Privacy Policy

Last updated on 06/01/2025
Please read this Privacy Policy (“Policy”) carefully. The users, subscribers, partners, and
viewers (“Users”) accept the terms of this Policy by accessing and/or utilizing the services of
POTOLO (the “Company”). The Users acknowledge that they agree to this Policy and accept
the rights and obligations created by it. This Policy is drafted to outline the privacy policy of
the Company. This Policy is designed to comply with applicable laws and standards.
1. INTRODUCTION
1.1. Purpose of the Privacy Policy: This Policy has been meticulously crafted to serve as
a comprehensive guide outlining the manner in which POTOLO collects, utilizes,
processes, and safeguards the personal information of its Users. The paramount
importance of privacy and data protection is recognized by the Company, especially
in the context of its app–based services, which encompass a wide array of
functionalities including, but not limited to, ordering food from kitchen partners,
hiring workers for tasks or projects, obtaining health consultations from certified
professionals, accessing gyms nearby with flexible memberships, managing fleets
with smart solutions, facilitating dry cleaning services with convenient pickup and
delivery options, and selling bus tickets to other travelers. Given the diverse nature of
these services and the corresponding data collection that includes, but is not limited
to, location data, health information for consultations, and payment information, this
policy delineates the principles and practices that the Company adheres to in
compliance with global data protection regulations such as the General Data
Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA),
ensuring the Users’ privacy is respected and protected.
1.2. Scope and Application: The scope of this Policy extends to all personal information
collected by the Company through the app, regardless of the manner in which Users
access or utilize the services. This Policy is applicable to all platforms, technologies,
and devices through which the app’s services are made available to Users. It is
designed to inform Users about their privacy rights and the choices available to them
regarding the collection, use, and disclosure of their personal information.

Furthermore, this Policy applies to the Company’s interactions with its Users and any

information collected directly from Users or through third parties for the purpose of
providing the app’s services efficiently and effectively.
1.3. Agreement to Terms: By accessing, downloading, or using the app’s services, Users
explicitly agree to the collection, use, processing, and sharing of their personal
information in accordance with the terms outlined in this Policy. If a User does not
agree with any part of this Policy, they are advised not to use or access the services
provided by the app. Continued use of the app following the posting of changes or
updates to the Policy will constitute the User’s acceptance of those changes. It is the
responsibility of the User to review this policy periodically to stay informed about
how the Company is protecting their personal information.
1.4. Updates and Changes to the Privacy Policy: The Company reserves the right to
modify, amend, or update this Policy at any time and for any reason without prior
notice to reflect changes in legal or regulatory obligations, the evolution of the app’s
services, or advancements in privacy practices. The date of the latest revision will be
prominently displayed at the top of the policy document. Users are encouraged to
review the Policy regularly to stay informed about how their personal information is
being protected. Significant changes to the Policy will be communicated to Users
through the app or other appropriate channels, ensuring Users are aware of what
information is collected, how it is used, and under what circumstances, if any, it is
disclosed.

2. INFORMATION COLLECTION
2.1. Types of Information Collected
2.1.1. Personal Identification Information: Personal Identification Information
encompasses data that allows for the direct identification of an individual
User. This category includes, but is not limited to, the User’s full name, email
address, postal address, and telephone number. Such information is pivotal
for the Company to provide personalized services, facilitate communication,
and ensure the delivery of products or services requested through the app.

