Privacy Policy

SCOPE AND PURPOSE OF THIS PRIVACY NOTICE

Updated: August 2022

LET'S TALK PRIVACY.

Payhound Limited is committed to protecting your Personal Data in accordance with the European Union's General Data Protection Regulation [EU] 2016/679 (the "GDPR") and the Data Protection Act (Chapter 586 of the Laws of Malta) (the "Act") (together, the GDPR and the Act shall be referred to as the "Data Protection Laws").

This General Privacy Policy details the manner in which we handle your Personal Data in accordance with said Data Protection Laws, which are aimed at strengthening the protection of Personal Data of individuals. It is important that you read this Privacy Policy together with any other privacy or fair processing notice/s we may provide when we collect your Personal Data so that you are fully aware of the manners in which we use and safeguard your Personal Data.

This site and Payhound Limited's services are not intended for minors below the age of 18 years. We do not knowingly collect data relating to minors.

This Privacy Policy was updated in August 2022.

WELCOME TO OUR GENERAL PRIVACY POLICY

This Privacy Policy applies to the operations of Payhound Limited (C-86493) (the "Company" / "Data Controller"), a Malta-based company which operates in the cryptocurrency industry, providing, primarily, cryptocurrency payment processing services, cryptocurrency exchange services and cryptocurrency wallet services (the "Payhound Services" or the "Services").

[PLEASE NOTE: The GDPR distinguishes between two main entities which utilise Personal Data, namely Controllers and Processors. A Controller is a party who holds your Personal Data and has the decision-making power in relation to how and for what purpose your Personal Data is being processed. A Processor is a third party who is processing Personal Data on behalf of and in accordance with the instructions of a Controller, for example, an IT services provider who provides data storage services to an accountancy firm would likely be that accountancy firm's Processor.]

1. Who we are.

Throughout this Privacy Policy, the terms, the 'Company', 'we', 'us' and 'our' refer to Payhound Limited. As explained further below, Payhound Limited collects and handles Personal Data in the course of its business. While the Personal Data we process relates mainly to our customers, we may also collect Personal Data pertaining to other individuals, as explained further below.

OUR CONTACT DETAILS

Full name of Controller:

Payhound Limited

Postal address (Premises):

Level 1D, Centris Business Gateway II, Triq is-Salib tal-Imriehel, Zone 3 Central Business District, CBD 3020, Birkirkara, Malta

Email address:

[email protected]

2. Changes to our Privacy Policy

We may update this Privacy Policy from time to time. You can tell when this Privacy Policy was last updated by looking at the date at the start of this Privacy Policy. Any changes to our policy will become effective upon posting of the revised statement on this website. We will seek your express consent to any changes to how we use or disclose your Personal Data if requested by law. Otherwise, use of this website following such changes constitutes your acceptance of the revised Privacy Policy then in effect. Please refer to this page every so often.

3. What is the GDPR?

The GDPR is aimed at strengthening the protection of the Personal Data of individuals. You are the owner of your Personal Data and this law strives to enhance the rights that you have in relation to your Personal Data. This Privacy Notice details the manner in which we handle and process your Personal Data in accordance with the Data Protection Laws.

4. Personal Data, Special Categories of Data and Processing

Personal Data is information that relates to an individual and is able to identify that person as a unique being. This would include information such as names and surnames, photographs, contact details, identity card and passport details and other similar information. Anonymised data is not Personal Data since it cannot uniquely identify an individual.

Special categories of data include Personal Data which is intrinsically more sensitive in nature. This would consist of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Should it become necessary for us to process any such kind of Data in order for us to successfully run our operation, we guarantee that any such processing shall comply with all the relevant principles, requirements and security measures mandated by the GDPR and the Act in relation to the processing of such Data.

Processing essentially means the use of your Personal Data. Activities such as our collection of your Personal Data, its storage, disclosure or alteration are all deemed to constitute 'Processing' of your Personal Data.

5. Your Rights

As a data subject, and under certain circumstances, you have certain data protection rights at law:

ACCESS: you have the right to access your Personal Data and request a copy thereof.

RECTIFICATION: you have the right to rectify any incorrect Personal Data that we may hold about you.

ERASURE: you have the right to be forgotten, which enables you to ask us to delete your Personal Data where there is no good reason for us continuing to process it. Note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, and if we are so permitted, at the time of your request. If you opt to exercise this right, we may not always be able to continue our relationship with you or continue providing our Services to you.

