Common use of NOTIFICATIONS AND OTHER COMMUNICATIONS Clause in Contracts

NOTIFICATIONS AND OTHER COMMUNICATIONS. All notices, requests and other communications under the Merchant Agreement shall be in writing in the English language and at the addresses provided in the Purchase Order, unless otherwise specified from time to time by the party concerned: either (i) by personal delivery where specifically stated, by registered mail or by a nationally recognized carrier, return receipt requested; or, in all other cases, (ii) by e-mail. Unless otherwise specified in the Merchant Agreement, all notices, requests and other communications under the Merchant Agreement shall be deemed received : ● in the case of e-mail, on the same day ; ● on the date stated on the acknowledgement of receipt; ● in the case of hand delivery, on the date stated on the acknowledgement of receipt or on the date of an attempted delivery, as evidenced by the standard documentation issued by the carrier or post office. Annex 4 : Fee Policies Fee schedule is available on the Card Partner’s Website or Card Partner’s App xxxxx://xxxxxx-xxxxxxx.xxx/uk/global-ukraine-banking-app Annex 5 : Privacy Policy Introduction LinkCy Payment Service Provider UAB regards as of paramount importance the protection and security of Personal Data. The Privacy Policy for Personal Data collected via LinkCy Payment Service Provider UAB within the framework of the activities for which it acts as an Agent of a Payment Service Provider (PayrNet UAB) is detailed below, which sets out: ● How LinkCy Payment Service Provider UAB collects and processes your Personal Data; ● The security measures that number ● Payment Service Provider UAB implements to guarantee the confidentiality and integrity of your Personal Data; ● The rights you have to control them throughout your use of the Services. This policy is effective as of 24/04/2021. This Privacy Policy may be modified or supplemented at any time by LinkCy Payment Service Provider UAB, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page. If the changes affect the processing activities carried out on the basis of the User's consent, LinkCy Payment Service Provider UAB must obtain your consent again. We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services. Who is the Data controller? We – LinkCy Payment Service Provider, a UAB registered with the Lithuania Trade and Companies Register under number 305756549, with a capital of 10 000 € whose registered office is located Xxxxxxx xxx. 0,XX-00000 Xxxxxxx, Xxxxxxxxx – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below). In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: xxxxxxx.xxxxxxxxx@xxxxxx.xx What are the Applicable Laws ? The processing of your Personal Data is performed in accordance with the Lithuanian Personal Data Protection Law (Law No.XIII-1426 of 30 June 2018 amending Law No. I-1374), with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), as well as with Lithuanian and European laws regulating personal data and privacy protection in electronic communications, notably the “ePrivacy” Directive 2002/58/EC (together the “Applicable Laws”). Competent authorities are the Lithuanian Data Protection Authority (the “State Data Protection Inspectorate”) and the European Court of Justice (the “ECJ”). What personal data is collected? How are they collected? Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use: ● Identity: surname, first name, maiden name, xxxxxxx date and place of birth, proof of identity; ● Personal life: personal email address, personal telephone number, personal postal address and proof of address; ● Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip; ● Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income; ● Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection. Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources. The processing operations concern the personal data of Users, Customers or Prospects. Why is personal data collected? The main purpose of collecting Personal data through the Application is to allow us to: ● Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use; ● Conclude or execute any contract with you and to respond to any request for services; ● Answer and satisfy your requests and eventual queries; ● Manage of customer account; ● Carry out customer loyalty operations; ● Carry out commercial prospecting operations; ● Development of statistics; ● Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services; ● Develop our services (launch new products or services, improve the application, etc.); ● Protect our operations or those of others third parties and our rights and security or those of third parties; ● Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy; ● Resolve any disputes that we may have withs its Users and enforce contracts with third parties. Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data. What legal ground(s) do we rely on? Personal Data processing is necessary for: ● the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User's request in accordance with Article 6(1)(b) of the GDPR ● compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations; ● the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc. Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations. How long do we keep your information? We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account). However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as: ● legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements); ● the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation). While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required. If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at xxxxxxx@xxxxxx.xx Who may we share your information with? As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement. We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular: ● Our subsidiary company ● Our Payments Services Provider ● Our others Services Providers ● Our Partners, as defined in the General Terms and Conditions of Use These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy Payment Service Provider UAB. We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy Payment Service Provider UAB. In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party. Is my Personal Data transferred outside the European Union? The processing and hosting of the Personal Data are established on the territory of the European Union. Nevertheless, if we transfers Personal Data outside the territory of the European Union, we guarantees that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data. In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission). How do we secure personal data? We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data. These measures include: ● Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information; ● Careful selection of subcontractors; ● administrative and technical controls to restrict access to Personal Data on a “need to