DOMUS PAYMENT SOLUTIONS LTD.: PRIVACY POLICY

Last updated: November 01,2023

1. Introduction.

Domus Payment Solutions LTD., cares about privacy and protection of your Personal data. This Privacy Policy (the “Policy”) explains the general principles how the Domus Payment Solutions LTD., its licensors, affiliates (“DPS”, “we”, “our” or “us”), collect and process information when you visit our website at https://domuspay.io/ (“Website”), use any of our services (“Services”) that we provide to you, or if you interact with us in any other way, e.g. contact us via social media pages. By communicating with us through the Website or our Services, you (“you”, “your”, “client”, “client representatives”, “data subject”) will be asked to agree and consent with this Policy. Reference in this Policy to “your Personal Data” means any information that can be used to directly or indirectly uniquely identify, contact, or locate you (“Personal Data”). We process Personal Data under this Policy and in accordance with applicable legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Personal Information Protection Act (PIPA) and if applicable General Data Protection Regulation (2016/679) (“GDPR”) (“Data Protection Law”).

2. The Scope of the Policy.

2.1. This Policy describes how we process Personal Data in connection with:

2.1.1. all matters related to you as the data subject, provision of personal data via the forms filled on the
Website, browsing our Website, providing the information, taking steps prior to entering the agreement with
your organization and further processing for the performance of the agreement;

2.1.3. cookies that may be used on our Website or live chat operation;

2.1.4. all our statutory obligations with respect to the Data Protection Law, and any other laws and
regulations that may be applicable to us.

3. Principles of Personal data processing.

3.1. We adhere to the principles of personal data protection as envisaged in the Data Protection Law and in accordance with these principles, Personal data shall be:

3.1.1. Processed fairly and lawfully and in a transparent manner in relation to the data subject;

3.1.2. Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;

3.1.3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;

3.1.4. Kept accurate and up to date;

3.1.5. Not retained longer than necessary;

3.1.6. Processed in a manner that ensures its appropriate security;

4. The legal basis for processing your Personal data.

We process your Personal Data on the basis of:

• your consent;
• contractual relationship between us;
• legal obligations to which we are subject to; and/or
• our legitimate interest.

We limit the processing of your Personal Data to the scope of purpose for which the data was collected. In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. However, it may limit the services offered to you, if the collection and processing is required by the law.

5. Personal Data Processing.

5.1. With regard to the Services, we may process the following categories of your Personal Data:

5.1.1. Consent to Personal Data processing. Personal Data may be processed with the consent of the data subject. Before giving consent, the data subject must be informed and accept the Privacy Policy by opt-in “I agree with the Privacy Policy” or consent must be obtained in writing or electronically.

5.1.2. Personal Data processing for a business relationship. Your Personal Data can be processed in order to establish, execute and terminate a business relationships agreement. Prior to an agreement – during the agreement initiation phase – Personal Data can be processed to prepare bids or purchase orders to the service or to fulfill other requests and consultations that relate to an agreement conclusion and to be contacted during the agreement preparation process using the information that you have provided. We process the following Personal Data for this purpose: Name and Surname, Phone, Email address, Identification Document (i.e., ID Card), IP-address, personal description, In relation to beneficiaries and/or shareholders – information on welfare and its sources (tax returns, CV, property documents, other documents if required), payment details, other documents requested by us and required for business relationships.

5.1.3. Personal Data processing for marketing purposes. We may send you information materials, news or events related to our services, as well as information about the most current events and any upcoming events related to our services that may be interested to you. Your Personal Data can be processed for marketing purposes or market and opinion research, provided that this is consistent with the purpose for which the data was originally collected. The data subject must be informed about the use of his/her Personal Data for marketing purposes and must provide us with consent via his/her email address or phone number. If Personal Data is collected only for marketing purposes, the disclosure from the data subject is voluntary and shall be informed that providing Personal Data for this purpose is voluntary. If the data subject refuses the use of his/her Personal Data for marketing purposes, it can no longer be used for these purposes. We process the following Personal Data for this purpose: Name and Surname, E-mail address, Phone.

5.1.4. Personal Data processing pursuant to legal obligations. The processing of Personal Data is also permitted if the national legislation requests, requires or allows this. The categories and extent of Personal Data processing must be necessary for the legally authorized data processing activity and must comply with the relevant statutory provisions and regulations.

5.1.5. Personal Data processing pursuant to legitimate interest. Personal Data can also be processed if it is necessary for a legitimate interest of the DPS. Legitimate interests are generally of a legal (e.g. collection of outstanding receivables, in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights, your legal rights and the legal rights of others) or commercial nature (e.g. avoiding breaches of agreement) or improvement of our service. Before Personal data is processed, it is necessary to determine whether there are legitimate interests that merit Personal data protection.

5.1.6. Personal Data processing using Cookies. We use cookies to obtain information about your use of our Website. Cookies allow us to provide you with a more streamlined and accessible experience when using the Website. The information generally does not comprise any data that would allow us to individually identify you as a natural person. We will process your Personal data using cookies for the duration of the period in which you have granted us consent. With regard to each of your visits to our Website, we may automatically collect the following information: • technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, Your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; • information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

5.1.7. Automated decision-making and profiling. Automated processing of Personal Data (i.e., profiling) that is used to evaluate certain aspects (e.g. evaluating specific related the data subject of personal aspects, especially for the analysis or prediction of aspects in connection with the behavior, performance of the data subject) cannot be the sole basis for decisions that have negative legal consequences or could significantly impair the data subject. The data subject must be informed of the facts and results of automated individual decisions and the possibility to respond.

