Privacy and Data Collection Policy

Last Updated: April 25, 2024

This Privacy and Data Collection Policy explains the practices, collection, use, and sharing of information by Rabafast (“we”, “us”, “our”) with our registered office at 422 Richard St, Suite 170, Vancouver BC, Canada. Trust and security are a significant part of what makes Rabafast your preferred platform for international money transfer. Your privacy is a priority to us, so this policy outlines how we keep your data safe and secure. Unless otherwise stated, this Privacy and Data Collection Policy describes and governs the information collection, use, and sharing practices of Rabafast with respect to your use of our website [https://rabafast.com/] and the services (“services”) we provide and/or host on our servers or via our represented staff. Before you use or submit any information through or in connection with the services, carefully review this policy. By using any part of the services, you understand that your information will be collected, used, and disclosed as outlined in this Privacy and Data Collection Policy. If you do not agree to this policy, please do not use our services.

1.0 Our Standards

Rabafast has designed this Notice to be consistent with the international best standards as follows:

• Reader-friendly and in a comprehensive manner;

• Data collection, storage, and processing simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand;

• Data practices meet the reasonable expectations of users.

2.0. Information We Collect

We collect personal information in compliance with the Office of the Privacy Commissioner of Canada (OPC) including your name, physical address, email address, bank details, Date of Birth, Occupation or Employment Details , Bank Verification Number (BVN), and proof of identity (such as a passport, driver’s license, national ID card, or residence permit), Utility Bill/Proof of Address, Facial recognition/biometrics [where applicable] and Source of Funds/Income [where applicable] to provide our services securely and in compliance with applicable legal requirements. By using our services, you consent to the collection, use, and disclosure of your personal data for these purposes. We are committed to protecting your privacy by implementing appropriate security measures to safeguard your information from unauthorized access. You have the right to access, correct, or withdraw your consent regarding the personal information we hold, and we will ensure that your data is retained only as long as necessary to fulfill the purposes for which it was collected. In the event of a cross-border data transfer, we will take necessary steps to ensure your data is protected in accordance with privacy standards. As a regulated financial institution, we are bound by the legal requirement to collect, verify and record certain data about you or recipients of your transactions. Any personal data received from the customer for the purpose of preventing money laundering or terrorist financing will be used only for that purpose and nothing more.

We collect your information in multiple ways, such as when you provide information directly to us; when we passively collect information from you, such as from your browser or device; and from third parties. This data will be needed to conduct Know Your Customer (KYC), Customer Due Diligence (CDD) and security checks, as required by local and international regulations. This helps us keep your money safe, and we will only request these details when necessary. We record all incoming and outgoing calls that are handled by Rabafast. Our customer service agent will inform you about call monitoring and recording. We usually record conversations with our customers to help improve our service.

2.1. Information You Provide Directly to Us

We will collect any information you provide to us. We may collect information from you in a variety of ways, such as when you:

(a) transact with us;

(b) send and Receive Money

(d) subscribe to our mailing lists or newsletter(s).

This information may include but is not limited to your name, email address, phone number, mailing address, payment information, and your geographic location.

2.2. Information that Is Automatically Collected

Device/Usage Information

We may automatically collect certain information about the computer or devices (including mobile devices or tablets) you use to access the services. As described further below, we may collect and analyze:

(a) device information such as IP addresses, location information (by country and city), unique device identifiers, IMEI and TCP/IP address, browser types, browser language, operating system, mobile device carrier information; and

(b) information related to the ways in which you interact with the services, such as referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the services, the amount of time spent on particular pages, the date and time you used the services, the frequency of your use of the services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.

Cookies and Other Tracking Technologies

We also collect data about your use of the services through the use of Internet server logs and online tracking technologies, such as cookies and/or tracking pixels. A web server log is a file where website activity is stored. A cookie is a small text file that is placed on your computer when you visit a website, that enables us to:

(a) recognize your device such as phone, tablet, computer;

(b) store your preferences and settings;

(d) enhance your user experience by delivering content specific to your inferred interests;

(e) perform searches and analytics; and

(f) assist with security administrative functions.

Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the services and associated advertising, and to access user cookies. We may also use tracking technologies in our license buttons and/or icons that you can embed on other sites/services to track the website addresses where they are embedded, gauge user interaction with them, and determine the number of unique viewers of them. If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as whether you open our message, click on any links or banners our email contains, or otherwise interact with what we send. This data allows us to gauge the effectiveness of our communications and marketing campaigns. As we adopt additional technologies, we may also gather additional information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information. Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the services. For more information about how we use cookies, please read our Cookie Notice.

2.3. Information from Third Parties

To the extent permitted by law and for the purposes of our services, we may also collect information from third parties, including public sources, social media platforms, and marketing and market research firms. Depending on the source, this information collected from third parties could include name, contact information, demographic information, information about an individual’s employer, information to verify identity or trustworthiness, and information for other fraud or safety protection purposes. Data from other third party sources, such as (but not limited to): Facebook, Twitter or Google profile images and names, Banks and payment service providers used to transfer money to us, Advertising networks, Search engines providers (such as Yahoo.com or Google) and Credit reference agencies. Rabafast collects this data only when you provide the relevant permission to social media sites. Technical data, such as (but not limited to): Page views, App downloads, Operating system and Browser type. This data is used to help us to understand how you use our service, so that we can improve it.

3.0. How We Use Your Information

3.1.We may use the information we collect from and about you to:

3.1.1 Fulfill the purposes for which you provided it.

3.1.2 Provide and improve the services, including to develop new features or services, take steps to secure the services, and for technical and customer support.

3.1.3 Make sales, accept payments, or process transactions; Send you information about your interaction or transactions with us, account alerts, or other communications, such as newsletters to which you have subscribed.

3.1.4 Process and respond to your inquiries or to request your feedback; Conduct analytics, research, and reporting, including to synthesize and derive insights from your use of our services.

3.1.5 Comply with the law and protect the safety, rights, property, or security of Rabafast, the services, our users, and the general public; and

3.1.6 Enforce our Terms of Use, including to investigate potential violations thereof.

3.2 Please note that we may combine information that we collect from you and about you (including automatically collected information) with information we obtain about you from our affiliates and/or non-affiliated third parties, and use such combined information in accordance with this Privacy and Data Collection Policy.

3.3. We may aggregate and/or de-identify information collected through the services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes

4.0. Our Disclosure of Your Information

We may disclose and (or) share your information in and under the following circumstances:

4.1. Service Providers

We may disclose your information with third parties who perform services on our behalf, including without limitation, website developers, internet service providers, marketing personnel, customer support agents, data storage operators, data analysts and legal service providers.

4.2. Legal Compliance and Protection

We may disclose your information if required to do so by law or on a good faith belief that such disclosure is permitted by this Privacy and Data Collection Policy or reasonably necessary or appropriate for any of the following reasons:

(a) to comply with legal process;

(b) to enforce or apply our Terms of Use and this Privacy and Data Collection Policy, or other contracts with you, including investigation of potential violations thereof;

(d) to respond to your requests for customer service; and/or

(e) to protect the rights, property, or personal safety of Rabafast, our agents and affiliates, our users, and the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.

4.3. Business Transfers

As we continue to develop our business, we may engage in certain business transactions, such as the transfer or sale of our assets. In such transactions, (including in contemplation of such transactions, e.g., due diligence) your information may be disclosed. If any of our assets are sold or transferred to a third party, customer information (including your name, phone number, and email address) would likely be part of the transferred business assets.

4.4. Affiliated Companies

We may disclose your information with current or future affiliated companies.

4.5. Consent

We may disclose your information to any third parties based on your consent to do so.

4.6. Aggregate/De-identified Information

We may disclose de-identified and/or aggregated data for any purpose to third parties, including advertisers, promotional partners, and/or others.

5.0. Our Legal Basis for Processing Your Information

The laws in certain jurisdictions require companies such as ours to inform you about the legal ground they (We) rely on to use or disclose information that can be directly linked to or used to identify you. To the extent those laws apply, our legal grounds for processing such information are:

5.1. To Honor Our Contractual Commitments to You

Much of our processing of information is to meet our contractual obligations to provide services to our users.

5.2. Legitimate Interests

In many cases, we handle information on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, these include:

5.2.1. Customer service

5.2.2. Marketing, advertising, and fundraising

5.2.3. Protecting our users, personnel, and property

5.2.4. Managing user transactions

5.2.5. Organizing and running events and programs

5.2.6. Analyzing and improving our business

5.2.7. Managing legal issues

We may also process information for the same legitimate interests of our users and business partners.

