1. INTRODUCTION

At Dice Empire FX Canada ('DICE' or the 'Company') we are committed to protecting your privacy. This privacy policy explains how we collect, use, protect and share your personal information. You accept or consent to this Privacy Policy when you sign up for Dice services, hence, expressly consenting to providing us with your personal information. This Policy follows best practice and aligns with the General Data Protection Regulation (GDPR). Data privacy in recent times has been in the front burner arising from various breaches that have occurred across the globe, leaving individual personal data in the public and resulting in financial loss in most cases and reputational damage in others. When organizations under the regulation are in breach of the data privacy right of a Data Subjects, various fines are imposed under national laws and regulations such as the GDPR. Hence, the need to have Data Privacy Governance Framework that guides how Data Subjects (customers) personally identifiable information (PII) are handled .

1.1 Objectives of this document.

The objectives of this framework are:

  • To provide an enabling environment for handling of data subjects’ information
  • Identify and highlight the requirements of relevant regulations guiding data privacy.
  • Identify roles and responsibilities of participants in data privacy ecosystem
  • Provision of broad guidelines for implementation of processes involving data subject sensitive information

2.0 DATA GOVERNANCE

Data governance is to help DICE to align data management efforts with business objectives,support regulatory compliance, and manage risks that are inherent in data processing. These data include personal information, intellectual property, trade secrets, and Business data.
In line with the requirements of the GDPR, DICE shall appoint a Data Protection Officer (DPO) who should be a senior management staff to oversee the organization’s data protection activities and compliance with the GDPR.

3.0 PRINCIPLES FOR PROCESSING PERSONAL DATAs

This Policy is based on the following principles;

  1. Lawful, fair and transparent process
  2. Specific and legitimate purposes for collection and process
  3. Limitation to data necessary to fulfil the purposes
  4. Accuracy of data
  5. Data retention will be based on regulatory requirements within the country of operation.
  6. Security of data

3.1 Categories of Data

Personal data:(e.g. name, home address, location data, e-mail address, Account Number, Social Security Number, Tax Identification Number etc.)

Previously collected data: This is also called secondary processing and takes place when previously collected data for a particular purpose are used or processed for another purpose without the knowledge or new consent of the data subjects.

Processing: Processing of personal data is any operation or set of operations which is performed upon personal data either by manual or automatic means. These include collection, recording,organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination, blocking, erasure or destruction’.

3.2 Required Information

To open an account with us or use our Services, you must provide:

  • Your legal namee
  • Gender
  • Address
  • Phone number
  • E-mail
  • Date and place of birth
  • Nationality
  • Details of your identification document
  • Financial background
  • Origin of financial resources
  • Bank statements
  • Bank account details
  • Transaction purpose

This information may vary depending on the nature of your business and the service you may require. In order to fund your account or make certain payments through us, you must provide (where applicable) your bank account information. (or another payment instrument). We may also ask you to choose different security questions to answer. We will also require other commercial and or identification information if you send or receive certain high-value transactions or high overall payment volumes through us, or as is otherwise required in order for us to comply with our anti-money laundering obligations under applicable laws.

Photographs: If you use certain functionalities provided by us, we may ask you to upload a picture of you (for example, the photo of your ID) in order to provide these specific services. Your face must be recognizable.

3.3 Reason we collect your information.

We use your information for providing services which may include the following:

  • Verify your identity, during account creation and password reset process.
  • Authorizing and processing transactions and ensuring proper payment to the designated recipient of funds.
  • Monitoring and improving our services including Website and its content.
  • Protect against and prevent fraud, and other illegal or prohibitions.
  • Provide you with customer support services.
  • Provide and communicate with you about products and services offered by Dice, financial institutions and partners, affiliates and third parties.
  • Meeting legal, regulatory, self-regulatory, risk management, fraud prevention and security requirements, which may include (among other measures) verifying the identity of the sender and recipient of funds and checking identities against money laundering, terrorist financing or similar watch lists established by regulatory agencies or similar bodies.
  • For identity verification purposes, senders and recipients of money transfers may be required to produce valid identification or consent to verification by other means before releasing funds.
  • Maintaining business and transaction records for reasonable periods.
  • Measure the performance of our website and improve the content.

We use your email or physical address to confirm your opening of an account with us, to send you notice of payments that you send or receive through us, to send you information about important changes to our products and services, and to send notices and other disclosures required by law. Generally, users cannot opt out of these communications, but they will be informational in nature, and not promotional.

Dice will only use your personal information for the purposes for which it was collected, unless it is required to be used for another reason that is compatible with the original purpose. Please note that we may process your personal information without knowledge or consent, in compliance with the above rules, where it is required or permitted by law

3.4 Client Consent

Consent is described as the freely given, specific, informed and unambiguous indication of the individual’s wishes (GDPR). Explicit consent is specific to data collected, purposes and disclosures.

