PRIVACY NOTICE

DEFINITIONS

For the full definition of other capitalised words in this Privacy Notice, please refer to our Terms of Service.

1. PURPOSE AND SCOPE

   We at Itez are committed to protecting and respecting Your privacy. To provide You with our Services, we have to process Your Personal Data. This Privacy Notice explains how Itez collects, uses, shares, retains, and otherwise processes Your Personal Data and informs You about Your rights regarding such Personal Data processing.

   Please read this Privacy Notice carefully, as it becomes legally binding when You use the Platform or any of the Services available thereon.

   If You have any questions or concerns about how we process Your Personal Data, please contact [email protected].

2. DATA CONTROLLER

   The processing of Your Personal Data is performed by Novawave, S.A. de C.V., the Platform Services Provider that is the main controller of Your Personal Data.

3. COLLECTION OF PERSONAL DATA

   To provide You with our Services and meet our regulatory obligations, Your Personal Data is collected when You reach the Platform, use the Services available therein, or reach us on social media, by email, as well as by any other means of communication.

   Itez may collect Your Personal Data from various sources, as described below:

   Source	Details
   Direct interaction	We collect Your Personal Data You provide to us when reaching the Platform, filling in any forms, registering, or otherwise interacting with us.
   Digital interaction	By using cookies and other similar technologies, we may automatically collect certain Personal Data about Your visit and use of the Platform, such as Your IP address, device data, browser details, information about Your visit, as well as other relevant technical information.
   Indirect interaction	We may collect Your Personal Data posted on publicly available sources, such as other websites and social media, or provided by third parties, such as financial institutions, identity verification partners, and state registers.

4. CATEGORIES OF PROCESSED PERSONAL DATA

   The table below explains what Personal Data we collect and use:

   Category	Details
   Identity data	Your name, personal identification code, date of birth, place of birth, age, citizenship, residence, identity document data, address, facial image, PEP status, and any other information You provide during registration and compliance procedures.
   Transactions data	Details of the transactions You carry out while using the Platform, including the details of Your bank card, bank or payment account, address and details of Your digital wallet.
   Saved payment method data	Details of the payment method You chose to save for future use on the Platform, including Your bank card number, its expiration date and the сardholder's name. We never store Your bank card’s CAV2/CVC2/CVV2/CID codes or the PIN code.
   Financial data	Details regarding Your source of funds and income.
   Preferences data	Details regarding Your activity in the use of Services, Your inquiries, and complaints.
   Communication data	Video and audio recordings, any correspondence between You and us.
   Technical data	Details regarding the type of Your device, device identifier, IP address, and device location.

5. PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

   We are processing Your Personal Data for multiple purposes and on the legal grounds set out in the El Salvador Personal Data Protection Law (Legislative Decree No. 144), as further described below:

   Purpose	Category of Personal Data	Legal Basis
   Identification and verification	Identity Data	Necessary for the performance of contractual obligations; necessary to comply with legal obligations; Legitimate interest to prevent and detect unauthorised access, prevent fraud, and reduce possible damages.
   Application of due diligence measures and monitoring of the business relationship	Identity Data, Technical Data, Transactions Data, and Financial Data.	Necessary for the performance of contractual obligations; Necessary to comply with legal obligations.
   Provision of Services	Identity Data, Transactions Data, Communication Data, Preferences Data, Technical Data, and Financial Data.	Necessary for the performance of contractual obligations.
   More User convenience in using the Services without a need to fill in payment method details every time	Saved payment method data	User’s consent.
   Cooperation with law enforcement agencies and data protection authorities	Identity Data, Transactions Data, Communication Data, and Technical Data	Necessary to comply with legal obligations.
   Marketing	Communication Data, Preferences Data, and Technical Data	User’s consent; Legitimate interest in the sale of similar products and services.
   User relationship management	Preferences Data, Identity Data, and Communication Data	Necessary to comply with legal obligations; Legitimate interest in User relationship management; Performance of contractual obligations.
   Enabling the use of services provided by External Providers and payment service providers	Identity Data, Transactions Data, Communication Data, and Technical Data	Necessary for the performance of contractual obligations; Necessary to comply with legal obligations.

