Global Privacy Policy

Last Updated: October 2025

Sokin provides global payment services, enabling businesses to move money, make payments, and manage accounts with ease and security.

  1. Introduction
    1. Sokin (“we”, “us”, “our”) values your privacy and is committed to protecting Personal Data. This Global Privacy Policy (this “Policy”) explains how we collect, use, share, and protect Personal Data when we provide Services, engage with businesses, conduct marketing, Process job applications, or otherwise interact with individuals (“you”, “your”), whether as a customer, prospect, business contact, or job applicant. It also outlines our role as a Data Controller and, where applicable, a Processor. Local variations and additional legal requirements are set out in the Appendices.
    2. By using our website, application, Services, or otherwise interacting with us, you acknowledge that this Policy applies to you and governs such use.
  2. Definition
    1. The following terms are used consistently throughout this Policy.
      • Anonymisation: means altering Personal Data such that an individual can no longer be identified, directly or indirectly. Anonymised data (and similar terms) is not considered Personal Data;
      • Applicable Law: means all laws, statutes, regulations, directives, decisions, and binding requirements of any competent governmental, regulatory, or supervisory authority having jurisdiction over Sokin or the Processing of Personal Data, in any country or territory where we operate or provide Services, and any equivalent or successor legislation in force from time to time;
      • Business Day: means a day other than a Saturday, Sunday, or public holiday in the relevant jurisdiction when banks are open for business;
      • Consent: means a freely given, specific, informed, and unambiguous choice, shown by a clear affirmative action (such as making a statement or ticking a box), to permit the Processing of Personal Data, unless another lawful basis applies under local law;
      • Cookies: means small files, identifiers, or code used to store information or track activity online;
      • Data Controller: means the entity that determines the purposes and means of Processing Personal Data;
      • Data Protection Officer: means the person designated by Sokin to oversee compliance with data protection laws, policies, and practices, and to act as a contact point for individuals and a Supervisory Authority;
      • EEA: means the European Economic Area, comprising the EU member states and Iceland, Liechtenstein, and Norway;
      • EU: means the European Union and its member states;
      • EU GDPR: means the General Data Protection Regulation (Regulation (EU) 2016/679), which applies to the Processing of Personal Data in the European Economic Area;
      • Independent Controller: means another organisation that decides how and why Personal Data is Processed, separately from Sokin. Such entities are responsible for their own compliance obligations as Data Controllers;
      • Personal Data: means any information relating to an identified or identifiable natural person;
      • Process (including Processing or Processed): means any operation performed on Personal Data, such as collection, use, storage, disclosure, transfer, or deletion;
      • Processor: means a third party that Processes Personal Data on behalf of a Data Controller, and only in accordance with the Controller’s documented instructions;
      • Pseudonymisation: means Processing Personal Data such that it cannot be linked to a person without additional information, which is kept separately under strict safeguards;
      • Sensitive Personal Data: means Personal Data that is subject to enhanced protection, including data relating to biometrics, health, racial or ethnic origin, or political opinions;
      • Services: means financial Services, products, and platforms provided by Sokin;
      • Supervisory Authority: means an independent public authority responsible for monitoring compliance with data protection laws in the relevant jurisdiction; and
      • UK GDPR: means the United Kingdom’s version of the General Data Protection Regulation, as incorporated into UK law, together with the Data Protection Act 2018.
  3. Scope
    1. This Policy applies to all Personal Data we Process in connection with our business activities, including:
      • Customers: individual end-users of Sokin’s Services and contacts of our merchant clients;
      • Prospective Customers and Marketing Recipients: individuals (including non-clients and business contacts) we may contact directly or through third parties for lawful marketing, including referral programmes;
      • Business Contacts: representatives of partner banks, payment networks, suppliers, and other organisations we work with;
      • Job Applicants: individuals applying to work with us;
      • Website and App Users: visitors to our websites or mobile applications, including those whose Personal Data is collected via Cookies or similar technologies; and
      • Other Individuals: any other person whose Personal Data we Process in the course of our business activities (even if not specifically listed above). This may occasionally include instances where we Process Sensitive Personal Data, as described in this Policy.
    2. This Policy applies in all jurisdictions where we operate or Process Personal Data, including the United Kingdom, European Union/EEA, the United States, Canada, Brazil, the United Arab Emirates, Singapore, India, and Australia. Where this Policy conflicts with local law, the local law will prevail in that jurisdiction.
  4. Our Responsibilities as Controller and Processor
    1. We act as a Data Controller when we decide how and why Personal Data is Processed in connection with our business activities, as described in Section 6 (Purposes of Processing Personal Data).
    2. We act as a Processor when Processing Personal Data on behalf of another organisation, in accordance with its documented instructions and our contract. Examples include:
      • Processing client-provided Personal Data (such as end-user payment information) to deliver agreed Services; and
      • Hosting or storing transaction records, customer lists, or similar information without using it for our own purposes.
    3. When acting as a Processor, we:
      • maintain confidentiality and require the same from our staff and subcontractors;
      • apply appropriate technical and organisational security measures;
      • assist the Data Controller as required by our contract with them or Applicable Law;
      • at the option of the Data Controller, return or delete Personal Data at the end of our Services; and
      • ensure any subcontractors are bound by contractual terms providing equivalent technical and organisational security measures, and obtain the Data Controller’s authorisation where required.
    4. Our Processing may involve transferring Personal Data across borders. Where required by law, we apply appropriate safeguards, such as adequacy decisions, standard contractual clauses, or other lawful mechanisms, tailored to the jurisdiction and nature of the transfer, and covering all categories of Personal Data we transfer.
    5. In all cases, we Process Personal Data lawfully, fairly, and transparently. We retain Personal Data only as long as necessary in accordance with our retention schedule, and apply appropriate technical and organisational security measures.
  5. Categories of Personal Data We Collect and Process
    1. We may collect Personal Data directly from you, through your use of our Services, via third parties (such as payment partners, identity verification providers, or referrers), and from publicly available sources (such as social media or corporate registries). The Personal Data we Process depends on your relationship with us and the context, and may include:
      • Identification and Contact Information: name, address, email, phone number, date of birth, government-issued identification (for identity verification, Know Your Customer, and Anti-Money Laundering compliance), and, where relevant, professional information such as job title, employer name, and business contact details;
      • Financial and Transaction Data: account information, balance, transaction history, payee/payer information, billing information, and related Service records;
      • Authentication and Security Data: identification documents, photographs or other biometric verification (with explicit Consent where required by law), login credentials, passwords, and authentication tokens;
      • Device and Usage Data: Internet Protocol (IP) address, unique device identifiers, browser type, operating system, system logs, and usage activity collected through Cookies or similar technologies (see Section 8 (Cookies and Tracking Technologies));
