Dated: June 2024

PURPOSE OF PRIVACY POLICY

This Privacy Policy (hereinafter referred to as the “Policy”) describes how Depay. processes User’s Personal data via https://depay.ai/ (hereinafter referred to as the “Website”)

This Privacy Policy explains what kind of personal data we use, how exactly we use it, for what reasons do we need your personal data and what rights do you have concerning your personal data. Personal information is any of your data that can be used to identify you directly or indirectly, or to contact you. Our Privacy Policy covers all personal information that you submit to us or that we obtain from our partners and does not apply to anonymised data, as it cannot be used to identify you.

DISCLAIMER

Please, read this Policy carefully. By accepting this Policy, you agree to be legally bound by it and all terms incorporated by reference. If you don’t agree with this Policy or any of its clauses, you shall immediately cease to use our Website.

We kindly remind you that our Website and services are not intended for use by children under 18 years of age. We do not knowingly collect or process any personal information from or with respect to children. If we become aware that we have collected personal data on behalf of a person under the age of 18, we will delete this information when we become aware of it. By our side, we will block or restrict the child from accessing our services, and/or obtain consent from parents for the collection, use, and sharing of their children’s personal information, if we will need this information. If you have any reason to believe that we have collected such personal data, please, inform us immediately

We may update this Privacy Policy from time to time, please review it frequently. Your continued use of our Services means you accept the changes. If you are asked to accept affirmatively material changes to our Privacy Policy and you decline to do so, you may not be able to continue to use our services.

WHEN IS PERSONAL DATA PROCESSED

Personal data may be processed when Users use the Website and/or any of our API or third party services, listed on the Website, and/or interact with our payment processing services and/or marketing emails (collectively referred to as the “Services”).

WE USE THE FOLLOWING DEFINITIONS:

“Processing” – an action or set of actions performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymisation, blocking, erasure, destruction of Personal data in accordance with the rules defined in the Policy.

“User” or “Users” – a natural person/s who visit/s the Website and / or uses the Services or natural persons representing Our commercial clients.

“Personal data” means information that relates to Data subject and identifies the Data subject.

“Cookies” means small fragments of data sent by our web server and stored on the user’s device. Cookies are stored when you visit the Website, and this allows us to make it work effectively: Cookies allow us to save your selected settings (e.g., language) and analyze Website traffic.

“Party” refers to either you or us. For the avoidance of any doubt, the contracting Parties under these Terms are you and Depay.

“Services” means services provided by Depay via the Website.

WHAT GUARANTEES WE PROVIDE?

We offer the appropriate security level to Personal data processing. Depay takes all the reasonable measures to protect Users Personal data from unauthorized access by third parties, as well as against loss, misuse, alteration, or destruction of Personal data.

We do not and will not process any special categories of Personal data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs etc.

Automated decision making process (ADM) may be used as part of our Services in order to fasten the process. For example, ADM may check the accuracy of provided information. Please, note that ADM does not affect you in a legal sense, and you may always contest any decision that is based on ADM results by contacting us.

We guarantee that we do not sell Users’ Data for a monetary reward.

WHAT DATA DO WE PROCESSED?

• Information needed to sign up – name, e-mail;
• Information needed to carry out the transaction – wallet address to carry the transaction, bank account details, address, age;
• Information needed for identification – passport, phone number, photo, additional requested documents;
• Information needed to receive messages from us (if you directly agree) – name, e-mail or phone number;
• Technical data: IP address, language, country, browser type, and version, browser plug-in types, location information, operating system and version;
• Usage data: URL clickstreams, page response times, download errors, time spent on web pages, actions on pages; Cookies.

WHY DO WE NEED TO COLLECT AND PROCESS YOUR PERSONAL DATA?

• We process your Personal data for statistical and analytical purposes, user support, improvement of the work of the Website, analysis of the interaction of Users with the Website when you visit any page of our Website, regardless of where you visit or use them from;
• We process your Personal data for User’s authorization on the Website when you use our Website and create an account, communicate with us or leave a query, subscribe to our newsletters/updates;
• We process your Personal data when we perform the transactions and perform our Services;
• We process your Personal data for KYC procedure when you conclude Service agreement with Us, receive, pay and/or use any of our Services.

WHAT LEGAL GROUNDS DO WE HAVE IN ORDER TO COLLECT AND PROCESS YOUR PERSONAL DATA?

We rely on the following legal grounds:

Your explicit consent with the Policy: We obtain Your consent to processing of personal data in accordance with the Policy through consent forms within the Services.

Our contractual obligations with Users: We need to collect data in order for Us to fulfill Our obligations under the contract concluded between You and Us.

Our legitimate interest: We need to provide the best and comfortable Services to You and it includes the following: market research, exercise and protection of Our rights, marketing and promotion of Our Services; ensuring security and fraud prevention.

