Privacy Notice

Effective Date: 1 October 2025

Introduction

Privat 3 Money Ltd (referred to as “P3M”, “we”, “our”, or “us”) is committed to protecting and respecting the privacy
and personal data of our clients, website users, and business partners. This Privacy Notice outlines how we collect, use,
share, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR)
and the Data Protection Act 2018.
We will always (i) keep your personal data safe and private, (ii) never sell your personal data and (iii) allow you to
manage and review your marketing choices at any time.

Who We Are

Privat 3 Money Ltd is a company registered in England and Wales with company number 11700691 and whose
registered office is at 23 Hill Street, Mayfair, London W1J 5LW United Kingdom. We act as a Data Controller in respect
of your personal data, which means we determine the purpose and means of processing that information. When you
apply for and use our products and services, carry out transactions, or contact us, e.g. to make an enquiry or a complaint,
P3M collects personal data about you.
This Privacy Notice details the types of personal data we collect either from you or from others, who we share it with,
how long we keep it and your rights.
By using or navigating the P3M App or Website or any product or service offered by us, you acknowledge that you have
read, understand, and agree to be bound by this Privacy Notice. You should not provide us with any of your information
if you do not agree to the terms of this Privacy Notice.
We encourage you to review and check P3M Website regularly for any updates to this Privacy Notice. We will publish
the updated version on the Website and by continuing to deal with us, you accept this Privacy Notice as it applies from
time to time.

What Personal Data We Collect

We are committed to complying with applicable data protection laws and will ensure that your personal data is:

  • Used lawfully, fairly and in transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is
    incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about; and
  • Kept securely.

We collect your personal data when you use:

  • Our P3M Client Portal that is available at our Website at https://privat3money.com/ and P3M App.
  • Any of the services available to you through our P3M App or Website (such as trading functionality, P3 Marine, Aviation and other services we may offer).

“Personal data” means information that we know about you and can be used among others to personally identify you,
manage your relationship with us and support crime and fraud prevention.

We collect and process various types of Personal Data including but not limited to:

  • Personal details, such as data which may identify you. This may include name, date of birth, gender, images,
    signature, copies of your identification documents (e.g., passport, national ID), contact details such as address,
    phone number, email, preferred language, names and personal details of beneficiaries of transactions and
    professional data such as employment and education details (“Identity Personal Data”).
  • Financial details, such as data relating to your payment data, payment history, service usage, applications and
    correspondence, bank accounts including account number, sort code and IBAN, income, assets, tax residency
    and tax identification number (“Transactional and Service Personal Data”).
  • Card data, this includes card number, expiry date, CVC, cardholder name and address, transaction history,
    merchant information, card preferences and limits, unique identifier (UUID), primary account number (PAN),
    card design, delivery method, card program, card processor, card status, external provider identifier, currency,
    card type (physical/virtual), processing network (e.g. Mastercard or VISA), tariff, provider tariff, payment type
    (debit or credit) (“Card Personal Data”).
  • Additional details requested by law enforcement or requested pursuant to our compliance procedures in
    connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as
    relationship to the beneficiary of the transaction, the purpose of the transaction and proof of funds
    (“Compliance Personal Data”). We may also collect personal data from third parties or other people who help
    us to provide our services. This may include your credit record, information about late payments, information
    to help us check your identity or eligibility to receive selected products or services, fraud risk scores and
    information relating to your transactions. We also collect information and contact details from publicly sources
    for enhanced due diligence checks, security searches and KYC purposes.

Please note that we also may monitor and record our telephone calls with you which may involve Identity Personal
Data, Transactional and Service Personal Data, Card Personal Data and/or Compliance Personal Data and we may use
any transcripts of these callsso we can be sure we understand the instructions you give us and so we have a clear record
of the products and services you have requested.
If you give us personal data about other people, e.g. your spouse or family, or you ask us to share their personal data
with third parties, you confirm that you have brought this Privacy Notice to their attention beforehand.
Cookies and similar technologies. When you use our Website or App, we capture information via application log,
cookies and similar technologies, including:

  • Technical information, including the IP address to connect your computer to internet, your login information,
    the browser type and version, time zone setting, device language, operating system and platform, type of
    device you use, if your device uses a virtual private network, a unique device identifier, mobile network
    information, mobile operating system and the type of mobile browser you use.
  • Information about your visit to our website, including e.g. the links you have clicked on, through and from our
    Website or App, services you viewed or searched for, page response times, download errors, length of visits to
    certain pages, page interaction information (such as scrolling and clicks) and methods used to browse away
    from the page.
  • Information on transactions and your use of P3M products including the date, time, amount, currencies,
    exchange rate, beneficiary details, details of the merchant, IP address of sender and receiver, sender’s and
    receiver’s name and registration information, messages sent or received, details of devices used to arrange the
    payment and the payment method used.

