1. Introduction

This CrossWavePay Privacy Policy (the 'Privacy Policy') outlines the privacy practices governing the relationship between you ('Client'or 'you') and 1507612 B.C. LTD., along with its subsidiaries, affiliates, or any entity within the 1507612 B.C. LTD. group of companies ('CrossWavePay' or 'we'). It details how we collect, process, and safeguard your personal information as you engage with the services provided by CrossWavePay on any of our official websites, including https://CrossWavePay.com/ (the 'Website'), mobile applications, and other authorized CrossWavePay communication channels, as well as the content and services offered therein, including any updates, upgrades, or new versions. This Privacy Policy constitutes a legally binding agreement (the 'Agreement') between the parties. We strongly encourage you to review this document to fully understand how your personal data is utilized and protected.

This Privacy Policy is reviewed on a regular basis to ensure that any updates, new product releases, or changes in our business model are appropriately reflected. We will notify you of any such changes through email, the in-app messaging center, or by posting a notice on our website. By continuing to use the CrossWavePay Platform after these changes have been made, you acknowledge and accept the updated Privacy Policy. Therefore, we encourage you to periodically review this Policy to stay informed about any revisions.

2. Definitions

Personal Data encompasses any information relating to an identified or identifiable natural person (data 'subject' ). A person is considered identifiable if they can be distinguished, directly or indirectly, particularly by reference to identifiers such as a name, identification number, location data, online identifiers, or by considering one or more factors inherent to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Controller refers to any natural or legal person, public authority, agency, or other body, which, individually or in conjunction with others, exercises the authority to determine the purposes and means of processing personal data.

Data Processor is any individual or entity, whether a natural person, legal entity, public authority, agency, or other organization, that processes personal data on behalf of the Data Controller. The Data Processor carries out tasks such as collecting, storing, or analyzing personal data, strictly following the instructions and purposes defined by the Data Controller, without determining the purposes or means of the data processing itself.

CrossWavePay Platform refers to any official digital interface operated by CrossWavePay, including but not limited to websites, mobile applications, and other authorized communication channels. This definition also encompasses all content, services, and functionalities provided therein, as well as any subsequent updates, upgrades, and versions made available through these mediums.

Processing refers to any action or series of actions carried out on Personal Data or collections of Personal Data.

Data Subject is an individual whose personal data is being collected, held, or processed.

Personal Data Breach refers to a security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Consent refers to the freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

Legitimate Interests is the interests of CrossWavePay in conducting and managing its business in a way that allows it to offer the best services while safeguarding the rights and interests of clients.

Supervisory Authority is an independent public authority established by a Member State pursuant to the GDPR or other applicable privacy laws, responsible for monitoring the application of these laws to protect the fundamental rights and freedoms of individuals in relation to processing.

Profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Retention Period is the length of time during which personal data is stored and maintained by CrossWavePay before being securely deleted or anonymized.

Data Portability refers to the right of the data subject to receive their personal data in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller without hindrance.

Automated Decision-Making is the process of making decisions by automated means without any human involvement, particularly in scenarios that produce legal effects concerning the data subject or similarly significantly affect them.

Encryption is the process of converting data into a code to prevent unauthorized access, ensuring that data remains confidential during transmission and storage.

Cookies refer to small text files placed on a user's device by a website to collect information about the user's browsing behavior and preferences.

FATF (Financial Action Task Force) is an intergovernmental organization that sets standards and promotes the effective implementation of legal, regulatory, and operational measures for combating money laundering, terrorist financing, and other related threats to the integrity of the international financial system.

3. Data we collect

CrossWavePay collects various types of Personal Data when you access and use the CrossWavePay Platform, register for our services, or interact and communicate with CrossWavePay through any official channels. The collection of this information enables us to provide, maintain, and enhance our services while ensuring compliance with applicable legal and regulatory requirements.

