Data Privacy & Cookies Policy

Last updated: January 2026

1. Scope of This Policy

1.1 Personal Information is information that identifies you as an individual and relates to you. It may include your name, your contact details and some invoicing information relating to you and may also include information set out in MassiveGRID's self-serving portal.

1.2 This privacy and cookies policy explains:

• When and why we collect PI about you (i.e. the visitor and/or the user of our site and/or services we provide);
• How we use it;
• How we keep it secure; and
• What are your rights in relation to it.

1.3 We may collect, use and store PI about you through our interactions with you, as described in this data privacy and cookies policy and as may be further described when we collect data from you for our services. Any of our product or services-specific privacy policies overrides this general privacy and cookies policy.

1.4 This policy may be amended from time to time without prior notice. You are advised to check our website regularly for any amendments. Amendments will not be made retrospectively.

2. Data Controller

2.1 We are MassiveGRID LTD.

2.2 We can be contacted at:

• 15 Beaufort Court Admirals Way, Docklands, London, E14 9XL, UK
• Telephone: +44 203 808 5577
• Email: sales@massivegrid.com

2.3 The terms "us", "we", "our", "our services", "our products" and words or phrases of similar import mean collectively MassiveGRID LTD, our affiliated companies, owned websites, applications, services, and products.

This privacy policy does not apply to websites, applications or mobile platforms that are not linked to this privacy policy or to those operated by third parties. We encourage you to review the privacy policies posted on those websites, applications and mobile platforms.

3. What Information We Collect and How

The PI we collect comes either directly from your input or automatically through internet technology:

3.1 Directly Collected Information

When you create an account with us, or purchase a product or a service from us, we may securely collect:

• Your name and mailing address
• Phone number and contact preferences
• Email address
• Payment information (such as credit/debit card number)
• Your user name and password
• Your comments and feedback

3.2 Automatically Collected Information

Our systems also collect information automatically through the use of cookies or similar internet technologies. The information that may be collected includes:

• Your Internet Protocol (IP) address
• Your computer type and operating system
• Browser type and version
• Pages visited and time spent on our website
• Referring website addresses
• Other technical identifiers

As a rule, cookies do not contain personally identifiable information, but when you provide your PI through our services, this information may be linked to the non-personally identifiable data stored in cookies.

4. How and Why We Use Your Information

4.1 The main reasons we securely use your PI are:

• Assisting you in fulfilling the transactions necessary for our products and services;
• Providing you support in using our products and services;
• Improving (and sometimes personalizing) our products and services to you;
• Contacting you regarding our products and services;
• Inviting you to participate in surveys and promotion activities.

4.2 Occasionally we may securely match or combine the PI that you provide with information that we obtain from other sources or that is already in our records, whether collected online or offline, for the purposes described in this policy.

4.3 By the use of cookies and similar internet technologies we mainly remember your online selections in our services and aim to personalize your experience with us.

4.4 We may also process any of the PI collected where necessary for:

• The initiation, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure (legal basis: our legitimate interests);
• Compliance with a legal obligation to which we are subject;
• Protection of the vital interests of you or of another natural person.

5. Cookies and Web Beacons

5.1 Cookies are small text files that a website sends to the browser on your computer or mobile device when you first visit a web page so that the website can recognize your device the next time you visit.

5.2 Most websites typically use the following types of cookies:

Cookie Type	Purpose	Duration
Strictly Necessary	Essential for key functionality such as navigation and login. These cannot be disabled.	Session / Persistent
Session Cookies	Temporary cookies that are deleted when you close your browser. Enable features like shopping baskets.	Session
Persistent Cookies	Remain until you delete them or they expire. Remember login details, personalized preferences.	Up to 2 years
Analytics Cookies	Third-party tracking and analytics (e.g., Google Analytics) to optimize the site and identify trends.	Up to 2 years
Marketing Cookies	Provide preference-related marketing and functionality such as social sharing.	Up to 1 year

5.3 Web beacons (or "Pixel Tags") are electronic images sometimes used in HTML-formatted emails to tell us whether our emails are opened and verify any clicks through to links or advertisements. The web beacon is deleted when you delete the email.

5.4 We consider and treat information collected by cookies and like technologies as non-personal. However, to the extent that identifiers like Internet Protocol (IP) addresses are considered personal information by law, we also treat these identifiers as personal information.

5.5 Our service providers also use cookies and these cookies may be stored on your computer when you visit our website.

5.6 There are a number of ways to manage cookies. You can go to the relevant preference section of your web browser and manage your cookies preferences. However, if you block cookies, you may not be able to register, login or make full use of our services.

5.7 We use Google Analytics to analyze the use of our website. Google Analytics gathers information about website use by means of cookies. Google's privacy policy is available at: https://www.google.com/policies/privacy/

6. How We Share Personal Information

6.1 We will never sell your PI.

6.2 We will not share your PI with any third parties without your prior consent (which you are free to withhold) except where required to do so by law or as set out below.

