PRIVACY POLICY
(version no. 1 of November 1st 2025)
1. INTRODUCTION
This document (“Privacy Policy”) describes how THEBIRBNEST OÜ, a company established under the laws of Estonia with its registered office in Tallinn (“TBN”, “we”, “us”, “our” etc.), processes your personal data and how it stores or accesses information on your end device in connection with your use of the website available at: https://tradle.xyz/(“Website”).
The goal of this Privacy Policy is to provide you with information on use of your personal data by us in compliance with Art. 13 of the General Data Protection Regulation.
The Website is intended only for persons who are 18 years of age or older. We do not knowingly or intentionally collect personal information from persons under the age of 18 in connection with the Website.
2. CONTROLLER
THEBIRBNEST OÜ, a company established under the laws of Estonia with its registered office in Tallinn, is a controller of your data (more detailed information about us in Section 12).
3. CONTACT DETAILS
You can contact us by:
- • e-mail at: support@thebirbnest.com;
- • post at: Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917.
4. PURPOSES AND LEGAL GROUNDS OF PROCESSING
We only process your personal data when it is lawful to do so. Each purpose for which we use your personal data has a specific basis for processing personal data as shown in the table below.
| PURPOSE OF PROCESSING OF YOUR PERSONAL DATA | LEGAL BASIS OF PROCESSING OF YOUR PERSONAL DATA |
|---|---|
| Provision of Services under the Terms and Conditions | Necessity of processing for the performance of a contract with you – Art. 6(1)(b) of the GDPR |
| Handling your enquiries, requests and communications | Our legitimate interest (protection of your rights and our rights) – Art. 6(1)(f) of the GDPR |
| Ensuring confidentiality and security of Website and Services (including log auditing, error removal, protection against abuse and fraud) | Our legitimate interest (protection of your rights and our rights) – Art. 6(1)(f) of the GDPR |
| Establishment, exercise or defence of legal claims | Our legitimate interest (establishment, exercise or defence of legal claims) – Art. 6(1)(f) of the GDPR |
| Use of necessary cookies | Necessity of processing for the performance of a contract with you – Art. 6(1)(b) of the GDPR |
| Use of cookies other than necessary cookies | Your consent – Art. 6(1)(a) of the GDPR |
5. DATA RETENTION
We only store your personal data for as long as is necessary for the purposes for which we collected it. Each purpose for which we use your personal data has a specific maximum period for storing personal data. We store your data depending on the purpose of processing as shown in the table below.
| PURPOSE OF PROCESSING OF YOUR PERSONAL DATA | DATA RETENTION PERIOD |
|---|---|
| Provision of Services under the Terms and Conditions | Term of the agreement with you under the Terms and Conditions. |
| Handling your enquiries, requests and other communications | Until you successfully object to the processing but no longer than 3 years from the end of the calendar year in which we have received your message or communication. |
| Ensuring confidentiality and security of Website and Services (including log auditing, error removal, protection against abuse and fraud) | Term of the agreement with you under the Terms and Conditions and 3 years from the end of the calendar year in which the agreement with you has been terminated or expired. |
| Establishment, exercise or defence of legal claims | Term of the agreement with you under the Terms and Conditions and 3 years from the end of the calendar year in which the agreement with you has been terminated or expired. |
| Use of necessary cookies | Term of the agreement with you under the Terms and Conditions. |
| Use of cookies other than necessary cookies | Until you withdraw your consent but no longer than for 12 months from the day you consented to use of cookies. |
6. DATA RECIPIENTS
We do not share your personal data with third parties unless it is lawful and necessary. For example, we may allow such access when it is necessary to perform the Services. We may allow access to personal data to the following categories of data recipients:
- • our data storage providers;
- • our third-party developers or software providers;
- • our professional advisors, such as lawyers, accountants and tax advisors.
7. DATA TRANSFERS
Some of our business partners may be located outside the European Economic Area (“EEA”), for example in the United States. The level of personal data protection outside the EEA differs from that provided by European Union law. For this reason, we only transfer your personal data outside the EEA when necessary and with an adequate level of protection, primarily by working with data processors in countries for which the European Commission has issued a decision confirming an adequate level of personal data protection. Alternatively, we may use standard contractual clauses issued by the European Commission. If you would like to learn more about these safeguards, obtain a copy of them or find out where they have been made available, please contact us (Section 3).
8. OBLIGATION TO PROVIDE DATA
In certain cases, providing personal data is mandatory by law or necessary to fulfil your request or perform a contract concluded with you. If you do not provide us with your personal data in such situations, we may not be able to fulfil your request, perform or conclude a contract with you, or comply with the law. In some cases, this may result in the termination of the contract or the inability to fulfil your request. For example, if you do not provide us with your personal data necessary to handle your request, we may not be able to process your request.
In other cases, providing personal data is voluntary. If, in such situations, you do not provide us with your personal data, we may not be able to fulfil your request. For example, if you do not consent to the use of our certain cookies other than necessary cookies, we will not use such cookies.
