Privacy Policy

This Privacy Policy sets out the principles and procedures adopted by OMEXI PAY LTD (“OMEXI”, the “Company”, “we”, “us” or “our”) regarding the collection, processing, storage, transfer, and disclosure of Personal Information obtained from Clients and prospective Clients (each a “Client”) in connection with the provision of MSB Services. OMEXI is committed to ensuring that such processing is undertaken in accordance with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the UK GDPR, and relevant implementing legislation.


I. Purpose and Scope

This Policy applies to all Personal Information processed by OMEXI in the course of its business, including during the onboarding of Clients, provision of MSB Services (including issuance and maintenance of accounts and execution of transactions), compliance with legal obligations, and management of customer relationships.


II. Categories of Personal Information

OMEXI may collect and process the following categories of Personal Information

  • Identification information: Full name, date of birth, nationality, government-issued identification (e.g., passport or ID card), personal identification numbers.

  • Contact details: Residential address, email address, telephone number.

  • Verification data: Proof of address, photographs or copies of identification documents, liveness checks, and other KYC documentation.

  • Financial and transactional data: Bank account details, source of funds, payment instructions, vIBAN usage, account activity, transaction history.

  • Corporate information: For legal persons, this may include company name, registration number, directors, authorised signatories, and beneficial ownership data.

  • Technical information: Device data, IP address, browser type, operating system, login timestamps, and platform access logs.

  • Communication records: Emails, call logs, and support tickets (where permitted by law).


OMEXI does not collect or process special categories of personal data unless required to do so by law or with the Client’s explicit consent.


III. Legal Basis and Purposes for Processing

OMEXI processes Personal Information under the following lawful bases:

  • To comply with legal obligations (Article 6(1)(c) GDPR): including obligations under PCMLTFA, AML/CTF regulations, sanctions laws, and tax reporting.

  • To perform a contract (Article 6(1)(b) GDPR): for the purpose of providing MSB Services, issuing vIBANs, executing transactions, or otherwise fulfilling contractual obligations.

  • To pursue legitimate interests (Article 6(1)(f) GDPR): such as fraud prevention, business administration, system monitoring, risk management, or enforcement of OMEXI’s rights.

  • Based on Client consent (Article 6(1)(a) GDPR): for specific uses such as marketing communications, where applicable.


Purposes include, but are not limited to:

  • Identity verification and risk assessment

  • Customer onboarding and account management

  • Transaction execution and account maintenance

  • Fraud detection and prevention

  • Internal audits and compliance monitoring

  • Regulatory reporting and cooperation with competent authorities

  • Direct communication and support, including client service

  • Automated decision-making and client profiling, solely where permitted by law


Where consent is the lawful basis for processing, Clients may withdraw consent at any time without affecting the lawfulness of prior processing.


IV. Data Sharing and Disclosure

OMEXI may share Personal Information with:

  • Third-party service providers: e.g., KYC and AML screening providers, transaction monitoring platforms, IT system providers, who are bound by contractual obligations to safeguard data.

  • Payment infrastructure providers: including correspondent banks, settlement networks, and other financial institutions necessary for the execution of transactions.

  • Regulatory, supervisory and law enforcement authorities: where disclosure is legally required or permitted.

  • Affiliated entities: within the corporate group (if applicable), where necessary for service provision and consistent with this Policy.

  • Professional advisors: such as auditors, legal counsel, or consultants, for legitimate compliance or risk management purposes.


Personal Information is never sold, licensed, or rented to third parties.


V. Cross-Border Data Transfers

OMEXI may transfer Personal Information to jurisdictions outside Canada, the EEA, or the UK. Where such transfers occur, OMEXI ensures that adequate safeguards are in place, such as:

  • Transfers to countries deemed “adequate” by the European Commission or UK government;

  • Use of standard contractual clauses or equivalent instruments recognised under EU/UK law;

  • Binding agreements with processors to apply appropriate technical and organisational measures.


Details of these safeguards are available upon request.


VI. Data Retention

OMEXI retains Personal Information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. As a general rule:

  • Client identification and transactional data is retained for five (5) years following the end of the Client relationship, in accordance with AML obligations.

