PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy ("the Policy") outlines how City Pay ("we", "our", or "the Company") collects, processes, stores, and protects personal data. We are committed to ensuring that your privacy is protected in compliance with the Law of Georgia on Personal Data Protection.

2. DEFINITIONS

Words used in this Policy shall have the following meaning unless the context otherwise requires:

AML/CFT - anti-money laundering and counter-terrorism financing;

Communications – any and all communications, including but not limited to notices, agreements, documents, notices, and disclosures;

Law – applicable laws of Georgia;

Personal Data - any information related to an identified or identifiable individual. An identifiable individual is someone who can be identified, directly or indirectly, by factors such as their name, surname, identification number, location data, electronic communication identifiers, or through physical, physiological, mental, psychological, genetic, economic, cultural, or social characteristics;

Platform - our website - https://www.CityPay.io/

PSP - payment service provider;

Services – storage, buy, sell, and exchange of a Virtual Asset;

User/You – individual who uses the Platform (as defined below) or a customer to whom the Company provides services;

VASP – virtual asset service provider;

Virtual Asset - a digital representation of value that is interchangeable and not unique, serving as an object for transfer or trade in digital form and used for investment and/or payment purposes. A virtual asset does not include the digital representation of cash, securities, and other financial instruments.

3. PERSONAL DATA WE COLLECT

We may collect and process the following personal data:

• Identification Data: name, last name, date of birth, personal number, data of the document confirming identity or/and citizenship, sex, citizenship, place of birth, nationality, photo, signature specimen, and others;
• Documentary Data: identity card, passport, driver's license, birth certificate, certificate of the compatriot residing abroad, residence permit, permanent identification card, extract from the Registry of Entrepreneurs and Non-Entrepreneurial Entities, number of neutral certificate or neutral travel document, identification number of the taxpayer, document confirming representative authorities, and others;
• Contact Information: address, e-mail, telephone number, and others;
• Transaction Data: details of the transactions made, including Virtual Asset amounts, conversion rates, and transfer details;
• Data about technological devices: IP address, cookies, information regarding location, and others. Please read our Cookies Policy for more details;
• Compliance Data: any other information required by AML/CFT regulations or otherwise by Law.

4. PURPOSE OF DATA COLLECTION

We collect and process Personal Data for the following purposes:

• Transaction Facilitation: to provide the Services in due course;
• AML/CFT Compliance: to comply with legal and regulatory requirements, including those related to AML/CFT;
• Customer Support: to provide customer support and respond to inquiries or complaints;
• Security and Fraud Prevention: to protect against fraud and unauthorized transactions.

5. LEGAL BASIS FOR PROCESSING

The Company processes Personal Data based on the following legal grounds:

• Consent: your voluntary consent on processing of Personal Data;
• Legal Obligation: processing is necessary for compliance with a legal obligation to which the Company is subject, including AML/CFT regulations;
• Legitimate Interests: processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, provided that such interests are not overridden by your fundamental rights and freedoms.

6. DATA SHARING AND TRANSFERS

We may share your personal data with:

• Partner Banks and PSPs: to facilitate the provision of the Services;
• Regulatory Authorities: where required by Law or regulatory obligations;
• Service Providers: who assist us in processing your data, such as IT service providers and security services.

7. DATA RETENTION

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. The retention period will be determined by the type of data and the legal requirements applicable.

8. YOUR RIGHTS

You have the following rights regarding your personal data:

• Right of Access: you have the right to request access to your personal data held by us.
• Right to Rectification: you have the right to request correction of any inaccurate or incomplete data.
• Right to Erasure: you have the right to request the deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: you have the right to request the restriction of processing your data under certain conditions.
• Right to Object: you have the right to object to the processing of your personal data under certain conditions.
• Right to Withdraw Consent: if processing is based on consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at info@citypay.io.

9. SECURITY

We implement appropriate technical and organizational measures to ensure the security of your Personal Data and protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on the Platform, and where appropriate, notified to you via email. We encourage you to review this Policy periodically to stay informed about how we are protecting your data.

11. CONTACT INFORMATION

If you have any questions, concerns, or complaints regarding this Policy or our data practices, please contact us at:

City Pay LLC
Identification Number: 402132312