Two Independent Data Controllers
Cuverse Limited, Reg.-No. 76541636, 7/F, MW Tower, 1 Bonham Strand, Sheung Wan, Hong Kong
Cuverse Technologies Limited, Reg.-No. 78270910, Unit 1603, 16/F, The L. Plaza, 367–375 Queen’s Road Central, Sheung Wan, Hong Kong
Effective from: 01.07.2026
Preamble
This Privacy Policy (the “Privacy Policy”) describes how Cuverse Limited and Cuverse Technologies Limited (together, “Cuverse”, and individually or as the context requires, “Cuverse Limited” or “Cuverse Technologies”) collect, use, store, transfer and otherwise process the personal data of natural persons.
Important architectural feature. The Cuverse Group includes two legal entities, each of which performs a different function and bears its own responsibility for the processing of personal data:
- Cuverse Technologies Limited — the operator of the website cuverse.com, the mobile applications and the related technological infrastructure. Cuverse Technologies acts as an independent data controller within the meaning of Art 4(7) of Regulation (EU) 2016/679 (GDPR) in respect of personal data processed on the Cuverse Platform;
- Cuverse Limited — the provider of crypto-asset mining services. Cuverse Limited acts as an independent data controller in respect of personal data processed for the purposes of performing the Mining Hardware Hosting Agreement and the Mining Service Agreement, including billing, KYC, AML compliance and Customer support relating to mining matters.
The two companies are independent, and not joint, controllers. Each bears its own responsibility for the processing of personal data within its area of responsibility. The detailed allocation of roles is set out in § 2 of this Privacy Policy.
The exchange of personal data between the companies is carried out on the basis of an Intercompany Services Agreement, as a controller-to-controller transfer, where each controller has its own legal basis. Contact details for personal data protection enquiries: Cuverse Limited — [email protected]; Cuverse Technologies Limited — [email protected].
This Privacy Policy is drafted having regard to the requirements of:
- the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) for users and Customers from the EU/EEA;
- the Personal Data (Privacy) Ordinance of Hong Kong (“PDPO”) for users and Customers from Hong Kong;
- other applicable data protection laws in the jurisdictions in which Cuverse provides services.
By using the Cuverse Platform or by entering into a Mining Hardware Hosting Agreement or a Mining Service Agreement, the natural person confirms that they have reviewed this Privacy Policy and understand the principles for the processing of their personal data set out below.
§ 1. Definitions
§ 2. Who is Responsible for Your Personal Data
2.1. Cuverse Technologies Limited as Platform Data Controller
Cuverse Technologies Limited is the data controller in respect of Personal Data processed in connection with the use of the Platform. This includes:
- Data collected at Account creation (email, name, country of residence, password in encrypted form);
- Authentication and session data (login logs, IP addresses, device and browser information);
- Data on interaction with the Platform (pages viewed, buttons clicked, time spent on the site);
- Cookies and similar technologies (see the separate Cookie Policy);
- Data submitted through feedback forms and the support service.
Contact details for Cuverse Technologies for data protection enquiries:
Email: [email protected]
Postal address: Cuverse Technologies Limited, Unit 1603, 16/F, The L. Plaza, 367–375 Queen’s Road Central, Sheung Wan, Hong Kong
2.2. Cuverse Limited as Mining Services Data Controller
Cuverse Limited is the data controller in respect of Personal Data processed for the purposes of performing the Mining Hardware Hosting Agreement and the Mining Service Agreement. This includes:
- Customer identification data for KYC purposes (name, date of birth, nationality, identity documents);
- Customer contact details (residential address, telephone);
- Financial data (payment details, transaction history, billing information, Service Prepayment operations);
- Customer Wallet address (the external Bitcoin address provided by the Customer);
- Data on acquired products (Mining Hardware, Service Packages, Order Specifications);
- Data on Mining Rewards and pool operations;
- Data on applicable tax residency (for tax compliance purposes);
- Data on sanctions status (OFAC, EU and UN sanctions screening);
- Correspondence with the Customer on mining-related matters.
Contact details for Cuverse Limited for data protection enquiries:
Email: [email protected]
Postal address: Cuverse Limited, 7/F, MW Tower, 1 Bonham Strand, Sheung Wan, Hong Kong
2.3. Practical Implication
For the convenience of the Data Subject, each of the two controllers has its own contact email for data protection enquiries:
- [email protected] — for matters relating to the Mining Services of Cuverse Limited (KYC, billing, Mining Hardware, Service Packages);
- [email protected] — for matters relating to the use of the Platform of Cuverse Technologies Limited (Account, cookies, analytics, customer support).