  • Records relating to regulatory reporting or investigations may be retained longer as necessary to satisfy statutory requirements.

  • Communications and preferences may be retained for the duration of the business relationship or until a valid opt-out or objection is submitted.


Upon expiry of retention periods, data will be securely deleted or anonymised.


VII. Client Rights

Clients have the following rights in respect of their Personal Information (subject to applicable legal limitations):

  • Access: The right to request a copy of the data OMEXI holds.

  • Rectification: The right to correct inaccurate or incomplete data.

  • Erasure: The right to request deletion of data where no longer required.

  • Restriction: The right to limit data processing under specific circumstances.

  • Objection: The right to object to processing based on OMEXI’s legitimate interests.

  • Portability: The right to request transmission of personal data to another provider.

  • Withdrawal of Consent: Where applicable, the right to withdraw consent at any time.

  • Complaint: The right to lodge a complaint with a supervisory authority.


Requests should be submitted in writing to the contact address provided below. OMEXI may require verification of identity prior to processing such requests.


VIII. Data Security

OMEXI adopts and maintains physical, administrative, and technical safeguards appropriate to the sensitivity of the Personal Information processed. These include:

  • Role-based access control and secure authentication

  • Network segmentation and encryption

  • Periodic vulnerability assessments

  • Monitoring for unauthorised access or anomalous activity

  • Data minimisation and secure disposal protocols


Service providers are subject to equivalent requirements under data processing agreements.


IX. Children’s Data

OMEXI’s services are not intended for individuals under the age of eighteen (18). We do not knowingly collect or process Personal Information from minors. Any such data received inadvertently will be deleted promptly upon discovery.


X. Updates and Revisions

OMEXI may amend this Privacy Policy to reflect changes in its practices or applicable legislation. Updates will be published on OMEXI’s official website and, where required, will be communicated to Clients directly. Clients are encouraged to review this Policy periodically.





This Privacy Policy sets out the principles and procedures adopted by OMEXI PAY LTD (“OMEXI”, the “Company”, “we”, “us” or “our”) regarding the collection, processing, storage, transfer, and disclosure of Personal Information obtained from Clients and prospective Clients (each a “Client”) in connection with the provision of MSB Services. OMEXI is committed to ensuring that such processing is undertaken in accordance with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the UK GDPR, and relevant implementing legislation.


I. Purpose and Scope

This Policy applies to all Personal Information processed by OMEXI in the course of its business, including during the onboarding of Clients, provision of MSB Services (including issuance and maintenance of accounts and execution of transactions), compliance with legal obligations, and management of customer relationships.


II. Categories of Personal Information

OMEXI may collect and process the following categories of Personal Information

  • Identification information: Full name, date of birth, nationality, government-issued identification (e.g., passport or ID card), personal identification numbers.

  • Contact details: Residential address, email address, telephone number.

  • Verification data: Proof of address, photographs or copies of identification documents, liveness checks, and other KYC documentation.

  • Financial and transactional data: Bank account details, source of funds, payment instructions, vIBAN usage, account activity, transaction history.

  • Corporate information: For legal persons, this may include company name, registration number, directors, authorised signatories, and beneficial ownership data.

  • Technical information: Device data, IP address, browser type, operating system, login timestamps, and platform access logs.

  • Communication records: Emails, call logs, and support tickets (where permitted by law).


OMEXI does not collect or process special categories of personal data unless required to do so by law or with the Client’s explicit consent.


III. Legal Basis and Purposes for Processing

OMEXI processes Personal Information under the following lawful bases:

  • To comply with legal obligations (Article 6(1)(c) GDPR): including obligations under PCMLTFA, AML/CTF regulations, sanctions laws, and tax reporting.

  • To perform a contract (Article 6(1)(b) GDPR): for the purpose of providing MSB Services, issuing vIBANs, executing transactions, or otherwise fulfilling contractual obligations.

  • To pursue legitimate interests (Article 6(1)(f) GDPR): such as fraud prevention, business administration, system monitoring, risk management, or enforcement of OMEXI’s rights.

  • Based on Client consent (Article 6(1)(a) GDPR): for specific uses such as marketing communications, where applicable.