COOKIES

Cookies are used when users are logged in, so that the service provider can remember and identify you as users. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

When you submit data through a form such as a contact page or comment box, cookies may be set to remember your user details for future correspondence.

Some of the cookies used are persistent, which means that they remain stored on your device for one year.

In some cases, service providers may provide you with custom content based on what you tell them about yourself, either directly or indirectly if you link a social media account. These types of cookies simply allow these service providers to provide you with content that they feel may be of interest to you.

Depay uses the following types of cookies:

• Necessary cookies: help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. These cookies may detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.
• Statistics cookies: help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. These cookies may register data on visitors’ website-behaviour, collect statistics on the user’s interaction with the real-time price- and stock bar on the website.
• Marketing: are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

In some special cases service providers also use cookies provided by trusted third parties. Third-party analytics are used to track and measure usage of website so that service providers can continue to produce engaging content. These cookies may track things such as how long users spend on the site or pages they visit, which helps them to understand how they can improve the site for you as users.

Regularly, service providers may test new features and make subtle changes to the way the site is delivered, during this period, these cookies may be used to ensure that users receive a consistent experience on the site.

PROCESSING OF MERCHANT’S CUSTOMERS’ DATA

The User (as a Merchant) is obliged to determine the personal data legislation for each its customer and comply with its requirements for each such customer separately. In the cases and in the form stipulated by the personal data legislation, the User (as a Merchant) shall obtain the voluntary consent of its customers or has any other legal basis (legal ground) to collect, store and process customers’ personal data (including by Depay) for the purposes, including but not limited to, of using the Services. The User (as a Merchant) acts as a representative of Depay in relations with the User’s customers on the use of personal data, and also bears full responsibility to its customers for their personal data. The User (as a Merchant) is obliged to inform and in a cases stipulated by the personal data legislation obtain the consent of the User’s customers for the transfer of their personal data to Depay and bring to the User’s customers all required information in accordance with the personal data legislation, about Depay as the person to whom the personal data of the User’s customers are transmitted. The User (as a Merchant) undertakes to take and ensures that it has taken all the necessary and sufficient organizational and technical measures to protect the User’s customers’ personal data. In the event that the User violates any personal data legislation and causes losses to Depay as a result of such a violation, the User shall indemnify all losses to Depay.

THIRD PARTY SERVICE PROVIDERS

Sometimes we may need to share your data with a third party. We may share your data with our contractors provided these third parties assume confidentiality obligations regarding your personal data. Please, be informed that we may disclose your personal data to the following third parties:

• our group entities or subsidiaries;
• government or law enforcement officials, enforcement, exchange body, central or local government department and other statutory or public bodies or court;
• business partners, suppliers, contractors, sponsors, analytics, search engine providers.

We may share your personal information:

• In order to provide our Services to you or to administer them;
• In order to comply with any applicable laws or regulations. This includes exchanging information for the purposes of detecting and investigating fraudulent or unlawful activity and respond to claims and legal process;
• To prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable or that poses a threat to the safety of you, another person or the public generally;
• In case of merger, acquisition or any other reorganizations of our company, transfer of control with transfer of all information to the relevant third party with your consent to do so if required by law.

Anonymous or aggregated information or other data that does not directly identify you is shared for the analysis. If you would like to get a full list of all third parties with whom we share your data, please, e-mail [email protected] as the list may vary depending on your specific use of our Services

YOUR RIGHTS UNDER THE POLICY

We would like you to know, that among other, you have the following rights in relation to your Personal data:

• To access: at any time, you can ask Us about what Personal data of yours We have, how We use it, why We process it etc.
• To correct: you can request that we update, block or delete your Personal data, if the data is incomplete, outdated, incorrect, unlawfully received or there is no need to proceed it anymore;
• To delete: you can ask Us to delete all the Personal data that We have about you. We will also deactivate your account. Please, note, that we cannot restore permanently deleted accounts;
• To object the processing: We will no longer process your Personal data, but We can still keep them;
• To transfer (in certain specific circumstances): if you wish, you can ask Us to download (export) all Personal data.
• To lodge a complaint with a supervisory authority: you are entitled to file a complaint against Depay with a supervising authority.

If User is intending to use one of the aforementioned rights, User shall send a mail or an email ([email protected]) to Depay.

STORAGE OF PERSONAL DATA

We strive to limit the period of Personal data processing to the necessary minimum and not to store them for longer than is reasonably necessary.

We may keep information that we may need to resolve any disputes, enforce our agreements with you and provide you with the possibility to use our Services, protect legal rights, and comply with technical and legal requirements and constraints related to the security and operation of our

Services for as long as it is reasonably necessary or required. For example, we should keep some of your personal and transactional data for 1 (one) year minimum after termination of the business relations between you and us for KYC purposes.

In such cases, we keep and access your data only internally and on a need to know basis. Otherwise, we will delete information when it is not anymore reasonably necessary to keep it to provide you Services, to comply with applicable laws and regulations, and to run our business.