1. Information About the Data Controller

This Privacy Notice is issued by Market Fintech Ltd (hereinafter referred to as the “Company”), which acts as the Data Controller responsible for determining the purposes and means of processing your personal data.

• Company Name: Market Fintech Ltd
• Business Registration Number: a company incorporated in Canada under registration number 1000688883, holding a Money Services Business (MSB) license (No. M24608268).
• Registered Office: 18 King Street East, Suite 1400, Toronto, Ontario, M5C1C4, Canada.

You may contact the Company through the following channels:

• Phone: + 1 778 4861280
• Email (General Inquiries): info@marketfintech.pro

Contact for Personal Data Protection Matters

For any questions, concerns, or requests related to this Privacy Notice or how your personal data is processed, please contact our Data Protection Officer or Compliance Team:

• Email (Privacy & Compliance): compliance@marketfintech.pro
• Or use the contact information provided above

2. General Description of Personal Data Processing

This Privacy Notice explains how Market Fintech Ltd (the “Company”) processes personal data in the context of its business operations. It applies to:

• Customers and their authorized representatives
• Business partners and contact persons
• Website visitors
• Any other individuals whose personal data may be collected during service delivery or commercial engagement

By accessing our website or entering into a business relationship with us, you acknowledge that you have read and accepted the terms of this Privacy Notice.

Purpose of this Notice

The purpose of this Notice is to provide a general overview of how and why personal data is processed by the Company. More specific details may be outlined in the following documents, which supplement this Notice:

• General Terms and Conditions
• Privacy Policy 

This Notice applies only to the processing of personal data relating to natural persons. It does not govern the processing of corporate or institutional data unless such processing includes personal information.

Market Fintech Ltd acknowledges the sensitivity and importance of personal data. We are committed to processing all personal information in a lawful, fair, and transparent manner, in accordance with the highest standards of confidentiality and security, as required by applicable Canadian privacy laws (such as PIPEDA) and, where relevant, international data protection legislation such as the EU GDPR.

3. Purposes for Processing Personal Data and the Lawful Basis

Market Fintech Ltd (the “Company”) processes personal data only for specific, legitimate, and clearly defined purposes. These processing activities are grounded in legal obligations, the performance of contracts, explicit consent (where required), and the Company’s legitimate business interests. The legal bases are aligned with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the EU General Data Protection Regulation (GDPR).

a) Customer Onboarding, Service Provision, and Account Management

Personal data is processed for the initiation, execution, and administration of services, including:

• Identity verification and due diligence
• Risk profiling and suitability assessments
• Retention of KYC documentation
• Processing and tracking transactions
• Ongoing communication regarding services

Data categories processed include:

• Identification data: full name, date of birth, ID number, document scans, citizenship, photo
• Contact details: email, phone, address, communication preferences
• Professional and economic data: employment, education, transaction activity
• Financial data: income sources, bank accounts, obligations, ownership information
• Tax data: tax residency, TIN, PEP status
• Transaction and usage data: service type, account activity, transaction logs

b) Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) Compliance

Processing is conducted in line with applicable AML/CTF legislation to:

• Identify and verify customers and beneficial owners
• Validate the origin of funds
• Assess transactional risks and monitor counterparties
• Report suspicious activities to regulators

c) Risk Assessment and Product Suitability

Personal data may be collected from public or regulatory sources to:

• Determine service eligibility and terms
• Fulfill obligations related to financial risk classification
• Comply with product-specific regulatory frameworks

d) Legal and Regulatory Compliance

Data is processed to meet requirements from supervisory, tax, and law enforcement authorities. This includes responding to official inquiries, audits, and regulatory filings.

e) Execution of Payment Transactions

To process payments and financial transfers—domestically and internationally—MF collects and uses identification, transaction, and financial status data, as required by international financial network standards.

f) Protection of Customer and Company Interests

Processing is conducted to safeguard the rights and interests of the Company and its customers, including:

• Service quality control and audit trail management
• Prevention, investigation, and mitigation of fraud or abuse
• Cybersecurity monitoring and system logging
• Internal staff training and risk monitoring

g) Enforcement of Legal Rights and Debt Recovery

Data may be processed to:

• Enforce contracts or settle legal claims
• Recover outstanding debts
• Retain records relevant to orders, payments, and obligations

h) Security and Property Protection

Security measures may include:

• CCTV footage and physical access logs
• Call recordings (where permitted)
• Digital system monitoring to prevent unauthorized access

i) Marketing and Communications

Where permitted by law or based on consent, MF may use contact data to:

• Send promotional communications
• Notify individuals of services, campaigns, or events

You may opt out of marketing communications at any time.

j) IT System Maintenance and Improvement

Personal data related to usage and performance may be processed to:

• Maintain service availability
• Identify bugs and technical issues
• Enhance platform security and reliability

Main Lawful Bases for Processing

Processing activities described above are based on the following legal grounds:

• Consent – where freely given, informed, and unambiguous (e.g., for marketing communications)
• Performance of a Contract – when necessary to deliver agreed services
• Compliance with Legal Obligations – including financial, regulatory, and tax-related duties
• Legitimate Interests – such as fraud prevention, service improvement, IT security, and customer relationship management

4. Why Provide Personal Data?

Market Fintech Ltd collects personal data primarily to deliver services, fulfill contractual obligations, comply with legal and regulatory requirements—including anti-money laundering and counter-terrorism financing (AML/CTF) laws—and support its legitimate business interests.

Providing certain categories of personal data is necessary for:

• Establishing and maintaining a customer or business relationship
• Delivering personalized services and applying favorable contract terms
• Ensuring compliance with applicable statutory and regulatory obligations

Where specific data is not legally or contractually required, individuals may be informed that submission is voluntary, especially if such information enhances service quality or enables preferential terms.

Mandatory Data Requirements

Certain personal data is required by law and must be provided in the following scenarios:

1. AML/CTF and Regulatory Compliance
   Personal data described in Section 3(a) is mandatory for compliance with financial crime prevention regulations. This includes identity verification, risk profiling, and transaction monitoring.
2. Business Documentation Involving Natural Persons
   For business transactions involving individuals, the following data is typically required:
   • First and last name
   • Identity document number (where applicable)
   • Residential or declared address

Failure to provide required personal data may result in the inability of the Company to offer services, establish a contractual relationship, or comply with legal obligations.

5. How Is Personal Data Obtained?

Market Fintech Ltd collects personal data through a variety of secure and lawful channels. The information may be provided directly by the data subject or obtained from authorized third parties or automated systems.

Personal data may be obtained through:

• Direct submission during service registration, onboarding, or contract formation
• Data provided by an authorized representative or legal contact when acting on behalf of a third party
• Communication via email, phone, or other correspondence
• Online service applications or account setup on the Company’s website
• Authorization via integrated services such as online banking or mobile apps
• Cookies and other tracking technologies during website visits (see Website and Cookie Policy)
• Third-party databases, where permitted, for purposes such as credit checks, fraud prevention, and KYC/AML due diligence

5.1 Profiling and Automated Decision-Making

Market Fintech Ltd may, in specific instances, process personal data for profiling purposes. Profiling is used to:

• Assess customer risk levels
• Personalize services or recommendations
• Tailor offers to customer needs and behaviors
• Analyze trends and user preferences to enhance service delivery

Profiling may be based on both internally collected data and externally sourced data, including financial behavior, transaction history, and publicly available information.

Automated Decision-Making

MF does not rely solely on automated decision-making that produces legal or similarly significant effects. Where automated processes are used to assist in decision-making (e.g., fraud alerts or credit scoring), the Company ensures:

• Transparent logic and outcomes
• An option for human review or appeal
• The right of data subjects to object or request intervention, especially in cases involving marketing personalization or service restrictions

The Company takes steps to ensure all automated processing remains fair, transparent, and compliant with applicable privacy regulations.

