Legal

1. Overview

We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting or using Param App you are accepting and consenting to the practices described in this policy. For simplicity, throughout this notice “we” and “us” mean [email protected] UK Limited (Company number 11388172) of 27 Old Gloucester Street, London, England, WC1N 3AX. Under the relevant Data Protection Laws, we are the data controller of the data you give to us. We are registered with the UK Data Protection Authority, Information Commissioner’s Office (”ICO”) under the registration number ZB009793.

2. What Personal Data We Collect from You?

We collect and process the following data about you:

➢ We collect technical information, including the Internet protocol (IP) address used to connect your device to the Internet, for the purposes of fraud screening.

➢ When you access to Param App or give information for us to contact you, we collect and process the information you provide including (where provided by you) your name, gender, date of birth, billing/delivery address, email, telephone number and details of your device.

➢ When you register to the Param App, you provide us with your identification documents.

➢ When you access to Param App, you provide us with login credentials and settings you choose for Param App.

➢ When you would like to register to Param App, we would like you to send us your photo and a short video of yourself.

➢ When you engage with us on social media.

➢ When you contact us by any means with queries, complaints etc.

➢ When you choose to complete any surveys we send you.

➢ When you comment on or review our products and/or services.

➢ When you provide us information about your financial circumstances (to understand the source of the money you put in your account).

➢ When you’ve given a third party permission to share with us the information, they hold about you.

➢ Details of your interactions with us through our Param App.

3. How We Collect Personal Data?

We collect personal data from you by the following means:

➢ Information you give us by registration to Param App o Signing up for a Param account o Using one of our services such as opening a Param account and registering to use Param products and services o Filling in forms o Corresponding with us o Taking part in online discussions, surveys, and promotions o Speaking to our Customer Support team o Contacting us for any reason

➢ Information you give us by contacting us o Calling us, the phone number you are calling us and the conversation during the call. o The contents of your email including the attachments o Public information on your social media if you reach us from these platforms ➢ Information you give us from your devices o The devices, the mobile system and operating system you use o Technical information such as your IP address and device IP, your log- in information, the browser type and version, time- zone setting, mobile network information, the type of your mobile browser o Information about your visit, the links you have clicked, through and from our site, services you viewed, page response times, length of visit o Information on transactions including the date, time, amount, currencies, exchange rate, beneficiary details, IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used. o Information stored on your device, including if you give us access to contact information from your address book, log-in information, photos, videos or other digital content, check-ins (sometimes, we call this content information). The Param app will regularly collect this information in order to stay up to date. ➢ Information you give us when you are using our services o Details about your payments (how much you are paying and who you are paying) o Information about how you use or products and services Regarding each of your visits to our website and/or use Param App we may automatically collect the following information: ➢ Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform; ➢ Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page and any phone number used to call our contact information. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies, we use and the purposes for which we use them see our Cookie policy. We are also working closely with third parties (including, for example, business partners, subcontractors in technical services, advertising networks, analytics providers, and search information providers) and may receive information about you from them. We may also provide other information from external sources such as; data we get from fraud prevention agencies, Know Your Customer and Anti-Money Laundering service providers; information we collect from public sources such as Companies House or social media.

