PAYONEER PRIVACY & COOKIES POLICY

Updated July 2019

GENERAL
In this privacy & cookies policy (“Policy”), we describe the information that we collect about you, that you
provide to us, is provided to us by third parties, and will be processed by us, as you use this website (our
“Website”) and the services available through this Website, our mobile website, and for registered users
our Mobile Application (collectively, our “Services”). We recommend that you read this policy carefully in
order to understand what Payoneer Inc. and its subsidiaries, including Payoneer (EU) Limited and
Payoneer Australia Pty Ltd (“we”, “us”, “Payoneer”) do with your personal information. Your use of our
Website and Services and any dispute over privacy, is subject to this Policy and any of our applicable
Terms and Conditions for use of our Services, including their applicable limitations on damages and the
resolution of disputes. Our Terms and Conditions for our Services are incorporated by reference into this
Policy. By visiting www.payoneer.com you are accepting and consenting to the practices described in this
Policy. Regardless of the applicable law set forth in the Payoneer Terms and Conditions for use of our
Services, however, please note that any disputes arising under this Policy will be interpreted in accordance
with the Governing Law provision set forth below.

EUROPEAN ECONOMIC AREA (“EEA”) CUSTOMERS ONLY: Please note that the whole of this Policy applies
to you together with additional provisions which are specific to EEA customers, and can be found at
Appendix 1.

AUSTRALIAN CUSTOMERS ONLY: Please note that the whole of this Policy applies to you together with
additional provisions which are specific to Australian customers, and can be found at Appendix 2.

HOW, WHEN AND WHAT WE COLLECT?

How does Payoneer collect my information?

We collect information directly from you, about you from third parties such as our marketing affiliates
and service providers used to verify your identity and prevent fraudulent activity, other Payoneer users
and other Payoneer clients or customers for the purpose of providing the Payoneer Services to you, and
automatically as you use our Website and the Services. At this time, use of our Services through our
Mobile Application is only available to users who register for our Services.

When does Payoneer collect my information?

• When you apply for and use our Services, you contact us with questions, and you otherwise
choose to provide information to us.
• We receive information about you from banking references, credit reporting agencies, affiliates,
other Payoneer users if they provide us your name through our referral programs, and other third
parties (e.g., entities that assist us in validating your identity, among others). We may combine
this with other information that we collect about you.

© 2005-2018 Payoneer, All Rights Reserved.

 • We, and our third party service providers (with consent for EEA users), automatically collect the
following information about your use of our Website and our online Services through cookies,
web beacons, log files and other technologies: your domain name, your browser type and
operating system, web pages you view, links you click, your IP address, the length of time you
visit our Website or use our Services, your activities on our Website, and the referring URL or the
webpage that led you to our Website. If you are a registered user, we also may collect the
following information about your use of our Mobile Application: mobile device ID; device name
and model; operating system type, name, and version; your activities within the Mobile
Application, the length of time that you are logged into our Mobile Application, and, with your
permission, your precise geo-location information. Please see the section “Our Use of Cookies
and other Tracking Mechanisms” below for more information.

What information does Payoneer collect?

The types of information we collect about you depends on your particular interaction with our Website
and our Services, and might include, where permitted by applicable law:

• Your contact information (e.g., name, email address, phone number, billing or mailing address)

• Bank and credit account information

• IP address, geolocation

• Identity validation (e.g., photograph, other information requested to verify your information)

• Credit history

• National identification numbers

• Date of birth

• Details of any transactions carried out using any of the Services

• Any other information that you choose to provide to us (e.g., if you send us an email/otherwise
contact us)

• Calls/emails/other correspondence

• Information about your business

• Information through Cookies and other tracking technologies as listed above and as described in
the section below entitled “Our Use of Cookies and Other Tracking Mechanisms”

You are responsible for providing accurate and up-to-date information. If you choose to participate in
our Refer a Friend program, you acknowledge that you have your friend’s consent to provide your friend’s
information to us.

HOW WE USE YOUR INFORMATION

o To validate your identity.
o To provide our Services to you, to communicate with you about your use of our Services or any
changes in our Terms and Conditions that apply to you.