If the Data Subject is unsure which of the controllers is responsible for their specific request, they may contact either of the addresses indicated — Cuverse will, within the group, route the request to the appropriate controller and ensure that it is handled within the time limits set by applicable law.
2.4. Data Sharing Between the Two Controllers
Cuverse Technologies and Cuverse Limited share Personal Data to the extent necessary for the performance of their respective functions (for example, the transfer of Account data from Cuverse Technologies to Cuverse Limited for the onboarding of a new Customer and the conduct of KYC). Such sharing is governed by a separate Intercompany Services Agreement and is carried out in accordance with applicable data protection law. The legal basis for such sharing is the performance of contractual obligations to the Data Subject (Art 6(1)(b) GDPR) and the legitimate interests of the group (Art 6(1)(f) GDPR).
§ 3. Categories of Personal Data Collected
Cuverse collects the following categories of Personal Data:
3.1. Identity and Contact Data
- Full name (for natural persons);
- Name and registration details of the legal entity (for B2B Customers);
- Date of birth;
- Nationality and country of residence;
- Email address;
- Telephone number (optional);
- Postal address (for certain operations);
- Country of tax residency.
3.2. Account and Authentication Data
- Login and password (the password is stored exclusively in encrypted form using modern hash functions);
- 2FA data (optional);
- Login and session logs;
- Login IP addresses;
- Device and browser information (User Agent).
3.3. Identification and KYC Data
For the purposes of compliance with AML/KYC regulations and the requirements of payment providers, Cuverse collects:
- Identity documents (passport, ID card, driving licence);
- Selfie or photo with a document for biometric verification;
- Proof of address (utility bill, bank statement);
- Other documents required by the KYC provider or by applicable law.
KYC verification is performed through an integrated KYC provider acting as a data processor for Cuverse Limited. Information on the specific provider is available on request (see § 16).
3.4. Financial Data
- Transaction history (Purchase Price, Package Price, Hosting Fees, Service Fees, Service Prepayment top-ups);
- Payment details (through integrated payment providers — Cuverse does not store full bank card data);
- Customer Wallet address (the external Bitcoin address provided by the Customer);
- History of Service Prepayment top-ups and debits;
- History of Loyalty Points accruals and use.
3.5. Mining-Related Data
- Identifiers of acquired Mining Hardware;
- Serial numbers of Mining Hardware (for Hosting Mode);
- Operating parameters (Hash Rate, Hosting Rate, Mining Pool selection);
- Data on Mining Rewards and their transfer to the Customer Wallet;
- History of switches between pools and operating modes.
3.6. Communications Data
- Messages sent by the Customer to the support service;
- History of email communications with Cuverse;
- Push notifications sent to the Customer and information on their delivery;
- Messages through the integrated chats on the website.
3.7. Technical and Usage Data
- Cookies and similar technologies (see the Cookie Policy);
- Data on navigation of the website and the mobile applications;
- Time spent on individual pages;
- Referral sources (where the user came to the website from);
- Device information (type, operating system, screen resolution);
- Geolocation (at country level, based on the IP address).
3.8. Marketing Preferences
- Consent to or refusal of marketing communications;
- Preferences as to categories of communications (news, product updates, promotions);
- History of interaction with marketing emails (opens, clicks).
3.9. Sanctions Screening Data
- Results of Customer screening against sanctions lists (OFAC SDN, EU consolidated sanctions list, UK OFSI, UN sanctions);
- Date and result of each check.
§ 4. Sources of Personal Data
Cuverse obtains Personal Data from the following sources:
(1) Directly from the Data Subject. Most Personal Data is provided by the Data Subject themselves at Account creation, when placing orders, undergoing KYC and contacting support.
(2) Automatically. Some data is collected automatically when using the Platform (cookies, logs, IP addresses, device information).
(3) From Third-Party Providers. Cuverse receives data from integrated providers:
- KYC providers provide identity verification results;
- Payment providers provide transaction statuses and (in certain cases) confirmations of the payer’s identity;
- Sanctions screening services provide the results of checks against sanctions lists.
(4) From Public Sources. In certain cases, Cuverse may consult publicly available sources (for example, sanctions databases or public corporate registries for B2B Customers).
