Privacy Policy

This is the Privacy Policy of BEPAY MONEY EUROPE SRL, a company incorporated under the laws of Romania, whose registered number is 52474864, with a registered office located at Street Alexandru Donici, nr. 19, Ground Floor, Ap. 4, office no. 2, Sector 2, Bucharest, Romania (hereinafter referred to BEPAY MONEY.io as "BEPAY MONEY"). This privacy policy also applies to all subsidiaries and branches of BEPAY MONEY to the extent that they process personal data, including Bepay Fintech Inc (USA Registered MSB Entity), Directpay Fintech LTD (Canada Registered MSB Entity) and Bepay Technologies Private Limited (India). Hereinafter, all companies are to be collectively referred to as "BEPAY MONEY". They are all compliant with the GDPR standards and other privacy laws in each jurisdiction.

BEPAY MONEY treats personal data which it receives through its websites, portals and any other means with due care and is dedicated to safeguarding any personal data it receives. BEPAY MONEY is bound by the General Data Protection Regulation (Regulation (EU) 2016/679). This Privacy Policy is designed to inform you about the type of information that BEPAY MONEY collects when using our website and our application and the purposes for which this information is being processed, used, maintained, and disclosed (together the "Services").

This Privacy Policy aims to explain in a simple and transparent way what personal data we gather about you and how we process it. It applies to the following persons:

• The legal representatives and ultimate beneficial owners of all past, present, and prospective commercial contracting parties. We are legally obliged to retain personal data of these persons, also for a certain period after the relationship has ended, in compliance with 'know your customer' ("KYC") regulations.
• Anyone visiting the BEPAY MONEY website. We may amend this Privacy Policy to remain compliant with any changes in law and/or to reflect how our business processes personal data.

Personal data refers to any information that tells us something about you or that we can link to you. BEPAY MONEY processes any information we receive from you, including personal and financial information you provide to us including when you or your business: enquire or make an application for BEPAY MONEY its services, register to use and/or use any of our services and when you communicate with us through email, SMS, WhatsApp, a website or portal, telephone, or any other electronic means. Such information may include your: name including first name and family name, nationality, place of birth, date of birth, street name, street number, street number suffix, postal code, city, country of residence, phone number and email address.

BEPAY MONEY collects and processes your personal data in accordance with the EU's General Data Protection Regulation (hereinafter: "GDPR") in the event at least one of the following applies:

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes (refer to Article 6.1(a) GDPR). In the event you give your consent to the processing of your personal data for specific purposes, the processing is permitted on the legal basis of your consent, which consent is revocable at any time.
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (refer to Article 6.1(b) GDPR). Personal data is processed to conduct financial services in order to fulfill our contractual and pre-contractual obligations. These actions are only taken when requested by you.
• Processing is necessary for compliance with a legal obligation to which the controller is subject (refer to Article 6.1(c) GDPR) and processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (refer to Article 6.1(e) GDPR). BEPAY MONEY is subject to several legal obligations as well as regulatory requirements. Please refer to Section 5.
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (refer to Article 6.1(f) GDPR). If we deem it is necessary, we will process your personal data beyond our contractual obligations in order to protect our legitimate interests or the legitimate interests of a third party. By processing we mean everything we can do with this data such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring, or deleting. For more information about the way we use your personal data, please refer to Section 4 (What we do with your personal data). You share personal information with us, for example when you: visit our website, complete a(n) (online) (application) form, sign a contract or contact us through one of our channels. We also use data that is legally available from public sources such as commercial registers, the media, or data that is legitimately provided by other companies within the SafeNed Group or by third parties.
• Nonetheless, all rights under the GDPR and other Privacy Laws are applicable and respected by BEPAY MONEY.

We do not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is strictly necessary. When we do it is limited to specific circumstances.

We only use your personal data for legitimate business reasons. This includes:

Whenever we share personal data internally or with third parties in other countries, we ensure the necessary safeguards are in place to protect it. For this, BEPAY MONEY relies on EU Model clauses, which are standardized contractual clauses used in agreements with service providers to ensure personal data transferred outside of the European Economic Area complies with EU data protection law.

To be able to offer you the best possible services and remain competitive in our business, we share certain data both internally as well as outside of BEPAY MONEY and the entities in the Group.

This includes:

BEPAY MONEY makes use of cookies and similar technologies throughout our websites to ensure your visit to our website goes smoothly. Our websites (and some emails) use "cookies" and other technologies, which store small amounts of information on your computer or device, to allow certain information from your web browser to be collected. Cookies (and similar technologies) are widely used on the internet and allow a website/portal to recognize a user's device, without uniquely identifying the individual person using the computer. These technologies help to make it easier for you to log on and use our websites and provide information to us, for example which parts of the website you visit.

BEPAY MONEY uses functional, analytical, and marketing cookies. Functional and analytical cookies are used to ensure your visit to our websites goes smoothly. By contrast marketing cookies are not necessary for the proper functioning of our websites but are used for promotional purposes. For more information about the specific cookies read the subsection in our Cookie Policy about what types of cookies we use.

But first, some background information. Cookies (and similar technologies) are widely used nowadays. Also, fintech businesses that provide their services to consumers online are subject to the EU Directive on Privacy and Electronic Communications (2002/58/EC). requires businesses to notify consumers and obtain their consent for the use of cookies (opt-in). Opt-in means that before placing a cookie, the visitor would have to give permission.

We respect your rights as a customer to determine how your personal information is used. These rights include:

There is certain information that we must know about you so that we can commence and execute our duties as a payment institution and fulfil our associated obligations. There is also information that we are legally obliged to collect. Without this data we may for example not be able to enter into an agreement with you.

We apply an internal framework of policies and minimum standards to keep your data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. More specifically and in accordance with the law, we take appropriate technical and organizational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it's processed.

In addition, BEPAY MONEY employees are subject to confidentiality and may not disclose your personal data unlawfully or unnecessarily.

Unfortunately, the transmission of information via the internet in general is not always completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. We do our utmost to protect your data, but there are certain things you can do too:

• Install anti-virus software, anti-spyware software and a firewall on your computer and keep them updated.
• Do not leave verification tokens or your credit card unattended.
• Keep your passwords strictly confidential and use strong passwords, i.e. avoid obvious combinations of letters and figures.
• Be alert online and learn how to spot unusual activity, such as a new website address or phishing emails requesting personal information.

As per the GDPR, BEPAY MONEY will store and process your personal data only as long as it is necessary to perform our obligations under the agreement with you or as long as the law requires to store it. Therefore, we keep your personal data as long as you are using our Services and for five (5) years after termination of the agreement to comply with the law. There may be circumstances (e.g. fraud or anti-money laundering) whereby we are obliged to store your personal data even longer.