Select location and language
United Kingdom
English

Legal

Companies incorporated in the UK

Privacy Policy

Updated August 2025

This privacy notice (“Notice”) outlines the categories of personal data we collect, how we utilize and share that information, and informs you of your rights and the choices available regarding the processing of your personal data.

For the purposes of this Notice, “you” refers to the individual(s) who establish and manage the business account. In cases where multiple individuals are authorized to manage the account, “you” or “your” applies to any, all, or each of those individuals collectively. When we mention a “business,” we are referring to the company that holds the Currenxie Global Account.

Currenxie provides Currenxie Global Accounts and Card Services (collectively, our “Services”).

This Notice governs all Services offered by the Currenxie group of companies to our business customers worldwide. Should any part of this Notice pertain exclusively to a specific Service or apply only to customers in certain jurisdictions, we will clearly specify these distinctions. Additionally, you may refer to the country-specific provisions detailed in the appendices below.


1. Data Controller

In this notice, the terms “we,” “our,” or “us” refer to the Currenxie group company that delivers the product or service to you and holds responsibility for managing your personal data. For the purposes of this Notice, when you act on behalf of a business- such as a company founder or an administrator of a Currenxie Global Account- you are designated as a “Representative.”

Representatives may authorize others, including business employees, to access, operate, or use a Currenxie Account or our Services on the business’s behalf; these individuals are known as “Authorised Users.”

If you are a Representative, Currenxie acts as the Data Controller of your personal data.

If you are an Authorised User, the business that owns the Currenxie Global Account generally serves as the primary Data Controller of your personal data. Should Authorised Users have questions about how their data is processed in connection with Currenxie Global Account, they should initially consult their employer. In certain situations, Currenxie may also act as a Data Controller, for example, when collecting identification documents or biometric data such as selfies for Know-Your-Customer (KYC) verification.

A list of companies providing these services is available in the Terms and Conditions of your Global Account.

2. Personal Data We Collect About You

Data protection laws primarily safeguard individuals rather than legal entities like companies; however, these laws apply to the individuals associated with such entities.

When offering Currenxie Global Accounts, we process personal data relating to those authorized to establish and manage the account- namely, Representatives- and this Notice details how we handle such data.

Personal data refers to any information that identifies or can identify an individual. This includes data you provide directly (such as your name, address, or contact information) and data we collect during your interaction with our Services (such as device details or IP addresses). Anonymous data, which cannot be traced back to an individual, is excluded.

We collect and process your personal data in the following ways:

2.1 Information You Provide to Us

Much of the information we hold about you or individuals connected to your business is provided directly by you. For example, when you register for a Currenxie Global Account, you supply data essential to your experience. This includes:

  • Contact details: Name, email, postal address, and phone number.

  • Personal details: Date of birth, passport or other identification numbers (including national IDs such as Hong Kong’s HKID or Japan’s MyNumber), tax residency, tax reference numbers, proof of address, and residency.

  • Shareholder and Director details: Information about shareholders, beneficial owners, and directors, which may include copies of identity documents.

  • Financial information: Bank account numbers, credit or debit card details, and financial history.

  • Images: In certain jurisdictions, facial scan data derived from photos or videos (biometric data).

  • Communications: Content of emails, phone call recordings, and online chat messages.

  • Personal circumstances: Information that may indicate vulnerability or a need for additional support to comply with regulatory obligations.

  • Source of funds: Documentation such as bank statements, loan contracts, or equity agreements verifying the origin of funds or wealth.

Failure to provide information required to meet legal obligations may affect our ability to deliver services to you.

You can update your contact details at any time by logging into your account settings to ensure they remain accurate and complete.

If you provide personal data about others- such as shareholders, directors, Authorised Users, payment counterparts, or any other individuals connected to Currenxie- you confirm that you have their consent or legal entitlement to share this information and that they understand how we will use their data, including bringing this Notice to their attention where legally required.

2.2 Information we collect about you from your use of our services. This encompasses:

  • Transaction Data: Detailed information about transactions, including payments, beneficiary details, and transaction origin.

  • Device Information: Technical data about devices used to access services, such as IP address, username, browser details, and device identifiers.

  • Usage Data on Our Website: Information about interactions with digital platforms, including viewed products and page engagement.

  • Behavioural Biometrics: Data on login and interaction patterns, such as typing rhythm and mouse movements, used for fraud detection.

2.3 Information we receive from other sources. This includes information from:

  • Financial Institutions: Personal data may be received from other banks and financial entities, such as account information linked to a Currenxie Global Account via Open Banking, ACH, or EFT.

  • Third-Party Accounting Software: Bank account details, transactional records, invoices, bills, and vendor/contact information may be obtained when synchronizing a business account with accounting software.

  • Connected Persons: Personal data of "connected persons" to a Currenxie client, such as payment beneficiaries or ultimate beneficial owners, may be shared, including name, account details, email, and verification information.

  • Advertising Networks, Analytics Providers, and Search Information Providers: Information about how a user discovered the website may be supplied.

  • Fraud Prevention Agencies and Government or Private Databases: Verification of provided information against government or private records may occur to confirm identity and combat fraud.

  • Publicly Available Sources: Data may be gathered from publicly accessible sources like media reports, online directories, registers, and websites for due diligence and KYC procedures.

2.4 Information from Your Third Party Services.

If you choose to log into our services using your third party accounts, such as Apple ID, Facebook, or Google, we receive only the information necessary to authenticate your access, including your profile details and email address, all in accordance with the privacy policies of the respective social network.

When you visit our social media pages (for example, on Facebook or Instagram), these platforms collect personal data about you, which they aggregate into anonymized statistics. While we have access to these aggregated insights, we do not receive or have access to any underlying personal data that would identify individual users or followers.

Additionally, we gather information when you interact with our social media presence-whether by posting, tagging us, commenting on our content, or sending private messages on platforms such as Instagram or LinkedIn.

From time to time, we may also use publicly available information from select social media networks or media sources to conduct enhanced due diligence checks.

3. Ways we use your information

3.1 Legal Basis for Processing Your Personal Data

We process your personal data only when permitted by law. In most instances, our legal grounds for doing so fall within one or more of the following categories:

  • Contractual Necessity: Processing essential to perform or enter into an agreement, such as facilitating payments or managing an account.

  • Legal Obligation: Processing required by law, like collecting identification documents for anti-money laundering regulations.

  • Legitimate Interests: Processing based on valid and reasonable interest that doesn't override fundamental rights, such as analyzing service usage and enhancing offerings.

  • Consent: Processing with explicit permission given by the user.

  • Substantial Public Interest: Processing sensitive data to serve a significant public interest, like crime prevention.

3.2 Purposes of Processing and Corresponding Legal Bases

Below, we outline the specific purposes for which we process your personal data alongside the applicable legal basis. While consent may not be listed as the legal basis for every processing activity in this overview, in certain jurisdictions- where consent is the most appropriate or sole lawful basis- we rely on it accordingly. For further information, please refer to the country-specific appendices available below.

What we use your data for

The legal basis for doing so

To Assess Your Eligibility for Our Services

As part of our commitment to comply with Know Your Customer (“KYC”) requirements under anti-money laundering regulations, we conduct thorough identity verification checks for you and any Authorised Users during the onboarding process. In certain jurisdictions, this process includes the extraction of facial scan data-referred to as “biometric data”-from a selfie or video you provide, which we then compare against the photograph on your official identity documents. 

Legal obligations

Consent (for biometric data collection)

To provide our products and services to you, 

we will process personal data as required to deliver the money transfer and Currenxie Global Account services you have requested

Contract necessity

Legal obligation

Deliver customer support services and, where necessary, monitor or record communications between you and us-including phone calls-to ensure quality assurance and facilitate staff training.

Legitimate interests. It is in our legitimate interests to monitor service quality

To Protect Your Assets Against Fraud

We process personal data to prevent, detect, and defend against actual or suspected fraud, unauthorized transactions, claims, liabilities, and financial or other criminal activities.

In certain instances, this may involve collecting biometric data, such as when updating a phone number linked to an account or seeking to recover access. (See our Facial Scan Privacy Notice for further details.)

To maintain the effectiveness of our anti-fraud measures, we may not disclose all specifics of our fraud prevention methods.

These checks help us verify your eligibility to use our services.

These checks form a critical part of our ongoing commitment to ensuring the safety and security of our platform.

Contract necessity

Legal obligation

Legitimate interests. It is in our legitimate interests to detect, prevent, and investigate fraud, money laundering and other crimes to protect our business and our customers.

Compliance with Legal and Regulatory Obligations, Protecting Our Business, and Enforcing Our Rights

We may process your personal data to:

Fulfill legal and regulatory requirements, including responding to requests from public or government authorities-potentially outside your country of residence-upon presentation of lawful authority.

Comply with tax-related obligations if you use our Assets product, including determining your tax status and adherence to applicable tax regulations.

Prevent, detect, and protect against actual or suspected fraud, unauthorized transactions, claims, liabilities, and financial or other criminal activities. This includes conducting or cooperating with investigations into fraud or other unlawful conduct when deemed reasonable and appropriate.

Take necessary measures to recover amounts owed to us and to mitigate or recover any damages incurred.

Verify the accuracy of information you provide to us and enforce the terms of our Global Account Terms and Conditions.

Investigate, manage, and resolve complaints effectively.

Prevent and address incidents of abusive or aggressive behavior directed towards our employees.

Legal obligations

Legitimate Interests (it is in our legitimate interests to protect our business, customers and employees from harm)

Marketing and analytics

To tailor marketing communications to be relevant and engaging, reflecting your interests in our products and services.

To evaluate advertising impact and deliver meaningful and pertinent advertisements.

To share information about other products and services we provide that may be of interest to you.

Legitimate interests. It is in our legitimate interests to let our customers know about our products and services which may interest them, to personalise marketing communications and to understand the effectiveness of our advertising.

Consent where we are required to collect your consent by law.

Maintaining and improving our services

We may process your personal data:

To manage and administer our services, supporting internal operations such as planning, auditing, troubleshooting, data analysis, testing, research, statistical evaluation, and surveys.

