The protection of your personal data is of utmost important to Calida Financial Limited (further in
text “Calida”). In this Privacy policy, we give clear and transparent information about how we handle
your personal data.

Please read this policy with attention to understand our policies and practices regarding your
personal information and how we will treat it. Contact details are provided at the end of the policy
for any privacy enquiries you may have or if you wish to contact us.

References to “you” in this policy are to the individual who is accessing or applying to use the Calida
Services (defined below) either on your own account or on behalf of a business. This includes, in
relation to a customer or prospective customer of Calida, any sole trader and any principals,
including the managing and financial directors, any other directors and officers, shareholders,
partners and beneficial owners of a customer, as well as any member of staff accessing or using the
Services on behalf of a customer.

Calida is committed to protecting your privacy and will take all appropriate steps to ensure that your
personal information is treated securely and will be collected, used, stored and disclosed in
accordance with this policy. This policy (together with our terms and conditions applying to any
specific services you may purchase or use) applies:
● to the website/portal features and services provided to you when you visit our websites,
portals or our payment panels our clients may use on their websites;
● when you apply to use and/or use Calida’s products and services (including any loyalty or
reward schemes – if applicable), as well as when you request changes to the services you are
using;
● to your use of software including terminals, mobile and desktop applications provided by
Calida; and
● to email, other electronic messages including SMS, telephone, web chat, website/portal and
other communications between you and Calida.

Together these are all referred to in this policy as “Services”.

WHAT TYPE OF INFORMATION WE COLLECT?
We may collect and process both personal and non-personal information relating to you.
Personal information is information that can be used to uniquely identify a single person, either
directly or indirectly. The Personal Data may be freely provided by you, or collected automatically when using this
Application.

Calida collects non-personal information as well, or may anonymise personal information in order to
make it non-personal. Non-personal information is information that does not enable a specific
individual to be identified, either directly or indirectly. Calida may collect, create, store, use, and
disclose such non-personal information for any reasonable business purpose. For example, Calida
may use aggregated transactional information for commercial purposes, such as trend analysis and
the use of data analytics to obtain learnings and insight around payment transaction patterns and
usage.

To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be
personal information under any local law, and where such local law is applicable to Services, we will
manage such identifiers as personal information.

Please note that Calida provides services to both individual consumers and businesses and this
privacy policy applies to both and should be read and interpreted accordingly.

INFORMATION WE COLLECT FROM YOU
We shall collect the following information through the means as described in the following text.
Information you give us:
– we receive and store any personal information (including financial information, but not sensitive
payment data) you provide to us including when you (or your business) enquire for or make an
application for the Services.
– register to use and/or use any Services; upload and/or store information with us using the Services;
– when you communicate with us through email, SMS, a website or portal, or the telephone or other
electronic means, e.g., in the context of contacting us about your account or transactions.

Such information may reference or relate to you or your customers and includes:
● Name including first name and last name, date of birth, age, email address, phone number if
applicable, billing address, username, password and/or photograph, biometric information ,
address, occupation if applicable, nationality and country of residence, a copy of your
identification, such as your driver’s license or passport, your social security number and/or
other government identification or registration data. This will be collected and may be
verified by our system software which can be third party.
● Information relating to any transaction using the Calida system, including the location of the
transaction, the counterparty to the transaction, the value, the time and any other metadata
relating to the same.
● Information about your use of the Services, such as information about how frequently you
transact with us, your average transaction volume, account balances, and merchants to
whom you transact;
● Photos and videos taken during Calida events you have registered for, for distribution to
event participants and in our promotional materials for future events
● Any other information that you or your customer provide or is generated in the context of
using the Services.
● In case of Merchant/Supplier documents and application form and agreement as required by
compliance and onboarding.

