Back

Midaspay

Last modified: April 2025

Thank you for using Midaspay! We respect your privacy and appreciate your trust and confidence in

us.

Here is a summary of the information contained in this privacy policy (“Privacy Policy”). This

summary is to help you navigate the Privacy Policy and it is not a substitute for reading everything.

You can use the hyperlinks below to jump directly to particular sections.

Please note that this Privacy Policy only applies to the processing of your personal information when

you use the Midaspay website and online platform (https://merchant.midaspayment.com), as well

as the processing of your personal information by Midaspay for facilitating payment transactions

and providing payment transaction-related services (collectively, the "Midaspay Service"). If you use

any other products or services, please refer to the privacy policy for that particular product or

service.

Midaspay Service is provided by three separate entities, each acting as an independent data

controller for users in different countries. These entities are:

 Harvest Sharp Limited, whose registered address is 29th Floor, Three Pacific Place, 1 Queen’s

Road East, Hong Kong.

 CENTAURI TECHNOLOGY PTE. LTD., whose registered address is 10 Anson Road, #21-07,

International Plaza, Singapore 079903.

 MP CENTAURI TECHNOLOGY EUROPE B.V., whose registered address is Buitenveldertselaan 5

1082 VA, Amsterdam, the Netherlands.

PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE

MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR

PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR

PLATFORM.

SUMMARY

Here is a summary of the information contained in this Privacy Policy. You can find more detail by

clicking “More Information”.

What

information

do we need

to provide

the

Midaspay

Service?



If you use Midaspay for payment, then we will process your

payment information, card binding function data, device and

network information, sanctions and verification data, and

transaction records.

 If you need to get in touch with us, we will retain some

information (such as your email, name, Company Name and your

position in the company, and, if applicable, any messages you

send us) so that we can review and respond to your

queries/requests.

Information



If you register an account for or log in to use the Service, we will

need some information from you to set this up. This includes a

nickname as your username, and your email address.

· Only after you sign a contract with us and your registration for

the account is approved, we will need more information to

provide the Service to you. This includes your contract signed

with us and your transaction records (without personal

information of your end users) conducted via our Service.

How will we

use your

information?



We use your information in order to process your transaction. We

also adopt fraud prevention and security measures to guard

against unauthorised transactions.

 We use your information to set up your account, enable you to

use the Service, and to comply with our legal obligations and

enforce our legal rights.

Information

Who do we

share your

information

with?

 We use some third parties (e.g. third party risk control service

providers) to help us deliver the best possible experience and to

facilitate the payment processing service. When we use a third

party, we only do this to process your information for the

purposes described in this Privacy Policy. We also have affiliates

around the world who help us deliver Midaspay and we may be

required by a court or legal obligation to disclose certain

information in some circumstances.

Information

Where do

we process

your

information?

 Our servers are located in Singapore. Your information may be

processed from outside of where you live by our support,

engineering and other teams around the world, including from

the People’s Republic of China.

Information

How long do

we keep

your

information?

 We retain your information for up to seven (7) years, after which

time your data is deleted (as further described in this Privacy

Policy), unless we are otherwise required to retain such data by

applicable laws.

 Unless otherwise required or permissible by applicable laws, we

retain your information for the period during which you maintain

an account for the Service, or for so long as the information is

needed to fulfil the purpose for which it was collected (as further

described in this Privacy Policy). We then delete or anonymise

such data, in accordance with applicable laws.

Information

How can I

exercise my

rights over

 Depending on where you are, you may have certain rights with

respect to your information, such as rights of access, to receive a

copy of your data, or to delete your data or restrict or object to

Information

information?

our processing of your data.

How will we

notify you of

changes?



Please check this page frequently to see if there are any updates

or changes to this Privacy Policy.

Information

Welcome to Midaspay!

This Privacy Policy explains the when, how and why when it comes to the processing of your

personal information when you use the Midaspay website and online platform

(https://merchant.midaspayment.com), as well as the processing of your personal information by

Midaspay for facilitating payment transactions and providing payment transaction-related services

(collectively, the "Midaspay Service"), and sets out your choices and rights in relation to that

information. Please read it carefully – it will allow you to understand how we collect and use your

information, and how you can control it.

Please note that this Privacy Policy only applies to the Midaspay Service. If you use any other

products or services, please refer to the privacy policy for that particular product or service.

If you do not agree to the processing of your personal information in the way this Privacy Policy

describes, please do not provide your information when requested and stop using Midaspay. By

providing your information through Midaspay you are acknowledging how we process your

personal information as described in this Privacy Policy.

PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE

MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR

PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR

PLATFORM.

Midaspay Service is provided by three separate entities ("we", "our" and "us"), each acting as an

independent data controller for users in different countries. These entities are:

 Harvest Sharp Limited, whose registered address is 29th Floor, Three Pacific Place, 1 Queen’s

Road East, Hong Kong.

 CENTAURI TECHNOLOGY PTE. LTD., whose registered address is 10 Anson Road, #21-07,

International Plaza, Singapore 079903.

 MP CENTAURI TECHNOLOGY EUROPE B.V., whose registered address is Buitenveldertselaan 5

1082 VA, Amsterdam, the Netherlands.

Our data protection officer can be contacted at dpo@centauriglobal.com.

Please reach out to us if you have any questions or concerns regarding the processing of your

personal information.

1. The Types of Personal Information We Use

This section describes the different types of personal information we collect from you and how we

collect it. If you would like to know more about specific types of data and how we use that data,

please see the section entitled “How We Use Your Personal Information” below.

The following is a high-level summary of the types of personal information we use. This information

is provided by you directly or generated when you use Midaspay.

 Payment information

 Card binding function data (if and to the extent applicable)

 Device and network information

 Sanctions and verification data

 Transaction records

 Risk Control Information

 Entitlement to Discount Information

2. Children

Children must not use Midaspay for any purpose, except where their parent or guardian has

provided lawful consent (to the extent this option is available in your jurisdiction)

By children, we mean users under the age of 18 years old; or in the case of a region where the

minimum age for processing personal information differs, such different age. For users located in

certain regions we have listed the relevant minimum age as of the date of this policy in the table

below. You should in any case refer to the laws in your jurisdiction to ensure you are above the

relevant legal minimum age.