2.1.2. Payment Information: The Company collects Payment Information to
process transactions initiated by Users within the app. This information
includes credit card numbers, bank account details, and any other financial
data required to complete purchases or bookings. The secure processing of
Payment Information is paramount, and the Company employs robust
encryption and security measures to protect this sensitive data from
unauthorized access or misuse.
2.1.3. Health Information: For Users availing of health consultation services
through the app, the Company collects Health Information, which may
include medical histories, treatment information, and other health–related
data. This information is collected to provide tailored health consultations
and services from certified professionals. The Company is committed to
maintaining the highest standards of confidentiality and privacy with respect
to Health Information, adhering strictly to applicable health data protection
regulations.
2.1.4. Location Data: Location Data is collected to enhance the functionality of
services such as food delivery, gym access, and other location–based
offerings provided by the app. This data enables the Company to offer
personalized recommendations, deliver services efficiently, and optimize
User experience based on geographical proximity.
2.1.5. Device and Usage Information: To further refine and customize the User
experience, the Company collects Device and Usage Information. This
includes data pertaining to the type of device used to access the app, operating
system, browser type, internet protocol address, mobile network information,
and how the app is utilized. Analyzing this information assists in improving
app performance, diagnosing technical issues, and tailoring services to User
preferences and device capabilities.
2.2. Methods of Collection: The Company may employ various methods to collect
personal information, ensuring transparency and consent in its data collection
practices.

2.2.1. Information You Provide: A significant portion of the data collected by the
Company is provided directly by Users through the app interface or via
communication with customer service. This includes information entered
when registering for an account, completing transactions, engaging in
consultations, or utilizing other services offered through the app.
2.2.2. Information Collected Automatically: The Company may utilize
technologies such as cookies, web beacons, and similar tracking mechanisms
to collect information automatically as Users interact with the app. This
automatic data collection facilitates the understanding of how the app is used,
helps in customizing the User experience, and improves service offerings.
3. USE OF INFORMATION
3.1. Providing Services: The collection of personal information by the Company is
primarily directed towards the provision of its diversified and multifaceted app–based
services. This encompasses facilitating the ordering of food from kitchen partners,
enabling the hiring of workers for various tasks or projects, providing health
consultations by certified professionals, offering access to gyms nearby with flexible
memberships, managing fleets with innovative solutions, arranging for the dry
cleaning of clothes with convenient pickup and delivery, and facilitating the sale of
bus tickets to other travelers. The utilization of Users’ personal identification
information, location data, and specific service–related information enables the
Company to tailor and optimize the service delivery process, ensuring that the services
provided are not only relevant but also of the highest quality and efficiency. The
Company’s commitment to enhancing User experience is reflected in the meticulous
use of the collected information to facilitate User transactions, service requests, and
interactions within the app’s ecosystem, thus ensuring a seamless and satisfactory User
journey.
3.2. Payment Processing: To ensure the secure and efficient processing of transactions
initiated within the app, the Company employs the collected payment information,
including, but not limited to, credit card details and bank information. This
information is crucial for the facilitation of purchases, bookings, and other financial
transactions associated with the services offered through the app. The Company

adheres to stringent security standards and protocols to protect and secure payment
information, thereby safeguarding Users’ financial data against unauthorized access,
misuse, or any form of compromise. The trust placed by Users in the Company’s
handling of their financial transactions is of paramount importance, and as such, the
Company employs advanced encryption technology and complies with all applicable
financial data protection regulations to ensure the integrity and confidentiality of
payment processing operations.
3.3. Customer Support: In the context of providing timely and effective customer
support, the Company utilizes personal information to address and resolve User
inquiries, complaints, or feedback. This includes leveraging personal identification
information and relevant service usage details to understand and respond to User
needs, enhance the quality of customer service, and ensure a responsive and User–
friendly support system. The Company’s customer support operations are designed to
be comprehensive, User–centric, and geared towards fostering positive User
experiences, thereby reinforcing the Company’s commitment to excellence in service
delivery and customer satisfaction.
3.4. Business Operations: The Company may share the personal information of Users
strictly for the purposes of conducting its essential business operations. The Company
maintains strict privacy policies to protect the personal information of its Users
obtained for text message communications. This information is never sold, rented,
released, or traded to third parties without the prior written consent of the Users or in
case of a legal obligation. Any sharing of personal information with third parties is
solely for the purpose of fulfilling the Company’s obligations to the Users. We
guarantee that it will never be shared with third parties for marketing purposes.
3.5. Improvement of Services: To continuously enhance and innovate the app’s services
and features, the Company may analyze collected data, including device and usage
information, feedback, and User interactions within the app. This analytical approach
enables the Company to identify trends, User preferences, and areas for improvement,
thereby facilitating the development of new services, optimization of existing ones,
and customization of the User experience. The Company’s dedication to service
improvement is driven by a commitment to offering Users an evolving and dynamic

