1. Introduction

Pomelo Technology US Inc. group of companies (“Pomelo Group” or “we”) respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice only applies to personal information that we collect through your use of our app, LemFi Mobile Application (“LemFi App” or “Application” or “App”), or any of the Services accessible through the LemFi App.
Application users, and clients are referred to collectively as “Users” or "you". The Application together with the Services (as defined below) and all content contained therein are referred to collectively as the “Resources” as further described in our Terms & Conditions. Please read this Notice carefully to understand our policies and practices for collecting, processing, and storing your personal information. If you do not agree with our policies and practices, your choice is not to use the Resources. For information on the collection of personal information via our website, please see our website Privacy Notice

Services means your current and future use of any of our existing or new products, including, but not limited to the delivery, management, marketing and processing of such Services, whether through us or third party Service providers.

2. Who are we?

Pomelo Technology US Inc.is a global financial technology company, with the registered address at 251 Little Falls Drive, Wilmington, DE 19808, USA.

Pomelo Technology’s group of companies consist of entities that are registered data controllers, and which are the following: Pomelo Technology US Inc. as mentioned above; Lemonade Technology Ltd. with its registered seat at B7b St. Faiths Street, Maidstone, Kent, England ME14 1LH, United Kingdom; RightCard Payment Services Ltd. with its registered seat at B7b St. Faiths Street, Maidstone, Kent, England ME14 1LH, United Kingdom; Lemonade Technology Ltd. with its registered seat at 786 King St. W, Toronto, Ontario, M5V 1N6 , Canada; Pomelo Two US LLC with the registered seat at 251 Little Falls Drive, Wilmington, DE 19808, USA; Pomelo Added Services Ltd with its registered seat at 4 , Elbe close, Off Panama Crescent, Maitama, Abuja, Maitama FCT, Nigeria; Pomelo Australia Limited with its registered seat at Level 25, 10 Eagle Street, Brisbane QLD 4000, Australia; Pomelo Remits Europe Ltd with its registered seat at 77 Lower Camden Street, Dublin, D02 XE80, Ireland. For the purposes of how we use your personal information across our brands and platforms (e.g. our websites and apps) in the ways described in this Privacy Notice, Pomelo Technology US Inc. is the main data controller.
Personal information provided to, or collected by, us when you use our Application is controlled by Pomelo Technology US Inc. The associated processing of personal data takes place on the basis of a joint controller arrangement between all companies in the group and its relevant affiliates and subsidiaries. Under this arrangement, Pomelo Technology Inc. will at all times be available for data subjects to address any concerns or questions and / or allow them to exercise their rights under their local applicable data protection laws regarding their personal information.
We are committed to safeguarding the personal information of our customers, users, employees and other stakeholders, while helping our customers, employees, investors and society create a deeper impact and make the right decisions.
If you wish to contact us in relation to questions regarding your personal information, we refer you to the ‘CONTACT US’ section below.

3. What data do we collect?

The information we may collect about you will vary depending on how you interact and engage with us. It may include the following:

• Personal identification information, such as name, date of birth, place of birth, nationality, gender, email, address, demographic information, and phone number. We may verify your address via utility bills or through an electronic address verification method.
• Supplemental identification information, such as government-issued identity documents, live photo images captured, passport, driver’s license, taxpayer identification number or national insurance number, source of income/wealth and employment information including its status and history, Social Security Number, Social Insurance Number (as applicable).
• Financial information, including income/wealth verification documents or bank account statements, any other financial information made available through Open Banking channels, and Interac email address (as applicable)
• Credit references, credit affordability verification data, credit analysis reports, automated decisions related to individual application for credit facility, where applicable.
• Information about your device (name, type and unique identifier, software version, language, timestamp, and timezone associated with the device), IP address and location.
• Information on your behavior on our App, including screens viewed, links clicked keystrokes, and actions taken; including use of any functions/features or failure to verify the account or lack of transactions (dormant position) and User Application activities carried out within the App.
• Transaction information, including information related to the use of the Services, types of Services requested, dates and times of such requests, payment methods, information on beneficiaries, and other similar information.
• Location data, including User location searches
• Communications data, including messages, comments, or file transmissions.
• Information about your internet connection, the equipment you use to access our Resources, and usage details.
• Information specific to our App, including that provided during your use of the App.
• Additional information required by the Company (in its sole discretion) to verify a User's identity, which may include capturing the image of your face in real time for facial matching and/or recognition.
• Any other Information relevant to issuance, management, processing and delivery of Card Services in conjunction with our third party Service providers.
• Any personal information you may provide us through social media channels or promotions held by us or our partners.