4. How We Use Your Personal Data?

We may collect and process your personal data for a number of reasons including: 4.1. Consent: Where we have collected data with your consent, we will process such data in accordance with the consents that you have provided. For example: 4.1.1. Where you have consented to receive direct marketing from us, we will use your personal data, preferences, and details of your transactions to keep you informed about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. We shall keep you informed in line with your marketing preferences. You are free to opt out from any such marketing communications. 4.1.2. Where you provide us with personal data for a specific purpose (such as complaints, claims, online transactions) we will process such personal data for that specific purpose. 4.1.3 To display the most interesting content to you on our websites. We do so on the basis of your consent to receive notifications and/or for our website to place cookies or similar technology on your device. 4.1.4. We will use your personal data to check your identity (this is a part of our Know Your Customer- KYC process) when you apply to use our products and services. We will decide whether or not to approve your application. If you are already a Param UK customer, we use your personal data to meet our obligations relating to the transactions you make. 4.2. Contractual Obligations: We may need your personal data to comply with our contractual obligations. For example, we will need to process personal data to provide with our products or services. 4.3. Legal Compliance: If required by law, we may need to collect and process your data. For example, we may need to process personal data to comply with our legal obligations to share data with law enforcement or to comply with an order from the court. 4.4. Substantial Public Interest: Where we process your sensitive personal data (this is also known as special category personal data) to adhere to government regulations or guidance for example it is our obligation if you are or become a vulnerable customer. Data Protection Act 2018 states that in order to use special category data, we need to have a second lawful basis to use the sensitive information. This information that can reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic or biometric data (if used for identification purposes) and information concerning a person’s health. The second lawful basis can be: o Explicit consent, o Exercising legal rights in the field of employment, o Protecting vital interest, o Establishing, defending, or exercising legal claims or reasons of substantial public interest. It’s necessary for reasons of substantial public interest when we use facial recognition technology to identify people who use our services in the Param App. We do this because it is necessary for reasons of substantial public interest to prevent or detect unlawful acts record information about your health if it is necessary to protect your economic well-being if you’re at risk and seeking consent would be unreasonable or negatively impact our ability to help you. It's necessary to protect your or another person’s vital interests. We may share information about you externally (generally with law enforcement in an emergency) if it is necessary to protect your or another person’s life and you are unable to consent. We have your explicit consent. We record any issues you want us to know about relating to your health, so we understand how to best support you. 4.5. Legitimate Interest: We process your data to our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom, or interests. These legitimate interests include the following: 4.5.1. Direct Marketing and Good Customer Service It is a legitimate of interest of our business to contact our customers for the purposes of direct marketing. Subject to their marketing choices, we send customers who have transacted with us personalised communications in relation to new products and services and offers by email and we do so on the basis of our legitimate interests. We use the data we have to offer you promotions and products that are likely to be relevant to you. You can, of course, decide not to receive any direct marketing from us. 4.5.2. Surveys From time to time, we may send you requests to take part in a customer survey to improve our products or your experience. It is entirely optional as to whether you wish to take part in any such survey. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products more relevant to you. Of course, where we ask you for personal data to improve your experience, it is always your choice as to whether you give us that information. If you want to change how we use your data, please see the details in the section 10 of this policy. 4.5.4. Queries and Complaints We have to process personal data in order to respond to your queries and complaints. We may also keep a record of your queries and complaints for the following purposes: ➢ To inform our future communications with you; ➢ To review whether there are any patterns regarding the complaints we receive, for example, quality issues with any particular service; ➢ To be able to demonstrate how we dealt with your complaint; and ➢ To consider how we can improve our services based on your experience. In such circumstances we will process your personal data in accordance with our contractual and legal obligations with you and our legitimate interest to provide you with good customer service. 4.5.5. Security We have a legitimate interest to protect our customers, our business from criminal and illegal activity such as fraud and theft. Therefore, we may process personal data as follows as part of our legitimate business interest: ➢ using your personal data to maintain, update and safeguard your information. ➢ Monitoring your browsing activity with us to identify and resolve any problems and protect the integrity of our websites. This will include using automated monitoring of IP addresses to identify possible fraudulent log-ins. ➢ If we discover any potential criminal activity, we will use personal data (such as, transaction monitoring, etc.) to investigate the potential criminal activity and, where appropriate, pass the details of such potential criminal activity to the police and other relevant regulatory authorities. For fraud management, we may share information about fraudulent or potentially fraudulent activity in our systems with third parties such as law enforcement bodies and the relevant financial institutions. We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body upon a valid request to do so. We assess such requests on a case-by-case basis whilst taking the privacy of our customers into consideration. 4.5.6. Updates on Law and Our Policies We may send you communications required by law, or which are necessary to inform you about changes to our business and/or issues regarding our services/products. For example, we may contact you by email, post, or text regarding updates to this Privacy Notice, and legally required information relating to your usage. These service messages will not include any promotional content and do not require prior consent. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.