Country in which the user is located Minimum age of the user

Australia 18

Brazil 18

Cambodia 18

Canada 13

Colombia

European Economic Area 16

Indonesia 21

Japan

Malaysia

Mexico

New Zealand

Nigeria

Philippines

Singapore 13

South Africa 18

South Korea 14

Türkiye 18

United Kingdom 13

United States 13

Vietnam

Other than as provided above, we do not knowingly collect personal information from children

under these ages for any purpose. If you believe that we have personal information of a child under

these ages without lawful consent, or if you are the parent or guardian of the user and wish to

withdraw consent, please contact us.

3. How We Process Your Personal Information

This section provides more detail on the types of personal information we collect from you, and

why. For users who live in Brazil, the United Kingdom, European Economic Area (“EEA”), Switzerland

or Thailand (“Relevant Jurisdiction”), it also identifies the legal basis under which we process your

data.

Personal Information Use Lawful Basis of Processing

Payment information

(native or from

payment processor/ merchant) such as

card number, CVC, CVV, expiry date,

card holder's name, user's billing

address, region, transaction cost, time

and date, user ID/payer ID/Open ID,

Order reference ID, and certain

browser and device information,

merchant contract information

Notification of payment and/or

transaction status (from payment

processor) or alternative payment

method, including: country, payment

status, device type, currency, funding

source, phone number, email address,

card hash, card name and details, card

issuing bank and country, billing

address, expiry date, amount, date,

time, payment method, browser code,

payment account reference,

authentication code, card bin.

Notification of payment and/or

transaction status (to merchants):

transaction details, merchant details,

details and status of order, card

information, refund information.

We use this information to

process your transaction,

ensure the validity of your

identity and transaction,

and for risk control services

provided to Midaspay.

We also use this

information for:

 Merchant

onboarding

 Routing your

transactions

through a unified

gateway/routing

system in order to

process the

transaction/

complete the

transaction

 Create order/

make payment to

the designated

payment channel

(PSP)

 Perform risk checks

 Settlement services

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Invoice data: card holder’s personal

details, contact details, payment

address, transaction information and

device information.

We use this information to

process your transaction,

and to create invoice(s).

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Card binding function data (if and to

the extent applicable): card number

(encrypted), expiry date, card holder's

name, user’s billing address, CVV (not

stored after verification).

We use this information if

providing a card binding

function for a platform.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Device and network information

web

browser type and browser version,

device fingerprint, location of device, IP

We use this information to

process your transaction,

conduct data analysis,

It is in our legitimate

interest to maintain and

improve the security and

address, open ID, operating system

version, country, internet connection,

page loading time, type of device,

number of visits, platform use time,

networks, demographic estimate,

platform or referral source.

improve Midaspay and

prevent fraud and misuse

of Midaspay, and for risk

control services provided

to Midaspay.

integrity of Midaspay.

Sanctions and verification data: card

hash, card BIN, email address, user's

phone number, card number, card

type, expiry date, card holder's name,

user's billing address, currency, cost,

order ID, product ID, merchant user ID,

and provider ID.

We use this information to

verify the validity of a

transaction, and for risk

control services provided

to Midaspay.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

It is in our legitimate

interest to maintain and

improve the security and

integrity of Midaspay.

Risk

ontrols data

(if and to the extent

applicable): transaction and order data,

card payment information, card

holder’s personal details, identification

details, relevant tax details, contact

details and location.

We use this information

verify the validity of a

transaction, user support,

and for risk control services

provided to Midaspay

(including, but not limited

to identity verification and

transaction monitoring).

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

It is in our legitimate

interest to maintain and

improve the security and

integrity of Midaspay.

Risk Control Information: order id,

transaction amount, transaction status,

user ID, email address, device

information, midas id, IP address,

phone number, card number (MD5

irreversibly encrypted), time, country,

refunds history, refunds amount,

successful transaction history,

transaction interception information,

days, order timings, order amounts,

order days, user profile, currency, tax

amount, payment method, order

status, settlement status

We use this information,

and aggregated user

profiles derived from such

information, to process

your transaction, improve

the Midaspay Service,

prevent fraud and misuse

of the Midaspay Service,

risk control purposes, and

provision of reconciliation

service purposes.

It is in our legitimate

interest to maintain and

improve the security and

integrity of the Midaspay

Service.

Payment Information: card number,

expiry date, card holder’s name, CVV,

billing address, browser info

(accept_header, color_depth,

java_enabled, javascript_enabled,

language, screen height, screen_width,

time_zone_offset, user_agent),

We use this information to

process your transaction,

ensure the validity of your

identity and transaction,

and for risk control services

provided to Midaspay.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

payerid, amount, currency

Tax Information: state, city, zip code,

transaction id, amount, currency, tax

rate, tax address.

We use this information to

process your transaction

and for our merchant’s tax

purposes.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Card binding data (recurrent

payments): card number (encrypted),

expiry date, card holder's name, user’s

billing address, CVV (not stored after

verification).

We use this information to

provide card binding

function to facilitate

recurring payments within

the Game that utilizes our

Midaspay services.

We process this

information pursuant to

our contract with you to

process transactions.

Information that you provide to us (for the use of Mastercard’s Click-To-Pay Service)

User Information

Customer Account Information: email

address, mobile phone number, OTP

value, transaction amount, currency,

masked cards (card bin, last four digits,

pan expiration year & month, date of

card created, masked billing address).

Equipment and online transaction

information such as the relevant url,

referrer and any errors.

We use this information to

process and/or facilitate

your transaction, and to

improve your experience

when using our Midaspay

Service.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Card Information

Checkout information: transaction

details, card details, card holder’s

name, billing address, payment token

and payment cryptogram.

Payment-related information: order

details, card details, card holder’s

personal details, contact information

and billing address, device information,

network and connection information,

service usage information, network

token, and payment cryptogram and

token.

We use this information to

process and/or facilitate

your transaction and

ensure the validity of the

transaction.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Sanctions and Verification Information:

transaction details, card details, card

holder’s personal details, contact

information and billing address, device

information, network and connection

information, and service usage

We use this information to

verify the validity of a

transaction, and for risk

control services provided

to Midaspay.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

information. It is in our legitimate

interest to maintain and

improve the security and

integrity of Midaspay.

Payment Notification Information

location of card holder, device

information, card details, customer

details, status of payment transaction,

currency, details and status of

transaction, and details of merchant

and PSP.

We use this information to

notify you of the status of

the transaction.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Tax Information: city, state, zipcode We use this information to

process your transaction

and for our merchant’s tax

purposes.

