included among those indicated above, the Company will communicate to the user, at the same time as the request, which data it needs, what the purpose of the processing is and the legal basis(s) relation to this request.

SiteLab uses advanced AI models (Gemini, Claude) for content/layout generation. User inputs (prompts, uploads) processed temporarily for outputs.

Processor adopts safeguards: ephemeral processing, no permanent storage in training unless explicit opt‑in consent. Personal data not used for AI training/fine‑tuning without legal basis (consent/legitimate interest).

Users informed of AI risks (inaccuracies, bias). Controller responsible for output verification.

High‑risk processing (automated profiling/decisions art. 22 GDPR): DPIA, human oversight, logic transparency on request. Bases: contract/consent/legitimate interest (LIA available). AI Act compliance: transparency, logging, incident reporting.

Mood Global Services B.V. will process the user's Personal Data in compliance with the provisions of the Privacy Law by virtue of the following legal bases:

a) as the Personal Data is necessary for the execution of the general conditions of the Services stipulated between the user and Mood Global Services B.V.; and/or

b) if the Personal Data is subject to profiling, based on the express written consent of the user; and/or if the Personal Data is processed for direct marketing purposes as described below, based on the user's express written consent; and/or

c) if the user has given their consent for one or more specific purposes; and/or

d) as the Personal Data is necessary for the execution of a task of public interest or for the exercise of public powers vested in the Data Controller; and/or

e) the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties; and/or

f) for the purposes of fulfilling legal obligations to which the Data Controller is subject.

In any case, it is always possible to request the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing (i) takes place on the basis of the provisions of the Privacy Law and/or other applicable laws and regulations, (ii) is required by a contract or necessary to conclude a contract.

Below is detailed information in relation to the legal basis(s) underlying the processing of Personal Data in the context of use of the Platform and/or in case of communication with Mood Global Services B.V.:

For the fulfillment of contractual obligations (art. 6, co. 1, par. b, GDPR):

The processing of Personal Data may be necessary for the execution of the contractual conditions stipulated with the user or for the execution of pre-contractual measures adopted at the user's request. The following Personal Data processing operations fall within the scope of the fulfillment of contractual obligations:

• general provision of the Services, all actions necessary for the operation, execution and administration of Mood Global Services B.V.;

• account management (e.g. continuous updating of user data);

• execution of user orders (e.g. payment processing, chargebacks, proof of purchase and sale);

• requests for assistance and support from the user

• implementation of data security and IT security on the Site and safeguarding the Company's network (for example, to prevent identity theft and irregular or suspicious access to the Company's websites);

• procedure for hiring new employees.

For the fulfillment of legal obligations (art. 6, co. 1, par. c, GDPR):

The processing of Personal Data may also be necessary for the fulfillment of various legal obligations. The following Personal Data processing operations fall within the scope of legal obligations:

• contract management, accounting and invoicing;

• compliance and risk management;

• monitoring for the prevention of fraud, abuse (e.g. for illegal purposes), money laundering and terrorist financing;

• provide information to criminal tax authorities in the context of criminal tax proceedings or criminal prosecution in accordance with requests from the competent authorities;

• consultation of credit agencies to determine solvency and insolvency risks.

To protect legitimate interests (art. 6, co. 1, par. f, GDPR):

Where necessary, the processing of Personal Data may also take place at times following the validity of the general contract conditions stipulated with the user, in order to protect the legitimate interests of Mood Global Services B.V. or third parties. The following Personal Data processing operations are carried out on the basis of a legitimate interest:

• the prevention of fraud, abuse (e.g. for illegal purposes), money laundering and terrorist financing;

• risk management and risk minimization, e.g. through inquiries to credit bureaus, debtor lists or business analytics providers;

• identification and examination of cases of potentially irregular or suspicious activity and access to the Company's websites (e.g. website analysis via Sift Science);

• data transmission within Mood Global Services B.V. or of companies that are possibly part of the relevant group for internal administrative purposes;

• management of requests and general questions from the user;

• measures to protect our users and partners, as well as to safeguard network and information security; in addition to these, there are measures to protect our employees, users and the property of Mood Global Services B.V., for example through video surveillance and information provided by data centers and external service providers;

• processing of requests from authorities, lawyers, collection agencies in the course of judicial proceedings and execution of legal requests in the context of judicial proceedings;

• market research, business management and continuous development of services and products;

• processing of statistical data, performance data and market research data through the Site or social platforms (e.g. Facebook, Instagram, LinkedIn, YouTube, etc.);

• processing user preferences (e.g. language, region) via cookies on our Site;

• direct marketing and advertising (e.g. execution of marketing strategies, user targeting, sending of coupons, advertising by Mood Global Services B.V. and its partner companies);

• use of audio, video and photographic data from public spaces (e.g. public events, fairs, etc.) for marketing and other representation purposes on our social channels or on our website.