know” basis; ● technological security measures, including firewalls, encryption and anti-virus software, authentication devices; Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk. What are your rights regarding your personal data? You have rights to the Personal Data that concerns you and that is processed by LinkCy Payment Service Provider UAB: ● The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy. ● The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person. ● The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address). ● The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation. ● The right to limit processing: you have the right to "block" or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further. ● The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller. ● The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims. ● The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal. ● The right to provide us with instructions on the use of your Personal Data after your death - you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time. How to contact us? If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your Personal Data, please contact xxxxxxx@xxxxxx.xx We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

NOTIFICATIONS AND OTHER COMMUNICATIONS. All notices, requests and other communications under the Merchant Agreement shall be in writing in the English language and at the addresses provided in the Purchase Order, unless otherwise specified from time to time by the party concerned: either (i) by personal delivery where specifically stated, by registered mail or by a nationally recognized carrier, return receipt requested; or, in all other cases, (ii) by e-mail. Unless otherwise specified in the Merchant Agreement, all notices, requests and other communications under the Merchant Agreement shall be deemed received : ● in the case of e-mail, on the same day ; ● on the date stated on the acknowledgement of receipt; ● in the case of hand delivery, on the date stated on the acknowledgement of receipt or on the date of an attempted delivery, as evidenced by the standard documentation issued by the carrier or post office. Annex 4 : Fee Policies Fee schedule is available on the Card Partner’s Website or Card Partner’s App xxxxx://xxxxxx-xxxxxxx.xxx/uk/global-ukraine-banking-app [Partner link to the pricing] Annex 5 : Privacy Policy Introduction LinkCy Payment Service Provider UAB regards as of paramount importance the protection and security of Personal Data. The Privacy Policy for Personal Data collected via LinkCy Payment Service Provider UAB within the framework of the activities for which it acts as an Agent of a Payment Service Provider (PayrNet UABPaynovate SA) is detailed below, which sets out: ● How LinkCy Payment Service Provider UAB collects and processes your Personal Data; ● The security measures that number ● Payment Service Provider UAB implements to guarantee the confidentiality and integrity of your Personal Data; ● The rights you have to control them throughout your use of the Services. This policy is effective as of 24/04/2021. This Privacy Policy may be modified or supplemented at any time by LinkCy Payment Service Provider UAB, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page. If the changes affect the processing activities carried out on the basis of the User's consent, LinkCy Payment Service Provider UAB must obtain your consent again. We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services. Who is the Data controller? We – LinkCy Payment Service Provider, a UAB registered with the Lithuania Trade and Companies Register under number 305756549, with a capital of 10 000 € whose registered office is located Xxxxxxx xxx. 0,XX-00000 Xxxx x. 00-0, XX-00000 Xxxxxxx, Xxxxxxxxx – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below). In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: xxxxxxx.xxxxxxxxx@xxxxxx.xx What are the Applicable Laws ? The processing of your Personal Data is performed in accordance with the Lithuanian Personal Data Protection Law (Law No.XIII-1426 of 30 June 2018 amending Law No. I-1374), with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), as well as with Lithuanian and European laws regulating personal data and privacy protection in electronic communications, notably the “ePrivacy” Directive 2002/58/EC (together the “Applicable Laws”). Competent authorities are the Lithuanian Data Protection Authority (the “State Data Protection Inspectorate”) and the European Court of Justice (the “ECJ”). What personal data is collected? How are they collected? Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use: ● Identity: surname, first name, maiden name, xxxxxxx date and place of birth, proof of identity; ● Personal life: personal email address, personal telephone number, personal postal address and proof of address; ● Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip; ● Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income; ● Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection. Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources. The processing operations concern the personal data of Users, Customers or Prospects. Why is personal data collected? The main purpose of collecting Personal data through the Application is to allow us to: ● Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use; ● Conclude or execute any contract with you and to respond to any request for services; ● Answer and satisfy your requests and eventual queries; ● Manage of customer account; ● Carry out customer loyalty operations; ● Carry out commercial prospecting operations; ● Development of statistics; ● Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services; ● Develop our services (launch new products or services, improve the application, etc.); ● Protect our operations or those of others third parties and our rights and security or those of third parties; ● Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy; ● Resolve any disputes that we may have withs its Users and enforce contracts with third parties. Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data. What legal ground(s) do we rely on? Personal Data processing is necessary for: ● the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User's request in accordance with Article 6(1)(b) of the GDPR ● compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations; ● the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc. Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations. How long do we keep your information? We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account). However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as: ● legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements); ● the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation). While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required. If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at xxxxxxx@xxxxxx.xx Who may we share your information with? As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement. We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular: ● Our subsidiary company ● Our Payments Services Provider ● Our others Services Providers ● Our Partners, as defined in the General Terms and Conditions of Use These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy Payment Service Provider UAB. We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy Payment Service Provider UAB. In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party. Is my Personal Data transferred outside the European Union? The processing and hosting of the Personal Data are established on the territory of the European Union. Nevertheless, if we transfers Personal Data outside the territory of the European Union, we guarantees that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data. In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission). How do we secure personal data? We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data. These measures include: ● Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information; ● Careful selection of subcontractors; ● administrative and technical controls to restrict access to Personal Data on a “need to know” basis; ● technological security measures, including firewalls, encryption and anti-virus software, authentication devices; Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk. What are your rights regarding your personal data? You have rights to the Personal Data that concerns you and that is processed by LinkCy Payment Service Provider UAB: ● The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy. ● The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person. ● The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address). ● The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation. ● The right to limit processing: you have the right to "block" or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further. ● The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller. ● The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims. ● The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal. ● The right to provide us with instructions on the use of your Personal Data after your death - death. you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time. How to contact us? If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your Personal Data, please contact xxxxxxx@xxxxxx.xx We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

NOTIFICATIONS AND OTHER COMMUNICATIONS. All notices, requests and other communications under the Merchant Agreement shall be in writing in the English language and at the addresses provided in the Purchase Order, unless otherwise specified from time to time by the party concerned: either (i) by personal delivery where specifically stated, by registered mail or by a nationally recognized carrier, return receipt requested; or, in all other cases, (ii) by e-mail. Unless otherwise specified in the Merchant Agreement, all notices, requests and other communications under the Merchant Agreement shall be deemed received : ● in the case of e-mail, on the same day ; ● on the date stated on the acknowledgement of receipt; ● in the case of hand delivery, on the date stated on the acknowledgement of receipt or on the date of an attempted delivery, as evidenced by the standard documentation issued by the carrier or post office. Annex 4 : Fee Policies Fee schedule is available on the Card Partner’s Website xxxxx://xxxxxxxxx.xx/ or Card Partner’s App xxxxx://xxxxxx-xxxxxxx.xxx/uk/global-ukraine-banking-app App. Introduction Annex 5 : Privacy Policy Introduction LinkCy Payment Service Provider UAB regards as of paramount importance the protection and security of Personal Data. The Privacy Policy for Personal Data collected via LinkCy Payment Service Provider UAB within the framework of the activities for which it acts as an Agent of a Payment Service Provider (PayrNet UAB) is detailed below, which sets out: ● How LinkCy Payment Service Provider UAB collects and processes your Personal Data; ● The security measures that number ● Payment Service Provider UAB implements to guarantee the confidentiality and integrity of your Personal Data; ● The rights you have to control them throughout your use of the Services. This policy is effective as of 24/04/2021. This Privacy Policy may be modified or supplemented at any time by LinkCy Payment Service Provider UAB, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page. If the changes affect the processing activities carried out on the basis of the User's consent, LinkCy Payment Service Provider UAB must obtain your consent again. We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services. Who is the Data controller? We – LinkCy Payment Service Provider, a UAB registered with the Lithuania Trade and Companies Register under number 305756549, with a capital of 10 000 € whose registered office is located Xxxxxxx xxx. 0,XX-00000 Xxxxxxx, Xxxxxxxxx – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below). In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: xxxxxxx.xxxxxxxxx@xxxxxx.xx What are the Applicable Laws ? The processing of your Personal Data is performed in accordance with the Lithuanian Personal Data Protection Law (Law No.XIII-1426 of 30 June 2018 amending Law No. I-1374), with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), as well as with Lithuanian and European laws regulating personal data and privacy protection in electronic communications, notably the “ePrivacy” Directive 2002/58/EC (together the “Applicable Laws”). Competent authorities are the Lithuanian Data Protection Authority (the “State Data Protection Inspectorate”) and the European Court of Justice (the “ECJ”). What personal data is collected? How are they collected? Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use: ● Identity: surname, first name, maiden name, xxxxxxx date and place of birth, proof of identity; ● Personal life: personal email address, personal telephone number, personal postal address and proof of address; ● Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip; ● Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income; ● Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection. Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources. The processing operations concern the personal data of Users, Customers or Prospects. Why is personal data collected? The main purpose of collecting Personal data through the Application is to allow us to: ● Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use; ● Conclude or execute any contract with you and to respond to any request for services; ● Answer and satisfy your requests and eventual queries; ● Manage of customer account; ● Carry out customer loyalty operations; ● Carry out commercial prospecting operations; ● Development of statistics; ● Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services; ● Develop our services (launch new products or services, improve the application, etc.); ● Protect our operations or those of others third parties and our rights and security or those of third parties; ● Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy; ● Resolve any disputes that we may have withs its Users and enforce contracts with third parties. Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data. What legal ground(s) do we rely on? Personal Data processing is necessary for: ● the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User's request in accordance with Article 6(1)(b) of the GDPR ● compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations; ● the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc. Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations. How long do we keep your information? We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account). However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as: ● legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements); ● the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation). While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required. If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at xxxxxxx@xxxxxx.xx Who may we share your information with? As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement. We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular: ● Our subsidiary company ● Our Payments Services Provider ● Our others Services Providers ● Our Partners, as defined in the General Terms and Conditions of Use These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy Payment Service Provider UAB. We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy Payment Service Provider UAB. In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party. Is my Personal Data transferred outside the European Union? The processing and hosting of the Personal Data are established on the territory of the European Union. Nevertheless, if we transfers Personal Data outside the territory of the European Union, we guarantees that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data. In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission). How do we secure personal data? We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data. These measures include: ● Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information; ● Careful selection of subcontractors; ● administrative and technical controls to restrict access to Personal Data on a “need to know” basis; ● technological security measures, including firewalls, encryption and anti-virus software, authentication devices; Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk. What are your rights regarding your personal data? You have rights to the Personal Data that concerns you and that is processed by LinkCy Payment Service Provider UAB: ● The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy. ● The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person. ● The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address). ● The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation. ● The right to limit processing: you have the right to "block" or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further. ● The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller. ● The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims. ● The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal. ● The right to provide us with instructions on the use of your Personal Data after your death - you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time. How to contact us? If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-above- mentioned rights or simply obtain more information about the use of your Personal Data, please contact xxxxxxx@xxxxxx.xx We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

NOTIFICATIONS AND OTHER COMMUNICATIONS. All notices, requests and other communications under the Merchant Agreement shall be in writing in the English language and at the addresses provided in the Purchase Order, unless otherwise specified from time to time by the party concerned: either (i) by personal delivery where specifically stated, by registered mail or by a nationally recognized carrier, return receipt requested; or, in all other cases, (ii) by e-mail. Unless otherwise specified in the Merchant Agreement, all notices, requests and other communications under the Merchant Agreement shall be deemed received : ● in the case of e-mail, on the same day ; ● on the date stated on the acknowledgement of receipt; ● in the case of hand delivery, on the date stated on the acknowledgement of receipt or on the date of an attempted delivery, as evidenced by the standard documentation issued by the carrier or post office. Annex 4 : Fee Policies Fee schedule is available on the Card Partner’s Website or Card Partner’s App xxxxx://xxxxxx-xxxxxxx.xxx/uk/global-ukraine-banking-app [Partner link to the pricing] Annex 5 : Privacy Policy Introduction LinkCy Payment Service Provider UAB regards as of paramount importance the protection and security of Personal Data. The Privacy Policy for Personal Data collected via LinkCy Payment Service Provider UAB within the framework of the activities for which it acts as an Agent of a Payment Service Provider (PayrNet UABPaynovate SA) is detailed below, which sets out: ● How LinkCy Payment Service Provider UAB collects and processes your Personal Data; ● The security measures that number ● Payment Service Provider UAB implements to guarantee the confidentiality and integrity of your Personal Data; ● The rights you have to control them throughout your use of the Services. This policy is effective as of 24/04/2021. This Privacy Policy may be modified or supplemented at any time by LinkCy Payment Service Provider UAB, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page. If the changes affect the processing activities carried out on the basis of the User's consent, LinkCy Payment Service Provider UAB must obtain your consent again. We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services. Who is the Data controller? We – LinkCy Payment Service Provider, a UAB registered with the Lithuania Trade and Companies Register under number 305756549, with a capital of 10 000 € whose registered office is located Xxxxxxx xxx. 0,XX-00000 Xxxx x. 00-0, XX-00000 Xxxxxxx, Xxxxxxxxx – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below). In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: xxxxxxx.xxxxxxxxx@xxxxxx.xx What are the Applicable Laws ? The processing of your Personal Data is performed in accordance with the Lithuanian Personal Data Protection Law (Law No.XIII-1426 of 30 June 2018 amending Law No. I-1374), with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), as well as with Lithuanian and European laws regulating personal data and privacy protection in electronic communications, notably the “ePrivacy” Directive 2002/58/EC (together the “Applicable Laws”). Competent authorities are the Lithuanian Data Protection Authority (the “State Data Protection Inspectorate”) and the European Court of Justice (the “ECJ”). What personal data is collected? How are they collected? Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use: ● Identity: surname, first name, maiden name, xxxxxxx date and place of birth, proof of identity; ● Personal life: personal email address, personal telephone number, personal postal address and proof of address; ● Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip; ● Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income; ● Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection. Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources. The processing operations concern the personal data of Users, Customers or Prospects. Why is personal data collected? The main purpose of collecting Personal data through the Application is to allow us to: ● Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use; ● Conclude or execute any contract with you and to respond to any request for services; ● Answer and satisfy your requests and eventual queries; ● Manage of customer account; ● Carry out customer loyalty operations; ● Carry out commercial prospecting operations; ● Development of statistics; ● Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services; ● Develop our services (launch new products or services, improve the application, etc.); ● Protect our operations or those of others third parties and our rights and security or those of third parties; ● Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy; ● Resolve any disputes that we may have withs its Users and enforce contracts with third parties. Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data. What legal ground(s) do we rely on? Personal Data processing is necessary for: ● the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User's request in accordance with Article 6(1)(b) of the GDPR ● compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations; ● the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc. Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations. How long do we keep your information? We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account). However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as: ● legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements); ● the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation). While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required. If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at xxxxxxx@xxxxxx.xx Who may we share your information with? As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement. We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular: ● Our subsidiary company ● Our Payments Services Provider ● Our others Services Providers ● Our Partners, as defined in the General Terms and Conditions of Use These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy Payment Service Provider UAB. We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy Payment Service Provider UAB. In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party. Is my Personal Data transferred outside the European Union? The processing and hosting of the Personal Data are established on the territory of the European Union. Nevertheless, if we transfers Personal Data outside the territory of the European Union, we guarantees that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data. In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission). How do we secure personal data? We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data. These measures include: ● Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information; ● Careful selection of subcontractors; ● administrative and technical controls to restrict access to Personal Data on a “need to know” basis; ● technological security measures, including firewalls, encryption and anti-virus software, authentication devices; Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk. What are your rights regarding your personal data? You have rights to the Personal Data that concerns you and that is processed by LinkCy Payment Service Provider UAB: ● The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy. ● The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person. ● The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address). ● The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation. ● The right to limit processing: you have the right to "block" or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further. ● The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller. ● The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims. ● The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal. ● The right to provide us with instructions on the use of your Personal Data after your death - you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time. How to contact us? If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your Personal Data, please contact xxxxxxx@xxxxxx.xx We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

NOTIFICATIONS AND OTHER COMMUNICATIONS. All notices, requests and other communications under the Merchant Agreement shall be in writing in the English language and at the addresses provided in the Purchase Order, unless otherwise specified from time to time by the party concerned: either (i) by personal delivery where specifically stated, by registered mail or by a nationally recognized carrier, return receipt requested; or, in all other cases, (ii) by e-mail. Unless otherwise specified in the Merchant Agreement, all notices, requests and other communications under the Merchant Agreement shall be deemed received : ● in the case of e-mail, on the same day ; ● on the date stated on the acknowledgement of receipt; ● in the case of hand delivery, on the date stated on the acknowledgement of receipt or on the date of an attempted delivery, as evidenced by the standard documentation issued by the carrier or post office. Annex 4 : Fee Policies Fee schedule is available on the Card Partner’s Website or Card Partner’s App xxxxx://xxxxxx-xxxxxxx.xxx/uk/global-ukraine-banking-app [Partner link to the pricing] Introduction Annex 5 : Privacy Policy Introduction LinkCy Payment Service Provider UAB SAS regards as of paramount importance the protection and security of Personal Data. The Privacy Policy for Personal Data collected via LinkCy Payment Service Provider UAB SAS within the framework of the activities for which it acts as an Agent of a Payment Service Provider (PayrNet UABPaynovate SA) is detailed below, which sets out: ● How LinkCy Payment Service Provider UAB SAS collects and processes your Personal Data; ● The security measures that number ● Payment Service Provider UAB LinkCy SAS implements to guarantee the confidentiality and integrity of your Personal Data; ● The rights you have to control them throughout your use of the Services. This policy is effective as of 24/04/2021. This Privacy Policy may be modified or supplemented at any time by