      • Marketing and Preference Data: marketing preferences, opt-in and opt-out records, engagement with our campaigns, and limited Personal Data from social media or advertising platforms, subject to your privacy settings on those platforms;
      • Customer Service Data: queries, complaints, feedback, and call or chat recordings or transcripts, with prior notice or Consent where required by law;
      • Referral Data: referral codes and necessary information about referred individuals to track and administer the referral programme, with notice to those referred;
      • Recruitment Data: CVs, work history, qualifications, interview notes, background checks (where lawful), and information from recruiters or professional sites, with human review before key decisions. In some jurisdictions, we may also collect limited information about your dependents (for example, whether a spouse or children require visa sponsorship or for benefits eligibility). See Section 15 (Children’s Data); and
      • Sensitive Data: in limited circumstances, we may Process Sensitive Personal Data (for example, biometric data for identification verification, or data revealing racial/ethnic origin from identification documents), Processed only where necessary for specified purposes and subject to appropriate safeguards and Consent.
    2. We provide additional notices or seek Consent where required by law. Not all categories of Personal Data apply to everyone, and we collect only what is relevant and necessary for the purposes set out in this Policy. We may transfer some of these categories of Personal Data across borders in accordance with Applicable Law and subject to the safeguards described in Section 4 (Our Responsibilities as Controller and Processor).
  6. Purposes of Processing Personal Data
    1. We Process Personal Data for various purposes in connection with our business and as required by law. We Process Personal Data mainly for the following purposes:
      • Provide Services: This includes onboarding customers, verifying identities, Processing transactions, managing accounts, providing customer support, preventing fraud, and meeting legal and regulatory requirements. Services may be delivered directly through our platforms or, where permitted, via partner-operated or third-party systems (such as integrated technologies, hosted checkouts, white-label solutions, or other embedded Services). We also manage relationships with merchant clients, their contacts, partner banks, payment networks, suppliers, and other business partners, and operate core Service features. Where appropriate, and in line with Applicable Law and your preferences, we may personalise your experience (for example, by remembering settings or suggesting relevant features).
      • Develop our Services: Enhancing existing features, creating new products, improving customer experiences, optimising operations, and conducting market research or analytics to inform product and Service design, using Anonymised or Pseudonymised data where possible to protect your privacy.
      • Market and Develop our Business: Promoting our products and Services and maintaining relationships with potential and existing clients or partners, whether directly or via trusted third parties. This includes collecting professional contact details from public or third-party sources, and gathering information from our websites, apps, Services, and integrated environments (including via Cookies or similar technologies) to support outreach, targeted advertising, and analytics.
        • When you provide Personal Data through our websites, marketing pages, event registrations, or contact forms, we explain the purposes and, where required by law, obtain your Consent through a clear affirmative action (for example, a tick box for marketing communications or event invitations). We may contact you directly (for example, by phone, email, or professional networking messages) or use advertising networks and social media platforms for targeted campaigns, including remarketing or custom audience targeting.
        • You may opt out of marketing communications at any time by using the unsubscribe link in our emails or by notifying us directly. Once you opt out, we will no longer use your Personal Data for marketing or personalisation, though we may still send essential Service or operational messages. We also honour “Do Not Call” requests and observe choices you make through platform-level tools. In addition, you can manage advertising preferences directly with third-party platforms (such as Google, Meta, or LinkedIn). All marketing activities are conducted in compliance with Applicable Law (see Section 13 (Data Subject Rights)).
      • Manage Recruitment: We may Process applications and assessments to evaluate suitability for roles. This can include reviewing application materials, interviews, skills tests (sometimes via trusted providers) and, where lawful, background or reference checks with your knowledge or Consent. We may retain application data for up to 12 months to consider candidates for future opportunities, unless earlier deletion is requested and permitted by law. Demographic or equal opportunities data is kept separate from selection decisions and used only in aggregate for compliance or diversity monitoring. Candidate data is treated as confidential and accessed solely by those directly involved in recruitment.
      • Operate Referral Programmes: Administering schemes involving referrers and referred individuals, including via approved service providers. Where we contact referred individuals, we will identify the source of their information and comply with applicable marketing rules. We share only what is necessary (for example, usually just your name so that the referred person knows who referred them). Participation is voluntary. You may ask us to stop using your Personal Data at any time. In that case, we will suppress your Personal Data and ensure that you are not contacted again, while retaining only what is necessary for fraud prevention or to meet the Referral Programme terms.
      • Comply With Legal Obligations: We conduct Know Your Customer (KYC), Know Your Business (KYB), Anti-Money Laundering (AML), and sanctions checks, including through trusted third-party providers. These checks may involve automated systems and, where required by law, human review. We may also share relevant information with a Supervisory Authority, law enforcement agencies, or other authorities where legally required.
      • Use in Automated Systems: We may use Personal Data in automated systems, including artificial intelligence and machine learning, to deliver, improve, and secure our Services. This includes detecting and preventing fraud, meeting compliance obligations, enhancing user experience, and developing new features. We may also use Personal Data for other compatible purposes, such as improving Service delivery, product development, and the overall quality of our offerings. Where possible, we use Anonymised or Pseudonymised data, and we apply safeguards required by Applicable Law, such as conducting assessments and limiting access, to protect your rights.
      • Other Business Purposes: Conducting audits and financial reporting, enforcing our terms, preventing misuse of our Services, protecting our legal rights, testing and troubleshooting our systems, and meeting regulatory reporting obligations (to a Supervisory Authority, industry bodies, or other relevant authorities). This also extends to handling disputes, chargebacks, and legal claims (including debt recovery and court or regulatory proceedings). We may retain certain Personal Data where required for tax, accounting, payment network, or other purposes.
    2. Sensitive Personal Data (such as biometric identifiers, health information, or information about children) is subject to heightened safeguards. We only Process such data where necessary and in compliance with Applicable Law, and apply additional protections such as encryption, access controls, and strict purpose limitation. Financial Data (such as banking or card details) is also treated with enhanced security, including encryption and access restrictions, to protect confidentiality and integrity.
    3. Some of the above Processing activities may involve transferring Personal Data across borders (see Section 4 (Our Responsibilities as Controller and Processor) for details of applicable safeguards.
  7. Legal Bases for Processing
    1. When acting as a Data Controller, we identify and apply a valid legal basis for Processing where required by applicable data protection laws (for example, under EU/UK GDPR). In jurisdictions where a legal basis is not formally required, we nevertheless apply the same protections described in this Policy. The main bases we rely on are:

      Legal Basis

      When We Use It

      Examples

      Performance of a contract

      To provide our Services or meet our contractual obligations to you (or your employer).