4. Children’s Personal Information:

Our Resources are not intended for persons under 18 years of age. No one under age 18 may provide any information to or on the Resources. We do not knowingly collect personal information from persons under 18. If you are under 18, do not use or provide any information on this Resources or through any of its features, register on the Resources, make any purchases through the Resources, use any of the interactive or public comment features of this Resources, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a person under 18, we will reject the application or close the account and delete that information. If you believe we might have any information from or about a child under 18, please contact us at dataprivacycounsel@lemfi.com.

5. How do we collect your data?

Users may provide data directly to us, including our approved independent partners who may offer Services in conjunction with us. The Company may also collect and process data, which may include personal information, when Users:

• Download or use the Application (whether as an existing or a new User, participant in a promotion or during any pilot schemes);
• Register in the Application or place an order for any of our products or Services;
• Voluntarily complete a customer survey or provide feedback on any of our message boards, or communicate with us via email, telephone, social media channels, associated with the use of the App and or the Services;
• Submit content to the Application, like reviews, messages, or comments;
• Enable access to its device’s location tracking functionality, whether the Application is running in the foreground (Application open and onscreen) or background (Application open but not on-screen). Certain functionality may be affected while location data is turned off;
• Register for the Payments, Card, and Credit Services (as applicable) or during the use of such Services;
• Agree to participate in the testing of our new products and Services (at their sole discretion), whether, such products or Services are being tested by us or in conjunction with third party Service providers;
• May agree to provide information obtained through third party Services providers, including but not limited to Credit reference agencies and Open banking platforms;
• Register or opt-in to take products and Services offered by us in conjunction with third party independent partners.

We may also collect some data from other parties – before and after we provide Services or financing to you, we may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. For example, we obtain data from companies providing fraud prevention and ‘KYC’ (know your client) information for AML (anti-money laundering), sanctions and credit reference agencies checks (we will also need to share data with these types of agencies).

6. How will we use your data?

The Company collects Users’ data, which may include personal information, in order :

• To facilitate account creation and authentication, and otherwise manage Users’ accounts;
• To provide the Services and the other Resources to Users (as applicable), Payments (Payment Services), issuing digital cards (Card Services) and Credit (Credit Services) processing information connected with them and enabling use of the savings product of our partners;
• To enhance the safety and security of our Users and Services, including by protecting you and the Company from errors, misrepresentations, fraud, and/or contraventions of laws or criminal activity;
• To verify User’s identity, and for processing and recording financial transactions made through the Application and assessing User’s financial stability;
• To administer our relationship with you and our business, such as providing and managing your access to and use of our Services. This processing is necessary for the performance of a contract;
• For credit checks, for purpose of testing and analysis as well as offering credit products;
• For due diligence, verification, credit checks and fraud prevention analysis;
• For customer support to understand, resolve your requests and overall customer experience;
• For research and development, improving our Services and developing new products, such as inviting you to participate in surveys to optimize our App or to personalize your experience with our Services. This processing is necessary for the purposes of our legitimate interests;
• To enable communications between Users;
• To send marketing and non-marketing communications to Users to understand and improve the effectiveness of marketing outcomes, campaigns and the channels;
• To do marketing, such as customer segmentation, providing you with marketing or advertising communications that we think you may be interested in. This processing is with your given consent or for our legitimate interests;
• In connection with legal proceedings;
• To carry out the Company's obligations and enforce its rights arising from any contracts with a User, including for billing and collection or to comply with legal requirements;
• To measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you;
• To provide Users with information, products, or Services that a User requests from the Company;
• To fulfill the purposes for which a User has provided the information or that were described when it was collected, or any other purpose for which a User provides it;
• For any other purpose with a User's consent;
• To facilitate the use of Credit or Card Services offered by third parties, and banking partners, through the use of our Mobile App. This processing is necessary for performance of a contract;
• To comply with our legal and regulatory obligations.