app ecosystem that not only meets but exceeds their expectations in terms of
functionality, usability, and overall value.
3.6. Legal Obligations: In adherence to legal and regulatory obligations, the Company
may use collected information to comply with laws, regulations, legal processes, or
governmental requests. This includes the use of personal information in the context of
legal proceedings, audits, security investigations, or other legal or compliance–related
purposes. The Company’s approach to fulfilling its legal obligations is characterized
by a commitment to the highest standards of legal compliance, integrity, and ethical
conduct. The utilization of User information for legal purposes is conducted with
utmost respect for privacy rights and in strict accordance with applicable data
protection laws and regulations. Whether responding to lawful requests for
information from law enforcement agencies, complying with data protection
regulations, or engaging in efforts to prevent fraud and protect the security and
integrity of the app and its Users, the Company ensures that such uses of personal
information are justified, proportionate, and necessary for the specified legal purpose.
In fulfilling its legal obligations, the Company remains vigilant in its duty to protect
Users’ privacy and personal information, adhering to principles of transparency and
accountability. The Company’s legal team continuously monitors regulatory
developments and legal requirements to ensure compliance and safeguard the interests
of both the Company and its Users. By integrating legal compliance seamlessly into
its operations and decision–making processes, the Company not only upholds its legal
responsibilities but also reinforces its commitment to operating in an ethical,
responsible, and User–focused manner. In conclusion, the use of information by
POTOLO is multifaceted and encompasses a broad spectrum of activities essential for
the provision and improvement of its services, customer support, and compliance with
legal obligations. The Company’s policies and practices regarding the use of
information are underpinned by a commitment to privacy, security, and compliance,
ensuring that Users’ personal information is handled with the highest level of care and
integrity.
4. INFORMATION SHARING AND DISCLOSURE
4.1. With Service Providers: POTOLO may share personal information to conduct
essential business operations. This may include engaging with a variety of third–party

service providers to facilitate the seamless delivery of its app–based services, which
range from food ordering to health consultations and from fleet management to ticket
sales for travelers. These service providers perform critical functions on behalf of the
Company, such as payment processing, data analysis, email delivery, hosting services,
and customer service. In order to perform these services, third–party service providers
may have access to the personal information necessary to execute their duties
effectively. However, the Company implements stringent contractual obligations to
ensure that these service providers protect the information and use it solely for the
purposes for which they were engaged, adhering to privacy standards that are as
protective as the Company’s own policies. The Company endeavors to carefully vet
each service provider for compliance with relevant data protection laws and insists on
adherence to confidentiality agreements and data processing terms that restrict their
use of, access to, and the protection of personal information.
4.2. For Fulfilment of Legal Obligations: The Company reserves the right to share
personal information with third parties if required to do so by law or if such action is
necessary to comply with legal processes, respond to claims, or protect the rights,
property, or safety of the Company, its Users, or the public. This includes complying
with legal obligations such as court orders, warrants, or subpoenas, participating in
legal proceedings, responding to requests from public and governmental authorities,
enforcing our terms and conditions, conducting investigations, and protecting against
fraud, security breaches, or technical issues. In such cases, the Company makes every
effort to notify affected Users about the legal demands for their personal information,
unless providing such notice is prohibited by the legal process itself, by court order
we receive, or by applicable law, or unless the request is an emergency. Otherwise,
the Company does not share or sell personal information with third parties without the
Users’ express and unequivocal written consent. In these situations, our commitment
is to protect our Users’ privacy and legal rights to the fullest extent allowed by law.
4.3. With Your Express Consent: Aside from the circumstances described above, the
Company may share personal information with third–parties like companies,
organizations, entities, or individuals outside of POTOLO only when the Company
has the express written consent of the User to do so, except when legally required to
do so. This consent–based sharing is typically related to essential business operations.
This includes the opt–in and opt–out options for receiving communications. Users have