Information Provided Directly by You:

• Identification Information: Includes your full name, date of birth, place and country of birth, personal identification numbers, photographs or selfies, copies of official identification documents (such as passports, national identity cards, or driver's licenses—front and back), email address, status as a Politically Exposed Person (PEP), marital or civil status, and any relevant information pertaining to sanctions or legal restrictions.
• Contact and Correspondence Details: This includes your permanent and current residential addresses, telephone numbers, social media profiles, tags, and handles, as well as communications and messages exchanged through any social platform, communication channel, or medium.
• Employment Information: Includes details about your profession, sector of employment, and your current job status.
• Financial Details: This encompasses your bank account numbers, digital asset wallets, sources of funds, sources of cryptocurrency, transaction records, and assets held on the CrossWavePay Platform.
• Additional Information: Any other data or information you choose to provide to CrossWavePay at your own discretion.

Data Collected Automatically;

• When you access the CrossWavePay Platform, we automatically gather certain types of data to enhance your experience and ensure the security and functionality of our services:
• Technical Data: This includes detailed information about the device you use to access the Platform, such as device type, model, and unique identifiers. We also collect data related to your network connection, including IP addresses, MAC addresses, and the Internet Service Provider (ISP) used. Additionally, we gather information about your software environment, such as the type and version of your browser, operating system, and time zone settings. We may also access data regarding screen resolution, installed plugins, language preferences, and other technical details that facilitate your interaction with our services.
• Website Interaction Data: We collect comprehensive data about your interactions with the CrossWavePay Platform, including a complete history of your visits, from the initial entry point (Unified Resource Locator or URL) to your navigation within the Platform and your exit point. This includes the date and time of each visit, your consent to our Terms and Conditions and Cookie banner, as well as the services and content you have searched for, viewed, or interacted with. We also track your navigation patterns, including the pages you visit, files you access (such as HTML pages, images, and other media), page load times, any errors encountered during page loading, and the duration of time spent on each page. Additionally, we monitor your interactions with the website, such as clicks, cursor movements, scrolling activity, and the methods you use to navigate away from the page. For further details, please refer to our Cookies Policy.
• Service Usage Data: This encompasses information generated as a result of your use of CrossWavePay Services, including details about your assets held on the CrossWavePay Platform, your account status, loyalty tier, transaction history, activity logs, IP logs, and geolocation data. This data is essential for providing you with personalized services, ensuring the security of your account, and complying with applicable legal and regulatory requirements.

Data Obtained from Third Parties:

• CrossWavePay may acquire information and data about you from third-party sources, but only within the scope of account creation, verification processes, or when services are rendered by third-party providers to whom you have explicitly consented to process your data. Third parties may also provide us with data concerning you as part of their routine due diligence procedures, or in connection with compliance and anti-money laundering (AML) monitoring activities.
• Please be aware that if you choose to withhold the requested Personal Data, particularly where such data is required by law or by third-party providers necessary for the provision of their services, CrossWavePay may be unable to fulfill the relevant contractual obligations, including delivering the services offered by CrossWavePay. Your refusal to provide this essential data could result in our inability to offer or continue providing you with the services available through the CrossWavePay Platform.

4. Purposes for Data Processing

‍CrossWavePay will handle your Personal Data strictly in compliance with applicable privacy laws and the provisions of this Privacy Policy for the purposes outlined below:

Delivery of Services: To enable the execution of payment transactions, conduct digital asset exchanges, authenticate identities, and implement measures to detect and prevent fraudulent activities, financial crimes, and other illicit conduct. Additionally, to ensure compliance with anti-money laundering (AML) regulations and fulfill all associated legal obligations.

‍Adherence to Legal Obligations: CrossWavePay is required by law to confirm your identity prior to delivering any services, continuously monitor your transactions, and implement safeguards against fraud, money laundering, terrorist financing, and other financial crimes. These measures are necessary to comply with AML regulations and directives issued by payment service providers.

Data Acquisition for Regulatory Compliance: To fulfill our legal responsibilities, we may gather the following information from individuals who are either clients or acting as representatives of legal entities.

Identity Details: This includes but is not limited to your full name, unique personal identification numbers, date of birth, identification document numbers, copies of official identification documents, nationality or the country where the identification document was issued, country of residence, user ID within the CrossWavePay platform, account number within the CrossWavePay platform, photographs, and other relevant identifying information.