Purposes include, but are not limited to:

  • Identity verification and risk assessment

  • Customer onboarding and account management

  • Transaction execution and account maintenance

  • Fraud detection and prevention

  • Internal audits and compliance monitoring

  • Regulatory reporting and cooperation with competent authorities

  • Direct communication and support, including client service

  • Automated decision-making and client profiling, solely where permitted by law


Where consent is the lawful basis for processing, Clients may withdraw consent at any time without affecting the lawfulness of prior processing.


IV. Data Sharing and Disclosure

OMEXI may share Personal Information with:

  • Third-party service providers: e.g., KYC and AML screening providers, transaction monitoring platforms, IT system providers, who are bound by contractual obligations to safeguard data.

  • Payment infrastructure providers: including correspondent banks, settlement networks, and other financial institutions necessary for the execution of transactions.

  • Regulatory, supervisory and law enforcement authorities: where disclosure is legally required or permitted.

  • Affiliated entities: within the corporate group (if applicable), where necessary for service provision and consistent with this Policy.

  • Professional advisors: such as auditors, legal counsel, or consultants, for legitimate compliance or risk management purposes.


Personal Information is never sold, licensed, or rented to third parties.


V. Cross-Border Data Transfers

OMEXI may transfer Personal Information to jurisdictions outside Canada, the EEA, or the UK. Where such transfers occur, OMEXI ensures that adequate safeguards are in place, such as:

  • Transfers to countries deemed “adequate” by the European Commission or UK government;

  • Use of standard contractual clauses or equivalent instruments recognised under EU/UK law;

  • Binding agreements with processors to apply appropriate technical and organisational measures.


Details of these safeguards are available upon request.


VI. Data Retention

OMEXI retains Personal Information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. As a general rule:

  • Client identification and transactional data is retained for five (5) years following the end of the Client relationship, in accordance with AML obligations.

  • Records relating to regulatory reporting or investigations may be retained longer as necessary to satisfy statutory requirements.

  • Communications and preferences may be retained for the duration of the business relationship or until a valid opt-out or objection is submitted.


Upon expiry of retention periods, data will be securely deleted or anonymised.


VII. Client Rights

Clients have the following rights in respect of their Personal Information (subject to applicable legal limitations):

  • Access: The right to request a copy of the data OMEXI holds.

  • Rectification: The right to correct inaccurate or incomplete data.

  • Erasure: The right to request deletion of data where no longer required.

  • Restriction: The right to limit data processing under specific circumstances.

  • Objection: The right to object to processing based on OMEXI’s legitimate interests.

  • Portability: The right to request transmission of personal data to another provider.

  • Withdrawal of Consent: Where applicable, the right to withdraw consent at any time.

  • Complaint: The right to lodge a complaint with a supervisory authority.


Requests should be submitted in writing to the contact address provided below. OMEXI may require verification of identity prior to processing such requests.


VIII. Data Security

OMEXI adopts and maintains physical, administrative, and technical safeguards appropriate to the sensitivity of the Personal Information processed. These include:

  • Role-based access control and secure authentication

  • Network segmentation and encryption

  • Periodic vulnerability assessments

  • Monitoring for unauthorised access or anomalous activity

  • Data minimisation and secure disposal protocols


Service providers are subject to equivalent requirements under data processing agreements.


IX. Children’s Data

OMEXI’s services are not intended for individuals under the age of eighteen (18). We do not knowingly collect or process Personal Information from minors. Any such data received inadvertently will be deleted promptly upon discovery.


X. Updates and Revisions

OMEXI may amend this Privacy Policy to reflect changes in its practices or applicable legislation. Updates will be published on OMEXI’s official website and, where required, will be communicated to Clients directly. Clients are encouraged to review this Policy periodically.





This Privacy Policy sets out the principles and procedures adopted by OMEXI PAY LTD (“OMEXI”, the “Company”, “we”, “us” or “our”) regarding the collection, processing, storage, transfer, and disclosure of Personal Information obtained from Clients and prospective Clients (each a “Client”) in connection with the provision of MSB Services. OMEXI is committed to ensuring that such processing is undertaken in accordance with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the UK GDPR, and relevant implementing legislation.


