CHAPTER I

Introduction.

The Policy will refer as 'Personal Information to any information related to you as an identified natural person; the 'User' or 'Data Subject' is the person enjoying the service; 'processing' means any step or set of operations performed on your personal information, whether or not by automated means.
This policy will contain the following Chapters:

• Chapter II, Information collected
• Chapter III, Treatment of Personal Data
• Chapter IV, Data Protection
• Chapter V, Rights as Data Owner
• Chapter VI, Modification of the Policy and Contact.

CHAPTER II

Information collected.

To use our services, we must collect certain personal information about you to provide our products and services, including our applications and website, allowing you to make purchases, sales, deposits, and withdrawals; they are also transferred between USD and Crypto wallets legally and appropriately and, more importantly, to comply with law enforcement and regulators, especially in regards to anti-money laundering. This chapter will describe the personal information we collect from you and why we do so. For this proposal, we divide the way we collect personal information into two categories:

1. User-Provided Data:
   
   
   • When registering with us as a new customer, we ask you for detailed information, which we process to verify your identity and protect you against fraud, among other reasons. We collect your Nam, email, and phone number; a government-issued ID number, as well as a picture of the actual ID, date of birth, and physical address; and Finally, a Selfie with a piece of paper with the current date and the word “Mercury Cash” written by you.
   • Information about the transactions you complete using our services, including the number of funds associated with the transaction, the type of transaction executed, and other related information.
   • We collect other personal information at other times when we manage your Mercury Cash account. You will be permitted to access, review, correct, and ensure the accuracy of the personal information you have provided from time to time. We will also do our part to ensure the accuracy of your personal information. The personal information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned.
   • We may also request additional information, such as proof of address and bank statements, to update your account so that you can increase the USD limits for your transactions.
   
   
2. Data we collect:
   
   
   • Cookies: As you interact with our website or software applications, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this information through cookies, server logs, and other similar technologies.
     • How we use cookies. As is common practice with almost all professional websites, this site uses cookies, which are tiny files that are downloaded to your computer, to enhance your experience. This page describes what information we collect, how we use it, and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored; however, this may downgrade or “break” some aspects of the Site's functionality.
     • Cookie deactivation. You can prevent the installation of cookies by adjusting your browser settings. Please note that disabling cookies will affect the functionality of this and many other websites you visit. Disabling cookies will generally result in disabling certain functions and features of this site as well.
     • The cookies we set:
       • Account Related Cookies
       • If you create an account with us, we will use cookies to manage the registration process and general administration. These cookies will generally be removed when you log out; however, in some cases, they may remain afterward to remember your site preferences when you lo, gout.
       • Cookies related to the login.
       • We use cookies when you are logged in to remember this fact. This prevents you from having to log in every time you visit a new page. These cookies are usually deleted or cleared when you log out to ensure that you can only access restricted features and areas when logged in.
       • Cookies related to surveys.
       • Cookies related to forms.
       • When you submit data via a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence.
       • Site preference cookies.
   
   
   • Analytics: We use tools to collect data about your computer, mobile phone, or another device to improve your experience. When you use a location-enabled device with our Service, we may collect geo-location data or use various means to determine your location to comply with US regulations for high-risk and non-cooperative countries.
   
   
   • Application usage data: Application usage data. We may collect data about your interaction with and use of our Service, including visits to our website, registration activity, your bank account, credit card (all financial data is encrypted), and other payment details to enable you to carry out transactions on the service. And additional information that you may disclose to our member support team to resolve issues you report to us. We never use your account for third-party advertising or marketing.
   
   
   • For Commercial Accounts: We try to collect, verify and authenticate the following:
   • About the company
   • Legal name of the company;
   • Employer Identification Number ('EIN') or any comparable government-issued identification number;
   • Doing business as (DBA), if applicable;
   • Proof of legal existence (eg, state-certified articles of incorporation or certificate of formation, unexpired government-issued business license, instrument of trust, or other comparable legal documents, as applicable);
   • For the Owner and all account signatories or partners with more than 20% ownership, or 10% in some cases at Company's discretion:
   • Full legal name
   • Email address
   • Mobile phone number (of all account signatories account);
   • Owners, directors and executive management contract information (as applicable);
   • Proof of identity (for example, driver's license, passport, or government-issued ID)
   • Selfie to match ID

We need to collect this information about business accounts to comply with anti-money laundering, anti-fraud, and anti-counterfeiting regulations—terrorist financing. We need to make sure that the source of the funds is clean and legal.

CHAPTER III

Processing Personal Information

The data we collect and the data you provide are processed for multiple purposes. The first and most important: is to provide you with our Service: It may sound obvious, but we need your data to provide you with our services. Without your name, bank information, and other details, we simply could not offer our products to you.

As a financial institution, it is critical that we can confirm the true identity of our Clients. We use automated processes to verify the Know-Your-Client (KYC) and Anti-Money Laundering (AML) data you provide to us to assess whether you are located in a prohibited country and, therefore, whether or not we are legally authorized. You can use our services. However, those automated processes support a decision-making process that is, in all cases, performed by humans, who will review any alert issues that arise from the automated processes.

Third-Party Data: If you authorize third-party applications or integrations using our Service, these parties may receive detailed information about your personal information, your profile information, and uploaded documents, some of which may record your visit to our website. Information collected by these third-party applications or integrations is subject to their terms and policies. We also process your personal information to provide customer services, including to fulfill our contractual obligations to you and, based on our legitimate interests, or your legitimate interests, to provide the best customer service we can.

