Complaer B.V (hereafter also referred to as “the Company”, “we”, “us” or “our”) is incorporated under the laws of Netherlands with Company Code: 90934911 and has its registered address John M. Keynesplein 10, 1066EP Amsterdam. The Company owns and operates the domain https://complaer.com (hereafter the “Website”). The Company is the controller of your personal data collected via the means described herein and any process of your personal data is performed in accordance with this Privacy Policy (hereafter “the Policy”) and the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) as amended from time to time (hereafter “GDPR Regulation”). This Privacy Policy provides information about personal data processing - how Complaer B.V. (hereinafter - we) collect, process and store your personal data. We understand the importance of personal data processing, therefore, we respect the privacy of our customers and other data subjects (hereinafter - data subjects) and protect personal data. When writing 'you', we mean you as - a potential, existing or former client, our client's employee or other parties, such as beneficial owners, authorised representatives, business partners, our merchant's clients, other associated parties or a person contacting us by email or using other communication means, visitors on the Company's website(s). Personal data means any information relating to an identifiable natural person (i.e., using information and data in order to directly or indirectly identify a specific person). Processing means any operation(s) which is performed on personal data (or on sets of personal data) whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.

This Policy describes how the Company collects, processes, uses, maintains, stores and discloses your personal information and data. Any personal data the Company collects about the client will only be used for the purposes we have collected it for, or as allowed under the applicable legislation, and to perform our contractual obligations in relation to the products and services offered. This Privacy Policy covers the Company's official corporate website https://complaer.com, all its related sub-domains that are registered and operated by the Company as well other software solutions used by the Company. This Privacy Policy is applicable to the processing of personal data regardless of the form/environment that the personal data is provided (e.g. on paper, electronically, by phone or otherwise) and whether or not the Company process it by automated means or manually.

The Company fully understands the importance of maintaining the confidentiality and privacy of your personal data. We respect your privacy and to this end, we are committed to taking all reasonable steps in order to protect and safeguard the privacy, confidentiality, security and integrity of your personal data.

We are responsible for ensuring security of your personal data made available to us, in particular to prevent unauthorized access to your data. We are also responsible for ensuring all users with the opportunity to benefit their rights regarding their own personal data. When processing personal data, we follow the principles of:

• legality, fairness and transparency;
• purpose limitation;
• data reduction; accuracy;
• limitation of the length of the storage;
• integrity and confidentiality.

Categories of personal data being processed The personal data we collect can be grouped into the following categories:

Purpose	Legal basis	Categories of personal data
To conclude the contract with you, or to take steps at your request prior to entering into a contract	Taking necessary steps before conclusion of the contract and/or conclusion of the contract; Legal obligations.	Basic personal data; Identification and other background verification data; Contact details; Correspondence data; Other personal data needed (in order to evaluate the possibility of providing services).
To create an account for you	Performance of the contract	Basic personal data; Identification and other background verification data Contact details; Other personal data needed (in order to evaluate the possibility of providing services).
To perform the contract concluded with you, including (but not limited to) provision of the Services	Performance of the contract; Legal obligations.	Basic personal data; Identification and other background verification data; Monetary operation details; Details of your activities in your website account or mobile application; Details of your existing bank account/-s; Information related to legal requirements; Contact details; Correspondence data; Other personal data needed (in order to evaluate the possibility of providing services).
To carry out ongoing Client Due Diligence (CDD) and manage ML/TF risk, identify, investigate and report suspicious transactions and potential market abuse	Legal obligation	Basic personal data; Identification and other background verification data; Monetary operation details; Details of your existing bank account/-s; Information related to legal requirements; Contact details; Other personal data. (Scope of the processing of personal data depends on the specific operation being investigated)
To be compliant with legal requirements regarding sanction regimes	Legal obligations.	Basic personal data; Identification and other background verification data; Monetary operation details; Details of your existing bank account/-s; Information related to legal requirements; Contact details; Correspondence data; Other personal data needed (in order to evaluate the possibility of providing services).
To identify you remotely	Your consent.	Special category data.
To prevent, limit and investigate any misuse or unlawful use or disturbance of the Services or to establish, exercising and defend legal claims	Legitimate interest; Legal obligations.	Basic personal data; Identification and other background verification data; Monetary operation details; Details of your activities in our Website; Details of your activities in our Website or mobile application; Details of your existing bank account/-s; Information related to legal requirements; Contact details; Correspondence data; Other personal data needed (in order to evaluate the possibility of providing services).
To ensure adequate provisions of the Services, the safety of information within the Services, as well as to improve, develop and maintain applications, technical systems and IT-infrastructure or our legitimate business interests, such as enabling us to improve and deliver a better and more personalised service	Legitimate interest.	Basic personal data; Contact details; Details of your activities in our Website; Details of your activities in your website account or mobile application; Correspondence data; Other personal data needed (in order to evaluate the possibility of providing services).
To provide an answer when you contact us via our Website or other communication means	Legitimate interest. Your consent.	Basic personal data; Contact details; Correspondence data; Other personal data needed (in order to evaluate the possibility of providing services).
To carry out direct marketing activities	Legitimate interest. Your consentP.	Contact Information: This can include names, addresses, email addresses, and phone numbers to reach potential customers. Personal Identifiers: Such as customer ID numbers or account numbers that link the marketing activity to a specific individual's transactions or interactions with the company. Online Identifiers: Including IP addresses, cookies, or other device identifiers used to track online behavior for targeted marketing. Behavioral Data: Data related to the consumer's interaction with marketing content, purchase history, website visits, and engagement with previous marketing campaigns. Demographic Information: This might include age, gender, income level, education, occupation, and other demographic factors used to segment and target marketing efforts. Preference Data: Information related to the individual's preferences, interests, or other behavioral data inferred from analytics to tailor marketing content.
Selection to employment and assessment of candidates	Your consent	General personal data of candidates to employees: name, surname, date of birth, data about the place of residence, e-mail address, telephone number, information about working experience (place of employment, period of employment, position, responsibilities, achievements), information about education (education institution, period of studies, acquired education, qualification), information about professional development (completed training, certificates obtained), information about the languages the candidate knows and their proficiency level, IT, driving skills, other competencies, other information that the candidate to employees provides in his/her CV, letter of motivation (if any) or other documents of the candidate to employees.
Administration of the data base of candidates to employees and submission of job offers	Your consent	General personal data of candidates to employees: name, surname, date of birth, data about the place of residence, e-mail address, telephone number, information about working experience (place of employment, period of employment, position, responsibilities, achievements), information about education (education institution, period of studies, acquired education, qualification), information about professional development (completed training, certificates obtained), information about the languages the candidate knows and their proficiency level, IT, driving skills, other competencies, other information that the candidate to employees provides in his/her CV, letter of motivation (if any) or other documents of the candidate to employees.

Purposes and legal basis for personal data processing We do not process special category data related to your health, ethnicity, or religious or political beliefs unless required by law or in specific circumstances where, for example, you reveal such data while using the Services (e.g., in payments details or identification of data subject, as provided in section 7 below). If you provide us personal data about other people (such as your spouse or family) or you ask us to share their personal data with third parties, you confirm that you have brought this Privacy Policy to their attention beforehand and have their consent in case it is necessary. If it is necessary to use your personal data and data for any other reason which is not outlined above, then you will be duly informed (i.e., via a pop-up message, push notification, email or otherwise) and also if there are any additional terms and conditions which will apply.

In order for a natural person to become our client, (s)he must complete and submit the account opening application form. During this process, the prospective Client is requested to provide certain personal information, data and identification documents as well as acknowledge his/her willingness to share this private information with the Company for the purpose of evaluating the client's request to open a payment account with the Company and to comply with the Laws and Regulations governing the provision of payment instruments, services and products offered by the Company. Apart from the personal data collected during the account opening process, the Company may collect personal data in a number of ways, including but not limited to, the following:

• Through the provision and use of our products and services;
• Through the use of the Company's website(s), mobile apps Through the completion of any forms;
• By subscribing to our blogs, newsletters and/or news updates;
• By taking part in online discussions, surveys or promotions;
• By participating in any offers, campaigns or by entering a competition;
• Information provided by any person during correspondence with the Company, both online and offline;
• During the provision of customer service or support in any form;
• When you contact us for any other reason.

We may also receive your personal data from third parties. In particular:

• From persons connected with the above-mentioned third parties such as representatives, proxies, authorized representatives, trustors, beneficial owners, family members, spouses, partners, heirs, guarantors etc;
• From third parties such as public or private registers and databases. This includes information to help us check your identity, if applicable, information about your spouse and family, and information relating to your transactions;
• Occasionally we will use publicly available information about you from publicly available sources (e.g., media, online registers and directories) and websites for enhanced due diligence checks, security searches and other purposes related to client due diligence processes;
• From a third party which is connected to you or is dealing with us, for example, business partners, sub-contractors, service providers and etc.; We may receive personal data from other entities which we collaborate with.

The Company may, from time to time, request further information from you to help us improve our services & products or to comply with the applicable laws and regulations.