We process this

information pursuant to

contracts you have

entered into to process

payment transactions.

Information that you provide to us (for the use of Midaspay website and online platform)

Nickname/name,

email address

We use this information to

allow you to register and

create your account for the

Service and allow you to

Necessary to perform our

contract with you to

provide the Service.

Email, name, Company Name and your

position in the company, and, if

applicable, any messages and any

screenshots you send us

We use this information to

allow you to get in touch

with us and for us to

respond to you.

Necessary to perform our

contract with you to

provide the Service.

(Only after you sign a contract with us

and your registration for the account is

approved) Your contract signed with

us, and transaction records (without

personal information of your end users)

conducted via our Service

e use

this

information to

allow you to check status

of the Service provided by

us and send settlement

statements and payment

orders to you.

Necessary to perform our

contract with you to

provide the Service.

4. How We Store and Share Your Personal Information

As part of providing the Midaspay Service, we may transfer data outside of the location in which you

are based for the purposes described in this Privacy Policy. We have servers for the Midaspay Service

in Singapore. The servers applicable to your use of the Midaspay Service will depend upon your

location. We also have support, engineering and other teams who may support the Midaspay

Service, including from the People’s Republic of China.

For EEA/UK users, transfers between our affiliates and to third parties use applicable safeguards,

such as incorporating standard contractual clauses or taking into account adequacy assessments.

Only where necessary will we share your personal information with third parties. Situations where

this occur are:

 Third parties that provide services in support of Midaspay Service, including third party

payment processors for the purpose of processing the credit card payment and facilitating

payment in accordance with local regulations, and tax calculation (e.g. Avalara, Inc.). All

companies providing services for us are prohibited from retaining, using, or disclosing your

personal information for any purpose other than providing us with their services and/or to

comply with their legal obligations under applicable laws.

 Companies within our corporate group who process your personal information solely for

the purpose of providing the Midaspay Service to you. All such group companies may only

use your personal information in accordance with this Privacy Policy.

 Regulators, judicial authorities and law enforcement agencies, and other third parties for

safety, security or compliance with the law. There are circumstances in which we are legally

required to disclose information about you to authorities, such as to comply with a legal

obligation or processes, enforce our terms, address issues relating to security or fraud, or

protect our users. These disclosures may be made with or without your consent, and with or

without notice, in compliance with the terms of valid legal process such as a subpoena, court

order, or search warrant. We are usually prohibited from notifying you of any such

disclosures by the terms of the legal process. We may seek your consent to disclose

information in response to a governmental entity’s request when that governmental entity

has not provided the required subpoena, court order, or search warrant. We may also

disclose your information to:

o enforce our terms and conditions and other agreements, including investigation of

any potential violation thereof;

o detect, prevent or otherwise address security, fraud or technical issues; or

o protect the rights, property or safety of us, our users, a third party or the public as

required or permitted by law (exchanging information with other companies and

organisations for the purposes of fraud protection and credit risk reduction).

 A third party that acquires all or substantially all of us or our business. We may also

disclose your information to third parties if we either: (a) sell, transfer, merge, consolidate or

re-organise any part(s) of our business, or merge with, acquire or form a joint venture with,

any other business, in which case we may disclose your data to any prospective buyer, new

owner, or other third party involved in such change to our business; or (b) sell or transfer

any of our assets, in which case the information we hold about you may be sold as part of

those assets and may be transferred to any prospective buyer, new owner, or other third

party involved in such sale or transfer.

5. The Security of Your Personal Information

We have information security and access policies that limit access to our systems and technology,

and we protect data through the use of technological protection measures such as encryption.

Unfortunately, the transmission of information via the internet is not completely secure. Although

we will implement and maintain reasonable measures to protect your personal information, we

cannot guarantee the security of the information transmitted through the Midaspay Service or

otherwise via the Internet; any transmission is at your own risk.

6. Data Retention

We do not keep your data for longer than is necessary to fulfil the relevant purpose described above

unless we are required or permitted to do so under law. If we retain your information beyond the

retention periods set out below, for example to comply with applicable laws, we will store it

separately from other types of personal information.

For further details on how long we keep your data, please refer to the time periods set out below.

Personal Information Retention Policy

Equipment and online transaction

information

Fifteen (15) days (unless otherwise required

to be retained for the purpose of providing

the Midaspay Service or required to be

retained in accordance with statutory

retention requirements)

Risk Control Information Stored for the lifetime of your use of the

Service (i.e. until account deletion in

accordance with your request), or for the

minimum period to meet any regulatory

obligations, and then to be deleted within 30

days.

User profiles will be stored for 1 year and

then deleted thereafter.

Discount Entitlement Information Only payment information (including number o

f times user makes payment for order) will be s

tored for the lifetime of discount related event,

unless you request to delete your data, upon

which such data will be deleted within 30 days

Other Information

Seven (7) years (unless otherwise required to

be retained in accordance with statutory

retention requirements); a user may remove

their payment information at any time by

updating their account information

Card binding data (recurrent payments) Seven (7) years (unless otherwise required to

be retained in accordance with statutory

retention requirements); a user may remove

their payment information at any time by

updating their account information

Nickname/name,

email address

f your registration for your account is

approved, stored for the lifetime of your use of

the Service (i.e. until account deletion in

accordance with your request) and then

deleted within 30 days.

If your registration for your account is not

approved, deleted within 30 days.

Email, name, Company Name and your

position in the company, and, if

Deleted if we do not or cease to respond to

applicable, any messages and any

screenshots you send us

your messages within 30 days.

(Only after you sign a contract with us and

your registration for the account is

approved) Your contract signed with us,

and transaction records (without personal

information of your end users) conducted

via our Service

Stored for the lifetime of your use of the

Service (i.e. until account deletion in

accordance with your request) and then

deleted within 30 days.

7. Your Rights

Some jurisdictions’ laws grant specific rights to users of Midaspay.

Please refer to the Supplemental Jurisdiction-Specific Terms, or the applicable laws in your

jurisdiction for an overview of specific rights that apply to persons subject to data protection lists

in the listed jurisdictions and how these can be exercised.

You may have certain rights in relation to the personal information we hold about you. Some of

these only apply in certain circumstances (as set out in more detail below). You can exercise some of

these rights directly by accessing and updating the information in your account. If you believe we

hold any other personal information about you, please contact us.

PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE

MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR

PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR

PLATFORM.

Access

You may have the right to access personal information we hold about you, how we use it, and who

we share it with. You can access the personal information you have made available as part of your

account by logging into your account.

Portability

You may have the right to receive a copy of certain personal information we process about you. For

example, in certain jurisdictions this can comprise personal information we process on the basis of

your consent (e.g., survey information) or pursuant to our contract with you (e.g., account name), as

described above in the section “How We Use Your Personal Information”. We will provide further

information to you about transferring this data if you make such a request.

Correction

You may have the right to correct personal information we hold that is inaccurate. You can access

the personal information we hold about you by logging into your Midaspay Service account

Erasure

You may be able to delete your account, or remove certain personal information, by logging into

your Midaspay Service account. We may need to retain personal information if there are valid

grounds under data protection laws for us to do so (for example, for the defence of legal claims or

freedom of expression) but we will let you know if that is the case. Where you have requested that

we erase personal information that has been made available publicly on the Midaspay Service and

there are grounds for erasure, we will use reasonable steps to try to tell others that are displaying

the personal information or providing links to the personal information to erase it too.

Restriction of Processing to Storage Only

You may have a right to require that we stop processing the personal information we hold about you

(other than for storage purposes in certain circumstances). Please note, however, that if we stop

processing the personal information, we may use it again if there are valid grounds under data

protection laws for us to do so (for example, for the defence of legal claims or for another’s

protection). Where we agree to stop processing the personal information, we will take steps to tell

any third party to whom we have disclosed the relevant personal information so that they can stop

processing it too.

Objection

You may have the right to object to our processing of your personal information. If you wish to do so,

please contact us at dpo@centauriglobal.com or using the contact details set out below, and we will

consider your request.

Consent Withdrawal

To the extent provided by applicable laws and regulations, you may withdraw consent you

previously provided to us for certain processing activities by contacting us at

dpo@centauriglobal.com. Where consent is required to process your personal information, if you do

not consent to the processing or if you withdraw your consent, we may not be able to deliver the

expected service. Please note that the right to withdraw consent is only available if the legal basis for

processing information is consent.

Announcements

We may from time to time send you announcements when we consider it necessary to do so (for

example, when we temporarily suspend access to Midaspay for maintenance, or security, privacy or

administrative-related communications). These are essential system and service-related

announcements and you are not able to opt-out of these notifications, which are not promotional in

nature.

8. Contact

Please get in touch with us if you have any questions. You can reach us in the first instance at:

Email: dpo@centauriglobal.com.

Mailing Address:

Tencent International Privacy & Data Protection Centre

30 Raffles Place #19-01

Singapore

048622

9. We will endeavour to deal with your request as soon as possible. This is without prejudice to any

right you may have to launch a claim with a data protection authority in the region in which you

live or work where you think we have infringed data protection laws

10. Changes

If we make any changes to this Privacy Policy, we will post the updated Privacy Policy here and notify

you in accordance with relevant legal requirements.

11. Language

Except as otherwise prescribed by law, in the event of any discrepancy or inconsistency between the

English version and local language version of this Privacy Policy, the English version shall prevail.

Our representatives for data protection purposes in certain jurisdictions are as follows:

Jurisdiction Representative

Address

Contact details

UK Image Frame

Investment (UK)

Limited

Suite 1, 3rd Floor 11 - 12

St. James's Square,

London, United Kingdom,

SW1Y 4LB

eudataprotection@tencent.com

EU Tencent

International

Service Europe

B.V.

Buitenveldertselaan 3-5

1082 VA Amsterdam

Thailand

Tencent

(Thailand) Limited

One Building, Bangkok,

Thailand

localrepresentative@tencent.co.th

Korea Tencent Korea

Yuhan Hoesa

152, Taeheran-ro,

Gangnam-gu (Gangnam

Finance Center, Yeoksam-

dong), Seoul, Korea

dpo@centauriglobal.com

Türkiye

Özdağıstanli Ekici

Avukatlık

Ortaklığı.

Varyap Meridian Grand

Tower ABlok Al Zambak

Sok No: 2 K: 32 D. 270

Ataşehir Istanbul Türkiye

tencent@iptech-legal.com

SUPPLEMENTAL TERMS – JURISDICTION-SPECIFIC

Some jurisdictions’ laws contain additional terms for users of Midaspay, which are set out in this

section.

If you are a user located in one of the jurisdictions below, the terms set out below under the name

of your jurisdiction apply to you in addition to the terms set out in our Privacy Policy above.

PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE

MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR

PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR

PLATFORM.

Australia

We take reasonable steps to ensure that third party recipients of your personal information located

outside Australia handle your personal information in a manner that is consistent with Australian

privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and

omissions of these third party recipients.

If you are dissatisfied with our response to your privacy complaint in respect of your personal

information, you may contact the Office of the Australian Information Commissioner (Telephone:

+61 1300 363 992 or email: enquiries@oaic.gov.au).

Brazil

BY ACCEPTING THIS PRIVACY POLICY, YOU EXPRESSLY STATE THAT YOU AUTHORISE US TO COLLECT,

USE, STORE, AND PROCESS YOUR PERSONAL INFORMATION, INCLUDING, DISCLOSING TO THIRD

PARTIES, TO THE EXTENT PROVIDED BY THIS PRIVACY POLICY.

California

This section applies to California residents covered by the California Consumer Privacy Act of 2018

(“CCPA”) (as amended by the California Privacy Rights Act of 2020) (“CCPA”). For purposes of this

section, “personal information” and “sensitive personal information” have the meanings given in the

CCPA and do not include information excluded from the CCPA’s scope

Collection and Disclosure of Personal Information

Over the past 12 months, we have collected and disclosed the following categories of personal

information from or about you or your device:

 Identifiers, such as your name as it appears on your credit card, Open ID / user ID, IP

address, phone number, mailing or billing address, and email address. This information is

collected directly from you and your device.

 Internet or other electronic network activity information, such as device and network

information as described in the main Privacy Policy. This information is collected directly

from you and your device.

 Other information described in subdivision (e) of Section 1798.80, including your credit card

number or any other financial information. This information is collected directly from you in

the context of being our consumer.

We collect and disclose your personal information for the following purposes:

 To provide you with Midaspay, to process your transaction and ensure the validity of your

identity and transaction.

 To provide a card binding function for a platform (if and to the extent applicable).

 To improve the Midaspay Service.

