BILDERPAY PRIVACY POLICY

  1. Introduction

    Thank you for choosing the services and products ("Services" and "Products," respectively), including but not limited to the BilderPay Card (as defined in the BilderPay Card Terms & Conditions), provided by BANANATECH SOLUTIONS OÜ, a company incorporated in Estonia under company number 17152820, and its affiliates ("BilderPay," "we," "us," or "our"). This Privacy Policy explains our practices regarding the collection, use, disclosure, and processing of personal data when you access or use our Services or Products. By accessing or using our Services or Products, you consent to the practices and terms set forth in this Privacy Policy. You also represent that you have obtained valid consent and authority from any relevant individual (Relevant Person(s)") for us to collect, use, disclose, and process their personal data as outlined herein.

  2. Consent to Policy Amendments

    We reserve the right to update or amend this Privacy Policy at our sole discretion. Any such amendment will be effective upon posting the updated Privacy Policy on our website, related application programming interfaces, or mobile applications (collectively, the "Site"), or by providing the amended Privacy Policy via email or other appropriate means of communication. Your continued use of the Services or Products after any such amendment constitutes your acceptance of the amended Privacy Policy.

  3. Scope of Data Collection, Use, and Disclosure

    BilderPay will collect, use, disclose, and process your personal data as necessary to provide, improve, and manage our Services and Products. This includes, but is not limited to, processing transactions, maintaining user accounts, and enhancing user experience.

  4. Personal Data We Collect

    In the course of providing our Services and Products, we may collect, process, and store certain personally identifiable information ("Personal Data") that can be used to contact or identify you, as well as information related to your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantors, security providers, and other natural persons associated with you ("Relevant Persons"). This Personal Data may be collected via your use of our Services or Products or where you have provided explicit consent.

    The types of Personal Data we collect may include, but are not limited to:

    Type of Information Description
    Contact Information Full legal name (including former names, names in English and Chinese if applicable), contact phone number, and email address.
    Identification Details Type of identification document (e.g., passport), identification number, gender, date of birth, place of birth, and nationality.
    Residence Information Residential address, country/state of residence.
    Financial Information Total net wealth (approximate in USD), purpose for account opening, initial and ongoing sources of wealth or income, and credit history/score.
    Professional and Business Information Nature and details of business, occupation, or employment; level of anticipated activity; source of funds/digital assets to be used in the relationship.
    Transaction Data Your transaction history, spending patterns, and bank account details.
    Blockchain Information Blockchain address.
    Geolocation Data Information on your location as permitted.
    Additional Data Any other Personal Data or documentation required at the discretion of our compliance team.

    Furthermore, Personal Data may also include information collected or generated in the ordinary course of your relationship with us, such as data gathered when you or a Relevant Person participates in events organized by us, or information obtained through cookies and related technology applications.

    Please note that certain Personal Data may be required for the onboarding process to facilitate regulatory compliance and operational requirements.

  5. Use of Personal Data

    We may use the Personal Data we collect for the following purposes:

    Purpose Description
    Service Evaluation and Provision To assess and determine eligibility for the initial or continued provision of our Services and Products.
    Service Administration and Enhancement To administer, operate, deliver, personalize, and improve the quality of our Services and Products to better meet your needs.
    Transaction and Payment Processing To process payments and transactions and provide associated statements, invoices, receipts, and other transaction-related documentation.
    Usage Monitoring and Fraud Prevention To monitor and record your use of the Services and Products, including communications with you and/or Relevant Persons, for purposes of investigation, fraud detection, and prevention.
    Technical Support and Issue Resolution To detect, prevent, and address technical issues that may arise in the course of using our Services and Products.
    Risk Assessment and Compliance To conduct risk assessments, data processing, anti-money laundering screenings, credit analysis, and other compliance reviews. This includes internal management and audit functions to support regulatory compliance.
    Communication To communicate with you, your affiliates, and/or representatives regarding events, Services and Products, or other products or services offered by BilderPay or its affiliates, unless you have opted out of receiving such information.
    Market Research and Behavior Analysis To conduct market research, surveys, promotions, and contests, and to analyze your preferences, interests, and behavior as it relates to our Services and Products.
    Legal, Regulatory, and Compliance Obligations To fulfill our obligations under applicable laws, regulations, and compliance requirements, including anti-money laundering and tax obligations.
    Protection of Rights and Property To enforce or defend the rights, property, and safety of BilderPay, its affiliates, and other users.
    Additional Purposes Disclosed at Collection To fulfill any additional purposes specifically disclosed to you at the time of data collection, where applicable.