      Opening an account, Processing transactions, and providing agreed Services.

      Legal obligation

      When required to meet statutory, regulatory, or supervisory duties imposed under applicable financial-services and data-protection laws.

      Conducting Know Your Customer, Know Your Business, Anti-Money Laundering, and sanctions checks; maintaining records for audit, tax, or financial-reporting purposes; complying with payment-services and electronic-money regulations; and responding to lawful and proportionate requests from a Supervisory Authority or other competent authorities.

      Legitimate Interests

      When necessary for our business needs and not overridden by your rights (we document balancing assessments to ensure our legitimate interests are not overridden by your rights).

      Fraud prevention, marketing communications (with opt-out options), improving and securing our Services, and certain automated decision-making activities (such as fraud detection or security monitoring). Where automated tools are used, we apply safeguards including transparency, human review, and the right to contest decisions, as described in Section 14 (Automated Decision-Making and Profiling).

      Consent

      When you have a genuine choice and agree to the Processing. You can withdraw Consent at any time, without affecting Processing already done.

      Sending marketing to non-customers, certain Cookies, and biometric verification in some regions.

      Vital Interests

      Rare cases to protect life or physical safety.

      Sharing Personal Data with emergency services if there is an immediate threat of harm.

  8. Cookies and Tracking Technologies
    1. We use Cookies and similar technologies on our websites and applications to run our Services, improve performance, and personalise your experience. Cookies may remember your preferences, keep you signed in, or help us understand how you use our Services. We only use non-essential Cookies with your Consent, and you can change your choices at any time. The main types of Cookies we use include:
      • Essential Cookies: required for the website to work (for example, logging in, keeping sessions active, enabling secure features). These are always active and do not require your Consent;
      • Preference and Functionality Cookies: remember your settings (for example, language, region, “remember me” choices) to improve usability. These may require your Consent in some jurisdictions;
      • Analytics Cookies: helps us understand how our website is used (for example, which pages are visited, time spent, errors). Data is generally aggregated; where required by law, we obtain your Consent before using it; and
      • Advertising and Marketing Cookies: track browsing activity to provide relevant marketing, reduce repeat messages, and measure the effectiveness of our campaigns. These tools are only used with your Consent where required.
    2. On your first visit (and from time to time thereafter), you will see a Cookie banner where you can accept or manage non-essential Cookies. You can amend your choice at any time via our Cookie Settings. Some functionality may be affected if you disable certain Cookies.
    3. Other tracking technologies we may use:
      • Web Beacons/pixels: small tracking file or code that tracks whether emails are opened or links clicked, mainly for marketing analytics.
      • Mobile Application Identifiers: Device identifiers (such as numbers assigned to your phone or browser) may be used for sign-in, analytics, or fraud prevention. You can usually reset or limit these in your device settings.
      • Local Storage: Browser-based storage for maintaining sessions or preferences.
    4. For more information, you can contact us using the details provided in Appendix 9 (Contact Information).
  9. How We Share Personal Data
    1. We may share Personal Data in limited situations, always in line with this Policy, Applicable Law, and with appropriate safeguards. Depending on the circumstances, third parties may act as our Processors (following our instructions) or as Independent Controllers (using the Personal Data for their own purposes under their own privacy notices). We may share Personal Data with:
      • Our Group: Sokin group companies on a need-to-know basis to operate and provide Services (for example, Processing in another country or providing shared customer support). All group entities follow consistent data-protection standards and, where required, rely on appropriate transfer mechanisms (such as adequacy decisions, intragroup data-transfer agreements, or other lawful safeguards) to protect the sharing of Personal Data;
      • Service Providers (acting as Processors): trusted service providers that Process Personal Data solely on our behalf and under our instructions, such as:
        • cloud hosting and IT infrastructure providers;
        • identity verification, compliance, and screening vendors (for example, for Know Your Customer and Know Your Business checks, sanctions screening, or fraud prevention);
        • customer support and communication platforms;
        • analytics and marketing technology providers; and
        • professional advisers (for example, auditors, consultants, law firms) bound by confidentiality obligations;
      • Financial Institutions and Networks: we share necessary information with banks, card issuers, payment networks, and other intermediaries to Process transactions or issue products, for example, domestic or international transfers routed via correspondent banks, or card information shared with the relevant payment network (such as Visa or Mastercard);
      • Other Independent Controllers: we may also share your Personal Data with other financial institutions and service providers involved in delivering our Services. This may include correspondent banks, payment networks, card schemes, regulators, fraud-prevention agencies, and IT or cloud hosting providers;
      • Merchants, Partners, and Counterparties: where you pay or receive funds from a merchant, business partner, or individual, we share information needed to complete the transaction (for example, name, transaction amount, date, reference number). Some transfers may also require additional information for regulatory purposes;
      • Marketing and Advertising Partners: we may share limited Personal Data with advertising networks, social media platforms, and other digital services (including artificial intelligence tools) to help deliver, personalise, optimise, or measure marketing campaigns and related performance analytics. Such sharing may also support audience targeting, suppression, or frequency capping to improve relevance and reduce unwanted communications. We never share Personal Data for these partners’ own marketing purposes;
      • Referral Programme and Promotion Administrators: third parties that help us operate or track referral and promotional schemes;
      • Law Enforcement and Legal Requirements: we may disclose Personal Data when required or permitted by law, regulation, or to protect rights, safety, or prevent fraud. We review requests and only provide what is necessary;
      • Corporate Transactions: if we undergo a merger, acquisition, restructuring, or asset sale, we may transfer Personal Data to the new owner, who will be required to Process the Personal Data in a manner consistent with this Policy or provide notice of any material changes; and
      • With Your Consent or At Your Direction: where you have provided your consent to the collection, use, or disclosure of your Personal Data, we may, on that basis, process, use, and share your Personal Data for the purposes described either at the time consent was given or in this Policy. You may withdraw your consent at any time; however, such withdrawal will not affect any Processing lawfully carried out prior to its withdrawal.
