1. INTRODUCTION

Thank you for choosing the relevant service(s) (the “Services”) and/or product(s) (the “Product”) (including but not limited to RedotPay Card as defined in the RedotPay Card Terms & Conditions) provided by Red F. Technology Limited (a limited liability company incorporated in Hong Kong with company number 3254911) (“RedotPay”) and its affiliates (hereinafter also referred to as “I”, “me”, “my”, “we”, “us” and “our” or the “Company”). By accessing or using our Services/Products, you CONSENT to the policies and practices set out in this privacy policy (the “Privacy Policy”) and represent and warrant that you have the valid consent and authority from the Relevant Person(s) (defined below) for us to collect, use, disclose and/or process your Personal Data as described herein. This Privacy Policy describes how we will collect, use and disclose your personal data when you access or use our Services/Products. You agree that RedotPay may update this Privacy Policy at any time by posting the amended version on our website and associated application program interface or mobile applications (the “Site”) or sending the latest Privacy Policy to you via email. Your use or continued use of any Services/Products after such amendment shall be deemed as your acceptance and agreement to the same.

2.WHAT PERSONAL DATA WE COLLECT

We may from time to time collect, process, and store certain personally identifiable information that can be used to contact or identify you and your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantee/security providers and other natural persons related to you (“Relevant Persons”) via your use of the Services/Products or where you have given your consent (“Personal Data”). Such Personal Data may include contact details, information and data generated in the ordinary course of your relationship with us, information and data collected when you or a Relevant Person participates in events organized by us and information from cookies or the use of any information technology applications. The Personal Data that you may provide to us during the onboarding process may also include, without limitation:

• Full legal name (including former name, and names in English and Chinese, if applicable)

• Identification document type (e.g. Passport)

• Identification document number (e.g. Passport No.)

• Gender

• Date of birth

• Place of birth

• Nationality

• Residential address

• Country/state of residence

• Total net wealth (approximately in USD)

• Purpose of account opening

• Initial and ongoing sources of wealth or income

• Nature and details of the business/occupation/employment

• Level of activity anticipated

• Source of funds/digital assets to be used in the relationship

• Credit history and score

• Contact phone number

• Email address

• Your transaction history and spending pattern

• Bank account information

• Blockchain address

• Your location data

• Additional Personal Data or documentation at the discretion of our compliance team

3. HOW WE USE YOUR PERSONAL DATA

We may use the collected Personal Data for the following purposes:

To make decisions relating to the provision or continued provision of the Services/Products to you.

To administer, operate, deliver, improve, and personalize the Services/Products.

To process your payments and transactions, and to provide you with statements, invoices, receipts and other related information in relation to the Services/Products.

To monitor and record the usage of the Services/Products and communications with you and/or the Relevant Persons (including for investigation and fraud prevention purposes).

To detect, prevent and address technical issues.

For risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and to carry out internal/external audits.

To communicate with you, your affiliates and/or your representatives in relation to events, our Services/Products and other products or services offered by RedotPay or its affiliates, unless you have opted not to receive such information.

To conduct market research, surveys, promotions and contests, and to analyse your preferences, interests and behaviour in relation to the Services/Products.

To fulfil any applicable legal, regulatory and compliance requirements (including anti-money laundering and tax obligations applicable to us).

To enforce or defend the rights or property of RedotPay, its affiliates and other Users.

Carry out any other purpose(s) described to you at the time the data was collected.

4. DO WE SHARE YOUR PERSONAL DATA

We may share your Personal Data with the following persons for the purposes stated above:

Our third party service providers who help us provide, operate, maintain, secure and improve the Services/Products (including but not limited to any “Know Your Client” or other blockchain analytics service providers, credit card networks, banks or financial institutions, payment processors, merchants, loyalty programs partners, and service providers that provide website hosting, data analysis, information technology, mailing, telecommunications, human resource, data processing, payments, credit references or other services).

Any person or entity that is part of RedotPay and its affiliates who is under a duty of confidentiality to the disclosing entity.

Professional advisers of RedotPay and its affiliates.

Any person or entity that we engage or participate in for the purposes of marketing, advertising, or promoting our Services/Products, such as social media platforms, online platforms, or third party websites.

Any person to whom we are under an obligation or otherwise to make disclosure pursuant to legal process or pursuant to any foreign or domestic legal, tax, and/or regulatory obligation or request.

Any person or entity that you authorize or consent to receive your Personal Data, such as your authorized representatives, agents, advisors, or beneficiaries.

Any actual or proposed assignee or business transferee of RedotPay and/or its affiliates.

We may also share aggregated or anonymized Personal Data with the above persons to help administer, operate, deliver and improve the Services/Products.

5. DO WE TRANSFER YOUR PERSONAL DATA

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Please note that we may transfer the data, including Personal Data, outside your jurisdiction and process it there. Your consent to this Privacy Policy and your submission of such information represents your agreement to that transfer.

We will take reasonable measures to ensure that your Personal Data is treated securely and in accordance herewith and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other personal information.

6. DO WE TRANSFER YOUR PERSONAL DATA

The Personal Data that we collect from you may be transferred to, and stored at, a destination outside of your state, province, country or jurisdiction. By submitting your Personal Data, you agree to this transfer, storing or processing. Information you provide to us may also be stored on our and/or third-party cloud servers.

7. HOW LONG DO WE RETAIN YOUR DATA

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. By accessing/using our Services/Products you are giving a consent for us to retain your Personal Data.

8. MARKETING COMMUNICATIONS

We may communicate company news, promotions, and information relating to our products and services provided by us. We may share Personal Data with our affiliates to send marketing communications. We will only send you such marketing communications Note to client: Under Hong Kong law, it is necessary to have the express consent of user in order to send marketing material. It is typically a checkout box in the App when registering the user. You may make it a default option that the box it’s ticked. But still, it is necessary to be an express consent, and such consent cannot be deemed sufficient by continuing to use the service.