§ 5. Purposes and Legal Bases of Processing
Cuverse processes Personal Data for the following purposes and on the following legal bases:
5.1. Account Creation and Management
Purposes: Account registration, authentication, account recovery, session maintenance, ensuring Account security.
Controller: Cuverse Technologies.
Legal basis: performance of a contract (Platform Terms of Use) — Art 6(1)(b) GDPR.
5.2. Conclusion and Performance of Mining Service Agreements
Purposes: order processing, conclusion of the Mining Hardware Hosting Agreement or the Mining Service Agreement, invoicing, monitoring of the Service Prepayment, the provision of hosting services and the operation of Service Packages.
Controller: Cuverse Limited.
Legal basis: performance of a contract — Art 6(1)(b) GDPR.
5.3. KYC and AML Compliance
Purposes: Customer identity verification, screening against sanctions lists, compliance with anti-money laundering legislation.
Controller: Cuverse Limited.
Legal basis: compliance with the legal obligations of Cuverse Limited — Art 6(1)(c) GDPR.
5.4. Payment Processing
Purposes: processing of payments for Mining Hardware, Service Packages, Hosting Fees and Service Prepayment top-ups.
Controller: Cuverse Limited (Cuverse Technologies — in respect of the technical infrastructure).
Legal basis: performance of a contract — Art 6(1)(b) GDPR.
5.5. Customer Support
Purposes: handling Customer enquiries, resolving technical and commercial issues, informing Customers of the status of services.
Controller: Cuverse Limited (for matters relating to mining) or Cuverse Technologies (for matters relating to the Platform).
Legal basis: performance of a contract — Art 6(1)(b) GDPR; legitimate interests — Art 6(1)(f) GDPR.
5.6. Marketing Communications
Purposes: informing Customers of new products, promotions and updates; sending newsletters.
Controller: Cuverse Technologies or Cuverse Limited (depending on the type of communication).
Legal basis: consent of the Data Subject — Art 6(1)(a) GDPR. The Customer may at any time withdraw consent through the corresponding function in the Account or the unsubscribe link in any email.
5.7. Analytics and Service Improvement
Purposes: analysis of Platform use, identification of popular features, improvement of the user experience, optimisation of marketing campaigns.
Controller: Cuverse Technologies.
Legal basis: legitimate interests of Cuverse Technologies in improving the quality of the Platform — Art 6(1)(f) GDPR. For analytics through third-party services — consent of the Data Subject through the cookie banner.
5.8. Security and Fraud Prevention
Purposes: protection of the Platform against cyber-attacks, detection of fraudulent operations, protection of Customer Accounts against unauthorised access.
Controller: both companies, each within its area of responsibility.
Legal basis: legitimate interests — Art 6(1)(f) GDPR; compliance with legal obligations — Art 6(1)(c) GDPR.
5.9. Legal Compliance and Defence of Claims
Purposes: compliance with applicable law, defence against potential legal claims, conducting legal proceedings.
Controller: both companies.
Legal basis: compliance with legal obligations — Art 6(1)(c) GDPR; legitimate interests — Art 6(1)(f) GDPR.
5.10. Tax Compliance
Purposes: accounting, preparation of tax returns, compliance with the requirements of tax authorities in Hong Kong and other applicable jurisdictions.
Controller: Cuverse Limited.
Legal basis: compliance with legal obligations — Art 6(1)(c) GDPR.
§ 7. International Data Transfers
7.1. Cross-Border Nature of Operations
Cuverse is an international group with operations in Hong Kong, Europe and other jurisdictions. Personal Data may be transferred between various jurisdictions, including:
- Hong Kong (the jurisdiction of incorporation of both Cuverse entities);
- the European Union (the jurisdiction of the majority of B2C Customers);
- other jurisdictions in which Cuverse contractors operate.
7.2. Adequacy Decisions
For each transfer of data outside the EEA, Cuverse ensures an appropriate level of protection by one of the following means:
- transfer to a country with an adequacy decision of the European Commission (Art 45 GDPR);
- the entry into the EU Standard Contractual Clauses under Commission Decision 2021/914, with the application of any supplementary measures determined as a result of a Transfer Impact Assessment;
- other mechanisms provided for in Art 46 GDPR.