LinkCy Payment Service Provider UABSAS, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page. If the changes affect the processing activities carried out on the basis of the User's consent, LinkCy Payment Service Provider UAB SAS must obtain your consent again. We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services. Who is the Data controller? We – LinkCy Payment Service ProviderLinkCy, a UAB SAS registered with the Lithuania Paris Trade and Companies Register under number 305756549852295732, with a capital of 10 000 13 089 € whose registered office is located Xxxxxxx xxx. 0,XX-00000 Xxxxxxx00 Xxx Xxxxxxxxx, Xxxxxxxxx 00000, Xxxxx, Xxxxxx – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below). In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: xxxxxxx.xxxxxxxxx@xxxxxx.xx What are the Applicable Laws ? The processing of your Personal Data is performed carried out in accordance with the Lithuanian Personal General Data Protection Law Regulation (Law No.XIII-1426 of 30 June 2018 amending Law No. I-1374), with GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”2016), as well as in compliance with Lithuanian and European laws regulating French legislation governing the protection of personal data and privacy in electronic communications, notably the French Data Protection Act (amended on 20 June 2018 to enhance personal data protection). This legislation also includes European directives and national laws relating to privacy protection in electronic communications, notably the “"ePrivacy” " Directive 2002/58/EC (together collectively referred to as the “"Applicable Laws”"). Competent The competent authorities for data protection in France are the Lithuanian Data Protection Authority National Commission on Informatics and Liberty (the “State Data Protection Inspectorate”CNIL) for national compliance oversight, and the European Court of Justice (the “ECJ”)) for matters involving European Union law. What personal data is collected? How are they collected? Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use: ● Identity: surname, first name, maiden name, xxxxxxx marital date and place of birth, proof of identity; ● Personal life: personal email address, personal telephone number, personal postal address and proof of address; ● Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip; ● Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income; ● Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection. Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources. The processing operations concern the personal data of Users, Customers or Prospects. Why is personal data collected? The main purpose of collecting Personal data through the Application is to allow us to: ● Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use; ● Conclude or execute any contract with you and to respond to any request for services; ● Answer and satisfy your requests and eventual queries; ● Manage of customer account; ● Carry out customer loyalty operations; ● Carry out commercial prospecting operations; ● Development of statistics; ● Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services; ● Develop our services (launch new products or services, improve the application, etc.); ● Protect our operations or those of others third parties and our rights and security or those of third parties; ● Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy; ● Resolve any disputes that we may have withs its Users and enforce contracts with third parties. Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data. What legal ground(s) do we rely on? Personal Data processing is necessary for: ● the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User's request in accordance with Article 6(1)(b) of the GDPR ● compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations; ● the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc. Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations. How long do we keep your information? We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account). However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as: ● legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements); ● the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation). While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required. If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at xxxxxxx@xxxxxx.xx Who may we share your information with? As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement. We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular: ● Our subsidiary company ● Our Payments Services Provider ● Our others Services Providers ● Our Partners, as defined in the General Terms and Conditions of Use These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy Payment Service Provider UABSAS. We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy Payment Service Provider UABSAS. In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party. Is my Personal Data transferred outside the European Union? The processing and hosting of the Personal Data are established on the territory of the European Union. Nevertheless, if we transfers transfer Personal Data outside the territory of the European Union, we guarantees guarantee that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data. In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission). How do we secure personal data? We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data. These measures include: ● Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information; ● Careful selection of subcontractors; ● administrative and technical controls to restrict access to Personal Data on a “need to know” basis; ● technological security measures, including firewalls, encryption and anti-virus software, authentication devices; Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk. What are your rights regarding your personal data? You have rights to the Personal Data that concerns you and that is processed by LinkCy Payment Service Provider UABSAS: ● The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy. ● The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person. ● The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address). ● The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation. ● The right to limit processing: you have the right to "block" or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further. ● The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller. ● The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims. ● The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal. ● The right to provide us with instructions on the use of your Personal Data after your death - you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time. How to contact us? If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-above- mentioned rights or simply obtain more information about the use of your Personal Data, please contact xxxxxxx@xxxxxx.xx We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.