In accordance with the user's consent (art. 6, co. 1, par. a, GDPR):

The processing of Personal Data will only take place in accordance with the defined purposes and to the extent agreed upon at the time of granting consent by the user. The user can revoke the consent at any time without giving reasons and with future effect if he no longer agrees with the processing of Personal Data carried out by Mood Global Services B.V.. On the basis of the user's consent, Mood Global Services B.V. will process Personal Data for the following purposes:

• direct marketing and advertising (for example, user satisfaction surveys, newsletters, prize competitions and other advertising communications);

• transfer of Personal Data to third parties;

• analysis and tracking of the Site (for further information please read the cookie policy;

• use of certain audio, video and photographic data (for example, advertising, interviews, etc.) for marketing and other representation purposes through various channels.

Please note that the revocation of consent will only be effective for the future, i.e. the lawfulness of the processing carried out by Mood Global Services B.V. is not affected. on the basis of the user's consent before its revocation.

Failure to communicate the user's Personal Data in the manner specified in this information will prevent the Owner from proceeding with the identification of the user and registration on the Platform, making it impossible to provide the Services.

Furthermore, please consider that the revocation of one or more permissions and/or consents, not granted and/or revoked to third parties and/or partners, may have consequences on the correct functioning and/or the possibility of providing the Services.

The user's Personal Data will be retained for the time strictly necessary to fulfill the purposes indicated above, not exceeding 10 years from the cessation of general conditions (including renewals), plus statutory retention (tax/other).

Specific retention periods:

• SiteLab User Content (texts, uploads, site data): until service termination + 30 days for export/portability (Data Act compliant).

• AI processing logs (prompts, generations): maximum 6 months, unless required for audits/incidents.

• Analytics data (Google Analytics): maximum 26 months.

• KYC/AML biometric data: until due diligence purpose + 5 years statutory.

• Marketing consents: until revocation + 12 months.

At expiry, data deleted securely. Access/cancellation/portability rights expire post‑retention. Data stored in paper/digital archives (incl. portables) with security measures; access limited to authorized personnel.

Mood Global Services B.V. transmits users' Personal Data only in the manner described below or if required by law at the time of data collection.

Data transfer within Mood Global Services or to third parties

The user's Personal Data may be communicated to the following third parties:

• consultants, accountants or lawyers who provide services that are functional or connected to the execution of the general conditions governing the Services;

• banking and insurance institutions that provide functional services or services connected to the execution of the aforementioned general conditions;

• judicial or administrative authorities, for the fulfillment of legal obligations.

Within Mood Global Services B.V., those offices or employees who need it to fulfill contractual and legal obligations and legitimate interests will receive your Personal Data. The Company transfers Personal Data for the purposes of related daily business operations, such as account management and other operations requested by the user, as well as to carry out internal administrative activities in an efficient and shared manner and to maintain and improve our products and services.

To a limited extent, the Company also transmits personal information to data controllers who perform any services on behalf of Mood Global Services B.V., such as IT services, customer support, improvement of our Site, databases for the implementation of the customer due diligence procedure ; execution of contracts, account management, accounting, invoicing, investigation of irregular or suspicious business cases, application management and sending of newsletters. Data controllers may use or disclose this data only to the extent necessary to perform the services requested by the Company or to comply with the law. The managers in charge of the aforementioned processing are contractually obliged to guarantee the confidentiality and security of users' Personal Data.

The Company may also need to transfer your Personal Data (i) if obliged to do so by law or in the context of legal proceedings, (ii) if it believes that disclosure is necessary to prevent harm or financial loss, (iii) in connection with a investigation of suspected or real fraudulent or illegal activities or (iv) at the request of the competent authorities also for the purposes of fulfilling anti-money laundering obligations.

Transfer of data to third parties other than those mentioned above

If Mood Global Services B.V. acts together with other subjects as joint data controller, the Company will provide these subjects with Personal Data, if applicable, on the basis of at least one of the legal bases listed above. In case of joint controllership of the processing, Personal Data will be transmitted only on the basis of an agreement with our partners (art. 26 of the GDPR).

Mood Global Services B.V. may transfer Personal Data to other parties only with the user's prior consent to disclosure or for the purpose of fulfilling a contract or for the execution of pre-contractual measures adopted at the user's request.