7.3. Transfers to Third-Party Providers
Where Personal Data is transferred to third parties (providers under § 6), Cuverse ensures the application of appropriate transfer mechanisms:
- DPAs incorporating SCCs, where the provider is located in a jurisdiction without an adequacy decision;
- verification that the provider ensures an adequate level of security and compliance.
7.4. Data Subject Rights Preservation
Notwithstanding international data transfers, the Data Subject retains all rights granted under applicable law (GDPR for EU residents, PDPO for Hong Kong residents, and so on). Such rights may be exercised through the contact channels indicated in § 16 ([email protected] — for Cuverse Limited; [email protected] — for Cuverse Technologies Limited).
§ 8. Retention Periods
Cuverse retains Personal Data for no longer than is necessary for the purposes of processing and in accordance with applicable law. The retention periods for the various categories of data, with the corresponding legal basis, are set out below. Upon the expiry of the retention period, the data is deleted or anonymised, save where otherwise required by applicable law.
Upon expiry of the retention periods, Personal Data is deleted, anonymised or archived with restricted access, depending on the applicable requirements.
§ 9. Security Measures
Cuverse applies technical and organisational security measures appropriate to the risks of the processing of Personal Data, including:
(1) Technical measures:
- Encryption of data at rest for databases and file stores;
- Encryption of data in transit (TLS 1.2+) for all communications between the Customer and the Platform, as well as between the internal Cuverse systems;
- Role-Based Access Control (RBAC);
- Multi-factor authentication for the access of Cuverse staff to production systems;
- Firewall and DDoS protection;
- Regular backups with restore testing;
- Monitoring and intrusion detection systems;
- Regular security updates and patch management;
- Penetration tests and security audits;
- Isolation of production and non-production environments.
(2) Organisational measures:
- Internal policies and procedures for data protection;
- Training of Cuverse staff on data protection and information security requirements;
- Confidentiality agreements with staff and contractors;
- Least-privilege principle in respect of access to Personal Data;
- Logging of access to sensitive data;
- Procedures for responding to security incidents;
- Procedures for the notification of data breaches in accordance with applicable law.
(3) Data Breach Notification. In the event of a data breach, Cuverse shall notify the competent regulators (for example, EU supervisory authorities in the case of incidents affecting EU residents) within 72 hours of becoming aware of the incident, as required by Art 33 GDPR. In the event of a high risk to the rights and freedoms of Data Subjects, Cuverse shall also notify the affected Data Subjects directly.
§ 10. Your Rights as a Data Subject
In accordance with GDPR (for EU/EEA residents), PDPO (for Hong Kong residents) and other applicable law, Data Subjects have the following rights in respect of their Personal Data:
10.1. Right of Access (Art 15 GDPR)
The right to obtain from Cuverse confirmation as to whether their Personal Data is being processed, and where this is the case, to obtain a copy of such data together with information on the purposes of processing, the categories of data, the recipients, the retention periods and the other information set out in Art 15 GDPR.
10.2. Right to Rectification (Art 16 GDPR)
The right to the rectification of inaccurate Personal Data concerning the Data Subject, without undue delay. Also the right to have incomplete Personal Data completed.
10.3. Right to Erasure / “Right to be Forgotten” (Art 17 GDPR)
The right to the erasure of Personal Data on the grounds set out in Art 17 GDPR (for example, the data is no longer necessary for the purposes of processing, withdrawal of consent, unlawful processing). This right does not apply where processing is necessary for:
- compliance with the legal obligations of Cuverse (for example, AML and tax compliance);
- the establishment, exercise or defence of legal claims;
- other grounds provided for in Art 17(3) GDPR.
10.4. Right to Restriction of Processing (Art 18 GDPR)
The right to require Cuverse to restrict the processing of the Data Subject’s Personal Data in the cases set out in Art 18 GDPR.
10.5. Right to Data Portability (Art 20 GDPR)
The right to receive the Personal Data provided by the Data Subject to Cuverse in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller, where technically feasible.
10.6. Right to Object (Art 21 GDPR)
The right to object to the processing of Personal Data based on the legitimate interests of Cuverse (Art 6(1)(f) GDPR), at any time, on grounds relating to the Data Subject’s particular situation.
In respect of direct marketing, the Data Subject may object at any time without giving reasons, and Cuverse shall cease processing for direct marketing purposes without undue delay.
