MIXIN PAY PRIVACY POLICY#

Your personal data is important. Mixin Limited, hereinafter referred to as "we," "us," "our," or "Mixin Pay," understands the importance you place on personal data, and we make every effort to maintain its security and reliability.

Mixin Pay is a cryptocurrency payment card seamlessly connected to the Visa network, enabling fast and secure crypto-to-fiat transactions worldwide. Mixin Pay is committed to providing its clients with excellent digital payment and financial technology services in collaboration with trusted third-party partners and collaborators. Based on your service needs, we may collect and use various types of personal and non-personal data. We take the confidentiality and responsible use of all client data seriously and adhere to strict privacy practices.

The security and privacy of our clients' personal data and non-personal data are matters of utmost importance for Mixin Pay. We are committed to protecting the privacy, confidentiality, and security of our clients' personal and non-personal data and, in the case of personal data, to complying with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) through the implementation of this Privacy Policy.

Where our operations are also subject to privacy legislation other than that of Hong Kong, such as the General Data Protection Regulation and the privacy laws of Mainland China, we will seek to comply with all such applicable laws and regulations to the extent possible. Where there is a conflict between different systems of laws, we will, in most cases, comply with the system of law that imposes a stricter standard on us.

This Privacy Policy applies only to Mixin Pay and our products or services provided on Mixin Pay. For other products or services we offer, you should read the applicable privacy policies we have separately formulated and published. For information on third parties to which Mixin Pay may link or direct, or technology provided by third parties, you should read and comply with the terms, documents, and privacy policies formulated and published by such third parties.

Please note that this Privacy Policy may be amended from time to time with prior notice to you. Nevertheless, you are advised to check the latest version of this Privacy Policy on our websites on a regular basis.

OUR COLLECTION AND USE OF PERSONAL DATA#

Mixin Pay may collect the following personal data provided voluntarily by our clients when you use our products or services on Mixin Pay.

• Full legal name (including former name, and names in English and Chinese, if applicable)
• Identification document type (e.g. Passport)
• Identification document number (e.g. Passport No.)
• Gender
• Date of birth
• Place of birth
• Nationality
• Residential address
• Country/state of residence
• Total net wealth
• Purpose of account opening
• Initial and ongoing sources of wealth or income
• Nature and details of the business/occupation/employment
• Level of activity anticipated
• Source of funds/digital assets to be used in the relationship
• Credit history and score
• Contact phone number
• Email address
• Your transaction history and spending pattern
• Bank account information
• Blockchain address
• Your location data
• Additional Personal Data or documentation at the discretion of our compliance team.

Please be aware that we may also collect personal data of your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantee/security providers, and other natural persons related to you via your use of Mixin Pay or where you have given your consent.

Mixin Pay may also obtain your personal data from publicly available sources of information, recorded telephone conversations and/or communications through electronic media, or third-party risk intelligence applications.

We will only use the personal data we collect for the purposes set out in this Privacy Policy. If you do not provide the personal data requested, we may not be able to provide or continue to provide our services or products to you, including without limitation, providing you with trading services in respect of certain markets and/or products. Your personal data (whether individually, or aggregated with the personal data of other people) may be used for the following purposes:

• To make decisions relating to the provision or continued provision of the services to you.
• To administer, operate, deliver, improve, and personalize the services.
• To process your payments and transactions, and to provide you with statements, invoices, receipts and other related information in relation to the services.
• To monitor and record the usage of the services and communications with you (including for investigation and fraud prevention purposes).
• To detect, prevent and address technical issues.
• For risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and to carry out internal/external audits.
• To communicate with you, your affiliates and/or your representatives in relation to events, our services and other products or services offered by Mixin Pay or its affiliates, unless you have opted not to receive such information.
• To conduct market research, surveys, promotions, and contests, and to analyze your preferences, interests, and behavior in relation to the services.
• To fulfill any applicable legal, regulatory and compliance requirements (including anti-money laundering and tax obligations applicable to us).
• To enforce or defend the rights or property of Mixin Pay, its affiliates and other users.
• To carry out any other purpose(s) described to you at the time the data was collected.
• Any functions related to the foregoing.
• To retain and store your personal data as required for compliance with anti-money laundering (AML), counter-terrorist financing (CTF), tax reporting, and other applicable legal or regulatory obligations. We will keep such records for the duration mandated by relevant laws and regulatory frameworks, which may vary depending on jurisdiction.