6. PLACE OF YOUR PERSONAL DATA PROCESSING

   Our operations are supported by a network of servers, computers, and other information technology infrastructure. The Personal Data processing referred to in this Privacy Notice is mostly carried out in El Salvador and is not sent outside El Salvador, and if this is done, appropriate protection measures are applied.

7. FORWARDING AND DISCLOSURE OF YOUR PERSONAL DATA

   Any Personal Data You provide is treated as confidential and will not be disclosed to the general public. To provide You with our Services and improve them, perform contractual obligations, meet security standards, and fulfil certain legal obligations, sometimes we may have to share Your Personal Data with the following third parties:

   Third-Party category	Reason for sharing
   Affiliates and subsidiaries	We may share Your Personal Data with our affiliates and subsidiaries in cases where such forwarding is needed to provide You with our Services and perform corresponding contractual obligations.
   Partners and External Providers	We may share Your Personal Data with professional advisors, financial, security, auditing, accounting, and other business Partners and External Providers, as well as identity verification and transactions monitoring service providers to comply with legal obligations, provide You with our Services and pursue our legitimate interest to prevent illegal activities, ensure security and maintain regulatory compliance.
   Financial institutions	We may share Your Personal Data with banks, payment processors, and other relevant financial institutions involved in the Provision of Services as it is required. We will share Your Personal Data with our payment processors as necessary to process Your transactions and provide You with our Services.
   Legal authorities	We may have to forward Your Personal Data to law enforcement agencies, regulatory agencies, and other legal authorities to the extent we are obliged to do so according to the law.
   Marketing and advertising partners	We may share Your Personal Data with marketing and advertising partners to improve our Services and provide You with customised advertising content.

   We’d like to inform You that our main strategic Partner is Hypergate Ltd. Some services available on the Platform may be provided by our Partners or External Providers. However, the list of all third parties with whom we share Your Personal Data may vary from time to time. Thus, please feel free to contact us to learn more about the third parties with whom we have shared Your Personal Data.

   The above-mentioned third parties have access to Your Personal Data only on a “need-to-know” basis and are expected to protect Your Personal Data in the same manner as we do. However, we cannot control the processing of Your Personal Data by third parties and are not responsible for it in any way.

8. SECURITY MEASURES AND PROTECTION OF YOUR PERSONAL DATA

   We are serious about the security of Your Personal Data. Taking into account the nature of the Personal Data and the threats posed, we have implemented different physical and technical measures to prevent unauthorised access to Your Personal Data, keep Your Personal Data safe, and make sure it is not improperly used or disclosed.

   All Personal Data processed on the Platform is stored on secure servers with control over access to information using both physical and electronic means. We are also regularly audited to confirm we remain compliant with our security certifications. As part of these audits, our security is validated by external auditors.

9. RETENTION AND DELETION OF PERSONAL DATA

   We store Your Personal Data insofar as it is reasonably necessary to reach the objectives of data processing or until the term stipulated by legal obligation, and we will delete Your Personal Data as long as it is no longer required for processing or when the appropriate retention period for Personal Data ends.

   While defining the retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Your Personal Data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations.

   Please note that, being subject to the Special Law Against Asset Laundering (Legislative Decree No. 426/2025) and other applicable anti-money laundering laws, we are required to store and maintain certain kinds of Your Personal Data for the purposes of processing beyond the closure of Your account with us for extended periods of up to 10 years.

10. COOKIES

    Cookies are small text files that are placed on Your digital device when You visit our website. Such text files store information about Your visit and help our website recognise Your digital device and also remember Your preferences. If You wish to get more detailed information on cookies, please visit www.aboutcookies.org.

    We use cookies and other similar technologies, like web beacons, for different analytical, marketing, advertising, and technical purposes. This helps us simplify Your navigation on the website, remember Your preferences, provide You with relevant information, and analyse how You interact with our Services to improve Your general browsing experience.

11. YOUR RIGHTS

    Depending on the applicable law of Your country of habitual residence, You may be able to enjoy certain additional privacy-related rights. If any of the rights listed below are not provided under law in Your country of habitual residence, Itez has absolute discretion in providing You with those rights.

