### Privacy Policy MENA Card Systems Limited ("SimpliFi") is committed to protecting the online privacy of the users of this website ("Website"). As such, this Privacy Policy has been written in order to allow you to understand SimpliFi's policy regarding your privacy, as well as how your personal information will be handled when using the Website. This Privacy Policy will also provide you with information so that you are able to consent to the processing of your personal data in an explicit and informed manner, where appropriate. In general, any information and data which you provide to SimpliFi over the Website, or which is otherwise gathered via the Website by SimpliFi, in the context of the use of SimpliFi's services ("Services"), will be processed by SimpliFi in a lawful, fair and transparent manner. To this end, and as further described below, SimpliFi takes into consideration internationally recognised principles governing the processing of personal data, such as purpose limitation, storage limitation, data minimisation, data quality and confidentiality. #### Data Controller SimpliFi, as identified at the top of this Privacy Policy, is the data controller regarding all personal data processing carried out through the Website. For any questions regarding this privacy policy and our processing activities, please contact: [privacy@simplifipay.com](mailto:privacy@simplifipay.com) #### Personal Data Processed When you use the Website, SimpliFi will collect and process information regarding you (as an individual) which allows you to be identified either by itself, or together with other information which has been collected. SimpliFi may also be able to collect and process information regarding other persons in this same manner, if you choose to provide it to SimpliFi. This information may be classified as "Personal Data", and can be collected by SimpliFi both when you choose to provide it (e.g., when you contact SimpliFi through our online contact forms) or simply by analysing your behaviour on the Website. Personal Data which can be processed by SimpliFi through the Website are as follows: ##### Name, contact details and other Personal Data In order to access some of SimpliFi's Services made available over the Website – such as contacting SimpliFi to request further information – you will be asked to provide Personal Data, such as your name, contact details (i.e., business email and phone number), the company you work for or represent, and other Personal Data which you may provide to us in your messages. ##### Other persons' Personal Data In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding that Personal Data, and must assume all inherent legal obligations and responsibilities. This means, among other things, that you must fully indemnify SimpliFi against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide through the SimpliFi. As SimpliFi does not collect this information directly from these third parties (but rather collects them, indirectly, from you), you must make sure that you have these third parties' consent before providing any information regarding them to SimpliFi; if not, then you must make sure there is some other appropriate grounds on which you can rely to lawfully give SimpliFi this information. #### Browsing data The Website's operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website's users as part of their routine operation. While SimpliFi does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data. This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request (e.g., file properties, file size, etc.), the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on. These data are used to compile statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website. #### Cookies For more information on the cookies used by the Website, please read our Cookie Policy. #### Purposes of Processing ##### Service Provision To respond to your requests for further information, and to provide any other Services which you may request through the Website; ##### Marketing For future marketing, promotional and publicity purposes, including to carry out direct marketing, market research and surveys; ##### Compliance For compliance with laws which impose upon SimpliFi the collection and/or further processing of certain kinds of Personal Data, as well as, where necessary, for establishment, exercise or defence of legal claims; ##### Analytics To analyse how users arrived at the Website and how users behave on the Website, in order for SimpliFi to optimize its business operations and the performance, content and features of this Website; ##### Misuse/Fraud To prevent and detect any misuse of the App, or any fraudulent activities carried out through the App. #### Grounds for Processing and Mandatory / Discretionary Nature of Processing SimpliFi's grounds for processing your Personal Data, according to the purposes identified above, are as follows: **Service Provision:** processing for these purposes is necessary to provide the Services and, therefore, is necessary for the performance of a contract with you. It is not mandatory for you to give SimpliFi your Personal Data for these purposes, and providing some of the Personal Data requested in the respective forms is purely optional; however, if you do not provide all mandatory information requested, SimpliFi will not be able to provide any Services to you; **Marketing:** processing for these purposes is generally based on your consent. It is not mandatory for you to give consent to SimpliFi for use of your Personal Data for these purposes, and you will suffer no consequence if you choose not to (aside from not being able to receive further marketing communications from SimpliFi). Any consent given may also be withdrawn at a later stage (please see Data Subjects' Rights for more information); Additionally, if you provide your e-mail address when acquiring any products or services from SimpliFi, that e-mail address may be used to send you direct marketing communications regarding SimpliFi's own similar products or services. You will be given the opportunity to object to this processing when you provide your e-mail address, and with each marketing communication you are sent (please see Data Subjects' Rights for more