Privacy Policy – MarketFintech

Introduction

Market Fintech Ltd (“we”, “our”, or “MF”) is a company incorporated in Canada and registered as a licensed Money Services Business (MSB). This Privacy Policy (hereinafter referred to as the “Policy”) outlines the principles governing the collection, processing, and storage of personal data submitted by customers or collected through the use of MF’s services and website.

For the purposes of this Policy, personal data refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, through identifiers such as a name, identification number, location data, online identifier, or other elements specific to that individual’s identity.

By submitting personal data, customers consent to its processing, storage, and transfer in accordance with the terms of this Policy. MF applies appropriate technical and organizational measures to ensure that personal data is processed securely and in compliance with applicable data protection legislation.

By using our services or accessing our website, customers are presumed to have read and accepted this Policy.

This Policy reflects our current data protection practices and is reviewed and updated as necessary to incorporate changes in legal and regulatory requirements or business operations. At a minimum, this Policy will be reviewed annually.

Market Fintech Ltd is committed to protecting personal data and ensuring privacy by complying with relevant data protection frameworks, including:

Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
General Data Protection Regulation (EU GDPR) (Regulation (EU) 2016/679), where applicable
Anti-Money Laundering and Counter-Terrorist Financing regulations
Applicable provincial laws in Canada
European Union Standard Contractual Clauses (SCC), where cross-border transfers apply
Guidance issued by the Office of the Privacy Commissioner of Canada (OPC)

Transfers of personal data outside Canada or the European Economic Area (EEA) are carried out only when appropriate safeguards are in place to ensure compliance with applicable data protection laws and to protect the rights and freedoms of data subjects.

Data Controller, Responsible Person, Supervisory Authority, and Website

2.1 Data Controller

Market Fintech Ltd (MF) acts as the Data Controller (“Controller”) and is responsible for determining the purposes and means of processing personal data collected from customers and users of its services. MF is incorporated under the laws of Canada and is licensed as a Money Services Business (MSB).

Legal Address:
18 King Street East, Suite 1400, Toronto, Ontario, M5C1C4, Canada
Email: compliance@marketfintech.pro

Customers may request access to their personal data at any time, including information about the collection, use, disclosure, and storage of their data. Requests should be directed to our designated data protection contact.

2.2 Responsible Person for Data Protection

The Head of Compliance at Market Fintech Ltd is responsible for ensuring data protection compliance and for overseeing adherence to applicable data protection laws and internal policies. This individual serves as the primary contact for data protection inquiries and ensures that data processing activities align with regulatory obligations.

Contact for Data Protection Inquiries:
Email: compliance@marketfintech.pro

2.3 Supervisory Authority

Market Fintech Ltd operates under the jurisdiction of the Office of the Privacy Commissioner of Canada (OPC), the authority responsible for overseeing compliance with federal data protection laws in Canada.

Contact Information:
Office of the Privacy Commissioner of Canada
Website: www.priv.gc.ca

Phone: 1-800-282-1376

3. Legal Grounds for Personal Data Processing

Market Fintech Ltd processes personal data only where a valid legal basis exists. Personal data is collected and used under the following conditions:

The purposes for processing are clearly defined in advance.
Data collected is limited to what is necessary for those purposes.
A lawful basis for processing is established and documented.
Individuals are informed of their rights concerning their personal data.

Processing is conducted in accordance with applicable laws, including PIPEDA, GDPR (where applicable), and Canadian anti-money laundering legislation. The main legal bases for processing are:

Performance of a Contract
Personal data is processed when necessary to provide services and enter into or perform contractual obligations with the customer. This includes onboarding, service access, and transaction processing.
Compliance with Legal Obligations
MF is legally required to process certain personal data in accordance with regulatory frameworks, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Counter-Terrorism Financing (CTF) obligations. This ensures regulatory compliance at national and international levels.
Legitimate Interests
MF may process personal data for its legitimate business interests or those of third parties, provided such interests are not overridden by the rights and freedoms of the data subject. This includes fraud detection, security measures, and operational risk assessments.
Risk Assessment and Management
Data may be used to evaluate risk exposure, monitor financial activity, and detect potentially suspicious or illegal behaviour in accordance with compliance frameworks.
Consent
Where applicable, MF processes personal data based on the individual’s explicit consent. This is relevant for optional services such as marketing communications, newsletter subscriptions, and voluntary data submissions via our website. Consent can be withdrawn at any time without affecting the lawfulness of prior processing.

4. Personal Data Storage

Market Fintech Ltd processes and retains personal data for the duration of the business relationship with the customer and for a defined period thereafter, in accordance with legal, regulatory, and operational requirements.

Personal data is typically stored for five (5) years following the termination of the business relationship, unless a longer retention period is required by law or justified by regulatory obligations.

MF ensures that personal data is stored securely using centralized, access-controlled systems. Once the mandatory retention period expires, data is either permanently deleted, anonymized, or securely destroyed, in accordance with applicable data protection laws and internal retention policies.

Where legal or regulatory restrictions prohibit immediate deletion (e.g., ongoing investigations or legal holds), MF will retain the data until such restrictions are resolved.

