Privacy Policy  
Last updated: 2 February 2026  
1. Introduction  
This Privacy Policy explains how the Scallop Group collects, uses, stores, shares, and  
protects personal data when customers access or use the Scallop website, mobile  
application, and any related platforms or services (collectively, the Platform).  
In this Privacy Policy, “Scallop”, “we”, “us” and “our” refer to the Scallop Group, acting  
through the relevant entity involved in the provision, operation, or support of the  
services. The relevant Scallop Group entity will be the data controller for the personal  
data processed in connection with the services it provides or supports, unless stated  
otherwise.  
It is important to read this Privacy Policy together with any other notices or policies  
we may provide from time to time regarding the collection and processing of  
personal data. This Privacy Policy supplements such notices and policies and does  
not override them.  
The Scallop Group operates as a group of independent entities in multiple  
jurisdictions. Each entity processes personal data in accordance with applicable data  
protection laws and regulatory requirements relevant to its activities. Where local law  
requires specific disclosures or customer rights, those will apply in addition to this  
Privacy Policy.  
Our Legal and Compliance function is responsible for overseeing questions relating  
to this Privacy Policy. Customers may contact us using the details set out in Section  
10.  
2. Purpose of this Policy  
The purpose of this Privacy Policy is to inform customers how we handle personal  
data when they use the Platform and related services. This includes personal data  
collected when customers visit, register, onboard, communicate with us, or use  
features of the Platform.  
The Platform is not intended for use by children, and we do not knowingly collect  
personal data relating to children.  
3. Collection of your personal data  
What information do we collect  
We may collect, use, store, and transfer different kinds of personal data, including:  
Identity data  
Information provided for onboarding, verification, and due diligence, including  
information processed through identity verification and compliance service  
providers.  
Contact data  
Physical address, email address, telephone number, and other contact details.  
Financial data  
Payment account information, funding and payout details, and other information  
required to provide services.  
Transaction data  
Details about transactions and activity carried out through the Platform, including  
amounts, currencies, counterparties, recipient details, bank details, and related  
metadata.  
Technical data  
Internet protocol address, browser type and version, time zone setting, location data  
where permitted, device identifiers, operating system, platform, and other  
technology information from devices used to access the Platform.  
Profile data  
Preferences, feedback, survey responses, and customer support communications.  
Usage data  
Information about how customers use the Platform, including features accessed and  
interaction patterns.  
Aggregated data  
Statistical or demographic data derived from personal data that does not directly or  
indirectly identify a customer.  
How do we collect personal data  
We use different methods to collect data, including:  
Direct interactions  
When customers complete forms, provide information during onboarding,  
communicate with us, or submit support requests.  
Automated technologies  
When customers interact with the Platform, we may automatically collect technical  
and usage data using cookies and similar technologies. Please see our Cookie Policy  
where available.  
Third parties  
We may receive personal data from service providers such as analytics providers,  
identity verification providers, compliance providers, payment service providers,  
banking partners, card programme partners, custodians, and other infrastructure  
providers, subject to applicable law.  
Do customers have to provide personal data  
We require certain personal data to provide services, to perform onboarding and  
verification, and to comply with legal and regulatory obligations. If customers do not  
provide required information, we may not be able to offer certain services.  
How do we use personal data  
We will only use personal data where permitted under applicable law. Common  
purposes include:  
Account creation and onboarding  
To register customers, create a Platform account, and maintain customer records.  
Identity verification and compliance  
To verify identity, perform due diligence, prevent fraud, conduct anti money  
laundering and counter terrorist financing checks, perform sanctions screening, and  
conduct ongoing monitoring.  
Providing services  
To operate the Platform, process transactions, provide customer support, and deliver  
requested services.  
Communications  
To send service related communications such as confirmations, operational notices,  
security alerts, and important updates.  
Improvement and analytics  
To improve the Platform, develop features, troubleshoot, and perform analytics.  
Legal and regulatory obligations  
To comply with applicable laws, respond to lawful requests, and enforce our rights.  