The Company does not sell or share user personal data with third parties for their direct marketing, except with users’ consent.

7. Data usage and processing

We collect and use personal information only where we have one or more lawful grounds for doing so under applicable privacy laws. Such grounds may vary depending on where our Users are located, but generally include processing personal data:

A. To provide requested Services and features:
In order to provide our Services, we must collect and use certain personal data. This includes:

• User profile data, which we use to establish and maintain User accounts; verify User identity; communicate with Users about their orders and accounts; and enable Users to make or receive payments and other Services (as and if applicable);
• Usage data, which is necessary to maintain, optimize, and enhance the Company’s Services;
• Transaction information;
• Information relating to customer support;
• In offering other products and Services, including, but not limited to; products that are being tested, under development or enhancement and are likely to contribute to our overall product offering to the Users.

B. For purposes of the legitimate interests of the Company or other parties:

This includes using personal data to maintain and enhance our Users’ safety and security. For example, we use personal data to prevent use of our Services by Users who have engaged in inappropriate or dangerous behavior, such as by retaining data of banned Users to prevent their use of the Application.

This also includes purposes such as combating fraud; improving our Services, direct marketing, research, and development; and enforcing the Company’s User Agreement.

In addition, it includes using personal data to the extent necessary for the interests of other people or the general public, such as in connection with legal or insurance claims, and to protect the rights and safety of others.

C. To fulfill the Company’s legal obligations:

We collect and use personal data to comply with applicable laws. the personal data you have provided, we have collected from you, or we have received from third parties to meet our obligations which we are required to do under law. For example, we are required to make sure that we run appropriate KYC, AML and sanctions checks on all our customers. The Company may also share data with law enforcement regarding criminal acts or threats to public safety, or requests by third parties pursuant to legal processes.

D. With consent:

The Company may collect and use personal data based on the User’s consent. For example, we may collect personal data through voluntary surveys or through Application to verify your identity based on your real time facial image. Responses to mentioned surveys and processing your image are collected on the basis of consent. You can give consent in writing, as well as verbally, electronically, or through authorized representatives. In certain circumstances, if applicable privacy laws allow, it’s also implied.

A User who has provided consent to a collection or use of their personal data can revoke it at any time (subject to legal or contractual restrictions). However, the User will not be able to use any Service or feature that requires collection or use of that personal data.

Where you have provided consent, we may use your personal data to offer you additional Services, including, Services offered in conjunction with independent third party Service providers and Pilot schemes related to the development and testing of new products and Services.

A User who has provided consent to a collection or use of their personal data can revoke it at any time (subject to legal or contractual restrictions). However, the User will not be able to use any Service or feature that requires collection or use of that personal data.

8. How do we transfer and store your data?

The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure Users' personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information Users provide to us behind firewalls on our secure servers. Any payment transactions will be encrypted using SSL technology. The safety and security of User data also depends on each User. Where the Company has given a User (or where a User has chosen) a password for access to certain parts of the Resources, each User is responsible for keeping its password confidential. The Company asks each User not to share its password with anyone.

We may transfer your personal data to third parties or affiliates located outside the country where you reside, including but not limited to the United States, Canada, United Kingdom, European Union member states, Nigeria, Kenya, Ghana, and the Philippines. These countries may have different data protection laws than your jurisdiction, and in some cases, they may not provide the same level of data protection.

Whenever we share information outside of your domicile, we ensure that the transfer complies with local law so that your personal information is adequately protected. To ensure the continued protection and security of your personal data, we implement appropriate safeguards in accordance with applicable data protection laws. These safeguards may include the use of standard contractual clauses (like EU Model Clauses) approved by the relevant authorities or other measures designed to protect your privacy rights as binding corporate rules, privacy certifications, or adherence to codes of conduct to safeguard your personal data during international transfers.

As required under the applicable law, third parties are required to use appropriate safeguards to protect personal information, and they can only access the personal information that is necessary for performing their specific tasks.

