PRIVACY POLICY

PRIVACY POLICY

Last updated: June 22, 2022

This Privacy Policy describes how SharPay collects and processes your personal information through the https://sharpay.net/.

By using the https://sharpay.net/ website (hereinafter referred to as the “Website”) and/or SharPay services (hereinafter referred to as the “Services”), you accept this Privacy Policy. Please do not use the Website and/or Services if you have not read this Privacy Policy and our Terms of Service. If you use the Website and/or Services, we will assume that you accept them.

”SharPay Operators” refer to all parties that run SharPay, including but not limited to legal persons, unincorporated organizations and teams that provide Services and are responsible for such services. “SharPay” as used in this Policy includes SharPay Operators.

This Privacy Policy is addressed to all individuals who are current, past, or potential customers of the Company.

For the purposes of the General Data Protection Regulation (“GDPR”), the Company will be the “controller” of the personal data you provide to us.

Please read the following information carefully to understand our practices in relation to the processing of your personal data. If you have any questions, please email us at [email protected].

1. Legal information

• GTM EXCHANGE LTD is registered under No. HE 348749 in accordance with the laws of the Republicof Cyprus, with registered address: Parodos Acheritou, 1, Erimi 4630, Limassol, Cyprus.

• Flex Exchange Solution UAB is registered under No. 305965171, in accordance with the laws of Lithuania, with registered address: Laisvės pr. 60, Vilnius 05103, Lithuania.

2. Basic principles that the Company adheres to in relation to your personal data

A. All personal data will be processed lawfully, fairly, and transparently.

B. Personal data will be collected only for the specified purposes set out in the section “How we will use the information we have about you” and will not be further processed in a manner incompatible with these purposes.

C. The personal data that We collect is necessary for us solely for the purposes for which the data is processed. The information we collect is set out in the section below “What information we collect about you”.

D. We will take all reasonable steps to ensure that personal data is accurate and, if appropriate, up-todate.

E. Personal data will be stored in a form that allows the identification for no longer than is necessary for the purposes for which the personal data was collected for processing, in accordance with our Information Security and Data Storage Policy.

F. We will store and process personal data in such a way as to ensure adequate security. We describe this in the section “How we store personal data” of this Privacy Policy.

3. What information we collect about you

We collect and process various types of personal data that are obtained directly from you or from your representatives as part of your application to become our client. We will also collect and process personal data when using our Services, such as payment and transfer details that are necessary to fulfill our contractual obligations. In some cases, we also collect information about you from third parties as part of our legal obligations to combat money laundering and fraudulent activities.

4. Personal data

When you apply to become a SharPay customer, we will ask you to provide some personal information to verify your identity and manage your account. This will depend on the type of product you are applying for, but will generally include:

• Personal information, such as your name, address, date and place of birth, to verify your identity.

• Contact information, including your phone number and email address.

• Whether you are in a prominent public office. Persons holding such positions are called politically exposed persons (PEP).

• Information regarding your tax obligations so that We can meet our obligations under the Foreign Account Tax Compliance Act (FATCA) and the General Reporting Standards (CRS).

If the legal entity that you represent or own is our client, then additional personal data will be collected and processed, such as current income and expenses, property and personal debts, details of banking relationships.

5. How we will use the information we have about you

We always try to limit the amount of information we hold about you and use this information only when necessary. Therefore, We use your personal data, when necessary, for the following purposes:

• Contractual Compliance: the data We collect will be used to create your account and manage your account. We will use your personal data to verify your identity. To do this, we may need to provide some or all of your information to third parties, including fraud or money laundering prevention agencies (data of which we can provide to you upon request), law enforcement agencies, regulators, government agencies, and service providers related to the Services.

• Compliance with our legal obligations: the data will enable us to comply with our legal and regulatory requirements such as relevant laws, Anti-Money Laundering Law, tax laws, etc. We will also use your personal data to prevent fraud and money laundering. To the extent required by law: We will share your data with third parties to the extent required by law. For example, we are obliged by law to undergo certain regular audits, which may require us to transfer your data to third-party auditors whom we have engaged in connection with these requirements. Also, We may have to disclose your data when We receive a valid subpoena or other law enforcement request, or when the law requires us to affirmatively notify law enforcement in order to prevent harm or illegal activity. The need for such disclosures will be at our sole discretion.

• In order to protect legitimate interests: We process personal data to protect our legitimate interests if these interests do not conflict with your legal rights and freedoms. Examples of these 3 interests include expanding the Services we offer you, protecting your and our data within our IT and security systems, initiating or preparing for legal proceedings, etc. To the extent our legitimate interests require us to do so: We may share your data with our third-party partners for blacklisting or to help us reduce fraud.

• We will use your personal data to communicate with you about your account and provide updates and notifications related to the Services. Whenever possible, We will contact you through our software suite, however, there are times when regulation requires us to contact you in a certain way.

• We may use your information for marketing purposes, but We will only do so if you specifically ask us to do so. This may include the use of your data to identify products and Services that may be useful to you.

• We will use your data for troubleshooting, data analysis, testing, research, and for statistical and research purposes.

