Privacy Policy Last Updated: June 18, 2023

We practice with fundamental principles to ensure the privacy and protection of personal data. When collecting and/or processing your personal data:

a)we comply with the requirements of Applicable Law;

b)we process your personal data in a lawful, fair, and transparent manner;

c)we collect your personal data for specified, clearly defined and legitimate purposes and do not control or process them in a way incompatible with those purposes, except to the extent permitted by law;

d)we ensure that collection and processing of personal data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

e)we take all reasonable steps to ensure that personal data being inaccurate or incomplete, in accordance with the purposes for which they are processed, would be rectified, supplemented, suspended, or destroyed without delay;

f)we hold your personal data in such a form that your identity can be established for no longer than is necessary for the purposes for which the personal data are processed;

g)we do not provide personal data to third parties or disclose them, unless as set forth in this Privacy Policy or permitted or required by law;

h)we take verifiable technical and organizational security measures to ensure that your personal data is held and processed securely, we provide access to personal data only to those who need such access to perform their duties;

i)we ensure that your privacy rights to your personal data can always be realized and exercised to the extent permitted by law.

We create awareness among our employees and conduct regular trainings to make sure that our employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data infringement.

We generally do not collect your personal data unless:

a) it is provided to us voluntarily by you directly or by organizations which have engaged us to provide the Services to you or via a third party who has been duly authorized by you to disclose your personal data to us (your “authorized representative”) after you (or your authorized representative) or the organization which have engaged us to provide the Services to you:

(1) have been notified of the purposes for which the data is collected or processed, and

(2) have provided written consent to the collection, processing and usage of your personal data for those purposes, or

b)collection, processing and use of personal data without consent is permitted or required by Applicable Law.

Depending on the nature of your interaction with us, we may collect information from and about you from various sources including through:

Direct interactions. You may give us your identity, contact and financial data by filling in forms, providing a visual image of yourself via the Services, by email or otherwise. This includes personal data you provide when you:

a) apply for the Services;
b) create an account;
c) subscribe to the Services or publications;
d) make use of any of the Services;
e) request marketing to be sent to you;
f) enter a competition, promotion or survey; or
g) give us feedback or contact us.

Automated technologies or interactions. As you interact with us via our Site, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect such personal data by using cookies, server logs and other similar technologies. We will also collect transactional data and investment data. We may also receive technical data about you if you visit other websites employing our cookies. On our main Site you will be informed about how we use cookies through the Cookies.

Third parties or publicly available sources. We also obtain information about you from third parties (such as employers, credit reference agencies and fraud prevention agencies) who may check your personal data against any information listed on other databases.

We may collect, process, manage and/or use your personal data for any or all of the following purposes:

a)registering you as our new customer or user in connection with your request;

b)developing and providing the Services (whether made available by us or through us) and any App features, including but not limited to:

(1)executing the Services, commercial or other transactions and requests;

(2)carrying out research, planning and statistical analysis;

(3)analytics for the purposes of developing our websites, products, services, security, service quality, advertising or customization strategies; or

(4)delivering relevant website content and advertisements to you and measuring or assessing the effectiveness of the advertising we serve;

c)performing obligations in the course of or in connection with our provision of the Services requested by you

d)enforcing obligations owed to us;

e)verifying your identity before providing the Services, or responding to any of your queries, applications, requests, feedbacks and complaints;

f)conducting credit checks, screenings or due diligence checks as may be required under applicable law, regulation or directive;

g)responding to, handling, assessing and processing applications, instructions, requests, queries, complaints, and feedback from you or our customers;

h)complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

i)managing your relationship with us or the organization which have engaged or partnered with us;

j)managing, processing, collecting and/or transferring payment;

k)monitoring the Services provided by or made available through us;

l)communicating with you, including providing you with updates on changes to the Services (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such Services and their terms and conditions;

m)sending you marketing information about the Services including notifying you of our marketing events, initiatives and promotions, membership and rewards schemes and other promotions;

n)managing our business operations and complying with internal policies and procedures;

o)reporting purposes including regulatory reporting, management reporting, audit and record keeping purposes;

p)administering and protecting our business and Site including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;

q)any other purposes for which you have provided the information;

r)transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, for the aforementioned purposes;

s)to enable you to partake in a prize draw, competition or complete a survey;

t)for purposes set out in the terms and conditions that govern our relationship with you or our customer; and

u)any other incidental business purposes related to or in connection with the above.

The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

Depending on the nature of your interaction with us, some examples of personal data which we may collect, use, process, manage, store and transfer about you include:

Identity Data

• first name
• maiden name
• last name
• full name, including any aliases
• username or similar identifier
• title
• date of birth
• gender
• a visual image of your face
• tax identification number or similar identifier
• unique identification number (such as an identity card number, birth certificate number or passport number)
• passports or other form of identification documents including proof of address such as a utility bill or bank statement
• occupation
• nationality

Contact Data

• billing address
• delivery address
• home or residential address
• work address
• email address
• telephone numbers

Financial Data

• bank account
• payment card details
• external e-money wallet details
• cryptocurrency

Transaction Data

• details about payments to and from you
• other details of any transactions you enter into while using or accessing the Services

Investment Data

• source of funds

Technical Data

• internet protocol (IP) address
• your login data
• browser type and version
• time zone setting and location data
• browser plug-in types and versions
• operating system and platform
• other technology or information stored on the devices you allow us access to when you visit the Site or access or use the Services

Usage Data

• your username and password
• information about how you use the Site and/or the Services

Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you refuse to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you the Services). In this case, we may have to cancel the Services you have with us, but we will notify you if this is the case at the time.