To drive system and product development, including collaborating with third-party suppliers to enhance the quality and performance of the services they provide to us.

To continuously improve our offerings and ensure they are delivered in the most effective and user-friendly manner.

We may employ Artificial Intelligence (“AI”) technologies- including machine learning algorithms and generative AI large language models (LLMs)- to enhance the efficiency and accuracy of our services, particularly in financial crime detection and fraud prevention. We are committed to transparency and will always inform our customers when they are interacting with an AI system.

Legitimate interests. It is in our legitimate interests to maintain, develop and improve our services.

Understanding When You May Need Additional Support

We process your personal data to recognize situations where you might require extra assistance-such as during times of bereavement or financial hardship-and to provide appropriate support tailored to your circumstances.

In certain jurisdictions, we are legally obligated to proactively identify and offer help to vulnerable customers, ensuring their needs are met with care and sensitivity.

Substantial public interest (if we process your sensitive personal data to adhere to legal requirements that apply to us).

Consent where we are required to collect your consent by law.

4. How and Why We Disclose Your Information

We may share your personal data with the following categories of third parties:

  • Other Currenxie entities assist in delivering services, enhancing operations, and supporting business functions.

  • Banks and Financial Institutions facilitate services like processing payments and managing accounts; they are independent data controllers.

  • Independent Third-Party Service Providers receive information when authorized to sync with accounts.

  • Analytics and Search Engine Providers help analyze and optimize websites and services.

  • Cloud Storage and Technology Providers provide hosting, IT services, maintenance, and technical support.

All third-party service providers and partners are contractually obligated to handle your personal data securely and solely for the purposes outlined in our agreements with them.

4.1  Authorized Users

Individuals to whom you have granted access to your Currenxie Global Account-within the permissions you have established-will have certain visibility and control over the account as permitted.

4.2 Beneficiaries

When you initiate a payment transaction, the recipients (beneficiaries) receive limited information necessary to process the payment.

4.3 Regulators, Law Enforcement, and Public Authorities

We may disclose or share your personal data with regulators, law enforcement agencies, and public authorities-including judicial and administrative courts-when required by law, such as in response to subpoenas, warrants, court orders, or properly constituted police requests. This may also occur to enforce our Global Account Terms and Conditions or other applicable agreements, or to protect the rights, property, or safety of Currenxie, our customers, employees, or others.

4.4 Fraud Prevention Agencies and Service Providers

To prevent, detect, and protect against actual or suspected fraud, unauthorized transactions, claims, liabilities, and financial or other crimes, we may share your data with fraud prevention agencies and service providers. This includes cooperating with investigations of fraudulent or illegal activities when deemed reasonable, appropriate, or legally mandated.

4.5 Third Parties and Financial Institutions

Your personal data may be shared with third parties or financial institutions for purposes such as debt recovery, insolvency proceedings, or to facilitate the recovery of funds mistakenly or fraudulently received by you.

4.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the relevant parties involved in the transaction, subject to confidentiality agreements and compliance with applicable data protection laws.

4.7 Amazon Payment Service Provider Programme

If you have entered your Currenxie Global Account details into Amazon Seller Central, Amazon may request that we provide them with information about you, your accounts, payments since January 1, 2015, and any external accounts linked to your Currenxie Global Account. Should you prefer that Currenxie does not share this information with Amazon, please refrain from providing your Currenxie Global Account details on Amazon Seller Central. Note that without doing so, you will be unable to receive payments from your Amazon storefront via Currenxie.

4.8  With Your Consent

In certain circumstances, we may share your personal data with other third parties only when you have given explicit consent to do so.

If you would like more information about who we have shared your data with or wish to receive a data-sharing report specific to you, please contact us at dataprivacy@currenxie.com.

5. International Data Transfers

5.1 International Data Transfers

As a global provider of money transfer services and multi-currency accounts, it is occasionally necessary to transfer your personal data beyond your country of residence or to engage services supported by our teams- including outsourced partners- located in other jurisdictions.

5.2 Ensuring Compliance with Data Protection Laws

When transferring personal data internationally, we implement robust measures to comply with the applicable data protection laws governing such transfers. In particular, if your data is transferred to countries whose data protection frameworks do not offer an equivalent level of protection as your own, we take all reasonable steps to ensure your personal data is handled securely and in full accordance with the commitments set forth in this notice.

5.3 Data Transfer Mechanisms

Where mandated by law, we employ one or more of the following safeguards to protect your personal data during international transfers:

  • Transferring data only to countries or recipients recognized as providing an adequate level of data protection under applicable law.

  • Entering into EU Standard Contractual Clauses approved by the European Commission, as well as the UK International Data Transfer Addendum issued by the Information Commissioner’s Office, with the relevant data importers.

  • Utilizing other lawful mechanisms permitted under applicable data protection regulations.

For further details about the third parties to whom your personal data may be transferred, their locations, and the contractual safeguards in place, please contact us at dataprivacy@currenxie.com.

6. Profiling and Automated Decision Making

6.1 Personalisation of Services and Communications

We may utilize certain aspects of your data- such as your country of residence and transaction history- to tailor our services and the information we provide, ensuring they better meet your needs. For instance, if you regularly transfer funds between specific currencies, we might use this insight to inform you about relevant updates or new features that could benefit you. Should you prefer not to have your personal data used for personalizing electronic marketing communications, you may opt out at any time.

6.2 Automated Decision-Making and Fraud Prevention

We employ automated processes to assess your application for access to Currenxie services and to monitor ongoing use, including verifying your identity and business information, as well as detecting and preventing fraud or other unlawful activities. These processes may result in automated decisions such as rejecting your application or a transaction, blocking suspicious login attempts, or closing your account. In such cases, you will be notified and given the opportunity to request further information about the decision-making process and to seek a manual review. If you believe an automated decision has adversely affected you, please contact Currenxie Customer Support for assistance.

6.3 Fraud and Money Laundering Risk Management

If we, a fraud prevention agency, or other third-party fraud prevention service providers identify a risk of fraud or money laundering, we may decline to provide the requested services or discontinue existing products and services. Records of such risks are maintained by fraud prevention agencies and other relevant parties, which may influence their decisions regarding your eligibility for services, financing, or employment in the future.

7. Cookies

7.1 Our website and app utilize small data files known as cookies, along with similar technologies such as pixel tags and web beacons. These tools help us distinguish you from other users, understand how you interact with our site and products, and deliver an optimal user experience. Additionally, they enable us to enhance our services and ensure that the advertisements you encounter online are more relevant to your interests. For detailed information about the cookies and technologies we employ, as well as their specific purposes, please refer to our Cookie Policy.

7.2 We also incorporate pixels or web beacons in certain email communications to track delivery and open rates, as well as to monitor whether links within the emails are clicked. This data allows us to evaluate the effectiveness of our email campaigns and continuously improve our future communications.

8. Data Retention

8.1 We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. As a regulated financial institution, Currenxie is legally obligated to retain certain personal and transactional data beyond the closure of your account. Typically, this retention period ranges from five to ten years following account closure, depending on the applicable laws.

8.2 Once personal data is no longer required under relevant laws or regulations in the jurisdictions where we operate, we ensure its secure deletion. This process is automated, so you do not need to request data deletion. Our methods include shredding and destruction of physical records and hardware, as well as deletion or overwriting of digital data.

9. How We Protect Your Personal Information

9.1 Commitment to Security

We take the protection of your personal information with the utmost seriousness. While the transmission of data over the internet can never be entirely risk-free, we employ rigorous measures to safeguard your information. Please be aware that any data sent online is transmitted at your own risk. Once received, we apply stringent security protocols to maintain the confidentiality and integrity of your data, including:

  • Encrypt all communications between you and Currenxie systems using robust asymmetric encryption.

  • Promptly update and patch servers to address vulnerabilities.

  • Operate a Responsible Disclosure and bug bounty program.

  • Continuously monitor servers and services for abnormal or malicious activity.

  • Encrypt data at rest when it is not actively in use.

9.2 Regular Audits and Certifications

We undergo frequent independent audits to verify our compliance with leading security standards, including ISO27001:2022 and PCI-DSS. These assessments, conducted by external auditors, validate the effectiveness of our security controls.

9.3 Controlled Access and Third-Party Safeguards

Access to your personal data is strictly limited to Currenxie employees who require it to perform their job functions, as well as to trusted third-party service providers acting on our behalf. All Currenxie personnel with access to your data are bound by this privacy notice, and third-party providers are contractually obligated to implement appropriate security measures. These agreements ensure compliance with the security and data protection requirements relevant to your jurisdiction and confirm that your personal data is processed solely under Currenxie’s instructions.

9.4 Ongoing Training and Organisational Measures

We continuously educate and train our employees on the importance of confidentiality and the protection of customer information. Our physical, technical, and organizational safeguards are designed to comply with applicable laws and regulations, effectively preventing unauthorized access to your personal data.

10. Your Rights

If you are an Authorised User or a customer of a business with a Currenxie Global Account, please note that the business- rather than Currenxie- holds primary responsibility for addressing your requests regarding personal data.

You may possess certain rights concerning the processing of your personal data. Regardless of whether local law mandates it, Currenxie commits to responding to all inquiries about personal data processing, requests for copies of the personal data we hold, requests to delete personal data, and requests to opt out of direct marketing communications. Additional rights may also be available, depending on your jurisdiction.

Should you have any questions about how we use your personal data, please contact us at dataprivacy@currenxie.com.

Your right

How to exercise your right

Request a copy of your personal data

Upon your request, we will provide you with a copy of the personal data we hold about you. To ensure compliance with applicable laws both globally and within your jurisdiction, certain information-such as personal data pertaining to third parties and details related to the prevention or detection of crime-may be excluded from the disclosure.

Request correction of your personal data

We will promptly correct any inaccurate or outdated information about you upon your request. To ensure accuracy, we may need to verify the new data you provide.

While some details can be updated directly through your settings on our app or website, we are always available to assist you through our Customer Support channels whenever needed.

Request deletion of your personal data

You may request the deletion of your personal data in the following circumstances:

when there is no legitimate reason for us to continue processing it;

after you have successfully exercised your right to object to such processing (see below);

if your personal data has been processed unlawfully;

when we are legally obligated to delete your data to comply with applicable laws; or

if we have been processing your data based on your consent and you choose to withdraw that consent.

