Effective Date

12-26-2025

Controller

1. Introduction

1.1 Our Commitment

At AlrealRemit, we are committed to protecting your privacy and personal information. As a Canadian-licensed Money Services Business (MSB), we handle your personal information with the highest standards of security and confidentiality, in compliance with applicable privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation.

1.2 Scope

This Privacy Policy applies to:

• All personal information collected through our website, mobile applications, and services

• Information collected during account registration, transactions, and customer support

• Data received from third parties in connection with our services

• All current and former customers of AlrealRemit

1.3 Consent

By using our services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Identification Information

We collect:

• Full legal name

• Date of birth

• Contact information (email, phone, address)

• Government-issued identification details

• Photographs of identification documents

• Signature (where required)

2.2 Financial Information

We collect:

• Bank account details

• Payment card information (processed securely via tokenization)

• Transaction history

• Source of funds information

• Credit information (where applicable)

2.3 Transaction Information

We collect:

• Recipient details (name, contact information, relationship to sender)

• Transfer amounts and currencies

• Exchange rates applied

• Fees charged

• Delivery methods and timelines

2.4 Technical Information

We collect:

• IP addresses and device information

• Browser type and version

• Operating system

• Usage patterns and preferences

• Cookies and similar technologies data

2.5 Compliance Information

As required by Canadian regulations, we collect:

• Proof of identity documentation

• Proof of address verification

• Source of wealth information

• Politically Exposed Person (PEP) status

• Sanctions screening results

3. How We Collect Information

3.1 Direct Collection

• Information you provide during account registration

• Details provided during transaction initiation

• Documents submitted for verification

• Communications with our support team

• Surveys and feedback forms

3.2 Automated Collection

• Through cookies and similar technologies

• Via server logs and analytics tools

• Through mobile application usage data

• Transaction monitoring systems

3.3 Third-Party Collection

• From financial institutions

• From identity verification services

• From credit bureaus (where permitted)

• From regulatory databases

• From fraud prevention services

4. Purposes of Collection

4.1 Primary Purposes

We collect and use your information to:

• Provide money transfer services

• Verify your identity as required by law

• Process transactions securely

• Comply with Canadian AML/CTF regulations

• Prevent fraud and financial crimes

• Communicate about your transactions

4.2 Secondary Purposes

We may use your information to:

• Improve our services and user experience

• Conduct research and analysis

• Develop new products and features

• Send service-related announcements

• Personalize your experience

4.3 Legal & Regulatory Purposes

• Fulfill reporting obligations to FINTRAC

• Respond to legal requests and court orders

• Comply with international sanctions

• Maintain records as required by law

• Support regulatory investigations

5. How We Use Your Information

5.1 Service Provision

• Create and manage your account

• Process money transfers

• Verify transactions

• Provide customer support

• Send transaction confirmations

5.2 Compliance & Security

• Conduct KYC (Know Your Customer) verification

• Monitor transactions for suspicious activity

• Screen against sanctions lists

• Prevent money laundering and terrorist financing

• Investigate potential fraud

5.3 Communication

• Send important service updates

• Respond to inquiries and support requests

• Send regulatory disclosures

• Provide marketing communications (with consent)

• Share policy updates

5.4 Analytics & Improvement

• Analyze service usage patterns

• Improve website and app functionality

• Enhance security measures

• Develop new features

• Conduct market research

6. Information Sharing & Disclosure

6.1 With Service Providers

We share information with:

• Payment processors

• Banking partners

• Identity verification services

• Customer support platforms

• IT and security providers

• Marketing agencies (with consent)

6.2 For Legal & Regulatory Reasons

We disclose information:

• To FINTRAC and other regulators

• To law enforcement with proper legal process

• To comply with court orders

• To prevent illegal activities

• To protect our rights and property

6.3 With Financial Institutions

• Correspondent banks for transaction processing

• Receiving institutions for fund delivery

• Payment networks for transaction routing

• Regulatory reporting systems

6.4 Business Transfers

In the event of:

• Merger or acquisition

• Sale of assets

• Business reorganization

• Bankruptcy proceedings

6.5 With Your Consent

• For additional services you request

• With third parties you authorize

• For marketing partnerships (with opt-in consent)

7. International Transfers

7.1 Cross-Border Data Flows

Your information may be transferred to:

• Recipient countries for transaction processing

• Service providers in other jurisdictions

• Regulatory authorities in other countries (as required)

• Cloud storage providers with global infrastructure

7.2 Safeguards

For international transfers, we ensure:

• Adequate data protection agreements

• Compliance with Canadian privacy laws

• Appropriate security measures

• Limited data sharing to necessary purposes

7.3 Recipient Countries

Data may be transferred to:

• United States

• Countries in Africa and Middle East (for transactions)

• Cloud service provider locations

• Regulatory authority locations

8. Data Security

8.1 Security Measures

We implement:

