Effective Date: 1 June 2018

Associated Foreign Exchange, Inc. and its affiliates and subsidiaries in the European Economic Area (EEA) and Switzerland are hereby collectively referred to as “AFEX” or the “Company.”

This Privacy Policy applies to AFEX websites, as well as your use or access of any of our online services, content and other online programs that we offer with our partners and link to this Policy. This Privacy Policy describes how AFEX collects, uses, shares and secures the personal information you provide. It also describes your choices regarding use, access and correction of your personal information.

Glossary

• Aggregated Information - data or information relating to multiple people, which has been combined or aggregated. Aggregated Information includes information that we create or compile from various sources, including card transactions or certain data from Cookies and Similar Technologies.
• Business Partners - any third parties with whom we conduct business and have a contractual relationship.
• Cookies and Similar Technologies - a cookie is a small data file that a website transfers to your computer's hard drive. We may place cookies when you visit our website or another company’s website where our ads appear or when you make purchases, request or personalize information, or register for certain services. If you accept the cookies used on our website, websites that are “powered by” another company on our behalf, or websites where our ads appear, you may give us access to information about your interests. We may use that information to personalize your experience. Similar technologies such as web beacons, pixels, gifs, and tags also do the same thing. We use the term Cookies and Similar Technologies in this statement to refer to all technologies that collect information in this way.
• De-identified Information - data or information used in a way that does not identify you to a third party. We often derive De-Identified Information from Personal Information. It includes information that we may collect from various sources, such as card transactions or certain data from Cookies and Similar Technologies.
• European Economic Area (EEA) – The EEA includes the following member countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
• IP Address - a number assigned to a device when connecting to the Internet.
• Online Information - data or information collected on AFEX websites and apps as well as on websites and apps of third parties relating to topics about our business, which includes Personal Information, Aggregated Information and De-Identified Information.
• Other Information – AFEX internal information, external data that financial companies use to process applications and complete transactions, and other online and offline information we collect from or about you.
• Personal Information - information that can identify a person, such as name, addresses, telephone number, and email address.
• Service Providers - any vendor, third party and/or company that performs business operations on our behalf, such as printing, mailing, and other communications services (email, direct mail, etc.), marketing, data processing, servicing, collections, or ad management.
• Targeted Advertising - Ads we, or our Service Providers, display on websites outside the AFEX Group of Companies based on the preferences or interests inferred from data collected from a particular computer or device regarding web viewing behaviors over time and across different websites or, more generally, on data internally available to us (for example, transaction data).
• Third-Party Ad-Servers - companies that provide the technology to place ads on websites (and apps) and track how ads perform. These companies may also place and access cookies on your device. The information they collect from our websites is in a form that does not identify you personally.

Notice of Information: We Collect, How We Use It and How You Control It

Safeguarding customer’s personal information and using it in a lawful manner, consistent with customer‘s expectations is a cornerstone of AFEX’s customer relationships. To do so, AFEX has put in place a privacy policy that sets forth principles and requirements governing the collection, usage, retention, disclosure and disposal of customer’s information (the "Policy"). This Policy is based on current laws and regulations. AFEX will comply with any obligations or standards that may be imposed by any new laws and regulations.

At AFEX, we are committed to safeguarding your privacy. We want you to know how we may collect, use, share, secure, and keep information about you, and the choices that are available to you regarding use, access and correction of your personal information. When we provide AFEX products or services to you, we may also give you specific additional details about how we will use your personal information.

Since we may change this online privacy statement, we recommend that you check the current version available from time to time. If we make changes to this statement, we will update the “Effective Date” at the top of this page. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective.

Our websites are not intended for children under 18 years of age. We do not knowingly solicit data online from, or market online to, children under 18 years of age.

What information does this online privacy policy cover?

This online Privacy Policy describes how AFEX may collect, use, share, secure, and keep information that we get about you online. We gather Online Information if you:

• Visit or use our websites;
• Participate in the online programs we offer with our Business Partners;
• Receive or reply to electronic communications from us;
• View or click on our ads or other online content; and
• Interact with us through social media websites and other websites and apps.

In this Policy, we also explain how we may combine Online Information with Other Information and how we then use the combined information.