5.1.8. Special category of Personal Data. The Data protection Law provides for the special category of Personal Data types (“sensitive data”) which we will process if allowed by the legal enactments. We do not seek to collect or process sensitive personal data for You. If at any time we will need to process such sensitive personal data in the future due to the changes in the purposes of Personal Data processing, the processing will be carried out in accordance with the principles set out in the Data Protection Law.

5.1.9. Restricted processing. Our Policy is not to knowingly provide services to or collect Personal data and information from persons under 18 years of age or age of majority. Our Website is not directed or intended for children under this age. If you are under 18 years of age, you should not provide Personal data or information on our Website. If you are the parent or guardian of a person under the age of 18 whom you believe has disclosed Personal data or information to us, please immediately contact us at info@domuspay.io so that we may delete and remove such person’s data from our system.

6. Your rights subject to Personal Data processing.

We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that must be made to any of your Personal Data that we are processing. You may, at any time, exercise the following rights with respect to our processing of your Personal Data:

a) Right to access: You have the right to request access to any data that can be considered your Personal Data. This includes e.g., the right to be informed on whether we process your Personal data, what Personal Data categories are being processed by us, and the purpose of our data processing;

b) Right to rectification: You have the right to request that we correct any of your Personal Data if it is inaccurate or incomplete;

c) Right to object: You are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing of you on legitimate interest;

d) Right to erasure: You may also request that your Personal Data be erased subject to certain statutory exceptions if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data should be erased to enable us to comply with a legal requirement;

e) Right to data portability: If we process your Personal Data based on your consent or based on a mutual contractual relationship, you may request that we provide you with that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may also request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;

f) Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time;

g) Opt-out from marketing: We will also give you the opportunity to opt out of our communication with you whenever we send you information about us, the events that we organize or any other information that we believe may be of interest to you. Additionally, you can also opt out at any time by contacting us.

For questions or concerns relating to the processing of your Personal Data and this Policy, please contact us either by emailing to our designated Data Protection Officer at info@domuspay.io or at the DPS registered address: 170-6660,GRAYBAR ROAD RICHMOND, BC, CANADA V6W1H9;

If cooperating with us cannot achieve the realization of your data subject’s rights, you do have the right to lodge a complaint with Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/en/ if you think that your Personal Data is being processed incorrectly or your data subject’s rights have been violated by us. You can lodge a complaint by contacting the DPA that is local to your jurisdiction i.e., the location of the alleged violation of your data subject rights or the inappropriate processing or your data, or the place you live and work.

7. The Recipients of Personal Data.

In order to provide you with certain functions and services, we have to share your personal data with partners, external third party service providers, related and regulatory entities. They process your personal data on the basis of data processing agreements and according to strict instructions, which do not allow them to use your data for any other purposes without notifying you or asking for your consent.

Here are some of the categories of the parties we may share your data with: DPS Group companies, Partners providing services for KYB, Credit institutions, banks Payment card schemes and processing providers, Technical or information service providers (APIs, gateways), E-wallet providers, Acquirers.

We, our partners, service providers and others may also be required to share your personal data with various financial institutions and/or enforcement or court authorities to comply with applicable laws, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or agents. Additionally, we may reveal your personal data to third- parties if: (1) you request or authorize it; (2) to address emergencies or acts of God; and (3) to address disputes, claims, or to persons demonstrating provable legal authority to act on your behalf.

8. Security measures and technical solutions.

We take reasonable measures, including administrative, technical and organizational, to ensuring physical and environmental security of Personal Data, encrypting Personal Data, providing computer network protection, personal device protection, data backup and other protection measures thus also protecting your Personal Data from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction.

Within the framework of processing of your Personal Data, access to your Personal Data is restricted to our authorized staff who need it for the performance of their work duties and who process your Personal Data in compliance with the technical and organizational requirements for the processing of Personal Data specified in the Data Protection Law. We regularly audit and tests systems, trains and instructs our staff, and also defines areas of responsibility in the processing of personal data.

9. Personal Data storage and retention.

We will retain your Personal Data for no longer than is necessary for the purposes for which they are collected and processed for.

10. Changes to the Policy.

We may make changes to this Policy to reflect changes in our processing methods and the best practices of data protection. If the Policy has been changed in any way, then the newest edition of this Policy will be published on our Website with notification prior to such changes come into force. Your continued use of our Services after this Policy has been amended will be deemed to be your continued acceptance of the terms of this Policy, as amended.

11. Contact us.

If you have any questions regarding this Policy, please contact us using the information below:

DOMUS PAYMENT SOLUTIONS LTD

Incorporation number: BC1358487

MSB registration number: M22067268

Main office or location of MSB: 170 - 6660 GRAYBAR ROAD RICHMOND, BC, CANADA V6W1H9

Telephone number: +1 (778) 244-4074

E-mail: info@domuspay.io