auPay Business User Privacy Policy

Version: v1.0

Effective Date: October 13, 2025

Governing Law: Republic of Malta

1. General Provisions

1.1 This Business User Privacy Policy (the “Policy”) governs the collection, use, storage, disclosure, and protection of information by auPay (the “Platform”) in the course of providing services to business users.

1.2 This Policy forms an integral part of the Business User Registration Agreement and has equal legal effect. Business users shall carefully read and fully understand this Policy before registering, accessing, or using the Platform.

1.3 By registering, accessing, or otherwise using the Platform, the business user is deemed to have fully understood and agreed to all terms of this Policy.

2. Definitions

Unless otherwise specified, the following terms shall have the meanings set out below:

  • Business User: Any legally established entity, organization, or institution using the services provided by the Platform.

  • Personal Data: Any information relating to an identified or identifiable natural person, whether directly or indirectly.

  • Business Data: Information generated, uploaded, processed, or stored by the business user in connection with the use of the Platform’s services.

  • Processing: Any operation performed on data, including collection, storage, use, transmission, disclosure, or deletion.

3. Information Collected

The Platform may collect and process the following categories of information in a lawful, fair, and necessary manner:

3.1 Corporate Information

  • Company name, registration number, and registered address;
  • Articles of incorporation and corporate structure;
  • Information relating to directors, officers, and authorized representatives.

3.2 Compliance and Due Diligence Information

  • Ultimate Beneficial Owner (UBO) details;
  • Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) documentation;
  • Source of funds and compliance declarations.

3.3 Business and Technical Information

  • Account credentials, API keys, and access logs;

  • Transaction records and operational logs;

  • IP addresses, device identifiers, and security audit logs.

4. Purpose of Processing

The Platform processes business user information solely for legitimate and lawful purposes, including but not limited to:

  • Fulfilling legal and regulatory obligations;

  • Conducting due diligence and ongoing compliance monitoring;

  • Providing, maintaining, and improving platform services;

  • Risk management, fraud prevention, and security assurance;

  • System performance optimization and technical support;

  • Any other purpose permitted under applicable laws.

5. Information Disclosure and Sharing

5.1 The Platform does not sell, lease, or improperly disclose business user information to third parties.

5.2 Information may be disclosed where necessary:

  • To comply with applicable laws, regulations, or lawful requests from authorities;
  • To fulfill regulatory, audit, or compliance obligations;
  • To protect the legitimate rights and interests of the Platform, users, or the public;
  • With the explicit consent of the business user.

5.3 Where required, the Platform may share information with affiliates, professional advisers, or technical service providers solely for the purpose of service provision and subject to appropriate confidentiality and data protection obligations.

6. Data Security Measures

6.1 The Platform implements reasonable and appropriate technical and organizational measures, including but not limited to:

  • Data encryption and access control mechanisms;
  • Identity authentication and permission management;
  • Continuous security monitoring and audit logging;
  • Regular vulnerability assessments and system updates.

6.2 While reasonable security measures are implemented, the Platform does not guarantee absolute security against all potential risks arising from force majeure or unforeseen technical vulnerabilities.

7. Data Retention

7.1 The Platform retains personal and business data only for as long as necessary to fulfill the purposes set forth in this Policy or as required by applicable law.

7.2 Upon expiration of the retention period, such data shall be securely deleted or anonymized in accordance with legal and regulatory requirements.

8. Rights of Business Users

Subject to applicable laws, business users may:

  • Request access to or correction of their information;

  • Request restriction of certain processing activities;

  • Request deletion of information where legally permissible;

  • Withdraw previously granted consent, without affecting prior lawful processing.

9. Cross-Border Data Transfers

Where cross-border transfer of data is necessary, the Platform shall ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

10. Amendments

The Platform reserves the right to amend this Policy from time to time in response to legal, regulatory, or operational requirements. Updated versions shall take effect upon publication on the Platform.

11. Governing Law and Dispute Resolution

This Policy shall be governed by and construed in accordance with the laws of the Republic of Malta.

Any dispute arising out of or in connection with this Policy shall be submitted to the competent courts of the Republic of Malta.

12. Contact Information

For any inquiries or requests regarding this Policy, please contact:

Email: info@ozhub.one

Official Channels: As published on the Platform