Privacy Policy
These will help you better understand how we collect, use, and share your personal information
Table Of Content
DEFINITIONS AND JURISDICTIONAL SCOPE
1.1 Scope and Application
This Privacy Policy (the "Policy") governs the collection, processing, and disclosure of Personal Data by Scopex Technologies Limited, a company incorporated in Ontario, Canada ("Scopex," "We," "Our"), in connection with the access and use of the Scopex cross-border payment facilitation platform (the "Platform").
1.2 Legal Entity
You acknowledge that Scopex operates strictly as a Technical Service Provider (TSP), as defined by the Payment Services Directive 2 (PSD2) in the EEA and the Payment Services Regulations 2017 (PSRs) in the UK. We do not engage in regulated financial activities, including but not limited to, holding or settling customer funds, executing payment orders, or acting as a Payment Service Provider (PSP) or Electronic Money Institution (EMI). We operate through our website and mobile app.
| Entity | Role in Processing | Legal Basis |
|---|---|---|
| Scopex (TSP) | Joint Data Controller | Personal Data related to Platform management, security, and contractual provision of technical services. |
| Licensed Partners | Primary Data Controller | All Personal Data necessary for regulated activities, including KYC, AML checks, fraud screening, fund custody, and final payment execution. |
Please be aware that privacy policies of our Licensed Partners apply to you separately, please read the terms of the Privacy Policy of our Licensed Partners to know more as we are not responsible for the disclaimer and warranties made by our Licensed Partners.
CATEGORIES OF PERSONAL DATA PROCESSED
We process distinct categories of Personal Data, differentiated by the purpose and the respective Data Controller.
2.1 Platform and Account Data (Scopex as Controller)
This data is processed by Scopex for the technical functionality and security of the Platform:
- Identity Data: Name, email address, physical address, phone number, and date of birth (collected for contractual identification).
- Technical and Usage Data: IP address, device identifiers, browser type, location data (geo-IP), operating system, and data generated by your activity on the Platform (e.g., login times).
- Communications Data: Records of communications with our technical support team.
2.2 Transaction and Regulated Data (Data Transmitted to Licensed Partners)
This data is collected via the Platform but is immediately and securely transmitted to the relevant Licensed Partner for their regulated processing:
- KYC/AML Data: Copies of government-issued identification, utility bills, source of funds documentation, and the results of PEP/sanctions screening (performed by the Licensed Partner).
- Financial Instruction Data: Transaction amount, currency, purpose of payment, and beneficiary details (name, bank account, and associated financial identifiers).
Explicit Exclusion of Credentials (PSD2/SCA Compliance):
Scopex does not collect, store, or otherwise process your banking login details or Personalized Security Credentials (PSCs). The entry of this sensitive information occurs solely within the secure environment controlled by the relevant Licensed Partner or your Account Servicing Payment Service Provider (ASPSP).
PURPOSE AND LEGAL BASIS FOR PROCESSING
We process your Personal Data strictly for the following purposes and rely on the corresponding legal bases:
| Purpose of Processing | Legal Basis (GDPR/UK GDPR/Indian Law Principles) |
|---|---|
| Provision of Technical Services | Contractual Necessity: To provide access to the Platform and fulfill our obligations under the Terms of Service. |
| Secure Data Routing and Orchestration | Contractual Necessity: To securely transmit User Details and Transaction Data to the Licensed Partner for payment execution. |
| Platform Integrity and Cyber Security | Legitimate Interest: To monitor for and prevent technical fraud, abuse, and to ensure the security and stability of our Platform. |
| Compliance with Canadian Law | Compliance with a Legal Obligation: To meet our regulatory and statutory reporting obligations in Canada (our jurisdiction of incorporation). |
| Regulatory Support for Partners | Legitimate Interest: To document the data trail in a manner that assists our Licensed Partners in meeting their mandatory KYC/AML/CTF compliance obligations. |
DATA DISCLOSURE AND INTERNATIONAL TRANSFERS
4.1 Disclosure to Licensed Partners and Affiliates
We disclose data primarily to our Licensed Partners, as this constitutes the core functionality of the Platform. This disclosure is a contractual requirement necessary for the payment transaction to proceed. The Licensed Partner subsequently processes this data to:
Verify your identity and conduct mandatory AML/KYC screening.
Execute the transfer of funds (execution and settlement).
Perform fraud monitoring and regulatory reporting required by their respective licenses.
4.2 Cross-Border Data Transfers
As Scopex is an entity facilitating payments between the Canada, EU, UK, and India, your Personal Data is subject to international transfers.
Transfer to Scopex (Canada): Canada is recognized by the European Commission and the UK Government as providing an adequate level of protection for Personal Data.