Contact Details: This comprises your residential or business address, phone numbers, email addresses, and any other similar contact information necessary for communication purposes.

KYC (Know Your Customer) Data: This includes account numbers held with other financial institutions or payment service providers, results from checks against public and private databases, fraud prevention measures, details regarding your employment, job title, professional activities, services utilized, financial transactions, turnover amounts, sources of funds, countries involved in financial transfers, political exposure, and any other data relevant for monitoring client activity and ensuring compliance with regulatory standards.

Device and Technical Information: This refers to data regarding the operating system of the device you use to access our services, the type and version of your web browser, IP address, geographic location, time zone settings, device identifiers, screen resolution, and any other technical specifications that may be relevant to your interaction with our system.

Financial Data: This includes details of your bank accounts, bank statements, trading activities, investment portfolios, credit histories, and other financial information that may be necessary for the provision of our services or required for regulatory compliance.

Online Identifiers: This encompasses geolocation data, tracking information, browser fingerprints, operating system specifics, browser versions, IP addresses, and other similar online identifiers that could be used to distinguish your digital presence.

Usage Information: This includes feedback provided through surveys, data shared with our support team, posts made on public social media platforms, authentication information, security questions and answers, user IDs, clickstream data, and other information collected via cookies, web beacons, or similar tracking technologies. Please refer to our Cookie Policy for further details.

Payment Card Details: This comprises information such as payment card numbers, CVC codes, PINs, expiration dates, and any other card-related data necessary for processing transactions or safeguarding your financial information.

Supplemental Data: Any additional information that you or your clients voluntarily provide to us, whether through direct communication, during transactions, or via any other medium, which may be relevant for the provision of services or for compliance with legal and regulatory requirements.

Gathering and Handling Data of Ultimate Beneficial Owners (UBOs) and Legal Entities: We may collect and process personal data related to ultimate beneficial owners (UBOs) of legal entities, as well as other significant stakeholders, such as key representatives, executives, or individuals holding influential roles within the organization. This data collection may include information necessary for identifying ownership structures, verifying control, and ensuring compliance with relevant legal and regulatory frameworks.

Data Acquisition from Third-Party Sources: We may conduct searches and gather information about you from third-party providers, including public databases and other accessible sources. This process is undertaken to verify your identity, facilitate transactions, and implement measures to detect and prevent fraud, money laundering, or other financial crimes. The data collected from these sources helps us to enhance our due diligence procedures and strengthen the security and integrity of our services.

Legal and Contractual Data Collection Requirements: The collection of the aforementioned data is mandated by applicable law and is also necessary for the establishment and maintenance of a contractual relationship with the Client. Should you or a representative of a legal entity fail to provide the required data, we reserve the right to decline the establishment of a contractual relationship or to withhold the provision of services, as this data is essential for both legal compliance and the proper execution of our services.

Disclosure and Sharing of Data: Your personal data may be disclosed to various third parties, including regulatory and supervisory authorities, banking and financial institutions, payment service providers, companies involved in the manufacturing, personalization, and delivery of payment cards, and entities offering identification and sanctions/watch list screening services. Additionally, we may share data with transaction monitoring service providers, government agencies, legal advisors, bailiffs, pre-trial investigation bodies, courts, auditors, debt collection agencies, companies managing shared debtor databases, fraud prevention organizations, and agencies tasked with preventing money laundering, terrorist financing, and other financial crimes. Data may also be shared with other entities possessing a legitimate interest or with your explicit consent, in accordance with applicable legal and regulatory requirements.

Service Updates and Dispute Prevention: We are dedicated to keeping you informed about service changes and preventing potential disputes. To this end, we may process your contact data to fulfill legal obligations and perform our contractual duties, ensuring you are aware of any modifications to our services or Terms & Conditions. These notifications are mandatory under the law and are not considered marketing communications, so you cannot opt out of receiving them. Additionally, when you contact us—whether to inquire about our services, report unauthorized transactions, or request the blocking of a payment instrument—we may process your identity, contact, and device data. We might also record phone conversations and retain email correspondence to maintain an accurate communication history. This data processing is conducted to comply with legal requirements, support our legitimate interests in preventing disputes, and ensure the proper provision of services. In certain cases, your data may be disclosed to third parties such as regulatory authorities, legal counsel, courts, auditors, and other entities with a legitimate interest or your consent, in accordance with applicable laws.