5. Storing your Personal Data

We may collect and process your personal data for a number of reasons including: 4.1. Consent: Where we have collected data with your consent, we will process such data in accordance with the consents that you have provided. For example: 4.1.1. Where you have consented to receive direct marketing from us, we will use your personal data, preferences, and details of your transactions to keep you informed about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. We shall keep you informed in line with your marketing preferences. You are free to opt out from any such marketing communications. 4.1.2. Where you provide us with personal data for a specific purpose (such as complaints, claims, online transactions) we will process such personal data for that specific purpose. 4.1.3 To display the most interesting content to you on our websites. We do so on the basis of your consent to receive notifications and/or for our website to place cookies or similar technology on your device. 4.1.4. We will use your personal data to check your identity (this is a part of our Know Your Customer- KYC process) when you apply to use our products and services. We will decide whether or not to approve your application. If you are already a Param UK customer, we use your personal data to meet our obligations relating to the transactions you make. 4.2. Contractual Obligations: We may need your personal data to comply with our contractual obligations. For example, we will need to process personal data to provide with our products or services. 4.3. Legal Compliance: If required by law, we may need to collect and process your data. For example, we may need to process personal data to comply with our legal obligations to share data with law enforcement or to comply with an order from the court. 4.4. Substantial Public Interest: Where we process your sensitive personal data (this is also known as special category personal data) to adhere to government regulations or guidance for example it is our obligation if you are or become a vulnerable customer. Data Protection Act 2018 states that in order to use special category data, we need to have a second lawful basis to use the sensitive information. This information that can reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic or biometric data (if used for identification purposes) and information concerning a person’s health. The second lawful basis can be: o Explicit consent, o Exercising legal rights in the field of employment, o Protecting vital interest, o Establishing, defending, or exercising legal claims or reasons of substantial public interest. It’s necessary for reasons of substantial public interest when we use facial recognition technology to identify people who use our services in the Param App. We do this because it is necessary for reasons of substantial public interest to prevent or detect unlawful acts record information about your health if it is necessary to protect your economic well-being if you’re at risk and seeking consent would be unreasonable or negatively impact our ability to help you. It's necessary to protect your or another person’s vital interests. We may share information about you externally (generally with law enforcement in an emergency) if it is necessary to protect your or another person’s life and you are unable to consent. We have your explicit consent. We record any issues you want us to know about relating to your health, so we understand how to best support you. 4.5. Legitimate Interest: We process your data to our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom, or interests. These legitimate interests include the following: 4.5.1. Direct Marketing and Good Customer Service It is a legitimate of interest of our business to contact our customers for the purposes of direct marketing. Subject to their marketing choices, we send customers who have transacted with us personalised communications in relation to new products and services and offers by email and we do so on the basis of our legitimate interests. We use the data we have to offer you promotions and products that are likely to be relevant to you. You can, of course, decide not to receive any direct marketing from us. 4.5.2. Surveys From time to time, we may send you requests to take part in a customer survey to improve our products or your experience. It is entirely optional as to whether you wish to take part in any such survey. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products more relevant to you. Of course, where we ask you for personal data to improve your experience, it is always your choice as to whether you give us that information. If you want to change how we use your data, please see the details in the section 10 of this policy. 4.5.4. Queries and Complaints We have to process personal data in order to respond to your queries and complaints. We may also keep a record of your queries and complaints for the following purposes: ➢ To inform our future communications with you; ➢ To review whether there are any patterns regarding the complaints we receive, for example, quality issues with any particular service; ➢ To be able to demonstrate how we dealt with your complaint; and ➢ To consider how we can improve our services based on your experience. In such circumstances we will process your personal data in accordance with our contractual and legal obligations with you and our legitimate interest to provide you with good customer service. 4.5.5. Security We have a legitimate interest to protect our customers, our business from criminal and illegal activity such as fraud and theft. Therefore, we may process personal data as follows as part of our legitimate business interest: ➢ using your personal data to maintain, update and safeguard your information. ➢ Monitoring your browsing activity with us to identify and resolve any problems and protect the integrity of our websites. This will include using automated monitoring of IP addresses to identify possible fraudulent log-ins. ➢ If we discover any potential criminal activity, we will use personal data (such as, transaction monitoring, etc.) to investigate the potential criminal activity and, where appropriate, pass the details of such potential criminal activity to the police and other relevant regulatory authorities. For fraud management, we may share information about fraudulent or potentially fraudulent activity in our systems with third parties such as law enforcement bodies and the relevant financial institutions. We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body upon a valid request to do so. We assess such requests on a case-by-case basis whilst taking the privacy of our customers into consideration. 4.5.6. Updates on Law and Our Policies We may send you communications required by law, or which are necessary to inform you about changes to our business and/or issues regarding our services/products. For example, we may contact you by email, post, or text regarding updates to this Privacy Notice, and legally required information relating to your usage. These service messages will not include any promotional content and do not require prior consent. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.