You may also request additional information regarding data transfers outside the EEA and obtain a copy of the appropriate safeguards by exercising your rights set out in section 11.

9. Access to your contact list

With your express permission, we may access your contact list on your mobile device so that you can identify your contacts on 'LemFi' to allow you to send money to friends and family on LemFi App — by searching for their phone number, email address or username.

We transmit and use this information to help you easily filter your friends on 'LemFi' and to help you transact with your friends and contacts if you choose to connect your contact list information with your Account. We only access your contact list information with your explicit permission. For example, when you provide us with information about your contacts, we may use it to let you know which of your contacts have also signed up for our Services so you can send money to them for free and quicker.

We will not send messages to your contacts or make use of the data for any other purpose.

10. Data retention and deletion

The Company retains user profile, transaction, and other personal information for as long as a user maintains their account and except as otherwise permitted or required by applicable law or regulation, only for as long as necessary to fulfill the purposes the Company collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The Company may also retain certain information if necessary, for purposes of safety, security, and fraud prevention. For example, if the Company deactivates a User’s account because of unsafe behavior or security incidents, the Company may retain certain information about that account to prevent that User from opening a new account in the future.

Users may request deletion of their account at any time. Following such requests, the Company deletes the data that it is not required to retain for purposes of regulatory, tax, insurance, litigation, or other legal requirements. For example, the Company retains location, device, and usage data for these purposes for a minimum of 7 years (subject to changes based on our legal and regulatory obligations); while it retains such data, it may also use it for purposes of safety, security, fraud prevention and detection, and research and development. In certain circumstances, the Company may be unable to delete a user’s account, such as if there’s an outstanding credit on the account or an unresolved claim or dispute. Upon resolution of the issue preventing deletion, the Company will delete the account as described above.

If you decide that you no longer wish us to keep or use information or you want the information to be revised or updated, please feel free to contact us. We will remove or amend the information as appropriate in accordance with our Notice and applicable legislative and regulatory requirements.

Under some circumstances the Company may anonymize Users' personal information so that it can no longer be associated with a particular User. The Company reserves the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to the relevant User or its consent.

11. Data sharing and disclosure

We may share your personal data:

A. with the Company subsidiaries and affiliates:

We share data with our subsidiaries and affiliates to help us provide our Services or conduct data processing on our behalf. For example, the Company processes and stores data in the United States on behalf of its international subsidiaries and affiliates.

B. with the Company service providers and business partners:

The Company provides data to vendors, consultants, marketing partners, research firms, and other service providers or business partners. These include:

• Payment processors and facilitators and saving products partners
• Background and credit check and identity verification providers (as applicable) that may help us offer credit finance facilities to our customers.
• Third party independent banks that facilitate and support Card issuance and Card processing activities in conjunction with us and other third party service providers.
• Cloud storage providers
• Call centers and customer support providers
• Marketing partners and marketing platform providers, including social media advertising Services
• Data analytics providers
• Research partners, including those performing surveys or research projects in partnership with the Company or on the Company’s behalf
• Vendors that assist the Company to enhance the safety and security of its applications, products and Services.
• Consultants, lawyers, accountants, and other professional service providers
• Insurance and financing partners
• Third party banks responsible for Card Program working in conjunction with us to offer Card Services.
• Investors
• Third party banks responsible for Card Program working in conjunction with us to offer Card Services.
• Third party Service providers that may assist in the delivery, management, and processing of credit products (Credit Services), where applicable.

C. For legal reasons or in the event of a dispute:

The Company may share Users’ personal data if we believe it’s permitted or required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing personal data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our User Agreement or other policies; to protect the Company’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our Services . If you use another person’s credit card, we may be required by law to share your personal data, including trip or order information, with the owner of that credit card.

This also includes sharing personal data with others in accordance with applicable law to a buyer or other successor in connection with, or during negotiations of, any merger, divestiture, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

12. Marketing

The Company may send its Users information about products and Services of the Company, always with the consent of the User. Users may provide consent to marketing and promotional communication when they enroll for the Services pursuant to the User Agreement.