From time to time, we are required to monitor your account activity to verify and protect against fraudulent, unauthorized, or suspicious behavior. For customer support, we strive to ensure that you can use our products efficiently and without headaches, but if you need help. With your consent, our customer support team will occasionally need to access your account details by posing as the service, to solve any problem or answer your questions.

CHAPTER IV

Data Protection

The Internet is known to be an insecure environment and there is no security, but we work very hard to protect Mercury Cash users and information. To that end, we have put security measures in place to prevent your personal information from being accidentally lost, used, altered, or disclosed due to a breach or unauthorized access to any information we store (the 'Unfortunate Events). However, should any of the unfortunate or similar events occur, you agree to release Mercury Cash, its affiliates and service providers, and each of their respective officers, directors, agents, joint ventures, employees, and representatives from any claims, demands, and damages (actual and consequential) of every kind and nature arising out of or in any way related to said activities. These are some risks we encountered; who typically have access to customer information.

Based on our Internal Privacy Policy, access to customer information through the institution's computerized information system is limited to those members with a business reason for knowing such information. Each employee is assigned a login code and password. All Mercury Cash team members must use a Password Generator for all their corporate email addresses, social media platforms, management platforms, and more.

Our members must also share passwords using Keeper, so sensitive information is not saved on any messaging platform. References of new employees are checked. During orientation, each new employee will receive appropriate training on the institution's privacy and client information security policies and the importance of confidentiality. We keep records of each client's personal information and transactions by offline storage. We have a safe deposit box for physical information, and paper documents containing the client's personally identifiable information are shredded after a minimum of 5 years exposed in our Recordkeeping Procedures. Since we have a 'closed system' with our data processor, these procedures minimize risk by limiting physical accessibility to secure customer information, on hacking and Cybersecurity.

As an institution that offers internet services, we have specific virus threats and hacker attacks, which is why we have implemented a Cybersecurity Program and Business Continuity Program.

The measures we take include antivirus software, DDoS firewalling with the help of other artificial intelligence software, and encryption of Mercury Cash website communications with TLS 1.2; This protects us from CSRF attacks, SQL Injection, and any brute force attacks that they want to do to us. Two-factor authentication is also required for all sessions; We have a technological security team working 24/7 to build a safe place, limiting technological risk.

Information requirements

Under Florida's data breach notification law, any entity that acquires, maintains, stores, or uses personal information is required to notify individuals in the state of unauthorized access to personal information in electronic form. Notification to individuals should be done as soon as possible and without undue delay, no later than 30 days after the determination of a security breach. Entities may receive an additional 15 days of good cause if provided to the Legal Department in writing within the original 30-day period. Entities must also notify the Law Department if the breach affects more than 500 people in Florida. If there are more than 1,000 affected individuals, the offending entities must also report to all consumer reporting agencies that compile and maintain nationwide consumer files, as defined in 15 USC Section 1681a(p), without undue delay.

Notification is not required if a proper investigation and consultation with the relevant government agencies determines that the breach has not resulted and is not likely to result in identity theft or any other financial harm to affected individuals. Such determination must be documented in writing and maintained for at least five years. Entities must provide this determination in writing to the Legal Department within 30 days of the determination. Substitute notice is permitted in specific circumstances, and notice may be delayed for law enforcement reasons. Breached third parties must notify relevant data owners or licensees within ten days of discovery of a breach. After receiving notification from a third party, the subject data entity must provide reports to the Department and the Affected Persons.

CHAPTER VI

Rights as data subject

As a subject, you have the following rights that you can exercise by contacting our Data Protection Officer at [email protected]

• Right of confirmation and access: You have the right to ask us to confirm whether we collect, process, or store your personal information. When we collect, process, or store your personal information, you have the right to access your personal information.


• The right to rectify: You have the right to have any inaccurate personal information about you and to complete any incomplete personal information.


• The right to erasure: You have the general right to request the deletion or blocking of your personal information, although, for legal reasons, we cannot always do so.


• The right to restrict or object to processing: You have the right to restrict the processing of your personal information in certain circumstances. As long as this does not limit compliance with other laws or regulations.


• The right to data portability: Where the legal basis for us to process your personal information is carried out by automated means, you have the right to receive your personal information from us in a structured, commonly used, and machine-readable format, and also the right to transmit your personal information from us to another data controller without hindrance from us where this is technically feasible. However, this right does not apply when it adversely affects the rights and freedoms of others.


• The right: To complain to a supervisory authority If you believe that our processing of your personal information infringes the data protection laws applicable to you, you have the legal right to complain to a supervisory authority responsible for data protection.


• The right to withdraw consent: Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time, including concerning direct marketing and automated decision-making. But in some cases, it means you will not be able to continue enjoying our service.

CHAPTER VII

Changes to this Policy and Contact

Mercury Cash's Privacy Policy, and Internal Privacy Policy is reviewed annually with all employees. Another training is provided to protect against customer information's destruction, loss, or damage due to potential environmental hazards, such as fire and water damage or technological failure. All this training will help minimize risk and safeguard the security of customer information.

fter reviewing, we may make changes to this Privacy Policy. If we make changes, we will notify you by email. If we make material changes, we will do so by applicable legal requirements and notify you before such changes take effect. Please contact us as specified below to keep your personal information accurate, current, and complete. We will take reasonable steps to update or correct the Personal Information in our possession that you previously submitted using our services. Please contact us if you have questions about our Privacy Policy or Mercury Cash's information practices.

• Email us at:
  [email protected]
  [email protected]