5.3. Legal Compliance

We may need to use and disclose information in certain ways to comply with our legal obligations.

5.4. Consent

Where required by law, and in some other cases where legally permissible, we handle information on the basis of consent. Where we handle your information on the basis of consent, you have the right to withdraw your consent; in accordance with applicable law.

6.0. Online Analytics

We may use third-party web analytics services (such as Google Analytics) on our services to collect and analyze the information discussed above, and to engage in auditing, research, or reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Other Tracking Technologies” section above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the services, including by noting the third-party website from which you arrive to our Site, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the official Google Analytics opt-out browser add-on.

7.0. Your Choices and Data Subject Rights

7.1. Rabafast may transfer Personal Information that we maintain about you to recipients outside the country in which the Personal Information was originally collected. The data protection regulations of these countries may be different from those of your country. Where Personal Information is to be transferred to a country outside Canada, Rabafast shall put adequate measures in place to ensure the security of such Personal Information. Transfer of Personal Information out of Canada would be in accordance with the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable regulations such as the Personal Information Protection Act (PIPA). Rabafast will therefore only transfer Personal Information out of Canada on one of the following conditions:

7.1.1 The transfer is necessary for the performance of a contract between Rabafast and the Data Subject or implementation of pre-contractual measures taken at the Data Subject’s request.

7.1.2 The transfer is necessary to conclude a contract between Rabafast and a third party in the interest of the data subject.

7.1.3 The consent of the data subject has been obtained.

7.1.4. The transfer is necessary for reasons of public interest.

7.1.5. The transfer is for the establishment, exercise, or defense of legal claims.

7.1.6. The transfer is necessary in order to protect the vital interests of the data subjects or other persons, where the Data Subject is physically or legally incapable of giving consent. Rabafast will take all necessary steps to ensure that Personal Information is transmitted in a safe and secure manner. Details of the protection given when your personal information is transferred outside Canada shall be provided to you upon request.

7.2. Legal Basis for Processing Your Personal Information

Please note that you are not obliged to share your Personal Information with Us. But if you refuse to share the Personal Information we require from you for the purpose of providing our services, we will not be able to provide our services to you. To use your information as described above, we rely on the following legal bases:

7.2.1. Provide the services to You: We process your information to perform the contract (Terms and Conditions of Service) that you have with us.

7.2.2. Legitimate interests: We use your information for legitimate business interests when permitted by law. For example, we analyze users’ behavior on the services to improve them, for direct marketing, and for administrative use, fraud detection, and other legal purposes.

7.2.3. Consent: From time to time, we may ask for your consent to use your information for certain specific reasons. You may withdraw your consent at any time by contacting us using the contact information provided at the end of this Privacy and Data Collection Policy.

7.2.4. Performance of a contract: The processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.

7.2.5. Legal Compliance: Processing is necessary for compliance with a legal obligation to which Rabafast is subject.

7.2.6. Vital Interest: Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person.

7.2.7. Public Interest and Mandate: Processing is necessary for the performance of a task carried out in the public interest or in exercise of official public mandate vested in Rabafast. For the purpose of this Privacy and Data Collection Policy, consent means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, through a statement or a clear affirmative action, signify their agreement to the processing of Personal Information relating to them.

7.3. Your Rights as a Data Subject

7.3.1. Individuals who have their Personal Information held by Rabafast are entitled to exercise the rights below and may contact us accordingly: Right to request for and access their Personal Information collected and stored. Where data is held electronically in a structured form, such as in a Database, the Data Subject has a right to receive that data in a common electronic format.

Right to information on their personal information collected and stored.

Right to objection or request for restriction.

Right to object to automated decision-making.

Right to request rectification and modification of Personal Information which Rabafast keeps.

Right to request for deletion of their data.

Right to request the movement of data from Rabafast to a third party; this is the right to the portability of data.

Right to object to, and to request that Rabafast restricts the processing of their information.