 For security and verification purposes, including to prevent and detect fraudulent activity

and misuse of Midaspay.

For additional information about what each type of personal information is used for, see Section 3

(How We Process Your Personal Information).

We disclose each of the categories of personal information that we collect to the following types of

entities:

 Other companies within our corporate group who process your personal information in

order to operate Midaspay.

 Other companies that provide services on our behalf in support of Midaspay and who are

prohibited by contract from retaining, using, or disclosing personal information for any

purpose other than for providing their services to us.

 Regulators, judicial authorities and law enforcement agencies.

 Entities that acquire all or substantially all of our business.

In the past 12 months, we have not sold or shared personal information of California residents

within the meaning of “sold” and “Share” in the CCPA. And we have no knowledge of any sale or

sharing of personal information of users under 16 years of age.

In addition, we do not use or disclose sensitive personal information for purposes other than to

perform the services reasonably expected by an average consumer who requests those services.

Retention of Your Personal Information

The retention period varies among the different categories of data collected. For detailed

information about the retention period for any specific category of data, see this chart in the main

portion of the Privacy Policy.

Rights under the CCPA:

If you are a California resident and the CCPA does not recognize an exception that applies to you or

your personal information, you have the right to:

 Request we disclose to you free of charge the following information covering the 12 months

preceding your request:

o the categories of personal information about you that we collected;

o the categories of sources from which the personal information was collected;

o the purpose for collecting personal information about you;

o the categories of third parties to whom we disclosed personal information about

you and the categories of personal information that was disclosed (if applicable) and

the purpose for disclosing the personal information about you; and

o the specific pieces of personal information we collected about you;

 Request we delete personal information we collected from you, unless CCPA recognises an

exception;

 Request we correct inaccurate personal information that we maintain about you; and

 Be free from unlawful discrimination for exercising your rights including providing a different

level or quality of services or denying goods or services to you when you exercise your rights

under the CCPA.

We aim to fulfil all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for

an additional 45 days will be accompanied by an explanation for the delay.

How to Exercise Your Rights

First, you may wish to log into your account and manage your data from there. If you are a California

resident to whom the CCPA applies, you may also exercise your rights, if any, regarding other data by

contacting us as specified in Section 8 (Contact).

Canada

If you are located in Canada and wish to obtain written information about our policies and practices

with respect to our service providers located outside Canada, you may contact us as specified in

Section 8 (Contact). Where we use service providers who might have access to your personal

information, we require them to have privacy and security standards that are comparable to ours.

We use contracts and other measures with our service providers to maintain the confidentiality and

security of your personal information and to prevent it from being used for any purpose other than

as provided in this Privacy Policy.

Colombia

Your authorization to process personal information for Midaspay may be expressed (i) in writing, (ii)

orally or (iii) through unequivocal conduct that allows us to reasonably conclude that your

authorization has been granted, such as the act of accepting the Privacy Policy. We may keep

evidence of said authorizations, while respecting the principles of confidentiality and privacy of

information.

To the extent we process personal data as a data controller, you can contact us to exercise your

rights using the information specified in Section 8 (Contact).

France

Instructions for the processing of your personal data after your death. You have the right to provide

us with general or specific instructions for the retention, deletion, and communication of your

personal data after your death. The specific instructions are only valid for the processing activities

mentioned therein and the processing of these instructions is subject to your specific consent. You

may amend or revoke your instructions at any time.

You may designate a person responsible for the implementation of your instructions. This person will

be informed of your instructions in the event of your death, and be entitled to request their

implementation from us. In the absence of designation or, unless otherwise provided for, in the

event of the death of the designated person, their heirs will have the right to be informed of your

instructions and to request their implementation from us.

When you wish to make such instructions, please contact us as set out in Section 8 (Contact).

India

Age Restrictions

Parental consent is required for children under the age of 18 years to use our services.

Sensitive Personal Information

Sensitive Personal Information under local law includes passwords, financial information (such as

bank account, credit card, debit card or other payment instrument details), biometric data, physical

or mental health, sex life or sexual orientation, and/or medical records or history, but does not

include information available in the public domain, or provided under Indian laws, including the

Right to Information Act, 2005.

Sharing Of Your Sensitive Personal Information

Where we permit any third parties to collect and use Sensitive Personal Information, we shall use

reasonable measures to ensure that the third parties do not further disclose the Sensitive Personal

Information to the extent required by applicable laws.

Withdrawal Of Consent

To the extent provided by applicable laws and regulations, you may withdraw any consent you

previously provided to us for certain processing activities by contacting us as set out in Section 8

(Contact). Where consent is required to process your personal information, if you do not consent to

the processing or if you withdraw your consent, we may not be able to deliver the expected service.

Indonesia

By accepting and consenting to this Privacy Policy, you agree that we may collect, use and share your

personal information in accordance with this Privacy Policy, as revised from time to time. If you do

not agree to this Privacy Policy, you must not access or use our services and we have the right to not

provide you with access to our services.

In the event we fail to maintain the confidentiality of your personal information in Midaspay, we will

notify you through the contact information provided by you or via Midaspay, to the extent required

by local laws and regulations.

You are responsible for making sure that any personal details which you provide to us are accurate

and current. In order to confirm the accuracy of the information, we may also verify the information

provided to us, at any time. You hereby represent that you have secured all necessary consent(s)

before providing us with any other person’s personal information (for example, for referral

promotions), in which case we will always assume that you have already obtained prior consent, and

as such, you will be responsible for any claims whatsoever from any party arising as a result of the

absence of such consent(s).

Japan

By clicking “accept”, you consent to the transfer of your personal information to third parties (if

any), which may include the cross-border transfer of your information to any country where we have

databases or affiliates and, in particular, to the jurisdictions specified in Section 4 (How We Store

and Share Your Personal Information).

The categories of personal information specified in to the jurisdictions specified in Section 4 (How

We Store and Share Your Personal Information) may include "special care-required personal

information" (i.e., sensitive information as detailed under applicable law), and you consent to the

collection of such information.

Malaysia

To protect your personal information and handle complaints relating to your personal information,

we have appointed the following department responsible for managing and protecting your personal

information.

 Our data protection officer, responsible for the management and safety of your personal

information

o Telephone: +603-22872388

o Email: as set out in Section 8 (Contact)

Mexico

Some of the purposes of processing specified in Section 3 (How We Process Your Personal

Information) are voluntary, which may include to show you personalised recommendations or

advertising.

