Mini Power Bank PRIVACY POLICY (U.S.)

1. ABOUT THIS PRIVACY POLICY

In Short: This Policy explains how we handle your Personal Information. It helps you understand what we do with it and your privacy rights.

Welcome! This Privacy Policy (“Policy”) explains how UAB Orbio World, trading as Mini Power Bank brand and other Household brands (“Company”, “we”, “us”, or “our”) handles your Personal Information (“Personal Information” or “Data”) when you:

• Visit our sales websites (“Website”);

• Purchase our products or services (“Goods” or “Service”);

• Otherwise interact with us (support, social media, contests, affiliate programs, etc.).

This Policy applies only if you are resident of United States and it outlines what Personal Information we collect, its purposes, how we use and share it, how long we retain it, your rights, and how we protect your Data. We are fully committed to process your Personal Information lawfully, fairly, and transparently in accordance with:

• the California Consumer Privacy Act (CCPA/CPRA);

• U.S. state privacy laws (e.g. VCDPA, CPA, CTDPA, UCPA);

If you do not agree with our practices, please refrain from using the Website, purchasing our Goods or Services or submitting your Data in any other way. This Policy is effective as of 19th of November 2025.. We may update this Policy occasionally all updates take effect upon publication, so we encourage you to review it regularly to stay informed.

2. WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION?

אנחנו: UAB Orbio World, בקר הנתונים האישיים שלכם

מספר החברה שלנו הוא: 305049890

הכתובת הרשומה שלנו: K. Donelaičio St. 60, LT-44248 Kaunas

כתובת הדוא"ל של התמיכה שלנו: support@muama.com

We have appointed a Privacy Officer to oversee our Data protection obligations. You can contact the Privacy Officer directly at dpo@muama.com, or use any of the communication methods provided in Section 11 of this Policy.

3. CATEGORIES OF INFORMATION COLLECTED AND HOW IT IS USED

בקצרה: אנו אוספים בעיקר רק את הנתונים הדרושים לאספקת המוצרים או השירותים שלנו ולתפעול אתר האינטרנט שלנו. סעיף זה מסביר מדוע אנו אוספים אותם וכיצד אנו משתמשים בהם.

We only collect the Data we truly need – and only use it for clear, lawful reasons. Below, you’ll find a detailed list of the categories of information we collect, how we use it, and how long we keep it. This section also serves as our Notice at Collection under the California Privacy Rights Act (CPRA) and Summary of Processing for the 12 Months Preceding.

We may collect or process the following categories of information, depending on how you interact with us. More detailed information provided in tables below:

Here are also few important things for you to know:

• Automated tools and AI: We may use AI or other fully or semi-automated technologies to support service delivery (e.g., chatbots, ChatGPT, Gemini, AI tools providers and etc.), but we do not use automated decision-making that produces legal or similarly significant effects on you. All AI-assisted or automated responses are reviewed by humans when decisions could impact your rights.

• Cross-Context: We may combine information from different sources (e.g., your Website activity, purchase history, and customer-service interactions) to improve your experience and our service.

• We may “sell” or “share” Data: Under California law, a “sale” includes making Personal Information available to a third party for any form of value, not only for money, and “sharing” refers to disclosing Personal Information for cross-context behavioral advertising. We do not sell Personal Information for monetary consideration, but in some cases we share limited data - such as internet or network activity and inferences - with advertising and analytics partners to measure performance and deliver relevant ads. You can opt out at any time through our “Your Privacy Choices” link, and where required by law, we honor browser- or device-based opt-out signals (e.g., Global Privacy Control).

• Children’s data: Our Website and Services are not intended for minors. We do not knowingly collect, sell, or share Personal Information of individuals under the age established by law. If we become aware of such a collection, we will delete the information promptly.

4. PERSONAL INFORMATION COLLECTION SOURCES

In Short: We get your Data directly from you, through your use of our Website, or from trusted third parties, public sources, etc. This helps us operate our business and stay in touch with you.

We collect Personal Information from the following categories of sources:

• Directly from you: When you place an order, contact us for support or inquiries, complete forms or surveys, participate in contests or promotional campaigns, communicate with us by email, phone, chat, or social media, or otherwise use our Services.

• Automatically via technology: When you visit or interact with our Website or other online platforms, we automatically collect certain Data, including identifiers and information regarding your activity using cookies, pixels, SDKs, log files, and similar technologies. We use these tools to improve functionality, enhance your experience, analyze usage patterns, and secure our systems.

• From third parties, vendors, and service providers: We collaborate with carefully selected partners (e.g., payment processors, shipping carriers, analytics and marketing platforms, and customer-support providers). They may share limited Personal Information with us when they collect them during service.

• From our affiliate and referral partners: If you follow a referral link, use a partner discount code, we may receive information that might contain your Personal Information.

• From other Intra-Group companies (if applicable): Where necessary for internal administrative, service provision, or business development purposes, we may receive your Data from other entities within our corporate group.

• From publicly available sources (if applicable): Where appropriate and permitted by law, we may collect Personal Information from public registers (e.g. company registries, professional association websites), official government databases, or social media profiles (e.g. LinkedIn), particularly in the context of business-to-business (B2B) communication, professional outreach or due diligence.

