1. Purpose of this Policy

This Privacy Policy explains how VTO DAO (“we”, “our”, “us”) collects, uses, shares, and protects personal data obtained from token purchasers, website users, and other individuals (“you”). We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data‑protection laws.

2. Data Controller

The data controller is VTO DAO, established under the laws of [⸺Jurisdiction⸺]. Contact e‑mail:  timheht100@gmail.com

3. Personal Data We Collect

• Identification Data (name, date of birth, nationality, ID document details)

• Contact Data (address, e‑mail, phone number, wallet address)

• KYC/AML Data (source of funds, accredited investor status, risk profile)

• Technical Data (IP address, browser type, cookies, log files)

4. Purposes & Legal Bases

• Compliance with legal obligations (AML/KYC laws, securities regulations) – Art. 6(1)(c) GDPR

• Performance of a contract (Token Sale participation) – Art. 6(1)(b) GDPR

• Legitimate interests (security, fraud prevention) – Art. 6(1)(f) GDPR

• Consent (marketing communications) – Art. 6(1)(a) GDPR

5. Data Sharing

We may share personal data with:
• Compliance service providers and identity verification vendors
• Affiliated entities of VTO DAO
• Regulators, law‑enforcement, or courts where required by law
• Audit and professional advisers subject to confidentiality

6. International Transfers

Where personal data is transferred outside the European Economic Area, we use Standard Contractual Clauses or rely on adequacy decisions to ensure an equivalent level of protection.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, or destruction.

8. Data Retention

Personal data is retained for at least five (5) years after the end of the business relationship or longer if required by AML regulations or applicable law.

9. Your Rights

• Right to access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object

• Right to withdraw consent at any time

10. Cookies

Our website uses cookies to improve user experience and analyse traffic. You can manage cookie preferences in your browser settings.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified via our website or e‑mail.

12. Contact

If you have questions, please contact  timheht100@gmail.com