Withdraw your consent

When our processing of your personal data relies on your consent, you have the right to withdraw that consent at any time. Please note that withdrawing consent does not affect the legality of any processing conducted prior to its withdrawal. However, should you choose to withdraw your consent, we may be unable to continue providing certain products or services to you.

Request to stop direct marketing to you

Upon your request, we will cease sending you direct marketing communications. Please note that our marketing efforts may include profiling to tailor these communications more effectively. If you wish to object, you can opt out of direct marketing at any time by contacting us or by adjusting your notification preferences within your account settings.

Request human review of an automated decision

In instances where we employ fully automated decision-making processes, you have the right to request information about the methodology behind these decisions. You may also ask us to verify the accuracy of any automated decision that significantly impacts you.

We will notify you whenever we make solely automated decisions that could have a substantial effect on you. To request a human review of an automated decision, please contact our Customer Support team.

Object to processing based on legitimate interests

If we rely on legitimate interests as the legal basis for processing your personal data and you disagree with this, you may request a reassessment. While we will carefully consider your concerns, there may be overriding reasons- excluding direct marketing- for which we must continue processing your data. In such cases, we will always provide a clear explanation of why the processing is necessary.

Ask us to suspend processing

You may request that we suspend the processing of your personal data under the following circumstances:

When you seek verification of the data’s accuracy.

If the processing is unlawful but you prefer that the data not be deleted at this time.

When you wish for us to retain the data despite no longer needing it, because it is necessary to establish, exercise, or defend legal claims.

If you have objected to our use of your data and we need to assess whether overriding legitimate grounds exist to continue processing it.

Request transfer of your data to another company

If you request, we will share the personal data you gave us with your chosen third party in a clear, standard, and easy-to-use digital format.

11. Changes to Our Privacy Policy

To remain aligned with evolving legislation, industry best practices, and updates in how we handle personal information, we may amend this privacy notice at any time. Should any significant or material changes occur, we will proactively inform you.

12. Contact Information

12.1 For any questions, comments, or requests regarding this privacy notice, please reach out to our privacy team at dataprivacy@currenxie.com. You may also contact our Data Protection Officer through the same address. Alternatively, you can write to us or our Data Protection Officer at the registered office relevant to your location, as detailed here.

12.2 If you believe your concerns have not been satisfactorily addressed or that your data protection or privacy rights have been violated, you have the right to lodge a complaint with any supervisory authority or public body responsible for enforcing privacy laws, as outlined in our Help Centre.

Country specific provisions

If there is a conflict or inconsistency between the privacy notice and the appendices below, the relevant appendix prevails.

Appendix 1 EEA (European Economic Area) - disclosure of your personal data

If you are a resident of the European Economic Area (EEA) holding a balance in our Global Account, we are legally required to disclose certain personal data to the Central Bank of Ireland (CBI).

On an ongoing basis, we must report:

  • Details of Irish bank and payment accounts and any powers of attorney related to these accounts, including account numbers, the customer's role (account holder or proxy), and the account’s start or end dates;

  • The existence of specific financial contracts concluded in Ireland, reporting the start or end dates and the contract type;

  • Certain cash-related financial transactions, specifying the transaction type, the customer's role (whether the customer or their authorized representative), and the transaction date.

Periodically, we must also provide:

  • The balance of relevant cash accounts as of June 30 and December 31 each year;

  • The aggregate value of investment services contracts, reflecting assets under custody and liabilities to clients under these contracts, as of June 30 and December 31 each year.

To identify the individuals behind these accounts, contracts, and transactions, we must report:

  • For natural persons: National Register number (or BIS number), or if unavailable, last name, first name, date of birth, and optionally place and country of birth;

  • For legal entities: registration number at the Crossroads Bank for Enterprises, or if unavailable, full name, legal form, and country of establishment.

This disclosure is mandated to ensure regulatory compliance with the Central Bank of Ireland’s reporting requirements

The Central Bank of Ireland (CBI) retains this data for a period of 10 years, while records of information requests it receives are kept for five years. Under strict legal conditions, the CBI may disclose this data to Irish tax authorities and other authorized entities entitled to request such information. The data may be utilized for tax investigations, criminal inquiries, combating money laundering, terrorist financing, serious criminal offenses, and any other purposes permitted by Irish law.

You have the right to access any data the CBI holds about you by following the process outlined on the CBI’s website. Additionally, you may request corrections or deletions of any inaccurate personal data linked to your name, preferably through us.

In accordance with EEA and UK privacy laws, these terms apply to Currenxie Europe Limited customers-including those in the EEA and UK-and visitors to our websites, supplementing the broader terms of our privacy policy.

Currenxie Europe Limited, located at 6th Floor, 2 Grand Canal Square, Dublin 2, Ireland, is the data controller under the General Data Protection Regulation (GDPR), regulated by the Irish Data Protection Commission (DPC). For any questions regarding this policy, you may contact our Data Protection Officer at dataprivacy@currenxie.com.

If you are dissatisfied with how your data is processed or with our response to a request or complaint, you have the right to lodge a complaint with the Irish Data Protection Commission or your local supervisory authority. Further details on contacting the DPC are available on their website.

When Do We Disclose Your Personal Information?

The section titled “How and Why We Disclose Your Information” within the main Policy, under the heading “WHEN DO WE DISCLOSE YOUR INFORMATION?”, outlines the parties with whom we may share your personal data. This includes disclosures necessary for legal compliance and those essential to delivering our Services to you.

Please be aware that when you provide your information, it may be transferred to and stored in countries outside the European Economic Area (EEA) or the United Kingdom (UK), including jurisdictions such as the United States and Israel.

It is important to note that these countries may not always offer the same level of data protection as the EEA or UK. To safeguard your personal information, Currenxie implements a range of protective measures, which may include but are not limited to:

  • Conducting thorough assessments of the security protocols at any location where your data is transferred;

  • Establishing robust contractual agreements that require data processors to act solely on our instructions and adhere to strict data protection standards;

  • Implementing ongoing monitoring, reporting, and resolution procedures to maintain data security;

  • Ensuring all international transfers are conducted under appropriate safeguards as stipulated in Article 46 of the GDPR, including the use of Standard Contractual Clauses approved by the European Commission (Article 46.2).

Should you require further details regarding the international transfer of your personal information and the safeguards we apply, please do not hesitate to contact us at dataprivacy@currenxie.com.

Legal Bases for Processing Your Personal Data

We process your personal information in full compliance with applicable data protection laws, relying on the following legal bases:

  • Performance of a Contract: Processing is necessary to fulfill our contractual obligations with you, including the Terms and Conditions governing our services, or to take steps you request prior to entering into such a contract.

  • Contractual Requirement: You are required to provide personal data essential for entering into and performing our contractual agreements. Should you choose not to provide this information as outlined in the section “HOW AND WHY WE USE YOUR INFORMATION?”, we will be unable to deliver the agreed services.

  • Legitimate Interests: Processing may be carried out to serve Currenxie’s or third parties’ legitimate interests, provided these do not override your rights and interests in protecting your personal data. Examples include verifying identity, preventing suspicious or high-risk transactions and fraud, conducting internal research and analytics, communicating with you, and informing you about new products or services-either ours or those of partners-that may be relevant to you.

  • Balancing Test: Before processing your data based on legitimate interests, we carefully assess whether such processing is necessary and consider its impact on your fundamental rights and freedoms. We have concluded that the processing is essential and does not adversely affect your rights.

  • Consent: Where applicable, processing is based on your explicit consent.

  • Legal Obligation: Processing is necessary to comply with legal requirements binding on Currenxie.

Processing Special Category Data

In certain circumstances, we may process special category data as defined by law (see “HOW, WHEN AND WHAT WE COLLECT?” for details). In these cases, processing is justified on one or more of the following grounds:

  • To establish, exercise, or defend legal claims;

  • With your freely given, informed, and specific consent;

  • For reasons of substantial public interest as permitted by applicable law.

If you would like further information about the legal grounds for processing your personal data or the legitimate interests we rely upon, please do not hesitate to contact us.

Where processing is based on your consent, you have the right to withdraw it at any time. To do so, please reach out to our Data Protection Officer at dataprivacy@currenxie.com.

Is Providing Your Personal Information Mandatory?

In most cases, supplying your personal data to us is optional. However, if you choose not to provide certain essential information, you will be unable to access or use our Services. For instance, we require details such as your name, address, and bank account information to facilitate payments to and from you. In other situations, you have greater control-for example, you may disable cookies in your browser, and we will refrain from placing cookies on your device. Please note, though, that disabling cookies might limit your ability to fully use certain features of our websites.

Profiling and Automated Decision-Making

We employ automated decision-making tools as part of our evaluation process to determine eligibility for using our services. These processes are fully automated and do not involve human intervention. Such tools help us prevent fraud, enhance security, assess risk, and comply with applicable Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. They also assist in verifying your identity when you become a customer. Examples include:

  • Registration Approval: Automated systems analyze the information you provide during registration and may request additional details if needed to approve your application.

  • Payment Transaction Approval: For certain transactions, automated tools may determine whether further information is necessary to process the payment.

  • Identity Verification: To comply with AML and KYC requirements, we use automated tools that verify your identity through methods such as selfies and official identification documents. These tools can authenticate documents, classify their types, extract relevant data, and decide if the documents meet our standards or if additional information is required.

You have specific rights concerning automated decision-making, especially when decisions significantly affect you. For more information, please refer to the “YOUR RIGHTS UNDER GDPR” section below.

How Long Do We Retain Your Personal Information?

Currenxie retains your personal data for the duration of your relationship with us and for a period thereafter, as mandated by applicable laws, regulations, and our internal policies. This retention supports purposes such as fraud prevention, risk management, and security. We regularly review the necessity of holding your data to ensure compliance with these objectives and legal requirements.

Your Rights Under GDPR

You have a range of rights concerning your personal data, which you may exercise at any time. Below is a summary of these rights and how you can act upon them.