If you initiate a conversation with our customer support service, you may be asked to provide additional information about yourself and your transaction. Also, our customer support service may contact you to request additional proof of your identity, such as a new or updated image of your identity document and/or a scanned copy of the front of a payment card to verify that your transaction is valid, or to the extent that it may be necessary to comply with our legal obligations.

6. How we store personal data

• The measures that We use to ensure the security and protection of your personal data include: data encryption and digital signatures to ensure the continued integrity of your data, systems for detecting unauthorized access, round-the-clock physical protection of the objects where your data is stored; verification of personnel with access to physical objects; and strict safety procedures in all service operations.

• We encrypt the transmission and storage of your personal data using the highest standards of technology and security procedures.

Although We take precautions to protect the information we process, no system or transmission of electronic data is completely secure.

7. Who receives your personal data

Your data is under our control unless the transfer is required as part of certain actions that you take or as part of our regulatory or legal obligations. Any data transfer takes place between us and government agencies or third parties with whom we have an agreement on the protection and confidentiality of your data.

In particular, the recipients of your data may be:

• Supervisory and other regulatory and government authorities such as the Central Bank of Cyprus, the European Central Bank, tax authorities, MOKAS, prosecution authorities, FCIS – The Financial Crime Investigation Services under the Ministry of the Interior of the Republic of Lithuania.

• External legal consultants or auditors.

• Credit or financial institutions that may be used to execute your payment orders or transfers, including Walletto UAB.

• If you choose to order our card products, card issuing companies and processing companies such as Walletto UAB.

• File storage companies, archiving and/or records management companies, cloud storage companies.

• Potential investors in our Company.

Your personal data may be transferred to third countries, i.e. countries outside the European Economic Area, for example, for the execution of your payment orders or if such transfer of data is required by law, for example, a reporting obligation under tax laws. At the same time, persons who process your personal data in third countries are obliged to comply with European data protection standards and provide appropriate security measures in relation to the transfer of your data in accordance with the GDPR.

8. How long we retain your personal data

SharPay will not retain your personal information for longer than is necessary for the actions described in this Policy.

In accordance with the directive of the Data Protection Officer (http://www.dataprotection.gov.cy), We may retain your personal information for 10 (ten) years after your account is closed. In certain circumstances, we may need to keep this data for a longer period.

Any personal data that We use for marketing purposes will be stored until you notify us that you no longer wish to receive this information.

9. Your rights

With some exceptions, and in some cases depending on the data processing we carry out, you have certain rights in relation to your personal data. Each user has the right to the following:

• You have the right to request a copy of the information we have about you. If you would like to receive a copy of some or all of your personal information, please email us at [email protected]. We will provide you with this information for free within 30 (thirty) days.

• You have the right to request that information about you be removed unless there are additional legal and/or regulatory requirements for this.

• You have the right to data portability – to the extent that We process your personal data, (i) based on your consent or in accordance with contractual obligations, and (ii) by automatic means, you have the right to request the transfer of your personal data that We have collected to another organization, if technically possible, or directly to you in a structured, widely used, machinereadable format.

• You have the right to ensure that your personal information is accurate and up-to-date or, if necessary, corrected. If you believe that your personal information is incorrect or inaccurate and needs to be updated, please contact [email protected].

• You have the right to restrict the processing of your information, for example, for direct marketing purposes.

• You have the right to object to any decisions based on the automated processing of your personal data.

• You have the right to lodge a complaint with a supervisory authority – if applicable in accordance with Article 77 of the GDPR. You can lodge a complaint with a supervisory authority, in particular with the Member State of the European Union where you usually live, work, or where you are located.

• You have the right to withdraw consent at any time – if the processing is based on consent, you can withdraw your consent at any time. Your withdrawal of consent does not affect the lawfulness of consent-based processing prior to your withdrawal.

• You have the right to rectification, that is, to request that We correct any information about you that you believe is inaccurate. You also have the right to request from us complete information about you, which, in your opinion, is incomplete.

10. Changes to this Privacy Policy

We will revise and update this Privacy Policy from time to time. We will notify you of any material changes and update the appropriate version on our Website.

11. How to contact SharPay

If you have any questions related to this Privacy Policy, please send an email to [email protected].

If you would like to make a complaint about the way we process your personal data, you can contact us.

12. Use of cookies

Our Website uses cookies that allow us to determine if you are logged in or not and temporarily store non-personal data that is necessary for the correct operation.

A cookie is a small file that is stored in your browser or on your computer’s hard drive. Also, cookies allow us to check whether you are logged in or not and to personalize the content of the Website according to your preferences.

You can block cookies by enabling the option in your browser to refuse cookies.

13. Data location

We use servers located in the European Union to store personal data. Also, if We share your data with a third party, including our related partners and/or affiliates, as described in this Privacy Policy, these third parties may be located outside of our usual location and your country of residence. In all such cases, the transfer of data will only take place after we ensure that the third party provides comparable levels of data protection and that they will only use your data for the purposes set out in this Policy.

14. Children’s Privacy

We do not process personal data from children under the legal minimum age in accordance with the local legal requirements of the state, province, country, or jurisdiction of residence. We take appropriate steps to prevent children from using the Services. If you find that a minor child has provided us with personal data, please contact us at [email protected].