PRIVACY POLICY

Last Update: 05.12.2025

Version 2.0

This Privacy Policy explains how 1523766 B.C. LTD., a company incorporated under the laws of the Province of British Columbia, Canada, with its registered office at 5577 153A Street, Suite 207, Surrey, British Columbia, V3S 5K7, Canada (hereinafter referred to as the “Company”, “we”, “us”, or “our”), processes personal data in connection with the provision of its services.

This Privacy Policy applies to personal data processed by the Company in the course of providing administrative, technical and coordination support services related to the processing, facilitation and record-keeping of payment and value transfer instructions between independent third-party counterparties.

The Company does not operate a consumer platform, does not provide trading, investment, custody or wallet services, and does not process personal data in the capacity of a financial institution, exchange, broker or payment service provider.

This Privacy Policy describes what personal data we may process, for what purposes, on what legal basis, and what rights individuals have in relation to such processing.

1. DATA CONTROLLER
For the purposes of applicable data protection laws, the data controller is:

1523766 B.C. LTD.
5577 153A Street, Suite 207
Surrey, British Columbia, V3S 5K7
Canada

For privacy-related inquiries, you may contact us at: legal@miex.one

2. OUR RELATIONSHIP TO YOU

The Company provides its services exclusively to legal entities and individuals acting in a business or professional capacity.

In the context of this Privacy Policy, the Company processes personal data primarily in connection with its administrative, technical and coordination support services provided to independent third-party counterparties.

The Company does not offer services to consumers, does not operate a retail platform, and does not provide trading, investment, custody or wallet services.

Depending on the nature of the interaction, the Company may process personal data as a data controller or, in limited cases, as a data processor acting on documented instructions of a counterparty or a third party. Where the Company acts as a data processor, such processing is governed by applicable data protection laws and, where required, by a separate data processing agreement.

3. CATEGORIES OF PERSONAL DATA WE PROCESS

The Company processes only such personal data as is reasonably necessary for the provision of its administrative, technical and coordination support services, compliance with Applicable Law, and the management of its professional relationships.

Depending on the nature of the interaction, the categories of personal data processed by the Company may include:

3.1. Identification and Contact Information

• full name;

• business or professional contact details (such as email address, telephone number);

• business address or place of establishment;

• role, title or capacity in which an individual acts on behalf of a legal entity.
  
  

3.2. Business and Relationship Information

• information related to the professional relationship with the Company;

• records of communications and correspondence;

• information provided in connection with instructions, requests or inquiries.
  
  

3.3. Compliance-Related Information

• information reasonably required to comply with Applicable Law;

• information necessary to perform internal compliance checks based on a risk-based approach.
  
  

3.4. Technical and Usage Information

• basic technical information related to access to the Company’s websites or communication systems, such as IP address, browser type, device information and log data, collected for security and operational purposes.
  
  

4. PURPOSES AND LEGAL BASIS OF PROCESSING

The Company processes personal data only to the extent necessary for the following purposes and on the corresponding legal bases, in accordance with applicable data protection laws, including, where relevant, the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA).

4.1. Provision of Services

To provide administrative, technical and coordination support services, including the handling of instructions, requests, communications and related record-keeping.

Legal basis: performance of a contract or steps taken prior to entering into a contract; legitimate interests.

4.2. Compliance with Legal Obligations

To comply with Applicable Law, lawful requests from competent authorities, and internal compliance requirements based on a risk-based approach.

Legal basis: compliance with legal obligations; legitimate interests.

4.3. Risk Management and Security

To protect the security and integrity of the Company’s systems, services and professional relationships, and to prevent misuse, fraud or unauthorised access.

Legal basis: legitimate interests.

4.4. Communication and Relationship Management

To communicate with counterparties in relation to the Services, respond to inquiries, and manage professional relationships.

Legal basis: performance of a contract; legitimate interests.

4.5. Corporate and Administrative Purposes

To maintain internal records, perform audits, manage corporate governance matters, and support business operations.

Legal basis: legitimate interests; compliance with legal obligations.

5. DATA SHARING AND TRANSFERS

The Company does not sell personal data and does not share personal data for advertising or marketing purposes.

The Company may disclose personal data only where reasonably necessary and only to the following categories of recipients:

• Service providers, including providers of IT, hosting, communication, security and professional services, engaged by the Company to support its operations;
• Professional advisers, such as legal, accounting or audit advisers, where disclosure is necessary for corporate or compliance purposes;
• Competent authorities, courts or regulators, where disclosure is required by Applicable Law or lawful request.

Where the Company engages third-party service providers that process personal data on its behalf, such processing is subject to appropriate contractual safeguards in accordance with applicable data protection laws.

Personal data may be transferred to, stored or processed in jurisdictions outside the individual’s country of residence, including jurisdictions that may not provide the same level of data protection. In such cases, the Company ensures that appropriate safeguards are in place, as required by applicable data protection laws.

6. DATA SECURITY AND RETENTION

The Company implements reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

No method of transmission over the internet or method of electronic storage is completely secure. While the Company takes reasonable steps to protect personal data, it cannot guarantee absolute security.

Personal data is retained only for as long as reasonably necessary to fulfil the purposes for which it was collected, to comply with Applicable Law, or to establish, exercise or defend legal claims.

Retention periods may vary depending on the nature of the data, the purposes of processing and applicable legal or regulatory requirements.

7. DATA SUBJECT RIGHTS

Subject to applicable data protection laws, individuals whose personal data is processed by the Company may have the following rights:

• the right to access personal data and obtain information about its processing;
• the right to request rectification of inaccurate or incomplete personal data;
• the right to request erasure of personal data, where applicable;
• the right to request restriction of processing, where applicable;
• the right to object to processing based on legitimate interests, where applicable;
• the right to data portability, where applicable;
• the right to withdraw consent, where processing is based on consent.
  
  

The exercise of these rights may be subject to limitations or exceptions under Applicable Law.

Requests relating to data subject rights may be submitted using the contact details set out in this Privacy Policy. The Company may take reasonable steps to verify the identity of the individual submitting a request before responding.

8. COOKIES

The Company’s websites may use cookies or similar technologies for basic functionality, security and operational purposes.

Where required by Applicable Law, the Company provides appropriate information and choices regarding the use of cookies through a separate cookie notice or settings.

9. CONTACT DETAILS

If you have any questions, concerns or requests relating to this Privacy Policy or the processing of personal data, you may contact the Company at:

Email: legal@miex.one