© 2005-2019 Payoneer, All Rights Reserved.

o For the purpose for which you specifically provide the information to us, including, to respond to your
inquiries, to provide any information that you request, and to provide customer support.
o To tailor the content and information that we may send or display to you, to offer location
customization (where permitted by applicable law), personalized help and instructions, and to
otherwise personalize your experiences while using our Website and our Services, such as developing
and offering you with new and/or additional services or new and/or additional features to existing
services.
o For marketing and promotional purposes, for example, where permitted by law (other than if (where
applicable) you opted out by unsubscribing from marketing emails and SMS messages, and/or by
contacting us as noted in the table below), we may use your information, such as your email address,
phone number, or mailing address to send you newsletters, special offers and promotions, or to
otherwise contact you about services or information we think may interest you, or to conduct draws
for campaigns and the like and deliver prizes and rewards .
o As permitted by applicable law (other than if (where applicable) you opted out), to assist us in
advertising our products and services in various mediums including, without limitation, sending you
promotional emails and SMS messages, advertising our services on third party sites and social media
platforms, sending you direct mail, and by telemarketing.
o To better understand how users access and use our Website and our Services, both on an aggregated
and individualized basis, to administer, monitor, and improve our Website and Services, for our
internal purposes, and for other research and analytical purposes. Please see the information below
regarding Third Party Analytics.
o To protect us, our customers, employees or property — for instance, to investigate fraud and prevent
fraudulent activity, harassment or other types of unlawful activities involving us or other companies
that we do business with, to enforce this Policy, as well as our Terms and Conditions.

WHEN DO WE SHARE YOUR INFORMATION?

We share your information with third parties, including service providers, regulated institutions (e.g.,
financial institutions), affiliated entities, and business partners as set out in the table below. In the section
below, we also list the reasons why we share information.

How and Why We Share Your Information Does

Payoneer
Share?

With our service providers and affiliates – to assist us with the provision of the Yes
Services and our everyday business purposes, such as to verify your identity, prevent
fraudulent activity, conduct internal research and analytical assessments, process
your transactions, maintain your account(s) and provide you with customer care
services.

© 2005-2019 Payoneer, All Rights Reserved.

 With fraud prevention and detection service providers - for the purpose of detecting Yes
and preventing fraudulent activity. Such service providers may keep records of
information provided and use it when providing fraud detection and prevention
services to other users of their databases.

For marketing purposes: Yes*

1. With our service providers and our affiliates – to market our own products
and services; and
2. With non-affiliated third parties for joint marketing purposes.

With other Payoneer clients, customers or third parties using our services - to Yes
perform the Services, assist in carrying out your transactions with such clients,
customers or third parties or for purposes of our refer-a-friend program(s).

In response to legal process – to comply with the law, a judicial proceeding, Yes
subpoena, court order, or other legal process.

In connection with business transfers – to another entity if we are acquired by or Yes

merged with such other entity, if substantially all of our assets are transferred to
such other entity, or as part of a bankruptcy proceeding.

To protect us and others – we may disclose your information when we believe it is Yes
necessary to investigate, prevent, or take action regarding illegal activities,
suspected fraud, situations involving potential threats to the safety of any person,
violations of our Terms and Conditions or this Policy, or as evidence in litigation in
which we are involved.

Aggregate and de-identified information – we may disclose aggregate or de- Yes

identified information about users for marketing, advertising, research, or similar
purposes.

With consumer reporting agencies, as permitted by law, with respect to users from Yes
the United States.

* If you do not want us to use your details for us to market to you, and/or to pass your details on to third
parties for marketing purposes, please contact us through the phone number or email address listed in
the Section titled “Contact Us, Questions, Updating Your Info, Opting Out” below. You will also be able
to unsubscribe from any marketing emails and SMS messages sent to you by Payoneer using a link
provided in the email or the SMS message.

© 2005-2019 Payoneer, All Rights Reserved.

WHERE WE STORE YOUR DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be
encrypted using SSL technology. Where we have given you (or where you have chosen) a password which
enables you to access certain parts of our site, you are responsible for keeping this password confidential.
We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will
do our best to protect your personal data, we cannot guarantee the security of your data transmitted to
our Website; any transmission is at your own risk. Once we have received your information, we will use
strict procedures and security features to try to prevent un-authorized access.

OUR USE OF COOKIES AND OTHER TRACKING MECHANISMS

We and our third-party service providers use cookies and other tracking mechanisms (including tracking
technologies designed for mobile applications) to track information about your use of our Website and
Services. We may combine this information with other personal information we collect from you (and our
third-party service providers may do so on our behalf).

