Privacy and data protection


This document describes Gubira Pay AB's privacy and data protection practices and addresses

how we manage and protect the information Gubira Pay AB collects about you when you use

our website, mobile applications or when you provide us with your personal data.

With a strong commitment to preserving your privacy, Gubira Pay AB guarantees that your

personal information, which is requested when utilizing our Service (defined below), will be

handled exclusively according to the guidelines in this document.

We reserve the right to make changes to this text, so please read it often to confirm that you

agree to the updated terms and conditions.


I (First) Who are we?


Gubira Pay AB distinguishes itself as a digital money transfer platform, which allows its users to

send money to friends and family using devices such as computers, tablets or smartphones,

collectively referred to as the "Service".

In this Privacy Policy, the terms "we", "us", "our", "the company" and "Gubira Pay" refer to

Gubira Pay AB, a company incorporated under Swedish law, registered under number 559190-

1318 and with its registered office at Karlbergsvägen 26 T, 113 27 Stockholm, Sweden.

Under the provisions of the General Data Protection Regulation ("GDPR"), Gubira Pay acts as

the "controller" for the processing of your personal data, while you, the customer, are

recognized as the "data subject". This means that Gubira Pay has the right to determine how

and why your personal data is processed and to protect your right to privacy at all times.


II (second) What kind of personal data do we collect?


The type of personal data we collect from you may vary significantly depending on the type of

interaction you have with us and the range of products and services we offer you. When we

refer to terms like "personal information" or "personal data", we are referring to any data or

information that is directly or indirectly linked to an identifiable individual.

For greater clarity and to ensure full transparency, we describe below the different categories

and specific types of personal data that we are entitled to collect in the context of our

activities. This breakdown not only serves to inform you of the data processing methods we

use, but also reflects our commitment to respect and protect your privacy at all stages of our

interaction.


Basic identification data: This includes data such as your full name (and any aliases), address,

email address, telephone number, date of birth, gender, occupation and place of work,

username or social media identifier or any other unique identifier (this includes a customer ID

that we generate to recognize you in our systems).Customer service related data: this refers to information you provide to us when contacting our

customer service or offices, including the content of call recordings (for example, when we

record calls to monitor service quality).


Identity documents or records issued by authorities: This includes information from identity

documents such as driving licenses, passports or national identity documents, including a

photo or selfie of you with such documents, proof of address (utility bills, bank statements) or

documentation showing where the money for your transaction comes from (e.g. bank

statements or proof of income).


Marketing information and communication preferences: Includes your preferences for

receiving marketing materials from us or selected third parties, your communication

preferences and data we obtain from market research, advertising networks or analytics

services that we lawfully collect.


Payment data: contains information about your payment method, such as credit/debit card

details or bank account information.


Promotions and competitions data: Includes your name, email address and other personal data

that you may need to provide when participating in promotions or competitions that we

organize.


Transaction recipient information: includes the full name, address and telephone number of

the recipient of your shipments, details of the destination financial institution or account

details and, in case of dispute, additional information to verify the recipient's identity with the

relevant entity.


Referral Data: Information you give us about friends or acquaintances, such as their name and

email address, to introduce them to our services.


Sensitive personal data: This may include biometric information, such as facial scans or video

recordings for identity verification, in order to protect your account and detect suspicious or

fraudulent activity.


Feedback and survey data: includes information you provide in surveys, reviews, comments

and testimonials, including your name, contact details and other requested personal data.Technical information: This includes information about the hardware and software you use to

access our services, such as network information, your internet service provider, operating

system, browser type, unique device identifiers, IP address and your current geographic

location, which is necessary for some location-based services.


Transaction and Usage Data: Includes your transaction history and records, the purpose of

transfers, relationship with the recipient, average transaction amounts, how often you use our

services, intent to send to multiple recipients, and information about referral rewards, as well

as information about how you interact with our services or websites and your browsing or

search activity.


III (third) Methods of collection of personal information

Our process for collecting personal data involves a variety of methods and is derived from

different sources, allowing us to compile a detailed profile to improve your experience with our

services.

The following are the ways in which we obtain your personal information:


Directly from you:


We receive personal data directly from you at various times, such as when you register for our

service, create a profile, communicate with us (including via online chat), complete surveys,

participate in events, register for sweepstakes, contests, advertising campaigns, write reviews,

or subscribe to our newsletters, SMS or postal mailings.