RESTRICTIONS ON PROCESSING: you have the right to request the restriction of our processing. This can be done in the following cases: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. If you opt to exercise this right, we may not always be able to continue our relationship with you or continue providing our Services to you.

PORTABILITY: you have the right to data portability. Your data may be requested in a machine-readable format (for example, in the form of a spreadsheet or a '.csv' file) and you may also ask that your data be transferred directly to another person or services provider. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

OBJECTIONS TO PROCESSING: you may object to the processing of your data where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

WITHDRAWAL OF CONSENT: if you have provided consent for the processing of your data you have the right, in certain circumstances, to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. Any processing activities that are not based on your consent will remain unaffected.

AUTOMATED DECISION-MAKING AND PROFILING: you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Note that we do not exercise decision-making and profiling in an automated manner.

If you wish to exercise any of the rights set out above, please contact us – kindly refer to Section 14 'Enquiries' for further information on the manner in which may do so. We will try to respond to all legitimate requests within one month and may require that you send over specific information to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights as outlined directly above).

You will not have to pay to access your Personal Data (or to exercise any of the other rights mentioned above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Please note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If we are permitted, and if a decision is taken to override your data subject request, we will inform you.

6. Whose Personal Data we collect

[PLEASE NOTE: If you are a merchant holding a user account on our website and making use of our Services (a "Merchant"), or an individual shareholder, company officer or executive of a corporate Merchant, we will process your Personal Data as required and in accordance with our Merchant Privacy Policy, available on our online platform, and which is accessible solely to our customers. This General Privacy Policy therefore covers the processing of Personal Data pertaining to the Data Subjects identified in the categories below.]

This Privacy Policy is intended to govern the collection of the Personal Data pertaining to the below individuals:

Website Visitors – individuals visiting our website;

Visitors at our Premises – individuals visiting our Premises for any reason, inclusive of meetings, scheduled maintenance or the provision of services;

Third Parties generally – this is a generic category of Data Subjects that typically includes individuals with whom we do not have a direct contractual relationship, such as prospective individual services providers and persons contacting the Company with enquiries or for any other reason;

Prospective Merchants – individuals being prospective customers who have expressed an interest in engaging our Services;

Individual Shareholders, Company Officers and/ or Executives of Prospective Merchants that are legal persons, such as companies – individuals who are generally owners and/ or legal and judicial representatives of the Prospective Merchant when the latter is a legal person.

End Users of our Customers – individuals being clients of our customers, through whom they make use of the Payhound Services.

Individual Shareholders, Company Officers and/ or Executives of legal persons that are End Users of our Customers – individuals who are generally owners and/ or legal and judicial representatives of legal persons, the latter being clients of our customers, through whom such legal persons make use of the Payhound Services.

If you provide us with Personal Data about someone else, it is your responsibility to ensure that you are entitled to disclose that Personal Data to us. You must ascertain that these persons comprehend how their details will be used, and that they have allowed you to disclose that information to us, as well as allowed us, and our outsourced services providers, to process it.

7. Data we collect about you

When processing Personal Data pertaining to you as constituting a Data Subject identified in categories in section 6 i-vii directly above, we may, depending on the case at hand, collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Identification Data: includes name, surname, title, date of birth, and, if necessary, identification documents and details, such as identity card and passport information. We may also request additional information in order to evidence your identity, particularly if we are required by law to do so.

Contact Data: includes postal address, email address and telephone and/or mobile number.

Compliance Data (AML, Combatting Funding of Terrorism ("CFT") and Know-Your-Client ("KYC")): includes Identification Data and Contact Data, and shall also cover, as necessary, proof of residence, such as a utility bill, professional references, tax domicile information, financial status information, such as bank statements, source of wealth and source of funds, KYC (database) checks and any other information or documentation which may be required from time to time by the applicable rules and regulations. In carrying out its KYC checks, Payhound may also come across criminal record and conviction information, which it shall only process in strict accordance with the law, and which shall be categorised under Compliance Data

Financial Data: includes bank account and e-wallet details, as well as any relevant taxation data (this includes any applicable income tax / VAT information).

Investment Data: includes information about your investment objectives, experience as well as prior investments.

Transactional Data: includes information about the transactions carried out by end users of our customers on or via our electronic platform.