the right to withdraw their consent, i.e., opt–out, at any time, effectively halting further
sharing of their information under this provision. The Company places the utmost
importance on ensuring that Users’ choices and consent are respected and acted upon
with transparency and integrity, maintaining the principle that User information is
shared externally only with clear, affirmative, express consent from the User. This
information is never sold, rented, released, or traded to third parties without the prior
written consent of the Users or in case of a legal obligation. Any sharing of personal
information with third parties is solely for the purpose of fulfilling the Company’s
obligations to the Users. We guarantee that it will never be shared with third parties
for marketing purposes.
5. DATA RETENTION AND SECURITY
5.1. Retention Period: POTOLO is committed to retaining personal information only for
as long as necessary to fulfill the specific purposes for which it was collected and to
comply with our legal and regulatory obligations. This retention period is dependent
upon the nature of the information collected and the purpose for which it is collected
and processed. For instance, transactional records, including payment information, are
retained in accordance with relevant tax and accounting laws, whereas personal
identification information and health data used for providing services and customer
support are retained for the duration of the User’s relationship with the Company plus
a period thereafter as dictated by legal, contractual, or ethical obligations. The
Company conducts regular reviews of all personal information held to determine its
continued relevance and deletes or anonymizes data when it is no longer necessary for
its collected purpose or when the retention period expires, whichever comes first. In
certain cases, Users may request the deletion of their information before the expiry of
the retention period, in which case the Company will evaluate such requests in
accordance with applicable laws and its data retention policies.
5.2. Security Measures: The security of personal information is of paramount importance
to the Company. To protect User data against unauthorized, illegal, or unlawful
access, alteration, disclosure, or destruction, the Company employs a comprehensive
suite of security measures that include physical, technical, and administrative
safeguards. These measures are designed to provide a level of security appropriate to
the risk of processing personal information. Technical safeguards include the use of

encryption, firewalls, and secure server facilities. Administrative measures involve
the implementation of access controls and least privilege, ensuring only authorized
personnel have access to personal information for approved purposes. The Company
also engages in regular security assessments and audits to evaluate and enhance its
security posture. Employee training in data protection and privacy is conducted
periodically to reinforce the importance of security and to ensure that all staff
members are aware of and comply with our security practices and policies.
5.3. Breach Notification: In the unfortunate event of a data breach that is likely to result
in a risk to the rights and freedoms of individuals, the Company is committed to
promptly notifying the affected individuals and relevant authorities in accordance with
applicable data protection laws. This notification will include, as far as is reasonably
possible, the nature of the data breach, the categories and approximate number of
individuals concerned, the likely consequences of the breach, and the measures taken
or proposed to be taken by the Company to address the breach, including, where
appropriate, measures to mitigate its possible adverse effects. The Company’s
approach to breach notification is guided by a commitment to transparency,
accountability, and the protection of the User privacy. Efforts to investigate the breach
will be initiated promptly, with the aim of swiftly identifying the cause, implementing
measures to prevent future occurrences, and complying with our legal and regulatory
notification and reporting obligations.
6. YOUR RIGHTS AND CHOICES
6.1. Access to Your Information: POTOLO acknowledges and supports the fundamental
right of individuals to access their personal information that the Company holds. Users
have the right to request a copy of their personal information to understand what
information is being processed and how it is being used. Upon receiving a request for
access, the Company will provide a copy of the personal information under its control,
along with an explanation of the data processing activities, in a clear and
comprehensible format. The Company is committed to facilitating these requests in a
timely manner, subject to any limitations or exceptions under applicable laws. This
process is designed to ensure that individuals are fully aware of the personal
information that the Company processes, thereby promoting transparency and trust.

