Privacy Policy
Last updated: 2 February 2026
1. Introduction
This Privacy Policy explains how the Scallop Group collects, uses, stores, shares, and protects personal data when customers access or use the Scallop website, mobile application, and any related platforms or services (collectively, the Platform).
In this Privacy Policy, “Scallop”, “we”, “us” and “our” refer to the Scallop Group, acting through the relevant entity involved in the provision, operation, or support of the services. The relevant Scallop Group entity will be the data controller for the personal data processed in connection with the services it provides or supports, unless stated otherwise.
It is important to read this Privacy Policy together with any other notices or policies we may provide from time to time regarding the collection and processing of personal data. This Privacy Policy supplements such notices and policies and does not override them.
The Scallop Group operates as a group of independent entities in multiple jurisdictions. Each entity processes personal data in accordance with applicable data protection laws and regulatory requirements relevant to its activities. Where local law requires specific disclosures or customer rights, those will apply in addition to this Privacy Policy.
Our Legal and Compliance function is responsible for overseeing questions relating to this Privacy Policy. Customers may contact us using the details set out in Section 10.
2. Purpose of this Policy
The purpose of this Privacy Policy is to inform customers how we handle personal data when they use the Platform and related services. This includes personal data collected when customers visit, register, onboard, communicate with us, or use features of the Platform.
The Platform is not intended for use by children, and we do not knowingly collect personal data relating to children.
3. Collection of your personal data
What information do we collect
We may collect, use, store, and transfer different kinds of personal data, including:
Identity data
Information provided for onboarding, verification, and due diligence, including information processed through identity verification and compliance service providers.
Contact data
Physical address, email address, telephone number, and other contact details.
Financial data
Payment account information, funding and payout details, and other information required to provide services.
Transaction data
Details about transactions and activity carried out through the Platform, including amounts, currencies, counterparties, recipient details, bank details, and related metadata.
Technical data
Internet protocol address, browser type and version, time zone setting, location data where permitted, device identifiers, operating system, platform, and other technology information from devices used to access the Platform.
Profile data
Preferences, feedback, survey responses, and customer support communications.
Usage data
Information about how customers use the Platform, including features accessed and interaction patterns.
Aggregated data
Statistical or demographic data derived from personal data that does not directly or indirectly identify a customer.
How do we collect personal data
We use different methods to collect data, including:
Direct interactions
When customers complete forms, provide information during onboarding, communicate with us, or submit support requests.
Automated technologies
When customers interact with the Platform, we may automatically collect technical and usage data using cookies and similar technologies. Please see our Cookie Policy where available.
Third parties
We may receive personal data from service providers such as analytics providers, identity verification providers, compliance providers, payment service providers, banking partners, card programme partners, custodians, and other infrastructure providers, subject to applicable law.
Do customers have to provide personal data
We require certain personal data to provide services, to perform onboarding and verification, and to comply with legal and regulatory obligations. If customers do not provide required information, we may not be able to offer certain services.
How do we use personal data
We will only use personal data where permitted under applicable law. Common purposes include:
Account creation and onboarding
To register customers, create a Platform account, and maintain customer records.
Identity verification and compliance
To verify identity, perform due diligence, prevent fraud, conduct anti money laundering and counter terrorist financing checks, perform sanctions screening, and conduct ongoing monitoring.
Providing services
To operate the Platform, process transactions, provide customer support, and deliver requested services.
Communications
To send service related communications such as confirmations, operational notices, security alerts, and important updates.
Improvement and analytics
To improve the Platform, develop features, troubleshoot, and perform analytics.
Legal and regulatory obligations
To comply with applicable laws, respond to lawful requests, and enforce our rights.
Marketing
Where permitted by applicable law, and where required, based on customer preferences or consent.
Data accuracy
It is important that the personal data we hold is accurate and current. Customers should inform Customer Support of changes to their personal details without undue delay.
When do we disclose personal data
We may share personal data within the Scallop Group and with trusted third party service providers where necessary to provide services and operate the Platform. We take steps to ensure that personal data is processed in accordance with applicable data protection laws.
Personal data may be shared with:
Platform and technology providers
Hosting providers, cloud services, software and infrastructure providers, analytics providers, and security service providers.
Verification and compliance providers
Identity verification providers, sanctions screening providers, fraud prevention providers, and related compliance service providers.
Payments and financial partners
Banks, payment service providers, card issuers or programme partners, processors, and settlement partners.
Professional advisers
Legal, audit, compliance, and other professional advisers where necessary.
Authorities
Regulators, supervisory authorities, law enforcement, courts, and government bodies where required by applicable law or where necessary to protect legal rights.
Corporate transactions
If the Scallop Group engages in a merger, acquisition, reorganisation, financing, or sale of assets, personal data may be shared for due diligence and transaction completion, subject to confidentiality and applicable law.
International transfers
The Scallop Group may operate and use service providers in multiple jurisdictions. Where personal data is transferred internationally, we take appropriate measures required by applicable law to protect personal data, including contractual protections and additional safeguards where required.
How long we store personal data
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including legal, regulatory, accounting, and reporting requirements. Retention periods depend on the nature of the data and applicable legal obligations. Where required, we may retain data for longer periods to establish, exercise, or defend legal claims, or as required by law.
4. Data security
We implement appropriate technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. Access to personal data is limited to personnel and service providers who have a business need to know and who are subject to confidentiality obligations.
5. Data retention
We retain personal data for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, and reporting requirements. We consider the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal requirements.
6. Your legal rights
Depending on the customer’s location and applicable law, customers may have rights such as:
Access
Request a copy of personal data and information about how it is processed.
Correction
Request correction of inaccurate or incomplete personal data.
Erasure
Request deletion of personal data where permitted, subject to legal and contractual obligations.
Objection
Object to processing where we rely on legitimate interests, subject to applicable law.
Restriction
Request restriction of processing in certain circumstances.
Portability
Request transfer of personal data in a structured, commonly used, machine readable format where applicable.
Withdraw consent
Where processing is based on consent, customers may withdraw consent at any time. This does not affect processing carried out before withdrawal. To exercise rights, customers should contact us using the details in Section 10. We may need to verify identity before responding.
7. Third party links
The Platform may include links to third party websites, plug ins, and applications. We do not control third party sites and are not responsible for their privacy practices. Customers should review the privacy notices of any third party sites they visit.
8. Complaints
Customers may contact us with questions or complaints about this Privacy Policy or our handling of personal data using the details in Section 10.
Where applicable under local law, customers may also have the right to lodge a complaint with a relevant data protection authority or supervisory body in their jurisdiction.
9. Changes to the Policy
We may update this Privacy Policy from time to time, for example to reflect changes to services, legal requirements, or operational practices. Any changes will take effect immediately upon publication on the Platform. Where required by applicable law, we may provide additional notice of material changes.
10. Contact details
If customers have questions about this Privacy Policy or wish to exercise legal rights, they may contact us:
Email: support@scallopx.com