AFEX may use the information provided by customers for one or more of the following purposes:

• To process, confirm and fulfill customer requests regarding AFEX products and services or transactions made using our online platform, AFEXDirect;
• To contact customers regarding their enquiries and requests;
• To identify customers for login;
• To comply with the rules relating to Know Your Customer (KYC) obligations under Anti –Money Laundering Laws;
• For AFEX marketing purposes and partner promotions, such as sending updates to customers on AFEX's latest offers and promotions;
• For identification, verification and background screening purposes;
• To conform to legal requirements or comply with legal processes;
• To protect and defend AFEX's rights, interests or property;
• To enforce the terms and conditions of the products or services offered by AFEX or such other purposes expressly specified in the data entry forms or other relevant sections of the web resources of AFEX.

What information do we collect online and how do we collect it?

The types of information we collect depends on which product or service you use. Sometimes you give information directly to us (or to our Service Providers). For example, you might give us your name, email, mailing address, phone number, national insurance number or social security number, driver license number or date of birth when you:

• Fill out an online form or survey, including when apply online for our products;
• Register, log into or update the settings on your AFEX account using our online services;
• Register or enroll in our programs; or
• Enter a competition or register for a marketing offer.

We may also collect from you the following personal information about your contacts:

• Name, email, mailing address, phone number, national insurance number or social security number, driver license number or date of birth of a secondary contact on your account (an authorized trader);
• Name and financial account number of someone to whom you are remitting payment (beneficiary) or from whom you are receiving funds.

When you provide us with personal information about your contacts, you are responsible for informing your contact about it. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at compliance.us@afex.com.

As is true of most websites, we gather certain information automatically. We (and our Service Providers or Third-Party Ad-Servers) collect information through Cookies and Similar Technologies. Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username. We (and our Service Providers or Third-Party Ad-Servers) use these cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole.

AFEX (and our Service Providers or Third-Party Ad-Servers) may collect information using Cookies and Similar Technologies about:

• The device you use to browse our websites (for example, we may collect information about the operating system or the browser version and the type of device you open the electronic communication on);
• The IP Address and information related to that IP Address (such as domain information, your internet provider and general geographic location);
• Browsing history on our websites;
• How you search for our websites, from which website you came from, and which of our Business Partners’ websites you visit;
• Which ads or online content from us and our Business Partners you view, access, or click on; and
• Whether you open our electronic communications and which parts you click on (for example, how many times you open the communication).

We (and our Service Providers or Third-Party Ad-Servers) may also collect information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained. This helps us to confirm your identity when you open an account, determine credit worthiness, update, expand and analyse our records, identify new customers, and provide products and services that may be of interest to you.  . Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:

• Background checks, so we can confirm your identity and determine eligibility when you open an account;
• Criminal records, so we can detect and prevent fraud or criminal activity;
• Reports from credit bureaus, so we can review your credit history to determine credit worthiness; and/or
• Purchased marketing data about our customers from third parties that is combined with information we already have about you, so we can create more tailored advertising and products.

How do we use the information we collect about you?

We may use Online Information we collect about you on its own or combine it with Other Information to:

• Deliver products and services, including to recognize you when you return to our websites;
• Complete transactions;
• Tell you about updates to your accounts, products, and services;
• Update you about new features and benefits;
• Answer questions and respond to your requests made through our websites and through third-party websites (including social media);
• Use the location of your mobile device for location-based services that you may request;
• Determine how to best provide services to you and manage your accounts, such as the best way and time to contact you;
• Improve our websites and make them easier to use;
• Advertise and market our products and services – and those of our Business Partners – including to present content that is tailored to your interests, including Targeted Advertising;
• Send or provide you with ads, promotions, and offers;
• Analyze whether our ads, promotions, and offers are effective;
• Help us determine whether you may be interested in new products or services;
• Conduct research and analysis, including to better understand our customers and our website users;
• Allow you to give feedback by rating and reviewing our products and services and those of our Business Partners;
• Produce data analytics, statistical research, and reports;
• Review and change our products and services;
• Manage fraud and security risk, including to detect and prevent fraud or criminal activity;
• Safeguard the security of your information;
• Assess credit risks relating to our business, including to evaluate and process your applications for our products and services and manage your existing accounts; and
• Use it in other ways as required or permitted by law or with your consent.