When determining the appropriate retention period, MF considers the following factors:

Applicable legal and regulatory data retention requirements (e.g., under Canadian AML laws, GDPR, or PIPEDA)
Contractual obligations related to transaction records or dispute resolution
Instructions from data subjects (in consent-based processing scenarios)
Legitimate business interests such as fraud prevention, legal claims, or audit readiness

If personal data is no longer needed for its original purpose, and no other legal basis for retention exists, it will be securely deleted or anonymized.

5. Personal Data Transfer

Market Fintech Ltd (MF) does not sell or rent personal data under any circumstances.

Personal data is transferred to third parties only when necessary for service delivery, regulatory compliance, or risk management—and always in accordance with applicable Canadian, European, or other relevant laws. All third-party transfers are governed by contracts that ensure data confidentiality, integrity, and security.

Transfers of personal data occur only under the following conditions:

A lawful basis for the transfer has been established;
The transfer is necessary to provide services or fulfil legal obligations;
A data processing agreement or equivalent contract is in place with the recipient to ensure compliance with applicable data protection standards.

Typical third-party recipients include:

Financial institutions and payment service providers facilitating payment processing;
IT infrastructure partners (e.g., hosting services, cloud storage, SMS platforms);
KYC/AML verification providers and fraud prevention services;
Government regulators, law enforcement agencies, or courts, when legally required.

MF may also disclose data when:

Authorized or requested by the data subject;
Required for emergency response, public safety, or legal compliance;
Necessary to assert or defend legal claims;
Performed on behalf of the data subject by a legally authorized representative.

5.1 Cross-Border Data Transfers

Personal data may be transferred outside of Canada or the European Economic Area (EEA) only when one of the following applies:

The recipient country has been recognized by the European Commission as providing adequate data protection;
Appropriate safeguards are implemented, such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or equivalent measures;
A valid legal exception applies, such as:
- Explicit consent of the data subject (with full disclosure of potential risks);
- The necessity of the transfer for contract performance or pre-contractual steps;
- Protection of vital interests where consent cannot be obtained;
- Legal obligations, public interest tasks, or legitimate legal claims.

MF may also process data obtained from external and reputable sources, such as:

Public registries and company databases;
Sanctions lists, PEP registries, and risk screening tools;
Third-party verification and compliance service providers.

All data recipients are carefully selected and subject to strict confidentiality, security, and legal compliance obligations.

6. Personal Data Processed

Market Fintech Ltd (MF) processes multiple categories of personal data to support the delivery of its services, fulfill legal and regulatory obligations, and conduct effective risk management in accordance with applicable data protection laws.

All data processing is carried out in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), international AML/CTF regulations, and other applicable standards.

Categories of Personal Data Processed

The personal data we process may include the following:

1. Identification and Contact Data

Full legal name, date of birth, nationality, gender
Government-issued identification (passport, ID card, driver’s license)
Address, phone number, email, preferred communication language
Photographs or selfie images for identity verification

2. KYC and Compliance Data

PEP status, sanctions list screening, adverse media
Source of funds and wealth, occupation, business type
Risk classification data used for AML assessments

3. Financial and Transactional Data

Bank account details, SWIFT/BIC, IBAN, or cardholder data (processed via PCI DSS-compliant systems)
Transaction history, volume, purpose, counterparties
Billing and invoice records, digital asset transaction details (where applicable)

4. Technical and Security Data

IP address, browser type, device information
Login credentials, timestamps, session duration
Location data, user behavior, authentication logs

5. Communication and Support Data

Records of email correspondence and phone support
Data submitted through web forms, customer portals, or chats
Call recordings (where applicable and permitted by law)

6. Third-Party and Public Source Data

Data from publicly accessible registries (corporate, legal, sanction lists)
Verification from external compliance platforms or screening tools
Information provided by authorized representatives of the data subject

Data Sources

Personal data is obtained from a variety of sources, including:

Directly from the data subject (e.g., via onboarding forms or verification tools)
Authorized third-party representatives or account administrators
Publicly available registers (e.g., company registries, government databases)
Private verification databases and credit reporting services
External KYC, AML, and fraud prevention service providers

Data Security and Integrity

MF implements strict technical and organizational security measures to protect personal data from:

Unauthorized access
Unlawful processing or misuse
Accidental loss, destruction, or alteration

Security protocols are continuously reviewed to ensure compliance with legal, regulatory, and industry-specific standards, maintaining the confidentiality, integrity, and availability of all personal data under our control.

7. Rights Related to Personal Data Processing

Market Fintech Ltd (MF) respects and upholds the rights of individuals as granted under applicable data protection legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the General Data Protection Regulation (EU GDPR), where applicable.

Data subjects have the following rights regarding their personal data:

Right of Access and Data Portability

You have the right to request confirmation of whether MF processes your personal data.
You may request access to your data and receive an electronic copy in a structured, commonly used, and machine-readable format.

Right to Rectification and Erasure

You may request that inaccurate or incomplete personal data be corrected.
You may also request the erasure of your data if it is no longer necessary for the purposes for which it was collected, unless retention is required by law or for legitimate business purposes.