9. YOUR RIGHTS
Under the GDPR, you have rights including:
- • Right of access – You have the right to ask us for an overview of your personal data that we process at the moment of your request, as well as receive its copy.
- • Right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
- • Right to erasure (right to be forgotten) – You have the right to ask us to erase your personal data in certain circumstances.
- • Right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
- • Right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances. This right applies where we use your data based on your consent or a contract and if the processing of your data is carried out by automated means.
- • Right to object to processing – You have the right to object to the processing of your personal data in certain circumstances. You can do this at any time. If you raise an objection, we will stop using your personal data where the basis for processing is our legitimate interest. In exceptional circumstances, we may continue to use your data despite your objection. This exception does not apply when you object to the processing of data for direct marketing purposes, i.e., if you object to it, we will stop processing your personal data on this basis.
- • Right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent. You can do this at any time. If you withdraw your consent, we will stop using your personal data where the basis for processing is consent. Withdrawal of consent does not affect the lawfulness of processing your data based on consent before withdrawal.
You do not usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you as a rule, unless we extend the response period to three months in line with the GDPR. To make a data protection rights request, contact us using our contact details (Section 3.)
10. HOW TO LODGE A COMPLAINT
If you have any concerns about our use of your personal data, you can make a complaint to us using our contact details (Section 3). If you remain unhappy with how we have used your data after raising a complaint with us, you can also submit a complaint to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), the Estonian data protection authority based in Tallin, Estonia (https://www.aki.ee/en).
11. COOKIES
11.1. What are cookies?
Cookies are small text files installed on your device that collect information which, generally, facilitates use of the Website and the Services. For example, cookies may remember your language preferences or other settings of your Internet browser. In most cases information used in connection with cookies is personal data. In such cases, the Privacy Notice applies to such personal data.
We may use our own cookies. We may also use third-party cookies, i.e. cookies from a domain other than the domain of the Website, primarily for analytical activities. We may also use other technologies similar to cookies, for example HTML5 local storage, Local Shared Objects or tracking pixels. Where we refer to cookies in this Cookie Notice, we also mean such technologies.
In most cases, the information used in connection with cookies constitutes personal data. In such cases, the Privacy Policy applies to such personal data. This means, among other things, that the controller of your personal data used in connection with cookies is, in most cases, TBN. Therefore, you have the rights related to personal data specified in Sections 9 and 10 above.
11.2. Types of cookies
The cookies are used only when it is admissible by law. The following types of cookies are used in connection with your use of the Website and the Services.
• Necessary cookies: The necessary cookies are a type of cookies that are required by the Website and the Services to function properly. For example, these types of cookies are installed to recall your login sessions and privacy settings. They are set by us. They are mandatory because they are necessary for the provision of the Website and the Services.
11.3. Description of used cookies
Each cookie has a specific provider (e.g. TBN or a third party), a specific purpose and a maximum service life. The service life of cookies depends on their type and purpose. Generally, there are two types of cookies: session cookies and persistent cookies. Session cookies expire after the end of a browser session. Persistent cookies are stored on a device for a longer period of time. They do not expire when the browser session ends. The maximum period after which our cookies expire is 12 months.
NECESSARY COOKIES
| Cookie name | Purpose | Provider | Duration |
|---|---|---|---|
| tradePlayed | Stores information about your daily challenge result (risk/reward ratio) in order to track whether you have already participated today and to prevent replaying the same challenge. | TBN | maximum 24 hours (until midnight UTC) |
| lastPlayedDate | Stores the date of your last completed challenge. | TBN | maximum 24 hours (until midnight UTC) |
| TutorialModalViewed | Stores information confirming that the tutorial has been viewed in order to prevent displaying it again. | TBN | 30 days |
| tradleAnnouncements | Stores information confirming that announcements have been dismissed | TBN | 30 days |
11.4. Your cookie choices
There are several ways in which you can manage cookies on your device.
• Web browser: You can also manage cookies through your web browser. For example, you can delete all or some cookies from your device or block them. Please note that deleting or blocking cookies may cause the Website or the Services to not function properly or to stop functioning altogether. To manage cookies through your web browser, refer to the instructions provided by your browser provider.
12. CHANGES
The current version of the Privacy Policy was adopted and has been in force since November 1st2025. We may change the Privacy Policy, for example, when necessary due to changes in the Terms and Conditions, changes in legal requirements or changes in the way your personal data is used. We may also change the Privacy Policy to make it more transparent, accessible and understandable to you. If we change the Privacy Policy, we will keep previous versions available to you.
13. DEFINITIONS
- • “GDPR” or “General Data Protection Regulation” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- • „Services” – shall be understood as defined in the Terms and Conditions.
- • “TBN”, “we”, “us”, “our” etc. – THEBIRBNEST OÜ, a company established under the laws of Estonia with its registered office in Tallinn, address: Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917, entered in the register of enterprises kept by the Registration Department of Tartu County Court, under the No.: 16457724.
“Terms and Conditions” – the Terms and Conditions available at: https://tradle.xyz/terms