How to Exercise Your Rights

For requests to delete your personal data or to obtain a copy of it, or any other questions or concerns related to privacy and personal data, please reach out to our Data Protection Officer at dataprivacy@currenxie.com.

Accessing Your Data

You have the right to:

  • Confirm whether we are processing your personal data;

  • Receive a copy of the personal data we hold about you;

  • Obtain detailed information about your data, including what data we collect, how we use it, to whom we disclose it, whether it is transferred outside the EEA/UK, how we protect it, the duration of retention, your rights, how to file a complaint, the source of your data, and whether automated decision-making or profiling is involved.

We strive to provide all this information clearly within this Policy. However, if anything remains unclear, please contact our Data Protection Officer at dataprivacy@currenxie.com.

There is no fee for accessing your personal data unless your request is manifestly unfounded, repetitive, or excessive. In such cases, we will charge a reasonable fee and notify you beforehand.

Correcting Your Personal Data

You may request correction of any inaccurate or incomplete personal data at no cost.

Where feasible, we will inform any third parties to whom we have disclosed your data about the correction.

If we are unable to fulfill your correction request, we will explain the reasons for this.

Erasing Your Personal Data

Often referred to as the “right to be forgotten,” this right allows you to request the deletion of your personal data free of charge in certain circumstances. Please note, however, that this right is not absolute and may be subject to legal or contractual limitations.

For further assistance or clarification regarding your rights under GDPR, please do not hesitate to contact us.

Your Right to Request Erasure of Personal Data

You may request the deletion of your personal data in the following circumstances:

  • When the data is no longer necessary for the purpose for which it was originally collected or processed;

  • If we process your personal data based on your consent and you subsequently withdraw that consent;

  • If you object to the processing and we do not have an overriding legitimate interest to continue;

  • When your personal data has been processed unlawfully;

  • If erasure is required to comply with a legal obligation;

  • When the data was processed to provide information society services to a child.

Please note that this right is subject to certain exceptions. If any such exception applies, we are not obliged to delete your personal data.

In cases where your personal data has been shared with third parties, we will notify them of your erasure request unless doing so is impossible or would involve disproportionate effort.

Additionally, depending on technical and commercial feasibility, your personal data may be deleted entirely or retained only in an aggregated form that cannot be linked to any identifiers or personal information.

Restricting the Processing of Your Personal Data

You have the right to request a restriction on the processing of your personal data under certain conditions, free of charge. This right is not absolute. When processing is restricted, we may store your personal data and retain sufficient information to ensure the restriction is respected. However, we will not further process your data unless you consent, or if processing is necessary to protect legal claims, the rights of others, or for important public interest reasons.

You may request to restrict processing in the following scenarios:

  • If you contest the accuracy of your personal data, processing will be restricted until we verify its accuracy;

  • If you object to our processing pending verification of whether our legitimate interests override your rights and freedoms, or in connection with legal proceedings;

  • If the processing is unlawful but you prefer restriction over erasure;

  • If we no longer need the personal data, but you require it to establish, exercise, or defend a legal claim.

Should we have disclosed your data to third parties, we will inform them of any restriction placed on processing unless this proves impossible or would require disproportionate effort. We will also notify you if we decide to lift any such restriction.

Objecting to the Processing of Your Personal Data

You have the right to object to the processing of your personal data at any time, free of charge. While this right is not absolute, you may object when the processing is:

  • Based on legitimate interests; or

  • Conducted for scientific, historical research, or statistical purposes.

Upon receiving your objection, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests and rights, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

You also have the unequivocal right to require us to stop using your personal data for direct marketing purposes. We will comply immediately upon receiving your request, with no exceptions or grounds for refusal.

Data Portability

Data portability empowers you to obtain and reuse your personal data across different services. This right applies when:

  • You have provided the personal data to us directly;

  • We process the data based on your consent or to fulfill a contract; and

  • The processing is carried out by automated means.

In such cases, we will provide your personal data to you free of charge, in a structured, commonly used, and machine-readable format.

Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you. In certain situations where automated decision-making is employed, we will offer you an opt-out option by providing an alternative method of processing.

We will inform you of any automated decision-making processes that affect you. In such cases, you have the right to:

  • Request human intervention;

  • Present your point of view; and

  • Challenge the decision.

Please note that these rights are not absolute. We may be unable to accommodate your request for human intervention, to consider your perspective, or to contest a decision if the processing of your personal data is:

  • Necessary to enter into or perform a contract with you;

  • Authorised by law (such as for fraud prevention) with appropriate safeguards to protect your rights, freedoms, and legitimate interests; or

  • Based on your explicit consent.

Handling Your Requests to Exercise Your Rights

We will respond to your request without undue delay and, in any event, within one (1) month of receipt. If your request is particularly complex or if you have submitted multiple requests, we may extend this period by up to two (2) additional months. In such cases, we will notify you promptly of the extension.

If we hold a substantial amount of information about you, we may ask you to specify the exact data or information you wish to receive to help us process your request more efficiently.

To fulfill your requests, we will undertake the necessary internal procedures to verify your identity.

Appendix 2 California residents - your rights

As a resident of California, you may have specific rights under the California Consumer Privacy Act (“CCPA”) concerning your personal data, including:

  • The Right to Be Informed: You have the right to know what personal data we collect, use, and process. Detailed information about the categories of personal data collected, the sources from which we obtain it, the business or commercial purposes for collection, and the categories of third parties with whom we share your data can be found in our main Privacy Notice, supplemented by the Currenxie U.S. Consumer Privacy Notice.

  • The Right to Access: You may request disclosure of the specific pieces of personal data we have collected about you in the twelve (12) months prior to your request.

  • The Right to Deletion: You have the right to request the deletion of personal data we have collected about you.

  • The Right to Correction: You may request correction of any inaccurate personal information we hold about you.

  • The Right to Limit Use of Sensitive Information: You can restrict the use of your sensitive personal information to only what is necessary to provide products or services.

  • The Right to Opt-Out of Sale or Sharing: While the CCPA grants you the right to opt out of the sale or sharing of your personal information, please note that Currenxie does not engage in the sale of personal information as defined by the CCPA. As outlined in our main Privacy Notice, we do share personal information with other businesses for various legitimate reasons, but not for the sole purpose of receiving compensation.

  • The Right to Non-Discrimination: You will not be discriminated against for exercising any of these rights.

Important Exceptions

Please be aware that this section does not apply to:

  • Personal information governed by certain sector-specific privacy laws, such as the Gramm-Leach-Bliley Act and its implementing regulations, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994; or

  • Other categories of information exempted under the CCPA.

“Shine the Light” and “Eraser” Laws

You may request a list of all third parties to whom we have disclosed certain information for their direct marketing purposes during the preceding year. However, Currenxie does not participate in such practices.

How to Submit a Request

To exercise any of these rights, please submit your request in writing to dataprivacy@currenxie.com. We are required to verify your identity and confirm your authorization to receive this information before fulfilling your request.

Additional Information

The details provided here are in accordance with the California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act of 2020 and the California Consumer Privacy Act Regulations, collectively referred to as the “CCPA”). These provisions apply specifically to residents of California and supplement the terms outlined in the rest of this Policy. Please note that these terms do not apply to personal information exempt under the CCPA.

Information Collection, Use, and Disclosure

Categories of Personal Information Collected and Disclosed

The scope of personal information we process varies depending on our relationship and interactions with you. Generally, the categories of personal information we collect from California residents, as defined by the CCPA, and the categories of third parties to whom we may disclose such information for business or commercial purposes, are detailed in the sections “HOW, WHEN AND WHAT WE COLLECT?” and “How and Why We Disclose Your Information” within the main Policy, under the heading “WHEN DO WE DISCLOSE YOUR INFORMATION?”

Furthermore, when we handle de-identified data-information that can no longer reasonably be linked to an identified or identifiable individual, household, or device-we maintain and use such data solely in its de-identified form. We do not attempt to re-identify this data except to assess whether our de-identification methods meet applicable privacy law standards.

Sources of Personal Information

We generally collect personal information directly from you, as well as from other customers and users of our services, advertising networks, and providers of data analytics.

Purposes of Collection, Use, and Disclosure

As elaborated in the main Policy under “WHEN DO WE DISCLOSE YOUR INFORMATION?”, we collect, use, disclose, and otherwise process personal information for various business and commercial purposes, including but not limited to:

  • Providing services and customer support;

  • Conducting analytics and improving our offerings;

  • Customizing and personalizing user experiences;

  • Marketing and advertising activities;

  • Planning and managing events;

  • Conducting research and surveys;

  • Ensuring security and protecting rights;

  • Handling legal proceedings and compliance obligations;

  • Processing job applications; and

  • Facilitating business transfers, such as mergers or acquisitions.

Use and Disclosure of Sensitive Personal Information

We handle sensitive personal information strictly as necessary and only for specific purposes, including:

  • Performing services you have requested;

  • Safeguarding security and integrity by preventing, detecting, and investigating security incidents;

  • Detecting, preventing, and responding to malicious, fraudulent, deceptive, or illegal activities;

  • Verifying and maintaining the quality and safety of our services;

  • Complying with legal obligations;

  • Engaging service providers who act on our behalf; and

  • For purposes other than inferring personal characteristics about you.

We do not use or disclose your sensitive personal information beyond what is authorized under the CCPA.

Retention of Personal Information

We retain your personal information for the minimum period necessary to fulfill our obligations under applicable laws and regulations. Beyond this, and where not prohibited by law, we may retain data for additional periods in accordance with our internal policies and procedures, primarily to prevent fraud, manage risk, and ensure security.

Does Currenxie “Sell” or “Share” Personal Information under the CCPA?

Under the California Consumer Privacy Act (CCPA), a “sale” is broadly defined as disclosing or making personal information available to a third party in exchange for monetary or other valuable consideration. “Sharing” refers to disclosing personal information to third parties for cross-context behavioral advertising.

While Currenxie does not sell personal information for monetary compensation, the CCPA’s expansive definitions mean that our use of third-party advertising and analytics tools may constitute “selling” or “sharing” certain categories of personal information-such as identifiers, internet or network activity, and device information-with entities like social networks and advertising vendors via cookies and tracking technologies. This is done to promote our products and services and analyze online activity.