Note! This Policy does not govern the privacy practices of unaffiliated third parties that operate independently, such as external social networks, advertising providers, or linked websites. We encourage you to review their privacy policies to understand how they process your information.

5. CATEGORIES OF INFORMATION DISCLOSED & SHARED WITH THIRD PARTIES

In Short: We share your Data but only when necessary and with strong safeguards - always ensuring your privacy is protected.

We share your Personal Information when necessary, and with your privacy in mind.

We may share limited Data with trusted third parties to provide our Services, meet legal obligations, or support business daily operations. Whenever we do, we ensure that your Data is protected and handled responsibly. We may share your Data with:

• Service Providers, Contractors: We engage with various service providers to support our business functions (e.g. IT support, hosting, payments, shipping, analytics, customer service, marketing, auditing, legal services, etc.). These providers may access only the Data required to perform their duties and are contractually prohibited from using it for any other purpose.

• Intra-Group Companies: We may share your Data with other entities within our corporate group for internal administrative purposes, centralized services, or to provide integrated services. All intra-group transfers are covered by internal data-protection agreements ensuring consistent safeguards across all locations.

• Advertising/ Analytics Partners or Third Parties: We may share limited Data with platforms that deliver marketing campaigns and analytics. Under California law, this type of disclosure may be considered “sharing” for cross-context behavioral advertising. You can opt out at any time by using our link placed at the bottom of the Website footer “Your Privacy Choices”.

• Public or governmental authorities: In certain circumstances, your Data may be shared with third parties such as public authorities, law enforcements, courts, insurers, fraud prevention services agencies, independent service providers etc.

• Other corporates or auditors: In the context of a potential or actual merger, acquisition, asset sale, or restructuring, we may disclose limited Data to potential investors, buyers, or their auditors, and advisors.

• Other third parties with your consent: Where legally required, we will only share your Data with third parties if you have explicitly given us your informed, freely given consent.

6. PERSONAL INFORMATION RETENTION PERIODS

In Short: We keep your Data only as long as needed for legal, contractual, or Services-related purposes - then we delete or anonymize it securely.

אנו שומרים את הנתונים שלכם רק למשך הזמן הנדרש על מנת:

• Fulfil the purposes for which it was collected,

• Provide you with our Goods or Services,

• Comply with legal, regulatory, or contractual obligations, or

• Resolve disputes or enforce our agreements.

Detailed retention periods for each Data processing purpose are set out in Section 3 of this Policy. Once the applicable retention period has expired, we will either securely delete your Data or irreversibly anonymize it within a reasonable timeframe, in line with best industry practices and legal requirements.

7. SECURITY OF PERSONAL INFORMATION

בקצרה: אנו משתמשים באמצעים טכניים וארגוניים חזקים כדי לשמור על בטיחות הנתונים שלכם ופועלים באופן רציף כדי למנוע גישה בלתי מורשית וכדי להגן על פרטיותכם.

We are committed to protecting your Data and take the security of your information seriously. We apply a combination of technical and organisational measures to prevent unauthorised access, accidental loss, misuse, alteration, or disclosure of Personal Information. These safeguards reflect the principles of privacy laws, including accountability, limiting collection, accuracy, openness, and safeguards:

• Processing Personal Information fairly, lawfully, and transparently;

• Limiting collection and retention to what is necessary;

• Restricting access to authorized employees only;

• Requiring service providers to meet strict security standards;

• Providing regular privacy and security training to staff;

• Conducting periodic internal and external audits;

• Using encryption and other safeguards where sensitive information may be involved;

• Performing regular Data backups and logging activity for security purposes;

• Continuously monitoring our systems for threats and vulnerabilities;

• Updating our processes as risks and technology evolve.

Note! Even with strong safeguards, no system or internet transmission is completely risk-free. To help protect yourself, use strong and unique passwords, keep them confidential, secure your devices, and be cautious with suspicious links. If a data breach occurs that poses a risk of significant harm, we will notify affected individuals and regulators as required by law.

8. INTERNATIONAL PERSONAL INFORMATION TRANSFERS

In Short: Sometimes we need to transfer your Personal Information outside your country or state, but only when necessary and always with strong legal safeguards to keep your Data protected.

Our Company works with partners and service providers around the world. This means your information may be transferred outside the United States - for example, to the EU, the UK, or other countries where our Intra-group companies or service providers are located.

Whenever we transfer Personal Information internationally, we apply appropriate contractual, organizational, and technical safeguards to ensure an equivalent level of protection consistent with the privacy laws of your jurisdiction. These safeguards may include:

• Data-transfer agreements incorporating Standard Contractual Clauses (SCCs) or their local equivalents approved by regulators;

• Intra-group data-protection agreements binding all affiliated entities to the same high standards of confidentiality and security;

• Vendor due diligence to confirm that third-party processors maintain adequate security and privacy controls; and

• Risk assessments and ongoing monitoring of cross-border data flows.