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through
your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to
navigate our Website and Services, while others are used to enable a faster log-in process or to allow us
to track your activities at our Website and Service. There are four types of cookie:
• Strictly necessary cookies. These are cookies that are required for the operation of our Website.
They include, for example, cookies that enable users to log into secure areas of our Website.
• Analytical/performance cookies. These types of cookies allow us to recognize, count the number
of visitors, and see how visitors move around our Website when they are using it. This assists us to
improve the way in which our Website works, for example, by ensuring that you can find what you
are looking for easily.
• Functionality cookies. These cookies are used to recognize you when you return to our Website.
They enable the personalization of content, recognition of users, and also remember your user
preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our Website, the individual pages visited and
the links followed. If the cookie is set by a third party (for example, an advertising network) which also
monitors traffic on other websites, this type of cookie may also be used to track your movements
across different websites and to create profiles of your general online behavior. Information collected
by tracking cookies is commonly used to target online advertising.

The four types of cookies above will be either session cookies or persistent cookies.
• Session Cookies. Session cookies exist only during an online session. They disappear from your
computer when you close your browser or turn off your computer. We use session cookies to allow
our systems to uniquely identify you during a session or while you are logged into the Website or
Services. This allows us to process your online transactions and requests and verify your identity, after
you have logged in, as you move through our Website or Services.
• Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser
or turned off your computer. We use persistent cookies to remember your user information,
preferences and activity, to enable us to provide our services to you when you next return to our

© 2005-2019 Payoneer, All Rights Reserved.

 Website or Services. We also use persistent cookies to track aggregate and statistical information
about user activity, which may be combined with other user information.

Local Storage Objects. We may use Flash Local Storage Objects (“Flash LSOs”) to store your Website
preferences and to personalize your visit. Flash LSOs are different from browser cookie because of the
amount and type of data stored. Typically, you cannot control, delete, or disable the acceptance of Flash
LSOs through your web browser. For more information on Flash LSOs, or to learn how to manage your
settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel”
and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage
Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.

HTML5 Storage. We may also store your user information and Website preferences locally within your
web browser via HTML5.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier,
similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear
GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel
tags), in connection with our Website or Services to, among other things, track the activities of Website
visitors, help us manage content, and compile statistics about Website and Services usage. We and our
third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email
response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Changing or Disabling your Cookie Settings. Most web browsers automatically accept cookies, but if
you prefer you can edit your browser options to block them in the future. The Help portion of the toolbar
on most browsers will tell you how to prevent your computer from accepting new cookies, how to have
the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to
our Website who disable their web browsers’ ability to accept cookies will be able to browse the Website;
however, most site features will not function if you disable cookies and you will not be able to login to
use our services.

Do Not Track. Currently, our systems do not honor browser “do-not-track” requests. You may, however,
disable certain tracking as discussed above (e.g., by disabling Cookies); you also may opt-out of Third
Party Analytics or targeted advertising by following the instructions in the Third Party Ad Networks section
below.

THIRD PARTY ANALYTICS

We use automated devices and applications, such as Google Analytics, VWO and Trendemon, to evaluate
use of our Website and the Services. To opt-out of Google Analytics, please go to:
https://tools.google.com/dlpage/gaoptout/. Please note that if you use a new or different computer,
install a new browser, or clear your cookies; in that case, you will need to re-opt-out through the link
above.

We use these tools to help us improve our Services, performance and user experiences. These entities
may use cookies and other tracking technologies to perform their services. These third parties may collect
your device ID, IP address, or other information about your use of the Services as part of the analytics
they provide to us.

THIRD-PARTY AD NETWORKS
We use third parties, such as network advertisers and other marketing agents, to display advertisements
on our Website, to assist us in displaying advertisements on third party websites, and to evaluate the

© 2005-2019 Payoneer, All Rights Reserved.

success of our advertising campaigns. Network advertisers are third parties that display advertisements
based on your visits to our Website and unrelated third-party websites. This enables us and these third
parties to target advertisements by displaying ads for products and services in which you might be
interested. Third-party ad network providers, advertisers, sponsors and/or traffic measurement services
may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other technologies to
measure the effectiveness of their ads and to personalize advertising content to you. These third-party
cookies and other technologies are governed by each third party’s specific privacy policy, not this one.
We may provide these third-party advertisers with information about your use of our Website and our
Services, as well as aggregate or non-personally identifiable information about visitors to our Website
and users of our Service.