Demire Inc will provide a verification solution: To conduct your identity verification, we utilize the services offered by our partner "Demire Inc, UAB (LT)" (hereinafter referred to as Demire Inc). For more information about Demire Inc, please refer to their Privacy Policy. If you are uncomfortable with this identification method offered by Demire Inc described in their privacy policy, you may contact us via email at compliance@complaer.com for an alternative identification method. Complaer B.V. conducts verifications through Demire Inc. to comply with sanctions laws, and fulfill risk management responsibilities.

In case you are existing clients (i.e., you already use our Services), we may use your e-mail address for direct marketing purposes, but only with regard to products and/or services that are similar or related to the Services, and only if you do not object to such use of your e-mail address. You are also granted with a clear, free of charge and easily enforceable possibility to object or withdraw from such use of your contact details. In other cases, we may use your personal data for the purpose of direct marketing, only if you give us your prior consent regarding such use of the data. We are entitled to offer the services provided by our business partners or other third parties to you or find out your opinion on different matters in relation to our business partners or other third parties taking account of the legal basis for this, i.e., your prior consent. In case you do not agree to receive these marketing messages or calls offered by us, our business partners or third parties, this will not have any impact on the provision of Services to you as the client. We provide a clear, free-of-charge and easily enforceable possibility not to give your consent or, at any time, to withdraw your consent to receive our marketing messages. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the personal data, and to refuse receiving messages from us. You shall be able to refuse to receiving our marketing messages by clicking on the respective link in each marketing e-mail received from us.

The Company or its affiliates, business partners, associates or other agents may, from time to time, contact clients by telephone, email, post or otherwise, for the purposes of offering them further information about the Company's products and services, or to inform them of promotional offerings, or for marketing purposes or to conduct market research. If the client wishes to opt-out of any further contact at any time and for whatever reason, (s)he is entitled to do so by contacting the Company's back-office department via email and requesting in writing that the client wishes no further contact in relation to the above reasons.

Any personal data or other confidential information (including recordings, documents of a confidential nature, payment details and personal details) that you provide to the Company will be treated as confidential and it will not be disclosed to any third parties, except when necessary to provide you with our services & products, fulfil our contractual obligations, legal requirement and conduct our business operations as described herein. Below are the cases under which we may disclose your personal data and why:

• Third party service providers: including but not limited to legal advisors, professional or expert advisors, internal auditors, external auditors, service providers who have been contracted to provide us with software and hardware systems; payment gateways; platforms; support; administrative; financial; legal; accounting; auditing; taxation; compliance; record-keeping; website; cloud-hosting; IT; research; marketing; advertising; email transmission or messaging services; data storage; or other services which are necessary to be able to execute client transactions, instructions, order or payments, or to complete our contractual obligations, or to provide the services & products requested by our clients, or for purposes which are ancillary to the provision of our services & products to you as our Client. It should be noted that our third-party providers are permitted to use your personal data only for the provided the services contracted for and may not use or otherwise share your personal data;
• Credit reference agencies, fraud prevention agencies, third authentication service providers, banks, payment service providers, other financial institutions: to conduct credit checking, anti-money laundering checks, identity verification checks, sanction checks, fraud & fraud prevention checks, risk assessment, payments processing or customer due diligence checks. In order to do so, these organizations will check the client's details supplied against any details held on any database (public or otherwise) to which they have access to. These organizations may store your information in order to comply with their legal and regulatory obligations. A record of the search conducted by these organizations will be retained by us;
• Our affiliates, business partners, agents, associates and business introducers: with whom we have a mutual business relationship and they have directed you to us;
• Police, courts, regulatory authorities, governmental agencies, public authorities and law enforcement authorities: having control or jurisdiction over the company or companies of the group, our clients, our associates or in whose territory we have clients or providers, as applicable. In such a case, we will share your personal data only when it is required to comply with the applicable laws, rules and regulations, or to comply with a court order of a competent Court, or to comply with investigations, administrative, judicial or legal proceedings and/or to respond to official requests from these authorities. This may include authorities outside the client's country of residence or the Company's country of operations;
• Other third parties: we may share personal data in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including bankruptcy/liquidation proceedings or equivalent);
• Where necessary to secure the Company's legitimate business interests and to defend, protect and/or exercise its legal rights in front of any court, tribunal, arbitrator, the Financial Ombudsman or any other regulatory or governmental authority, as the case may be;
• At your request or with your consent;
• To any person(s) authorised by you.

Entities and employees within the Group, third-party service providers, business partners, associates, affiliates, agents and business introducers are duly informed about the confidential nature of such information and we require that organizations to acknowledge and commit to the confidentiality of your personal data by means of contractual clauses, undertake to respect your right to privacy, safeguard your personal data and to comply with all the relevant data protections laws and this Privacy Policy.