7.3.2. Your request will be reviewed by Rabafast Data Protection Officer (DPO) or Compliance Officer and carried out except as restricted by law or Rabafast’s statutory obligations. You may decline to provide your Personal Information when it is requested by Rabafast, however, certain services or all the services may be unavailable to you. You may review your account settings and update your Personal Information directly or by contacting us. You have various rights with respect to the collection and use of your information through the services. Those choices are as follows:

8.0. Email Unsubscribe

You may unsubscribe from our mailing lists or newsletter(s), marketing, sales, promotions emails at any time by clicking on the “unsubscribe” link at the bottom of every email or by emailing customerexperience@rabafast.com with your request.

9.0. Account Preferences

If you have registered for an account with us through our services, you can update your account information or adjust your email communications preferences by logging into your account and updating your settings.

10.0. Cross-Border Transfers

10.1. We may share your information with trusted service providers or business partners in countries other than your country of residence in accordance with applicable laws. By providing us with your information, you acknowledge any such transfer and the storage or use of your data.

10.2. We transfer your Personal Information in circumstances necessary for the performance of a contract; the implementation of pre-contractual measures undertaken on your behalf in connection with our services that we provide you; for important reasons of public interest; for the establishment, exercise, or defense of legal claims; and to protect your vital interests or of other persons where you are physically or legally incapable of giving consent.

11.0. Security Measures

We have implemented technical, physical, and organizational security measures to protect against the loss, misuse, and (or) alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store. But we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.

12.0. Children

The services are intended for users over the age of 18 and are not directed at children under the age of 13. If we become aware that we have collected personal information from children under the age of 13, or personal data from children under the age of 16, we will take reasonable steps to delete it as soon as practicable.

13.0. Data Retention

(a) We retain the information we collect for as long as necessary to fulfill the purposes set forth in this Privacy and Data Collection Policy or if we are legally required or permitted to do so subject to the relevant requirements under the applicable law or regulations. Information may persist in copies made for backup and business continuity purposes for additional time.

(b) Rabafast retains personal data for as long as a user's profile or account remains active. Personal data associated with accounts that have been inactive for over 365 days will be permanently deleted, unless retention is required to meet legal, regulatory, or compliance obligations. By using our services, you consent to this data retention and expungement policy

13.1 How long do we keep your data?

Depending on what purpose your data is used for, the length of time we keep it may vary. Either way, we will only hold your data as long as necessary to serve the purpose it is used for. We are legally required to keep the data obtained for Know Your Customer (KYC), Customer Due Diligence (CDD) and security purposes (including transaction records and our communications with you) for at least five years after the most recent transaction.

13.2 Legitimate Interest and Consent

When the five years’ retention period and/or legitimate interest no longer apply, we will remove your data from our system. For more information on legitimate interest, please see Section 8 of this policy. In situations where you give us specific consent to process certain kinds of data, you are able to withdraw that consent at any time. We will then stop processing your data and, if the five years’ retention period and/or legitimate interest retention period does not apply, we will also erase your data from our system. We may retain any data mentioned above for a longer period, if required to protect the rights, property or safety of Rabafast or of the service provided by us or our partners.

13.3 Who do we share your data with?

We share your personal data with third parties only when it is necessary for the fulfilment of the service or to comply with applicable laws. We will never sell your personal data to other organisations. We work with partners who help us to complete your transactions. We will share your personal data with them only when they apply essential safeguards, or if it has been established that the relevant country has an appropriate data protection regime in place, or when we other wise ensure that the appropriate level of protection is applied for data processing. The following are some purposes for which we may share your data with third parties: To fulfil the contract between you and Rabafast and when required by law

14.0. Third-Party Links and services

The services may contain links to third-party websites (e.g., social media sites like Facebook and Twitter), third-party plug-ins (e.g., the Facebook “like” button and Twitter “follow” button), and other services. If you choose to use these sites or features, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. The collection, use and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Privacy and Data Collection Policy. We encourage you to read the privacy statements of each and every site you visit.

15.0. Changes to this Privacy and Data Collection Policy

We will continue to evaluate this Privacy and Data Collection Policy as we update and expand our services, and we may make changes to the Privacy and Data Collection Policy accordingly. We will post any changes here and revise the date last updated above. We encourage you to check this page periodically for updates to stay informed on how we collect, use and share your information. If we make material changes to this Privacy and Data Collection Policy, we will provide you with notice as required by law.

16.0. Questions About this Privacy and Data Collection Policy

If you have any questions about this Privacy and Data Collection Policy or our privacy practices, you can contact us at: legal@rabafast.com