RC: 1758373

RemitPro Ltd – Personal and Payment Information (PPI) Protection Procedures

1. Introduction

RemitPro Ltd is committed to protecting the privacy, security, and integrity of our customers’ Personal and Payment Information (PPI). This document outlines the procedures and measures we have in place to ensure your sensitive data is handled in compliance with applicable data protection laws and industry best practices.

2. Scope

These procedures apply to all PPI collected, processed, stored, or transmitted via the RemitPro platform, including:

  • Personal Identifiable Information (PII): Name, address, email, phone number, identification numbers.
  • Payment Information: Bank account details, credit/debit card details, cryptocurrency wallet addresses, transaction history.

3. Data Collection Principles

When collecting PPI, we adhere to the following principles:

  1. Purpose Limitation – PPI is collected only for specific, legitimate business purposes (e.g., processing payments, verifying identity).
  2. Data Minimization – We collect only the information necessary for the intended purpose.
  3. Consent & Transparency – Users are informed about how their PPI will be used, and their consent is obtained where required.

4. Data Protection Measures

4.1 Technical Controls

  • Encryption in Transit & at Rest – All PPI is encrypted using industry-standard protocols (e.g., TLS 1.2+ for data in transit, AES-256 for stored data).
  • Access Controls – PPI is accessible only to authorized personnel with a legitimate business need.
  • Multi-Factor Authentication (MFA) – Used for all administrative access to PPI.
  • Regular Security Patching – Systems are updated promptly to fix known vulnerabilities.

4.2 Organizational Controls

  • Staff Training – All employees handling PPI receive data protection and cybersecurity training.
  • Non-Disclosure Agreements (NDAs) – Required for all employees and contractors with PPI access.
  • Data Classification – PPI is classified as “Confidential” and handled accordingly.

5. Data Storage & Retention

  • PPI is stored only for as long as necessary to fulfill the purpose for which it was collected or as required by law.
  • Secure deletion or anonymization methods are used when PPI is no longer needed.

6. Third-Party Processing

  • Any third-party service provider handling PPI on behalf of RemitPro must comply with our Data Protection Agreement and applicable regulations.
  • Regular due diligence and security assessments are conducted on vendors.

7. Breach Management

In the event of a data breach involving PPI:

  1. The incident will be promptly investigated.
  2. Affected individuals and relevant authorities will be notified in accordance with legal requirements.
  3. Corrective actions will be taken to prevent recurrence.

8. User Rights

Customers have the right to:

  • Access their PPI.
  • Request corrections to inaccurate PPI.
  • Request deletion of PPI where legally permissible.
  • Withdraw consent for data processing.

Requests can be made via info@remitpro.io.

9. Continuous Improvement

These procedures are reviewed annually or when there is a significant change in regulations, technology, or business operations.

Last Updated: August 2025
Approved By: Data Protection Officer, RemitPro Ltd