You may opt out of such “sale” or “sharing” by clicking the “Do Not Sell or Share My Personal Information” link provided. Importantly, we do not sell or share sensitive personal information, nor do we sell or share personal data of individuals known to be under sixteen years of age.

CCPA Requests and Rights

California residents have specific rights under the CCPA, subject to certain limitations and exemptions:

  • Right to Know/Access: You may request information about:

    • The categories of personal information we have collected about you;

    • The sources from which we collected this information (e.g., cookies, third parties);

    • The business or commercial purposes for collecting, selling, or sharing your data;

    • The categories of third parties to whom we have disclosed your information;

    • The specific pieces of personal information collected about you (data portability request);

    • Whether we have sold or disclosed your personal information for business purposes, and if so, details of the categories of recipients and information shared.

  • Right to Opt-Out: You may opt out of the sale or sharing of your personal information. While Currenxie does not sell or share personal information as defined by the CCPA, we will disclose whether your information has been shared for business purposes and provide details accordingly.

Data Retention Considerations under CPRA

The California Privacy Rights Act (CPRA) requires that personal information be retained only as long as reasonably necessary to fulfill the purposes for which it was collected. Retaining data beyond this period increases risks such as unauthorized access or data breaches, especially when handling sensitive information like biometric data or social security numbers.

You should:

  • Retain personal data only as long as needed to achieve your business objectives;

  • Remove data that no longer serves a purpose to minimize risk;

  • Understand that certain exemptions allow retention beyond the original purpose, such as anonymized data or data retained under law enforcement directives.

Summary

  • Currenxie retains personal data to meet legal obligations and for fraud prevention, risk management, and security.

  • Under CCPA’s broad definitions, our use of third-party tools may be considered “selling” or “sharing” some personal information, but we do not engage in sales for monetary gain.

  • California residents have rights to know, access, delete, correct, and opt out of sale or sharing of their personal data.

  • Data retention must be limited to what is necessary, with exceptions for anonymized data and legal requirements.

For more information or to exercise your rights, please refer to our Privacy Notice or contact us directly.

Limiting Use and Disclosure of Sensitive Personal Information

California residents have the right to restrict our use or disclosure of their sensitive personal information to only those purposes authorized under the CCPA.

Right to Deletion

You may request the deletion of any personal information we have collected and retained about you, subject to certain exceptions and verification of your identity. Please note that your deletion request may be denied if retaining the information is necessary under one or more exceptions outlined in the CCPA.

Right to Correction

You have the right to request correction of any inaccurate personal information we maintain about you.

Right to Non-Discrimination

You will not face discriminatory treatment for exercising any of your rights under the CCPA.

Submitting CCPA Rights Requests

Requests to Know, Access, Correct, Delete, or Limit Use: You or an authorized agent may submit requests by contacting us via phone at 1-800-XXX-XXXX (within the USA) or by emailing us at dataprivacy@currenxie.com.

To protect your privacy, we will verify your request by matching the information you provide with the data in our records. You must supply all necessary information to complete this verification. We will process your request based on personal information linked or reasonably linkable to the details you provide. In some cases, we may request additional information to verify or fulfill your request. If we cannot adequately verify your identity or authorization, we will notify you accordingly.

Authorized agents may act on your behalf but must provide proof of authorization. Additionally, we may require direct verification from you to confirm both your identity and the agent’s authority.

Requests to Opt-Out: To exercise your right to opt out of the sale or sharing of your personal information, you may do so through our cookie preferences manager. We will apply your opt-out based on the personal information linked or reasonably linkable to your request.

Alternatively, you may click the “Do Not Sell or Share My Personal Information” link located at the bottom of our websites.

Furthermore, if your browser or device transmits an opt-out preference signal-such as the Global Privacy Control (GPC) signal-we will honor this by opting out that browser or device from cookies that result in the “sale” or “sharing” of your personal information. Please note that if you access our websites or services from a different device or browser, you will need to submit an opt-out request or use an opt-out signal for each separately.

More information about GPC is available at: https://globalprivacycontrol.org.

For further details about our privacy practices or to exercise your rights, please refer to the “CONTACT US, QUESTIONS, UPDATING YOUR INFORMATION, OPTING OUT” section above.

Appendix 3 - India - Data we collect about you and ways we use your information

Beyond the provisions outlined in Section 3 of this Notice, we may also rely on the legal basis of “legitimate use” to process your personal data. For instance, this applies when you voluntarily provide your personal information while using our services.

Collection and Use of Aadhaar-Related Data

We may collect Aadhaar-related data, including demographic details, solely for the purpose of verifying your identity to enable access to our services. This collection is strictly based on your voluntary and informed consent. Please be aware that providing your Aadhaar data is entirely optional. Alternatively, you may choose to furnish other officially valid documents recognized by financial regulators, such as a passport, voter identification card, or driving license, for identity verification purposes. Your decision not to provide Aadhaar-related data will not result in denial of our services.

Contact for Queries or Concerns

Should you have any questions or concerns regarding this notice or our processing of your personal data, please feel free to contact our grievance officer at dataprivacy@currenxie.com.

Applicability of Indian Data Protection Laws

The following information is provided in compliance with Indian privacy and data protection laws and applies to our customers in India as well as visitors to our Indian websites. These provisions supplement the terms set forth in the rest of this Policy.

Our Policy has been drafted in accordance with applicable Indian laws, including but not limited to the Information Technology Act, 2000, the Evidence Act, 1872, and the Digital Personal Data Protection Act, 2023, along with the associated rules and regulations (collectively, the “Indian Data Protection Laws”). It outlines the scope and manner of data processing activities we undertake-such as collection, recording, organization, storage, adaptation, retrieval, use, sharing, disclosure, restriction, erasure, or destruction-and the safeguards we employ to protect your privacy.

If you have any questions about this Policy, please contact our Data Protection Officer (“DPO”) at dataprivacy@currenxie.com.

Types of Information Collected and Its Usage

Below is an indicative summary of the personal information we may collect from you and how it is used to provide our services. Should you opt for additional services or if we propose new offerings, we will provide appropriate notice and seek your consent accordingly.

The information you provide enables us to enhance our services and improve your user experience. Depending on the service, we may require details such as your name, contact information, address, or other personal data. We, either directly or through our trusted service providers, use this information to deliver, maintain, protect, and enhance our services-including advertising and personalization on our websites and mobile applications-and to develop new products and services.

We do not share your personal information with third-party service providers unless it is essential to deliver our services or to facilitate transactions, credit evaluations, or similar processes. Additionally, we may use your email address or other personally identifiable information you provide to send you commercial or marketing communications about our services, updates, and features. You will always have the option to subscribe or unsubscribe from such communications.

How and Why We Process Your Information

We collect personal information from you when you register with us online or when you visit our website seeking information about our products and services. By registering or otherwise sharing your personal data with us, you consent to being contacted via email, phone, SMS, or other messaging channels, including receiving promotional offers. For a comprehensive understanding of how and why we collect and use your personal information, please refer to the “HOW AND WHY WE USE YOUR INFORMATION” section in the main part of this Policy.

We are committed to ensuring that any collection of your personal information strictly adheres to the guiding principles set forth in this Policy, as well as all applicable laws and regulations governing personal data collection relevant to you.

Legal Bases for Processing Your Personal Data

In accordance with applicable Indian Data Protection Laws, we process your personal information based on the following legal grounds:

  • Consent: For lawful purposes where you have provided your free, specific, informed, unconditional, and unambiguous consent in response to our request for processing your personal data;

  • Contractual Necessity: To perform our contractual obligations with you (including the Terms and Conditions applicable to our services) or to take steps at your request prior to entering into such contracts;

  • Legal Compliance: To process information necessary to comply with legal obligations binding on Currenxie; and

  • Legitimate Interests: For certain legitimate purposes permitted under Indian Data Protection Laws.

Types of Personal Information Collected in India

The table titled “What personal information does Currenxie collect?” under “HOW, WHEN, AND WHAT WE COLLECT?” in the main Policy outlines the categories of personal information we collect globally. In addition to this, for our Indian customers, we may collect the following specific types of information:

Category

Specific Information

Source of Information

Identifiers

Zip code, PAN, Aadhaar number

Directly from you, third parties acting on your behalf or as instructed by you, other Currenxie users and customers, service providers, and affiliates.

Financial and Transactional Information

Bank details, bank statements, references, income details. We may also access or extract, subject to applicable law, data from credit bureaus, government/public databases (e.g., UIDAI, DigiLocker, NSDL, GSTIN, banks, EPFO), anti-fraud and anti-money laundering databases, politically exposed persons lists, and others.

Directly from you, third parties acting on your behalf or as instructed by you, other Currenxie users and customers, service providers, and affiliates.

Please note this list is indicative and not exhaustive. Consent for processing specific personal information will be obtained at the time of collection.

Withdrawal of Consent

You have the right to withdraw your consent at any time while using our services or otherwise. To do so, please follow the instructions provided under “CONTACT US, QUESTIONS, UPDATING YOUR INFORMATION, OPTING OUT” in the main Notice.

Is Providing Your Personal Information Mandatory?

In most cases, sharing your personal information with us is voluntary. However, if you choose not to provide certain essential details, you may be unable to access or use our services. For example, we require information such as your name, address, and bank account details to facilitate payments to and from you. In other situations, you retain the choice whether or not to share your personal data.

Sharing Your Information

We disclose your personal information to third parties strictly on a “need-to-know” basis. These parties include service providers, regulated institutions (such as financial entities), affiliated organizations, and business partners, as detailed in the table under “WHEN DO WE DISCLOSE YOUR INFORMATION?” in the main Policy. Such disclosures may occur for reasons of legal compliance or as necessary to provide you with our services.

We are committed to ensuring that any third parties-whether located within India or internationally-offer data protection standards that are at least equivalent to those we uphold.

Storing Your Information

Your personal data is stored in compliance with applicable Indian Data Protection Laws and regulatory requirements. We have implemented robust security measures to prevent loss, misuse, or unauthorized access. These include physical, administrative, and technical safeguards-for instance, encrypting all sensitive personal data during transmission. Additionally, we require our authorized third-party service providers to maintain similar protections against unauthorized access, use, or disclosure.