Dispute Resolution Protocol: In the event of a dispute, we are committed to providing a clear, structured, and equitable process to address and resolve your concerns efficiently. Initially, we encourage you to contact us directly to seek a resolution. Our aim is to resolve your concerns satisfactorily; however, if the outcome does not meet your expectations, you have the right to escalate the matter to the relevant regulatory or supervisory authorities.

During the dispute resolution process, we may collect and process various categories of personal data to facilitate a comprehensive investigation. This may include, but is not limited to, identity details such as your full name, personal identification numbers, date of birth, and pertinent identification document information; contact details including your address, telephone number, and email address; KYC (Know Your Customer) information encompassing account numbers, transaction histories, employment details, and other relevant data; as well as any additional information you provide during the complaint and resolution process. The processing of this data is performed in strict adherence to legal requirements, ensuring that your complaint is thoroughly investigated and fairly resolved. Your personal data may be disclosed to third parties during the dispute resolution process, including regulatory authorities overseeing compliance within our industry, legal counsel for advice and representation, pre-trial investigation bodies involved in preliminary legal inquiries, courts for judicial proceedings, auditors ensuring regulatory compliance, debt recovery agencies for financial recovery actions, entities managing shared debtor databases, and other authorized parties with a legitimate interest or where your consent has been obtained. The collection, processing, and disclosure of your personal data are conducted in full compliance with applicable legal requirements to ensure the lawful and fair resolution of your dispute.

Marketing Communications: We are committed to keeping you informed about our services and offerings through carefully curated and relevant communications. We may contact you via email to update you on our current services and offerings, as well as other products or services related to your prior inquiries. Additionally, with your explicit consent, we may send you marketing emails and newsletters containing insights and updates about our latest services. You have the unequivocal right to opt out of these communications at any time, and we provide an easy method for you to exercise this right. To facilitate our marketing efforts, we may share your data with trusted email marketing service providers, who are bound by strict confidentiality and data security agreements. Moreover, we may employ personalized advertising techniques by analyzing your preferences and behaviors to deliver tailored advertisements that are more relevant to your interests. To protect your privacy, we may also share anonymized data with our advertising partners to enhance the effectiveness of our promotional campaigns. If you wish to object to the use of your data for marketing purposes, you may do so at any time, and we will promptly cease using your data for such activities. In the course of our operations, we may also engage third-party service providers to manage your personal data for purposes such as data storage, communication services, software development, and marketing analytics, ensuring full compliance with all applicable data protection regulations.

Cookies: To optimize your experience on our platform, we employ cookies and similar technologies that enable the automatic collection of information. These tools are crucial for enhancing website functionality, analyzing usage patterns, and delivering personalized content. Cookies, which are small text files stored on your device, allow us to assess website performance, identify popular features, and address accessibility issues, ultimately improving your overall user experience. The data collected through cookies includes technical details such as your IP address, browser type and version, time zone settings, and details about your interactions with the site, like page visits and response times. We may also work with third-party service providers who assist in analyzing this data to refine our services. You can manage your cookie preferences through your browser settings, though disabling cookies may limit certain website functionalities. For more information on our cookie practices, please refer to our Cookie Statement.

For any additional purposes related to the activities mentioned above, provided they are permitted by law.