  10. International Data Transfers
    1. Because we operate globally, we may transfer or provide access to your Personal Data in countries outside your own. For example, if you are in the EEA, we may send your Personal Data to our UK headquarters, the USA, Asia, or regional support teams. Where you send or receive money internationally, we may also be required to share certain information with payment partners, correspondent banks, or regulators in the destination country, as required by Applicable Law or necessary to complete the transaction. Where the destination country’s laws provide less protection, we apply appropriate safeguards to ensure your Personal Data remains protected, such as:
      • Adequacy Decisions: where regulators (for example, the European Commission or UK government) have determined that a country offers adequate protection, we may rely on that decision for international transfers;
      • Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum: used where there is no adequacy decision, binding the recipient to protect Personal Data in line with UK/EU GDPR principles. We also conduct Transfer Impact Assessments and, where necessary, implement appropriate technical and organisational security measures (such as encryption or pseudonymisation) to ensure an equivalent level of protection; and
      • Other Legal Bases: in limited circumstances, we may rely on specific grounds for international transfers permitted under applicable data protection law. These may include:
        • your explicit Consent, where you have been informed of the possible risks and have a genuine choice;
        • where the transfer is necessary to perform a contract you have requested (for example, Processing an international payment);
        • where the transfer is necessary to establish, exercise, or defend legal claims;
        • where the transfer is necessary to protect vital interests (for example, safeguarding life or safety); and
        • other limited grounds recognised under Applicable Law.
    2. Whenever we transfer Personal Data to a third party (for example, service providers or financial partners), we require appropriate safeguards such as contractual obligations, technical protections, or other measures as required by Applicable Law. Where the recipient is an Independent Controller, their own privacy notice will apply. We monitor legal developments and update our safeguards where needed.
    3. Typical transfer locations include the United Kingdom, EU/EEA countries, the United States, Canada, Singapore, the United Arab Emirates, and other countries where Sokin or our major service providers and partners operate.
  11. Data Security
    1. We are committed to maintaining the security of your Personal Data. We maintain a comprehensive security programme with technical, organisational, and physical safeguards designed to protect against unauthorised access, loss, or misuse of Personal Data. Our measures include:
      • Administrative Safeguards: we provide regular privacy training for staff, require confidentiality commitments, limit access to Personal Data on a need-to-know basis, and carefully vet our vendors to ensure they meet appropriate security standards;
      • Technical Safeguards: we use encryption for data in transit and at rest, apply strict access controls (including multi-factor authentication), operate firewalls, conduct regular vulnerability testing and monitoring. We also follow secure software development practices;
      • Physical Safeguards: we restrict access to our premises, store records securely, and ensure media and devices are safely disposed of when no longer needed; and
      • Vendor Oversight: we assess key vendors before engagement and on a periodic basis thereafter to ensure they maintain appropriate security standards.
    2. We also conduct regular risk assessments, penetration tests, and audits, and we design our security programme to align with recognised international standards for information security and payment data protection. Our controls are designed to meet Applicable Laws and regulations.
    3. Despite these safeguards, no method of transmission or storage is completely secure. If we experience a Personal Data breach that poses a risk to your rights or freedoms, we will notify you and the relevant regulators in line with legal requirements.
    4. Your role in security: Protecting your information is a shared responsibility. If you have a Sokin account, please use strong, unique passwords, keep your login details private, and stay alert to phishing attempts. We will never ask for your password by email or telephone. If you notice suspicious activity or communication, contact us immediately.
  12. Data Retention
    1. We retain Personal Data for as long as necessary to provide our Services and fulfil the purposes described in this Policy. This includes delivering customer support, Processing transactions, complying with legal and regulatory obligations, and managing our business operations (such as audits, marketing, or corporate transactions). Personal Data is generally retained for at least five years where required by financial or anti-money laundering laws, and longer if specific legal obligations apply. Where no legal requirements exist, we apply the shortest retention period consistent with our business needs. In practice, retained Personal Data may include:
      • Transaction Data: Identification and financial data are retained in line with financial and anti-money laundering regulations;
      • Active Accounts: Data is retained while your account is active, and for a period afterwards as required by Applicable Law (such as tax or anti-money laundering regulations) or to protect our legal interests (for example, handling disputes);
      • Marketing Data: We retain marketing data until you opt-out or after a period of inactivity. If you opt-out, we keep your contact details on a suppression list to reflect your choice;
      • Recruitment Data: If you apply for a role with us, we may retain your information for up to 12 months, unless required or permitted by law, you ask us to delete it sooner, or you provide Consent to a longer retention period; and
      • Website and Cookie Data: Cookies may be kept for their set lifespan or until you delete them from your browser.
    2. We also apply special rules where necessary, including:
      • Legal Holds: we may retain Personal Data beyond normal periods if required for legal claims, regulatory compliance, or fraud prevention;
      • Backups: when Personal Data is deleted, we remove it from our active systems. It may remain in secure backups for a limited time in line with our internal policies, but such backups are isolated and not accessed or used except for security and integrity purposes; and/or
      • Deletion and Anonymisation: when Personal Data is no longer needed for the purposes described in this Policy, and where we are not legally required to retain it, we irreversibly Anonymise or securely delete it.
    3. We will honour your request to delete your Personal Data unless legal or regulatory obligations require us to retain the Personal Data. In that case, we will restrict your Personal Data from active use until it can be securely erased.
  13. Data Subject Rights
    1. You have certain rights over your Personal Data. Sokin recognises and upholds these rights and has processes in place to help you exercise them. The exact scope of your rights depends on the relevant Applicable Law, but the core rights generally include:
      • Access and Portability: You have the right to ask if we Process your Personal Data and request a copy in a commonly used, machine-readable, and secure format. Where applicable, you may also ask us to transfer it to another party.
      • Correction: You have the right to ask that we correct or update inaccurate or incomplete Personal Data.
      • Deletion: You have the right to request deletion of your Personal Data if it is no longer needed for the purposes we collected it, if you withdraw your Consent, or if deletion is required by law. In some cases, we cannot delete certain records because of legal retention duties (for example, financial or anti-money laundering data). In those cases, we restrict access and securely erase the data once the retention period expires.
      • Restriction: In limited cases, you have the right to request that we suspend the Processing of your Personal Data (for example, while we verify its accuracy).
      • Objection: You have the right to object to our use of your Personal Data where we rely on legitimate interests. You always have the right to opt-out of direct marketing.
      • Withdraw Consent: Where Processing is based on your Consent (for example, marketing), you have the right to withdraw it at any time. This does not affect any use of your data before you withdrew Consent.
      • Automated Decisions: You have the right not to be subject to a decision we make solely through automated Processing (including profiling) that has legal or similarly significant effects on you, unless certain exceptions apply (for example, if it’s necessary for a contract, required by law, or based on your explicit Consent with safeguards in place). Where this right applies, you can request human review, express your views, and contest the decision.
      • Complaints: Should you have any complaints, we encourage you to raise them with us in the first instance so we can address your concerns promptly. You may also exercise your privacy rights or raise queries by contacting us. If you remain unsatisfied, you can also lodge a complaint with your Supervisory Authority (see Appendix 9 (Contact Information)).
    2. We aim to respond within the legal time period (for example, one month under GDPR, or 45 days under US laws), with extensions where necessary and permitted by law. Most requests are free of charge. If a request is repetitive or unreasonable, we may charge a reasonable fee or, in rare cases, decline it, and we will always explain why.
    3. In some cases, we may not be able to fully meet your request due to legal or regulatory requirements (for example, retaining certain records for compliance or redacting information that relates to other individuals). If that happens, we will tell you what we cannot do and why.
    4. You can also manage some rights directly yourself:
      • Update Information or Password: in your account settings;
      • Unsubscribe From Marketing: via the link in any marketing email; and
      • Access or Download Certain Data: through our account tools, or by contacting us if these are not available.
    5. You can exercise your rights at any time by contacting us using the details set out in Appendix 9 (Contact Information).
  14. Automated Decision-Making and Profiling
    1. We use automated systems to help keep our Services secure, efficient, and compliant. This may include tools that support fraud prevention, security monitoring, personalisation, or recruitment. “Automated decision-making” means decisions made without human involvement that could significantly affect you (for example, blocking a transaction). “Profiling” means analysing Personal Data to evaluate behaviours or preferences (such as fraud risk or product interests). Where we use artificial intelligence (AI) or machine learning, we explain what Personal Data is used, why it is used, and how risks are mitigated. We avoid fully automated decisions that could significantly affect you, unless legally permitted, and always apply safeguards, including human review where required. Our approach:
      • Fraud and Compliance Checks: We use automated tools to detect suspicious activity (for example, fraud or money laundering). These tools may temporarily block or flag an action, but Sokin reviews alerts before any permanent impact on your account, where the system is under our control. In some cases, our partner banks or payment networks may also apply their own independent fraud or compliance controls, which can result in transactions being blocked outside of our control.
      • Personalisation and Marketing: We may analyse how you use our Services to improve your experience or send relevant communications. This profiling is limited, does not have significant effects, and you can opt-out of marketing at any time. Where required by law, you may also object to certain types of profiling.
      • Recruitment: Automated tools may help screen applications, but all hiring decisions involve human review. You can contact us if you believe automation affected your application unfairly, and you may request human review.
    2. Where Applicable Law grants you the right not to be subject to solely automated decisions, including profiling, that significantly affect you, we honour those rights. You may:
      • object to our use of your Personal Data for profiling or automated decision-making that significantly affects you;
      • opt out of marketing-related profiling and personalised advertising at any time; and
      • request an explanation of any automated decision, seek human review, or contest such a decision.
    3. We regularly assess and improve our automated tools to ensure they remain fair, accurate, and transparent. This includes checks for bias and error. If you have questions or concerns about how we use automation, please contact us. If we introduce new Services that involve automated decision-making or profiling, we will ensure they comply with Applicable Law and update this Policy.
  15. Children’s Data
    1. Our Services are intended for business and professional use and are not directed at children under 18 (or the relevant age of digital Consent in your jurisdiction, typically between 13 and 16). We do not knowingly Process Personal Data from children. If we become aware that a child has provided Personal Data without the necessary Consent, we will delete it as required by Applicable Law. Parents or guardians who believe their child has provided us with Personal Data should contact us at privacy@sokin.com. We will review and verify the request where required, and delete the data promptly (within 30 days or as required by law).
  16. Third-Party Links
    1. Our Services may, from time to time, include links to or integrations with third-party websites, apps, or platforms. These third parties operate under their own privacy policy, and we are not responsible for their privacy practices. We encourage you to review those policies carefully before sharing Personal Data directly with them.
  17. Changes to this Policy
    1. We may update this Policy to reflect changes in our practices, technologies, legal obligations, or other operational reasons. The “Last Updated” date at the top of this Policy shows when it was most recently revised. If we make material changes to how we manage Personal Data, we will provide appropriate notice (for example, by email, in-app message, or as otherwise required by law). For Non-material changes, we will publish the updated Policy with a revised “Last Updated” date.
  18. Contact Details
  19. If you have any questions or concerns about this Policy or how we handle your Personal Data, please refer to Appendix 9 (Contact Information). It includes the contact details of our Data Protection Officer, regional offices, and the relevant Supervisory Authority.