6.2. Correction and Deletion: The accuracy of personal information is paramount to the
Company’s operations. Users have the right to request the correction of inaccurate or
incomplete personal information held by the Company about them. In addition, Users
may request the deletion of their personal information when it is no longer necessary
for the purposes for which it was collected, when consent is withdrawn and there is
no other legal ground for processing, or when complying with a legal obligation. The
Company will review and accommodate such requests in accordance with applicable
data protection laws, ensuring that Users have control over their personal information.
The Company also recognizes the importance of this right in empowering Users to
maintain control over their privacy and data security.
6.3. Data Portability: Data portability allows Users to receive the personal information
they have provided to the Company in a structured, commonly used, and machine–
readable format. Furthermore, it enables Users to transmit this information to another
entity without hindrance from the Company, where technically feasible. This right is
particularly relevant in contexts where the processing is based on the User’s consent
or on a contract, and the processing is carried out by automated means. The Company
supports this right by providing Users with the means to easily request and receive
their data, thereby enhancing User autonomy and control over personal information.
6.4. Opting Out of Communications: The Company offers Users the option to opt–in to
receive communications, including text messages, in compliance with the Ten Digit
Long Code (10DLC) standards and other applicable regulations. By providing your
phone number, you agree to receive text messages from the Company. Message and
data rates may apply. Message frequency varies. Users who have previously opted in
may choose to opt–out of receiving such communications at any time. To facilitate
this, the Company provides clear and simple mechanisms for Users to withdraw their
consent, such as unsubscribe links in emails or instructions in text messages. The
Company ensures that opting out is as easy as opting in, respecting Users’ preferences
regarding communication and engagement. If you are receiving text messages from
the Company and wish to stop receiving them, simply respond with either “STOP” or
“UNSUBSCRIBE” to the number from which you received the message. Once the
Company receives your message, you will no longer receive further text messages
from the Company.

6.5. Restrictions on Processing: Users have the right to request restrictions on the
processing of their personal information under certain circumstances, such as when
the accuracy of the information is contested, when the processing is unlawful, or when
the Company no longer needs the personal information for processing but the
individual requires the data for the establishment, exercise, or defense of legal claims.
The Company will assess such requests on a case–by–case basis and implement
restrictions accordingly, ensuring that processing is limited to necessary operations as
dictated by the User’s request and applicable laws.
6.6. Withdrawing Consent: At any time, Users have the right to withdraw their consent
for the processing of their personal information when such processing is based on
consent. Withdrawal of consent does not affect the lawfulness of processing based on
consent before its withdrawal. The Company is committed to ensuring that
withdrawing consent is a straightforward process, enabling Users to effectively
exercise their right to dictate the terms of their personal information’s processing.
Upon receipt of a withdrawal request, the Company will cease processing the personal
information for the purposes for which consent was originally obtained, unless another
legal basis for processing exists.
7. COOKIES AND TRACKING TECHNOLOGIES
7.1. Use of Cookies: POTOLO may employ cookies and similar tracking technologies to
enhance User experience on its app, facilitate efficient navigation, personalize and
improve our services, and analyze how our app is used. Cookies are small data files
stored on your device by a web server, primarily used to identify Users as unique
visitors by storing User preferences and tracking User trends and patterns. The
Company utilizes both session cookies, which expire once you close your web
browser, and persistent cookies, which remain on your device for a set period or until
manually deleted, to provide a personalized experience. These technologies help the
Company understand User behavior within the app, including which parts of the app
Users find most useful or engaging, thereby enabling the customization of content and
advertisements, and improving the overall service offered. The use of cookies and
tracking technologies is standard across the digital services industry, and they play a
critical role in the ongoing development and optimization of our services.