Automated data collection and third party data collection:

We use advanced tracking technologies, such as cookies, web beacons, and other digital

analytics methods, to automatically collect information when you interact with our websites,

apps, emails, or ads. We also integrate data from external sources, including data analysts,

marketing platforms, social media, security and identity verification providers, and others. This

process helps us to personalize and continuously improve your experience and ensure that the

data we handle is accurate and relevant. More information can be found in our cookie policy.


IV (fourth) Processing and use of your personal data

Our use of your personal data is strictly within the limits of applicable law. Depending on your

country of residence, our right to process your personal data is based on different legal bases,

which are applied in accordance with local regulations, in this case: SWEDEN.

Compliance with laws and regulations

In the context of our business, personal data is processed primarily for the purpose of fulfilling

our legal and regulatory responsibilities. This process includes using such information to

establish, exercise and defend legal claims, as well as to protect ourselves against potential

legal claims.

Security and anti-fraud protectionTo ensure security and prevent fraudulent activities, we use personal data to identify,

investigate and prevent actions that may be harmful, fraudulent, deceptive or illegal. This

includes preventing illegal transactions, detecting attempted violations of our internal rules,

policies and terms of use, as well as managing security incidents and protecting against

damage to the rights and interests of both Gubira Pay AB and our community of users,

customers and employees.

Compliance with current legislation

The processing of your personal data is also focused on compliance with applicable laws and

regulations. This includes, but is not limited to, obligations arising from regulations focusing on

customer due diligence, prevention of money laundering, compliance with sanctions and

compliance with specific rules and guidelines relating to risk assessment, fraud detection and

prevention, combating terrorist financing, as well as compliance with consumer protection and

complaint handling measures. This comprehensive approach to personal data processing

enables us not only to ensure the integrity of our operations but also to reinforce our

commitment to protect and secure the information entrusted to us.


V (fifth) Implementation of contractual agreements

Administration and facilitation of services

In order for you to have effective access to and optimal use of our services, we use your

personal data in a number of important processes. These range from the execution and

administration of your specific transactions, through the support and maintenance of your

account under optimal operating conditions, to the distribution of marketing incentives and

benefits resulting from our referral initiative.


This processing of personal data also includes the

coordination of financial transactions, including, but not limited to, the efficient and secure

processing of payments. This multi-faceted procedure is primarily aimed at empowering your

experience with our services and ensuring a smooth and personalized interaction that

effectively responds to your needs and expectations.

Personalized communication with users

We use the data you provide to establish a direct and personalized line of communication, so

that we can effectively address all your questions, concerns and feedback, as well as to provide

you with technical and customer support customized to your specific needs.

Anchoring in consent and legitimacy

Marketing and promotional strategies:

We use your data to develop and implement marketing and advertising strategies customized

to your interests.


This includes sending messages about promotions and offers through various

channels such as email, text messages and physical mail; displaying personalized advertising on

social media platforms and other websites; and implementing programs to attract new

customers, as well as organizing marketing events such as sweepstakes and contests.

Research, analysis and customized adaptations:

The data we collect is necessary to conduct detailed analytics that help us to continuously

improve our services and offerings. This analytics work helps us understand how you interact

with our digital platforms and our communications, so that we can optimize both the contentand structure of our websites and mobile apps and fine-tune our marketing campaigns.


This approach helps us to personalize your experience, make your interaction with us more

seamless and relevant, and adapt our messages and advertising offers to your online

preferences and behaviours.

Expanded commercial objectives:

Subject to your explicit consent, we are entitled to process your personal data for extended

business purposes that you have requested or that are of interest to you, always ensuring

responsible and secure handling of your data.


VI (Sixth) Processing and sharing of personal data: perspectives and mechanisms

Our Privacy Policy includes a detailed explanation of the various conditions under which the

sharing of your personal information may occur, extending the scope beyond the situations

specifically described in previous sections of this text. A more in-depth and technically richer

discussion of these conditions is provided below:

Integration into the business structure

We may transfer personal data to other companies that are part of our group. This includes our

main entity, as well as any related subsidiaries or affiliates. These affiliated companies may

process your personal data on our behalf to provide services more efficiently, act with your

explicit authorization or in accordance with the requirements and authorizations granted under

applicable law.


Synergies with external partners and service providers

We disclose selected personal data to external partners and suppliers whose services are

essential to support our core business activities and operational infrastructure. These include

financial institutions, such as banks and other entities involved in conducting financial

transactions or providing financial services that you requested, such as payment processors;

bodies responsible for identity authentication or know-your-customer (KYC) compliance; and

third parties responsible for providing the technical infrastructure for our communications,

analyzing user information, supporting and managing user feedback, investigating fraudulent

behavior, conducting market research among our customers, and outsourcing certain customer

service functions.