You may opt-out of many third-party ad networks, including those operated by members of the Network
Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding
this practice by NAI members and DAA members, and your choices regarding having this information
used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA
members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI)
and www.aboutads.info/choices (DAA).

Opting out of one or more NAI member or DAA member networks (many of which will be the same) only
means that those members no longer will deliver targeted content or ads to you. It does not mean you
will no longer receive any targeted content or ads on our Website or other websites. You may continue
to receive advertisements, for example, based on the particular website that you are viewing. Also, if your
browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase
your cookies, use a different computer or mobile device or change web browsers, your NAI or DAA opt-
out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible
by the above links.

CHANGES TO OUR PRIVACY & COOKIES POLICY

This Policy may change from time to time. Any changes in the future will be posted on our Website and,
where appropriate, notified to you by email or in your “My Account” on the Website. Please check back
frequently to see any updates or changes to our Policy. We will not materially reduce your rights under
this Policy without taking steps to bring such changes to your attention.

CONTACT US, QUESTIONS, UPDATING YOUR INFO, OPTING OUT

If you are a Payoneer Services customer and would like to update your information, please log into your
“My Account” in order to update certain information or contact us through the contact information below.
If you are not a Payoneer Services customer, but have provided us with information, and would like to
update your information, you may contact us through the phone number or email address listed below.
From time to time, we may email you or send you SMS messages with special offers; you may opt-out of
those offers by using a link provided in the email or the SMS message, or by contacting us as noted
below.
Payoneer Customer Care,
Payoneer Inc.
Payoneer Inc. 150 West 30th Street, Suite 600,
New York, NY, 10001

© 2005-2019 Payoneer, All Rights Reserved.

Phone: 1-800-251-2521 (within the USA) or 1-646-658-3695 (outside the USA)
Email: Email us

Web: www.payoneer.com

For EEA Customers:

Payoneer EU Limited,

57/63 Line Wall Road,

Gibraltar

Email: Email us

Web: www.payoneer.com
If you would like to contact us for other privacy-related matters, you can also contact our Data Protection
Officer at [email protected].

For Australian Customers:

Payoneer Australia Pty Ltd

c/ MAZARS (NSW) PTY LIMITED L 12 90 Arthur Street North Sydney NSW 2060 Australia

Email: Email us

Web: www.payoneer.com.au
If you would like to contact us for other privacy-related matters, you can also contact our Data Protection
Officer at [email protected].

GOVERNING LAW & JURISDICTION

Save in relation to EEA and Australian customers, this Policy shall be governed by and interpreted in
accordance with the laws of the State of Delaware, and any dispute hereunder shall be brought exclusively
in the courts of the State of Delaware except where prohibited by US law.

For our EEA customers, this Policy shall be governed by and interpreted in accordance with the laws of
Gibraltar, and any dispute hereunder shall be brought exclusively in the courts of Gibraltar.
For our Australian customers, this Policy shall be governed by and interpreted in accordance with the laws of
Victoria, Australia, and any dispute hereunder shall be brought exclusively in the courts of Victoria.

This Privacy Policy will not apply to our customers in Japan who have subscribed to a Payoneer Card, or
who are using the Make a Payment service in Japan. If you are a holder of a Payoneer Card in Japan, or
using the Payoneer Make a Payment service in Japan, please review your applicable Policy here.

DISCLAIMER
Any and all content provided on this Website or the Services, including links to other websites is provided
for information purposes only and does not constitute advice, recommendation or support of such
content or website. Payoneer makes every effort to provide true and accurate content on its Website.

© 2005-2019 Payoneer, All Rights Reserved.

However, Payoneer provides no warranty, express or implied, of the accuracy, completeness, timeliness,
or applicability of such content. Payoneer accepts no responsibility for and excludes all liability in
connection with information provided on the Payoneer website, including but not limited to any liability
for errors, inaccuracies or omissions.

APPENDIX 1: ADDITIONAL TERMS FOR EEA

CUSTOMERS
The information below is required pursuant to the EEA law regarding privacy and data protection.
The terms below apply to EEA customers in addition to the terms in the rest of the Policy.