If you have agreed to receive such marketing materials, you may always opt out at a later date. You have the right at any time to stop the Company from contacting you for marketing purposes.

If you no longer want to receive marketing-related emails from us, you may opt-out by following the instructions in any such email. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt-out, we may still send you important administrative messages, from which you cannot opt-out.

The Company does not sell or share User personal data with third parties for their direct marketing purposes, except with Users’ consent.

13. What are your data protection rights?

As a global organization, we operate in different jurisdictions which grant individuals different levels of protection in relation to the processing of personal information. We will honor your rights under the applicable law. To the extent provided under your local data protection laws, including the European data protection laws as applicable, your rights may include the following:

• Right of access (‘an overview of your personal information’): the right to get an overview of your personal information that we process.
• Right to rectification (‘correct your personal information’): if your personal information is inaccurate or incomplete, the right to ask us to rectify or complete your personal information.
• Right to erasure (‘right to be forgotten’): the right to request that we delete your personal information to the extent permitted by the applicable law. In certain circumstances, it may not be possible for us to accept your request; for example, when the processing is necessary to comply with a legal obligation, or if the processing is necessary for the performance of a contract. In some cases, your personal information is necessary in order to provide the Services and if you do not provide such information to us then you may be precluded from accessing and using the Services or using certain Services features.
• Right to data portability (‘transfer your personal information’): the right to ask us to transfer your personal information directly to you. This applies to certain personal information if processed by automated means and with your consent, or based on a contract you have with us. On your request, and where technically feasible, we will transfer your personal information to another party of your choice.
• Right to restrict processing: the right to request that we restrict or stop the processing of your personal information held by us for a certain period of time, or for an indefinite period. In certain circumstances, it may not be possible for us to accept your request; for example, when the processing is necessary to comply with a legal obligation, or if we can demonstrate compelling legitimate grounds otherwise.
• Right to object: the right to object to the processing of your personal information. The reasons for an objection should relate to your particular situation, and be related to processing based on the legitimate interest condition. We will then no longer process the personal information, unless we can demonstrate compelling reasons otherwise. In certain circumstances, you have the unconditional right to object; for instance, in the context of direct marketing activities.
• Withdrawal of Consent: the right to withdraw your consent to the processing of your personal information at any time; for instance, after you consented to us keeping you informed about our Services, you have the right to withdraw this consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing of your personal data prior to the withdrawal.

To exercise your rights (if applicable) and/or for any other questions about the handling of your personal information, we refer you to the ‘Contact Us‘ section below.

If you feel we are unresponsive or disagree with our data privacy practices, you also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of data protection law has taken place.

ADDITIONAL INFORMATION FOR UNITED STATES OF AMERICA RESIDENTS

DATA SUBJECT RIGHTS UNDER THE GRAMM - LEACH -BLILEY ACT (GLBA)

Note: This section of the Notice is applicable in the United States:

The Gramm-Leach-Bliley Act (GLBA) is a federal law in the United States that governs the collection, use, and disclosure of non-public personal information by financial institutions. Under GLBA, individuals (data subjects), have specific rights regarding the privacy and protection of their personal information. These rights include:

• A) Right to Access: Data subjects have the right to access their non-public personal information held by financial institutions. This includes the right to request copies of their personal information and to know how it is being used and shared.
• B) Right to Correction: You have the right to request corrections to any inaccuracies or errors in their non-public personal information. We will promptly update or correct any inaccurate information upon your request.
• C) Right to Opt-Out: You have the right to opt-out of certain information sharing practices by us. This includes the right to opt-out of having your personal information shared with non-affiliated third parties for marketing purposes
• D) Right to Notice: You have the right to receive clear and conspicuous notices from us regarding your privacy practices and policies. By this Privacy Notice we inform you about the types of personal information collected, how it is used and shared, and your rights under GLBA.
• E) Right to Confidentiality and Security: You have the right to expect that your non-public personal information will be kept confidential and secure by us. This includes safeguards to protect your personal information from unauthorized access, use, or disclosure.
• F) Right to File Complaints: you have the right to file complaints with regulatory agencies if you believe your privacy rights under GLBA have been violated. Regulatory agencies, such as the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB), are responsible for enforcing GLBA and investigating complaints.
• G) Right to Transparency: You have the right to transparency regarding the collection, use, and sharing of your personal information by us. This includes transparency about the purposes for which personal information is collected and how it is used to provide financial products and Services , which we explain in this Privacy Notice.
• H) Right to Data Portability: You may have the right to request the portability of your personal information to other financial institutions or service providers, subject to certain limitations and conditions.