Information which we shall collect about you automatically: Calida receives and stores certain
information automatically whenever you interact with Calida, whether or not you register an account
or undertake a transaction with us; for example by way of “cookies” or similar technology. We also
obtain certain information when your web browser accesses Services or advertisements and other
content provided by or on behalf of Calida on other web sites, or when clicking on emails. Collecting
this information enables us to better understand the visitors and customers who use and interact
with Calida, where they come from, and how they use our services. We use this information for our
analytics purposes and to improve the quality and relevance of our services for our visitors and
customers. This information includes:
● Technical information, including the Internet protocol (IP) address used to connect your
computer or device to the Internet, your login information, browser type and version, time
zone setting, browser plug-in types and versions, operating system platform, frequency and
length of visits, and what links you click on;
● Information about your visit or whether you opened an email, including your geolocation,
the full URL clickstream to, through and from our site (including date and time); products or
services you viewed or searched for; page response times, download errors, length of visits
to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and
methods used to browse away from the site page and any phone number used to call our
customer service number.
● Email and Other Communications: we may receive information about you and your use of
Services when we communicate with each other, including when you open messages from us
and from the use of electronic identifiers (sometimes known as “device fingerprints”), for
example, Internet Protocol addresses or telephone numbers.
● Information from Other Sources: we may receive information about you from other sources
and add it to our account information, including when you apply to use the Services. For
example, we work closely with, and receive information from, third parties like business
partners, banks and other financial institutions, merchants, subcontractors in technical,
payment and delivery services, advertising networks, analytics providers, search information
providers, government lists and databases, social media sites (including posting made by or
about you or us), (credit reference and fraud prevention agencies). Credit reference and
fraud prevention agency use is further explained below. We may also review public
comments and opinions made on social networking sites (e.g. Facebook and Twitter) to
better understand our customers and our provision and development of Services.

WHAT WE USE YOUR PERSONAL INFORMATION FOR
We may use and share the personal information we collect for the following purposes:
● To provide our Services to you and your business, including fulfilling Calida’s obligations to
you or to financial or other institutions in connection with the Services we provide to you
(and / or your business). In this context we record and track details of transactions you (and /
or your customers) carry out in relation to the Services;
● To improve and develop our business, including without limitation to optimise our
websites/portals, products and services. This may include using information you insert into
forms but do not submit to us, for example by using that information to optimise our
website(s) and contacting you for customer services purposes in relation to that form. We
can also use your personal information to develop and test new products and services
including in our secure and controlled test environment, or occasionally in those of our
suppliers;
● To manage and enforce our rights, terms and conditions or any other contracts with you
(and/or your business), including to manage any circumstances where transactions are
disputed; manage, investigate and resolve complaints; or recover debt or in relation to your
insolvency;
● To prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves,
our customers and the integrity of the financial system, it may be necessary to process and
disclose sensitive personal information (sometimes known as special category personal data)
including biometric data to third parties who help us in managing such risks, including
identity verification. This may include software and services we use to verify your
identity/age by determining whether a selfie you take matches the photo in your ID;
● During the identification process we may use a facial recognition process to compare your
selfie with your uploaded ID document. During this process biometric data is generated by
creating a digital map of your face in order to better compare your ID photo and your selfie
picture. This helps to reduce fraud and is therefore in the substantial public interest. But any
biometric information generated is immediately deleted following a match. Calida itself does
not generally store or retain biometric data because such information is generally generated
using secure third-party anti-fraud systems.
● To prevent, detect and prosecute fraud and other crimes and abuses of the financial system,
or to assist others in doing so, including non-compliance with any terms of business and
which may involve the sharing of any relevant or necessary information we have collected or
inferred with third parties for such purposes. Calida participates in anti-fraud initiatives,
which involve assessing you (and/or your customers) and monitoring your transactions
and/or locations, to detect patterns requiring investigations or otherwise profile and assess
the likelihood of fraud occurring or non-compliance with our or other’s terms of business.
We can do so utilising products and services from third parties. Besides, if you give us false or
inaccurate information about you, or we identify or suspect a fraud or a crime, we may pass
your information to fraud prevention agencies and organisations and to law enforcement
agencies and similar bodies, and we may decide to take legal action against you;
● To contact you about your account, to alert you to potential problems, and to respond to
your questions to us;
● To manage risks, such as credit and foreign exchange risks, as well as to prevent or mitigate
information security risk;
● To comply with local and national laws;
● To comply with requests from law enforcement and regulatory authorities on public interest
grounds or from commercial organisations with whom you have or have had dealings, to
establish, exercise or defend legal claims, or to protect your vital interests or those of other
persons, for example to help those authorities or other organisations in the fight against
crime and terrorism;