Where you provide to us personal data about another person, you must give to that person a copy of this Privacy Policy and, in particular, tell him/her that you have provided us with their personal data and how we may use his/her personal data.

DISCLOSURE OF PERSONAL DATA#

Personal data held by Mixin Pay will be kept confidential, but may be disclosed to the following persons for one or more of the purposes set out in Section 1:

• Our third-party service providers who help us provide, operate, maintain, secure, and improve the services (including but not limited to any "Know Your Client" or other blockchain analytics service providers, credit card networks, banks or financial institutions, payment processors, merchants, loyalty program partners, and service providers that provide website hosting, data analysis, information technology, mailing, telecommunications, human resources, data processing, payments, credit references, or other services);
• Any of our officers, employees, agents, contractors, or third-party service providers who provide administrative, credit data, debt collection, telecommunications, client verification, due diligence, computing, payment, promotional, marketing, or other services related to our business operations to us (e.g. IT vendors, electronic storage vendors);
• Any financial institution trading with or intending to trade with you, or any of your counterparties in a trade;
• Any person or entity or data recipient who has already established or intends to establish any business relationship with Mixin Pay;
• Any certification authority whether in Hong Kong or other places;
• Any agencies in Hong Kong or other places for compliance with applicable laws, regulations, rules or guidelines regarding the automatic exchange of financial account information or the Foreign Account Tax Compliance Act promulgated by the United States; and
• Any local or foreign legal agency, regulatory body, government, tax authority, law enforcement agency, administrative or statutory agency, stock exchange or clearing house, or other self-regulatory agency or industry organization or group in Hong Kong or other places, and this includes the SEHK, the relevant SEHK Subsidiaries and the SFC.

TRANSFER OF PERSONAL DATA#

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Please note that we may transfer the data, including personal data, outside your jurisdiction and process it there. Your consent to this Privacy Policy and your submission of such information represents your agreement to that transfer.

We will take reasonable measures to ensure that your personal data is treated securely and in accordance with this Privacy Policy, and no transfer of your personal data will take place to an organization or a country unless adequate controls are in place, including safeguards for your personal data and other personal information.

HOW WE PROTECT PERSONAL DATA#

Mixin Pay implements protective measures to safeguard and secure personal data to ensure it is protected against unauthorized or accidental access, processing, or erasure. These measures include the following:

• Access or use of such data is limited to authorized staff or agents on a "need to know" basis and such data is accessed utilizing secured methods (e.g. personal data is encrypted when necessary);
• We do not distribute your personal data to other persons except to the classes of transferees set out in this Privacy Policy and for the purposes set out in this Privacy Policy;
• The use and transfer of your personal data is subject to strict internal security standards, confidentiality policies, privacy laws and other applicable laws;
• We ensure that our employees fully comply with such standards, policies and laws; and
• We provide training to our staff on the proper handling of your personal data.

As we further develop new products and services, we will continue to make every effort to ensure that your personal data is properly used and protected.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA#

According to and in accordance with the terms of the applicable data protection laws or regulations, you may have the right to:

• Request access to the personal data we process about you;
• Request us to correct, update, shield or delete your personal data in our records;
• Request a copy of the personal data we have processed about you;
• Object to the processing of your personal data and request us to cease processing of it;
• Ask us to suspend the processing of your personal data;
• File a complaint against processing your personal data or if you are under the impression that we process your data unlawfully;
• Withdraw your consent to process your personal data;
• Lodge a complaint with competent authorities if you think that any of your data privacy rights have been infringed by us.

Your specific rights regarding your personal data may depend on where you reside and which data protection laws and regulations apply to you. In accordance with the terms of the applicable laws and regulations, Mixin Pay reserves the right to charge a reasonable fee for processing any data request. Nothing in this Privacy Policy shall limit your rights under the applicable laws and regulations.

You should send requests to us using the contact information provided in Section 8. Please indicate your name, account number, and contact number for us to follow up on your request. You may be asked to provide additional information to authenticate your identity in order for us to follow up on your request.