6. Who Can Access Personal Data?

Access to personal data held by Market Fintech Ltd is strictly regulated and granted only on a need-to-know basis in line with legal obligations, contractual requirements, and internal access control protocols.

Personal data may be accessed or disclosed to the following categories of recipients:

• Authorized employees and personnel of Market Fintech Ltd who require access to perform their duties related to service delivery, compliance, or risk management
• Data processors (external service providers) who process personal data on behalf of the Company, limited to the scope necessary for providing their specific services (e.g., cloud hosting, KYC providers, or transaction processors)
• Contract-related third parties such as surety providers, guarantors, pledgors, or agents acting under contractual arrangements
• Regulatory bodies, supervisory authorities, and law enforcement agencies when required by law, court order, or regulatory inquiry
• Entities managing public or statutory registers, such as corporate, population, or property databases, for verification purposes
• Credit institutions, financial intermediaries, insurance providers, and rating agencies, involved in transaction execution, financial assessments, and reporting obligations

Each third party or partner granted access to personal data is subject to strict confidentiality obligations, data processing agreements, and data security requirements, ensuring that your information is handled responsibly and in compliance with applicable data protection laws.

7. Selection of Data Processors and Counterparties

Market Fintech Ltd engages third-party service providers (“data processors”) to support its operational, legal, and technical functions. Personal data is shared with such processors only after a thorough due diligence process and under strict contractual agreements that ensure confidentiality, security, and compliance with data protection laws.

Data processors are granted access to personal data only to the extent necessary to perform their designated tasks on behalf of the Company.

Current categories of data processors and counterparties include:

• Group entities and affiliated companies, including international branches or representative offices
• Professional service providers, such as outsourced accountants, auditors, legal counsel, compliance consultants, and translators
• Financial infrastructure partners, including participants in European and international payment systems (e.g. SWIFT) and related clearinghouses
• Debt recovery and collection agencies, contracted under the assignment of rights or recovery agreements
• IT service providers, including infrastructure hosting, database administrators, cloud services, and cybersecurity vendors
• Ancillary service providers, such as archiving services, postal/courier delivery, and digital signature platforms

Market Fintech Ltd continuously reviews and updates its list of processors to align with evolving business needs, regulatory obligations, and technology standards.

All data processors are contractually bound to process data in compliance with applicable laws, including PIPEDA, and where applicable, GDPR or equivalent international data protection frameworks.

8. International Data Transfers

Market Fintech Ltd primarily processes personal data within Canada, and where applicable, within jurisdictions that have been recognized as providing an adequate level of data protection.

However, in certain circumstances, your personal data may be transferred to, or accessed from, countries outside Canada, including countries outside the European Union (EU) and the European Economic Area (EEA).

International transfers are carried out only when one or more of the following legal bases apply:

• Explicit consent of the data subject, following notification of the potential risks involved
• Compliance with a legal obligation imposed on the Company
• Necessity for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract
• Implementation of appropriate safeguards, such as:
  • Standard Contractual Clauses (SCCs) approved by the European Commission or applicable Canadian authorities

• Binding Corporate Rules (BCRs) or other equivalent transfer mechanisms
• Confirmation of adequacy by the European Commission or relevant data protection authority regarding the recipient country’s data protection regime

All international data transfers are executed with strict confidentiality, encryption where appropriate, and robust contractual safeguards to ensure that your personal data remains protected regardless of its destination.

Additional details about specific international transfer mechanisms or a list of countries to which your data may be transferred can be provided upon request by contacting: compliance@marketfintech.pro

9. How Long Is Personal Data Stored?

Market Fintech Ltd retains personal data only for as long as is necessary to fulfill the purposes for which it was collected and processed, and in compliance with applicable legal, regulatory, and contractual requirements.

