FinFirst Privacy Policy

Effective Date:  January 1, 2020

Introduction:

Finfirst Capital General Trading Kuwait a company incorporated and existing under Kuwaiti law, (Herein referred to as “FinFirst”) provide this Privacy Policy to the users on our digital assets (including but not limited to the website visitors, users, Social Media channels, landing pages,….), and the businesses that access services provided by or

through FinFirst. This privacy policy applies when you access www.finfirst.com or any other website or application that links to or directly provides this Privacy Policy (collectively, the “Sites”) and describes how we collect, store, use, share, and protect information about you to operate the Sites and make available business financial products and services (collectively with the Sites, the “Services”). This Privacy Policy also describes your choices regarding certain information we collect about you.

If you apply for or obtain a financial product or service where we function as a service provider for our bank partners, any information that we collect from and about you related to that financial product or service will be on behalf of the bank partner.

Information Collected:

We collect different types of information about you:

Business Information: Business Information includes information regarding businesses that use or otherwise access the Services (“Customers”). Business

Information may also include information about your customers (i.e., businesses that have a commercial relationship or otherwise transact with Customers) if collected in connection with such Customer’s use or access to the Services. Business Information includes, but is not limited to (i) business name, address, email, and telephone number, (ii) company structure, (iii) industry type, (iv) incorporation date,

(v) annual revenue, (vi) bank account information (e.g., average bank balance, bank statements, credit card statements), (vii) marketplace account information (e.g., transactions on PayPal, Shopify, Amazon), (viii) payment information (e.g., payment history, merchant category code, payment card number), (ix) business social network data (e.g., likes, posts, followers), (x) accounting information (e.g., Quickbooks), (x) vendor usage information (e.g., MailChimp), (xi) information regarding our transactions and experiences with the business, and (xiii) beneficial ownership information.

User Information: User Information includes information about the owners, principals, and business representatives, such as name, job title, the user name(s), mailing address, email address, primary telephone number, date of birth, social security number, and credit scoring. Also, if you make payments through the

Services, we may also collect information about your customers, such as payments or invoicing information, so we can provide the Services.

General Information: General Information includes technical information such as information regarding your use of and interactions with the Sites. This General Information includes, but is not limited to, information about (i) your Internet connection, (ii) the equipment you use to access the Sites and usage details, (iii) your operating system, browser version and internet protocol (IP) address, (iv) your mobile device type, your device’s unique identifier, and your mobile network information, and (v) web pages, content, communications, or advertisements that you view or otherwise interact with, and (vi) referring/exit pages, clickstream data, and information that you search for using the Services.

How We Collect Your Information:

Information Provided by You: We collect any information you provide when you use the Services. For example, we collect User Information and Business Information from you when you (i) register an account on the Sites, (ii) fill out forms or fields on the Sites, or (iii) complete an application for a product or service available through the Services. We also collect any information you may submit through communications with us by email, mail, text, telephone, facsimile or other means.

The Services allow us, upon your direction, to obtain User Information and Business Information from third party entities that your business maintains accounts with such as financial institutions, service providers, and social networking services. For example, we may obtain (i) transactional information about your business from financial institutions, (ii) information about your business’s engagement with customers from social networking services, and (iii) information about your business’s sales volume from service providers.

Information We Collect When You Use Our Services: We automatically collect General Information from your computer, mobile device or other device you use when you access the Services (including downloading and using a mobile application or accessing a mobile optimized Site), view content about the Services on a third-party website or open emails or links in emails from us. We, our business partners, or our service providers may use cookies or similar technologies to collect information. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Services. Please review your web browser “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Services to their fullest potential. We also use cookies

and similar technologies hosted by third parties on the Services. For instance, we use Google Analytics to collect and process certain analytics data. Google provides some additional privacy options described at www.google.com/policies/privacy/partners/ regarding Google Analytics’ cookies. We may receive reports based on the use of these technologies by such companies on an individual and aggregated basis.

Information Received from Third Parties: In the course of providing the Services, we may also collect additional Business Information or User Information from third parties, including, but not limited to: financial institutions, referral partners, identity verification services, card networks, vendors, mailing list providers, consumer reporting agencies, commercial credit bureaus and associations, fraud prevention agencies, and publicly available sources. We may combine this information with information we already have about you.

