PRIVACY POLICY

This privacy policy describes how personal data is processed within the SCANDIC brand ecosystem. It applies worldwide to all digital and analogue offerings of the companies and brands listed below, regardless of the country from which you use our services.

1.3 Brands and services (SCANDIC brand ecosystem)

1.4 Scope of application by region

We comply with the applicable data protection laws, including GDPR (EU), Swiss, UK, HK, UAE, and Ukraine laws.

For users from the European Union and the European Economic Area, as well as for processing related to the European Union, the following company is jointly responsible alongside SCANDIC FINANCE GROUP LIMITED:

2.2 Data protection officer

Contact point for all issues: Office@ScandicFinance.Global

Terms such as "personal data", "processing", "controller", "processor" or "profiling" are used in accordance with the definitions in the European Union's General Data Protection Regulation. In other jurisdictions, we refer to comparable legal terms.

We process categories including:

• Master data: Name, address, email, phone, DOB.
• Contract and financial data: Account details, transaction history, billing data.
• Identification data: ID copies, beneficial owner info, PEP status.
• Usage data: IP address, device type, log files.
• Communication data: Enquiry contents, feedback.
• Marketing data: Preferences, newsletter subscriptions.

1. Contractual purposes and pre-contractual measures.
2. Fulfilment of legal obligations (AML, tax, reporting).
3. Technical operation, security and stability.
4. Communication and customer support.
5. Marketing and analysis.
6. Enforcement and defence of legal claims.

Based on GDPR (Art 6(1)) and comparable laws:

• Consent (a)
• Contract performance (b)
• Legal obligations (c)
• Legitimate interests (f)

Data obtained directly from you, from business partners/intermediaries, public registers, credit agencies, and usage logs.

• SCANDIC brand ecosystem companies.
• Service providers (IT, hosting, payment).
• Financial institutions and partners.
• Consultants (legal, tax, audit).
• Government and supervisory authorities where obliged.

Transfers occur to HK, UAE, Switzerland, UK, Ukraine, etc. We ensure adequate protection via EU decisions, standard contractual clauses, or other measures.

stored as long as necessary for purposes or legal obligations (commercial/tax retention, AML). Deletion or anonymization follows.

11.1 Server log files: IP, date/time, user agent stored for security.

11.2 Cookies: Technical, preference, analysis, and marketing cookies used. Settings adjustable.

11.3 Analytics: Tools used based on consent or legitimate interest.

12.1 AML/Sanctions: Comprehensive checks on identity, sanctions lists, and transactions required by law.

12.2 Profiling: Automated risk assessment may occur. Reviews available for fully automated legal decisions.

Services aimed at adults. Minors need legal representative consent. Unauthorized data will be deleted.

Measures include encryption, access controls, firewalls, logging, updates, and training.

Required for account opening and transactions. We indicate mandatory vs optional fields.

Right to information, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

You may complain to supervisory authorities. For Hong Kong: Office of the Privacy Commissioner for Personal Data.

Contact details used for enquiries and contract info. Marketing/Newsletters sent only with consent or legal permission. Unsubscribe available.

Platform terms apply. We process data for communication/analysis.

We reserve right to amend policy. Changes published on website. Significant changes announced separately.