In general, we do not require your consent to carry out the transfers detailed in Section 4 (How We

Store and Share Your Personal Information). In any case, by using Midaspay and providing us with

your personal data, you agree to the data transfers detailed therein that require your consent.

To understand more about and exercise your rights, as well as the applicable means, procedures and

requirements to exercise any of your rights as specified in Section 8 (Contact).

You can register with the Public Registry to Avoid Advertising (‘REPEP’) (REPEP (profeco.gob.mx)) to

refuse to receive advertising to your phone number.

New Zealand

We take reasonable steps to ensure that third party recipients of your personal information located

outside New Zealand handle your personal information in a manner that is consistent with New

Zealand privacy laws. However, you acknowledge that we do not control, or accept liability for, the

acts and omissions of these third party recipients.

If you are dissatisfied with our response to your privacy complaint in respect of your personal

information, you may contact the Office of the New Zealand Privacy Commissioner

(www.privacy.org.nz).

While we take reasonable steps to ensure that third party recipients of your personal information

comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree

that we cannot control the actions of third party recipients and so cannot guarantee that they will

comply with those privacy laws.

Peru

To protect your personal information and handle complaints relating to your personal information,

we have appointed the following department responsible for managing and protecting your personal

information.

 Data Protection Team, responsible for the management and safety of your personal

information

 Contact: as set out in Section 8 (Contact)

Philippines

By consenting to this Privacy Policy, you consent to us:

 collecting and processing your personal information as described in Section 3 (How We

Process Your Personal Information);

 sharing your personal information with third parties, companies within our corporate

group, and a third party that acquires substantially all or substantially all of us or our

business, as described in this Privacy Policy and for the purposes stated herein; and

 transferring or storing your personal information in destinations outside the Philippines

as described in Section 4 (How We Store and Share Your Personal Information).

Republic of Korea

We provide your personal information to third parties as described below:

Name of Recipient (and

contact information)

Types of Personal

Information provided

Purpose of Use by

Recipient

Period of Retention

and Use by

Recipient

Adyen Hong Kong Limited

https://www.adyen.com/po

licies-and-

disclaimer/privacy-policy

dpo@adyen.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://www.adyen.co

m/policies-and-

disclaimer/privacy-

policy

Boku Payments, Inc.

https://www.boku.com/pay

ments-privacy-notice/

dataprotection@boku.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://www.boku.co

m/payments-privacy-

notice/

Evonet Global Corporation

Limited

https://www.evonetglobal.

com/company-

policy/privacy-policy

contact@evonetglobal.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://www.evonetgl

obal.com/company-

policy/privacy-policy

Mastercard Asia/Pacific Pte.

Ltd

https://www.mastercard.us

/en-us/vision/corp-

responsibility/commitment-

to-privacy/privacy.html

privacysupport@ekata.com

Transaction Data Risk management.

See "How We Protect

Your Personal

Information" in the

https://www.masterca

rd.us/en-

us/vision/corp-

responsibility/commit

ment-to-

privacy/privacy.html

Ping Pong Global Holdings

Limited

https://b2b-

cdn.pingpongx.com/b2b/pr

otocol/latest/index.html#pr

ivacy-policy

service@pingpongx.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://b2b-

cdn.pingpongx.com/b2

b/protocol/latest/inde

x.html#privacy-policy

PMmax Technology Limited

https://www.payermax.co

m/about/terms/PrivacyPoli

service@payermax.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://www.payerma

x.com/about/terms/Pr

ivacyPolicy

Red Dot Payment Pte Ltd

https://reddotpayment.co

m/data-privacy-policy/

dpo@reddotpay.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://reddotpaymen

t.com/data-privacy-

policy/

UniPin (Labuan) Limited

privacy@unipin.com

https://www.unipin.com/pr

ivacy-policy

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See "How Long We

Store Your Data" in the

https://www.unipin.co

m/privacy-policy

Checkout Limited

https://www.checkout.com

/legal/privacy-policy

dpo@checkout.com

Transaction data and

payment information.

To facilitate payment

transactions in connection

with the provision of

services to support

payment transactions.

See retention periods

in the privacy policy:

https://b2b-

cdn.pingpongx.com/b2

b/protocol/latest/inde

x.html#privacy-policy

HAOPLAY LIMITED

https://www.haoplay.com/

services/?l=en#privacy

service@haoplay.com

Transaction data and

notification of payment

and/or transaction status.

To enable transaction

processing and order

fulfillment for purchases.

See retention periods

in the privacy policy:

https://www.haoplay.

com/services/?l=en#pr

ivacy

Top Range Mobile Limited

https://www.wetest.net/int

roduction/agreement/tabpr

ivacy

DPO_WeTest@wetest.net

Transaction data and

notification of payment

and/or transaction status.

To enable transaction

processing and order

fulfillment for purchases.

See retention periods

in the privacy policy:

https://www.wetest.n

et/introduction/agree

ment/tabprivacy

High Morale Developments

Limited

https://cdn.midasbuy.com/

Transaction data and

notification of payment

To enable transaction

processing and order

See retention periods

in the privacy policy:

https://cdn.midasbuy.

static_page/privacy/Midasb

uy%20HK%20PP%20%28as

%20of%2015%20Aug%2023

%29_EN.html

Privacy@midasbuy.com

and/or transaction status.

fulfillment for purchases.

com/static_page/priva

cy/Midasbuy%20HK%2

0PP%20%28as%20of%

2015%20Aug%2023%2

9_EN.html

For the performance of the services detailed in this Privacy Policy, we delegate the processing of

your personal information to the following professional service providers:

Delegatee

Description of Delegated Services

Centauri Dynamic Pte. Ltd.

To provide technical infrastructures to enable the

services.

Tencent Cloud International Ltd

To provide technical infrastructures to enable the

services.

Overseas Transfer of Personal Information

We transfer personal information to third parties overseas as follows:

Recipient

(Contact

Information

Manager)

Country/regio

n to which

Your Personal

Information is

to be

Transferred

Date and

Method of

Transfer

Types of Your

Personal

Information

to be

Transferred

Purposes of

Use by

Recipients

Period of

Retention of

Use by

Recipient

Adyen Hong

Kong Limited

https://www.a

dyen.com/polic

ies-and-

disclaimer/priv

acy-policy

dpo@adyen.co

See “Where do

we transfer this

information?”

in the Privacy

Policy

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://www.a

dyen.com/poli

cies-and-

disclaimer/priv

acy-policy

Boku

Payments, Inc.

https://www.b

oku.com/paym

ents-privacy-

notice/

dataprotection

@boku.com

See “How your

data is shared”

in the Privacy

Policy

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://www.bo

ku.com/paymen

ts-privacy-

notice/

Centauri

Technology

Pte. Lrd.