Use of Information:

• Service-Related Usage: We use the information we collect about and from you, both in a personally-identifiable form and in an aggregated or anonymized form, for a number of purposes, including for providing, supporting, promoting, and improving the Services. Such uses include: Enabling users to obtain products and services through the Services; Facilitating marketing, processing, servicing, and collections activities; Providing customer support; Understanding, customizing, and enhancing user experience; Providing targeted marketing and advertising; Determining your eligibility for the Services; Verifying your identity, conducting appropriate diligence, and keeping your information current;Creating an account connection between your account and a third-party account or platform; Sending notifications and information regarding the Services; Measuring and improving the performance and functionality of the Sites; Managing and protecting our information technology infrastructure; Administering and managing the security of the Sites; Developing new products and services; and Compiling, using, researching, analyzing, and generating data analytics reports to better understand our Customers and to improve the Services.

• Communications: We may communicate with you using the information collected (i) for customer service, (ii) to provide you with updates or information relating to the Services, or (iii) to conduct surveys and collect feedback about the Services.

• Marketing and Advertising: We may use the information we collect for marketing and advertising purposes. These purposes may include communicating with you about our products and services, or products and services offered by or through our business partners (including our bank partners), including but not limited to providing you with promotional materials that may be useful, relevant, valuable, or otherwise of interest to you, and inviting you to participate in events or surveys. Where required under applicable law, we will obtain your prior opt-in consent to send you electronic marketing communications. To learn more about your choices regarding interest-based advertising and cross-device tracking, please see the Third-Party Information Collection section below.

• Compliance with Law and Our Own Obligations: We may use the information we collect, to the extent permitted or required under applicable laws (i) to enforce our Terms of Service or other legal rights, including intellectual property infringement, (ii) to detect and protect against potentially prohibited or illegal activities, including fraud and unauthorized access, (iii) in response to lawful requests for information or legal process, (iv) to establish, exercise, or defend a legal claim, and (v) to comply with our contractual obligations, our policies, industry standards, and applicable laws.

• Other Purposes: We may use the information we collect for other purposes for which we provide notice to you at the time of collection or for which we obtain your consent.

• Aggregate Data: We may process your information in an anonymized or aggregated form for purposes other than described above.

Information Sharing:

We may share Business Information, User Information, and General Information as follows:

• Affiliates and Subsidiaries: We may share your information with and amongst our affiliates and subsidiaries for any of the purposes described in the Use of Information section above.

• Service Providers: We may engage service providers to assist us in providing Services. These service providers may provide services such as fraud prevention, cloud computing, cybersecurity, identity verification, credit checks, collections, and payment processing. We may share any information we receive with such parties as is necessary for the provision of the Services.

• As Required By Law and Similar Disclosures: We may disclose your information if we believe doing so is required or appropriate to (i) comply with applicable laws, regulations, and card association rules, (ii) comply with regulatory investigations, enforcement requests, and legal process, such as subpoenas, court orders, and bankruptcy notices, (iii) respond to your requests or resolve disputes or inquiries, (iv) detect, prevent, or otherwise address fraud, confidentiality, security or technical issues, (v) respond to regulatory authorities jurisdiction over us for examinations, compliance, or other purposes, (vi) respond to requests from bank partners or third-party auditors, and (vii) protect your, our, or others’ rights, property, or safety, or the security or integrity of our Services.

• Business Partners: We may disclose information about you with business partners, including our bank partners, in connection with jointly offered products and services, as well as products and services offered by these partners and made available through the Services or which we believe may be of interest to you or your business. These business partners are generally subject to contractual obligations entered into with us restricting how they may use this information.

• Corporate Changes and Transactions: We may disclose your information in connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale or transfer of some or all of our stock and/or assets; equity or debt financings, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.

• Aggregated or Anonymized Information: We may sell, license or distribute information in anonymized or aggregated form so that the information does not identify a specific user, without restriction, including, but not limited to, for producing data analytics and reports for business partners or other third parties.

• Consent: We may disclose your information to any third party with your consent. For example, we may disclose information at your direction, as described at the time you agree to share, or when you authorize a third-party application or website to access your information.

• Other Purpose: To fulfill the purpose for which you provide such information to us or any other purpose disclosed by us when you provide the information to us.

Third-Party Information Collection:

We may work with third-party advertising partners (e.g., Facebook, Instagram, Google, Twitter, Snapchat, TikTok, LinkedIn,….) to display advertisements on the Sites and other websites and mobile applications and third-party analytics partners (e.g., Google Analytics) to evaluate and provide us with information regarding your use of the Sites. We may also utilize framing techniques to serve you content from third-party providers, while preserving the look and feel of the Services. In such cases, you will be providing information to these third parties.

These third parties may use cookies, Web beacons, pixel tags and similar technologies to collect information about your activities on the Sites and other Web sites to provide you personalized advertising based on your interests and browsing activity.

Push Notifications:

If you are a user of our applications, we may send push notifications or alerts to your mobile device even when you are not logged in. We may use push notifications to send you notifications related to the Services and various triggers based on your selections.