Cookie Data: includes information collected via cookies used on our website, as better explained in our Cookie Policy.

In all cases, we may request additional and proportionate information if and when we deem such to be necessary.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

For further information regarding the types of Personal Data we collect and why, please read through sections 8 and 9 of this Privacy Policy, below.

8. How do we collect your Personal Data?

We use different methods to collect your Personal Data. Any Personal Data collected is a result of, and relates to, your relationship with us:

Website Visitors: we collect Identification Data and/ or Contact Data as submitted to us by yourself if you decide to utilise the 'Contact Us' form on and through our website.

Furthermore, and upon accessing our website, Cookie Data is processed by ourselves and by our third party processors throughout the duration of your session. More information on the use of cookies on our website is found in our Cookie Policy.

Visitors at our Premises: upon entering into our Premises, our front desk may manually collect the Identification Data and/ or Contact Data that would be deemed proportionate and necessary in the circumstances.

Third Parties generally: this is a generic category of Data Subjects, as explained in section 6 iii further above. For example, in each of the following categories, Identification Data and Contact Data are usually collected through direct interaction with the data subject:

• Prospective services providers: when you, as a prospective individual services provider, express an interest in doing business with us, and during the course of our negotiations or dealings;

• Persons contacting us: upon contacting us by means other than our website, such as through a telephone enquiry; and

• Representatives / agents: when an individual has been sent to deal with us on behalf of another entity, be it another individual or a third party. For the purposes of this Privacy Policy, Individual Shareholders, Company Officers and/ or Executives of Prospective Merchants that are legal persons, such as companies, comprise a separate category of data subjects, and shall accordingly be treated as such.

Prospective Merchants: we collect your Personal Data when you express an interest in engaging our Services, and this is typically done through:

• Direct interactions, through meetings, calls, email correspondence or by other means, usually when you submit the relevant Identification Data, Contact Data, Compliance Data, Financial Data and Investment Data to us; and

• Third parties and other available sources, such as the Malta Registry of Companies, company registers of other jurisdictions, and from electronic data searches, online search tools, anti-fraud databases and other third party databases, sanctions lists and general searches carried out via online search engines.

Individual Shareholders, Company Officers and/ or Executives of Prospective Merchants that are legal persons, such as companies: we collect your Personal Data when the Prospective Merchant, of which you are a shareholder, company officer or executive, expresses an interest in engaging our Services, and this is typically done through:

• Direct interactions, through meetings, calls, email correspondence or by other means, usually when you submit the relevant Identification Data, Contact Data and Compliance Data to us; and

• Third parties and other available sources, such as the Malta Registry of Companies, company registers of other jurisdictions, and from electronic data searches, online search tools, anti-fraud databases and other third party databases, sanctions lists and general searches carried out via online search engines.

End Users of our Customers: we collect your Personal Data when a transaction made by yourself, through our customer (of which you are a client), over our electronic platform is deemed to present a higher risk, and such information is typically collected through our said customer.

Individual Shareholders, Company Officers and/ or Executives of legal persons that are End Users of our Customers: we collect your Personal Data when a transaction made by the legal person of which you are an individual shareholder, company officer or executive, through our customer (of which said legal person is a client), over our electronic platform is deemed to present a higher risk, and such information is typically collected through our said customer.

9. How do we use your Personal Data?

We will only process your Personal Data on the basis of legally permissible grounds as deriving from the Data Protection Laws, and as better described in the table below. We may process your Personal Data on the basis of more than one lawful ground depending on the specific purpose for which we are using your Personal Data.

Generally, the grounds we utilise to collect and process your Personal Data are as follows:

Data Subject

Data

Lawful Bases in terms of the GDPR

Purpose

Website Visitors

Identification Data

Contact Data

a. Protection of our legitimate interests (or those of a third party), such that we may require this information for security, administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis.

[PLEASE NOTE: "Legitimate Interests" means our interests to conduct and manage our business affairs appropriately, to protect our reputation, and to provide our clients and website users with a professional and secure experience. We make sure we consider and balance any potential impact on your rights before we process your Personal Data for our legitimate interests. Unless you have consented or it is otherwise required or permitted by law, we do not use your Personal Data for activities where our interests are overridden by the impact on you.]

We may collect your Personal Data in order to stay organised and be in a position to respond to your queries with the intention of growing our customer base and network.

b. Consent.