(Midaspay SG)

Singapore

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

Seven (7) years

(unless

otherwise

required to be

retained in

accordance

with statutory

retention

requirements)

Evonet Global

Corporation

Limited

https://www.e

vonetglobal.co

m/company-

policy/privacy-

policy

https://www.e

vonetglobal.co

m/company-

policy/data-

protection-

policy

contact@evon

etglobal.com

See "Data

Processing

Activities" in

the Protection

Policy

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://www.e

vonetglobal.c

om/company-

policy/privacy-

policy

Mastercard

Asia/Pacific

Pte. Ltd

https://www.m

astercard.us/e

us/vision/corp

responsibility/

commitment-

to-

privacy/privac

y.html

privacysuppor

t@ekata.com

Singapore

Transmitted

from time to

time

Transaction

Data

Risk

management.

See "How We

Protect Your

Personal

Information" in

the privacy

policy:

https://www.m

astercard.us/e

us/vision/corp

responsibility/

commitment-

to-

privacy/privac

y.html

Ping Pong

Global Holdings

Limited

https://b2b-

cdn.pingpongx.

com/b2b/proto

col/latest/index

.html#privacy-

policy

service@pingp

ongx.com

See “DO WE

ENGAGE IN

CROSS-BORDER

DATA

TRANSFERS?”

in the Privacy

Policy

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://b2b-

cdn.pingpong

x.com/b2b/pro

tocol/latest/ind

ex.html#priva

cy-policy

PMmax

Technology

Limited

https://www.p

ayermax.com/a

bout/terms/Pri

vacyPolicy

service@payer

max.com

Singapore

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://www.p

ayermax.com/

about/terms/P

rivacyPolicy/

Red Dot

Payment Pte

Ltd

https://reddot

payment.com/

data-privacy-

policy/

dpo@reddotpa

y.com

Singapore

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://reddotp

ayment.com/d

ata-privacy-

policy/

UniPin

(Labuan)

Limited

privacy@unipin

.com

https://www.u

nipin.com/priv

acy-policy

See "Where We

Process Your

Data" in the

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See "How

Long We

Store Your

Data" in the

https://www.u

nipin.com/priv

acy-policy

Checkout

Limited

https://www.c

heckout.com/l

egal/privacy-

policy

dpo@checkou

t.com

See

“International

data

transfers?” in

the Privacy

Policy

Transmitted

from time to

time

Transaction

data and

payment

information.

To facilitate

payment

transactions in

connection

with the

provision of

services to

support

payment

transactions.

See retention

periods in the

https://b2b-

cdn.pingpong

x.com/b2b/pro

tocol/latest/ind

ex.html#priva

cy-policy

HAOPLAY

LIMITED

https://www.h

aoplay.com/s

ervices/?l=en

#privacy

service@haop

lay.com

See

"International

Transfer" in the

Transmitted

from time to

time

Transaction

data and

notification of

payment

and/or

transaction

status.

To enable

transaction

processing and

order fulfilment

for purchases.

See retention

periods in the

https://www.h

aoplay.com/s

ervices/?l=en

#privacy

Proxima Beta

Pte. Limited

Transmitted

from time to

time

Transaction

data and

notification of

payment

and/or

transaction

status.

To enable

transaction

processing and

order fulfilment

for purchases.

Top Range

Mobile

Limited

https://www.w

etest.net/intro

duction/agree

ment/tabpriva

DPO_WeTest

@wetest.net

See "How We

Store and Share

Your Personal

Information" in

the Privacy

Policy

Transmitted

from time to

time

Transaction

data and

notification of

payment

and/or

transaction

status.

To enable

transaction

processing and

order fulfilment

for purchases.

See retention

periods in the

https://www.w

etest.net/intro

duction/agree

ment/tabpriva

High Morale

Developments

Limited

https://cdn.mi

dasbuy.com/s

tatic_page/pri

vacy/Midasbu

y%20HK%20

PP%20%28as

%20of%2015

%20Aug%202

3%29_EN.ht

Privacy@mid

asbuy.com

Singapore

Transmitted

from time to

time

Transaction

data and

notification of

payment

and/or

transaction

status.

To enable

transaction

processing and

order fulfilment

for purchases.

See retention

periods in the

https://cdn.mi

dasbuy.com/s

tatic_page/pri

vacy/Midasbu

y%20HK%20

PP%20%28as

%20of%2015

%20Aug%202

3%29_EN.ht

Data Destruction

Personal information is retained in accordance with the data retention periods as detailed in section

“Data Retention”. With the exception of the personal information set out below, personal

information, which has fulfilled the purpose for which it was collected or used, and has reached the

period of time during which personal information was to be possessed, will be destroyed in an

irreversible way. Personal information stored in electronic files will be deleted safely in an

irreversible way by using technical methods, and printed information will be destroyed by shredding

or incinerating such information.

The personal information detailed in section “Data Retention” are required to be retained pursuant

to the following laws:

Act on the Consumer

Protection in Electronic

Commerce, Etc.

Article 6 of the Act on the

Consumer Protection in

Electronic Commerce

In an electronic commerce or a mail-order

sale:

 Records regarding labelling and

advertising (6 months)

 Records regarding execution or

withdrawal of a contract (5 years)

 Records regarding the payment of a

price and the supply of goods and

services (5 years)

 Records regarding customer services or

dispute resolution (3 years)

Protection of

Communications Secrets

Act

Article 41 of the Decree of the

Act, Article 15-2 of the Protection

of Communications Secrets Act

 Log records, IP address (3 months)

 The date of telecommunications by

users, the time that the

telecommunications start and end, the

frequency of use (12 months)

You may exercise rights related to the protection of personal information by requesting access to

your personal information or the correction, deletion or suspension of processing of your personal

information, etc. pursuant to applicable laws such as the Personal Information Protection Act

(“PIPA”). You may also exercise these rights through your legal guardian or someone who has been

authorized by you to exercise the right. However, in this case, you must submit a power of attorney

to us in accordance with the Enforcement Regulations of the PIPA. You can also withdraw your

consent or demand a suspension of the personal information processing at any time.