6.3 In order to complete the tasks required by us and/or provide services to you and/or to serve our legitimate interests and/or to provide you with the best quality of products and services, we may at times make certain PI available to the following persons/entities. In any such case, such disclosure will be done to the minimum required and insofar as is reasonably necessary to serve the reasons and objectives of such disclosure:

• Payment Processors & Anti-fraud Systems: We shall only share the relevant PI to our certified payment processors and anti-fraud systems, in order to safely proceed to the associated payment of the service you buy from us. These systems are used both for our and your protection since they act as safeguards for non-authorized transactions.
• Data Center Providers: Our colocation data center providers may have limited access to physical infrastructure. They are contractually bound to maintain strict confidentiality and security measures.
• Support Platform Providers: Our customer support platform provider processes limited PI (name, email, support ticket content) to facilitate technical support communications.
• Legal and Regulatory Bodies: We may be required to disclose PI to law enforcement agencies, regulatory authorities, or courts in response to valid legal processes such as subpoenas, court orders, or regulatory requests.

Any such disclosure is done to the minimum required and only insofar as is reasonably necessary.

7. How Long We Keep Personal Information

7.1 We will hold your PI on our systems for as long as you receive a service from us and for as long afterward as is necessary to comply with our legal obligations.

7.2 We will review your PI every year to establish whether we are still entitled to process it.

7.3 If we decide that we are not entitled to process it, we will stop processing your PI except that we will retain your PI in an archived form to comply with future legal obligations (e.g., tax requirements, establishment exercise or defense of legal claims).

7.4 We securely destroy all financial information once we have used it and no longer need it.

8. How We Protect Your Information

8.1 We use a variety of data security measures intended to safeguard the confidentiality and integrity of your PI:

• We have implemented generally accepted standards of technology and operational security to protect PI from loss, misuse, or unauthorized alteration or destruction.
• For any payments which we take from you online, we use a recognized online secure payment system.
• We will notify you promptly in the event of any breach of your PI which might expose you to serious risk.

8.2 Please note that where you are transmitting information to us over the internet, this can never be guaranteed to be 100% secure.

9. Children

9.1 We do not knowingly collect information from children under the age of 16 and we do not target our products and services to children.

9.2 In case children under the age of 16 require any of our services, we shall, apart from the children's consent, seek to obtain the child's legal guardian's written approval.

10. International Transfers

10.1 We will not transfer your PI outside the European Economic Area (EEA) without your consent.

10.2 In case we exceptionally do so, we will ensure that the transferred PI will be protected by appropriate safeguards, equivalent to the degree of data protection adopted or approved by the European Commission. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Binding Corporate Rules where applicable;
• Transfers to countries with an adequacy decision from the European Commission;
• Specific derogations under Article 49 of the GDPR where applicable.

10.3 MassiveGRID operates data centers in multiple jurisdictions (United States, United Kingdom, Germany, and Singapore). When you select a specific data center location for your services, your Customer Data will be stored in that location. For EU data sovereignty requirements, our Frankfurt, Germany facility provides a fully EEA-based data processing option.

10.4 You may request information about the specific safeguards in place for any international transfer of your personal data by contacting us at privacy@massivegrid.com.

11. Your Rights Under GDPR

Under the GDPR, you have certain specified rights in relation to your PI and its protection:

11.1 Right of Access

You are entitled to obtain confirmation as to whether or not we are processing your PI, and if we do, you can access it together with additional information (such as the categories of PI concerned and the recipients). You may request a copy of your PI, and we shall provide it within 30 days. Submit requests to privacy@massivegrid.com.

11.2 Right to Rectification

You have the right to have any inaccurate PI about you corrected and any incomplete personal data completed.

11.3 Right to Erasure

You have the right to erasure in cases where, for example, processing your PI no longer serves the purposes for which it was collected, or where you have withdrawn your consent.

11.4 Right to Restrict Processing

Where you have objected to our processing of your PI while this objection is being verified, processing will be limited only according to your consent or as otherwise provided by law.

11.5 Right to Object

You may object to the processing of your PI on grounds relating to your particular situation. You may also object where your PI is used for direct marketing purposes, and we will immediately cease such processing.

11.6 Right to Data Portability

You have the right to receive your PI in a structured, commonly used and machine-readable format and to transmit that data to another controller without hindrance from us.

11.7 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your PI infringes data protection law. In the UK, the supervisory authority is the Information Commissioner's Office (ICO).

12. Third-Party Services

Our website and services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party service you visit or use.

The third-party services we use include:

• Google Analytics: For website usage analysis and improvement. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Payment Gateways: For secure processing of payments. These providers have their own privacy policies and PCI DSS compliance.
• Customer Support Platform: For managing support tickets and communications with our technical team.

13. Changes to This Policy

13.1 We may update this Data Privacy & Cookies Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

13.2 When we make material changes to this policy, we will notify you by posting the updated policy on our website with a revised "Last updated" date. For significant changes, we may also provide additional notice through email or a prominent notice on our website.

13.3 We encourage you to review this policy periodically to stay informed about how we are protecting your personal information. Your continued use of our services after any changes to this policy constitutes your acceptance of the revised policy.

14. Contact Information

For any questions regarding this Data Privacy & Cookies Policy, or to exercise your data protection rights, please contact us:

• MassiveGRID LTD
• 15 Beaufort Court Admirals Way, Docklands, London, E14 9XL, UK
• Telephone: +44 203 808 5577
• General inquiries: sales@massivegrid.com
• Privacy & data protection: privacy@massivegrid.com

For more information about our GDPR compliance measures, please visit our GDPR Compliance page. For general service terms, please see our Terms of Service.