We will, if you so desire, and based on the information you provide, respond to your queries and/ or provide you with further information about our Services.

Website Visitors

Cookie Data

a. Protection of our legitimate interests, such that we require this information in order for our website to function securely.

Please refer to our Cookie Policy for further information.

Visitors at our Premises

Identification Data

Contact Data

a. Protection of our legitimate interests (or those of a third party), such that we may require this information for security, administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis.

In this regard:

- We may keep and update a visitor log which identifies the people that have visited our premises; and

- We will also be positioned to defend legal proceedings, pursue any available remedies, or limit the damages that we may sustain.

b. For reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued.

We strive to ensure that our premises, as well as our data, are kept secure. Aside from keeping a visitor log, information we record about visitors may be transmitted to law enforcement and other authorities should the need arise.

c. Consent.

We will, if you so desire, and based on the information you provide, respond to your queries and/ or provide you with further information about our Services.

Third parties generally

Identification Data

Contact Data

a. This is a generic category of Data Subjects, as explained in section 6 iii further above. The identification of the specific legal ground would be dependent on the case at hand. However, the more common scenarios of data Processing in this case are supported by the following legal grounds:

(a) Adherence to our legal obligations generally and as applicable;

(b) Eventual performance of a contract with you or a person you represent;

(c) Protection of our legitimate interests (or those of a third party), such that we may require this information for security, administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis.

(d) Consent.

The specific purpose is established on a case-by-case basis.

Prospective Merchants

Identification Data

Contact Data

Compliance Data

Financial Data

Investment Data

a. Adherence to our legal obligations, particularly as deriving from the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (the "PMLA"), the Prevention of Money Laundering and Funding of Terrorism Regulations (Subsidiary Legislation 373.01 of the Laws of Malta) (the "PMLFTR") and the relevant Implementing Procedures (the "IPs") as may be published by the Financial Intelligence Analysis Unit (the "FIAU").

In this regard:

- We will verify your identity through our KYC processes;

- We will be able to determine if we may enter into a contractual relationship with you;

- We will be able to detect, prevent, and/or report fraud or any other criminal activity that comes to our knowledge; and

- We will be able to fulfil any external mandatory reporting requirements that we may have with the FIAU, the Malta Financial Services Authority (the "MFSA"), the executive police and any other authorities.

b. Adherence to our legal obligations, as primarily deriving from the Virtual Financial Assets ("VFA") Act (Chapter 590 of the Laws of Malta), the VFA Regulations (Subsidiary Legislation 590.01 of the Laws of Malta), and Chapter 3 of the VFA Rulebook issued by the MFSA.

In this regard:

- Generally, we will be able to fulfil our legal obligations as a licensed entity under the VFA legal framework;

- We will be able to classify the entity you represent, being our prospective customer, as an Experienced or Non-Experienced Investor, in terms of the VFA Rulebook.

c. Protection of our legitimate interests (or those of a third party), such that we may require this information for administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis.

In this regard:

- We will require this information to eventually enter into a contract with you if we are to provide our Services;

- We will develop and improve the manners in which we deal with financial crime;

- We will be able to assist and cooperate in any criminal or regulatory investigations as may be required of us; and

- We will also be positioned to defend legal proceedings, pursue any available remedies or limit the damages that we may sustain

Individual Shareholders, Company Officers and/ or Executives of Prospective Merchants that are legal persons, such as companies

Identification Data

Contact Data

Compliance Data

Investment Data

a. Adherence to our legal obligations, particularly as deriving from the PMLA, the PMLFTR and the relevant IPs as may be published by the FIAU from time to time.

In this regard:

- We will verify your identity through our KYC processes;

- We will be able to determine if we may enter into a contractual relationship with the entity you represent (for example, if we are processing Compliance Data about a director who is representing a prospective corporate customer);

- We will be able to detect, prevent, and/or report fraud or any other criminal activity that comes to our knowledge; and

- We will be able to fulfil any external mandatory reporting requirements that we may have with the FIAU, the MFSA, the executive police and any other authorities

b. Adherence to our legal obligations, as deriving from the VFA Act, the VFA Regulations, and Chapter 3 of the VFA Rulebook issued by the MFSA.

In this regard:

- Generally, we will be able to fulfil our legal obligations as a licensed entity under the VFA legal framework;

- We will be able to classify the entity you represent, being our prospective customer, as an Experienced or Non-Experienced Investor, in terms of the VFA Rulebook.

c. Protection of our legitimate interests (or those of a third party), such that we may require this information for administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis.

