Privacy Policy

# Privacy Notice Updated November 14th, 2024 #### Summary of contents 01. Who are we and how to contact us? 02. On whom do we process personal data? (”Data Subjects”) 03. How do we collect personal data? 04. What personal data do we collect and process? 05. Our legal basis for collecting personal data 06. Recipients of personal data 07. Processing outside of the EU/EEA 08. Storage period 09. Security measures 10. Your rights under the GDPR #### 1\. Who are we and how to contact us? Inpay is a cross-border payment solutions provider making the flow of global payments easier, more cost-effective, and faster. Privacy is of great important to Inpay, and we take great care to maintain the trust of our customers and users of our services when processing personal data. Please find below our Privacy Notice regarding our processing of personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data. If you wish to exercise your rights as described below or have any questions regarding our processing of your personal data or this Privacy Notice, you may contact us at: _Inpay A/S_ _Company registration no. (CVR) 32 31 77 31_ _Toldbodgade 55B, 6._ _DK-1253 Copenhagen,_ _Email: [privacy@inpay.com](mailto:privacy@inpay.com)_ _Phone: +45 88 61 06 00_ #### 2\. On whom do we process personal data? (“Data Subjects”) - Payers and payees. Payers request a payment order from Inpay and payees are beneficiaries of such payments. - Employees of corporate customers who make use of Inpay’s services. - Employees of Inpay’s suppliers. - Subscribers to our newsletter and users of our website. #### 3\. How do we collect personal data? We collect personal data in the course of providing our services. This can be collected directly from Data Subjects, or via third parties such as intermediary payment service providers or corporate customers. We may also collect personal data from events, via marketing activities or our website. #### 4\. What personal data do we collect and process? **Payers and payees:** - Profile and account login information: Full name, email address and, where applicable, encrypted password and face-ID used for authentication and access control. - Payment information: Full name, email address, physical addresses, bank account number, IBAN, SWIFT code and payment preferences and supplemental documentation required in order for Inpay to fulfil its obligations following pursuant to our anti-money laundering obligations, such as a copy of payers’ government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address. **Employees of corporate customers:** - Account login information: email address and, where applicable, hashed password or other information used for authentication and access control. - Contact information: full name, title, company name, email and phone number, role, and any additional (non-sensitive) information submitted by our customer’s employees or their organization. - Platform usage information: technical usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies installed or utilised on the Customer’s User’s device. - Identification Information: supplementary documentation that may be required by Inpay as part of our obligations following from applicable anti-money laundering legislation. This may include documentation to verify the identity of our customer’s directors, officers, or owners (who may be Customer’s Users), such as a copy of a government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address. **Suppliers:** - Account login information: Email address and, when applicable, hashed password or other information used for authentication and access control. - Contact information: Full name, title, company name, email and phone number, role, department, and any additional (non-sensitive) information submitted by the suppliers’ employees or their organization. - Platform usage information: Technical usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies installed or utilized on the Payee User’s device. **Users of our website, applications and receivers of marketing material:** - Technical and aggregated usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies and pixels installed or utilized on our Sites or your device. #### 5\. Our legal basis for processing personal data We process personal data to pursue our legitimate interest in managing our business, including being able to handle contracts, develop and market our services and fulfil our obligations under applicable financial regulation, legislation on anti-money laundering and regulation on accounting. The information will also be used to market your trade inquiry / posting in the market through social media and similar sources, and the processing may further include the gathering of usage data, user statistics, and price analysis in order for us to improve our website using cookies. You can read our cookie policy [here](https://documentation.inpay.com/cookies-policy/). On the basis of your consent, we may send you emails with commercial content. You can always withdraw your consent by using the link integrated in the marketing material. Our legal basis for processing personal data are the following articles in the EU General Data Protection Regulation (“ **GDPR**”): - Article 6 (1)(a), according to which personal data may be processed with express consent. - Article 6 (1)(b), according to which personal data may be processed if this is necessary to fulfil a contract. - Article 6 (1)(c), according to which personal data may be processed if this is necessary to comply with a legal obligation. - Article 6 (1)(f), according to which personal data may be processed if this is necessary to pursue a legitimate interest, unless such interests are overridden the interests of the data subject to not have the data processed. _**Note**: Because we process data partly on basis of article 6 (1)(f), you may in certain cases object to our otherwise lawful processing of your personal data if you find that your interests in not having your data processed outweighs our legitimate interests in processing your data, pursuant to article 21 of the GDPR. See further below on your rights under the GDPR._ #### 6\. Recipients of personal data We engage with intermediary payment service providers when conducting payments. We also engage with service providers or contractors who support the operation of our business. Such service providers or contractors include hosting and server co-location services, communications and content delivery networks, internet service providers, operating systems and platforms, data analytics services, web analytics, marketing and advertising services, data and cyber security services, fraud detection and prevention services as well as banks, financial institutions, credit bureaus, collection agencies, customer engagement services, billing and payment processing services. Furthermore, we use companies that provide background checking services that support Inpay’s anti-money laundering obligations, and for our business we also make use of legal, tax, financial and compliance advisors. These service providers may have access to your personal data, depending on each of their specific roles and purposes in facilitating, supporting, and enhancing our services, and may only use it for such