• 256-bit SSL encryption for data transmission

• Multi-factor authentication for account access

• Secure data centers with physical protections

• Regular security audits and penetration testing

• Employee security training and background checks

8.2 Technical Safeguards

• Firewalls and intrusion detection systems

• Data encryption at rest and in transit

• Access controls and role-based permissions

• Regular security updates and patches

• Incident response and recovery plans

8.3 Organizational Safeguards

• Privacy and security policies

• Employee confidentiality agreements

• Regular security awareness training

• Third-party vendor security assessments

• Privacy impact assessments

9. Data Retention

9.1 Retention Periods

We retain information:

• Account information: 6 years after account closure

• Transaction records: 6 years as required by FINTRAC

• Identification documents: 6 years after verification

• Compliance records: 6 years as required by law

• Marketing consent: Until withdrawal of consent

9.2 Retention Basis

We retain data based on:

• Legal and regulatory requirements

• Business needs and purposes

• Statute of limitations for claims

• Historical analysis needs

• Service improvement requirements

9.3 Secure Destruction

When retention periods expire, we:

• Securely delete electronic records

• Securely shred physical documents

• Maintain destruction logs

• Ensure complete data removal

10. Your Rights & Choices

10.1 Access & Correction

You have the right to:

• Access your personal information

• Request corrections to inaccurate information

• Request information about our data practices

• Obtain copies of your data (subject to fees)

10.2 Consent Management

You can:

• Withdraw consent for marketing communications

• Opt out of certain data uses (where permitted)

• Request restrictions on data processing

• Object to certain data processing activities

10.3 Account Management

You can:

• Update your profile information

• Close your account

• Download transaction history

• Manage communication preferences

10.4 How to Exercise Rights

Contact our Privacy Officer:

• Email: privacy@alrealremit.com

• Mail: Privacy Officer, AL REAL TRADE AND INVESTMENT INC., 60-6440 Centre Street NE, Calgary, Alberta T2K 0VA

• Phone: +1 (403) 768-9000 (request Privacy Officer)

11. Cookies & Tracking Technologies

11.1 Types of Cookies

We use:

• Essential cookies: Required for service functionality

• Performance cookies: For analytics and improvement

• Functionality cookies: For personalized features

• Advertising cookies: For targeted marketing (with consent)

11.2 Cookie Management

You can:

• Adjust browser settings to refuse cookies

• Use browser settings to delete cookies

• Use our cookie preference center

• Note that disabling cookies may affect service functionality

11.3 Third-Party Analytics

We use:

• Google Analytics (anonymized data)

• Security monitoring tools

• Performance tracking systems

• Fraud detection services

12. Children's Privacy

12.1 Age Restrictions

Our services are not directed to:

• Individuals under 18 years of age

• Minors without parental consent

• Children under 13 (in compliance with COPPA)

12.2 No Collection

We do not knowingly collect information from children. If we discover such collection, we will delete it immediately.

13. Third-Party Links & Services

13.1 External Websites

Our services may contain links to:

• Banking partners' websites

• Regulatory authority sites

• Service provider portals

• Educational resources

13.2 No Responsibility

We are not responsible for:

• Privacy practices of third-party sites

• Content on external websites

• Data collection by linked services

• Security of third-party platforms

14. Changes to This Policy

14.1 Update Procedure

We may update this policy to:

• Reflect changes in our practices

• Comply with new legal requirements

• Address new technologies

• Improve clarity and transparency

14.2 Notification

We will notify you of material changes by:

• Email to your registered address

• Notice on our website

• In-app notifications (where applicable)

• Providing 30 days notice when possible

14.3 Review Dates

• Last updated: 12-26-2025

• Next scheduled review: 12-26-2026

15. Contact Information

15.1 Privacy Officer

15.2 Complaints

If you have privacy concerns:

1. Contact our Privacy Officer first

2. If unsatisfied, contact the Office of the Privacy Commissioner of Canada

3. Legal recourse may be available under applicable laws

15.3 Response Time

We will respond to privacy inquiries within:

• 30 days for access requests

• 10 business days for complaints

• 5 business days for general inquiries

16. Definitions

16.1 Key Terms

• Personal Information: Information about an identifiable individual

• Consent: Voluntary agreement to collection, use, or disclosure

• FINTRAC: Financial Transactions and Reports Analysis Centre of Canada

• MSB: Money Services Business

• PIPEDA: Personal Information Protection and Electronic Documents Act

16.2 Regulatory References

• Primary Legislation: PIPEDA, PCMLTFA

• Provincial Laws: Alberta Personal Information Protection Act

• Regulatory Guidelines: FINTRAC guidelines and directives

• Industry Standards: Financial industry privacy best practices

17. Acknowledgment

By using AlrealRemit services, you acknowledge that:

1. You have read and understood this Privacy Policy

2. You consent to our collection, use, and disclosure practices

3. You understand your rights regarding your personal information

4. You accept our security measures and safeguards

5. You agree to our data retention practices

This Privacy Policy supplements our Terms of Service and Refund Policy. In case of conflict, the most protective provisions for your privacy shall apply.