Privacy Policy

INTRODUCTION

Paynnacle Solutions Ltd., a limited liability company established under law of Canada (referred to as we, us, our, the Company) under registration number 1000805334, specialises in financial services providing. While providing our services, we collect and use personal information (hereinafter referred to as Personal Data).

This Privacy Policy delineates the core principles governing the collection, storage, processing, and retention of your Personal Data and related information, detailing the scope of the processed Personal Data, the purposes, sources, and recipients, along with other critical aspects of data processing in the context of our services.

We are authorised to use and process your Personal Data solely in compliance with this privacy policy (hereinafter - the Privacy Policy), applicable legislation, including Personal Information Protection and Electronic Documents Act (S.C., 2000, c. P-5) (PIPEDA); and other relevant legal regulations concerning the protection of personal data.

2. DEFINITIONS

• 2.1. Client – any individual or entity that engages with our services or seeks to enter into an agreement with us.
• 2.2. Contract Performance – processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering such a contract.
• 2.3. Data Controller – the entity that determines the purposes and means of processing Personal Data.
• 2.4. Direct Marketing – the use of our existing clients’ emails for marketing similar goods or services. If you do not object to using your email for marketing similar goods and services, you will be provided with a clear, no-cost, and easy way to object or withdraw from such use of your contact details with each message.
• 2.5. Know Your Customer (KYC) – procedures and regulations that require us to verify the identity, suitability, and risks involved with maintaining a business relationship.
• 2.6. Legal Obligation – processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
• 2.7. Legitimate Interest – the interest of ours as a business in conducting and managing our services to enable us to provide you with the most secure experience.
• 2.8. Personal Data – any information relating to an identified or identifiable natural person.
• 2.9. Privacy Policy – a document that outlines how we collect, store, process, and protect your Personal Data, as well as your rights regarding your data.
• 2.10. PIPEDA – the Personal Information Protection and Electronic Documents Act sets the ground rules for how private-sector organisations collect, use, and disclose personal information during for-profit, commercial activities across Canada.

3. PRINCIPLES OF PROCESSING PERSONAL DATA

3.1. Our commitment to protecting your Personal Data is guided by the following principles:

• 3.1.1. Personal Data is processed lawfully, honestly, and transparently.
• 3.1.2. Personal Data is collected for specific, clearly defined, and legitimate purposes and is not processed in a manner incompatible with those purposes.
• 3.1.3. Personal Data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• 3.1.4. Personal Data must be accurate and, when necessary, kept up to date. All reasonable measures must be taken to promptly correct or erase inaccurate data concerning the purposes for which it is processed.
• 3.1.5. Personal Data is kept in a form that permits identification of individuals for no longer than necessary for the purposes for which the data is processed.
• 3.1.6. Personal Data is handled using appropriate technical or organisational measures to ensure its security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

4. TYPES OF INFORMATION WE COLLECT

4.1. The categories of Personal Data we may collect about you include:

• 4.1.1. Basic personal data – this includes your name, surname, job title, and other similar information.
• 4.1.2. Identification information and background verification data – this involves details such as your or your representative's name, surname, personal identity code, date of birth, address, nationality, gender, passport or ID card copy, evidence of beneficial ownership or the source of funds, number of shares held, voting rights, share capital part, and title.
• 4.1.3. Transaction data – this encompasses sender account details, date, time, amount, and currency used, sender's name/IP address, transaction amounts, income, location, and other related information.
• 4.1.4. Information related to legal requirements – this includes data resulting from enquiries made by authorities, information enabling us to meet anti-money laundering requirements and comply with international sanctions, details about the purpose of the business relationship, whether you are a politically exposed person, and other necessary data to fulfil our legal obligations to "Know Your Customer."
• 4.1.5. Contact data – this includes your registered or actual residence, phone number, email address, and similar contact information.

5. PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING

5.1. We collect personal data for the following purposes:

• 5.1.1. To conclude a contract or take measures at your request before entering a contract. This includes getting to know, identifying, and verifying our clients. For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Contact Information, and other relevant Personal Data. The legal basis for this processing includes concluding a contract with you, fulfilling our legitimate interests, and/or complying with applicable legal obligations.
• 5.1.2. To fulfil a contract concluded with you. For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information related to legal requirements, Contact Information, and other Personal Data provided by you or on your behalf or generated while providing services. The legal basis for this processing includes the performance of a contract signed with you, fulfilling our or third parties’ legitimate interests, and/or compliance with applicable legal obligations.
• 5.1.3. To comply with legal obligations. For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information related to legal requirements, Contact Information, and other Personal Data provided by you or on your behalf or generated while providing services. The legal basis for this processing includes fulfilling our or third parties’ legitimate interests and/or compliance with applicable legal obligations.
• 5.1.4. To respond when you contact us through our website or other communication channels. For this purpose, we may process your Basic Personal Data, Contact Information, and other Personal Data provided by you or on your behalf. The legal basis for this processing is your consent and fulfilling our or third-party legitimate interests.

5.2. In all other situations, we may use your Personal Data for direct marketing only with your prior consent.

5.3. We may offer you services from our business partners or other third parties or seek your opinion on various matters concerning them, based on your previous consent. Opting out of receiving marketing messages or calls will not affect our ability to provide you with services.

5.4. You have the right to refuse or revoke your consent at any time to receive our marketing emails. Each email will include an option to object to the processing of your Personal Data or opt out of receiving notifications. You can opt out by clicking the appropriate link in each email.

6. HOW DO WE RECEIVE YOUR PERSONAL DATA

6.1. We collect the data that you directly provide to us. This occurs, for example, when you become a new customer, access and use our website, create an account with us, or subscribe to our electronic publications. The Company also gathers additional information from you through any communications you submit to us, such as newsletters.

6.2. Personal Data that we may collect from third parties includes:

• 6.2.1. Information provided by third parties connected to you and/or dealing with us, such as business partners, subcontractors, service providers, and merchants;
• 6.2.2. Data from third-party sources, such as registers held by governmental agencies or information collected to assist with "Know Your Customer" checks as part of our client acceptance procedures;
• 6.2.3. Information from publicly available sources, which we may use to help keep track of our clients.

7. TO WHOM DO WE SHARE YOUR PERSONAL DATA

7.1. We may transfer your Personal Data to one or more of the following types of recipients:

• 7.1.1. Our business partners, agents, or intermediaries who are essential for delivering our company's goods and services;
• 7.1.2. Government authorities;
• 7.1.3. Commercial banks and other financial institutions;
• 7.1.4. Attorneys, financiers, accountants, company managers, personnel administrators, and similar professionals;
• 7.1.5. Subsidiaries of the Corporation;
• 7.1.6. External service providers, such as those offering system development and enhancement, auditing, and other related services;
• 7.1.7. Other parties with whom the Company plans to enter or has already entered into contracts;
• 7.1.8. Third parties that require access to the data to comply with legal duties, legitimate interests, or approvals from shareholders or beneficiaries.

8. INTERNATIONAL TRANSFER OF PERSONAL DATA

8.1. As we provide international services, your Personal Data may be transferred and processed outside Canada.

8.2. The transfer of Personal Data may be necessary in situations such as:

• 8.2.1. To conclude the contract between you and us and to fulfil the obligations under such a contract;
• 8.2.2. In cases indicated in laws and regulations to protect our lawful interests, such as bringing proceedings in court or other governmental bodies;
• 8.2.3. To fulfil legal requirements or to realise public interest.

8.3. If your Personal Data is transferred outside Canada, we will take all necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy, ensuring it is protected and transferred in a manner consistent with the applicable legal requirements for Personal Data.

8.4. This can be achieved in several ways, such as:

• 8.4.1. The country, territory, or specified sector within that third country, or the international organisation to which we send the Personal Data, is approved by Canada as having an adequate level of protection;
• 8.4.2. The recipient has signed standard data protection clauses approved by Canada;
• 8.4.3. If the recipient is in the US, they must be a certified member of a recognized data protection scheme;
• 8.4.4. Special permission has been obtained from a supervisory authority.

8.5. We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards.

9. HOW DO WE PROTECT YOUR PERSONAL DATA

9.1. We implement appropriate technical, organisational, and administrative security measures to ensure the security of your Personal Data processing. These measures are designed to protect your Personal Data from loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorised access, or any other illegal handling.

9.2. The Company and any third-party service providers that may process Personal Data on our behalf for the purposes indicated above are also contractually obligated to respect the confidentiality of the Personal Data.

10. RETENTION TERMS OF PERSONAL DATA PROCESSING

10.1. We will retain your Personal Data for as long as necessary for the purposes for which it was collected and processed, but no longer than required by applicable laws and regulations. This means we store your data for as long as needed to provide services and as dictated by the retention requirements in the laws and regulations of the United Kingdom.