Jurisdiction-Specific Provisions

The following appendices form part of this Policy and provide additional information for individuals resident in specific jurisdictions. If there is any inconsistency between this Policy and an appendix, the appendix will prevail for individuals in that jurisdiction.

Appendix 1: EU and UK

  1. This appendix applies to Personal Data Processing that is subject to the UK GDPR (for UK residents) and the EU GDPR (for EEA residents). The relevant Sokin entity acting as Data Controller in each jurisdiction is set out below.
  2. Data Controllers:
    1. For individuals in the UK, Sokin’s presence is through Plata Capital Limited. Certain Services are delivered in partnership with Modulr Finance Limited, authorised and regulated by the FCA (firm reference number 900573). Modulr Finance Limited is a Data Controller for the Personal Data it Processes to deliver those regulated Services, while Plata Capital Limited continues to act as the Data Controller for all other Processing described in this Policy.
    2. If you are unsure which entity is responsible for your Personal Data, you should contact Sokin in the first instance. Further details of the categories of other Independent Controllers with whom we may share Personal Data are described in Section 9 (How We Share Personal Data).
    3. For individuals in the EEA, Sokin’s presence is through Plata Capital Europe AS, the Data Controller for all Processing relating to that region.
  3. Legal Basis For Processing:
    1. Where data protection law requires us to identify a legal basis for Processing, we may rely on the legal bases described in Section 7 (Legal Bases for Processing).
    2. In limited cases, we may Process Sensitive Personal Data (for example, biometric data for identity verification or AML compliance). When we do, we may rely on your explicit Consent or another permitted ground under UK or EU GDPR.
    3. We always identify and record the appropriate legal basis before Processing, and apply the safeguards set out in this Policy.
  4. Your Rights: You have the rights under the EU and UK GDPR described in Section 13 (Data Subject Rights). Our contact details for UK and EEA individuals are provided in Appendix 9 (Contact Information). You also have the right to complain to a Supervisory Authority (for example, the UK Information Commissioner’s Office or another EU Supervisory Authority listed by the European Data Protection Board (see EDPB list).
  5. Data Requests: Where you request access to your Personal Data as described in Section 13 (Data Subject Rights), we will respond without undue delay and, in any event, within one month of receipt. Where your request is complex or numerous, we may extend this period by up to two further months. If an extension is required, we will inform you within the first month and explain the reasons.
  6. International Transfers: If we transfer your Personal Data outside the UK or EEA, we apply safeguards such as adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, and appropriate technical and organisational security measures (for example, encryption and provider due diligence) in line with Applicable Law. Further details are available on request, subject to confidentiality and security considerations.
  7. Breach Notification: if a Personal Data breach occurs, we will notify the relevant Supervisory Authority within 72 hours where required, and inform you without undue delay if the breach creates a high risk to your rights and freedoms.
  8. Contact Information: If you have questions about this Appendix or how we manage your Personal Data, you may contact our Data Protection Officer, using the details described in Appendix 9 (Contact Information).

Appendix 2: Singapore

  1. This appendix applies to Personal Data Processing that is subject to the Singapore Personal Data Protection Act 2012 (“PDPA”).
  2. Data Controllers: For individuals in Singapore, Sokin’s presence is through Sokin Capital Singapore Pte. Limited.
  3. Legal Basis For Processing:
    1. Our default starting position is always to ask for your Consent before collecting, using, or disclosing your Personal Data, unless a statutory exception applies. You can withdraw Consent at any time, though this may affect our ability to provide Services to you. We will not use or disclose your Personal Data for purposes beyond those notified to you, unless with your Consent or as permitted under the PDPA.
    2. We may also Process Personal Data without Consent where the PDPA permits, such as for legal/regulatory obligations, investigations, emergencies, or clearly public information.
    3. In some cases, the PDPA allows us to rely on “deemed Consent,” for example:
      • where the Personal Data is reasonably necessary to perform a contract with you;
      • where you voluntarily provide the Personal Data; or
      • where we notify you of a new purpose, give you the chance to opt out, and you do not exercise that right.
    4. We explain the purposes for which we collect and use Personal Data at or before the point of collection, primarily in this Policy and, where required by Applicable Law or appropriate for specific activities, in a separate notice. If we later use your Personal Data for a materially new purpose not described here, we will obtain your Consent or rely on another lawful basis permitted by law.
  4. Do Not Call (DNC): We comply with applicable marketing restrictions under the PDPA, including the Do Not Call (DNC) Registry, and will not send marketing calls or SMS to registered numbers without Consent or a valid exemption.
  5. Data Requests: Where you request access to your Personal Data as described in Section 13 (Data Subject Rights), we will respond as soon as reasonably practicable, and in most cases within 30 days. If we are unable to meet this time period, we will inform you in writing of the reasons for the delay and the expected time period for our response. You also have the right to request details of how your Personal Data has been used or disclosed by us in the preceding year.
  6. International Transfers: If we transfer your Personal Data outside Singapore, we ensure it continues to be protected to a standard comparable to the PDPA.
  7. Security and Retention: We implement appropriate technical and organisational security measures to protect Personal Data, and we cease retention when no longer needed, except where required by Applicable Law. We also take reasonable steps to ensure that Personal Data is accurate and complete if it is likely to be used to make a decision affecting you or disclosed to another organisation.
  8. Contact Information: If you have questions about this Appendix or how we manage your Personal Data, you may contact our Data Protection Officer, using the details in Appendix 9 (Contact Information).

Appendix 3: United States

  1. This appendix applies to Personal Data Processing that is subject to U.S. federal and state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the “CCPA”), and other state-specific privacy frameworks (for example, in Virginia, Colorado, Connecticut, and Utah).
  2. Data Controllers: For individuals in the United States, Sokin’s presence is through Plata Capital USA, Inc.
  3. Legal Basis For Processing: Under applicable U.S. state privacy laws, including the CCPA, Sokin provides clear notice about how we collect, use, and share Personal Data, honours your rights under Section 13 (Data Subject Rights), and maintains reasonable safeguards to protect your information.
  4. California (CCPA):
    1. You have the right to obtain information about the categories of Personal Data we collect, the purposes for which we use it, and the categories of third parties with whom it is shared.
    2. You have the right to opt-out of the “sharing” of Personal Data for cross-context behavioural advertising. Sokin does not sell your Personal Data. If we engage in activities that qualify as “sharing” under the CCPA (such as certain ad-tech or cross-context behavioural advertising), we will provide opt-out options;
    3. You have the right to limit the use and disclosure of Sensitive Personal Data (for example, financial data, health information), except where we use such information only for essential purposes such as fraud prevention or compliance with law; and
    4. You have the right not to be discriminated against for exercising your privacy rights (for example, denial of services or charging different prices).
  5. Other States: In addition to the CCPA/CPRA, residents of other U.S. states (including Virginia, Colorado, Connecticut, and Utah) may have similar rights under their state laws. Where applicable, we honour these rights in line with local requirements. To provide consistency, we extend equivalent rights and controls to all U.S. users, including the right to opt out of targeted advertising, the sale or sharing of Personal Data, and (where applicable) certain profiling activities. We also provide notice and obtain Consent where required for the Processing of Sensitive Personal Data or for profiling activities that produce legal or similarly significant effects (see Section 14 (Automated Decision-Making and Profiling)).
  6. Data Requests: Where you request access to your Personal Data as described in Section 13 (Data Subject Rights), we will confirm receipt within 10 Business Days and provide a substantive response within 45 days. If reasonably necessary, we may extend this period by a further 45 days. If an extension is required, we will notify you within the initial 45-day period and explain the reasons.
  7. Security and Breach Notifications: We maintain an information security programme with appropriate technical and organisational security measures to protect Personal Data. This includes ensuring that our service providers also implement reasonable safeguards. Where required by law, we provide timely notifications of Personal Data breaches.
  8. Contact Information: If you have questions about this Appendix or how we manage your Personal Data, you may contact us using the details set out in Appendix 9 (Contact Information).