Right to Restrict Processing

You may request the restriction of your personal data processing in specific circumstances, including:

If the accuracy of the data is contested;
If processing is unlawful but deletion is not desired;
If data is no longer required for processing, but is needed for legal claims;
If an objection to processing is pending resolution.

Right to Object to Processing

You may object to the processing of your data based on MF’s legitimate interests (or those of a third party), especially where such processing impacts your fundamental rights and freedoms.

Right to Be Informed of New Purposes

You will be informed in advance if your personal data will be processed for purposes different from those originally disclosed.
You have the right to know whether providing personal data is mandatory or contractual, and the consequences of not providing it.

Rights Related to Automated Decision-Making

If decisions significantly affecting you are made solely through automated processing, you may request human intervention, express your viewpoint, and contest the decision.
You may also opt out of such automated decision-making where permitted by law.

Right to Withdraw Consent

Where processing is based on your consent (e.g., for marketing), you have the right to withdraw consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you may file a complaint with the Office of the Privacy Commissioner of Canada or, if applicable, your local supervisory authority in the EEA.

Exercising Your Rights

Requests to exercise any of the above rights can be made by contacting us at:
Email: compliance@marketfintech.pro
Access will be provided at no cost unless requests are excessive or unfounded.
If we are unable to fulfill a request immediately, we will provide a timeline for response.
Where access is denied, a clear explanation will be provided.

8. Personal Data Recipients

Market Fintech Ltd (MF) may disclose personal data to specific categories of recipients where necessary to fulfill contractual obligations, ensure regulatory compliance, or support legitimate business functions. All disclosures are made in accordance with applicable privacy and data protection laws and under strict confidentiality and security safeguards.

8.1 Internal Recipients

Personal data may be accessed internally by:

Members of MF’s management and executive teams
Employees, contractors, and authorized representatives who require access for their work responsibilities

8.2 Regulatory, Supervisory, and Legal Authorities

Disclosure may be required to:

Government agencies, tax authorities, and financial market regulators
Courts, prosecutors, and law enforcement agencies
Operational, intelligence, and investigatory bodies
Notaries, arbitrators, and official dispute resolution bodies
Supervisory authorities in foreign jurisdictions, where legally applicable

8.3 Financial and Business Partners

To facilitate financial transactions or risk controls, personal data may be shared with:

Banks, correspondent banking institutions, and payment networks
Credit bureaus, credit reference agencies, and financial intermediaries
Securities registries, stock exchanges, and depositories
Business partners involved in payment processing or merchant relationships

8.4 External Service Providers

Personal data may also be processed by carefully selected third parties under contract with MF, including:

Compliance partners for KYC/AML checks, fraud screening, and sanctions monitoring
IT infrastructure providers, cloud hosting companies, and communication platforms
Auditors, legal advisors, consultants, and professional services firms
Vendors and agents involved in operational support functions

Note:
MF ensures that all recipients—internal or external—are bound by data protection obligations and confidentiality agreements. Disclosures are made only when necessary for legal compliance, the performance of a contract, the protection of legitimate interests, or where otherwise permitted by law.

9. Website and Cookies

Market Fintech Ltd (“MF”) operates an official website https://marketfintech.pro that serves as an informational platform outlining its business activities, services, policies, and legal terms of use.

9.1 Third-Party Links and External Websites

The MF website may include links to external websites, plug-ins, or third-party applications. Clicking on those links may allow third parties to collect or share data about you. MF does not control these external websites and is not responsible for their privacy policies or practices. We encourage users to review the privacy notices of every third-party site they visit.

9.2 Protection of Minors

The MF website is not directed at, nor intended for, individuals under the age of 13. MF does not knowingly collect personal data from minors. If it becomes known that such data has been collected, it will be promptly deleted. Concerns regarding the data of minors can be reported to: compliance@marketfintech.pro

9.3 Use of Cookies

Cookies are small text files placed on your device to help improve website functionality, track usage patterns, and remember preferences.

MF’s website may use the following types of cookies:

Type of Cookie	Purpose	Storage Duration
Session Cookies	Maintain session security and enable site navigation	Active only during current website session
Persistent Cookies	Store user settings (e.g., language, login preferences) and navigation stats	Retained until expiry or manual deletion
Third-Party Cookies	Used by services like Google Analytics to monitor behavior across websites	Subject to third-party retention policies

Cookie-related data is stored only for the purposes described and not used to personally identify visitors unless expressly disclosed.

9.4 User Control Over Cookies

When accessing the MF website for the first time from a new IP address, visitors will have the option to accept or reject cookies.

Users can also configure their web browsers to:

Alert them when cookies are used
Automatically disable all or selected cookies

More information is available at: www.allaboutcookies.org/manage-cookies

Please note: disabling cookies may impair the performance or availability of some features on the site.

9.5 Website Security and Data Protection

Cookies used on the MF website do not contain viruses, malware, or spyware, and cannot install harmful software. The website is regularly scanned for vulnerabilities and maintained using industry-standard security protocols to ensure a safe browsing experience.

MF respects user privacy and does not use cookies to personally identify visitors without their explicit consent.