5. Legal Grounds for Data Processing

‍To fulfill the objectives outlined above, CrossWavePay handles and processes your Personal Data in a lawful and transparent manner, fully adhering to relevant privacy regulations. Specifically:

• For the Purpose of Entering Into and Executing a Contract: We collect and process your data to facilitate the formation and execution of agreements with you, ensuring that all contractual obligations are met effectively.
• To Comply with Legal and Regulatory Requirements: We process your data to adhere to the obligations imposed by applicable laws and regulatory frameworks, ensuring full compliance with statutory requirements.
• To Pursue Our Legitimate Interests:We process your data to further our legitimate business interests, provided these interests do not override your fundamental rights and freedoms, which may take precedence over our interests.
• Based on Your Informed Consent: Where required, we will seek your explicit consent before commencing the processing of your Personal Data. Such processing will only begin once your consent has been obtained, ensuring that your autonomy and rights are fully respected.
  ‍

6. Automated Decision Making and Profiling

Automated decision-making and profiling are processes that may be utilized to verify your identity, monitor your activities on the CrossWavePay Platform, and predict certain behaviors. These methods are integral to our compliance with Anti-Money Laundering (AML) regulations and are necessary for the effective management and establishment of business relationships between CrossWavePay and its clients. To safeguard your rights, freedoms, and legitimate interests, CrossWavePay has implemented appropriate measures, including options for human intervention in the decision-making process. You also have the right to provide your input and challenge any decisions made through automated systems.

Automated decision-making at CrossWavePay is designed to enhance consistency and impartiality in our processes by minimizing the risk of human error or bias. This approach enables us to deliver decisions more quickly and efficiently than traditional, human-based methods, ensuring that our services operate with optimal speed and accuracy. Additionally, automated processes help mitigate the risk of clients encountering financial difficulties, such as missing payments on their obligations. The decisions made through our automated systems can draw upon various types of data, including:

• Information you provide directly to CrossWavePay or through our identity verification partners;
• Data observed about your activities, such as geolocation data collected while using the CrossWavePay Platform;
• Inferred or derived data, like a creditworthiness assessment based on your financial activity within the platform.

This method allows us to offer a seamless and efficient experience while upholding high standards of fairness and reliability in our decision-making processes.

7. Data Disclosure to Third Parties‍

CrossWavePay may share your Personal Data with select third-party providers who assist us in delivering our services to you. Additionally, we may be required to disclose data to third-party entities in order to comply with applicable laws and regulations, such as those related to anti-money laundering (AML) and counter-terrorism financing. We are committed to employing stringent security measures to ensure that all sensitive information pertaining to CrossWavePay customers is securely stored and transmitted.
We may disclose your Personal Data to the following categories of external third parties:

• Banking and Financial Service Providers: These entities facilitate the processing of your transactions, including deposits and withdrawals to and from your CrossWavePay account. This category includes payment processors, banking institutions, card issuers, and providers of alternative payment methods, among others.
• Risk Management and Compliance Service Providers: This includes providers specializing in risk assessment, fraud prevention, identity verification, and services related to compliance with AML and counter-terrorism financing regulations.
• Digital Marketing and Advertising Platforms: We may share data with online marketing and advertising platforms for the purpose of promoting our services and engaging with our target audience more effectively.
• Data Analytics and Search Engine Providers: These service providers support us in enhancing and optimizing the CrossWavePay Platform by analyzing user behavior, improving user experience, and refining our service offerings.
• Cloud Infrastructure and Data Storage Providers: We utilize cloud service providers that offer the necessary infrastructure to securely store, manage, and protect your Personal Data, ensuring compliance with data security standards.
• Professional Advisors and Legal Representatives: This includes auditors, legal advisors, and similar professionals who offer advisory services to CrossWavePay. These parties are bound by confidentiality agreements to protect your data and ensure it is used solely for the purposes of providing these services.

Please be aware that the CrossWavePay Platform may contain links to external websites, plug-ins, social media handles, and applications operated by third parties. Engaging with these links or enabling such connections may result in third parties collecting or sharing your Personal Data. CrossWavePay has no control over these external sites and cannot be held responsible for their data processing practices. We strongly recommend that you review the privacy policies or notices of any third-party sites you visit after leaving the CrossWavePay Platform to understand how they manage and protect your information.