    These purposes are essential to provide our Services and Products effectively, to ensure security and compliance, and to meet regulatory obligations.

  1. Disclosure of Personal Data

    We may share your Personal Data with the following parties for the purposes described in this Privacy Policy.

    1. Third-Party Service Providers

      We may disclose your Personal Data to third-party service providers who assist in the provision, operation, maintenance, security, and improvement of our Services and Products. This includes, but is not limited to, providers of "Know Your Client" and blockchain analytics services, credit card networks, banks and financial institutions, payment processors, merchants, loyalty program partners, and providers of website hosting, data analysis, IT services, telecommunications, human resources, data processing, payments, and credit reference services.

    2. BilderPay Affiliates

      We may share your Personal Data with affiliates and entities within the BilderPay group that are bound by confidentiality obligations, as necessary to support our business and Services.

    3. Professional Advisors

      We may disclose your Personal Data to our professional advisors, including legal, accounting, and consulting firms, to support business functions and ensure regulatory compliance.

    4. Marketing and Advertising Partners

      We may share your Personal Data with parties involved in the marketing, advertising, and promotion of our Services and Products, including social media platforms, online platforms, and third-party websites, unless you have opted out of such sharing where applicable.

    5. Legal and Regulatory Compliance

      We may disclose your Personal Data to any person or entity when required by law, including in response to legal process, or to satisfy foreign or domestic legal, tax, and regulatory obligations or requests.

    6. Authorized Persons

      We may share your Personal Data with any individuals or entities that you authorize or consent to, including your representatives, agents, advisors, or beneficiaries.

    7. Business Transfers

      In the event of a proposed or actual business transfer, such as a merger, acquisition, or sale of assets, we may share your Personal Data with the prospective or actual acquiring entity.

    Additionally, we may share aggregated or anonymized data with the parties above to help in the administration, operation, delivery, and improvement of our Services and Products. This data will not identify you personally.

    Each disclosure of Personal Data is made with due regard for privacy and confidentiality obligations, and only as necessary to fulfill the purposes outlined in this Privacy Policy.

  1. International Transfer of Personal Data

    Your Personal Data may be transferred to, stored, and processed on servers or computers located outside of your state, province, country, or other governmental jurisdiction, where data protection laws may differ from those in your jurisdiction. By consenting to this Privacy Policy and providing your Personal Data, you acknowledge and agree to such transfers, storage, and processing of your information outside your jurisdiction.

    We will take appropriate measures to ensure that your Personal Data is handled securely and in compliance with this Privacy Policy. No transfer of your Personal Data will occur to an organization or country unless adequate data protection controls, including measures to safeguard your Personal Data, are in place. This includes implementing security protocols and protections for the secure handling and storage of your Personal Data, whether on our own systems or through trusted third-party cloud service providers.

    Your privacy and data security remain a priority, and we strive to maintain compliance with applicable data protection regulations in all jurisdictions where your data may be transferred.

  1. Data Retention

    We will retain your Personal Data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, or as required to comply with applicable legal, regulatory, or contractual obligations. This may include retaining your Personal Data to satisfy record-keeping requirements, resolve disputes, and enforce our agreements and policies.

    Your continued access to and use of our Services and Products signifies your consent to our retention of your Personal Data as described herein. When your Personal Data is no longer required for these purposes, we will securely delete or anonymize it, in accordance with applicable data protection regulations.

  1. Marketing and Communications

    We may send you information about company news, promotions, and updates related to our products and services. Additionally, we may share your Personal Data with our affiliates to facilitate the delivery of marketing communications. We will only send such marketing communications with your express consent, obtained through the relevant channels in our Services or Products.

    If you decide you no longer wish to receive marketing communications from us, you may opt out at any time by emailing [email protected].

    Please note, however, that you will continue to receive essential communications related to the Services and Products, such as updates to terms and conditions, operational notifications, and other important service-related information. As these communications are necessary for maintaining the quality and operation of our Services and Products, opting out is not available for these types of communications.

  1. Information Security

    We are committed to safeguarding your Personal Data against unauthorized access, alteration, disclosure, or destruction. To enhance information security, we implement a variety of measures, including SSL encryption for secure communication, mandatory two-factor authentication for all sessions, periodic reviews of our Personal Data collection, storage, and processing practices, and strict access controls to ensure only authorized personnel have access to your Personal Data on a need-to-know basis.