For the purposes of the General Data Protection Regulation (“GDPR”), the data controller is Payoneer EU
Limited of 57/63 Line Wall Road, Gibraltar, a company established in Gibraltar and regulated for data
protection purposes by the Gibraltar Regulatory Authority (“Payoneer EU”). If you have any questions
about this Policy, please contact our Data Protection Officer (DPO) at [email protected].

If you are unhappy about how we are processing your data or how we have responded to a request or
complaint, you have the right to make a complaint to the Gibraltar Regulatory Authority (GRA) or your
local supervisory authority. You can find more details about how to contact the GRA on their website
http://www.gra.gi/data-protection.

WHEN DO WE SHARE YOUR INFORMATION

The table headed “How and Why We Share Your Information” in the main part of the Policy under the
heading “WHEN DO WE SHARE YOUR INFORMATION” lists who we may share your information with,
which include transfers for reasons of legal compliance and necessity in order to provide you with our
Services.

You should be aware that when sharing your information, it may be transferred to, and stored at, a
destination outside the EEA.

Please note that where data is transferred outside of the EEA, non-EEA countries may not offer the same
level of protection for personal data as is available in the EEA. Payoneer will take various measures to
ensure that your data is treated securely, which may include, but not be limited to:

- assessing the security measures taken at any place your data is transferred to;
- having suitable contract terms in place that oblige a data processor to only process in
accordance with our instructions; and
- having monitoring, reporting and resolution procedures in place with regard to ongoing
security.

Please contact us if you require more detailed information about international transfers of your
information, and the particular safeguards used.

LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA

© 2005-2019 Payoneer, All Rights Reserved.

We process your information based on the following legal grounds, as recognised by and in
compliance with the applicable data protection laws:

• the processing is necessary to perform our contract with you (i.e. the Terms and Conditions
that apply as applicable with respect to Payoneer Services, for the provision of our Services),
or to take steps requested by you before entering into said contract;

• the processing is in Payoneer's or someone else's legitimate interests, and these interests are
not overridden by your interests or rights in the protection of your personal data. This may
include processing your data for prevention of fraudulent activity, internal research and
analytics assessments, for purposes of communication with you, and informing you about
new products and services we are offering or to promote new products and services of other
parties which we think may be of interest to you, etc.;

• you have given your consent to the processing of your data;

• the processing is necessary to meet a legal obligation which applies to Payoneer.

Sometimes we process data about you which the law considers to fall within special categories (see
section "What data do we process about you?" for more details), in which case, we use one of the
following grounds:

• the processing is necessary for the establishment, exercise or defence of legal claims;

• you have freely given your informed, specific consent to the processing; or

• the processing is necessary for reasons of substantial public interest, based on applicable
law.

If you would like more information about the legal grounds used to process your information, or
about the legitimate interests referred to above, please contact us.

In cases where we have asked for, and you have given, your consent to our processing of your
personal data, you have the right to withdraw such consent at any time. You can do this by
contacting our DPO at [email protected].

DO YOU HAVE TO GIVE US YOUR INFORMATION?

In most cases, providing your personal data to us is optional, however, if you do not provide it, you
will not be able to use our Services. For example, we need details such as your name, address and
bank account details so that we can make payments to you and receive payments from you. In other
cases, you have a choice over whether we collect your personal data, for example, you can turn off
cookies on your browser and we will not place any cookies on your device or computer (although in
this case you may not be able to use all parts of our website).

© 2005-2019 Payoneer, All Rights Reserved.

PROFILING AND AUTOMATED DECISION MAKING
We use automated decision making as part of our process to evaluate eligibility for the use of the
Payoneer Services. We use these tools as a measure of fraud prevention and for purposes of security
and risk assessment relating to the performance of the Payoneer Services:

(i) Automated tools incorporated in our process of approval of your registration application:
based on the information you provided, the tool may advise if additional information is
required for purpose of approval of your application.

(ii) Automated tools incorporated in our process of approval of certain payment transaction
of registered users: such tools may advise if additional information is required for purpose
of performance of the payment transaction.

HOW LONG DO WE KEEP YOUR INFORMATION?

Payoneer retains your information as required by applicable laws or regulations and/or in accordance
with Payoneer’s internal policies and procedures for purposes of prevention of fraudulent activity, risk
management and security. Payoneer will periodically review the necessity of retention of your data.