10.2. The data retention terms for Personal Data processing specified in this Privacy Policy are as follows:

• 10.2.1. For as long as your consent remains in force, provided there are no other legal requirements related to Personal Data processing;
• 10.2.2. In the case of contract conclusion and execution, until the contract between you and the Company remains in force and up to 10 years after the relationship between the client and the Company has ended;
• 10.2.3. Personal Data submitted through our website is retained to the extent necessary to fulfill your request and maintain further cooperation, but no longer than 6 months after the last day of communication, unless legal requirements mandate a longer retention period;
• 10.2.4. For at least 5 years in accordance with the Law on Prevention of Money Laundering and Terrorist Financing.

10.3. When applicable laws and regulations specify retention terms, those terms will apply.

10.4. Your Personal Data might be stored longer if:

• 10.4.1. We need to defend ourselves against claims, demands, or actions and exercise our rights;
• 10.4.2. There is a reasonable suspicion of an unlawful act that is under investigation;
• 10.4.3. Your Personal Data is necessary for the proper resolution of a dispute or complaint;
• 10.4.4. Other statutory grounds require it.

11. WHAT RIGHTS DO YOU HAVE REGARDING YOUR PERSONAL DATA?

11.1. As a data subject, you have certain rights regarding the Personal Data we hold about you. Under specific circumstances and in accordance with applicable data protection laws, you may have the right to:

• 11.1.1. Access your Personal Data and understand how it is processed. This right may be limited by legislation, the privacy of others, and considerations for the Company’s business operations.
• 11.1.2. Request rectification of incorrect or incomplete data. If any Personal Data we process about you is inaccurate, you have the right to request its correction or completion.
• 11.1.3. Request the erasure of your Personal Data. You may request that any or all of your Personal Data be erased, although there may be cases where we cannot erase all data due to contractual obligations or legal requirements.
• 11.1.4. Request the restriction of processing your Personal Data. You can request that our processing of your Personal Data be limited, for example, when you believe the data is inaccurate and we need to verify it, or when you object to processing based on legitimate interest and we need to verify if our grounds override yours.
• 11.1.5. Request the transfer of your Personal Data to another data controller or directly to you in a convenient format. This applies to data provided by you and processed by automated means based on consent or the performance of a contract.
• 11.1.6. Object to processing based on legitimate interests, unless our reasons for processing outweigh any potential impact on your rights.
• 11.1.7. Withdraw your consent at any time for processing that is based on consent. However, withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
• 11.1.8. Not be subject to a decision based solely on automated processing.
• 11.1.9. Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) or another relevant supervisory authority if you have concerns about how we have processed your Personal Data.

11.2. We will exercise your rights only after receiving your written request and verifying your identity. Requests should be submitted to us by ordinary mail or email at [email protected].

11.3. Your requests will be fulfilled, or the reasons for any refusal will be specified, within 30 calendar days of receiving a valid request. This timeframe may be extended by an additional 30 calendar days with prior notice to you if the request involves a large scope of data or other simultaneous requests. Responses will be provided in your chosen format.

12. THE RIGHT TO LODGE A COMPLAINT

12.1. You can file a complaint regarding your Personal Data in the same manner as specified in the section on exercising your rights.

12.2. Additionally, you have the right to address the Information Office of the Privacy Commissioner of Canada (OPC) with a claim regarding the processing of your Personal Data if you believe it is being handled in a way that violates your rights and legitimate interests as stipulated by applicable laws.

12.3. You can follow the procedures for handling complaints established by the Information Office of the Privacy Commissioner of Canada (OPC). Contact details are available on the Privacy Commissioner of Canada website.

13. HOW CHANGES TO THIS PRIVACY POLICY WILL BE MADE

13.1. We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations.

13.2. Any changes and clarifications will take effect immediately upon publication on our website: https://paynnacle.com.

13.3. Please review this Privacy Policy periodically to stay updated on any changes.

14. CONTACT US

14.1. Controller’s Contact Information:

• 14.1.1. Company Name: Paynnacle Solutions Ltd.
• 14.1.2. Registration Number: 1000805334
• 14.1.3. Legal Address: 1907 Baseline Rd, Unit 104, Ottawa, Ontario, K2C0C7, Canada
• 14.1.4. Contact Email Address: [email protected]