Place of processing of Personal Data and non-EU countries

Personal Data is primarily processed and stored on servers located within the European Union. For technical and operational reasons, transfers to non-EU countries (e.g., USA for Google Analytics, Microsoft Clarity, AI providers like Gemini/Claude) are protected by GDPR Chapter V safeguards:

• Standard Contractual Clauses (SCCs) – EU Commission 2021 version, executed with each recipient;

• Transfer Impact Assessment (TIA) – Documented per transfer, evaluating local laws (e.g., FISA 702), government access risks, and supplementary measures (end-to-end encryption, pseudonymisation, minimised access);

• EU Adequacy Decisions where applicable (updated list).

Detailed recipient countries, safeguards, and sub-processors are listed in the Data Processing Agreement (DPA). Users may object to specific transfers with justified privacy concerns; we will adjust Services where technically feasible without compromising essential functionality. Copies of SCCs and TIAs available on request at info@moodglobalservices.com.

No transfers occur without adequate legal protections.

The Data Controller adopts appropriate technical/organizational security measures (art. 32 GDPR) to prevent unauthorized access, disclosure, modification, destruction. Processing via IT/telematic tools, organizational methods tied to purposes.

In addition to Controller, access by internal (admin, commercial, legal, sysadmins) or external subjects (processors: IT, hosting, couriers) appointed per Privacy Legislation. Updated processor list at Controller HQ; request via info@moodglobalservices.com.

Data breach management:

• As controller: notify authority within 72h (art. 33 GDPR, unless low risk); communicate to data subjects if high risk (art. 34).

• As processor: notify controller within 48h of awareness; assist in notifications/DPIA. Incident response: classification, containment, eradication, recovery, reporting per documented plan.

Personal Data may be subject to fully automated decision-making, including profiling, only with prior express consent, which may be freely revoked at any time.

Upon receipt of express written consent, Mood Global Services B.V. may proceed to profile the user using the Personal Data for the sole purpose of improving its Services, identifying and selecting homogeneous groups of users.

The rights recognized to users by the GDPR include those of:

• request and obtain access to your Personal Data from the Data Controller;

• request and obtain from the Data Controller the rectification of your inaccurate Personal Data or the integration of incomplete Personal Data under the terms and conditions set out in the art. 16 of the GDPR;

• request and obtain from the Data Controller the deletion of your Personal Data, upon the occurrence of one of the conditions indicated in the art. 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article;

• request and obtain from the Data Controller the limitation of the processing of your Personal Data in the terms and conditions set out in the art. 18, paragraph 1, of the GDPR;

• request and obtain from the Data Controller their Personal Data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to portability of personal data) in the terms and conditions set out in art. 20 of the GDPR;

• object at any time to the processing of your Personal Data in the terms and conditions set out in the art. 21 of the GDPR; lodge a complaint with the Guarantor Authority for the protection of personal data (www.garanteprivacy.it) or with another supervisory authority, if competent.

By checking the respective separate box for news and updates via email (newsletter), you expressly consent to receive email messages as described in this policy.

The user has the right to revoke his consent at any time by sending a registered letter with return receipt to Mood Global Services B.V., with registered office in Amsterdam at Brediusstraat no. 7 registered in the Dutch Company Register no. 85502081 VAT number 86364487 It is important to note that if you withdraw your consent, the Company may no longer be able to provide all of its Services. The objection does not affect the lawfulness of the processing of personal data based on legitimate interests before the objection.

In order to exercise the aforementioned rights, the user can direct a request to the contact details of the Owner indicated in this information. Requests are submitted free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.

The updated list of data controllers is kept at the Data Controller's headquarters and the user can request it at any time by submitting a request to the Data Controller's contact details indicated in this information.

Mood Global Services B.V. uses tracking tools (cookies, similar tech). Full granular consent required for non‑essential (analytics/marketing/targeting); refusal does not block essential access.

Cookie banner compliant ePrivacy Directive 2009/136/CE + GDPR:

Clear layered info (what/why/how).

No pre‑ticked boxes; separate toggles per category (essential always on).

Easy revoke anytime (preferences page).

Legitimate Interest Assessment (LIA) documented for analytics (balancing test: improvement needs vs user rights; opt‑out honored).

For details (types, providers, duration), see dedicated Cookie Policy [link]. Browser management: Chrome/Firefox/Safari/Edge guides. Changes notified via banner + email (high impact).

The Owner reserves the right to make changes to this information at any time by sending the user a notification as well as, where technically and legally possible, by sending a notification via one of the contact details held by Mood Global Services B.V.. Please therefore to consult this page regularly, referring to the date of last modification indicated at the end of it.

If the changes affect the processing of Personal Data whose legal basis is consent, the Data Controller will collect the user's consent again, if necessary.