We retain personal information only as long as necessary to fulfill the lawful purposes for which it was collected or as mandated by applicable laws. Even after you cease to be a Currenxie user, we may retain your data for purposes including:

  • Responding to inquiries or complaints, or demonstrating fair treatment;

  • Establishing, exercising, or defending legal claims;

  • Complying with statutory data retention obligations.

Your Rights as a User

Before processing your personal information, we will inform you about:

  • The types of personal data collected and the purposes for which it is processed;

  • How you may exercise your rights as outlined in this Policy;

  • How to file a complaint with the relevant adjudicatory authority, such as the Data Protection Board, if necessary.

Upon request, we can provide detailed information regarding the processing of your personal data, including:

  • Contact details of the Data Protection Officer (DPO);

  • The purpose and legal basis for processing;

  • Categories of personal information involved;

  • Expected retention period;

  • Details of any cross-border data transfers; and

  • Your rights to access, rectify, erase, and lodge complaints.

To request a summary of your personal information or to learn more about exercising your rights, please contact us anytime via our [online form] or reach out directly to our Data Protection Officer at dataprivacy@currenxie.com.

Right to Access, Correction, Completion, Updating, and Erasure of Personal Information

You have the right to request access to the personal information we process about you. Additionally, you may seek correction of any inaccuracies, ensure the completeness of your data, request updates, and, under certain conditions prescribed by applicable law, request the erasure of your personal information.

Right to Grievance Redressal

Currenxie provides accessible and effective grievance redressal mechanisms to address any concerns or complaints related to our handling of your personal information or the exercise of your rights under the relevant laws, rules, and regulations.

Right to Nominate

You have the right to nominate a trusted individual who, in the event of your death, mental incapacity, or physical infirmity, may exercise your rights regarding your personal information in accordance with this Policy.

Revocation or Withdrawal of Consent

You may withdraw your consent for us to process your personal information at any time. Upon receipt of your withdrawal, we will cease processing your data within a reasonable timeframe, except where continued processing is required or authorized under applicable Indian law.

Appendix 4 – Japan Residents: Disclosure of Your Personal Data

In this Japan-specific appendix, “we” refers to Currenxie Payments Japan K.K.

We do not disclose your personal data to any third parties without your consent or unless permitted by applicable law. When entrusting your personal data to third-party service providers, we enter into binding service agreements and supervise these providers to ensure the security of your data.

We jointly use the personal data described in Section 2 of this Privacy Notice with Currenxie Payments Limited (registered in England and Wales, company number 07209813, with its registered office at Worship Square, 65 Clifton Street, London EC2A 4JE). Currenxie Payments Limited is a payment services provider registered as a money services business with Her Majesty’s Revenue and Customs (HMRC) and regulated by the United Kingdom Financial Conduct Authority (FCA). This joint use is for the purposes outlined in Section 3 of this Notice.

The responsible party for this joint use is Currenxie Payments Japan K.K., headquartered at 2-13-12 Nihonbashi, Chuo-ku, Tokyo 103-0027. For details of the representative director, please contact us at privacy@currenxie.com.

Joint Use of Personal Data with Amazon

When you use our payment services on Amazon, we jointly use certain categories of personal data with Amazon in accordance with Article 27.5.3 of the Act on Protection of Personal Information. Both Currenxie and Amazon are responsible for managing the jointly used personal data.

(i) Categories of Personal Data Jointly Used

  • Information collected during account registration and account usage, including “Know Your Client” data such as identity details (e.g., name, nationality), contact information (e.g., address), and details related to your Currenxie and bank accounts.

  • If your Amazon account is deactivated or terminated due to abuse, fraud, or illegal activity, we may disclose additional information, including limited transaction-related data.

(ii) Purposes of Joint Use

The data is used within Amazon’s Payment Service Provider Program to enhance the detection, prevention, and response to fraudulent or abusive activities. This collaboration helps Amazon and participating payment service providers protect customers and sellers from fraud and abuse.

Appendix 5 - UK anti-fraud and processing specific provisions

Fraud Prevention, Identity Verification, and Data Processing

Before providing you with services, goods, or financing, we conduct thorough checks to prevent fraud and money laundering, as well as to verify your identity. These essential checks require us to process personal data about you.

The personal data we process may include information you have provided directly, data collected from you, or information received from third parties. This data is used exclusively to prevent fraud and money laundering and to confirm your identity. Examples of such personal information include your name, address, date of birth, contact details, financial and employment information, device identifiers (such as IP address), and vehicle details.

We, along with fraud prevention agencies, may also share your personal data with law enforcement authorities to assist in the detection, investigation, and prevention of crime.

Our processing of your personal data is grounded in our legitimate interest to protect our business and comply with applicable laws, as well as fulfilling contractual obligations related to the services or financing you have requested.

Fraud prevention agencies may retain your personal data for varying durations. If you are deemed to pose a fraud or money laundering risk, your data may be held for up to six years.

Automated Decision-Making

As part of this process, some decisions may be made automatically. For example, if our analysis indicates behavior consistent with money laundering, fraudulent activity, inconsistencies in your submissions, or attempts to conceal your identity, you may be flagged as a risk. You have rights concerning automated decision-making, and should you wish to learn more, please contact us at dataprivacy@currenxie.com.

Consequences of Fraud or Money Laundering Risk

If we or a fraud prevention agency determine that you pose a risk, we may refuse to provide the requested services or financing, decline employment, or discontinue existing services.

Records of any fraud or money laundering risk assessments are maintained by fraud prevention agencies and may influence decisions by other organizations regarding your eligibility for services, financing, or employment. For any questions, please reach out to us at dataprivacy@currenxie.com.

International Data Transfers and Protection

Fraud prevention agencies may transfer your personal data outside the UK. Such transfers may be to countries recognized by the UK Government as providing adequate data protection. In cases where data is transferred to countries without such recognition, agencies ensure that appropriate safeguards are in place to maintain the protection of your personal information.

Your Data Protection Rights

Your personal data is safeguarded by legal rights, including the right to:

  • Object to our processing of your personal data;

  • Request correction or erasure of your personal information;

  • Request access to the personal data we hold about you.

For further information or to exercise these rights, please contact us at dataprivacy@currenxie.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK regulator overseeing data protection.

Additional Information for UK Customers

The following information is provided pursuant to UK data protection laws and applies to our UK customers of Currenxie Payment Services (UK) Limited and visitors to our websites, in addition to the terms outlined elsewhere in this Policy.

For the purposes of UK data protection legislation, the data controller is Currenxie Payment Services (UK) Limited, located at 37 Buckingham Palace, London, England, NW6 3QT. This company is established in the United Kingdom and regulated by the Information Commissioner’s Office (ICO).

If you have any questions regarding this Policy, please contact our Data Protection Officer (DPO) at dataprivacy@currenxie.com.

If you are dissatisfied with how we process your personal information or with our response to a request or complaint, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). Detailed guidance on how to contact the ICO is available on their official website.

When Do We Disclose Your Personal Information?

The table titled “How and Why We Disclose Your Information” in the main Policy, under the section “WHEN DO WE DISCLOSE YOUR INFORMATION?”, outlines the parties to whom we may disclose your personal data. Such disclosures include transfers made for legal compliance or as necessary to provide you with our services.

Please be aware that when you share your information with us, it may be transferred to and stored in countries outside the UK, including the USA and Israel.

International Data Transfers and Safeguards

Countries outside the UK may not always offer the same level of data protection as the UK. To ensure your personal data remains secure, Currenxie adopts various measures, which may include:

  • Assessing the security protocols of any destination where your data is transferred;

  • Implementing contractual agreements that require service providers or data processors to process your data strictly according to our instructions;

  • Maintaining monitoring, reporting, and resolution procedures to uphold ongoing data security; and

  • Transferring data only to countries recognized by the UK as providing adequate protection or where appropriate safeguards, such as the UK International Data Transfer Agreement, are in place.

For more detailed information about international transfers and the protections applied, please contact us at dataprivacy@currenxie.com.

Legal Bases for Processing Your Personal Information

Under UK law, including the Data Protection Act 2018, you have rights to complain if you believe your personal data has been processed unlawfully. The ICO is responsible for facilitating such complaints, investigating them, and keeping you informed of progress and outcomes. If the ICO fails to address your complaint within statutory timeframes, you may escalate the matter further.

For practical guidance on filing complaints, the ICO provides standard forms tailored to various concerns, including personal data access, nuisance communications, cookie usage, and internet search results. Before submitting a complaint, you may be required to contact the organization directly and allow a period for response.

For more information on Currenxie’s services, data protection practices, or to exercise your rights, please refer to our Policy or contact our Data Protection Officer at dataprivacy@currenxie.com.

Legal Bases for Processing Your Personal Information

We process your personal information in full compliance with applicable data protection laws, relying on the following legal grounds:

  • Performance of a Contract: Processing is necessary to fulfill our contractual obligations with you, including the Terms and Conditions governing our services, or to take steps you request prior to entering into such a contract.

  • Contractual Requirement: You are required to provide personal data essential for entering into and performing our contractual agreements. Should you choose not to provide this information as outlined in the “HOW AND WHY WE USE YOUR INFORMATION?” section, we will be unable to deliver the agreed services.

  • Legitimate Interests: Processing may be carried out to serve Currenxie’s or third parties’ legitimate interests, provided these do not override your rights and interests in protecting your personal data. Examples include verifying identity, preventing suspicious or high-risk transactions and fraud, conducting internal research and analytics, communicating with you, and informing you about new products or services-either ours or those of partners-that may be relevant to you.

  • Balancing Test: Before processing your data based on legitimate interests, we carefully assess whether such processing is necessary and consider its impact on your fundamental rights and freedoms. We have concluded that the processing is essential and does not adversely affect your rights.

  • Consent: Where applicable, processing is based on your explicit consent.

  • Legal Obligation: Processing is necessary to comply with legal requirements binding on Currenxie.