    While we prioritize the security of your data and use commercially accepted methods to protect it, please be aware that no method of transmission over the Internet or electronic storage is entirely secure. Although we strive to protect your Personal Data with industry-standard security measures, we cannot guarantee absolute security.

    1. Security Incident Response

      We are committed to protecting the security of your Personal Data. In the event of a security incident involving your Personal Data, we will take immediate action to investigate, contain, and address the issue to prevent further unauthorized access or impact. If the incident poses a high risk to affected individuals, we will notify those individuals as soon as possible and, where required by law, inform relevant regulatory authorities.

      Our response includes a thorough investigation to identify the root cause of the incident, followed by corrective actions to prevent similar incidents in the future. We will also provide support to affected individuals, monitor for any additional risks, and enhance our security practices based on lessons learned. While we employ best practices to safeguard your Personal Data, we recognize that no system is entirely immune to breaches. In the event of a security incident, we are committed to responding swiftly and transparently to protect your data.

  1. Cookies

    When you access our Site, we may use cookies, a standard industry practice, to store small amounts of data on your browser ("Cookies"). Cookies may be placed on your computer or other devices used to visit the Site. These Cookies help us recognize you as a customer, enhance and personalize your experience, and collect information about your use of our Services and Products. Additionally, Cookies enable us to support our compliance efforts and monitor for irregular or suspicious account activity, ensuring that your account security remains uncompromised.

    Most browsers are configured to accept Cookies by default. Some Cookies are session-based and will expire when you end your browsing session, while others may remain on your device until they are manually deleted or reach their expiration date. You have the option to decline our Cookies; however, doing so may impact the functionality of the Services and Products or reduce the quality of your user experience.

  1. Links to Third-Party Sites

    Our Site may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. You understand we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

  1. Minors Policy

    Our Services and Products are not intended for, nor do we knowingly engage with, individuals regarded as "minors" or the equivalent under applicable law. We do not intentionally collect, use, or process Personal Data from individuals who are minors. If you are a parent or legal guardian and become aware that your child, defined as a "minor" under applicable law, has provided us with Personal Data, we encourage you to contact us immediately. Upon receiving such notification, we will take prompt and appropriate actions, including verifying the information and, where applicable, securely deleting the child's Personal Data from our systems to ensure compliance with data protection laws and our internal policies.

    We are committed to maintaining a safe and secure online environment and take the privacy rights of all users, especially minors, seriously. If you have any concerns about data collection related to minors, please reach out to us for assistance.

  1. User Interactions

    You acknowledge and agree that you are solely responsible for your interactions and communications with other users of our Services and Products. While we reserve the right to monitor or become involved in disputes between you and other users at our discretion, we are under no obligation to do so. We encourage users to exercise caution and judgment when interacting with others online and to reach out to us if any issues arise that may require our attention.

  1. Automated Decision-Making and Profiling

    In providing our Services and Products, we may use automated processes, including profiling, to support decision-making. Automated decision-making is employed to assess certain information about you, such as to evaluate risk, verify identity, detect fraudulent activities, and ensure compliance with legal and regulatory requirements. These automated processes help us provide secure and efficient services tailored to meet user needs.

    Where required by applicable law, we ensure safeguards are in place to protect your rights, freedoms, and legitimate interests. You have the right to request human intervention, to express your views, or to contest decisions generated by automated processing. If you wish to know more about our automated decision-making processes or your rights in this context, please contact us directly.

  1. Contacting Us About Privacy Questions or Concerns

    If you have any questions about this Privacy Policy or our handling of your Personal Data, or if you wish to inquire about, update, correct, delete, or withdraw consent for your Personal Data, please contact us at [email protected].

    We will make every effort to respond to your request promptly. However, please be aware that we may be unable to fulfill certain deletion requests if data retention is required by law or necessary for legitimate business purposes. Additionally, withdrawing consent or failing to provide necessary information may limit our ability to provide or continue certain Services and Products to you.

    For requests related to data access, correction, deletion, or portability, we may require verification of your identity to ensure authorization. While we strive to handle these requests free of charge, we reserve the right to apply a reasonable fee if a request is repetitive, excessive, or unduly burdensome.

  1. Language

    In the event that this Privacy Policy is translated into a language other than English, the English version shall prevail in the case of any discrepancies or inconsistencies between the English text and the translated version.