8. Data Transfers

‍When transmitting Personal Data, we commit to ensuring that any recipient organization upholds security protocols for data storage and processing that are substantially equivalent to our own stringent standards. Your Personal Data may be handled, retained, and shared with third-party entities in accordance with the provisions outlined in this Privacy Policy, the agreements established between you and CrossWavePay, and any permissions you grant us periodically. We are dedicated to safeguarding the confidentiality and integrity of your data by ensuring that all such processing activities adhere to our rigorous data protection practices and comply with applicable legal requirements.
Your Personal Data may be processed and stored in locations outside your country of residence. The data we collect about you may be transferred to and processed by our service providers in various jurisdictions. These activities may include processing payments, conducting data analyses (such as fraud detection, risk assessments, and compliance checks), collecting usage data from our websites and services, targeting advertisements (including behavioral advertising), or providing customer support for our products and services. We take all necessary and reasonable measures to ensure that your Personal Data is handled securely and in accordance with this Privacy Policy, as well as relevant local and international laws

We are committed to ensuring that any international transfer of your Personal Data is conducted with the highest standards of security and in full compliance with applicable legal frameworks to protect your privacy and rights.

9. Data Security‍

At CrossWavePay, the security of your Personal Data is of paramount importance. We employ rigorous industry-standard security measures to ensure that your information is protected from unauthorized access, misuse, loss, alteration, or destruction. Our commitment to data security is reflected in the comprehensive protocols we have in place, which are continually reviewed and updated to align with the latest technological advancements and legal requirements. We store your Personal Data on secure servers, utilizing a cloud environment that adheres to strict security standards, including those recognized by international certifications such as ISO 27001. To safeguard your information, we implement a multi-layered security approach, which includes administrative, technical, personnel, and physical measures. These protections are designed to prevent any unauthorized access, accidental loss, or unlawful processing of your data.
Our security infrastructure incorporates advanced tools such as firewalls, encryption technologies, and secure socket layer (SSL) protocols to protect data during transmission. Access to your Personal Data is strictly limited to authorized personnel, including employees, agents, contractors, and third-party service providers who have a legitimate need to access the data in order to perform their duties. These individuals are subject to stringent confidentiality obligations and are regularly vetted to ensure ongoing compliance with our security standards. In the unfortunate event of a security breach that results in the unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your Personal Data, we are committed to informing you without undue delay if the breach poses a significant risk to your rights and freedoms. Such incidents will also be promptly reported to the appropriate data protection authorities in accordance with applicable laws.
To further enhance the protection of your privacy, we advise you to keep your login credentials, including your username and password, confidential and secure. CrossWavePay will never request your credentials through unsolicited communication. We also conduct regular security audits and malware scans to detect and prevent potential vulnerabilities. Our dedication to data security extends to our partnerships with third-party service providers who may process Personal Data on our behalf. These providers are contractually obligated to uphold the same high standards of confidentiality and security that CrossWavePay maintains.
By utilizing our platform, you trust us with your Personal Data, and we are committed to taking every necessary measure to protect it, ensuring that your information is handled with the utmost care and security at all times.

10. Data Retention & Storage

‍Personal Data is retained for varying durations depending on its category and the purposes for which it is used:

• Certain types of information may be automatically deleted after a predetermined period or upon request via automated processes. For example, if you have opted out of marketing communications, your email address will be maintained on a suppression list to ensure that you do not receive any further promotional emails from us.
• Other data, such as your account information, may be preserved for an extended period, depending on the terms of your contract with us, industry standards, or our legitimate business needs. This could include, but is not limited to, safeguarding against promotional abuse and other similar activities.
• We may also retain specific data to serve our legitimate business purposes, such as improving our products and services, preventing fraud, maintaining accurate records, and addressing complaints or legal claims.
• Additionally, certain Personal Data must be retained to fulfill our obligations under applicable laws and regulatory requirements, such as audit and reporting obligations. For instance, under anti-money laundering laws and FATF recommendations, we are required to retain your Personal Data for a minimum of five (5) years after the conclusion of our relationship. In some circumstances, this retention period may be extended as required by law or regulatory mandates.