What is Personal Information?

Personal Information is any information relating to an identified or identifiable individual*.

Personal Data is any information relating to an identified or identifiable natural person.

*An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

Personal Information includes, but is not limited to: Individual names, Tax Identification numbers, credit or debit card numbers, driver license numbers, health records when the disclosure of the information in question would reasonably be considered to be harmful or an invasion of privacy.

Non-public Personal Information is any data or information considered to be personal in nature and not subject to public availability, such as: salary, national insurance number or social security numbers, bank account numbers, account balances, financial products purchased, etc. 

Note: Some Online Information is Personal Information.

How do we treat your Personal Information?

We do not share Personal Information with anyone except as described below. We may share Personal Information as required or as permitted by law, such as:

• With credit bureaus and similar institutions to report or ask about your financial circumstances, and to report or collect debts you owe;
• With regulatory authorities, courts, and governmental agencies to comply with legal orders, legal or regulatory requirements, and government requests;
• With our Service Providers, regulatory authorities, and governmental agencies to detect and prevent fraud or criminal activity, and to protect the rights of AFEX or others;
• Within the AFEX Group of Companies;
• With our Service Providers who perform services for us and help us operate our business (we require Service Providers to safeguard Personal Information and only use your Personal Information for the purposes we specify);
• With financial institutions with whom we jointly offer or develop products and services to independently market their own products or services to you only if you consent that they can do so); or
• For specific products or services, when you have given your consent.

We may transfer Personal Information to Service Providers or companies within the AFEX Group of Companies throughout the world, for example, to process transactions and provide you with our products or services. Regardless of where we process your information, we still protect it in the manner described in this online privacy policy and according to the applicable laws.

How we handle Aggregated Information and De-Identified Information

Aggregated Information or De-Identified Information does not identify you individually; it helps us to analyze patterns among groups of people. We may share Aggregated Information or De-Identified Information in several ways, for example:

• For the same reasons as we might share Personal Information;
• With Business Partners to help develop and market programs, products or services and present targeted content (including Targeted Advertising);
• With Business Partners to conduct analysis and research about customers and website users; or
• With Third-Party Ad-Servers to place ads (including ads of our Business Partners) on various websites, and to analyze the effectiveness of those ads.

How do we keep and safeguard your information?

Your information may be stored locally in a country within the EEA, Switzerland or in one of AFEX’s Data Centers located in the United States. AFEX continuously reviews and enhances AFEX's security policies and security measures to consistently maintain a high level of security. We use administrative technical and physical security measures to protect your Personal Information against loss, misuse, damage and unauthorized access, modifications or disclosures. These measures include computer safeguards and secured files and facilities, use of firewalls, encryption, and other specialized technology. If you have any questions about the security of your personal information, you can contact us at dpo@afex.com.

We will keep your  Personal Information only as long as we must to deliver our products and services, unless we are required by law or regulation or for litigation and regulatory investigations to keep it.

What are your rights and choices?

Clients

You will always have a right to access, update, change, correct or delete your Personal Information, or to ask whether we hold any of your Personal Information. If you want to do so, or if you have any questions about how we process your Personal Information, you may do so by logging into your account or contacting us at dpo@afex.com. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.

Non-Clients

AFEX acknowledges that you have the right to access your personal information. AFEX has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to AFEX’s Client (the data controller). If requested to remove data, we will respond within a reasonable timeframe.

What are your choices about how we market to you?

You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email and/or telephone. If you do not consent to receive marketing communications from us, we will honor your choice. Please, be aware however, that if you choose not to receive such communications, certain offers attached to the products or services you have chosen may be affected. We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.

Tell us your AFEX marketing preferences by updating your account information. You may do so by contacting your Account Executive or Account Manager. You can also tell us to stop sending you marketing emails by clicking the ‘unsubscribe’ link included at the bottom of AFEX's marketing emails. You may also send us an email to dpo@afex.com to update your marketing preference.