If you provide information to be published or displayed on public areas of the website/portal or
transmitted to other users of the website/portal or third parties, you understand that such
information can be used by any third parties accessing the information for any purposes. This
information is posted by you at your own risk and you must comply with the terms of use of such
site.

DISCLOSURE OF YOUR INFORMATION
We do not disclose information which could identify you personally, to anyone except as described in
this policy, as permitted or required by law, and/or for the purposes described in this policy,
including:
● Within the Calida to help us provide our services and for our own internal customer
relationship management, analytical and reporting purposes;
● To recipients/senders of a payment in the context of the specific relevant transaction
(generally information is limited to full name and email address);
● Fraud prevention agencies as described above
● Third Party Service Providers, including suppliers who assist us with the provision of Services,
including processing orders, fulfilling orders, processing payments, security, sector and fraud
risk, identity verification, and marketing, market research and survey activities carried out on
behalf of Calida. Occasionally, we may utilise the services of third-party providers to assist
with the provision of services that might require the use of your personal information,
including for the purposes of live data testing and to which suitable security arrangements
will be implemented;
● To third parties who do not act under our instructions as a service provider (but will be
subject to their own legal obligations to keep data secure), in order to facilitate provision of
the Services.
● In order to prevent and/or detect fraud, financial crime, manage risk and to better protect
ourselves and our customers, it may be necessary to process and disclose sensitive personal
information (sometimes known as special category personal data) including biometric data
to third parties who help us in managing such risks, including identity verification;
● Where we are required or permitted to do so by law, Calida may be required by law to pass
information about you to regulatory authorities and law enforcement bodies worldwide, or
we may otherwise determine that it is appropriate or necessary to do so. Such disclosures
may also include requests from governmental or public authorities, or with commercial
organisations with whom you may have had dealings and who are seeking to mitigate fraud
or credit risk, or non-compliance with terms of business, or for the purposes of litigation or
legal process, national security or where we deem it in the national or public interest or
otherwise lawful to do so. Calida will not ordinarily challenge the serving of court or similar
orders requiring disclosure;

With your permission, your information may also be used for other purposes for which you give your
specific permission.

Except as necessary for the performance of its services and as described above/attached, Calida does
not sell, rent, share or otherwise disclose personal information about its customers to third parties
for their own third-party marketing use without meeting any necessary legal obligations (e.g.
consent, opt-out, or as otherwise permitted by law).

MONITORING
We may monitor or record telephone calls, emails, web chat or other communications with you for
regulatory, security, quality assurance or training purposes.

WHERE WE STORE YOUR PERSONAL INFORMATION
We will store your data in the European Economic Area. Our service providers, and other parties with
whom we may share your personal information (as described above) may process your personal
information in territories that are outside the European Economic Area (“EEA”) or otherwise outside
of the territory in which you reside.

TRANSFER OF PERSONAL INFORMATION TO OTHER COUNTRIES
In order to deliver Calida´s Services, your personal information may be transferred to and stored at a
destination outside the EEA. We will only send your personal information outside the EEA to:
• Follow your (or the business entity’s you represent) instructions.
• Fulfil our legal duties.
• Work with our affiliates, subsidiaries, agents, subcontractors, and service providers who
We use to help us to render Calida´s Services and to ensure performance of our obligations
under the Terms and Conditions.