10.7. Right to Withdraw Consent (Art 7(3) GDPR)
Where processing is based on the Data Subject’s consent (for example, marketing or analytics through cookies), the Data Subject may at any time withdraw their consent. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
10.8. Right to Lodge a Complaint (Art 77 GDPR)
The Data Subject has the right to lodge a complaint with a data protection supervisory authority. For EU residents — with the relevant national data protection authority of the place of residence, work or alleged infringement. For Hong Kong residents — with the Office of the Privacy Commissioner for Personal Data (PCPD).
10.9. How to Exercise Your Rights
To exercise any of the rights listed above, the Data Subject may contact Cuverse:
- Email: [email protected] (Cuverse Limited) or [email protected] (Cuverse Technologies Limited) — depending on which of the controllers the request relates to; in case of doubt, the Data Subject may use either address;
- Through the Account: in the relevant section of the Account settings (for certain rights such as the modification of data and the withdrawal of marketing consent);
- Postal address: Cuverse Limited or Cuverse Technologies Limited at the addresses indicated at the beginning of this Privacy Policy.
Cuverse shall consider Data Subjects’ requests without undue delay, and in any event within one month of receipt of the request (with the possibility of an extension of up to a further 2 months in complex cases, subject to notification to the Data Subject of the extension).
Cuverse may require additional information to verify the identity of the Data Subject before fulfilling a request, in order to prevent the disclosure of data to unauthorised persons.
In most cases, the exercise of Data Subjects’ rights is free of charge. Cuverse reserves the right to charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (for example, repetitive requests).
§ 11. Marketing Communications
(1) Consent-Based. Cuverse sends marketing communications to Customers (email newsletters, push notifications, in-app messages) only on the basis of the Customer’s express consent obtained at registration or subsequently.
(2) Opt-Out. The Customer may at any time opt out of marketing communications:
- through the unsubscribe link in any marketing email;
- through the Account settings;
- by sending a request to [email protected].
(3) Service Communications. Regardless of any consent to marketing, Cuverse continues to send the Customer service communications (for example, notifications regarding the status of an order, changes to contractual terms or security alerts) which are necessary for the performance of contractual and legal obligations. Such communications are not considered marketing.
(4) Profiling for Marketing. Cuverse may use data on the Customer’s behaviour on the Platform to personalise marketing communications (for example, to recommend products that may be of interest to the Customer). Such processing is carried out on the basis of the Customer’s consent and may be disabled through the Account settings.
§ 13. Automated Decision-Making and Profiling
(1) Art 22 GDPR Framework. Cuverse uses automated systems in the KYC verification process and for certain operational purposes. Automated screening includes: (a) the matching of government IDs against sanctions and PEP lists; (b) biometric comparison of the face with the document; (c) analysis of geographical and device indicators. A decision to refuse to open an Account is never taken solely by an automated system: where automated screening produces a negative outcome, the Account is referred for manual review by a Cuverse staff member, in accordance with Art 22(2)(b) GDPR.
(2) Limited Automated Decision-Making Cases. Cuverse uses limited automated decision-making in the following cases:
- KYC verification — automated checks of documents and biometric verification through the KYC provider. The results of automated screening are reviewed by a person in cases of dispute;
- Sanctions screening — automated screening against sanctions lists. In the event of a potential match, the decision on further processing is taken by a Cuverse staff member manually;
- Fraud detection — automated systems may block suspicious operations for further manual review.
(3) Right to Human Review. In cases where an automated decision significantly affects the Data Subject (for example, refusal of KYC or blocking of the Account), the Data Subject has the right:
- to request a statement of Cuverse’s position on the decision taken;
- to contest the decision in accordance with the procedure provided for in § 6(2a) of the Acceptable Use Policy (Appeal Process);
- to require a re-examination involving an authorised member of staff;
- to express their point of view.
A request for review shall be sent to [email protected].
(4) No Substantive Profiling Beyond Marketing. Cuverse does not apply profiling for substantive decisions affecting the Customer, save in the cases described above. Profiling for marketing purposes is described in § 11(4) and is carried out on the basis of the Customer’s consent.
§ 14. Children’s Data
The Cuverse services are not intended for use by persons under 18 years of age. Cuverse does not knowingly collect Personal Data of minors.
If Cuverse becomes aware that an Account has been created by a minor, or that Personal Data of a minor has been collected without the consent of a parent or legal guardian, Cuverse shall promptly delete such data and close the corresponding Account.
If a parent or legal guardian believes that their minor child has provided Personal Data to Cuverse, they may contact [email protected] for the deletion of the relevant data.