Our commitment is to ensure that your Personal Data is stored securely and retained only for as long as necessary to fulfill the purposes for which it was collected, in compliance with all relevant legal obligations.

11. Your Rights‍

As a data subject, depending on your jurisdiction, residency, or citizenship, you are entitled to various rights under applicable data protection laws. CrossWavePay is committed to ensuring that these rights are respected and upheld in a timely and lawful manner. Upon receiving your requests at the contact details provided below, we will respond without undue delay and within the statutory deadlines, typically within thirty (30) days, extendable by an additional two months where necessary, in accordance with applicable privacy regulations.

1. Right to Information.You have the right to request clear and comprehensive information about the Personal Data we process about you, including the purposes for which it is processed, the categories of data involved, the recipients to whom your data has been disclosed, and the retention periods applicable to that data.

2. Right of Access. You are entitled to access the Personal Data we hold about you. This allows you to confirm whether your data is being processed and to review the specific information we have collected.

3. Right to Rectification. If you identify inaccuracies in your Personal Data or find it incomplete, you have the right to request its correction or completion. We may take steps to verify the accuracy of the new data you provide to ensure its correctness.

4. Right to Erasure (Right to be Forgotten). You can request the deletion of your Personal Data under certain circumstances, particularly when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent on which the processing is based. However, please note that we may not always be able to comply with your request for erasure due to specific legal obligations, such as anti-money laundering regulations, which may require us to retain certain data for a defined period.

5. Right to Restrict Processing.You have the right to request the restriction of processing your Personal Data where there is a valid reason, such as when you contest the accuracy of the data or the lawfulness of the processing. During such a restriction period, your data will only be stored, and further processing will occur only with your consent or for legal claims, the protection of others' rights, or significant public interest.

6. Right to Data Portability. You are entitled to receive the Personal Data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another data controller, where feasible. This right applies particularly to data processed by automated means and based on your consent or the performance of a contract.

7. Right to Object. You may object to the processing of your Personal Data at any time if it is based on legitimate interests or performed for direct marketing purposes. We will cease the processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is required for the establishment, exercise, or defense of legal claims.

8. Right to Object to Automated Decision-Making. You have the right to object to decisions made solely based on automated processing, including profiling, that produces legal or similarly significant effects on you. If you believe that such automated processing may not adequately consider your unique circumstances, you may request a manual review of the decision.

9. Right to Withdraw Consent. Where processing is based on your consent, you may withdraw that consent at any time. Please note that withdrawing your consent does not affect the lawfulness of any processing carried out before your withdrawal. However, withdrawing consent may limit our ability to provide certain services to you.

10. Right to Lodge a Complaint. If you have concerns about how we handle your Personal Data, you have the right to file a complaint with a supervisory authority. This may be the data protection authority in your country of residence, your place of work, or the location where the alleged breach occurred. While you have this right, we encourage you to first contact us directly so we can address your concerns. We strive to resolve all issues amicably and transparently.

To help protect your privacy and security, we may take reasonable steps to verify your identity before granting access to your Personal Data or acting on your requests. Depending on the nature of your request and the circumstances, we may not be able to fully comply, particularly if fulfilling the request would infringe on the rights of others or conflict with legal obligations. We reserve the right to deny requests that are manifestly unfounded, excessive, or otherwise unacceptable under applicable law.

12. Get in Touch

‍We highly value your feedback. If you have any comments, questions, or concerns about this Privacy Policy, how CrossWavePay manages your Personal Data, a potential data breach, or if you wish to exercise your data protection rights, please contact our Data Protection Officer (DPO) via email. CrossWavePay is committed to handling your inquiries and concerns with the utmost confidentiality.Data Protection Officer (DPO):

business@crosswavepay.com

When reaching out, please include the following details in your email:

• Your full name;
• Your preferred method of communication (if not specified, we will respond via email);
• Your country of residence and the location from which you access our services;
• If your inquiry relates to exercising your rights, please specify the type of request (e.g., access, data portability, deletion, etc.);
• A detailed description of your request or concern.

If you feel that your issue has not been adequately resolved, you have the right to escalate the matter to your local data protection authority.