GDPR Compliance

Last updated: June 21, 2026

RESTIV Technology (“we”, “us”, or “our”) is committed to protecting the personal data of our users and ensuring compliance with the General Data Protection Regulation (GDPR). This GDPR Compliance Statement explains how we collect, process, and protect personal data in accordance with GDPR requirements.

This GDPR Compliance Statement should be read alongside our Privacy Policy and Terms of Service, which together describe how we process your personal data.

1. Data Protection Principles

Under the GDPR, personal data must be:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Kept in a form that permits identification for no longer than necessary
• Processed securely and protected against unauthorized processing, loss, destruction, or damage

2. Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Where processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

3. Data Subject Rights

Under the GDPR, you have the following rights:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that inaccurate personal data be corrected, or incomplete data be completed.
• Right to Erasure: You have the right to request the deletion of your personal data in specific circumstances.
• Right to Restrict Processing: You have the right to request the restriction or suppression of your personal data.
• Right to Data Portability: You have the right to request a copy of your data in a structured, machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances.

4. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing, assessing, and evaluating of security measures
• Regular security updates and patches
• Strict access controls and authentication
• Staff training on data protection
• Data protection impact assessments

5. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your personal data, such as:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules
• Transfers to countries with an adequacy decision

6. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours, where feasible, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals
• Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
• Document all breaches, including facts, effects, and remedial actions taken

7. Contact Information

If you have any questions about our GDPR compliance or wish to exercise your rights under the GDPR, please contact our Data Protection Officer at:

RESTIV Technology 101-119 6 Ave SW Calgary, AB, Canada T2P 0P8

Email: dpo@restiv.io

Phone: +1.587.807.0896

8. Changes to this Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated statement on our website.

The date at the top of this statement indicates when it was last updated.