Privacy Policy – Mobile Application Annex

This Mobile Application Privacy Annex (“Annex”) forms an integral part of the OnEquity Ltd Privacy Policy and applies specifically to the processing of personal data through the OnEquity mobile application (“App”). In the event of any inconsistency, this Annex shall prevail in relation to data processed via the App.

1. Data Collected via the Mobile Application

In addition to the personal data described in the main Privacy Policy, the Company
collects certain data specifically through the App, including:

•Photographs (selfies);
• Facial images;
• Liveness verification recordings;
• Technical data required to complete identity verification.

Such data is collected solely for identity verification, anti-money laundering, counterterrorist financing and regulatory compliance purposes.

2. Biometric Data Processing

The App processes biometric data, including facial images and liveness checks, as part
of Know-Your-Customer (KYC) and Enhanced Due Diligence (EDD) procedures.

Biometric data is used exclusively to:
• Verify the identity of the Client;
• Prevent fraud, impersonation and identity misuse;
• Comply with applicable legal and regulatory obligations

3. Legal Basis

The processing of biometric data via the App is based on:
• Compliance with legal and regulatory obligations applicable to the Company; and
• The explicit consent of the Client, provided during the App registration and
verification process.

4. Mandatory Nature of Biometric Verification

Where required by law or regulation, the provision of biometric data through the App is
mandatory.
Failure to complete biometric verification may result in:
• Rejection of account registration;
• Restricted access to services; or
• Termination of the business relationship.

5. Third-Party Service Providers

The Company may use regulated third-party identity verification and biometric service
providers to process data collected through the App.
Such providers act as data processors and are bound by contractual confidentiality,
security and data protection obligations.

6. Data Retention

Biometric data collected via the App is retained only for as long as necessary to fulfil its
purpose and to comply with legal and regulatory requirements.
Where required, such data may be retained for up to five (5) years following termination
of the business relationship, after which it will be securely deleted or anonymised.

7. Security Measures

Appropriate technical and organisational measures are implemented to protect biometric
and personal data processed via the App against unauthorised access, loss, alteration
or disclosure.

8. Contact

For questions regarding data processed through the App, Clients may contact:
[email protected]

9. Relationship with Main Privacy Policy

This Annex must be read together with the OnEquity Ltd Privacy Policy, which continues
to apply in full to all personal data processing activities.