§ 15. Changes to This Privacy Policy
(1) Right to Update. Cuverse reserves the right to update this Privacy Policy to reflect changes in data processing practices, changes in applicable law or other circumstances.
(2) Notification of Material Changes. Material changes to the Privacy Policy will be notified to Data Subjects:
- by notice on the Cuverse website;
- by email to the address indicated in the Account (for registered users);
- by push notifications in the mobile applications.
Material changes take effect no earlier than 30 days following notification.
(3) Continued Use as Acceptance. The continued use of the Platform or the Cuverse services after the changes take effect is deemed acknowledgement by the Data Subject of the updated Privacy Policy. If the Data Subject does not agree to the changes, the Data Subject may cease using the Platform and delete their Account.
(4) Version History. The version history of the Privacy Policy is retained and is available on request.
§ 16. Contact and Complaints
16.1. Contact Channels
For matters relating to data protection, the processing of Personal Data and the exercise of Data Subjects’ rights:
- Cuverse Limited (Mining Services, KYC, billing): [email protected]
- Cuverse Technologies Limited (Platform, Account, cookies, analytics): [email protected]
- Postal address: Cuverse Limited / Cuverse Technologies Limited, at the addresses indicated at the beginning of this Privacy Policy (with the subject “Privacy Inquiry”)
If the Data Subject is unsure which of the controllers is responsible for their specific request, they may contact either of the addresses indicated, and Cuverse will, within the group, route the request to the appropriate controller.
16.2. Data Protection Officer (DPO)
On the basis of an assessment carried out in accordance with Art 37 of Regulation (EU) 2016/679 (GDPR), Cuverse has determined that the appointment of a Data Protection Officer (DPO) is not required at the current stage of operations, having regard to the scale of the processing of personal data. This assessment is reviewed annually, as well as in the event of a material increase in the volume of personal data processed or an expansion of activities in the EEA. For data protection matters, please contact: Cuverse Limited — [email protected]; Cuverse Technologies Limited — [email protected].
16.3. Right to Lodge a Complaint with Supervisory Authority
If the Data Subject considers that the processing of their Personal Data infringes applicable law, they have the right to lodge a complaint:
- For EU/EEA residents: with the relevant national data protection authority of the place of residence, work or alleged infringement. The list of national DPAs is available on the website of the European Data Protection Board (EDPB): https://edpb.europa.eu/about-edpb/about-edpb/members_en
- For Hong Kong residents: with the Office of the Privacy Commissioner for Personal Data (PCPD): Website: https://www.pcpd.org.hk, Email: [email protected]
- For residents of other jurisdictions: with the relevant national data protection regulator.
Cuverse encourages Data Subjects to contact Cuverse directly for the resolution of the matter prior to lodging a complaint with a regulator, although this is not a precondition.
§ 17. Country-Specific Provisions
17.1. European Union / EEA Residents
For EU/EEA residents, GDPR applies. All Data Subject rights listed in § 10 are exercised in accordance with the requirements of GDPR. For the purposes of GDPR, the two Cuverse companies are independent controllers, as described in § 2.
17.2. Hong Kong Residents
For Hong Kong residents, the PDPO applies. Cuverse complies with the six Data Protection Principles set out in Schedule 1 of the PDPO:
- Purpose and manner of collection;
- Accuracy and duration of retention;
- Use of personal data;
- Security of personal data;
- Information to be generally available;
- Access to personal data.
Hong Kong residents may exercise their rights through the contact channels indicated in § 16 ([email protected] for Cuverse Limited; [email protected] for Cuverse Technologies Limited).
17.3. United States Residents
For the purposes of this Privacy Policy, US Customers may enter into only the Mining Hardware Hosting Agreement (Service Packages are not available to US Customers pursuant to § 6(2)(h) and § 14(3) of the Mining Service Agreement).
US Customers resident in states with applicable data protection legislation (for example, the California Consumer Privacy Act / CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA) have additional rights under the corresponding state-level legislation. Cuverse complies with the applicable requirements and provides US Customers with the means to exercise the corresponding rights through the contact channels indicated in § 16.
17.4. Other Jurisdictions
Cuverse complies with applicable data protection legislation in other jurisdictions in which its Customers are resident. For matters specific to a particular jurisdiction, Data Subjects may contact Cuverse through the contact channels indicated in § 16.