information). **Compliance:** processing for this purpose is necessary for SimpliFi to comply with its legal obligations. When you provide any Personal Data to SimpliFi, SimpliFi must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations. Additionally, SimpliFi may process Personal Data where necessary to establish, exercise or defend any legal claims; **Analytics:** processing for this purpose is carried out through the use of analytical cookies, which are placed only with your consent, provided by clicking on a button in the pop-up banner you were shown, or otherwise by setting your cookie preferences (please see our Cookie Policy for more information). It is not mandatory for you to give consent to SimpliFi for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to. Any consent given may also be withdrawn at a later stage (please see Data Subjects' Rights for more information); **Misuse/Fraud:** processing for this purpose is generally based on SimpliFi's legitimate interests, namely, in preventing and detecting fraudulent activities or misuse of the Website (for potentially criminal purposes), and ensuring the security of the Website. ### Recipients of Personal Data Your Personal Data may be shared with the following list of persons / entities ("Recipients"): Entities engaged in order to provide the Services or to carry out processing activities related to Marketing and/or Analytics on our behalf (e.g., marketing agencies, customer relationship managers); Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks); Persons authorised by SimpliFi to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of SimpliFi); Other companies within SimpliFi's group; Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities; and Third parties, acting as controllers, by means of third-party cookies set (please see our Cookie Policy for more information). ### Cross-Border Personal Data Transfers Considering SimpliFi's international presence and business operations, your Personal Data may be transferred to Recipients located in several different countries. SimpliFi implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, such as by relying on decisions from relevant supervisory authorities, approved standard data protection clauses, or other safeguards or conditions considered adequate to the transfer at hand. ### Retention of Personal Data Personal Data processed for Service Provision will be kept by SimpliFi until you withdraw your consent, or object to further processing. In this case, your Personal Data will no longer be kept by SimpliFi for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the Services, SimpliFi may continue to store this Personal Data for a longer period, as may be necessary to protect SimpliFi's interests related to potential liability related to the provision of the Services. Personal Data processed for Marketing will be kept by SimpliFi from the moment you give consent until the moment you withdraw the consent given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by SimpliFi, in particular as may be necessary to protect SimpliFi's interests related to potential liability related to this processing. Personal Data processed for Analytics is typically aggregated or anonymised as soon as possible. In any case, any such data which is not aggregated or anonymised will only be kept by SimpliFi from the moment you give consent until the moment you withdraw the consent is given. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by SimpliFi, in particular as may be necessary to protect SimpliFi's interests related to potential liability related to this processing. Personal Data processed for Compliance will be kept by SimpliFi for the period required by the specific legal obligation or by the applicable law, or as long as may be required in order to establish, exercise or defend legal claims. Personal Data processed for Misuse/Fraud will be kept by SimpliFi for as long as deemed strictly necessary to fulfil the purposes for which it was collected, unless you validly object to the processing of your Personal Data for these purposes (please see Data Subjects' Rights, below, for further information). ### Data Subjects' Rights As a data subject, are entitled to exercise the following rights before SimpliFi, at any time: Access your Personal Data being processed by SimpliFi (and/or a copy of that Personal Data), as well as information on the processing of your Personal Data; Correct or update your Personal Data processed by SimpliFi, where it may be inaccurate or incomplete; Request erasure of your Personal Data being processed by SimpliFi, where you feel that the processing is unnecessary or otherwise unlawful; Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, unnecessary or unlawfully processed, or where you have objected to the processing; Exercise your right to portability: the right to obtain a copy of your Personal Data provided to SimpliFi, in a structured, commonly used and machine-readable format, as well as the transmission of that Personal Data to another data controller; Object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent SimpliFi from processing your Personal Data; or Withdraw your consent to processing (for Marketing and Analytics). You can withdraw consent, or object to processing for Marketing by selecting the appropriate link included at the bottom of every marketing e-mail message received. You can withdraw your consent for Analytics by changing your cookie preferences (see our Cookie Policy for more information). Aside from the above means, you can also exercise your rights described above by sending a written request to SimpliFi at the following address: privacy@simplifipay.com. In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through the Website is unlawful. ### Amendments This Privacy Policy entered into force on 15-11-2023. SimpliFi reserves the right to amend this Privacy Policy partly or fully, or simply to update its content, e.g., as a result of changes in applicable law. SimpliFi will inform you of any substantial changes as soon as they are introduced (through a pop-up/notice on the Website, and through e-mail notifications sent to Website users included in SimpliFi's mailing lists). Changes will be binding as soon as they are published on the Website.