When determining appropriate retention periods, the Company considers:

• Applicable legal and regulatory obligations (e.g., anti-money laundering, tax, and financial services laws)
• Contractual requirements between the Company and the data subject
• Instructions or preferences expressed by the data subject (particularly where processing is based on consent)
• The Company’s legitimate interests, such as legal defense or fraud prevention

Typical Retention Periods

• Contractual Data: Retained for the duration of the contract and until all obligations are fulfilled, plus any statutory limitation period thereafter.
• Customer Due Diligence (CDD)/KYC Data: Including identification documents, transaction records, and correspondence — stored for the life of the business relationship and for five (5) years following its termination, in accordance with AML/CTF regulations.
• Transaction and Accounting Data: Retained as required by applicable financial, tax, or bookkeeping legislation.
• Legal Compliance Records: Stored as long as necessary to prove compliance, generally aligned with applicable limitation periods under civil or financial law.
• Consent-Based Data: Retained for the duration of the consent or until the individual withdraws consent, unless another lawful basis for continued processing applies.

Once personal data is no longer required for its original purpose and no legal grounds for further retention exist, it is securely deleted, destroyed, or irreversibly anonymized in accordance with industry-standard data destruction procedures and security protocols.

10. Rights of the Data Subject

Market Fintech Ltd respects and upholds the rights of individuals whose personal data it processes. These rights are granted under applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and, where applicable, the EU General Data Protection Regulation (GDPR).

Data subjects are entitled to the following rights:

Right of Access and Data Portability

You have the right to obtain confirmation of whether we process your personal data, and if so, to receive:

• A copy of your personal data in electronic format
• Additional information about the purposes and legal basis for processing

Right to Rectification and Erasure

You may request:

• Correction of inaccurate or outdated personal data
• Erasure of your data when it is no longer necessary for the original purpose or where processing is unlawful, subject to applicable retention or legal obligations

Right to Restrict Processing

You may request a restriction on the processing of your personal data in circumstances such as:

• If the data’s accuracy is contested
• If processing is unlawful but you prefer restriction over deletion
• If the data is no longer needed but is required for legal claims

Right to Object

You may object to the processing of your data where it is based on:

• Legitimate interests, including profiling
• Direct marketing, at any time and without justification

Right to Be Informed of New Processing Purposes

You will be notified in advance if your data is to be used for any purpose other than those originally stated at the time of collection.

Rights Related to Automated Decision-Making and Profiling

If any significant decisions are made solely through automated means, you have the right to:

• Request human intervention
• Express your point of view
• Contest the decision You may also choose to opt out of profiling used for marketing or risk assessment.

Right to Withdraw Consent

Where processing is based on your consent (e.g. for marketing communications), you may withdraw your consent at any time. This does not affect the lawfulness of processing that occurred prior to the withdrawal.

How to Exercise Your Rights

To exercise any of the above rights, you may submit a written request along with proof of identity through one of the following channels:

• Email: compliance@marketfintech.pto or info@marketfintech.pro
• Mailing Address: 18 King Street East, Suite 1400, Toronto, Ontario, M5C1C4, Canada.

Market Fintech Ltd will respond within 30 days of receiving your request, in accordance with applicable privacy laws. If more time is needed due to complexity or volume of requests, you will be notified of the delay and provided with an explanation.

11. Filing a Complaint

If you have any questions, concerns, or objections regarding the way Market Fintech Ltd processes your personal data, we encourage you to contact us first using the communication methods outlined in this Notice:

• Email: compliance@marketfintech.pro
• General Inquiries: info@marketfintech.pro
• Mailing Address: 18 King Street East, Suite 1400, Toronto, Ontario, M5C1C4, Canada.

We are committed to resolving all data privacy concerns promptly and transparently.

If you are not satisfied with our response, or believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant data protection authority:

In Canada:

Office of the Privacy Commissioner of Canada (OPC)

• Address: 30 Victoria Street, Gatineau, QC K1A 1H3
• Telephone: 1-800-282-1376
• Website: www.priv.gc.ca

For Data Subjects in the European Union:

You may also contact your local EU supervisory authority, or the authority in the country where the alleged infringement occurred.