9. COOKIE USAGE

While you access the Site, we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit the Site. This information helps us recognize you as a customer, collect information about your use of our Services/Products to better customize our services and better your experience. We may also use the information collected to ensure compliance with our compliance program, and to ensure your account security has not been compromised by detecting irregular or suspicious account activities.

Most browsers are setup to accept Cookies automatically. Some Cookies expire when you finalize the session and other Cookies remain on your computer or other devices until deleted or expired. You have the option to decline the use of our Cookies, but this may affect the functionality of the Services/Products or your user experience.

Some browsers have a do not track feature that lets you tell websites that you do not want to have your online activities tracked. At the moment, we do not respond to browser do not track signals.

10. INFORMATION SECURITY

We endeavor to protect ourselves and you from unauthorized access, alteration, disclosure, or destruction of data we collect and store. We take various measures to ensure information security, including encryption of our communications with SSL, requiring two-factor authentication for all sessions, periodic review of our Personal Data collection, storage, and processing practices and restricted access to your Personal Data on a need-to-know bases.

The Security of your data is important to us, but you understand and acknowledge that no method of transmission over the Internet, or method of electronic storage is fully secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

11. Links to other site

Our Site may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. You understand we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

12. Minor policy

We do not provide Services/Products to anyone who is regarded as a could be provided to people under age of 18 depending on the jurisdictions. We do not knowingly and intentionally collect the personally identifiable information from anyone who is regarded as a “minor” or equivalent under applicable law. If you are a parent or guardian and you are aware that your child (being a “minor” or equivalent under applicable law) has provided us with Personal Data, please contact us and we will take appropriate measures.

13. Your contact with other customers.

You understand you are solely responsible for your interactions with other Users. We reserve the right, but have no obligation, to monitor disputes between you and other Users.

14.Contacting us about privacy questions or concerns

If you have any questions about this Privacy Policy or the use of your Personal Data, please contact us by sending an email to the following address support@redotpay.com with the subject “PRIVACY QUESTION”.

If you wish to know what Personal Data we retain and if you want it to be updated, corrected or deleted from our systems, please contact tradesupport@redotpay.com with the subject “DATA INQUIRY”. We will do our best to do so as soon as possible with exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes.

If you wish to withdraw your consent, please contact support@redotpay.com with the subject “DATA INQUIRY”. Where you or a Relevant Person withdraws your/its/their consent or fails to supply relevant information or data required for us to provide our Services/Products to you, we may be unable to provide or continue to provide Services/Products to you.

In response to data access, correction, deletion or data portability request, we will verify the requesting party’s identity to ensure that he or she is legally entitled to make such request. While we aim to respond to these requests free of charge, we reserve the right to charge you a reasonable fee especially if the request is repetitive or onerous.

15. LANGUAGE

If this Agreement is translated into any other language from English, the English language version shall prevail to the extent of any inconsistency.

16.Specific Rights under different jurisdictions

A. Your Moved original section 8 to the below.

If you are a resident of the European Economic Area (“EEA”), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it. We may process your Personal Data because:

• We need to use your Personal Data to contract with you or to perform our obligations thereunder.

• You have given us consent to do so.

• The processing is in our legitimate interests or necessary to comply with our legal obligations.

• To comply with applicable laws and regulations.

If you are a resident of the EEA, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Please see section 14 (Contacting Us About Privacy Questions or Concerns) above.

In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the information we have on you.

• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

• The right to object. You have the right to object to our processing of your Personal Data.

• The right of restriction. You have the right to request us to restrict the processing of your personal information.

• The right to data portability. You have the right to be provided with a copy of the information we have on you.

• The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

B. Your Rights If You are a Resident of California or Certain US States

Under the laws of the states of California, Colorado, Connecticut, Utah and Virginia (“Applicable States”), you may have rights to ask us to:

• provide access to certain information we hold about you, in some cases in a portable format, if technically feasible.

• update or correct your information.

• delete certain information we hold about you.

• opt in to or opt out of use of certain sensitive information we hold about you.

You may also have the right to designate an authorized agent to help you exercise these rights. To ensure the security of your account, we will generally ask you to verify your, or your authorized agent’s, request using the contact information you have already provided.

If you would like to exercise any of these rights, or appeal a decision made relating to your rights, please see section 14 (Contacting Us About Privacy Questions or Concerns) above.

No sale of personal information. We do not sell any personal information to anyone.

No discrimination. We will not discriminate against any exercising their rights under the privacy laws of California or other Applicable States.

California. Below are the additional disclosures required by the California Consumer Privacy Act and the California Privacy Rights Act (together, the “CCPA”), effective as of January 1, 2023.

• Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending on how you engage with us:

• Identifiers, such as your name, email, address, phone numbers, or IP address.

• Personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number.

• Characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;

• Commercial information, such as purchase activity;

• Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;

• Geolocation information, such as the location of your device or computer determined from your IP address or mobile device’s GPS depending on your device settings;

• Audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;

• Professional or employment-related information, for example information you may provide about your business; and

• Inference data, such as information about your preferences.

Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the CCPA, depending on how you engage with us:

• Identifiers, such as your name, email, address, phone numbers, or IP address;

• Personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;

• Characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;

• Commercial information, such as purchase activity;

• Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;

• Geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through applications we offer;

• Audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;

• Professional or employment-related information, for example information you may provide about your business;

• Inference data, such as information about your preferences.

Sensitive personal information. The categories of information that RedotPay collects and discloses for a business purpose include “sensitive personal information” as defined under the CCPA. RedotPay does not use or disclose sensitive personal information for any purpose not expressly permitted by the CCPA.