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section outlines those rights and provides information on how you can exercise them.

A) Right to Know: You have the right to request information about the categories of personal information we have collected, the sources from which we collected the information, the purposes for which we use the information, and the categories of third parties with whom we share the information.

• How to Exercise: You can make a request to know by contacting us through the methods listed in the "Contact Us" section below.

B) Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions.

• How to Exercise: You can make a request to delete by contacting us through the methods listed in the "Contact Us" section below.

C) Right to Opt-Out of Sale: We do not sell your personal information to third parties for monetary value. However, you have the right to opt-out of any potential future sales of your personal information.

• How to Exercise: If you would like to opt-out, please contact us through the methods listed in the "Contact Us" section below.

D) Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA and CPRA. This includes denying you goods or Services , charging you different prices, or providing you with a lower quality of goods or Services.

• How to Exercise: If you believe we have discriminated against you for exercising your CCPA and CPRA rights, please contact us through the methods listed in the "Contact Us" section below.

Sensitive Information Disclosure. We may collect the following categories of sensitive personal information (as defined under California law): social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, and information precise geolocation. This information is collected in order to process transactions, comply with laws, manage our business, or provide you with Services . Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising.

For further details on our data practices, including the categories of personal information we collect and the purposes for which we use it, please refer to the main body of this Privacy Notice. If you have any questions or concerns specific to your rights as a California resident, please contact us using the information provided in the "Contact Us" section below.

If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.

ADDITIONAL INFORMATION FOR QUEBEC AND CANADIAN RESIDENTS

Where applicable law permits, we may transfer the personal information we collect about you to other Canadian provinces, the United States and other jurisdictions that may not be deemed to provide the same level of privacy protection as Canada or its provinces, for the purposes set out in this privacy notice. For more information and to connect with the applicable person responsible for privacy compliance, please contact us using the information provided in the “Contact Us” section below.

VERIFY YOUR IDENTITY
The Company may request specific information from a User to help the Company confirm its identity and its right to access, and to provide such User with the personal data that the Company holds about it or make its requested changes pursuant to applicable privacy law. Applicable privacy law may allow or require the Company to refuse to provide a User with access to some or all of the personal data that the Company holds about such User, or the Company may have destroyed, erased, or made such User's personal information anonymous in accordance with the Company's record retention obligations and practices. If the Company cannot provide a User with access to its personal information, the Company will inform such User of the reasons why, subject to any legal or regulatory restrictions. In order for the Company to verify a User's identity, it will generally either require the successful login to such User's account and/or the matching of sufficient information a User provides to the Company to such User's personal information maintained within the Company's systems. Although the Company tries to limit the personal information collected in connection with a User request to exercise its rights, certain requests may require the Company to obtain additional personal information from the relevant User. In certain circumstances, the Company may decline a request to exercise a User's right to know and right to deletion, particularly where the Company is unable to verify such User's identity.

You consent to an electronic database search by us in order to verify your identity. We shall retain records of the contents and results of such searches in accordance with this Notice and all current and applicable laws.

The App may contain links to other websites. This Privacy Notice applies only to the App. If you navigate to any other website from a link in the App, you should review the privacy notice of such website.

14. Changes to our Privacy Notice

If we make material changes to how we treat our users' personal information, you will be notified in the Application. The date the Notice was last revised is identified at the top of the page.

15. Contact us

If you have any questions about this Privacy Notice, the personal information we hold on you, or you would like to exercise one of your data protection rights provided for under applicable privacy laws, please do not hesitate to contact our Data Privacy Manager at dataprivacycounsel@lemfi.com.

If you feel we are unresponsive or disagree with our data privacy practices, you also have a right, depending on applicable law, to file a complaint with your local Data Protection Authority.