We allow your personal data to be accessed only by those who require access to perform their duties and share it only with third parties who have a legitimate purpose for accessing it. We require them to store, process and treat personal data as responsibly as we do and in compliance with the Applicable Law. We will never sell or rent your personal data to third parties.

We will only share your personal data to our business partners, suppliers, sub-contractors, or agents who perform services for it, or consultants such as auditors, lawyers, tax advisors, analytics and search engine providers that assist us in the improvement and optimization of the Site and Services, as well as ancillary service providers, IT companies, advertising and marketing companies, accounting companies, etc. where applicable.

Main types of third parties are as follows:

a)Identity verification services to prevent fraud. This allows us to confirm your identity by comparing the information you provide us to public records and other third party databases;

b)Service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us and prohibit them from sharing your information with anyone else;

c)Financial institutions which we are partner with;

d)Companies or other third parties in connection with business transfers or bankruptcy proceedings;

e)Companies or other entities that purchase our assets pursuant to a court-approved sale;

f)Law enforcement, regulators, or any other third parties when we are compelled to do so by applicable law or if we have a good faith belief that such use is reasonably necessary, including to: protect the rights, property, or safety of the Company, our customers, third party, or the public; comply with legal obligations or requests; enforce our terms and other agreements; or detect or otherwise address security, fraud, or technical issues, to report suspected illegal activity or to investigate violations of our Terms and Conditions and/or Services Terms;

g)Other third parties, with your consent or direction, or any third party that might be required by law.

You acknowledge that you may be subject to privacy policy of such third parties’ where the case may be, and you will check and make yourself updated with such policies.

Data privacy and security are interlinked, and the Company’s security is systematically built into and implemented in its organization.

We are capable of applying technical and organizational measures, including an ethical dimension, appropriate and effective to ensure privacy, and we stick to the principle where we collect and process only personal data that are necessary for each specific purpose of the processing, in compliance with the law and transparently notified to the data subjects concerned.

We are proactive and preventative and take measures to safeguard data, and user files are always protected with safeguards according to the sensitivity of the relevant information, and we guarantee that the data is only accessible to a restricted set of people.

Further, we ensure that all employees dealing with the processing of data will receive sufficient information about the risks and have training on updated data protection rules.

We make sure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, and to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. We commit to regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Under certain circumstances, you have the following rights under Applicable Law regarding your personal data:

a)Right to be informed: to be informed in a transparent manner about what personal data are being collected and processed;

b)Rights to access : to obtain a copy of your personal data and other supplementary information related to it;

c)Right to rectification: to request the correction or, depending on the purposes of the processing of personal data, supplementation of incomplete personal data;

d)Right to erasure: to request that we erase your personal data where:

(1)personal data are no longer related to the purpose for which they were collected or processed;

(2)the data subject withdraws his or her consent (if the legal ground for processing was consent);

(3)the personal data was unlawfully processed;

(4)you object to the processing and we cannot demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject (if legitimate interests were used as legal ground for processing);

(5)in other applicable circumstances.

Please note that your right to erasure does not apply if processing:

-concerns the right of freedom of expression or information;

-is necessary to be compliant with other laws;

-is in the public interest;

-concerns public health;

-is needed for the establishment of a legal claim; or

-is done for archiving purposes in the public interest.

e)Right to withdraw your consent: revoke your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so. For example, we may need to retain personal data to comply with a legal obligation; and withdrawing your consent does not affect the lawfulness of our processing of your personal data prior to withdrawing.

f)Right to restrict processing: to request restriction or suppression of your personal data;

g)Right to data portability: to move your personal data easily from our IT system to another, i.e., to receive your personal data in a structured and secure format that is commonly used to be read by another machine or in an interoperable format and to transmit it to another data controller without hindrance from the first;

h)Right to object: to object the processing of your personal data. This right is not absolute, for example, when we reply on public interest or legitimate interests as a lawful basis for processing;

i)Rights related to automatic decision making: the right not to be subject of automated decision making or of profiling, and have the right to get enough information about the decisions made by automated means (taken without any human involvement) which have a legal impact on them, where applicable.

Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

We cannot agree to obligations of confidentiality or nondisclosure with regard to any unsolicited information you submit to us, regardless of the method or medium chosen. By submitting unsolicited information or materials to us, you or your authorized representative, agree that any such information or materials will not be considered confidential or proprietary.

We may share and/or transfer your personal data to other external third party service provides, as the case may be, which will involve transferring your personal data outside the territory of the Site and/or the Services or the origin of where your personal data is being collected.

In any event, we will comply with the Applicable Law and other applicable data protection and privacy laws and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the Applicable Law.

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

This Privacy Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use, disclosure, management and processing of your personal data by us.

We may revise this Privacy Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Privacy Policy was last updated. Your continued use of the Services constitutes your acknowledgement and acceptance of such changes.

If you have any questions (or comments) concerning this Privacy Policy, or if you have a complaint, please contact us at legal@stellapay.io.

You also have the right to lodge a complaint with your local supervisory authority if you believe that our processing of your personal data does not comply with applicable data protection laws.