HOW WE STORE PERSONAL DATA#

We will not keep personal data longer than is necessary for the fulfillment of the purpose for which it was collected. The retention period of personal data collected depends on different factors, including:

• Usage: we may have to continue to retain the personal data for the purpose(s) for which it was collected for; and
• Legal obligations: there may be minimum retention periods for that personal data, as stipulated in applicable laws and regulations.

UPDATES TO THIS PRIVACY POLICY#

We may revise this Privacy Policy from time to time as our business changes. When there is any change to this Privacy Policy, we will publish the revised version on our website or on Mixin Pay. Such revisions are considered part of the Privacy Policy and shall have the same force and effect as this Privacy Policy.

We recommend that you read and understand this Privacy Policy from time to time to better understand the policies that you are obligated to comply with. If you do not agree to the terms of this Privacy Policy, please cease to access this website and use our services.

CONTACT US#

If you have any complaints or suggestions, or if you want to exercise your rights regarding personal information, you may send your questions, requests or complaints to us at:

Attention: Customer Service Department Mixin Pay Address: Room 1408, 14/F Two Exchange Square Central Email: cs@mixin.one

We will review questions as soon as possible and reply to you within a reasonable time period in accordance with the law, and you may be requested to provide additional information.

LINKS TO OTHER SITES#

Our Site may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. You understand we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Part of the services on Mixin Pay will be provided by third parties. If you directly provide any data or information to such third parties, Mixin Pay makes no commitment and assumes no responsibility regarding the security of such data and the compliance of data processing.

SPECIFIC RIGHTS UNDER DIFFERENT JURISDICTIONS#

A. Your Rights if your Personal Data Is Covered by the General Data Protection Regulation (GDPR)#

If you are a resident of the European Economic Area ("EEA"), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it. We may process your Personal Data because:

• We need to use your Personal Data to contract with you or to perform our obligations thereunder.
• You have given us consent to do so.
• The processing is in our legitimate interests or necessary to comply with our legal obligations.
• To comply with applicable laws and regulations.

If you are a resident of the EEA, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Please see section 14 (Contacting Us About Privacy Questions or Concerns) above.

In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the information we have on you.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your Personal Data.
• The right of restriction. You have the right to request us to restrict the processing of your personal information.
• The right to data portability. You have the right to be provided with a copy of the information we have on you.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

B. Your Rights If You are a Resident of California or Certain US States#

Under the laws of the states of California, Colorado, Connecticut, Utah and Virginia ("Applicable States"), you may have rights to ask us to:

• Provide access to certain information we hold about you, in some cases in a portable format, if technically feasible.
• Update or correct your information.
• Delete certain information we hold about you.
• Opt in to or opt out of use of certain sensitive information we hold about you.

You may also have the right to designate an authorized agent to help you exercise these rights. To ensure the security of your account, we will generally ask you to verify your, or your authorized agent's, request using the contact information you have already provided.

If you would like to exercise any of these rights, or appeal a decision made relating to your rights, please see section 14 (Contacting Us About Privacy Questions or Concerns) above.

No sale of personal information. We do not sell any personal information to anyone.

No discrimination. We will not discriminate against anyone exercising their rights under the privacy laws of California or other Applicable States.

California. Below are the additional disclosures required by the California Consumer Privacy Act and the California Privacy Rights Act (together, the "CCPA"), effective as of January 1, 2023.

• Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending on how you engage with us:
• Identifiers, such as your name, email, address, phone numbers, or IP address.
• Personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number.
• Characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;
• Commercial information, such as purchase activity;
• Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
• Geolocation information, such as the location of your device or computer determined from your IP address or mobile device's GPS depending on your device settings;
• Audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
• Professional or employment-related information, for example information you may provide about your business; and
• Inference data, such as information about your preferences.

Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the CCPA, depending on how you engage with us:

• Identifiers, such as your name, email, address, phone numbers, or IP address;
• Personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;
• Characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;
• Commercial information, such as purchase activity;
• Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
• Geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through applications we offer;
• Audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
• Professional or employment-related information, for example information you may provide about your business;
• Inference data, such as information about your preferences.

Sensitive personal information. The categories of information that Mixin Pay collects and discloses for a business purpose include "sensitive personal information" as defined under the CCPA. Mixin Pay does not use or disclose sensitive personal information for any purpose not expressly permitted by the CCPA.