9. AUTOMATED DECISION MAKING AND ARTIFICIAL INTELLIGENCE

In Short: We use some AI and automated tools to support our Services, but we do not rely on them to make decisions that have legal or similarly significant effects on you.

We may use certain Artificial Intelligence (AI) - based tools and fully or semi-automated systems - for example, AI may help our customer service team by suggesting draft replies or transcribing a call to enhance the speed and accuracy of our services.

However, we do not engage in automated decision-making, including profiling, that produces legal, financial or similar effects concerning you. Specifically:

• כל המלצה, תגובה או מידע שנוצרו על ידי כלי בינה מלאכותית ניתנים למטרות מידע בלבד וכפופים לבדיקה ולאימות על ידי הצוות האנושי שלנו;

• We do not use algorithms or automated systems to make decisions about you that produce legal effects (e.g., the denial of a service), without meaningful human involvement;

• You have the right to request human intervention and express your point of view if you believe any decision or response has been generated through automated means that significantly affects you, and to obtain an explanation and review of such a decision by a human member of our staff;

• We try to be transparent and inform you when AI or automation was used to help deliver a service;

• We never use your identifiable Personal Information to train AI models. If any Data is used for improvement, it is anonymized so it can no longer identify you;

• We keep this information only as long as needed to deliver the service, protect it under strict contracts with our vendors, and prohibit those vendors from using identifiable data for their own model training.

10. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION

In Short: You have rights over your Personal Information, including access, correction, deletion, objection, and more. This section explains what those rights are and how they work.

If we process your Data as set out in this Policy, or you believe we may be doing so, you have the following rights. These rights apply regardless of whether we process your Data as a client, supplier, contractor, or professional contact:

If you are a U.S. resident or our processing relates to U.S. individuals, your rights under State Privacy Laws (which may vary by state):

• Right to know/access – Request information about the categories and specific pieces of Personal Information we have collected, used, disclosed, sold, or shared about you, and obtain a copy of that Data.

• Right to deletion – to request the deletion of Personal Information we hold about you, subject to certain exceptions ((e.g., to complete a transaction, detect fraud, or comply with recordkeeping laws).

• Right to correction – to request correction of inaccurate Personal Information.

• Right to data portability – to request receive a copy of your Personal Information in a portable format.

• Right to Opt-out of Sale or Sharing (California law and other states) – Opt-out of the "sale" or "sharing" of Personal Information, including use for cross-context behavioral advertising. We provide a link in footer "Your Privacy Choices" where you can easily execute your right.

• Right to Limit the Use of Sensitive Personal Information (CPRA) – Request that we restrict the use and disclosure of your sensitive information (e.g., precise geolocation, health data, or financial details) beyond what is necessary to provide requested services.

• Right to Opt-Out of Profiling (where applicable by state law) – Object to profiling that produces legal or similarly significant effects concerning you.

• Right to Non-Discrimination – You should not receive any discriminatory treatment for exercising your privacy rights.

• Right to Appeal (Virginia, Colorado, Connecticut) – If we deny your privacy rights request, you may appeal our decision by contacting us through the same request channel. If your appeal is denied, you may contact your state Attorney General.

• Right to limit use of sensitive Personal Information (CPRA only) – to request restrictions on how we use sensitive information (e.g., precise geolocation, health data, financial data).

• Right to non – discrimination – You will not be treated differently for exercising your privacy rights.

• Right to appeal – You have the right to appeal if we deny your privacy rights request (as required by Virginia, Colorado, and Connecticut laws). If the appeal is denied, you may contact your state Attorney General.

שימו לב: זכויותיכם אינן מוחלטות. במקרים מסוימים, מימוש זכויותיכם עשוי להיות מוגבל במסגרת חוקי הגנת המידע הרלוונטיים - לדוגמה, כאשר מילוי בקשתכם יפגע בזכויותיהם ובחירויותיהם של אחרים, או כאשר אנו נדרשים על פי חוק לשמור נתונים אישיים מסוימים (למשל, לצורך תאימות, תביעות משפטיות או למטרות רגולטוריות).

11. כיצד לממש את זכויותיכם או ליצור איתנו קשר?

If you have any general questions about this Policy, how we process Data, complaint or if you wish to exercise any of your Data Subject rights, you can contact us by email at: dpo@muama.com or via post address: K. Donelaičio St. 60, LT-44248 Kaunas.

כדי שנוכל לעבד את בקשתכם ביעילות, אנא:

• הבהירו בבירור את שאלתכם או תלונתכם,

• specify which right you wish to exercise (if applicable),

• ספקו מספיק מידע כדי לזהות אתכם (אנו עשויים לבקש הוכחת זהות או להמשיך בתהליך אימות זהות), ו

• תכללו כל פרט רלוונטי שיעזור לנו להגיב במהירות.

You may also authorize someone to act on your behalf. If so, please ensure your authorized person provides us with written and signed permission confirming they are allowed to act for you. We may deny a request if sufficient proof of authorization is not provided.

We aim to respond without undue delay within 45 days of receiving your request. This time is extendable by an additional 45 days where reasonably necessary in which case, we will inform you in advance and explain the reason for the delay.

סוף המדיניות