7.2. Managing Cookies: Users retain full control over the use of cookies and similar
technologies. Most web browsers provide options to accept, reject, or delete cookies,
which can usually be found in the browser’s “Settings” or “Preferences” menu. It is
important for Users to be aware that disabling or rejecting cookies may limit the
functionality of the app, affecting the User’s ability to engage with some services fully.
For those wishing to not have their data collected through cookies, the Company
provides guidance and information on how to manage browser settings to either block
all cookies automatically or receive warnings before a cookie is stored. Furthermore,
Users may also use third–party tools to manage the collection and use of information
by these technologies.
7.3. Third–Party Tracking: Beyond the Company’s use of cookies and similar
technologies, third–party services and advertisers may also employ such technologies
to collect information regarding your activities on the Company’s app and other
websites over time. This information may be used by these third parties to provide
advertising and services targeted towards your interests based on your browsing
activities and preferences. The Company does not control these third–party tracking
technologies or how they may be used. For information about managing your privacy
and security settings for cookies and other tracking technologies used by these third
parties, Users are encouraged to directly consult the privacy policies of these third
parties. The Company is committed to transparency regarding the use of third–party
tracking technologies and endeavors to work with third parties that adhere to similar
standards of privacy and data protection as the Company itself.
8. INTERNATIONAL DATA TRANSFER
8.1. Transfer Mechanisms: POTOLO may operate on a global scale, which may
necessitate the transfer of personal information across international borders. Such
transfers may be essential for conducting the essential business operations of the
Company like the seamless delivery of the Company’s services, including, but not
limited to, ordering food, hiring workers, health consultations, gym access, fleet
management, dry cleaning services, and bus ticket sales. To ensure the lawful transfer
of personal information from the European Economic Area (EEA), the United
Kingdom (UK), and other jurisdictions with data protection laws to countries that may
not have equivalent legal frameworks for privacy and data protection, the Company

shall rely on various transfer mechanisms recognized and authorized under data
protection laws. These mechanisms include the use of Standard Contractual Clauses
(SCCs) approved by the European Commission, adherence to the EU–U.S. Privacy
Shield Framework (to the extent it is recognized and applicable), and obtaining
explicit consent from Users for specific international transfers as and when required.
The Company is committed to ensuring that all international transfers of personal
information are conducted in compliance with applicable data protection laws and that
the information remains protected to the standards described in this privacy policy.
8.2. Safeguards: Recognizing the importance of maintaining the security and integrity of
personal information during and after its transfer across international borders, the
Company shall implement robust safeguards. These safeguards shall be designed to
protect personal information irrespective of the country to which it is transferred or
stored. This shall include the encryption of data in transit and at rest, conducting
regular privacy impact assessments for international data transfers, and ensuring that
all third–party service providers and partners who have access to personal information
are bound by confidentiality agreements and are obligated to maintain adequate data
protection measures. Furthermore, the Company continuously monitors and assesses
the legal and regulatory changes in data protection laws to adapt its data transfer
practices accordingly. In cases where the data protection laws of the receiving country
do not afford an equivalent level of protection as those in the User’s country, the
Company takes additional measures, such as implementing supplementary data
protection contractual clauses or adopting more stringent internal privacy policies, to
ensure that Users’ personal information is treated securely and in accordance with this
privacy policy.
9. CHILDREN’S PRIVACY
POTOLO places paramount importance on the protection of children’s privacy and is
committed to complying with all applicable laws and regulations designed to protect
children’s personal information. Recognizing the sensitivity of children’s information,
the Company does not knowingly collect, use, or disclose personal information from
children under the age of thirteen (13) or the applicable age limit set by legislation in
various jurisdictions (collectively referred to as “children“). The services offered by
the Company are not directed to children, and the Company does not intentionally

design its app to appeal to children. In the event that the Company becomes aware that
it has inadvertently collected personal information from children without verifiable
parental consent, prompt steps shall be taken to remove such information from the
Company’s records. This includes conducting a thorough review of our data
processing practices to prevent such occurrences and implementing stringent
measures to identify and block the inadvertent collection of children’s information.
Furthermore, the Company strongly encourages parents and guardians to take an
active role in their children’s online activities and interests. In cases where the
Company’s services are utilized by minors, the Company relies on parents or guardians
to provide consent for the collection, use, and sharing of personal information of their
children, in accordance with applicable laws. The Company provides parents and
guardians with the means to review the information collected from their children,
request the deletion of such information, and refuse to allow any further collection or
use of their children’s information. To exercise these rights, parents or guardians can
contact the Company directly through the contact information provided in this Privacy
Policy. Upon receiving such a request, the Company will take the necessary steps to
verify the identity of the requester to ensure that they have the authority to make such
a request on behalf of the child. Once verified, the Company will promptly comply
with the request in accordance with this Privacy Policy and applicable data protection
laws. The Company’s commitment to ensuring the privacy and safety of children’s
information reflects our broader dedication to safeguarding all Users’ privacy and
security. Through continuous evaluation and improvement of our privacy practices,
the Company strives to maintain a safe and secure environment for all Users, with
special consideration given to the protection of children’s privacy.
10. LINKS TO OTHER SITES
In the pursuit of providing a comprehensive and enriched User experience, POTOLO
may include links within its app to external websites, platforms, and services that are
operated by third parties. These links are provided to offer additional information,
services, or products that may be of interest to the Users of the Company’s app. It is
important for Users to acknowledge and understand that these third–party sites operate
independently from the Company and are not under the control of POTOLO.
Consequently, these external sites may have their own privacy policies, terms of
service, and data collection practices that are distinct from those of the Company. The