Cookies

When you use our site we may store Cookies on your computer in order to facilitate and customize your use of our site. A Cookie is a small data text file, which a website stores on your computer's hard drive (if your Web browser permits) that can later be retrieved to identify you to us. Our Cookies may store information about you, your computer, or your preferences so that you may more easily use our site. The Cookies make the site run more smoothly and help us to maintain a more secure site. You have the choice to opt out of this functionality and are always free to decline our Cookies if your browser permits, but our site may not work as effectively.

Registration

In order to service our customers, portions of our site may require you to submit information that is typically business related, but may be personal in certain circumstances. We will use the information you provide in the ways you would reasonably expect. You have a right to access this data and correct or remove it. The specific registration site or additional communication information provided to you will supply directions on how to correct or remove your data at your request. In all cases, you can always contact the Privacy Officer for assistance using the information below.

Security

We take all reasonable procedures to protect personal and identifiable information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have taken and will continue to take appropriate measures to assure the security of sensitive personal data. Any personal data transmitted to or from our website is protected by a secure socket layer (SSL) key which encrypts the data transmitted over the Internet. Password protection protocols are used on all computers. Access to servers containing private information and data is strictly limited to only our authorized personnel who have been trained to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of personal data under our control. The servers that are used to store sensitive personal information are kept in a secure, state-of-the-art environment, with security measures.

Data Integrity and Purpose Limitation

Personal information is limited to the information that is relevant for the purposes of processing.  As previously mentioned, the information collected is only utilized for the purpose described above in the section on “Notice of Information.”  Personal information is not processed in a way that is incompatible with the purpose for which it has been collected.  To the extent necessary and possible, reasonable steps are taken to ensure that data and information is reliable for its intended use, accurate, complete, and current.

Information Retention

AFEX retains information about customers for as long as necessary to fulfill the purpose for which such information was collected or as is otherwise required under any other law for the time being in force. However, this is subject to AFEX's rights and obligations under applicable laws to ensure retention of records which may contain sensitive personal data or information.

We will keep your Personal Information only as long as we must to deliver our products and services, unless we are required by law or regulation or for litigation and regulatory investigations to keep it.

Onward Transfer and Liability

AFEX does not sell, trade, share or rent your personal information to unaffiliated third parties. Affiliated third parties may receive your data in fulfillment of our service. We maintain specific contract agreements with these companies to ensure that they use the data only for intended purposes and protect the data as we would. If this practice were to change, we would specifically provide you with the opportunity to choose to “opt in” or “opt out” of the sharing of your data.

We may be required to release personal information to third parties in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Recourse and Enforcement

AFEX commits to resolve complaints about your privacy and our collection or use of your personal information. Individuals and/or citizens of a country in the EEA or Switzerland with inquiries or complaints regarding this privacy policy should first contact AFEX Compliance Department at:

Associated Foreign Exchange, Inc.

Compliance Department

21045 Califa Street

Woodland Hills, CA 91367

Email: compliance.am@afex.com  

Associated Foreign Exchange Limited & AFEX Markets Plc

4th Floor, 40 Strand

London, WC2N 5RW, United Kingdom

Email: compliance.eu@afex.com

Telephone: +44 (0)207 004 3939

Associated Foreign Exchange Ireland Limited

Ground Floor Unit, 4044 Kingswood Avenue

Citywest, 24 Dublin, Ireland

Email: compliance.eu@afex.com

Telephone: +353 1 245 7300

Associated Foreign Exchange Limited, (Spanish Branch) Sucursal en España

Calle de Génova nº27, 6º

28004 Madrid, Spain

Email: compliance.eu@afex.com

Telephone: +34 91 794 26 00

Associated Foreign Exchange Limited, sede secondaria italiana

Piazza Pio XI, 1

20123 Milano, Italy

Email: compliance.eu@afex.com

Telephone: +39 06 4520 7904

Associated Foreign Exchange (Schweiz) AG

Stampfenbachstrasse 5

8001 Zürich, Switzerland

Email:  compliance.eu@afex.com

Telephone: +41 (0)848 233 924

Associated Foreign Exchange, Inc. (“AFEX”)

Privacy Notice: EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (“Privacy Shield Notice”)

Effective as of May 25, 2018

Privacy Shield Principles: AFEX complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (collectively the “Privacy Shield Principles”) as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States. AFEX has certified to the United States Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of the Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Principles, and to view our certification, please visit https://www.privacyshield.gov/.