5. Storing your Personal Data

The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom and/or the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for one of our company groups or subsidiaries and service provider. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. All information you provide to us is stored on our secure servers. We have strict policies and procedures regarding the storage, processing, and transmission of your personal data.

6. Managing your Personal Data

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at [email protected] Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. In general, you can choose how we communicate with you, but there are certain communications which are necessary for the operation of this site and App or which we are required to send by law, and you cannot opt out of these.

7. Automated Decisions

We take into several issues when we approve or disapprove your application to use Param UK services and products such as your age, your location, results of anti-money laundering and fraud check. We sometimes make automated decisions and also use automated checks to do that. That means we may use technology that can evaluate your personal circumstances and other factors to predict risks and outcomes. If the decision is negative, before rejecting it, we always have a team member to double check it. You may ask us to reconsider by sending us an e-mail to [email protected] Examples of automated decision: anti-money laundering and sanctions checks, identity and documents check, fraud controls (we monitor your account to detect fraud and financial crime.)

8. How Long is Your Personal Data Kept?

Most of your data is kept as long as you use Param and for seven (7) years after you stop using our services. In some situations, like anti-money laundering and fraud cases, we may keep the data longer if we need to (if it’s for our legitimate interest) and/ or the law says we have to.

9. Who do We Share Your Data To?

o Providers who provide us with Information Technologies, payment, and other delivery services, o Our financial partners such as banks, o Service providers which help us with identity verification and fraud checks, o Customer-service providers, survey providers and developers, o The financial institutions and the receivers (payee) when you transfer your money (your sort code/ bank account number/ full name), o Functional analytics providers and search information providers to improve our app and website, o Advertisement companies to promote our services and products, o Communication service providers which help us to send you emails, mails, push notifications and SMS, o Companies that manage our CCTV and security if you come to visit us, o The parties that you give us consent via our Param App or the people you ask to represent you (such as solicitors), o Other financial institutions (for example if you allow Open Banking), o Our partners provide you with their services (if you allow us to do so), o Authorities in the area of fraud, money laundering, terrorism financing etc, o The courts, police, and dispute resolution bodies, o Any third parties to meet our legal obligations,

10. What are Your Rights?

Under the Data Protection Act 2018, UK GDPR and Consumer Rights Act 2015 you have the following rights; 10.1. Direct Marketing When we are sending direct marketing to you on the basis of our legitimate interest, you have the right to decide not to receive any direct marketing from us. Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. You can also exercise these rights and update your preferences at any time by contacting us at [email protected] or [email protected] We need to verify your identity before taking your request in process therefore we may ask for questions or ask for your ID. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. 10.2. Access to Personal Data You have the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Laws and is free of charge in most cases, however in some cases we may require a fee for the access. If you require access to the information, we hold about you, please send an e-mail to [email protected] or [email protected] We need to verify your identity before taking your request in process therefore we may ask for questions or ask for your ID. 10.3. The Correction of Your Personal Data When Incorrect, Out of Date or Incomplete You have the right to request any information we hold is corrected if it is inaccurate. We may also ask for additional documents or information as evidence to make the requested changes. To ask for your information to be amended please send an e-mail to [email protected] or [email protected] We need to verify your identity before taking your request in process therefore we may ask for questions or ask for your ID. 10.4. Legitimate Interest In general, you can choose how we communicate with you, but there are certain communications which are necessary for the operation of this site and/or Param App or which we are required to send by law, and you cannot opt out of these. Where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop based on your individual circumstances. We shall stop any such processing unless we believe that we have a legitimate overriding reason to continue processing your personal data. 10.5. Request of Deletion of Your Data You can ask us to delete your data. If you request the deletion or destruction of your personal data, we respond you request within one month. However, deletion or destruction may not be possible all the time as the Financial Conduct Authority (the organ which regulates us) asks us to keep data for six (6) years. We can do this if it does not contradict the laws and regulations we have to comply with. 10.6. The Right to Make a Complaint If you do not consider that your data has been handled correctly by us or are not happy with our response to any requests you have made regarding our use of your personal data, you have the right to make a complaint to the Information Commissioner’s Office. Further details regarding making a complaint to the Information Commissioner’s Office can be found at https://ico.org.uk/make-a-complaint/ (please note that we are not responsible for the content of external websites).

11. Third Party Websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

12. Changes to the Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail, SMS or through Param App. Please check back frequently to see any updates or changes to our privacy policy

13. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected] and [email protected]