Company makes no representations or warranties regarding the policies or business
practices of any third–party websites and advises Users to review the privacy policies
and terms of service of any site they visit through links provided by the Company’s
app. The inclusion of any link does not imply endorsement, authorization,
sponsorship, or affiliation by the Company with respect to such site, its owners, or its
providers. When Users choose to follow a link to an external site, they must be aware
that they are leaving the Company’s app and that the protections afforded by the
Company’s Privacy Policy no longer apply. Any information Users provide to these
external sites will be governed by the privacy policies of those specific sites, not by
POTOLO’s Privacy Policy. This includes information collected by cookies, pixels,
and other tracking technologies that may be employed by third–party sites to collect
and use information about Users in a manner that is different from the Company. The
Company encourages Users to be cautious when leaving the app and to read the
privacy statements of any other site that collects personally identifiable information.
This clause is designed to inform Users about the potential risks and considerations
associated with navigating to third–party websites and to encourage informed and
cautious engagement with these external sources of information and services. In
conclusion, while the Company strives to provide valuable and vetted links to useful
and ethical websites, it has no control over the content and nature of these sites. Users
should exercise caution and look at the privacy statement applicable to the website in
question. The Company’s goal in including links to other sites is to enhance User
experience and provide additional value, but User privacy and data protection remains
of paramount consideration. In cases where the Company’s services are utilized by
minors, the Company relies on parents or guardians to provide consent for the
collection, use, and sharing of personal information of their children, in accordance
with applicable laws. The Company provides parents and guardians with the means to
review the information collected from their children, request the deletion of such
information, and refuse to allow any further collection or use of their children’s
information. To exercise these rights, parents or guardians can contact the Company
directly through the contact information provided in this Privacy Policy. Upon
receiving such a request, the Company will take the necessary steps to verify the
identity of the requester to ensure that they have the authority to make such a request
on behalf of the child. Once verified, the Company will promptly comply with the
request in accordance with this Privacy Policy and applicable data protection laws.

11. COMPLIANCE WITH GLOBAL REGULATIONS
11.1. GDPR Compliance: POTOLO is fully committed to compliance with the General
Data Protection Regulation (GDPR), which sets forth the principles and requirements
for the processing of personal data of individuals within the European Union (EU) and
European Economic Area (EEA). In adherence to GDPR, the Company ensures
lawful, fair, and transparent processing of personal data, maintaining strict purposes
for processing while limiting data collection, storage, and usage to what is necessary
and consented to by the individuals. The Company recognizes the importance of
implementing appropriate technical and organizational measures to ensure and
demonstrate that any data processing is performed in accordance with the GDPR. This
includes ensuring data security, offering robust data subject rights, executing Data
Protection Impact Assessments (DPIAs) where processing operations present high
risks to the rights and freedoms of natural persons, and appointing a Data Protection
Officer (DPO) where required. The Company’s GDPR compliance is further
underpinned by its commitment to facilitating Users’ rights such as access,
rectification, erasure, restriction of processing, data portability, objection to
processing, and not being subject to automated decision–making including profiling.
11.2. CCPA Compliance: In alignment with the California Consumer Privacy Act
(CCPA), the Company takes proactive steps to respect and protect the privacy rights
of California residents. The CCPA provides California residents with the right to know
about the personal information collected about them, the purposes for which it is used,
and to whom it is disclosed. It also grants them the right to request deletion of personal
information, and to receive equal service and price, even if they exercise their privacy
rights. In compliance with CCPA, the Company has established processes to respond
to verifiable consumer requests related to their personal information within the
stipulated timelines. The Company ensures transparency in its data collection and
processing practices, providing detailed information in this Privacy Policy and
facilitating the exercise of consumers’ rights through designated channels.
11.3. Other Applicable Laws: The Company recognizes that its operations and services
are accessed globally, and as such, commits to complying with other applicable
privacy laws and regulations in jurisdictions where its Users reside. This commitment
involves adapting and aligning its data protection and privacy practices with diverse