Data Processed: AFEX may act as a data processor for certain data controllers residing in the European Union. AFEX adheres to the Privacy Shield Principles with respect to personal data submitted by AFEX’s customers, affiliate entities, customers of affiliate entities, or business partners for services in connection with the offering of foreign exchange and international payment solutions. AFEX may process the following types of personal data.

• Authentication Data. This includes full legal name, home address, personal telephone numbers, documents that verify address and personal telephone numbers, personal email address, online contact details, date of birth, country of domicile, passport information, driving license information, and signature authorization.
• Professional Data. This includes name of employer, title, position held, duration of employment, work address, work phone number, and work email address.
• Customer Access Data. This includes user name and password to log into AFEXDirect or any other online system, which allows you to access our products and services, location data, and website access information.
• Financial Data. This includes assets, financial relationship information, financial account information, sources of wealth, salary and other income information, documentation to support sources of wealth and income information, and financial transaction information.
• Credit and Background Data. This includes credit and criminal checks and screening information, but only to the extent required or permitted by law.

Purposes of Data Processing: AFEX processes personal data in order to lawfully provide foreign exchange and international payment solutions. AFEX may access the personal data to provide its services, to correct and address technical or service problems, to follow instructions of the AFEX customer who submitted the data, or in response to contractual or legal requirements.

Complaints: In compliance with the Privacy Shield Principles, AFEX commits to resolve complaints about its collection or use of your personal data. Natural persons residing within the European Union or Switzerland with inquiries or complaints regarding the Privacy Shield Notice should first contact AFEX at:

Attn: AFEX Data Protection Officer

21045 Califa Street

Woodland Hills, California 91367

United States

Telephone: +1 888 428-2339

Email: DPO@afex.com

AFEX has further committed to cooperate with the panel established by the European Union data protection authorities and the Swiss Federal Data Protection and Information Commissioner with regard to unresolved Privacy Shield complaints concerning data transferred from the European Union and Switzerland. If neither AFEX nor the aforementioned panel resolves your complaint, you may have the possibility to engage in binding arbitration through the International Centre for Dispute Resolution-American Arbitration Association.

Third Parties: AFEX uses third-party service providers to assist us in providing our services. These third-party providers perform database monitoring and other technical operations, assist with the transmission of data, ensure compliance with applicable anti-money laundering requirements, and provide data storage services. These third-parties may access, process, or store personal data in the course of providing their services. AFEX maintains contracts with all third-parties that restrict their access, use, and disclosure of personal data in compliance with the Privacy Shield Principles, including the onward transfer provisions, and AFEX may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

Your Rights: Natural persons residing in the European Union and Switzerland have rights to access their personal data, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, AFEX committed to respect such rights.

Enforcement: AFEX’s commitments under the Privacy Shield Principles are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Compelled Disclosure: AFEX may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Effective Date: January 1, 2020

This Privacy Notice for California Residents supplements the information contained in the Privacy Notice of Associated Foreign Exchange, Inc. and its affiliates and subsidiaries (collectively, “AFEX” or the “Company”) and applies solely to users, clients, and others who reside in the State of California (“You”).

AFEX adopts this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this notice.

Information AFEX Collects

The Company collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”). Specifically, AFEX has collected the following categories of personal information from consumers within the last twelve (12) months:

Personal information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CCPA's scope, such as personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA).

The Company obtains the categories of personal information listed above from the following categories of sources:

• Directly from its clients. For example, from documents that clients provide to AFEX related to the services for which they engage.
• Indirectly from its clients. For example, through information the Company collects from clients in the course of providing services to them.
• Directly and indirectly from activity on AFEX’s website, www.afex.com. For example, from activity through AFEX’s website portal.
• From third-parties that interact with the Company in connection with the services it performs. For example, from service providers when AFEX determines the creditworthiness of its clients.

