The purpose of this document is to provide you with information on how Monoceros Ltd. and its affiliates and subsidiaries (together "Monoceros" or "we") use the personal data that we collect when you visit our website or otherwise interact with us. Any personal data that we collect from you will be processed in accordance with applicable data protection laws (“Privacy Laws”) and this Notice. This Notice applies specifically to individuals. If you are an entity that provides us personal data of individuals, you should provide this Notice to such individuals or otherwise advise them of its content.

Under the applicable Privacy Laws, you may have certain rights and Monoceros may have certain obligations with respect to your personal data. The purpose of this Notice is to explain how and why Monoceros will use, store, share, and otherwise process your personal data. This Notice also informs you of your rights under applicable Privacy Laws and how you may exercise them.

If you do not want us to collect or use your personal data as described in this Notice, please do not use the Monoceros websites or our services. We may update this Notice from time to time, and the revised Notice will be posted on this page with an updated revision date. We encourage you to check back periodically for any changes or updates.

What personal data we collect

We may collect personal data, as defined in applicable Privacy Laws, directly from you or from you when you provide such personal data on behalf of other individuals. For example, you may provide us with personal data on forms and associated documents, through our service providers, via correspondence and communications, when you make a transaction, and when you provide remittance instructions. We may also obtain information about you from publicly accessible directories and sources. These may include: websites, bankruptcy registers tax authorities or other governmental agencies, credit rating agencies, sanctions screening databases, and fraud prevention and detection agencies.

We collect different types of personal data, which may include your name, address, email address, phone number, nationality, place of birth, date of birth, government issued identification number, tax identification number, credit history, and bank account and other financial details. Some of the personal data we collect from you may be considered “sensitive” data under certain Privacy Laws. Depending on the jurisdiction where you reside, you may have the right to instruct us to limit the use and disclosure of your sensitive personal data to only that which is necessary to provide you with the products or services you have requested.

How we use your personal data

Monoceros, as a data controller, may process your personal data as necessary to perform a contract we have with you, including:

• facilitating the continuation or termination of the contractual relationship between you and Monoceros; and
• facilitating the transfer of funds and administering and facilitating any other transaction between you and Monoceros.

Monoceros may process your personal data as necessary for compliance with applicable legal or regulatory obligations, including:

• undertaking due diligence, including anti-money laundering and counter-terrorism checks;
• financing checks, including verifying the identity and addresses of our customers (and, where applicable, their beneficial owners);
• sanctions screening and complying with applicable sanctions and embargo legislation;
• complying with requests from regulatory, governmental, tax and law enforcement authorities;
• surveillance and investigation activities;
• carrying out audit checks, and instructing our auditors;
• maintaining statutory registers; and
• preventing and detecting fraud.

Monoceros may process your personal data in pursuance of our legitimate interests, or those of a third party to whom your personal data are disclosed. We will only process your personal data in pursuance of our legitimate interests where we have considered that the processing is necessary and, on balance, our legitimate interests are not overridden by your legitimate interests, rights or freedoms. This may include:

• complying with a legal, tax, accounting, or regulatory obligation to which we or the third party are subject;
• assessing and processing requests you make;
• sending updates, information, and notices or otherwise corresponding with you;
• investigating any complaints, or pursuing or defending any claims, proceedings or disputes;
• providing you with, and informing you about products and services;
• managing our risk and operations;
• complying with audit requirements;
• ensuring internal compliance with our policies and procedures;
• protecting Monoceros against fraud, breach of confidence or theft of proprietary materials;
• seeking professional advice, including legal advice;
• facilitating business asset transactions involving Monoceros or related entities;
• monitoring communications to/from us (where permitted by law); and
• protecting the security and integrity of our IT systems.

Monoceros continues to be a data controller even though it may engage affiliates and third parties to perform certain activities on its behalf as service providers.

Sharing your personal data

We may share your personal data with our affiliates and delegates. In certain circumstances, we may be legally obliged to share your personal data and other financial information with relevant regulatory authorities. They, in turn, may exchange this information with foreign authorities, including tax authorities and other applicable regulatory authorities.

Monoceros’s affiliates and delegates may process your personal data on Monoceros's behalf, including with our banks, accountants, auditors and lawyers which may be data controllers in their own right. Monoceros's service providers are generally data processors and are acting on Monoceros's instructions. Additionally, a service provider may use your personal data where this is necessary for compliance with a legal obligation to which it is directly subject (for example, to comply with applicable law in the area of anti-money laundering and counter-terrorist financing or where mandated by a court order or regulatory sanction). The service provider, in respect of this specific use of personal data, acts as a data controller.

In exceptional circumstances, we will share your personal data with regulatory, prosecuting and other governmental agencies or departments, and parties to litigation (whether pending or threatened) in any country or territory.

We may also share your personal data in a manner that constitutes a “sale” in order to provide you with targeted products or services that we think may be of interest to you. Depending on your place of residence, you may have the right to opt-out of such sale or sharing. To exercise this right, please contact us as described below.

Sending your personal data internationally

Due to the international nature of our business, your personal data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under applicable Privacy Laws. In such cases, we will process personal data in accordance with applicable Privacy Laws, including having appropriate transfer mechanisms in place.

Retention and deletion of your personal data

We will keep your personal data for as long as it is required by us to perform the contract we have with you. We will generally retain your personal data throughout the lifecycle of your relationship with us. Some personal data will be retained after your relationship with us ends, as may be required by law or contract or per a legitimate business purpose. We expect to delete your personal data (at the latest) once there is no longer any legal or regulatory requirement or legitimate business purpose for retaining your personal data.

Automated decision-making

We will not make decisions that may have a legal effect concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under applicable Privacy Laws.

How we protect your personal data

The security and confidentiality of your personal data is important to us. We have technical, administrative, and physical security measures in place to protect your personal data from unauthorized access, disclosure, and improper use.

Your rights

Depending on the Privacy Laws where you reside, you may have certain data protection rights, including the right to:

• be informed about the purposes for which your personal data are processed;
• access your personal data;
• receive a portable copy of the personal data we hold about you;
• stop or opt-out of direct marketing and targeted advertising;
• restrict the processing of your personal data;
• object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
• require us to delete your personal data in some limited circumstances; have incomplete or inaccurate personal data corrected;
• ask us to stop processing your personal data;
• be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);
• not receive discriminatory treatment for the exercise of applicable privacy rights; and
• complain to the Data Protection Ombudsman.

Contact us

We are committed to processing your personal data lawfully and respecting your data protection rights. Please contact us if you would like to exercise one of the rights above or you have any questions about this Notice or the personal data we hold about you. Our contact details are: privacy@monoceros.com. Please mark your communication "Data Protection Enquiry".