Strategic partnerships

Your personal data may be shared with third parties with whom we have entered into strategic

alliances for the design and sharing of specific products, services or promotions. In addition,

we may share data with our banking or retail partners in cases where we suspect that our

terms of use have been breached or that fraud has occurred. The handling of your data by

these entities is governed by their own privacy policies.

Interaction through digital platforms and social networks


Our websites contain certain features that work through tools provided by third parties, such

as plug-ins and widgets. This may involve the collection or exchange of data between us and

such third parties. For example, the use of our recommendation function via platforms such as

WhatsApp, Facebook, email or SMS messages. The handling of your information in these

contexts follows guidelines outside our privacy policy.Adjustments to corporate structure and business activities

In case of events such as mergers, acquisitions or any other situation involving a reorganization

or transfer of our business assets, your personal data may be disclosed or shared with parties

involved in these processes.


Legal commitments and legal proceedings

We reserve the right to disclose personal information in response to formal legal requests, such

as subpoenas, court orders, government investigations, or to comply with applicable legal

requirements. Such disclosures are also made to protect our rights or the rights of others, to

resolve disputes, to ensure the safety of our users, to prevent fraud, or to address potential

violations of our policies.


Specific considerations for information exchange

Sometimes we may ask you if you consent to us sharing your information with third parties not

previously identified in this document, in which case we commit to a high level of transparency

and ask for your explicit consent before proceeding.


VII (7th) Handling and sharing of personal data: practices and conditions

Our privacy policy addresses how we handle and share your personal information, and

identifies specific and general circumstances under which such information may be disclosed:

Units within the enterprise group

We may distribute personal data to related entities within our group, including the parent

company and any subsidiaries. These entities may process your data to enable us to provide

services, with your consent or as required by applicable law.

Alliances with service providers

We selectively disclose personal data to third-party providers that support our core business

and operational objectives. This cooperation may include, but is not limited to, financial

institutions for transaction processing, entities for identity verification in accordance with KYC

rules, as well as third parties facilitating digital communication, analysis of customer data,

technical support, fraud monitoring and management of investigations or outsourcing of

customer service.


External cooperation

We may share your personal data with external partners with whom we collaborate to offer

joint products, services or promotions. This sharing also includes situations where we suspect a

breach of our policies or fraud. The handling of your data by these partners is subject to their

own privacy policies.

Interaction with third party platformsWe integrate features on our websites that are provided by third parties, such as plugins or

widgets, which may collect or share data between us and these third parties, such as when you

use our recommendation feature on social networks or messaging services. These interactions

are governed by policies that are not our own.

Transformation of enterprises

In the event of mergers, acquisitions or any other significant change in corporate structure, it is

likely that your personal data will be shared with the parties involved in these processes.


VIII (8th) Legal compliance and protection of rights

We reserve the right to disclose personal information to respond to legal requests, such as

subpoenas or investigations, to comply with applicable laws, to defend our rights or the rights

of others, to protect the safety of our users, to prevent fraud, and to respond to illegal

activities or violations of our policies.

Further considerations on sharing

We may request your consent to share your information with third parties not specifically

mentioned, in which case we commit to full transparency and obtain your prior consent.

Processing of sensitive personal data

We may need your explicit consent to process biometric data for identity verification,

depending on your local privacy laws. We offer options for verification if you choose not to

consent and ensure that such data is only shared with verification providers or in accordance

with applicable laws and court orders.

Automated decisions

We implement automated processes to validate access to and use of our services, including

identity verification and fraud prevention. These automated decisions may affect the

authorization of transactions or access to your account. In case of impact, you can contact

privacydatarequest@gubirapay.com or direct your questions in writing to the following

address: GUBIRA PAY AB, Karlbergsvägen 26 T, 113 27, Stockholm.


IX (9th) Confidentiality

We recognize specific privacy rights under the law in Sweden and are committed to a high

standard of privacy practices for all our customers. This includes the right to access, rectify,

erase or restrict the processing of your personal data under certain conditions, and the

possibility to object to certain processing based on legitimate interests.

How to deactivate direct marketing?You have the option to ask us to stop using your personal data for direct marketing purposes.