If we do transfer your personal information to our affiliates, subsidiaries, agents, subcontractors, and
service providers outside the EEA, we will make sure that it is protected in the same way as if it was
used in the EEA. We will take all steps reasonably necessary to ensure that your personal information
is treated securely and is processed in accordance with this Privacy Policy. If we transfer your
personal information outside the EEA, we will make sure that one of the following safeguards is put
in place:
• Transfer of personal information to a non-EEA country with privacy laws that give the same
protection as the EEA.
• A contract with the recipient according to which the recipient is obliged to protect personal
information to the same standards as required in the EEA.

HOW WE KEEP YOUR PERSONAL INFORMATION SECURE
We will implement technical, physical, and organisational/administrative measures designed to
secure your personal information from accidental loss and from unauthorised access, use, alteration
and disclosure. These measures include:
● IT Security Policy;
● Appointed a Chief Technology Officer (CTO) to oversee, implement and enforce the
information security programme;
● Continuous vulnerability assessment and monitoring;
● Having information security risk management policies and procedures in place;
● Having an established incident response plan;
● Access controls on information systems, designed to authenticate users and permit access
only to authorised individuals;
● Securing all personal information, both in transit and at rest;
● Multifactor authentication for all systems, for those staff accessing personal information;
● Maintaining audit trails relating to internal and external access to and modifications of
personal information;
● Adopted secure development practices for in-house developed applications;
● Performing information security due diligence on third-party service providers;
● Performing security awareness training on a regular basis.

The safety and security of your information is also dependent upon you. If we have given you (or if
you have chosen) a password or access code for access to certain parts of our website/portal, you are
responsible for keeping this password and/or access code confidentially. You must not share your
password and/or access code with anyone. You must ensure that there is no unauthorised use of
your password and access code. Calida will act upon instructions and information received from any
person that enters your user id and password and you understand that you are fully responsible for
all use and any actions that may take place during the use of your account, unless otherwise
mandated by law. You must promptly notify Calida of any information you have provided to us which
has changed.

The transmission of information via the internet is not completely secure. Although we will do our
best to protect your personal information, we cannot guarantee the security of your information
transmitted to our site, unless you are communicating with us through a secure channel that we
have provided. Once we have received your information, we will use strict procedures and security
features to try to prevent unauthorised access.

HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
The periods for which we retain your personal information are determined based on the nature and
type of information, the Calida Service and the country in which they are provided as well as any
applicable local legal or regulatory provisions.

If you use the Services, we will retain your personal information as long as necessary to provide you
with the services of your choice and any linked legitimate business purpose. That would generally
mean we retain your personal information as long as you are our customer (or commence such an
application) and for a period of time afterwards. This will also include the use and retention of your
personal information when you commence completion of an application for Services, irrespective of
whether you complete such application process or are accepted as a customer.

The retention period may also depend on the legal and regulatory requirements of the country
where you are located. We will retain personal information as evidence of our dealings with you
(including whether there were any or no financial transactions), to manage any queries or disputes,
including to defend or initiate any legal claims. For example, we will retain your information for the
time allowed by the local laws to start a legal claim (so called “statute of limitation”), or for as long as
we are ordered pursuant to on an order from the courts, or by law enforcement agencies or our
regulators; or as otherwise required or permitted by law (for example, the retention of KYC /Know
Your Customer/ records under anti money laundering regulations or similar).

We can also continue marketing and sending you direct marketing, subject to local laws and where
you have not objected to such marketing.

Above mentioned data shall be, according to Calida´s Data Retention Policy, kept for 5 years period
after the relationship has been terminated.

YOUR DATA PROTECTION RIGHTS
You have many rights that you may be able to exercise in relation to your personal information.
These rights may apply under a number of different regulations, for example, the General Data
Protection Regulation (GDPR) which is generally applicable to EEA residents. If you wish you can
access, correct, or update your personal information. In certain circumstances, you can also ask us to
delete your personal information, object to its processing or temporarily restrict its processing while
exercising your other rights. You may also have the right to “opt out” of certain uses of your personal
information, including asking us to limit the sharing of your personal information with affiliated and
non-affiliated third parties. Privacy laws continue to develop and if you think or are unsure as to
whether any right may apply to you, please also contact us, so we can assess and advise.

