We may also collect, use, and share aggregated data, such as statistical or demographic data, for various purposes. Aggregated data is derived from your personal data but is considered non-personal data under the law, as it does not directly or indirectly disclose your identity. For example, we may analyze your Service Usage Information in an aggregated form to determine the percentage of users accessing specific features on our Sites. However, if we combine or link aggregated data with your personal data in a way that allows us to identify you directly or indirectly, we will treat the combined data as personal data and handle it in accordance with this Policy. Our approach to handling aggregated data aligns with industry-standard privacy practices.

5. Purposes of the collection and processing

MoneyUp can process personal data for (one of or several) the following purposes, based on one or more legal grounds:

5.1. Performance of contract. User information will be used for account creation and identity verification to provide our Services. It may also be used for Services related to Transactions and for technical support, issue resolution, and ensuring the safety and quality of the services.

5.2. Ensure Functionality. To ensure the proper functioning of the Site, as well as the provision of ordered Services, the information mentioned in Section 2 above may be processed.

5.3. Communicate with You. We utilize the information to address your inquiries, fulfill your requests, and send crucial notifications. This encompasses activities such as sending periodic emails concerning company updates, policy changes, product/service enhancements, or press releases.

5.4. Marketing. We use the information we have about you to market our services. This includes, for example, sending you email communications about products, offerings, events, competitions, surveys, and webinars or customized offers or materials. Our marketing efforts are aligned with your communication preferences, and you always retain the right to unsubscribe.

5.5. Improve Services. We use the information we have about you to improve our services. This includes, for example, identifying usage trends, developing data analysis, determining the effectiveness of our promotional campaigns, evaluating our business performance, researching, demonstrating, developing, and improving our products and services, and ensuring quality control.

5.6. Comply with Laws. We use the information we have about you to comply with applicable laws, regulations, and contractual obligations. This includes, for example, “know your customer” obligations, conducting compliance and/or security checks, audits, or assessments, and any related reporting obligations.

5.7. Protect assets. We use the information we have about you to protect our rights and interests, ensure the security of our assets, systems, and networks, prevent, detect and investigate fraud, unlawful or criminal activities in relation to our services, and enforce our terms and conditions.

5.8. Other Purposes that require your consent. Except as required by Applicable Law, we may share or disclose your information only if you provide your prior consent.

6. Third-party access to User’s personal data

We do not share personal information with companies, outside organizations, individuals, or other recipients unless one of the following circumstances apply:

6.1. Legal, Regulatory, Safety, and Compliance Purposes. In certain situations, we may be required to share your information as required by law. These situations may include but are not limited to complying with a subpoena or other legal process requests; protecting your rights; protecting your safety or the safety of others; investigating fraud; and responding to a government request.

6.2. Sharing with Service Providers and Third Parties. MoneyUp may engage third parties to assist in providing our Services. These third parties may include IT service providers, data storage providers, identity verification service providers, payment processors, cloud service providers, and marketing service providers. For the information we collect from you, we ensure that these providers are permitted to use the personal information solely for the purpose of delivering services to you, and not for their own purposes.

Your personal data may be stored within their systems. If such information is collected by us, we require these third parties to maintain the confidentiality of your information and to comply with all applicable privacy and data protection laws. By utilizing our services, you authorize Us to share and transmit your personal and financial information with these third parties under the conditions stated above.

Plaid Inc: we utilize Plaid, Inc. for third-party identity verification to ensure fraud prevention and mitigation. Plaid directly collects personal data from you and returns it to us as a token. Plaid performs bank account verification, balance confirmation, and transaction history review to approve transaction. Your personal and financial information is handled in compliance with Plaid's Privacy Policy, which can be accessed at https://plaid.com/legal/#privacy-policy.

6.3. Sharing with Merchants. When you purchase a voucher through the MoneyUp platform, we are required to share certain personal information with the Merchant from whom the voucher is being purchased. This information may include, but is not limited to, your name, contact information, transaction details, and any data required to process and fulfill your order. Please be advised that the Merchant may be located in a different country or jurisdiction from your own or from where MoneyUp operates. Therefore, the processing of your data by the Merchant will be subject to that Merchant’s local privacy laws and practices. Before completing any voucher purchase, we strongly encourage you to review the Merchant’s Privacy Policy and Terms of Use, which will be presented to you for your acknowledgment prior to finalizing the transaction. By proceeding with a purchase, you consent to the transfer and processing of your personal data as described above.

6.4 With your consent. We will share personal information with companies, outside organizations or individuals if we have your consent to do so.

Rest assured: we do not sell your personal information to third parties.

7. Data transfers

MoneyUp may transfer your data to countries outside of the country from where you have accessed our Services. To ensure compliance with applicable data protection rules, we have implemented suitable technical, organizational, and contractual safeguards, including the use of Standard Contractual Clauses. When transferring personal data outside of the EEA or the UK, we adhere to lawful transfer mechanisms. If the European Commission has determined that a country provides an essentially equivalent standard of data protection as the EEA, we may rely on an 'adequacy decision' to facilitate the transfer of personal data. When transferring personal data from the EEA or UK to the US, we may rely on standard contractual clauses.