    1. Information and Access. You can request us to provide You with a confirmation that Your Personal Data is processed, get information about such processing, and ask us to provide You with a copy of that information in a structured format.
    2. Rectification. We are doing our best to hold only accurate and up-to-date information about You. However, if the Personal Data we hold about You is incomplete or inaccurate, You may request us to update or rectify Your Personal Data.
    3. Retention and Erasure. We are not processing Your Personal Data longer than needed. You can, nevertheless, ask us ​​to erase Your Personal Data. This right may be limited, subject to the requirements of the applicable law.
    4. Objection. You have a right to object to the processing of Your Personal Data and request us to stop the processing of Your Personal Data if we are processing Your Personal Data for direct marketing or research purposes or without any corresponding legal grounds for such processing.
    5. Processing restrictions. In certain circumstances, such as when You contest the accuracy or object to the processing of Your Personal Data, You can ask us to restrict, block, or suppress the processing of Your Personal Data. If Your request is approved, we will stop the processing of Your Personal Data but will continue to store it.
    6. Data portability. You may ask us to provide You with Your Personal Data, which You have provided to us in a structured, commonly used, and machine-readable format, or, when possible, that we communicate Your Personal Data on Your behalf directly to another data controller.
    7. Consent withdrawal. When the processing of Your Personal Data is based on Your consent, You are entitled to withdraw Your consent at any time. Your withdrawal will not affect the lawfulness of Your Personal Data processing when such is based on other legal grounds.
    8. Automated decision-making and profiling. Sometimes we rely on automated processes. You have the right not to be subject to a decision based solely on the automated processing of Your Personal Data, including profiling, which produces legal or similarly significant effects on You. In general, by making decisions, we do not rely solely on automatic tools. However, if we made a decision about You based solely on an automated process, You may contest such a decision and require human intervention.
    9. Right to complain. Your privacy rights are of utmost priority to us and we are always happy to solve any issues and concerns related to the processing of Your Personal Data. Thus, in case of any questions, please reach us by email at [email protected] so we can solve any issue promptly and efficiently. However, if You are not satisfied with our response to Your complaint, You have the right to submit a complaint to the data protection authority in Your country of habitual residence.
    10. Right to opt out of marketing communications. To ensure You are always up-to-date with our Services, sometimes we’d like to share with You our latest news. In such a case, we will contact You by electronic means for marketing purposes only if You have consented to such communication and based on Your marketing preferences. However, if You have changed Your mind, You may raise objections about initial or further processing for purposes of direct marketing at any time.

    To exercise any of Your rights set out in this section, You can send us an email at [email protected]. For security reasons, we may ask You to provide us with proof of Your identity.

12. TRANSFER OF YOUR PERSONAL DATA

    To facilitate the Platform, we may transfer Your Personal Data outside El Salvador to our subsidiaries, business partners, External Providers, and other third parties taking part in the provision of our Services. To the extent that we transfer Your Personal Data outside El Salvador, we will ensure that the transfer is lawful and that data processors in third countries are obliged to comply with the El Salvador Personal Data Protection Law (Legislative Decree No. 144). Where required, we may rely on appropriate contractual safeguards to protect such transfers.

    By using our Services, You consent to Your Personal Data being transferred to other countries, including countries that have differing levels of privacy and data protection laws from Your country. In all such transfers, we will protect Your Personal Data as described in this Privacy Notice and ensure that appropriate information-sharing contractual agreements are in place.

13. PROTECTION OF YOUR RIGHTS

    You may contact Itez in connection with queries and cancellation of consent, and, regarding the processing of Personal Data, demand the exercise of Your rights and lodge complaints in connection with the Processing of Your Personal Data.

    Details for contacting Itez: [email protected].

    In addition, You have the right to contact the competent data protection authority in El Salvador, the National Commission of Digital Assets (CNAD) at [email protected], or a court in Your jurisdiction in the event of a violation of Your rights. However, please note that we are always ready to help. Thus, before submitting any complaints, we kindly ask You to reach out to us first to solve any issues swiftly and smoothly.

14. CHANGES

    We may introduce amendments to the current Privacy Notice at any time. We shall notify You on our Platform or via email newsletters.