Marketing  
Where permitted by applicable law, and where required, based on customer  
preferences or consent.  
Data accuracy  
It is important that the personal data we hold is accurate and current. Customers  
should inform Customer Support of changes to their personal details without undue  
delay.  
When do we disclose personal data  
We may share personal data within the Scallop Group and with trusted third party  
service providers where necessary to provide services and operate the Platform. We  
take steps to ensure that personal data is processed in accordance with applicable  
data protection laws.  
Personal data may be shared with:  
Platform and technology providers  
Hosting providers, cloud services, software and infrastructure providers, analytics  
providers, and security service providers.  
Verification and compliance providers  
Identity verification providers, sanctions screening providers, fraud prevention  
providers, and related compliance service providers.  
Payments and financial partners  
Banks, payment service providers, card issuers or programme partners, processors,  
and settlement partners.  
Professional advisers  
Legal, audit, compliance, and other professional advisers where necessary.  
Authorities  
Regulators, supervisory authorities, law enforcement, courts, and government bodies  
where required by applicable law or where necessary to protect legal rights.  
Corporate transactions  
If the Scallop Group engages in a merger, acquisition, reorganisation, financing, or  
sale of assets, personal data may be shared for due diligence and transaction  
completion, subject to confidentiality and applicable law.  
International transfers  
The Scallop Group may operate and use service providers in multiple jurisdictions.  
Where personal data is transferred internationally, we take appropriate measures  
required by applicable law to protect personal data. This may include contractual  
protections and additional safeguards where required.  
How long we store personal data  
We retain personal data only for as long as necessary to fulfil the purposes described  
in this Privacy Policy, including legal, regulatory, accounting, and reporting  
requirements. Retention periods depend on the nature of the data and applicable  
legal obligations. Where required, we may retain data for longer periods to establish,  
exercise, or defend legal claims, or as required by law.  
4. Data security  
We implement appropriate technical and organisational measures designed to  
protect personal data against accidental loss, unauthorised access, alteration, or  
disclosure. Access to personal data is limited to personnel and service providers who  
have a business need to know and who are subject to confidentiality obligations.  
5. Data retention  
We retain personal data for as long as necessary for the purposes for which it was  
collected, including to satisfy legal, regulatory, and reporting requirements. We  
consider the amount, nature, and sensitivity of personal data, the potential risk of  
harm from unauthorised use or disclosure, and the applicable legal requirements.  
6. Your legal rights  
Depending on the customer’s location and applicable law, customers may have  
rights such as:  
Access  
Request a copy of personal data and information about how it is processed.  
Correction  
Request correction of inaccurate or incomplete personal data.  
Erasure  
Request deletion of personal data where permitted, subject to legal and contractual  
obligations.  
Objection  
Object to processing where we rely on legitimate interests, subject to applicable law.  
Restriction  
Request restriction of processing in certain circumstances.  
Portability  
Request transfer of personal data in a structured, commonly used, machine readable  
format where applicable.  
Withdraw consent  
Where processing is based on consent, customers may withdraw consent at any  
time. This does not affect processing carried out before withdrawal. To exercise  
rights, customers should contact us using the details in Section 10. We may need to  
verify identity before responding.  
7. Third party links  
The Platform may include links to third party websites, plug ins, and applications. We  
do not control third party sites and are not responsible for their privacy practices.  
Customers should review the privacy notices of any third party sites they visit.  
8. Complaints  
Customers may contact us with questions or complaints about this Privacy Policy or  
our handling of personal data using the details in Section 10.  
Where applicable under local law, customers may also have the right to lodge a  
complaint with a relevant data protection authority or supervisory body in their  
jurisdiction.  
9. Changes to the Policy  
We may update this Privacy Policy from time to time, for example to reflect changes  
to services, legal requirements, or operational practices. Any changes will take effect  
immediately upon publication on the Platform. Where required by applicable law, we  
may provide additional notice of material changes.  
10. Contact details  
If customers have questions about this Privacy Policy or wish to exercise legal rights,  
they may contact us:  
Email: support@scallopx.com