I. Purpose and Scope

This Policy applies to all Personal Information processed by OMEXI in the course of its business, including during the onboarding of Clients, provision of MSB Services (including issuance and maintenance of accounts and execution of transactions), compliance with legal obligations, and management of customer relationships.


II. Categories of Personal Information

OMEXI may collect and process the following categories of Personal Information

  • Identification information: Full name, date of birth, nationality, government-issued identification (e.g., passport or ID card), personal identification numbers.

  • Contact details: Residential address, email address, telephone number.

  • Verification data: Proof of address, photographs or copies of identification documents, liveness checks, and other KYC documentation.

  • Financial and transactional data: Bank account details, source of funds, payment instructions, vIBAN usage, account activity, transaction history.

  • Corporate information: For legal persons, this may include company name, registration number, directors, authorised signatories, and beneficial ownership data.

  • Technical information: Device data, IP address, browser type, operating system, login timestamps, and platform access logs.

  • Communication records: Emails, call logs, and support tickets (where permitted by law).


OMEXI does not collect or process special categories of personal data unless required to do so by law or with the Client’s explicit consent.


III. Legal Basis and Purposes for Processing

OMEXI processes Personal Information under the following lawful bases:

  • To comply with legal obligations (Article 6(1)(c) GDPR): including obligations under PCMLTFA, AML/CTF regulations, sanctions laws, and tax reporting.

  • To perform a contract (Article 6(1)(b) GDPR): for the purpose of providing MSB Services, issuing vIBANs, executing transactions, or otherwise fulfilling contractual obligations.

  • To pursue legitimate interests (Article 6(1)(f) GDPR): such as fraud prevention, business administration, system monitoring, risk management, or enforcement of OMEXI’s rights.

  • Based on Client consent (Article 6(1)(a) GDPR): for specific uses such as marketing communications, where applicable.


Purposes include, but are not limited to:

  • Identity verification and risk assessment

  • Customer onboarding and account management

  • Transaction execution and account maintenance

  • Fraud detection and prevention

  • Internal audits and compliance monitoring

  • Regulatory reporting and cooperation with competent authorities

  • Direct communication and support, including client service

  • Automated decision-making and client profiling, solely where permitted by law


Where consent is the lawful basis for processing, Clients may withdraw consent at any time without affecting the lawfulness of prior processing.


IV. Data Sharing and Disclosure

OMEXI may share Personal Information with:

  • Third-party service providers: e.g., KYC and AML screening providers, transaction monitoring platforms, IT system providers, who are bound by contractual obligations to safeguard data.

  • Payment infrastructure providers: including correspondent banks, settlement networks, and other financial institutions necessary for the execution of transactions.

  • Regulatory, supervisory and law enforcement authorities: where disclosure is legally required or permitted.

  • Affiliated entities: within the corporate group (if applicable), where necessary for service provision and consistent with this Policy.

  • Professional advisors: such as auditors, legal counsel, or consultants, for legitimate compliance or risk management purposes.


Personal Information is never sold, licensed, or rented to third parties.


V. Cross-Border Data Transfers

OMEXI may transfer Personal Information to jurisdictions outside Canada, the EEA, or the UK. Where such transfers occur, OMEXI ensures that adequate safeguards are in place, such as:

  • Transfers to countries deemed “adequate” by the European Commission or UK government;

  • Use of standard contractual clauses or equivalent instruments recognised under EU/UK law;

  • Binding agreements with processors to apply appropriate technical and organisational measures.


Details of these safeguards are available upon request.


VI. Data Retention

OMEXI retains Personal Information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. As a general rule:

  • Client identification and transactional data is retained for five (5) years following the end of the Client relationship, in accordance with AML obligations.

  • Records relating to regulatory reporting or investigations may be retained longer as necessary to satisfy statutory requirements.

  • Communications and preferences may be retained for the duration of the business relationship or until a valid opt-out or objection is submitted.


Upon expiry of retention periods, data will be securely deleted or anonymised.


VII. Client Rights

Clients have the following rights in respect of their Personal Information (subject to applicable legal limitations):

  • Access: The right to request a copy of the data OMEXI holds.

  • Rectification: The right to correct inaccurate or incomplete data.