  1. Dice will obtain express consent when collecting cookie or device data from customers visiting its websites.
  2. Consent should also be sought when there is need to transfer data to a third party or to a foreign country.
  3. Dice will obtain the consent of the data subjects when collecting the personal data through account opening forms in the Business offices or online channels.
  4. Consent will also be required for any direct marketing activity, except to existing customers of the Data Controllers who have purchased goods or services.

3.5 Individual access and rectification rights

  1. Data Subjects have the right to access their personal data that Dice holds;
  2. Data Subjects have a right to rectification of their Personal Data.
  3. Data Subjects have the right to request that Dice stops the processing of its Personal Data or withdraw its consent to the processing of Personal Data.
  4. Data Subjects have the right to know the purpose of processing their personal data.
  5. Data Subjects have the right to know the duration for which their personal data will be stored.
  6. Data Subjects have the right to object to the processing of Personal Data relating to him which the Data Controller intend to process for the purpose of marketing.

3.6 Lawful Reasons for Collecting Personal Data by Dice

  1. The Consent of the Data Subject
  2. Offer of employment to the Data Subject.
  3. Performance of Contract.
  4. Compliance with Legal obligation.
  5. Necessary to protect the vital interests of a person in line with Data Privacy regulations.
  6. Necessary for the performance of a task carried out in the public interest.
  7. In the legitimate interests of Dice (except where those interests are overridden by the interests or rights and freedoms of the data subject).

If any client wishes to enforce of their recognized rights, or if they want to know about how we use or protect their information, or if they have any queries about this Privacy Policy, please do contact the Company.

3.7 Client Diligences

3.7.1 Third Party Websites

Some pages on our website include links to third-party websites. These sites are governed by their own privacy statements, and we are not responsible for their operations, including, but not limited to, their information and data protection practices. Users submitting information to or through these third-party websites should review the privacy statements of these sites before providing them with personally identifiable information.

3.7.2 Transaction Information

When client use the Dice Services to send funds to someone else or request money from someone else, Dice will ask the client to provide information related to that transaction. This information includes the amount and type of the transaction (purchase of goods, purchase of services, or simple peer-to-peer transfer), other purchase/transactional details and the details pertaining to the identity of the third party. Also, when client send money or funds to another Dice customer, client may be asked to provide personal details of that customer to complete the transaction. Those details may also be passed on to us from that customer. We also collect the Internet address (IP address) and other identifying information about the computer or device client uses to access their account, in order to enable Dice to authenticate and detect possible instances of unauthorized transactions.

3.7.3 Information About client from Third Parties

In order to protect all our customers against potential fraud, we will endeavor to verify the information provided with Payment Partners and/or Credit Reference and Fraud Agencies as well as information available through internet and publicly accessible social network data. In the course of such verification, we may receive personally identifiable information about the client from such services.

If client send or receive high overall payment volumes or display inconsistent transactional patterns, or if they have a limited transactional history with us, in some circumstances we will conduct a background check by obtaining information about them and their business, and potentially (if legally permitted) also about their directors, shareholders and partners, from a credit reference or a fraud agency. Dice Empire at its sole discretion, reserves the right to periodically retrieve and review a business and/or consumer credit report supplied by such credit reference or a fraud agency for any account, and reserves the right to close an account based on information obtained during this credit review process. If client uses the account to receive payments for goods or services, we may also collect public information about their business and their behavior on social media to the extent relevant to confirm an assessment of your transactions and/or your business, including its size and the size of its customer base.

In addition, if we cannot verify the information that you provide, or if you request a withdrawal to an account, payment instrument or digital wallet not previously used by you, we may request client to upload or send us additional confirmations or to answer additional questions online to help verify their information.

3.7.4 Communications Communications

When clients communicate with us for customer service or other purposes (e.g., by emails, phone calls, tweets, etc.), we may retain such information and our responses to them in the records of client account, for the purpose of proof of commercial transactions and communications.

3.7.5 Questionnaires, Surveys, Sweepstakes and Profile Data

From time to time, we may roll-out questionnaires and surveys to our users for such purposes as collecting demographic information or assessing users`&apos` interests and needs. If we collect personally identifiable information from our users in these questionnaires and surveys, the users will be given notice of how the information will be used prior to their participation in the survey and questionnaire. For the purposes of this Privacy Policy, account information ( Account Information ) includes without limitation: name, address, date and place of birth, nationality, email address, phone number, username, photograph, IP address, device ID, geolocation information, account numbers, account types, details of funding instruments associated with the account, details of payment transactions, details of commercial transactions, customer statements and reports, account preferences, details of identity collected as part of our `&quot`know your customer`&quot` checks on you, and customer correspondence.