In this regard:

- We will require this information to eventually enter into a contract with the entity you represent if we are to provide the Payhound Services;

- We will develop and improve the manners in which we deal with financial crime;

- We will be able to assist and cooperate in any criminal or regulatory investigations, as may be required of us; and

- We will also be positioned to defend legal proceedings, pursue any available remedies or limit the damages that we may sustain.

End Users of our Customers

Compliance Data

Financial Data

Transactional Data

a. Adherence to our legal obligations, particularly as deriving from the PMLA, the PMLFTR and the relevant IPs as may be published by the FIAU from time to time.

We will require this information in order to investigate high risk transactions made by end users of our customers over our electronic platform.

Individual Shareholders, Company Officers and/ or Executives of End Users of our Customers that are legal persons, such as companies

Compliance Data

a. Adherence to our legal obligations, particularly as deriving from the PMLA, the PMLFTR and the relevant IPs as may be published by the FIAU from time to time.

We will require this information in order to investigate high-risk transactions made by end users of our customers over our electronic platform

In some cases, your Personal Data may also be processed by one of our trusted third party partners in terms of the Data Protection Laws, which entity will assist us in fulfilling our service standard. For more information, please refer to section 12 of this Privacy Policy.

[PLEASE NOTE: Where we need to collect Personal Data by law, or pursuant to our terms of business, and you fail to provide that data when requested, we may not be able to assist you or provide you, or the entity you represent, with the Payhound Services. In certain cases, we may even need to exercise our prerogative to decline to enter into a relationship with you or with the entity you represent (for example, in the case of a Prospective Merchant failing to provide vital information, such as Compliance Data or Investment Data) or terminate our already existing relationship. We will notify you if this is the case.]

10. Data Security

We have implemented appropriate security measures to each data form so as to be able to prevent your Personal Data from being accidentally lost, altered or disclosed in an unauthorised manner. These include:

● Information security means, such as:

• Appropriate firewalls and security software, inclusive of anti-malware and anti-virus software;

• Data segregation mechanisms and user access control;

• Robust authentication measures;

• Encryption;

• Source code security;

• Pseudonymisation of data;

• Appropriate data backup measures;

• Wi-Fi network segregation, allowing for a separate 'Guest' network;

• Mobile device management solutions, and

● Physical security means, such as fire alarms, implemented at our premises.

We also carry out periodical reviews of our data security measures and regularly perform vulnerability scans and penetration testing on our IT systems, in order to ensure that our IT security is constantly up to standard.

In addition, we limit access to your Personal Data to those employees, and other third parties who have a business need to know. These persons will only process your Personal Data on our instructions and are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Data Retention

We retain your Personal Data only for as long as we have a valid legal reason to do so. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Our standard practice is to determine whether there are any specific laws permitting or even obliging us to keep certain Personal Data for a certain period of time, in which case we will typically keep the Personal Data for the maximum period indicated by any such law.

Without prejudice to the hereunder, we would also determine whether there are any laws and/ or contracts that may be invoked against us by you and/ or third parties and if so, what the prescriptive periods for such actions are. These are usually two or five years. In the latter case, we will keep any relevant Personal Data that we may need to defend ourselves against any claims, challenges or other such actions by you and/ or third parties for such time as is necessary.

Compliance Data and Investment Data will generally be retained for a minimum period of five years following termination of the business relationship or potential business relationship between us and yourself, between us and the entity you represent, or between us and our customer of which you are an end user, as may be the case. This is primarily so as to ensure that we are in line with our legal obligations as deriving from the PMLA, the PMLFTR and the IPs. We may, however, retain the aforementioned data for longer periods when authorised or obliged to do so by the FIAU, other relevant authorities or any applicable legislation.

Transactional Data pertaining to End Users of our customers shall be kept for a minimum period of 10 years from expiry or termination of our business relationship with said customers. This period is based on our legal obligations as emanating from the VFA Rulebook published by the MFSA.

Financial Data, as well as any reasonably related information, shall generally be retained by us for a period of 10 years. The period has been established on the basis of Payhound's record-keeping obligations in its capacity as a private limited liability company under the applicable laws relating to corporate compliance and taxation.