Additional Use and Provision of Personal Information

In accordance with the PIPA, we may use or provide personal information within the scope of reason

ably related to the initial purpose of the collection, in consideration of whether disadvantages have

been caused to data subjects and whether necessary measures have been taken to secure such as en

cryption, etc. We will determine with due care whether to use or provide personal information in co

nsideration of general circumstances including relevant laws and regulations such as the PIPA, purpo

se of use or provision of personal information, how personal information will be used or provided, it

ems of personal information to be used or provided, matters to which data subjects provided consen

t or which were notified/disclosed to data subjects, impact on data subjects upon the use or provisio

n, and measures taken to protect subject information. Specific considerations are as follows:

 whether the additional use/provision is related to the initial purpose of the collection;

 whether the additional use/provision is foreseeable in light of the circumstances under

which personal information was collected and practices regarding processing;

 whether the additional use/provision unfairly infringe on the interests of the data subject;

and

 whether the necessary security measures such as pseudonymization or encryption were

taken.

Domestic Privacy Representative

Pursuant to the Article 32-5 of Network Act and Article 39-11 of the amended PIPA, the information

regarding the domestic agent is as follows:

 Name: Tencent Korea Yuhan Hoesa

 Address: 152 Taeheran-ro, Gangnam-gu (Gangnam Finance Center, Yeoksam-dong), Seoul,

Korea

 Telephone: +82-2-2185-0902

 Email: specified in Section 8 (Contact)

Contact

To protect your personal information and handle complaints relating to your personal information,

we have appointed the following department responsible for managing and protecting your personal

information.

 Data Protection Department, responsible for the management and safety of your personal

information

 Telephone: +82-2-2185-0902

 Email: specified in Section 8 (Contact)

Singapore

By clicking “accept”, you consent to the cross-border transfer of your information to any country

where we have databases or affiliates and, in particular, the locations specified in Section 4 (How

We Store and Share Your Personal Information).

Our designated data protection officer for the purposes of compliance with the Personal Data

Protection Act 2012 can be contacted as set out in Section 8 (Contact).

South Africa

You have the right to lodge a complaint with the Information Regulator (South Africa) by emailing it

at inforeg@justice.gov.za. The Information Regulator (South Africa)’s physical address is 33 Hoofd

Street Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg, South Africa.

Thailand

In certain circumstances, you may request us to discontinue, to restrict the use or provision of,

and/or to request for data portability of any and all of your personal information which is stored by

us, to the extent provided by the Act on the applicable data privacy laws and regulations in Thailand,

including the Thai Personal Data Protection Act. These rights may not be available to all users and

some of these only apply in certain circumstances. When you wish to make such requests, please

Türkiye

You have legal rights, which are set forth in Article 11 of the DPL, in relation to the personal

information data we hold about you. As a Turkish data subject, you may have the right to apply to

the data controller and (to the extent permitted under applicable laws and regulations):

 learn whether or not your personal data has been processed;

 request information about processing if your personal data has been processed;

 learn the purpose of processing of your personal data and whether they have been used

accordingly;

 know the third parties in the country or abroad to whom personal data has been

transferred;

 request rectification in the event personal data is incomplete or inaccurate and to demand

the operations in this regard be reported to third parties your personal data has been

transferred to;

 request deletion or destruction of personal data within the framework of the conditions set

forth under Article 7 of the DPL and to demand the operations in this regard be reported to

third parties your personal data has been transferred to;

 object the occurrence of any consequence that is to your detriment by means of analysis of

personal data solely through automated systems; and

 demand compensation for the damages that you have suffered as a result of unlawful

processing of your personal data.

In accordance with Article 9 of the DPL, your personal data may be transferred abroad as follows:

Identity of the overseas

recipient

Location of the recipient

(or as otherwise stated

in the recipient’s

Purposes of use of

Personal Information by

the recipient

Items of Personal

Information to be

provided

Adyen Hong Kong

Limited

https://www.adyen.com

/policies-and-

disclaimer/privacy-policy

dpo@adyen.com

See “Where do we

transfer this

information?” in the

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Centauri Dynamic Pte.

Ltd.

privacy@midas-go.com

Singapore

To provide technical

infrastructures to enable

the services.

Transaction data and

payment information.

Centauri Technology

Pte. Lrd.

Singapore

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Evonet Global

Corporation Limited

https://www.evonetgloba

l.com/company-

policy/privacy-policy

contact@evonetglobal.c

See "Data Processing

Activities" in the

Protection Policy

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Mastercard

Asia/Pacific Pte. Ltd

https://www.mastercar

d.us/en-us/vision/corp-

responsibility/commitm

ent-to-

privacy/privacy.html

privacysupport@ekata

.com

Singapore

Risk management. Transaction Data.

MP Centauri Technology

Europe B.V.

Germany

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Ping Pong Global

Holdings Limited

https://b2b-

cdn.pingpongx.com/b2b/

protocol/latest/index.htm

l#privacy-policy

service@pingpongx.com

See “DO WE ENGAGE IN

CROSS-BORDER DATA

TRANSFERS?” in the

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

PMmax Technology

Limited

https://www.payermax.

com/about/terms/Priva

cyPolicy

service@payermax.co

Singapore

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Razer Online Pte. Ltd.

https://www.razer.com

/legal/customer-

privacy-policy

dpo@razer.com

Singapore

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Red Dot Payment Pte

Ltd

https://reddotpayment.co

m/data-privacy-policy/

dpo@reddotpay.com

Singapore

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Tencent Cloud

International Ltd

cloudlegalnotices@tenc

ent.com

Singapore

Data processor:

Processes and stores

data on behalf of

Midaspay.

All personal information

collected

UniPin (Labuan) Limited

privacy@unipin.com

https://www.unipin.com

/privacy-policy

See "Where We Process

Your Data" in the

To facilitate payment

transactions in

connection with the

provision of services to

support payment

transactions.

Transaction data and

payment information.

Vietnam

By accepting this Privacy Policy, you expressly agree and authorise us to collect, use, store, and

process your personal information, including, lawfully disclosing and transferring it to third parties,

as described in this Privacy Policy.

Where we permit any third parties to collect and use your personal information, we shall take

reasonable measures to ensure that the third parties do not further disclose the personal

information.