Appendix 4: Canada

  1. This appendix applies to Personal Data Processing subject to Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”), similar provincial laws in Quebec, Alberta, and British Columbia, and any new or amended Canadian privacy laws that apply to our activities.
  2. Data Controllers: For individuals in Canada, Sokin’s presence is through Plata Capital Canada Inc.
  3. Legal Basis For Processing: Sokin only collects, uses, or discloses Personal Data for purposes a reasonable person would consider appropriate in the circumstances, taking into account the nature of the data, how it is collected, and the relationship between you and Sokin. We generally obtain your knowledge and Consent before Processing, unless an exception applies (for example, for investigations, legal or regulatory requirements, or emergencies). Consent may be express or implied, depending on the sensitivity of the Personal Data and those reasonable expectations.
  4. International Transfers: If we transfer your Personal Data outside Canada (for example, to the U.S., UK, or EU/EEA), it may be subject to the laws of those jurisdictions. We remain accountable for your Personal Data and ensure contractual and technical safeguards are in place to provide a level of protection comparable to Canadian privacy law.
  5. Your Rights: In addition to the rights described in Section 13 (Data Subject Rights), you may also request details of how your Personal Data has been used and disclosed. These rights are subject to certain legal exceptions under Canadian law (for example, where disclosure would reveal another individual’s data or information protected by legal privilege).
  6. Data Requests: Where you request access to your Personal Data under Section 13 (Data Subject Rights), we will generally respond within 30 days. If we require more time, we will notify you within that period and explain the reasons. If we refuse a request, we will explain why and inform you of your right to challenge the decision, including escalating to the Office of the Privacy Commissioner of Canada or a provincial commissioner.
  7. Marketing and Communications: We comply with Canada’s Anti-Spam Law (CASL). We only send commercial electronic messages or similar marketing where we have Consent or a lawful exemption. You can unsubscribe or withdraw Consent at any time, and we will honour your request within 10 Business Days.
  8. Security and Retention: We implement appropriate technical and organisational security measures to protect Personal Data. Retention is limited to what is necessary to fulfil the purposes described above, unless a longer period is required by law. Once no longer needed, Personal Data will be securely deleted, Anonymised, or archived.
  9. Contact Information: Contact details for our Data Protection Officer are set out in Appendix 9 (Contact Information).

Appendix 5: Brazil

  1. This appendix applies to Personal Data Processing subject to the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, Law No. 13.709/2018) (“LGPD”).
  2. Data Controllers: For individuals in Brazil, Sokin’s presence is through Plata Capital Brazil Meios de Pagamento Ltda.
  3. Legal Basis For Processing: As permitted under the LGPD, we rely on the legal bases described in Section 7 (Legal Bases for Processing). In particular, we may rely on bases such as performance of a contract, compliance with legal obligations, Consent, or legitimate interests, as applicable. We Process Sensitive Personal Data only with your explicit Consent, or where an exemption applies under the LGPD (for example, fraud prevention, compliance with legal or regulatory obligations, protection of life or physical safety, or public health).
  4. Your Rights: In addition to the rights described in Section 13 (Data Subject Rights), you may also request:
    1. confirmation of whether we Process your Personal Data;
    2. Anonymisation, blocking, or deletion of unnecessary, excessive, or unlawfully Processed Personal Data;
    3. information about the public and private entities with whom we share Personal Data; and
    4. review of decisions made solely on automated Processing that affect your interests. Where automated decision-making significantly affects you, we apply safeguards including human review and transparency, consistent with Section 14 (Automated Decision-Making and Profiling).
  5. Data Requests: Where you request access to your Personal Data under Section 13 (Data Subject Rights), we will respond within 15 days of receipt, as required by the LGPD.
  6. International Transfers: If your Personal Data is transferred outside Brazil, including to the United States, Canada, the United Kingdom, the European Union, Australia, Singapore, or India, we ensure it is protected in accordance with the LGPD. This may include reliance on adequacy decisions, ANPD-approved standard contractual clauses, or other contractual safeguards that provide a comparable level of protection.
  7. Security and Breach Notifications: We implement appropriate technical and organisational security measures to protect Personal Data. In case of a security incident likely to cause you significant risk or damage, we will notify the Brazilian National Data Protection Authority (Autoridade Nacional de Proteção de Dados – “ANPD”) and affected individuals, as required by the LGPD.
  8. Contact Information: Our Data Protection Officer (“Encarregado”) is responsible for Personal Data matters and may be contacted using the details set out in Appendix 9 (Contact Information).

Appendix 6: United Arab Emirates (“UAE”)

  1. This appendix applies to Personal Data Processing subject to the UAE Federal Data Protection Law No. 45 of 2021 (“PDPL”), and, where applicable, free zone laws such as the DIFC Data Protection Law No. 5 of 2020 (“DIFC”) and the ADGM Data Protection Regulations 2021 (“ADGM”).
  2. Data Controllers: For individuals in the UAE, Sokin’s presence is through Plata MENA Marketing Management L.L.C.
  3. Legal Basis For Processing: Under the PDPL, Consent is the default basis for Processing, with limited statutory exemptions. Under DIFC and ADGM, additional bases such as performance of a contract, legal obligation, and legitimate interests may also apply.
  4. Your Rights: You have the rights described in Section 13 (Data Subject Rights). These may be subject to certain exceptions (for example, where access would disclose another person’s data, where deletion is restricted by regulatory obligations, or where disclosure could prejudice an investigation).
  5. Data Requests: We will respond to requests under Section 13 (Data Subject Rights) within one month of receipt, unless a longer period is permitted under applicable UAE law. If an extension is required, we will notify you within the initial one-month period and explain the reasons.
  6. International Transfers: If we transfer your Personal Data outside the UAE (for example, to the UK, EU, or other countries where we or our partners operate), we ensure it is protected to a standard consistent with UAE law. Safeguards may include adequacy decisions (where recognised), contractual clauses, and supplementary measures such as encryption and provider due diligence.
  7. Security and Breach Notifications: We implement appropriate technical and organisational security measures to protect Personal Data. Where required under DIFC or ADGM law, we will notify the relevant regulator within 72 hours of becoming aware of a qualifying breach.
  8. Contact Information: Our Data Protection Officer is responsible for Personal Data matters and may be contacted using the details set out in Appendix 9 (Contact Information).