We use this data for the following purposes:

  • To measure the use of our websites and services, including number of visits, average time spent on a Website,
    pages viewed, page interaction data (such as scrolling, clicks and mouse-overs), etc. and to improve the content
    we offer;
  • To administer the Website and App and for internal operations, including troubleshooting, data analysis,
    testing, research, statistical and survey purposes and
  • As part of our efforts to keep the Website and App safe and secure.

For more information please read our Cookies Policy available at our Website.
We may provide privacy notices and explanations in other languages than English. If there are any discrepancies
between other language versions and the English language versions, the English language version shall prevail.

How We Use Your Data

We process your Personal Data for the following purposes:

  • Verifying your identity and completing onboarding (KYC).
  • Managing your account and providing payment or financial services.
  • Complying with legal and regulatory obligations (e.g., anti-money laundering).
  • Communicating with you, including responding to enquiries.
  • Sending relevant marketing (where permitted) and improving our services.
  • Ensuring the security and integrity of our systems.
  • Conducting profiling and risk assessments where necessary.
  • Administering and operating our P3 card programme, including issuance, activation, processing transactions,
    fraud and security monitoring, dispute resolution, and compliance with card scheme rules and regulatory
    requirements.

Legal Basis for Processing

We process your Personal Data only when we have a lawful basis to do so. These may include:

  • Your consent (e.g., for marketing communications).
  • Performance of contracts and agreements with you (e.g., managing your payment account).
  • Legal obligation (e.g., to comply with financial regulations).
  • Legitimate interests, provided they do not override your rights and freedoms (e.g., improving services or fraud
    prevention).
  • Substantial public interest (e.g. to government regulations or guidance).

Marketing Communications

You may choose whether to receive marketing from us when you register. You can opt out at any time by clicking the
unsubscribe link in our emails and communications or contacting us directly. However, you may still receive generic
information about some products or services in our P3M App or Website.
When you sign up for our services, we will ask for your consent to be contacted by post, push notification, email, phone
call or text message with information about P3M products, services, offers and promotions. You can withdraw your
consent or update your marketing preferences at any time through the P3M App or by contacting us.

Sharing Your Personal Data

We may share your personal data with:

  • Legal and regulatory authorities.
  • Financial institutions (e.g., banks and payment networks).
  • Service providers supporting our operations (e.g., IT or customer support vendors).
  • External auditors, legal advisors, or consultants.
  • Third-party processors bound by data protection agreements.
  • Card scheme operators (such as international card networks), acquiring banks, payment processors, and other
    third parties involved in the issuance, processing and settlement of card transactions.

Also we share your personal data within the P3M group of companies to provide you with the best of our services,
protect you from fraud or harmful behaviour, facilitate the access to use other P3M products, improve existing or
develop new, products or services and send you information about P3M products and services we may think you will
be interested.
We ensure appropriate contractual and security safeguards are in place.

Data Transfers Outside the UK or EEA

In some cases, we may transfer your Personal Data outside the UK or EEA. Any such transfer will be carried out with
appropriate safeguards in line with data protection law. We may also send your personal data outside of the UK or EEA
to keep our global legal and regulatory requirements, to provide ongoing support services, to fraud prevention agencies,
regulators or law enforcement authorities and to enable us to provide you with products or services you may have
requested.
Where you use our card services, your transaction data may be transferred to card scheme operators, acquiring banks,
and processors located outside the UK or EEA as part of the authorisation, processing and settlement of card payments.
We ensure that such transfers are protected by appropriate safeguards, such as the UK International Data Transfer
Agreement (IDTA) or Standard Contractual Clauses (SCCs).

How We Protect Your Data

P3M recognises the importance of protecting and managing your personal data and we will treat your personal data
with the utmost care and security.
We implement technical and organisational measures to ensure a high level of data security, including:

  • Access controls and encryption.
  • Data minimisation and regular audits.
  • Employee confidentiality obligations.
  • Secure communication and storage systems.