This option is available to you at any time and can be done by selecting the "unsubscribe" link

included in our marketing communications. We will respect your request and cease such

communications. If you choose not to receive emails to a particular email address, we will

register this address on an "opt-out" list to respect your decision. You can adjust your

preferences for marketing communications at any time.

In addition, you have the possibility to control how your personal data is used by adjusting your

preferences in your Profile on our Services. Please note that not all communications, especially

those required by law, such as notifications about our services, can be deactivated.

Withdrawal of consent

You have the right to withdraw your consent to the processing of personal data at any time.

Withdrawal of this consent does not jeopardize the lawfulness of previous processing based on

such consent. However, this action may limit our ability to provide you with certain products or

services.

Exercise of the right to data protection

To exercise any of the rights resulting from the data protection rules, we invite you to send a

formal request via the following communication channels:

By e-mail to privacydatarequest@gubirapay.com or by writing to the following address:

GUBIRA PAY AB, Karlbergsvägen 26 T, 113 27, Stockholm. You can also contact us directly

through our helpdesk via mobile, Whatsapp +46767038767 or by phone on 08-4648191.

Procedure for verifying the applicant's identity

In order to process certain requests, it is necessary to carry out an identity check to confirm the

authenticity and origin of the request. This procedure may require us to communicate with

you, either by phone or email, to confirm your identity.


X (Tenth) Methods to protect your personal data

We apply the latest security standards to protect the information you provide to us, including

advanced encryption for sensitive data such as bank account numbers, credit card numbers,

etc. This approach ensures the security of your data when it is transmitted through our website

or mobile application. It is important that users use secure login credentials to access their

information on our platforms.

It is your responsibility to keep your credentials confidential, including by taking precautions

against unauthorized fingerprint enrollment on devices that allow biometric access, such as

Apple Touch ID. This prevents unauthorized access and potential liability for third party actions.

Although we make every effort to protect your data, we cannot guarantee the complete

security of electronic transmission and storage. Any transfer of personal data is at your own

risk. If you have any questions or concerns about security, please contact us.


XI (Eleventh) Personal data retention period and policy updates

We keep your personal data for the period strictly necessary to achieve the purposes for which

it was collected, taking into account legal and regulatory requirements. The length of retentionis determined by criteria such as legal obligations, the nature and sensitivity of the data, the

risk of unauthorized disclosure and whether the purposes can be achieved by other means. As

a regulated entity, some personal and transactional data is retained for at least seven years

after the end of our contractual relationship, in accordance with legal requirements.

Policy updates

Our policy may change at any time by publishing the revised version on our website and app.

Please review the policy regularly, especially before making transactions. If you do not agree to

the changes, you can end your relationship with us by closing your profile via email.


XII (Twelfth) Interaction with external services and third-party policies

Our service uses features of Google Maps and its APIs, which are subject to the Google Terms

of Service and Privacy Policy, which you agree to by using our website and services. These

terms may be updated from time to time.

In addition, we provide links to external websites whose privacy practices differ from ours. The

information you share with these sites will be governed by their own policies, so we do not

take responsibility for their data handling practices. It is important that you read their privacy

policies before providing personal data to them.

This policy does not cover the privacy practices of third parties linked to our service, such as

mobile operators or other users. For detailed information on their policies, we recommend

that you contact them directly before sharing personal information.


XIII (thirteenth) Policy on the prohibition of the use of minors.

We ask children under the age of 18, who in this context are considered children and

adolescents, not to use our Services or provide us with personal data. Children under 18 are

not authorized to use our Services and we will close any profile created by someone of this age

if we become aware of it.


XIV (14th) Preparation and translation of the privacy policy

This Privacy Policy has been originally and mainly drafted in Swedish, with the possibility of

being interpreted and adapted to other languages for global understanding. It is important to

recognize that in situations of discrepancies or inconsistencies that may arise between the

original Swedish version and its translations into other languages, the Swedish version shall be

considered the final and prevailing version to resolve any conflicts or problems regarding the

content or interpretation of this policy.


XV (fifteenth) Consultations, comments and complaints

If you have any questions, comments or if you wish to submit a request regarding the practices

or procedures described in our privacy policy, we invite you to communicate with us. We are

committed to providing the highest level of transparency and openness in all our activities andin the handling of personal data, ensuring that your privacy is respected and protected at all

times.

If you experience any inconvenience with the Service or if the solution offered by our support

team does not meet your expectations, you have the possibility to send your complaint directly

to this e-mail address: complaints.officer@gubirapay.com.