Processing of Special Category Data

Occasionally, we may process special category data as defined by law (see “HOW, WHEN AND WHAT WE COLLECT?” for details). In such cases, processing is justified on one or more of the following grounds:

  • To establish, exercise, or defend legal claims;

  • With your freely given, informed, and specific consent;

  • For reasons of substantial public interest as permitted by applicable law.

If you would like further information about the legal grounds for processing your personal data or the legitimate interests we rely upon, please do not hesitate to contact us.

Where processing is based on your consent, you have the right to withdraw it at any time. To do so, please contact our Data Protection Officer at dataprivacy@currenxie.com.

Is Providing Your Personal Information Mandatory?

In most cases, sharing your personal information with us is voluntary. However, if you choose not to provide certain essential details, you may be unable to access or use our services. For example, we require information such as your name, address, and bank account details to facilitate payments to and from you.

In other instances, you retain the choice whether or not to share your personal data. For example, you may disable cookies in your browser, and we will refrain from placing cookies on your device. Please note, however, that disabling cookies may limit your ability to fully use certain features of our websites.

Profiling and Automated Decision-Making

As part of our evaluation process for eligibility to use our services, we may employ automated decision-making tools. These processes are fully automated and do not involve human intervention. We utilize these tools primarily to prevent fraud, enhance security, assess risk, and comply with applicable Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. Additionally, they assist in verifying your identity when you become a customer. Examples include:

  • Application Approval: Automated systems analyze the information you provide during registration and may indicate if additional details are required to approve your application.

  • Transaction Approval: For certain payment transactions by registered users, automated tools may determine whether further information is necessary to proceed.

  • Identity Verification: To comply with AML and KYC obligations, we use automated tools that verify identity through selfies (self-photographs) and other identification documents. These tools can authenticate documents, classify their types, extract relevant information, assess the sufficiency of submitted documents, and request additional information if needed.

Retention of Your Personal Information

Currenxie retains your personal information throughout your engagement with us and for a period thereafter, as required by applicable laws, regulations, and our internal policies. This retention supports purposes such as fraud prevention, risk management, and security. We regularly review the necessity of retaining your personal data to ensure compliance and data minimization.

Your Rights Under UK Data Protection Laws

You possess several rights concerning your personal information, which you may exercise at any time. These rights are outlined in greater detail below.

  • For requests related to the deletion of your personal data or obtaining a copy of it, you may contact us at any time using our [online form].

  • For additional inquiries regarding privacy or personal data, please reach out to our Data Protection Officer at dataprivacy@currenxie.com.

Accessing Your Data

You have the right to request that we:

  • Confirm whether we are processing your personal information;

  • Provide you with a copy of your personal data;

  • Supply further details about the personal information we hold, including what data we collect, how we use it, to whom we disclose it, whether it is transferred outside the UK, the safeguards in place, retention periods, your rights, how to lodge complaints, the source of your data, and whether automated decision-making or profiling is involved.

While we strive to provide this information clearly within this Policy, should you require any clarifications, please contact our Data Protection Officer at dataprivacy@currenxie.com.

Fees for Accessing Your Personal Information

You are entitled to receive a copy of your personal information free of charge. However, if your request is manifestly unfounded, excessive, or if you request multiple copies, we may charge a reasonable fee based on the circumstances. We will inform you of any applicable charges before processing your request.

Correcting Your Personal Information

You have the right to request correction of any inaccurate or incomplete personal information we hold about you, free of charge. Where we have shared your personal data with third parties, we will notify them of any corrections wherever feasible. If we are unable to fulfill your correction request, we will inform you and provide an explanation.

Erasing Your Personal Information

Often referred to as the “right to be forgotten,” you may request the erasure of your personal data free of charge under certain conditions. This right is not absolute but applies when:

  • The data is no longer necessary for the purpose it was collected;

  • You withdraw consent on which the processing is based;

  • You object to processing and we have no overriding legitimate interest to continue;

  • The data has been unlawfully processed;

  • Erasure is required to comply with a legal obligation; or

  • The data was processed to provide information society services to a child.

Exceptions exist where erasure is not required. If your data has been disclosed to third parties, we will inform them of the erasure unless it is impossible or would require disproportionate effort. Please note that, depending on technical or commercial feasibility, personal data may be deleted or retained in an aggregated, anonymized form that cannot be linked to you.

Restricting the Processing of Your Personal Information

You may request a restriction on the processing of your personal data free of charge, though this right is not absolute. When processing is restricted, we may store your data and retain enough information to ensure the restriction is respected. Further processing is only permitted with your consent or when necessary for legal claims, protecting others’ rights, or important public interest reasons.

You may request restriction in the following cases:

  • You contest the accuracy of your data, pending verification;

  • You object to processing while we assess whether our legitimate interests override your rights;

  • Processing is unlawful but you prefer restriction over erasure;

  • We no longer need the data, but you require it to establish, exercise, or defend legal claims.

If your data has been shared with third parties, we will notify them of any restriction unless it is impossible or disproportionately burdensome. We will inform you if we lift any restrictions.

Objecting to the Processing of Your Personal Information

You have the right to object to the processing of your personal data at any time, free of charge. While not absolute, you may object when processing is based on:

  • Legitimate interests; or

  • Scientific, historical research, or statistical purposes.

We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, or if processing is necessary for legal claims.

You may also require us to stop using your data for direct marketing purposes, and we will comply immediately without exception.

Data Portability

You have the right to obtain and reuse your personal data across different services, provided that:

  • You supplied the personal data to us;

  • We process it based on your consent or to perform a contract; and

  • The processing is automated.

We will provide your data free of charge in a structured, commonly used, and machine-readable format.

Automated Decision-Making and Profiling

You have the right not to be subject to any decision based solely on automated processing that produces a legal effect or similarly significant impact on you. In certain situations where automated decision-making is employed, you will be offered an opt-out option through an alternative method of processing.

We will inform you of any automated decision-making that affects you. In such cases, you have the right to:

  • Request human intervention;

  • Present your viewpoint; and

  • Challenge the decision.

Please note that these rights are not absolute. We may be unable to fulfill your request for human intervention, to consider your perspective, or to contest a decision if the processing of your personal data is:

  • Necessary to enter into or perform a contract with you;

  • Authorized by law (for example, for fraud prevention), with appropriate safeguards to protect your rights, freedoms, and legitimate interests; or

  • Based on your explicit consent.

Handling Your Requests to Exercise These Rights

We will respond to your request without undue delay and, in any event, within one (1) month of receipt. If your request is complex or you have submitted multiple requests, we may extend this period by up to two (2) additional months. In such cases, we will notify you promptly.

If we hold extensive information about you, we may ask you to specify the exact data or details you wish to receive to expedite processing your request.

To comply with your requests, we will undertake the necessary internal procedures to verify your identity.

Appendix 6 - Australia Residents

We are committed to adhering to the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other relevant legislation governing the handling of personal information. The provisions below apply specifically to our Australian customers, in addition to the terms set forth in the rest of this Policy. Notwithstanding any other terms, for Australian customers only, this Privacy Policy shall be governed by and construed in accordance with the laws of Victoria, Australia. Any disputes arising hereunder shall be subject exclusively to the jurisdiction of the courts of Victoria.

Disclosure of Information as Required by Law

We may disclose your personal information as required or permitted by law, including to fulfill our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

Access and Correction Rights

You have the right to request access to and correction of any personal information we hold about you. Should we deny any such request, we will provide you with our reasons. If we decline to make a requested correction and you disagree, you may ask us to associate a note of your requested correction with the relevant information.

International Data Transfers

Please be aware that by providing your personal information, it may be transferred to and stored in locations outside Australia, including but not limited to the United States of America.

While these countries may not offer the same level of protection as Australia under the Privacy Act 1988 (Cth), Currenxie will take appropriate measures to safeguard your data, which may include:

  • Assessing the security measures implemented at the destination of your data;

  • Establishing contractual obligations requiring data processors to act only under our instructions; and

  • Maintaining ongoing monitoring, reporting, and resolution procedures to ensure data security.

Collection and Use of Credit-Related Personal Information

We may collect, hold, use, and disclose certain credit-related personal information about you, which can include:

  • Identification details such as name, date of birth, sex, recent addresses, employer, and driver’s licence number;

  • Information about your credit applications, including the fact of application, amount, and type of credit;

  • Details of your current and previous credit providers;

  • Records of credit inquiries made by providers to credit reporting bodies (“CRBs”) in connection with credit applications, guarantees, or securitisation arrangements;

  • Information on defaults where repayments are overdue by more than 60 days, and updates when repayments are made or new arrangements agreed;

  • Opinions by credit providers regarding serious credit infringements such as fraud or intention not to meet credit obligations;

  • Terms of your credit arrangements, including start and end dates and credit limits;

  • Court judgments against you;

  • Publicly available information relevant to your creditworthiness;

  • Insolvency data from the National Personal Insolvency Index;

  • Derived information from CRBs such as credit assessments and ratings; and

  • Our own assessments and ratings based on the above information.

This may also cover your arrangements with other credit providers as well as with us.

Disclosure to Credit Reporting Bodies

We may disclose some of this information to CRBs, which maintain credit records and may share such information with other credit providers for their credit assessments. We will inform you of the CRBs we engage with.

Additionally, we may verify your identification documents through the Australian Document Verification Service (DVS).

Handling Privacy Concerns

If you have concerns that we have breached your privacy or failed to comply with this Policy, we will promptly inform you of the person handling your matter and provide an expected timeline for resolution. We aim to address all concerns fairly and efficiently within 30 days.

Complaints to the Office of the Australian Information Commissioner (OAIC)

Should you be dissatisfied with how we process your personal information or respond to your requests or complaints, you have the right to file a complaint with the Office of the Australian Information Commissioner (OAIC). Further details on how to contact the OAIC are as follows:

  • Website: https://www.oaic.gov.au/

  • Address: GPO Box 5218, Sydney NSW 2001

  • Fax: +61 2 9284 9666

  • Email: enquiries@oaic.gov.au

Appendix 7 - Hong Kong Residents

The following information is provided in accordance with Hong Kong’s privacy and data protection legislation. These terms apply specifically to our customers and website visitors in Hong Kong, in addition to the provisions outlined elsewhere in this Policy.