legal requirements, including but not limited to, obtaining necessary consents for data
processing, providing notices and disclosures, ensuring data subject rights, and
implementing data security measures across different jurisdictions. The Company
continually monitors legal developments in data protection and privacy laws around
the world to adjust its policies, practices, and procedures accordingly. The Company’s
approach to global compliance is based on a foundation of respect for individual
privacy rights and the principle of providing clear, concise, and effective
communication to its Users regarding their personal data. Through its comprehensive
efforts to comply with GDPR, CCPA, and other applicable laws, POTOLO
demonstrates its unwavering commitment to data protection and privacy, ensuring that
its practices not only meet but exceed global standards for privacy and data protection.
This dedication to compliance is a cornerstone of the Company’s operations, fostering
trust and confidence among its Users and stakeholders.
12. CONTACT INFORMATION
12.1. How to Contact Us: POTOLO is committed to the protection of personal data and
respects the privacy concerns of all Users of its app. We understand the importance of
transparent communication and the need for Users to have a clear channel for queries,
requests, and concerns related to their personal information and privacy rights. Users
seeking information about their personal data, wishing to exercise their rights under
applicable data protection laws, or having any questions or concerns regarding the
Privacy Policy or data protection practices of the Company, are encouraged to contact
us directly. Our dedicated customer support team can be reached through the
following means:
12.1.1. Email: info@potolosystems.com
12.1.2. Postal Mail: 26 Fern Court, Sayreville NJ 08872
12.1.3. Phone: + 732–210–7594
12.1.4. Contact Form: www.potolo.com.
We strive to respond to all queries and requests promptly and effectively, ensuring
that your concerns are addressed in a timely and respectful manner. For specific
requests related to personal information, please provide sufficient detail to allow us to
identify your information and process your request accurately.

The Company is devoted to maintaining open and constructive communication with
its Users, upholding the principles of transparency and accountability in all
interactions.
12.2. Data Protection Officer: To reinforce our commitment to data protection and
privacy, the Company has appointed a Data Protection Officer (DPO) responsible for
overseeing the Company’s compliance with global data protection regulations,
including but not limited to GDPR and CCPA. The DPO plays a critical role in
advising the Company on data protection obligations, monitoring compliance with
data protection laws, being a point of contact for data subjects, and cooperating with
supervisory authorities. Should you have any inquiries specifically related to data
protection, or wish to exercise your rights directly related to data privacy, our Data
Protection Officer can be contacted at:
12.2.1. Email: aabongwa@potolosystems.com
12.2.2. Postal Mail: 26 Fern Court, Sayreville NJ 08872
The Data Protection Officer is equipped to provide the necessary support and guidance
regarding the processing of your personal data and to address any concerns relating to
privacy matters.
We encourage you to reach out to our DPO for matters specifically concerning data
protection and privacy rights. The Company ensures that all communications with the
DPO are treated with the highest level of confidentiality and professionalism.
13. POLICY UPDATES
In a digital environment that is constantly evolving, the Company acknowledges the
necessity for periodic updates to its Privacy Policy to accommodate new legal
requirements, technological advancements, and changes in our business operations.
Such updates are essential to maintain alignment with best practices in data privacy
and protection, ensuring the continuous safeguarding of User information. Should
there be any amendments to this Privacy Policy, the Company pledges to provide
Users with clear and conspicuous notice of such changes prior to their implementation.