The Company has implemented physical, technical & organizational measures to secure and protect your personal data from unauthorized access, use or disclosure, unlawful breach or from accidental destruction, loss or damage. The personal data you provide to us is protected in many ways as follows:

• Your personal data are stored in secure servers and back-up servers;
• Access to your personal data is limited only to those employees or partners that need to know the information in order to enable the carrying out of the Agreement with you and have access via a username and password;
• The Company uses encryption, tokenisation and takes all reasonable technical security measures to prevent unauthorized parties from viewing, using or processing any such information. This information is accessible only to authorized personnel;
• We train our employees regularly regarding the importance of maintaining, safeguarding and respecting your personal data and security;
• Potential breaches of individuals' privacy are taken very seriously. The Company will impose appropriate disciplinary measures to its employees in such a case and it could even involve a dismissal from employment;
• Our business partners, affiliates, agents, associates, service providers and employees sign a confidentiality and non-disclosure agreement in order to maintain the confidentiality of your personal data;
• The Company tests and monitors the effectiveness of security measures frequently;
• etc.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the transmission of information via the internet is not entirely secure and for this reason we cannot ensure or guarantee the confidentiality, security or integrity of any personal data transferred from you to us, or from us to you via the internet. This Company shall not be responsible or liable (whether in civil, criminal or otherwise) under any circumstances for any amount or kind of loss or damage (including without limitation, any direct, indirect, punitive or consequential loss or damages, or any anticipated loss of profit, loss of profit, loss of opportunity, loss of data, costs and fines and/or any special or incidental damages of any kind) that may result to you or arising from or connected in any way to cyber-attacks, computer viruses, system failures or malfunctions which may occur in connection with your use of the Company's products, services, websites, devices, mobile applications, payment channels or any other method.

We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, including for the purposes to comply with any legal, regulatory, tax, accounting or reporting obligations. This means that we store your data for as long as it is necessary for provision of the Services and as required by the retention requirements in laws and regulations. If the legislation of the Republic of Netherlands does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of personal data. The terms of data retention of the personal data for the purposes of the processing of the personal data as specified in this Privacy Policy are as follows:

• as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the personal data processing;
• in case of the conclusion and execution of contracts - until the contract concluded between you and us remains in force and up to 10 years after the relationship between you and us has ended;
• Sanction law in Netherlands in case your application is rejected, your personal data shall be stored for a period of 3 months, the personal data submitted by you through our Website or via e-mail is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 24 months after the last day of the communication, if there are no legal requirements to keep them longer. Personal data processed for selection to employment and assessment of candidates is stored as long as a suitable candidate is selected for a position;
• Personal data processed for administration of the data base of candidates to employees and submission of job offers shall be stored for two years period or a shorter period, if a consent is withdrawn;
• In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.

We may retain your personal data for a longer period when:

• it is necessary in order for us to defend ourselves against existing or threatened claims, or to exercise our rights, or for the proper resolution of dispute, complaint or claim;
• there is a reasonable suspicion of illegal activity;
• it is required by applicable laws.

Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within a reasonable time required to perform such action.

EU data protection rules apply to the European Economic Area (EEA) which includes all the EU countries and non-EU countries: Iceland, Liechtenstein and Norway. If necessary, the Company may transfer your personal data to a country outside the EEA, for storage and/or for processing by staff operating outside the EEA who work for the Company and/or to our suppliers, business partners, associates, affiliates, agents, business introducers or service providers who are engaged on our behalf to fulfil our contractual obligations under the Client Agreement. Moreover, personal data we collect from you may be stored or processed in a jurisdiction that is different to the country in which the specific entity of the group you are dealing with is registered and established. Nonetheless, when your personal data is transferred outside the EEA, the Company will take all steps reasonably necessary to ensure that the transfer is lawful, that the organization to whom your data are send provides data protection at an adequate level, or provided that receiving Company undertakes sufficient guarantees in accordance with the provisions of the GDPR regulation to ensure that your personal data are treated securely. Where this is not possible and we are required to disclose your personal data (i.e., because we are required by law or by virtue of a court order in place) we will do this as per the applicable legal and regulatory obligations. The Company currently transfers data to the United Kingdom, which is recognized as an adequate country according to the Commission's decision.

