PRIVACY POLICY

Last Update: 10.06.2026


Version 3.0

3-102-962565 S.R.L.,, a company duly incorporated under the laws of the Republic of Costa
Rica, with company registration number 3-102-962565, having its registered address at
Province 01 San José, Canton 01 San José, Carmen District, Barrio Escalante, Seventh Avenue,
Twenty-Ninth Street, Building 2910, AG Corporate Center, Costa Rica (hereinafter referred to as
the “Company”,“we”, or“us”)., processes personal data in connection with the provision of its
services.

This Privacy Policy applies to personal data processed by the Company in the course of
providing administrative, technical and coordination support services related to the
processing, facilitation and record-keeping of payment and value transfer instructions
between independent third-party counterparties.

The Company does not operate a consumer platform, does not provide trading, investment,
custody or wallet services, and does not process personal data in the capacity of a financial
institution, exchange, broker or payment service provider.

This Privacy Policy describes what personal data we may process, for what purposes, on what
legal basis, and what rights individuals have in relation to such processing.

1. DATA CONTROLLER
For the purposes of applicable data protection laws, the data controller is:

3-102-962565 S.R.L.
Province 01 San José, Canton 01 San José, Carmen District, Barrio Escalante, Seventh Avenue,
Twenty-Ninth Street, Building 2910, AG Corporate Center, Costa Rica

For privacy-related inquiries, you may contact us at: legal@miex.one

2. OUR RELATIONSHIP TO YOU

The Company provides its services exclusively to legal entities and individuals acting in a
business or professional capacity.

In the context of this Privacy Policy, the Company processes personal data primarily in
connection with its administrative, technical and coordination support services provided to
independent third-party counterparties.

The Company does not offer services to consumers, does not operate a retail platform, and
does not provide trading, investment, custody or wallet services.

Depending on the nature of the interaction, the Company may process personal data as a
data controller or, in limited cases, as a data processor acting on documented instructions of a
counterparty or a third party. Where the Company acts as a data processor, such processing is
governed by applicable data protection laws and, where required, by a separate data
processing agreement.

3. CATEGORIES OF PERSONAL DATA WE PROCESS

The Company processes only such personal data as is reasonably necessary for the provision of
its administrative, technical and coordination support services, compliance with Applicable
Law, and the management of its professional relationships.

Depending on the nature of the interaction, the categories of personal data processed by the
Company may include:

3.1. Identification and Contact Information

● full name;
● business or professional contact details (such as email address, telephone number);
● business address or place of establishment;
● role, title or capacity in which an individual acts on behalf of a legal entity.

3.2. Business and Relationship Information

● information related to the professional relationship with the Company;
● records of communications and correspondence;
● information provided in connection with instructions, requests or inquiries.

3.3. Compliance-Related Information

● information reasonably required to comply with Applicable Law;
● information necessary to perform internal compliance checks based on a risk-based
approach.

3.4. Technical and Usage Information

● basic technical information related to access to the Company’s websites or
communication systems, such as IP address, browser type, device information and log data,
collected for security and operational purposes.

4. PURPOSES AND LEGAL BASIS OF PROCESSING

The Company processes personal data only to the extent necessary for the following purposes
and on the corresponding legal bases, in accordance with applicable data protection laws,
including, where applicable, Law No. 8968 on the Protection of the Person Against the
Processing of Personal Data of the Republic of Costa Rica and, where relevant, Regulation (EU)
2016/679 (General Data Protection Regulation, "GDPR").

4.1. Provision of Services

To provide administrative, technical and coordination support services, including the handling
of instructions, requests, communications and related record-keeping.

Legal basis:performance of a contract or steps taken prior to entering into a contract;
legitimate interests.

4.2. Compliance with Legal Obligations

To comply with Applicable Law, lawful requests from competent authorities, and internal
compliance requirements based on a risk-based approach.

Legal basis:compliance with legal obligations; legitimate interests.

4.3. Risk Management and Security

To protect the security and integrity of the Company’s systems, services and professional
relationships, and to prevent misuse, fraud or unauthorised access.

Legal basis:legitimate interests.

4.4. Communication and Relationship Management

To communicate with counterparties in relation to the Services, respond to inquiries, and
manage professional relationships.

Legal basis:performance of a contract; legitimate interests.

4.5. Corporate and Administrative Purposes

To maintain internal records, perform audits, manage corporate governance matters, and
support business operations.

Legal basis: legitimate interests; compliance with legal obligations.

5. DATA SHARING AND TRANSFERS

The Company does not sell personal data and does not share personal data for advertising or
marketing purposes.

The Company may disclose personal data only where reasonably necessary and only to the
following categories of recipients:

● Service providers, including providers of IT, hosting, communication, security and
professional services, engaged by the Company to support its operations;
● Professional advisers, such as legal, accounting or audit advisers, where disclosure is
necessary for corporate or compliance purposes;
● Competent authorities, courts or regulators, where disclosure is required by Applicable
Law or lawful request.

Where the Company engages third-party service providers that process personal data on its
behalf, such processing is subject to appropriate contractual safeguards in accordance with
applicable data protection laws.

Personal data may be transferred to, stored or processed in jurisdictions outside the
individual’s country of residence, including jurisdictions that may not provide the same level
of data protection. In such cases, the Company ensures that appropriate safeguards are in
place, as required by applicable data protection laws.

6. DATA SECURITY AND RETENTION

The Company implements reasonable technical and organisational measures designed to
protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

No method of transmission over the internet or method of electronic storage is completely
secure. While the Company takes reasonable steps to protect personal data, it cannot
guarantee absolute security.

Personal data is retained only for as long as reasonably necessary to fulfil the purposes for
which it was collected, to comply with Applicable Law, or to establish, exercise or defend legal
claims.

Retention periods may vary depending on the nature of the data, the purposes of processing
and applicable legal or regulatory requirements.

7. DATA SUBJECT RIGHTS

Subject to applicable data protection laws, individuals whose personal data is processed by
the Company may have the following rights:

●the right to access personal data and obtain information about its processing;
● the right to request rectification of inaccurate or incomplete personal data;
● the right to request erasure of personal data, where applicable;
● the right to request restriction of processing, where applicable;
● the right to object to processing based on legitimate interests, where applicable;
● the right to data portability, where applicable;
● the right to withdraw consent, where processing is based on consent.

The exercise of these rights may be subject to limitations or exceptions under Applicable Law.

Requests relating to data subject rights may be submitted using the contact details set out in
this Privacy Policy. The Company may take reasonable steps to verify the identity of the
individual submitting a request before responding.

8. COOKIES

The Company’s websites may use cookies or similar technologies for basic functionality,
security and operational purposes.

Where required by Applicable Law, the Company provides appropriate information and
choices regarding the use of cookies through a separate cookie notice or settings.

9. CONTACT DETAILS

If you have any questions, concerns or requests relating to this Privacy Policy or the processing
of personal data, you may contact the Company at:

Email:legal@miex.one