  • Erasure: The right to request deletion of data where no longer required.

  • Restriction: The right to limit data processing under specific circumstances.

  • Objection: The right to object to processing based on OMEXI’s legitimate interests.

  • Portability: The right to request transmission of personal data to another provider.

  • Withdrawal of Consent: Where applicable, the right to withdraw consent at any time.

  • Complaint: The right to lodge a complaint with a supervisory authority.


Requests should be submitted in writing to the contact address provided below. OMEXI may require verification of identity prior to processing such requests.


VIII. Data Security

OMEXI adopts and maintains physical, administrative, and technical safeguards appropriate to the sensitivity of the Personal Information processed. These include:

  • Role-based access control and secure authentication

  • Network segmentation and encryption

  • Periodic vulnerability assessments

  • Monitoring for unauthorised access or anomalous activity

  • Data minimisation and secure disposal protocols


Service providers are subject to equivalent requirements under data processing agreements.


IX. Children’s Data

OMEXI’s services are not intended for individuals under the age of eighteen (18). We do not knowingly collect or process Personal Information from minors. Any such data received inadvertently will be deleted promptly upon discovery.


X. Updates and Revisions

OMEXI may amend this Privacy Policy to reflect changes in its practices or applicable legislation. Updates will be published on OMEXI’s official website and, where required, will be communicated to Clients directly. Clients are encouraged to review this Policy periodically.





300 Supertest Road, Unit 1, North York, Ontario, M3J2M2, Canada

contact@omexipay.com

OmexiPay

MENU

Home

Individual Account

Corporate Account

Pooled Account

Contact

USEFUL

Privacy Policy

Cookie Policy

Terms & Conditions

Complaints Procedure

Omexi Pay Ltd is registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under registration number C100000572.

The company is authorised to provide foreign exchange dealing, remittance and fund transmission, virtual currency services, and the issuance and redemption of money orders.

Omexi Pay Ltd is a member of SWIFT (BIC: OMEXCAT2) and holds the Legal Entity Identifier (LEI) 2549009PD5R5K02Q5N84.

Its registered office is located at 300 Supertest Road, Unit 1, North York, Ontario, M3J 2M2, Canada, and it can be contacted at contact@omexipay.com.

©

2025

made by

Omexi Pay

300 Supertest Road, Unit 1, North York, Ontario, M3J2M2, Canada

contact@omexipay.com

OmexiPay

MENU

Home

Individual Account

Corporate Account

Pooled Account

Contact

USEFUL

Privacy Policy

Cookie Policy

Terms & Conditions

Complaints Procedure

Omexi Pay Ltd is registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under registration number C100000572.

The company is authorised to provide foreign exchange dealing, remittance and fund transmission, virtual currency services, and the issuance and redemption of money orders.

Omexi Pay Ltd is a member of SWIFT (BIC: OMEXCAT2) and holds the Legal Entity Identifier (LEI) 2549009PD5R5K02Q5N84.

Its registered office is located at 300 Supertest Road, Unit 1, North York, Ontario, M3J 2M2, Canada, and it can be contacted at contact@omexipay.com.

©

2025

made by

Omexi Pay

300 Supertest Road, Unit 1, North York, Ontario, M3J2M2, Canada

contact@omexipay.com

OmexiPay

MENU

Home

Individual Account

Corporate Account

Pooled Account

Contact

USEFUL

Privacy Policy

Cookie Policy

Terms & Conditions

Complaints Procedure

Omexi Pay Ltd is registered as a Money Services Business (MSB) with the Financial Transactions and
Reports Analysis Centre of Canada (FINTRAC) under registration number C100000572.


The company is authorised to provide foreign exchange dealing, remittance and fund transmission,
virtual currency services, and the issuance and redemption of money orders.


Omexi Pay Ltd is a member of SWIFT (BIC: OMEXCAT2) and holds the Legal Entity Identifier
(LEI) 2549009PD5R5K02Q5N84.

Its registered office is located at 300 Supertest Road, Unit 1, North York, Ontario, M3J 2M2, Canada,
and it can be contacted at contact@omexipay.com.

©

2025

made by

Omexi Pay