EEA CUSTOMERS ONLY: YOUR RIGHTS UNDER GDPR

You have several rights in relation to your personal data which are described in more detail below.
You can exercise your rights at any time by contacting us at [email protected].

Accessing your data

You can ask us to:

• Confirm whether we are processing your personal data

• Give you a copy of that data

• Provide you with other information about your personal data such as what data we have,
what we use it for, who we disclose it to, whether we transfer it abroad and how we protect
it, how long we keep it for, what rights you have, how you can make a complaint, where we
got your data from and whether we carry out any automated decision making or profiling.
We aim to give you all this information in this privacy policy, although if anything is unclear,
please contact our Data Protection Officer at [email protected].

You do not have to pay a fee for a copy of your information unless your request is unfounded,
respective or excessive, in which case we will charge a reasonable amount in the circumstances. We
will let you know of any charges before completing your request.

© 2005-2019 Payoneer, All Rights Reserved.

We aim to respond to you within 1 (one) month of receiving your request unless it is particularly
complicated or you have made several requests, in which case we aim to respond within 3 (three)
months. We will let you know if we are going to take longer than 1 (one) month in dealing with your
request. If we have a lot of information about you we might ask you if you can tell us what exactly
you want to receive. This will help us action your request more quickly.

Correcting your data

You can ask us to correct any data which is inaccurate or incomplete. This is free of charge.

If we have shared the data with anyone else, we will tell them about the correction wherever possible.
We aim to deal with requests for correction within 1 (one) month, although it might take us up to 3
(three) months if your request is particularly complicated.

If we cannot action a request to correct your data, we will let you know and explain why this is.

Erasing your data

This right is sometimes referred to as "the right to be forgotten". This is not an absolute right but
you have the right to have your data erased, free of charge, in certain circumstances.

You can ask for your data to be erased where:

• it is no longer necessary for the purpose for which it was originally collected or processed;

• we are processing your data based on your consent, and you withdraw that consent;

• you object to the processing and we do not have an overriding legitimate interest for
continuing;

• your data has been unlawfully processed;

• your data must be erased to comply with a legal obligation;

• the data was processed to offer information society services to a child.

There are some exceptions to this right. If one of these applies, we do not have to delete the data.

If we have shared your data with third parties, we will tell them about the erasure of your data unless
this is impossible or would involve disproportionate effort.

Restricting the processing of your data

You can ask us to restrict the processing of your personal data in some circumstances, free of charge.
This is not an absolute right. If processing is restricted we can store the data and retain enough
information to make sure the restriction is respected, but we cannot further process your data.

You can restrict the processing of your personal data in the following cases:

• if you contest the accuracy of your data, we will restrict processing until we have made sure
the data is accurate;

© 2005-2019 Payoneer, All Rights Reserved.

 • if you object to our processing and we are considering this objection;

• if the processing is unlawful but you do not want us to erase your data;

• if we no longer need the personal data but you require the data to establish, exercise or
defend a legal claim.

If we have disclosed the data to a third party, we will inform them about the restriction unless it is
impossible or would require a disproportionate effort. We will tell you if we decide to lift a restriction
on processing your data.

Objecting to the processing of your data

Objecting to the processing of your data is free of charge. It is not an absolute right but you can
object to our processing of your data where it is:

• based on the legitimate interests ground; or

• for the purposes of scientific/historical research and statistics.

We will stop processing your personal data unless we have compelling legitimate grounds for the
processing which override your interests and rights, or unless we are processing the data for the
establishment, exercise or defence of legal claims.

You can require us to stop using your data for direct marketing purposes. We will stop as soon as
we receive your request. There are no exemptions or reasons for us to refuse.

Data Portability

This allows you to obtain and reuse your personal data for your own purposes across different
services. It applies where the following conditions are met:

• you provided the personal data to us yourself;

• we are processing the data either based on your consent or because it is necessary for the
performance of a contract; and

• the processing is carried out by automated means.

We will provide your data free of charge in a structured, commonly used and machine-readable form.
We aim to provide your data within 1 (one) month of receiving your request unless it is particularly
complicated or you have made several requests, in which case we aim to respond within 3 (three)
months. If we are going to take longer than 1 (one) month we will let you know and explain why we
need more time. If we consider that we cannot provide you with your data, we will contact you and
explain why this is.

Automated decision making and profiling

You have the right not to be subject to a decision which is based on automated processing and
which produces a legal (or similarly significant) effect on you.

