Privacy Policy

• Midpoint is the data controller of your personal information and we are registered with the information Commissioner's Office with reference number ZA036826.
• We collect the personal information set out here, including account registration details, transactional information you undertake with Midpoint, survey information (where you provide it), identity verification data and information about your use of our site and services.
• We use your personal information for the purposes set out in the "How We Use the Information" section of this Privacy Policy below, including providing our site and services to you, ensuring the security and performance of our site and performing statistical analysis of the use of our site and services.
• We process your personal data as set out in this Privacy Policy on the basis of your consent. In situations where we obtain your personal data from a source other than you, we process your data on the basis of legitimate interests, until the earlier of (a) the point at which you provide your consent; or (b) the point at which you ask us to stop processing your data on the basis of our legitimate interests. We also rely on legitimate interest for very limited additional purposes as set out in the "What You Agree to by Using Our Site" section.
• You have a number of rights that you can exercise in relation to our use of your personal information, as set out in this Privacy Policy below.

Please understand that by submitting any Personally Identifiable Information to us, you consent and agree that we may collect, use and disclose such Personally Identifiable Information in accordance with this Privacy Policy and our Terms of Use, and as permitted or required by law. If you do not agree with these terms, please do not provide any Personally Identifiable Information to us. If you refuse or withdraw your consent, or if you choose not to provide us with any required Personally Identifiable Information, we may not be able to provide you with the services that can be offered on our Site. Consent can be withdrawn at any time by contacting info@midpoint.com

Please note that we rely on legitimate interests as the basis for processing your data in the limited circumstances set out below:

• In situations where we obtain your personal data from a source other than you, we process your data on the basis of legitimate interests, until the earlier of (a) the point at which you provide your consent; or (b) the point at which you ask us to stop processing your data on the basis of our legitimate interests;
• We will retain your records relating to transactional information for our own compliance and verification purposes (including where we are required to do so by law), even after you withdraw your consent to our processing of your data;
• We will archive information about your use of our services, even after you withdraw your consent to our processing of your data. This information will only be used in very limited circumstances, such as for defending legal claims relating to contracts we have with you or a third party and retention for audit purposes relating to commercial contracts; and
• We will use information relating to your use of our services for statistical analysis and research purposes, however we delete your name and email address from such information before we do so.

1. Information relating to your use of our Site. When users come to our site, we may track, collect and aggregate information indicating, among other things, which pages of our site were visited, the order in which they were visited, when they were visited and which hyperlinks were "clicked." We also collect information from the URLs from which you linked to our Site. Collecting such information may involve logging the IP address, operating system and browser software used by each user of the site. We may be able to determine from an IP address a user's internet service provider (ISP) and the geographic location of his or her point of connectivity. We also use (or may use) cookies when you visit our site. For more information on our use of cookies, please refer to our Cookie Policy.

2. Personally identifiable information (PII) provided directly by you. We collect PII that you provide to us when you register for an account, update or change information for your account, sign-up for email updates or online courses, send us email messages and/or participate in other services on our site. We may use the PII that you provide to respond to your questions, provide you the specific course and/or services you select, send you updates about transactional information, and send you email messages about site maintenance or updates.

3. Information to help us deliver our service to you. We work closely with third parties in order to help us deliver our service to you. These third parties are business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions.

• Transactional information in relation to payments and financial services including from payment network;
• Information from partners where you integrate services between us and them; (e.g Xero)
• Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• Information about your visit, including the full uniform resource locators (URL) click-stream to, through and from our websites (including date and time), products you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
• Telephone log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls, any phone number used to call us and the content of those calls.

1. Information relating to your use of our site. We use information relating to your use of the site to build higher quality, more useful services by performing statistical analyses of the collective characteristics and behavior of our users and by measuring demographics and interests regarding specific areas of our site. We may also use this information to ensure the security of our services and the site.

2. Personally Identifiable Information (PII) provided directly by you. Except as set forth in this Privacy Policy or as specifically agreed to by you, Midpoint will not disclose any of your PII. In addition to the other uses set forth in this Privacy Policy, we may disclose and otherwise use PII as described below:

• For our operation as a payments institutions including:
• To offer currency conversion, make payments (including Xero), to comply with obligations to our payment network
• To ensure that we comply with the law and regulations, for regulatory purposes generally as well as to help detect or prevent fraud or other crimes, and for tax, legal, reporting and auditing obligations;
• In case we need to check we have carried out your instructions correctly or to resolve queries or issues;
• For staff training purposes where we may monitor or record conversations;
• In connection with agreements with credit and fraud prevention agencies
• To carry out our obligations arising from any contracts entered into between you and us.

