MoneyBlink is the data controller responsible for your personal data. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this policy.

Contact: [email protected]

1. The Data We Collect

We collect, use, and store different types of personal data:

· Identity Data: Full name, date of birth, gender, and government-issued ID numbers.

· Contact Data: Email address, billing address, and phone numbers.

· Financial Data: Bank account details, payment card details, and source of funds documentation.

· Technical Data: IP address, browser type, and operating system.

· Special Category Data (Biometrics): For "liveness checks" and identity verification, we process biometric data. We process this data based on your explicit consent and our legal obligations under AML/CFT regulations to prevent fraud.

· Transaction Data: Details about payments to and from your MoneyBlink account.

2. How and Why We Use Your Data

We only process your data when the law allows us to. The primary legal bases are:

· Performance of a Contract: To provide our EMI services to you.

· Legal Obligation: Specifically for AML/CFT compliance and MFSA reporting.

· Legitimate Interests: For fraud prevention, internal analysis, and network security.

· Consent: For marketing communications (which you can withdraw at any time).

3. Automated Decision-Making & Profiling

As a 2026-standard EMI, MoneyBlink utilizes AI-driven profiling for security. We use automated systems to monitor transactions for fraud and money laundering. If a transaction is flagged, it may be subject to manual review. You have the right to contest any automated decision that significantly affects you.

4. Data Security (DORA Compliance)

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. In accordance with the Digital Operational Resilience Act (DORA), we maintain strict internal protocols to ensure the continuity and security of our financial services.

5. Data Sharing and International Transfers

We may share your data with:

· Regulators: MFSA, FIAU, and Central Bank of Malta.

· Service Providers: Cloud hosting, KYC/KYB verification providers, and card issuers.

· Third Countries: If data is transferred outside the EEA, we ensure a similar degree of protection by implementing Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

In line with Malta’s AML regulations, we retain your personal data for a period of five (5) years after the business relationship ends. In certain legal scenarios, this period may be extended to ten (10) years.

7. Your Legal Rights

Under GDPR, you have the following rights:

· Access, Correction, and Erasure: Request a copy, update, or deletion of your data (subject to legal retention).

· Object/Restrict: Object to processing based on legitimate interests.

· Data Portability: Request transfer of your data.

· Right to Complain: If you feel your data is mishandled, you have the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) in Malta (https://idpc.org.mt).