3.7.6 How We Share Information with Other Third Partiese

Just like most banks or financial/payment service providers, Dice Empire works with third-party service providers which provide important functions to us that allow us to be an easier, faster, and safer way to make payments, and other business partners. We need to disclose user data to them from time to time, so that the services can be performed. Dice Empire will not transfer, disclose, sell or rent any of your personal information to third parties for their marketing purposes without your explicit consent, and will only disclose this information in the limited circumstances and for the purposes described in this Privacy Policy.

3.8 How we protect and store your information.

Dice is committed to handling your customer information with high standards of information security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfill their job responsibilities, and who have committed themselves to confidentiality undertakings.

For the security of client account, client must ensure protection of their account password. Client may not share their password with anyone and the bank declines any liability for any loss arising from client divulging their password with third parties. Dice representatives will never ask you for your password, so any email or other communication requesting your password should be treated as unauthorized and suspicious and forwarded to us. If client do share your password with a third party for any reason, including because the third party has promised to provide client additional services such as account aggregation, the third party will have access to client account and client personal information, and client may be responsible for actions taken using your password. If client believes someone else has obtained access to their password, client should change it immediately by logging in to their account and changing your Profile settings, and also contact Dice as soon as possible.

3.9 Accessing and Changing Your Information

Client can review their personal information provided to Dice and make any desired changes to such information, or to the settings for their account, at any time by logging in to their account on the Dice Empire website. If client closes their Dice account, Dice will mark the account in our database as `&quot`Closed`&quot``, but will keep the Account Information in our database for a period of 10 years. This is for instance necessary in order to fulfill our data retention requirements to comply with applicable laws and regulations, and for other legitimate business reasons, such as to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account. However, if client closes their account, their personally identifiable information will not be used by Dice for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement authorities, or as required by law. The information client provides to us will not be kept for longer than necessary with regards to the purpose of its processing described above, subject to statutory retention periods imposed by applicable law.

4.0 DATA BREACH

Data breach is defined as a breach of security leading to the destruction, loss, alteration,unauthorised disclosure of, or access to, personal data.

Controls should be put in place to guard against data breaches by implementing the following:

  1. Dice will implement measures to ensure that data is protected based on the level of risk of its processing activities.
  2. Maintain a register of all data breaches with full details of the breaches including actions taken.
  3. If there is a data breach, Dice will inform its clients/Data Subject without delay as soon as the breach is discovered.
  4. Dice will consider notifying the regulators (the supervisory authority) in case of data breach.

In the event of privacy breach relating to data subject’s PII, the data subject has the right to lodge a complaint with the Company.

5.0 CLIENT AUTHORIZATIONS

In order to provide our services to clients, some information that we collect from or about our client, may be required to be transferred to other entities, in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country.

Specifically, client consents to and direct us to do any and all of the following and to inform clients if necessary:

  • Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organizationsand other third parties that

    1. We are legally compelled and permitted to comply with,
    2. We have reason to believe it is appropriate for us to cooperate with governmental agencies or payment or processing partners in investigations of fraud or other illegal activity or potential illegal activity, to the fullest extent permitted by law
    3. Or to conduct investigations of violations of our User Agreement (including without limitation, client funding source or mobile wallet or credit or debit card provider).
  • If client is subject to FATCA or CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities. If we believe your account may be subject to these regulations, we may notify you separately.
  • Dice and other organizations, including financial institutions that cooperate with us, may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing).
  • Disclose necessary information in response to the requirements of other financial nstitutions, credit card associations or a civil or criminal legal process.
  • Disclose necessary information to the payment processors, auditors, customer service providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide Dice Services to you.
  • Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
  • Disclose aggregated (i.e.: anonymized) statistical data to our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in a certain city. However, this aggregated information is not tied to personal information.
  • Share necessary Account Information with unaffiliated third parties (for their use for the following purposes):

    • Fraud Prevention and Risk Management: Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk, as permitted by applicable law.
    • Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
    • Legal & Compliance service providers: to help us comply with anti-money laundering and counter-terrorist financing verification requirements, as permitted by applicable law.
    • Service Providers: to enable service providers under contract with us to support our business operations, namely fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
    • Mergers or Acquisitions: As with any other business, it is possible that in the future Dice Empire could merge with, or be acquired by, another company. If such an acquisition occurs, you consent to the successor company having access to the information maintained by us, including customer Account Information, and such successor company would continue to be bound by this Privacy Policy unless and until it is amended.

6.0 CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be revised over time as new features are added to Dice Services, or as we incorporate suggestions from our customers. We may change this Privacy Policy at any time by posting a revised version of it on our website. Unless we have legal grounds to do otherwise, we will provide clients with at least 30 days`&apos` prior notice of the effective date of the revised Privacy Policy. We may post the notice on our website and/or send the notice by e-mail. As of the effective date of the revised Privacy Policy, client will be considered as having consented to all changes to the Privacy Policy. If client disagrees with the terms of this Privacy Policy, they may close their account at any time.