8. Your Rights

You have the following rights in respect of User’s personal data being processed by MoneyUp:

• Right to request free access to your personal data being processed.

• Right to request the rectification or removal of your data.

• Right to request a restriction of the processing.

• Right to request the portability of your data.

• Right to object to the processing of your personal data (in the case of direct marketing without any substantiation).

• Right to revoke a consent: in case the processing of your personal data is based on your consent, you have the right to revoke this consent at any time. However, such a revocation does not affect the lawfulness of any processing prior to the revocation.

• Right to limit or opt-out the sharing of your personal data.

8.1. Data Protection Authorities

If you have concerns about the processing of your personal data or believe that your rights under applicable data protection laws have been violated, you have the right to lodge a complaint with the relevant supervisory authority.

We encourage you to contact the supervisory authority directly if you have any concerns or complaints regarding the processing of your personal data. However, we would appreciate the opportunity to address your concerns first, so please contact us and we will do our best to resolve any issues in a timely and satisfactory manner.

Please note that you are not obligated to contact us before lodging a complaint with the supervisory authority. You have the right to file a complaint directly with the supervisory authority at any time.

8.2. Contact Us

If User intends to use any of its above-mentioned rights, please do so by directing User’s request to customersupport@usmoneyup.com or by a letter to MoneyUp (see address below). MoneyUp cannot handle User’s request without proof of User’s identity and the applicable legislation may impose conditions on exercising the above rights.

We will use our best efforts to respond to User’s request without undue delay after receipt of User’s request.

User should bear in mind that MoneyUp will not always be obliged to comply with a request for access, correction, removal or transfer, taking into consideration the requirements related to the establishment, exercise or substantiation of a legal claim or the legitimate exercise of the right of freedom of expression and / or information.

9. Retention

We retain personal information for as long as needed or as permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:

• the length of time we have an ongoing relationship with you (for example, for as long as you have an account with us or keep using MoneyUp),

• whether there is a legal obligation to which we are subject (for example, certain laws, such as anti-money laundering requirements) require us to keep records of your transactions for a certain period before we can delete them); and/or

• whether retention is advisable considering our legal position or to protect the safety of individuals (such as regarding applicable statutes of limitations, litigation, or regulatory investigations).

10. Legal Rights of California Residents

In addition to the legal rights provided above, in compliance with the California Privacy Act of 2018 (“CCPA”), residents of California may contact us at customersupport@usmoneyup.com to request information on the types of personal information that we have disclosed during the preceding 12 months to third parties for their direct marketing purposes and the identities of those third parties.

For personal information collected by us during the preceding 12 months that is not otherwise subject to an exception pursuant to the CCPA, you have the right to access, correct and delete your personal information, and we hereby declare that we shall not discriminate against those who exercise those rights. Specifically, we shall not:

• deny you our services.

• charge you differently.

• provide you with a different level of quality of services; or

• suggest that you may receive a different price or rate for services or a different level or quality of services.

We further declare that we do not sell your personal information in our ordinary course of business and will never sell your personal information to third parties without your explicit consent.

If you seek to exercise CCPA access or deletion rights on behalf of another person, you must confirm that the person has authorized you to act as their agent under the CCPA by providing us with a completed, signed, and notarized CCPA Agent Authorisation Form pursuant to California Probate Code Section 4000 to 4465. Please note that we may deny requests from agents who do not submit the relevant proof of authorization or agents we are unable to verify their identity.

Under the CCPA, you have the right, if certain parts of your personal information are part of a data security breach, to initiate a private cause of action.

You have the right to limit our use of sensitive personal information (“SPI”) to what is necessary or reasonably expected of us to perform the Services. If we use SPI beyond what is necessary to provide the Services, we shall provide you notice of the additional purposes for our use of SPI and remind you of your right to request that we limit the use of the SPI.

SPI is a subset of personal information that reveals (i) your social security number, driver’s license number, state identification card or passport number; (ii) your account log-in, financial account information, debit or credit card number in combination with any password or access code to grant access; (iii) your precise geolocation; (iv) your racial or ethnic origin, religious or philosophical beliefs, or union membership; (v) the content of your mail, email or text messages unless we are the intended recipient of said communications; and (vi) your genetic data.

11. Updates to the Privacy Policy

We may update or modify this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes we make will be posted on this page with a revised "Last Updated" date. We encourage you to review this privacy policy periodically to stay informed about how we collect, use, and protect your personal data.

If we make any material changes to this privacy policy, we will provide notice by email (if we have your email address) or by posting a notice on our website prior to the change becoming effective. We will also seek your consent for any material changes to the extent required by applicable data protection laws.

Your continued use of our services after the effective date of any revised privacy policy constitutes your acceptance of the updated privacy policy. If you do not agree with the updated privacy policy, please refrain from using our services and contact us to deactivate your account, if applicable.

Please note that we are not responsible for the privacy practices of third-party websites or services that may be linked to or from our website. We recommend reviewing the privacy policies of those third parties directly.

If you have any questions or concerns about our privacy policy or practices, please contact us using the information provided in the "Contact Us" section above.

12. Your data Controller

Services Provided: For All Users

Operating entity: USMoneyUp, Inc.

Contact Address: 3225 McLeod Drive, Suite 100, Las Vegas, NV, 89121