To the extent that GDPR applies, when you give us consent to use your personal information, you can
withdraw it any time. Withdrawing your consent will not affect the lawfulness of any processing we
conducted prior to your withdrawal, nor will it affect processing of your personal information
conducted in reliance on lawful processing grounds other than consent. For example, you can stop
any marketing communication we send you by clicking on the “unsubscribe” or “opt-out” link in the
communications you receive, or according to the instructions that we provide every time, but we will
continue to send you operational or service messages in relation to your Services.

Please consider that, depending on the country from where you use Services, not all the above rights
may be available to you. Also, there might be cases where these rights cannot be enforced: for
example, you cannot object to us using your information when it is required by law, or to manage a
complaint; similarly you cannot ask us to delete your information if you want to continue using our
Services or where such information is necessary to record our contractual dealings, required by law
(for example, the retention of anti-fraud or “know your customer” identify and verification
requirements), or for the purpose of defending or asserting legal rights and legal actions.

You always have the right to complain to a data protection authority about our collection and use of
your personal information. In our case it is complaint with the Information and Data Protection
Commissioner in Malta – https://idpc.org.mt/contact/

If you want to know more about your rights, or you want to exercise them, you can reach us at the
details provided in the Contact Us section.

LEGAL BASIS FOR PROCESSING
Calida will only process your personal information in compliance with the law. Such laws vary across
different territories and further specific information is available on request. In general, Calida will
either process:
● On the basis of your consent, for example to send you marketing messages about products
and services in accordance with your interests and preferences, where such consent is
required by law;
● Where necessary for the performance of, or entry into, any contract we have with you, for
example, in order to provide you with the Services you have subscribed – in that context, we
need that information because otherwise we would not be able to provide the Services to
you. For example, if we are required to verify your identity and you do not supply us with the
relevant information, we may be unable to provide you with our services;
● Where Calida has a legitimate interest to process data, subject to such processing not
overriding your own rights and freedoms in objecting to such processing. For example, to
keep you informed about your use of the Services, improve and develop the Services,
conduct online advertising or other marketing activities, as well as manage and enforce any
claim;
● Where Calida has a legal obligation to collect, use and/or disclose your personal information
or otherwise needs your personal information to protect your vital interests or those of
another person. For example, when necessary to comply with the rules imposed by our or
other applicable regulators; or
● Exceptionally, we may share your information with a third party when necessary in the public
interest, for example, when law enforcement agencies or other third parties with whom you
may have had dealings request information to investigate a crime or otherwise a breach of
third-party terms of business.
If you have questions about or need further information concerning the legal basis on which we
collect and use your personal information for any specific processing activity, please contact us via
the Contact Us section below.

COOKIES
Please also refer to our Cookie Policy for details on how we collect, use, or disclose information in
respect of cookies. Otherwise, please contact us.

CHANGES TO OUR PRIVACY POLICY
We may, from time to time, change our privacy policy. If we make material changes to how we treat
your information, we will notify you through a policy on this website/portal. The date the privacy
policy was last modified is stated on this policy. Please ensure you periodically visit our
website/portal and this privacy policy to check for any changes. However, if we are required by law to
give you advance policy of any changes to this privacy policy and/or seek your consent to changes in
our uses of your personal information, then we will do so.

LINKS TO THIRD PARTY SITES
Our site may, from time to time, contain links to and from the websites of our partner networks,
advertisers and affiliates. If you follow such a link, please note that these websites have their own
privacy and cookies policies and Calida does not accept any responsibility or liability for these
third-party website.

Notice
This policy’s purpose is to give you information about our data management, but it shall not override
any legal rights or prohibitions in any territory where such rights or prohibitions prevail. In such
event, the rights and obligations set out in this policy will apply, subject only to amendment under
any applicable local law having precedence.