3. Information to help us deliver our service to you. Except as set forth in this Privacy Policy or as specifically agreed to by you, Midpoint will not disclose any of your PII. In addition to the other uses set forth in this Privacy Policy, we may disclose and otherwise use PII as described below:

• To administer our business, including troubleshooting, data analysis, testing, research, statistical and survey purposes and to keep our business, Site and systems safe and secure;
• To ensure the Site is as effective and relevant as possible and give you the best experience they can;
• To provide information, products and services that are requested from us, or other products and services we offer or our business partners offer or to provide and to notify you about changes to our services.

We will disclose the data we collect from you to certain third parties who use personal data in delivering their services to us, they use data securely and confidentially and under strict contractual controls in accordance with data protection laws and enforced by Midpoint.

• Fraud prevention agencies - This is in order to verify your identity, protect against fraud, comply with anti-money laundering laws and to confirm your eligibility to use our products and services;
• Cloud storage and hosting providers. This is in order to safely and securely store your data with Midpoint;
• Banking and financial services partners. Financial services providers that help us provide the Midpoint including banking partners, banking intermediaries and international payments services providers; and
• Fraud detection and Credit reference agencies.

In order to provide a unified service across all of our products and services, we may disclose your personal information to any member of Midpoint Holdings Ltd, which means any of our subsidiaries or related entities. Companies in the Midpoint will be acting as joint controllers or processors in order to provide the payment services.

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If Midpoint or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Midpoint, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Accessing information about you. You may access information held about you;

• If you are a customer of Midpoint, please make a request through the site;
• If you are not a customer, please email Midpoint at info@midpoint.com.

Request access to your personal data (commonly known as a "data subject access request": This enables you to receive a copy of the personal data we hold about you. If you require this, then please reach out to the Midpoint team via the Livechat function.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. If you require this, then please reach out to the Midpoint team via the Livechat chat function.

Deleting your information: Generally, we will store your information for five years but in certain circumstances, including through regulatory requirements, we may have to store this for a longer period.

• Only if we do not need to retain it for any of the matters set out in the section "How We Use The Information" above;
• Your information may be impossible to permanently delete and where this is not possible we will put that information beyond reasonable use;
• Your information which you have shared with others (e.g. on our websites) may remain publicly available;
• Please note that your information which you have transmitted to others, e.g. Xero, will be subject to the privacy policies of those others.

Objecting to or restricting use of your information: You can ask us to stop using all or some of your information or to limit our use of it. We will do so but only if we do not need to retain or use it for any of the matters set out in the section "How We use the Information" In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights. As an FCA authorised firm, Midpoint is under certain obligations to process and retain certain data for compliance purposes.

Data Portability: We will provide your personal data in a structured, commonly-used, machine-readable format, which can be transferred easily should you wish to send them to a third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide the payment services to you. We will advise you if this is the case at the time you withdraw your consent.

If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

Midpoint is obligated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain personal data about you and your transactional information for a period of five years. Also, as an authorised payment institution, we are required by law to maintain relevant records and keep them for at least five years from the date on which the record was created.

We consider the confidentiality and security of your information to be of the utmost importance. The data that we collect from you will be transferred to, and stored at, a destination inside the European Economic Area (EEA). As we provide an international service your data may be processed outside of the EEA in order for us to fulfill our contract with you to provide the payment services. We will need to process your personal data in order for us, for example, to action a request made by you to execute an international payment, process your payment details, provide global anti-money laundering and counter terrorist financing solutions and provide ongoing support services. We will take all steps to ensure that your data is treated securely and in accordance with this privacy policy.

We will use industry standard physical, technical and administrative security measures to keep your Personally Identifiable Information confidential and secure and will not share it with third parties, except as otherwise provided in this Privacy Policy, or unless such disclosure is necessary in special cases, such as a physical threat to you or others, as permitted by applicable law. Because the Internet is not a 100% secure environment we cannot guarantee the security of Personally Identifiable Information, and there is some risk that an unauthorized third party may find a way to circumvent our security systems or that transmission of your information over the Internet will be intercepted. It is your responsibility to protect the security of your login information. Please note that communication via email is not typically encrypted and should not be considered secure.

If you have any privacy-related questions, suggestions, unresolved problems, or complaints, please contact us at info@midpoint.com.

If you reside or are located in the EEA, our Data Protection Officer and Privacy Team can assist with all queries regarding our processing of Personally Identifiable Information at info@midpoint.com.

If you reside or are located in the EEA, you may also make a complaint to our supervisory body for data protection matters (namely the UK Information Commissioner's Office) or seek a remedy through local courts if you believe that your rights have been breached.