In all situations, and for the purposes of clarity, we may retain your data for longer than the abovementioned periods if we believe – and can accordingly justify – that we are bound to do so, or that any such extended period of retention will protect our legitimate interests (for example, in the case of ongoing legal proceedings).

In the instances not outlined above, Personal Data pertaining to individuals as governed by this Privacy Policy shall be retained for a period which is to be determined on an ad hoc basis, and such depending on the nature of the data collected and the purpose thereof in accordance with the rationale applied as described in this section 11.

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

For information relating to the retention of Cookie Data, please refer to our Cookie Policy.

Kindly contact us for further information regarding our data retention practices.

12. Disclosure

In the course of our business, we have day-to-day dealings with third parties which may be individuals or legal persons, usually companies – that are typically our services providers or subcontractors – and may also simultaneously be our Processors. We may, therefore, have to share your Personal Data with said third parties, set out below, for the purposes outlined in the section above entitled, 'GROUNDS FOR PROCESSING'.

IT development services

Services providers who help us in developing software necessary for the running of our business.

IT backup and cloud services

Services providers who assist us in relation to backups for business continuity purposes so that your Personal Data is not lost.

Administration Services providers who provide administrative assistance in order to enable us to better organise and streamline our internal administrative processes. Within this category, we are also considering services providers that will assist us in our onboarding process, such as fraud prevention and identity verification agencies and services providers, that shall undertake required due diligence and anti-fraud checks via the relevant databases.
Third party consultants and professional advisors Services providers who assist us in various matters, including lawyers, accountants and insurers.
Regulators, courts, law enforcement and other authorities Entities that may require the disclosure of processing activities in certain circumstances, such as the FIAU, the MFSA and the executive police.

We will, in usual circumstances, not disclose Personal Data to other persons not mentioned above without your consent. There may however be times where we may need to do so, such as when abiding by a court order, for the proper administration of justice, in complying with a legal request or a legal requirement, to report actual or suspected fraud, money laundering or other criminal activity, to protect your vital interests, and/ or to fulfil your requests.

We require all third parties with whom we share Personal Data to respect the security of such Personal Data and to treat it in accordance with the law.

We do not allow our Processors to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

13. International Transfers

Generally, we do not transfer your Personal Data to persons or entities outside the EU and the European Economic Area (the "EEA"). However, should this become necessary:

• for the performance of contractual or pre-contractual obligations between you and us;

• for the purpose of IT software support / security;

• for adherence with our legal and/ or regulatory obligations;

• for the establishment, exercise or defence of legal claims; or

• for any other reason where any such transfer would be permitted in terms of law.

we shall endeavour to only transfer Personal Data to countries in the EU / EEA or to third countries outside the EU / EEA which ensure an adequate standard of protection for such Data in terms of the GDPR. Should a transfer to countries which are outside the EU / EEA be required, we shall ensure that a lawful basis for this exists and that appropriate safeguards are implemented for the protection of your Personal Data.

14. Enquiries

Should you desire to:

● Make any enquiry regarding your Personal Data;

● Have your Personal Data corrected; or

● Request access to your Personal Data,

you may contact us on the below contact details. We may refuse such requests or charge a reasonable fee where these requests are manifestly repetitive or excessive.

Any request must be made in writing and must also include your name, address, email address and a description of the information or correction required. We may also ask for identification documentation, which is essential in order for us to be able to verify your identity.

Postal address:

Level 1D, Centris Business Gateway II, Triq is-Salib tal-Imriehel, Zone 3 Central Business District, CBD 3020, Birkirkara, Malta

Email address:

[email protected]

15. Complaints

We strive to be receptive to your concerns and would appreciate it if you would contact us in the first instance should you believe that we have breached any privacy rules.

Nonetheless, should you feel wronged by our data protection practices, you may file a complaint with the data protection supervisory authority of your country of residence. In Malta, this would be the Office for the Information and Data Protection Commissioner, the contact details of which are as follows:

OFFICE OF THE INFORMATION AND DATA PROTECTION COMMISSIONER [MALTA]

Email: [email protected]

Phone: +356 2328 7100

16. Third Party Sites

This site may, from time to time, include links to third party websites, plug-ins and applications (the "Third Party Sites"). Clicking those links may permit third parties to collect or share data about you. We do not control these Third Party Sites and are not responsible for their privacy policies, notices or statements. Please read the privacy policy of every Third Party Site you visit or use.

17. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Malta.