Appendix 7: Australia

  1. This appendix applies to Personal Data Processing subject to the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (Cth) and related regulations.
  2. Data Controllers: For individuals in Australia, Sokin’s presence is through Plata Capital Australia Pty Limited.
  3. Legal Basis For Processing: Australian law does not require a specific lawful basis, but we only collect, use, and disclose Personal Data where permitted under the APPs, and will comply with the Australian Privacy Principles. Consent will be obtained where required by law.
  4. Your Rights: You have the rights described in Section 13 (Data Subject Rights), as adapted under the Privacy Act 1988, including rights to access and correct your Personal Data, subject to applicable exceptions.
  5. Data Requests: We will respond to access or correction requests under Section 13 (Data Subject Rights) within a reasonable period, generally within 30 days. If we refuse your request, we will explain our reasons in writing and outline your right to complain, including to the Office of the Australian Information Commissioner (“OAIC”).
  6. Direct Marketing: We comply with Australian Privacy Principle 7 (APP 7) and the Spam Act 2003 (Cth). We identify the source of Personal Data used for direct marketing where required and provide a clear, free opt-out option in every communication. We will not use Sensitive Personal Data for marketing without your Consent.
  7. International Transfers: If we transfer your Personal Data outside Australia, we take reasonable steps to ensure overseas recipients manage your data consistently with the APPs. This may include contractual safeguards, due diligence, and technical and organisational security measures such as encryption. We remain accountable for your Personal Data while under our control.
  8. Security and Breach Notifications: We implement appropriate technical and organisational security measures to protect Personal Data. If a breach is likely to result in serious harm, we will notify the OAIC and affected individuals as soon as practicable, in line with the Notifiable Data Breaches scheme.
  9. Contact Information: Our Data Protection Officer is responsible for Personal Data matters and may be contacted using the details in Appendix 9 (Contact Information).

Appendix 8: India

  1. This appendix applies to Personal Data Processing subject to the Digital Personal Data Protection Act, 2023 (“DPDPA”) once in force, and, until fully implemented, the relevant provisions of India’s Information Technology Act, 2000 and its associated data protection and security rules, as well as any successor or supplementary privacy regulations.
  2. Data Controllers: For individuals in India, Sokin’s presence is through Plata Capital India Private Limited.
  3. Legal Basis For Processing: We rely on the legal bases described in Section 7 (Legal Bases for Processing), where applicable. Under the DPDPA, Consent is the primary basis for Processing Personal Data, accompanied by clear notice. In addition, we are required under the DPDPA to erase Personal Data once the purpose is no longer served, unless continued retention is required by law.
  4. Your Rights: The DPDPA does not currently recognise portability rights. Your rights include access, correction, erasure, and grievance redress. Until detailed rules are issued, we will respond to access and correction requests in line with existing Indian law and good practice.
  5. Data Requests: We will respond to requests under Section 13 (Data Subject Rights) within the period prescribed under the DPDPA and implementing rules once in force. Until then, we will generally respond within 30 days.
  6. Sensitive Personal Data and Aadhaar: We do not collect or Process Aadhaar numbers, biometric identifiers, or related Aadhaar information except where required by law (for example, for KYC purposes). Where such Processing is legally required, we will obtain your Consent and use the Personal Data only for that purpose, in compliance with Applicable Law.
  7. International Transfers: If we transfer your Personal Data outside India, we apply contractual and technical safeguards to ensure an appropriate level of protection. Where Indian law imposes restrictions on cross-border transfers, we comply with those restrictions and ensure adequate protections are in place.
  8. Security and Breach Notifications: We implement appropriate technical and organisational security measures to protect Personal Data. If a breach occurs, we will notify the Data Protection Board of India and affected individuals as soon as possible, and in accordance with any timelines prescribed under Indian law.
  9. Grievance Redress: Our Data Protection Officer also serves as the Grievance Officer and is responsible for addressing any discrepancies or complaints relating to your Personal Data. For any grievances or queries, you may contact our Data Protection Officer using the details in Appendix 9 (Contact Information). We will acknowledge and respond within the timelines prescribed under Indian law.

Appendix 9: Contact Information

  1. If you have questions, concerns, or requests about this Policy, how we manage your Personal Data, or if you wish to exercise your privacy rights, please contact our Data Protection Officer using the details below.
  2. Contact Details for our Data Protection Officer (applies to all jurisdictions):
    1. Email: privacy@sokin.com
    2. Post: Data Protection Officer, C/O Mishcon De Reya, Africa House, 70 Kingsway, London, United Kingdom, WC2B 6AH
  3. Regional Offices:
    1. Where local law requires, you may also contact our relevant regional entity at the following addresses:
      • United States: Plata Capital USA Inc. (trading as Sokin), 720 14th Street, CA101, Sacramento, California 95814;
      • Canada: Plata Capital Canada Inc., 333 Bay Street, Suite 2400, Toronto, ON M5H 2T6;
      • Australia: Sokin Australia PTY Limited, BDO Australia, Level 11 1 Margaret Street, Sydney NSW 2000;
      • India: Plata Capital India Private Ltd, Plot No. 66, #TheHub, Okhla Phase III, Okhla Industrial Area, New Delhi, 110020; and
      • Other Jurisdictions: For any other jurisdictions, please use the contact details for our Data Protection Officer provided above.
    2. We will respond within the time period required by Applicable Law (for example, generally one month under GDPR, or sooner where local law requires). For security reasons, we may need to verify your identity before fulfilling your request.
  4. Supervisory Authority: If you are not satisfied with our response, you may contact your Supervisory Authority. Contact details for a Supervisory Authority are available on the official website of the relevant Supervisory Authority.
  5. General Account Queries: For all non-privacy-related queries (for example, about your account or Services), please contact support@sokin.com.