© 2005-2019 Payoneer, All Rights Reserved.

We will tell you about any automated decision making that affects you. You have the right to:

• request human intervention;

• express your point of view;

• ask for the decision to be explained; and

• challenge the decision.

These rights are not absolute. They do not apply if the decision is:

• necessary for us to enter into or perform a contract with you;

• authorised by law (e.g. for fraud prevention); or

• based on your explicit consent.

APPENDIX 2: ADDITIONAL TERMS FOR

AUSTRALIAN CUSTOMERS
We are bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other laws
that govern the handling of personal information. The terms below apply to Australian customers in
addition to the terms in the rest of the Policy.

We may also disclose such information as required or permitted by any law, for example to meet our
obligations under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).

You may request to access or correct any personal information we hold about you. We will provide
our reasons if we deny any request for access to or correction of personal information. Where we
decide not to make a requested correction to your personal information, and you disagree, you make
ask us to make a note of your requested correction with the information.

You should be aware that when sharing your information, it may be transferred to, and stored at, a
destination outside Australia including but not limited to the United States of America.

Please note that where data is transferred outside of the Australia, other countries may not offer the
same level of protection for personal data as is available in Australia under the Privacy Act 1988 (Cth).
Nonetheless, Payoneer will take various measures to ensure that your data is treated securely, which
may include, but not be limited to:

• assessing the security measures taken at any place your data is transferred to;

• having suitable contract terms in place that oblige a data processor to only process in
accordance with our instructions; and

© 2005-2019 Payoneer, All Rights Reserved.

 • having monitoring, reporting and resolution procedures in place with regard to ongoing
security.

We may also collect, hold, use and disclose certain credit-related personal information about you
which may include:

• permitted identification information e.g. names, date of birth, sex, 3 most recent addresses,
employer and driver's licence number;

• your applications for credit - the fact that you have applied for credit and the amount and
type of credit;

• the identity of your current and previous credit providers;

• records of previous requests made by credit providers to credit reporting bodies (“CRBs”) for
information about you in connection with consumer or commercial credit applications,
guarantees and securitisation arrangements;

• information about defaults (where repayments are more than 60 days overdue, in certain
circumstances);

• where those default repayments are no longer overdue, or new payment arrangements have
been agreed;

• a credit provider’s opinion that you have committed a serious credit infringement (that is,
acted fraudulently or shown an intention not to comply with your credit obligations);

• the start and end dates, credit limits and certain terms and conditions of your credit
arrangements;

• information about court judgments against you;

• publicly available information relevant to your credit worthiness;

• certain insolvency information from the National Personal Insolvency Index;

• information derived by CRBs from the above information (e.g. assessments and ratings in
respect of your credit worthiness); and

• information we derive from the above information (e.g. our own assessments and ratings in
respect of your credit worthiness), (“credit-related personal information”).

This may also include information about your arrangements with other credit providers as well as
with us.

We may disclose some of these types of information to CRBs. CRBs may use credit-related personal
information to maintain records on individuals which they may share with other credit providers for
those providers’ own credit assessments.

We will notify you of the CRBs that we use.

© 2005-2019 Payoneer, All Rights Reserved.

We may also be required to check the validity of your identification documents with the Australia
Document Verification Service (DVS).

Where you express any concerns that we have interfered with your privacy or conducted ourselves
inconsistently with this Privacy Policy, we will respond to let you know who will be handling your
matter and when you can expect a further response. We aim to resolve your concerns in a fair and
efficient manner within 30 days.

If you are unhappy about how we are processing your data or how we have responded to a request
or complaint, you have the right to make a complaint to the Office of the Australian Information
Commissioner (OAIC). You can find more details about how to contact the OAIC in writing as set out
below:

Website: https://www.oaic.gov.au/

Address: GPO Box 5218 Sydney NSW 2001

Fax: +61 2 9284 9666

Email: [email protected]

PRIVACY SHIELD FRAMEWORKS FOR DATA TRANSFERRED

TO THE UNITED STATES FROM THE EU/SWITZERLAND
For more information regarding our compliance with the EU-U.S. and Swiss-U.S Privacy Shield Principles,
please see our Privacy Shield Statement at https://payoneer1.staging.wpengine.com/legal/privacy-shield-
statement/ .

© 2005-2019 Payoneer, All Rights Reserved.