  1. Right Under Applicable Data Protection Laws

    1. Your Rights if Your Personal Data is Covered by the General Data Protection Regulation (GDPR)

      If you are a resident of the European Economic Area ("EEA"), we process your Personal Data in compliance with the General Data Protection Regulation ("GDPR"). Our legal basis for collecting and processing your Personal Data, as outlined in this Privacy Policy, depends on the type of information collected and the specific purposes for which it is processed. We may process your Personal Data because:

      • Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract;
      • You have provided your consent for a specific purpose;
      • Processing is necessary to further our legitimate interests, which do not override your rights and freedoms, or to fulfill our legal obligations;
      • Processing is required to comply with applicable laws and regulations.

      As an EEA resident, you have specific data protection rights to control the processing of your Personal Data. We are committed to facilitating the exercise of these rights, which include the ability to access, correct, restrict, or delete your Personal Data. To exercise any of these rights, please refer to Section 16 ("Contacting Us About Privacy Questions or Concerns") for further instructions.

      Subject to certain conditions and limitations set forth under GDPR, your rights may include:

      • Right of Access

        You have the right to request access to the Personal Data we hold about you, along with details regarding the nature, purpose, and disclosure of that data.

      • Right to Rectification

        You have the right to request the correction of inaccurate or incomplete Personal Data.

      • Right to Object

        You have the right to object to the processing of your Personal Data in cases where processing is based on our legitimate interests or for direct marketing purposes.

      • Right to Restriction of Processing

        You have the right to request a limitation on our processing of your Personal Data under certain circumstances, such as when you contest the accuracy of the data or object to its processing.

      • Right to Data Portability

        You have the right to request that we provide your Personal Data in a structured, commonly used, and machine-readable format, and to transfer that data to another data controller where technically feasible.

      • Right to Withdraw Consent

        Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any processing conducted prior to the withdrawal.

      To exercise these rights, please contact us as described in Section 16. We will respond to your request in accordance with applicable data protection laws and take appropriate steps to fulfill your request, subject to any legal or regulatory obligations requiring us to retain your data.

    2. Your Rights if Your Personal Data is Covered by the United Kingdom's Data Protection Act 2018

      Following the United Kingdom's exit from the European Union, the Data Protection Act 2018 governs the collection and processing of Personal Data for residents of the UK. This law provides rights similar to those under the GDPR, including:

      • Right to Access, Correction, and Deletion

        UK residents have the right to request access to, correction of, or deletion of their Personal Data.

      • Right to Restrict Processing and Data Portability

        You have the right to request restrictions on our processing of your Personal Data and to request data portability, allowing you to receive and transfer your data to another provider.

      • Right to Object

        You have the right to object to certain types of processing, such as direct marketing or processing based on legitimate interests.

      UK residents can exercise these rights by contacting us as specified in Section 16.

    3. Your Rights if Your Personal Data is Covered by the Personal Information Protection and Electronic Documents Act (PIPEDA)

      If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs the collection, use, and disclosure of your Personal Data. Under PIPEDA, Canadian residents are afforded the following rights:

      • Right to Access

        You have the right to request information about the Personal Data we collect, how it is used, and whether it has been disclosed to any third parties.

      • Right to Correction

        You have the right to request that any inaccurate or incomplete Personal Data be corrected.

      • Right to Withdraw Consent

        Where consent is the legal basis for processing your Personal Data, you have the right to withdraw that consent at any time.

      To exercise any of these rights, Canadian residents may contact us as outlined in Section 16.

    4. Your Rights if Your Personal Data is Covered by the Brazilian General Data Protection Law (LGPD)

      If you are a resident of Brazil, your Personal Data is protected under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, or LGPD). The LGPD provides residents of Brazil with rights similar to those under the GDPR, including:

      • Right to Access

        You have the right to confirm whether we are processing your Personal Data and to request access to it.

      • Right to Rectification

        You have the right to request corrections to any inaccurate or incomplete Personal Data.

      • Right to Anonymization, Blocking, or Deletion

        You may request the anonymization, blocking, or deletion of Personal Data that is unnecessary, excessive, or processed in violation of the LGPD.

      • Right to Data Portability

        You have the right to request that your Personal Data be transferred to another service or product provider, where technically feasible.

      • Right to Withdraw Consent

        You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

      Brazilian residents can exercise these rights by contacting us as provided in Section 16.