Use of Personal Information

AFEX may use or disclose the personal information it collects for one or more of the following business purposes:

• To fulfill or meet the reason for which the information is provided. For example, if You provide AFEX with personal information in order to carry out a transaction or receive a service, AFEX will use that information to initiate the transaction or provide the service.
• To provide You with information, products or services that you request from AFEX.
• To provide You with email alerts, event registrations, and other notices concerning AFEX’s products or services, or events or news, that may be of interest to You.
• To carry out obligations and enforce any rights arising from any contracts entered into between You and AFEX.
• To improve AFEX’s website and present its contents to You.
• For testing, research, analysis and product development.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to You when collecting your personal information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held is among the assets transferred.
• AFEX will not collect additional categories of personal information or use the personal information collected for materially different, unrelated, or incompatible purposes without first providing You notice.

Sharing Personal Information

The Company may disclose personal information to a third party for a business purpose. When AFEX discloses personal information for a business purpose, it enters a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, AFEX has disclosed the following categories of personal information for a business purpose:

Category A:   Identifiers.

Category B:   California Customer Records personal information categories.

Category C:   Protected classification characteristics under California or federal law.

AFEX discloses your personal information for a business purpose to the following categories of third parties:

• AFEX’s affiliates and subsidiaries.
• Service providers.
• Third parties to whom You authorize us to disclose your personal information in connection with products or services the Company provides to you.

In the preceding twelve (12) months, AFEX has not sold any personal information.

Your Rights and Choices

The CCPA provides California consumers with specific rights regarding their personal information. This section describes rights available under the CCPA and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that AFEX disclose certain information to You about its collection and use of your personal information over the past 12 months. Once the Company receives and confirms your verifiable request, it will disclose to You:

• The categories of personal information AFEX collected about You.
• The categories of sources for the personal information AFEX collected about You.
• AFEX’s business or commercial purpose for collecting that personal information.
• The categories of third parties with whom AFEX shared that personal information with.
• The specific pieces of personal information AFEX collected about You.
• If AFEX sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that the Company deletes any of your personal information that it collected from you and retained, subject to certain exceptions. Once AFEX receives and confirms your verifiable consumer request, it will delete, and direct its service providers to delete, your personal information from its records, unless an exception applies.

AFEX may deny your deletion request if retaining the information is necessary for AFEX or its service providers to:

• Complete the transaction for which AFEX collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of the ongoing business relationship with You, or otherwise perform a contract with You.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which You provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to AFEX by either:

Calling +1 888 307 2339, or

Emailing DPO@afex.com

Only You or a person registered with the California Secretary of State that You authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows AFEX to reasonably verify You are the person about whom it collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows AFEX to properly understand, evaluate, and respond to it.

The Company cannot respond to your request or provide You with personal information if it cannot verify your identity or authority to make the request and confirm the personal information relates to You. Making a verifiable consumer request does not require You to establish an account with AFEX. The Company will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

The Company makes reasonable efforts to respond to a verifiable consumer request within forty-five (45) days of its receipt. If AFEX requires more time, but in no event more than ninety (90) days, it will inform You of the reason and extension period in writing. AFEX will deliver its written response by mail or electronically, at your option. Any disclosures the Company provides will only cover the twelve (12) month period preceding the verifiable consumer request's receipt. The response AFEX provides will also explain the reason(s) it cannot comply with a request, if applicable. For data portability requests, the Company will select a format to provide your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.

AFEX does not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If the Company determines that the request warrants a fee, it will tell You why it made that decision and provide You with a cost estimate before completing your request.

Non-Discrimination

AFEX will not discriminate against You for exercising any of your rights under the CCPA. Unless permitted by the CCPA, the Company will not:

• Deny You goods or services.
• Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide You a different level or quality of goods or services.
• Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to the Privacy Notice for California Residents

AFEX reserves the right to amend this notice at its discretion and at any time. When the Company makes changes to this notice, it will notify You by email or through a notice on its website, www.afex.com.

Contact Information

If You have any questions or comments about this notice, the Privacy Notice, the ways in which AFEX collects and uses your personal information, your choices and rights regarding such use, or wish to exercise your rights under the CCPA, please do not hesitate to contact AFEX at:

Phone: +1 888 307 2339

Email: DPO@afex.com

Mail: Associated Foreign Exchange, Inc.

Attn: Data Protection Office

21045 Califa Street

Woodland Hills, California 91367