In line with the provisions and requirements of the GDPR Regulation (679/16) on the protection of personal data, you have the following rights in relation to your personal data:

• Access to your Personal Data: you have the right to request a copy of the personal data we hold about you (except documents) within thirty (30) days from the date of your request free of charge. Taking into account the complexity or number of requests, the Company may extend the response time to two (2) months. If you require additional copies, we may charge a reasonable administrative fee based on actual costs incurred. The Company may decline the client's request if it is clearly unjustified or excessive, particularly because of their repetition on a regular basis.
• Rectification: if the personal data we hold about you is inaccurate or incomplete, you are entitled to make rectifications, amendments and update it with your current personal circumstances. In such a case, the Company may request supporting documents or evidence to justify the correction of the data.
• Deletion: you have the right to request us to delete your personal data (partly or wholly) when there is no good reason for us to continue processing it, except to the extent that we are required to hold it for legal or regulatory purposes as well as to maintain adequate records in accordance with anti-money laundering requirements.
• Information on use and processing: you have the right to be provided with clear, transparent and easily understandable information about how we use your personal data.
• Processing Restrictions: you have the right to request us to limit the processing or to stop the processing altogether of your personal data for one of the following reasons:
  • The client disputes the accuracy of the data. In this case, the duration of the restriction cannot be longer than the period during which the Company is checking the accuracy of the data;
  • Data processing is unlawful, and the client objects to the erasure of data, requesting the restriction of the use of data instead. In this case, the processing of personal data will be restricted for the period that the person has requested;
  • The Company no longer requires the data for processing, but they are required by the client concerned, in order to raise, fulfil or defend lawful requirements. In this case, the restriction will be set for the period that the person has requested and justified;
  • The client has objected to processing that is justified by the Company's legitimate interests. In this case, the duration of restriction will be set for the period during which a check is conducted as to whether the Company's legitimate interest is more important than the person's legitimate interest.

This may have an effect on the provision of our services rendered to you and/or may result in account closure.

• Choice to opt-out: under certain circumstances you have the right to object to certain types of processing (e.g., you may opt-out from receiving commercial, non-commercial newsletters and notifications from the Company).
• Portability: you have the right, under certain circumstances, to receive and retain your personal data in order to save it or to re-use it elsewhere, or to ask us to transfer them to another Data Controller or Third Party nominated by you. After the fulfilment of the data transfer application, the Company would no longer be responsible for its subsequent processing by the third party. The data transfer is free of charge.
• Withdrawal: you may withdraw your previously given explicit consent with regards to the collection, use and processing of your personal data at any time by contacting our DPO. In that case subsequent data processing will no longer be carried out however, personal data processing carried out before the withdrawal will remain valid. Withdrawal of consent cannot result in the suspension of personal data processing which is carried out on legal grounds.

Right to complain: you have the right to file a complaint directly the State Data Protection Inspectorate of Lithuania if you believe that the personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the The Dutch DPA (Autoriteit Persoonsgegevens). If you would like to exercise any of these rights, please contact us via e-mail: dpo@complaer. For security reasons, we will not be able to process your request if we are not sure of your identity, so we may ask for your ID as proof. Your requests will be fulfilled, or fulfilment of your requests will be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR Regulations. The afore-mentioned time frame may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay. We may refuse to satisfy you request if the exception and/or limitation to the exercise of data subjects' right set out in the GDPR Regulations apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reason for such refusal in writing.

If you access our information or Services through our Website, you should be aware that we use cookies. For more information on how to control your cookie settings and browser settings or how to delete cookies from your device, please read the Cookie Policy available on our Website: https://complaer.com/. Moreover, it should be noted that some of the Company's business partners, agents, associates, business introducers or affiliates also use cookies on the Company's website(s). The Company has no access to, or control over these cookies therefore it will not be liable for misuse of loss of personal data resulting from these cookies. When you use the Company's website(s), you may be able to link to other websites. This Privacy Policy does not apply to those other sites. The Company encourages you to read and understand the privacy policies on these other sites.

The client is responsible for keeping their login credential confidential and not to disclose it to any unauthorized third party. If any person gains access to the client's account and/or personal data, the Company will not be held responsible or liable for any damage that occurs, or any unlawful or unauthorized use of your personal data due to misuse or misplacement of your login credentials, negligent or malicious intervention (or otherwise) by you or due to your acts or omissions or by a person authorized by you (whether or to that authorization is permitted by the terms of our legal relationship with you).

The Company will review this Policy at least annually, or whenever a material change occurs in the law, or in the Company's internal procedures/arrangements, or whenever the Company deems it necessary for any reason, and will duly notify its clients of such changes by posting an updated version of this Policy on its website(s). If, however, we make material changes or significant we will notify you promptly by other means.

You may contact us by writing an e-mail to info@complaer.com