Your Access:

If you are a registered user of the Services, you may review or modify certain Business Information and User Information we have collected about you by logging into your account for the Services and updating your profile. This section of the Site is password protected to better safeguard your information. If you would like to change any other information that you cannot independently correct, you may submit a request for such updates by contacting us. Under certain circumstances we may not be able to fulfill your request, such as if it restricts our ability to comply with applicable laws and regulations or legal process, we cannot verify your identity, or it involves disproportionate cost or effort. In such instances, we will respond to your request within a reasonable timeframe and provide you an explanation of our decision.

Your Choices:

You may choose to stop receiving marketing emails by following the unsubscribe instructions included in these emails. You may also request that we do not call you for marketing-related purposes. In addition to following the unsubscribe instruction in relevant email communications, you may make these requests by contacting us. We will respond to your request within a reasonable timeframe. In addition, if you no longer wish to receive marketing notifications through our mobile applications you can adjust your device’s privacy preferences by visiting the settings page of the device. Opting out of marketing emails or notifications will not stop your receipt of non-marketing emails and notifications related to the Services.

Various browsers may offer their own tools to manage cookies. If you disable cookies, you can still use the Services, but your ability to use some features of the Services may be limited.

Links to Third Party Websites:

The Sites may include links to other websites or mobile applications whose privacy practices may differ from ours. We are not responsible for any practices employed on third-party websites or applications, including the information and content contained on the website or application. If you submit information to a third-party website or application, your information is governed by the third party’s privacy policy. We encourage you to carefully read the privacy policy of any website or application you visit, access, or use.

Security of Information:

We take reasonable measures, including administrative, technical, and physical safeguards to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. Your information is securely sent to us with at least 128 bit-encryption over the Transport Layer Security (TLS) protocol. This creates an encrypted connection between your browser and us so that any sensitive information you provide can be securely transmitted. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

You are responsible for securing and maintaining the privacy of your banking credentials and account information. We are not responsible for protecting any information we share with a third-party based on an account connection that you have authorized.

Children’s Privacy

This Site and products or services available through this Site are not intended for children under the age of 18. We do not knowingly solicit or market online to children under the age of 18. If we knowingly receive a child’s personally identifiable information, we will immediately delete it from our system. Contact us at the address or phone number in the Contact Us section if you believe that we have mistakenly or unintentionally collected information from a child under the age of 18.

Testimonials:

We may display testimonials of satisfied Customers on the Services with their consent. If you wish to update or delete a testimonial posted in accordance with this Privacy Policy, you can contact us.

Referrals:

If you choose to participate in a referral service program to tell a business about the Services, we will ask you for the business’s name and email address. Depending on the Services used, we will send the referred business an email either directly or on behalf of our business or bank partners, inviting the business to use the Services. We store information about the business for the purpose of sending an email and tracking the success of the referral program. We may send additional emails to the business directly or on behalf of our business or bank partners, unless the business opts out of receiving such emails. Businesses that you refer may contact us to request that we remove their information from our database.

Social Media Widgets:

The Services may include social media features and widgets, such as the Facebook “Like” button, or interactive mini-programs that run on the Services. These features may collect information such as your IP address and which page you are visiting on the Site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third-party or hosted directly on the Services. Your interactions with these features are governed by the privacy policy of the company providing it.

Data Retention:

We will retain your information for (i) as long as reasonably necessary to provide you Services, (ii) as long as reasonably useful for commercial purposes, or (iii) as long as necessary to comply with applicable laws and internal policies regarding recordkeeping, reporting, audits, and litigation holds. If you wish to request that we no longer use your information to provide you Services, you may contact us at the address or phone number at the bottom of this Privacy Policy. We will nonetheless retain your information to the extent that we deem necessary to comply with our legal or contractual obligations, resolve disputes, as needed to provide you Services, or for other business purposes.

Transfers to Other Countries:

We may transfer information to other countries, for example, for customer service or to process transactions. We will protect your information as described in this Privacy Policy if your information is transferred to other countries. By using our Sites and Services, you consent to your information being transferred to other countries, including countries that have different data protection rules than your country. We do not represent that our Sites and Services are appropriate or available in any particular jurisdiction.

Changes to the Privacy Policy

By visiting the Sites or using the Services, you accept the practices described in this Privacy Policy. We may update this Privacy Policy from time to time by making available a revised, dated version on the Sites. If the revised version includes a substantial change, we will provide a more prominent notice (including, for certain services, an email notification of Privacy Policy changes) prior to the change becoming effective. Your continued use of the Site shall constitute your acceptance of such updated Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us:

Any questions or concerns regarding this Privacy Policy, our practices, the Sites, or the Services, please contact us.