For cardholder data, we comply with the Payment Card Industry Data Security Standard (PCI DSS), which sets strict
technical and organisational requirements for storing, transmitting and processing card details. Sensitive authentication
data such as the CVC is never stored after authorisation, in line with PCI DSS rules. All card data is encrypted and access
is strictly controlled.
Although we take all reasonable steps to ensure your personal data will be kept secure from unauthorised access, we
cannot guarantee it will be secure during transmission by you to our app or website. We use HTTP SECURE, where the
communication protocol is encrypted through Transport Layer Security for secure communication over networks, for
all our app, web and payment- processing services.
You are responsible for keeping your account secure by keeping your passwords, PINs, and one-time passcodes private.
Do not share such information with anyone as it may allow them to access to your P3M account and personal data.
Remember that P3M will never ask you for these details through phone calls, emails or texts. If you use our public
services, which includes social network accounts, do not share any personal data that you do not want to be seen,
collected or used by other customers, as this personal data will become publicly available.

Data Retention

Personal data is used for different purposes and is subject to different standards and regulations. In general, personal
data is retained for as long as necessary for the purposes for which it was collected or as required by law (e.g., minimum
five years post-account closure for regulatory compliance).
Notwithstanding, P3M will not retain sensitive card authorisation data (such as CVC codes) after authorisation. Card
transaction records are retained for as long as required under applicable financial services, anti-money laundering and
accounting regulations, typically for a minimum of five years after account or card closure, and may be retained longer
if required by law or to resolve disputes.
If you send us correspondence, including e-mails and faxes, we may retain such data along with any records of your
P3M account. We may also retain customer service correspondence and other correspondence involving you, us, our
partners, and our third party providers.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the
personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for
which we process your personal data and whether we can achieve those purposes through other means, and the
applicable legal requirements.
Once no longer needed, your data will be securely deleted or anonymised.

Data Security

We are committed to maintaining the security of your personal data and have measures in place to protect against the
loss, misuse, and alteration of the data under our control.
We employ modern and secure techniques to protect our systems from intrusion by unauthorized individuals and we
regularly upgrade our security as better methods become available.
Our datacentre and those of our partners utilise modern physical security measures to prevent unauthorized access to
the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security
systems with limited (need-to-know) administrative access.
All our employees who have access to, or are associated with, the processing of personal data are contractually
obligated to respect the confidentiality of your data and abide by the privacy standards we have established.
Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard
practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.

Your Rights

Subject to verification of your identity, you may request access to and have the opportunity to update and amend your
personal data. You may also exercise any other rights you enjoy under applicable data protection laws.
For security reasons, we cannot deal with your request if we are not sure of your identity, so we may ask you for proof
of identification document. If a third party exercises one of these rights on your behalf, we may need to ask for proof
that they have been authorised to act on your behalf.
When you exercise one of your rights, or update your privacy settings in the P3M App or Website, it may take us up to
one month to respond or implement your changes.

Under UK data protection law, you have the right to:

  • Request access to any personal data we hold about you (“Subject Access Request”) as well as related data,
    including the purposes for processing the personal data, the recipients or categories of recipients with whom
    the personal data has been shared, where possible, the period for which the personal data will be stored, the
    source of the personal data, and the existence of any automated decision making.
  • Request correction or deletion of any personal data we hold about you.
  • Object to or restrict processing, except to the extent processing is required for the establishment, exercise or
    defence of legal claims.
  • Withdraw consent (where applicable) and request us to limit the way we use your personal data.
  • Receive your data in a portable format.
  • Under certain circumstances, request us to transfer personal data directly to a third party where this is
    technically feasible.

Also, where you believe that we have not complied with our obligations under this Privacy Notice or the applicable law,
you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Automated Decisions

We may use automated decision-making (including profiling) for account eligibility or risk assessment. You can request
human review of any such decisions and challenge the outcome.
As part of card services, automated systems are used to detect potential fraud or suspicious activity. These decisions
may affect your ability to complete a transaction. You have the right to request human review of such decision.

Contact Us

If you have any questions or concerns about how we handle your personal data, please contact:


Data Protection Officer
Privat 3 Money Ltd
23 Hill Street
Mayfair, London, W1J 5LW, United Kingdom
Email: compliance@privat3money.com (Subject: FAO Data Protection Officer)
Website: www.privat3money.com