How, When, and What Personal Information We Collect

Providing your personal information to us is voluntary. However, if you choose not to supply the requested information, we may be unable to deliver our services to you, or the quality and scope of those services may be adversely affected.

How and Why We Use Your Information

The section titled “HOW AND WHY WE USE YOUR INFORMATION?” in the main Policy explains the various purposes for which we use your personal data, including direct marketing activities. We strictly adhere to the requirements of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) regarding direct marketing.

Before using your personal data-such as your name and contact details-for marketing purposes, we will obtain your express consent. Similarly, if we intend to disclose your personal information to any third party for marketing, we will first secure your written consent.

You have the right to object to the use or transfer of your personal data for direct marketing by indicating your preference when prompted. Should you consent initially, you may withdraw your consent at any time by contacting us through the communication channels listed under “CONTACT US, QUESTIONS, UPDATING YOUR INFORMATION, OPTING OUT” in the main Policy, or by unsubscribing via the link provided in any marketing emails you receive from Currenxie.

Disclosure of Personal Data for Marketing Purposes

As detailed in the third item of the table titled “How and Why We Disclose Your Information” under the heading “WHEN DO WE DISCLOSE YOUR INFORMATION?” in the main Policy, we may share your personal data for marketing purposes with your consent. Specifically, your information may be disclosed to:

  • Our affiliates;

  • Service providers who assist us with marketing-related services; and

  • Non-affiliated third parties, including financial institutions and platforms, for joint marketing initiatives.

When you opt in, both we and these third parties may send you marketing communications about Currenxie’s products and services, including offerings developed in collaboration with these partners.

Your Rights Under the PDPO

Under the PDPO, you have the right to access your personal data held by us and to receive a copy of it. You also have the right to request correction of any inaccurate personal data.

You may exercise these rights at any time by contacting us through the channels listed under “CONTACT US, QUESTIONS, UPDATING YOUR INFORMATION, OPTING OUT” in the main Policy.

Appendix 8 - South African Residents

For the purposes of the Protection of Personal Information Act, 2013 (“POPIA”), Currenxie Inc. is the designated data controller and responsible party. Should you have any questions regarding this Policy, please contact us at dataprivacy@currenxie.com.

If you are dissatisfied with how we process your personal information or with our response to any request or complaint, you have the right to lodge a complaint with the South African Information Regulator. Their contact details are as follows:

The Information Regulator (South Africa) JD House 27 Stiemens Street Braamfontein Johannesburg 2001 Email: inforeg@justice.gov.za / complaints.IR@justice.gov.za

POPIA requires certain processing activities to obtain prior authorization, effective from 1 February 2022. Responsible parties conducting such activities must apply for authorization and suspend processing until approval is granted.

The Information Regulator is an independent body established under Section 39 of POPIA, tasked with educating the public, monitoring compliance, investigating complaints, issuing guidelines, and enforcing the Act. It operates impartially and is accountable to the South African National Assembly.

Data subjects may submit written complaints to the Information Regulator, which can investigate and take appropriate action or refer matters to the Enforcement Committee. The Regulator’s office is led by a Chairperson and several members appointed for fixed terms.

For further information or assistance, you may contact the Information Regulator via:

  • Phone: 010 023 5200

  • Email: inforeg@justice.gov.za

  • Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

Currenxie is committed to full compliance with POPIA’s principles, ensuring accountability, lawful processing, and safeguarding your personal data rights. For any inquiries or to exercise your rights under POPIA, please reach out to our Data Protection Officer at dataprivacy@currenxie.com.

Appendix 9 - Mainland China Residents

The following information is provided in accordance with the Personal Information Protection Law (“PIPL”) and other applicable privacy and data protection regulations in the People’s Republic of China (excluding Hong Kong, Macao, and Taiwan, collectively referred to as “China” for the purposes of this Policy). These provisions apply specifically to our customers and website visitors located in Mainland China, in addition to the terms set forth elsewhere in this Policy.

Legal Bases for Processing Your Personal Data

In full compliance with the PIPL, we process your personal information based on the following legal grounds:

  • You have provided your consent to the processing of your personal data, including any separate or written consent required under specific circumstances by the PIPL;

  • Processing is necessary for the conclusion or performance of a contract with you;

  • Processing is essential to respond to public health emergencies or to protect the life, health, or property safety of individuals under emergency situations;

  • Processing falls within a reasonable scope for purposes such as news reporting, public opinion supervision, or other activities serving the public interest;

  • Processing relates to data you have disclosed yourself or that has been lawfully disclosed or made publicly available within reasonable limits;

  • Any other circumstances as prescribed by law or administrative regulations.

Your Rights under the PIPL

The PIPL grants you the rights to access, copy, correct, supplement, and delete your personal information. You also have the right to withdraw your consent to the processing of your personal data at any time.

You may exercise these rights through the various communication channels detailed under the section titled “CONTACT US, QUESTIONS, UPDATING YOUR INFORMATION, OPTING OUT”.

Please note that you may be required to verify your identity when exercising these rights.

Retention of Your Personal Information

Currenxie retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, and as required by applicable laws, regulations, and our internal policies aimed at preventing fraud, managing risk, and ensuring security.

Should any of our products or services be discontinued, we will notify you and ensure that your personal information is deleted or anonymized within a reasonable timeframe.

Automated Decision-Making

We may employ automated decision-making tools as part of our evaluation process to determine your eligibility to use our services. These decisions are made solely through automated means without human intervention. Such tools are used to prevent fraud, enhance security, assess risk, comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations, and verify your identity upon onboarding. Examples include:

  • Automated assessment during your registration application, which may prompt requests for additional information to approve your application;

  • Automated review of certain payment transactions by registered users, potentially requiring further information to complete the transaction;

  • Automated identity verification using selfies and official identification documents, including tools that authenticate documents, classify document types, extract necessary information, assess document sufficiency, and request additional documentation if needed.

Where an automated decision significantly impacts your rights or interests, you have the right to request an explanation and to object to decisions based solely on automated processing.

Collection and Storage of Personal Information

Please be aware that your personal information is collected outside of China and is essential for Currenxie to provide you with our services. Consequently, your personal data will be collected and stored in locations outside Mainland China.

Appendix 10 - South Korean Residents

The following terms apply specifically to our customers and website visitors in the Republic of Korea, in addition to the provisions set forth in the rest of this Policy. Please be advised that you have the right to withhold consent for the collection, use, and third-party disclosure of your personal information as described herein and in this Appendix. However, please note that refusal to provide such consent may limit or prevent your ability to use our services.

How We Destroy Your Personal Information

We commit to promptly destroying your personal information once the purpose for its processing has been fulfilled or the retention period has expired:

  • Personal information stored electronically will be permanently deleted using technical methods that ensure the data is irretrievable.

  • Physical records, including printed materials, written documents, or recording media, will be destroyed by shredding or incineration.

How We Protect Your Personal Information

To safeguard your personal data, we implement the highest industry standards encompassing administrative, technical, and physical security measures, consistent with the General Data Protection Regulation (GDPR). For further details or inquiries, please contact our Data Protection Officer at dataprivacy@currenxie.com.

Disclosure of Your Personal Information

The third parties with whom we share your personal information vary depending on your specific use of our services. As such, we do not maintain a public list of these third parties. Should you require additional information regarding the entities with whom your personal data has been shared, please reach out to us at dataprivacy@currenxie.com.

Your Rights as a Data Subject and How to Exercise Them

You may exercise your rights concerning the protection of your personal information, including requests for access, correction, deletion, or suspension of processing, by submitting a written request via email, phone, or other means permitted under applicable laws. These rights may also be exercised by your legal guardian or an authorized representative, provided that a valid power of attorney is submitted in accordance with relevant legal requirements.

Upon receiving your request, we will take all necessary actions in compliance with applicable laws. You also retain the right to withdraw your consent or request suspension of personal data processing at any time.

Additional Use and Disclosure of Personal Information

In accordance with the Personal Information Protection Act (PIPA), we may use or disclose your personal information beyond the original purpose of collection if such use or disclosure is reasonably related to that purpose, taking into account whether it causes any disadvantage to you and whether appropriate safeguards-such as encryption-are in place.

We carefully assess whether to use or disclose personal information further by considering:

  • The relationship of the additional use or disclosure to the initial purpose of collection;

  • The foreseeability of such use or disclosure based on the circumstances of collection and processing practices;

  • Whether the additional use or disclosure would unjustly infringe upon your interests; and

  • Whether adequate security measures have been implemented to protect your personal information.

This evaluation is conducted with due regard to relevant laws and regulations, including the PIPA, the intended purpose, the nature of the personal information involved, your consent or prior notification, the potential impact on you, and the protective measures in place.

Appendix 11 - Singaporean Residents

The following information is provided in accordance with Singapore’s Personal Data Protection Act 2012 (“PDPA”) and other applicable privacy laws. These terms apply specifically to our customers and website visitors in Singapore, supplementing the provisions set forth elsewhere in this Policy.

For the purposes of the PDPA, Currenxie Inc. is the data controller and responsible party. Should you have any questions regarding this Policy, please contact us at dataprivacy@currenxie.com.

Collection of Personal Information

Providing your personal information to us is voluntary. However, if you choose not to supply the requested data, we may be unable to provide our services to you, or service delivery may be adversely affected.

We collect, use, and disclose your personal information only with your consent, where required by law.

If you provide personal information of third parties (such as colleagues), you confirm that you have the authority and consent to share their data with us.

Your Rights under the PDPA

The PDPA grants you the right to access and obtain a copy of your personal data, including information on how it has been used or disclosed by us in the 12 months preceding your request. You also have the right to request correction of your personal data and to withdraw your consent to its processing. Please note that withdrawing consent may impact our ability to provide services to you.

You may exercise these rights at any time through the communication channels listed under “CONTACT US, QUESTIONS, UPDATING YOUR INFORMATION, OPTING OUT” in this Policy.

Please be aware that you may be required to verify your identity when exercising your rights. Where permitted by law, we may charge a reasonable fee for processing certain requests.

This approach ensures compliance with Singapore’s data protection framework while providing transparency and control over your personal information.