Transfers to Third Countries (EU/UK to India): Where data is transferred from the EEA or UK to a Licensed Partner or transferred from the EEA or UK to a Licensed Partner or beneficiary in a jurisdiction lacking an adequacy decision (e.g., India), we ensure that appropriate safeguards are in place, typically through the execution of the Standard Contractual Clauses (SCCs) or reliance on the derogation of necessity for the performance of a contract (the payment service).
DATA SUBJECT RIGHTS AND RESPONSIBILITIES
As a Data Subject, you retain statutory rights concerning your Personal Data.
5.1 Exercise of Rights
Requests to exercise your rights of Access, Rectification, Restriction, or Erasure may be directed to Scopex. However, you acknowledge that our ability to comply with an Erasure request is heavily limited by the regulatory obligations of our Licensed Partners
A. Right of Access
| Component | Detailed Scope of Action |
|---|---|
| Confirmation | You have the right to obtain confirmation from Scopex as to whether or not your personal data is being processed. |
| Data Copy | If processing is confirmed, you have the right to receive a copy of the personal data undergoing processing, in an easily accessible and commonly used electronic format. |
| Information | You have the right to be informed about the following: the purposes of the processing; the categories of personal data concerned; the recipients to whom the personal data has been or will be disclosed; the retention period(or the criteria used to determine that period); and information about your other rights (Rectification, Erasure, Restriction). |
| Source | You have the right to know where the data originated, if it was not collected directly from you. |
2. Right to Rectification
| Component | Detailed Scope of Action |
|---|---|
| Correction | You have the right to request that Scopex correct, without undue delay any inaccurate personal data concerning you. |
| Completion | Taking into account the purposes of the processing, you have the right to have incomplete personal data completed , which may include providing a supplementary statement. |
| Notification | Scopex is generally required to communicate any rectification made to your data to every recipient to whom the personal data was previously disclosed, unless this proves impossible or involves disproportionate effort. |
3. Right to Restriction of Processing
| Component | Detailed Scope of Action |
|---|---|
| Effect | If this right is exercised, Scopex may store your data but is prohibited from processing it further (e.g., cannot use it for marketing, analytics, or service provision) unless there is your consent, for legal claims, for the protection of the rights of another person, or for reasons of important public interest. |
| Circumstances | You can request restriction of processing when: You contest the accuracy of the personal data (restriction applies while Scopex verifies the accuracy).The processing is unlawful, and you oppose erasure and request restriction instead.Scopex no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims. You have exercised your Right to Object(restriction applies pending the verification of whether the legitimate grounds of Scopex override yours). |
| Notification | Scopex must inform you before the restriction is lifted. |
4. Right to Erasure
| Component | Detailed Scope of Action |
|---|---|
| Mandatory Erasure | Scopex must erase your personal data without undue delay if one of the following grounds applies: The data is no longer necessary for the purpose it was collected. You withdraw consent and there is no other lawful basis for the processing. You object to the processing, and there are no overriding legitimate grounds for Scopex to continue processing.The personal data has been unlawfully processed.The data must be erased for compliance with a legal obligation. |
| Public Data | If Scopex has made your data public, it must take reasonable steps, considering available technology and cost of implementation, to inform other controllers who are processing the data that you have requested the erasure of any links to, or copies of, that data. |
5.2 Regulatory Retention Conflict
Data Minimization Principle: Due to the regulatory mandates (e.g., 5-year retention for KYC/AML records) imposed on our Licensed Partners, any Personal Data that has been transmitted for the purpose of an executed payment transaction will be retained by the Licensed Partner for the required statutory period. Scopex cannot enforce the erasure of data retained by a Licensed Partner for compliance with their legal obligations.
5.3 Limitation of Liability of ScopeX
Notwithstanding anything to the contrary contained herein, the Company's liability to you for any cause whatsoever and regardless of the form of the action, will at all times be limited to the amount paid, if any, by you to the Company for the Service during the twelve (12) months prior to the claim.
5.4 Contact for Disputes
If you are dissatisfied with our response regarding your Personal Data, you retain the right to lodge a complaint with the relevant data protection authority in your jurisdiction (e.g., the Information Commissioner's Office in the UK or your national regulator in the EEA).
DATA RETENTION AND CONTACT
6.1 Retention Protocols
We retain the Personal Data for which we act as Controller (Platform and Account Data) for the duration of our business relationship with you and for a subsequent period of three (3) years, unless a longer retention period is required by law (e.g., for tax or litigation purposes).
6.2 Data Security Measures
We maintain commercially reasonable technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in accordance with industry best practices and our role as a TSP.
6.3 Contact Information
For all inquiries related to this Policy, your Personal Data, or the exercise of your rights, please contact our Data Protection Office:
Scopex Technologies Limited
Attention: Data Protection Officer
Address: Unit C6 - 80 Birmingham St, Toronto, ON, Canada, M8V3W6
Email: legal@scopex.money