Privacy Policy and Data Protection Statement

This Privacy Policy ("Policy") sets forth the procedures and protocols governing the collection, processing, retention, sharing, and removal of information by BuckDaddy from all data subjects.

I. Collection of Information

BuckDaddy collects data through various channels, including, but not limited to, the following:

• Online Methods: Information is collected when users engage with BuckDaddy's online systems, web, and mobile applications, where registration may be required to place orders, respond to surveys, or participate in other activities, services, features, or resources.
• Offline Methods: This includes the submission of information in physical or digital document formats via offline means, such as storage on USB drives, hard drives, DVD/CDs, and other related storage media designated for information reception.
• Manual/Paper-Based Forms: Information is collected through printed forms utilized for documentation requirements, tracking, and monitoring purposes.

II. Categories of Data Subjects

BuckDaddy processes data pertaining to, but not limited to, the following categories of data subjects:

• Customers, business partners, prospective clients, vendors, suppliers, and the vendors or customers of BuckDaddy's customers.
• Applicants for employment and current employees of BuckDaddy, including their designated emergency contacts and references.
• Employees or designated contact persons of Customers, business partners, prospective clients, vendors, suppliers, and the vendors or customers of BuckDaddy's customers.
• Customer's Users explicitly authorized by the Customer to utilize BuckDaddy's applications and services.
• Users of BuckDaddy's online systems, web portals, and mobile applications.
• Visitors and guests at various BuckDaddy office locations.

BuckDaddy may additionally collect technical information concerning how Users interact with its services. Such information may include, without limitation, browser name, computer type, technical specifications of user connection (e.g., operating system, IP addresses, device information), and internet service providers utilized, among other similar data.

III. Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed to them below:

• "BuckDaddy": Refers to the corporate entities acting on behalf of legal representations in England and Wales (BuckDaddyExpress Ltd.).
• "We" (or "Our" or "Us"): Denotes BuckDaddy.
• "Controller": The entity which, alone or jointly with others, determines the purposes and means of processing personal data.
• "Customer": Clients possessing legally executed contracts and agreements with BuckDaddy.
• "Customer Data" or "User Data": Encompasses personally identifiable information collected and processed by BuckDaddy.
• "Data Protection Laws and Regulations": All applicable laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) of the European Union, the European Economic Area, and its member states, Switzerland, the United Kingdom, the Philippine Data Privacy Act of 2012, and the Personal Data (Privacy) Ordinance in Hong Kong.
• "Data Subject": The identified natural person to whom Customer Data or Personal Data or User Data relates.
• "Personal Data": Any information relating to (i) an identified or identifiable natural person or (ii) an identified and identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations).
• "Processing": Any operation or set of operations performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms "process" and "processes" shall be construed accordingly.
• "Processor": The entity which processes Personal Data on behalf of the Controller.
• "Privacy Shield": Refers to the EU-US and Swiss-US Privacy Shield Frameworks, which provide mechanisms for transferring personal data from the European Union and Switzerland (respectively) to the United States in support of transatlantic commerce.
• "Sub-processor": Any entity which processes Customer Data on behalf of BuckDaddy.
• "Merchant Solutions": Products and services as defined by BuckDaddy.

IV. Web Browser Cookies

BuckDaddy utilizes "cookies" to enhance User experience and for log monitoring. For website and web applications, cookies are placed by the user's web browser on their hard drive for record-keeping, expedited access due to cached information, and tracking purposes. Users retain the option to configure their web browser to refuse cookies, or to delete or clear browser history. Users may opt out, but acknowledge that certain functionalities of the website and web applications may be impaired. A dedicated Cookie Policy provides comprehensive details regarding "cookies."

V. Utilization and Processing of Collected Information

BuckDaddy may operate in various capacities concerning data processing:

• Controller Role: BuckDaddy assumes the role of Controller when processing User and Customer Data in the context of providing Merchant Solutions, online systems, web portals, and mobile applications.
• Processor Role: BuckDaddy acts as a Processor when processing Customer Data for and on behalf of its Customer.
• Sub-processor Role: BuckDaddy may operate as a Sub-processor when processing Customer Data for and on behalf of the Customer's customer.

Customers or Customer's customers, in utilizing BuckDaddy's products and services, shall process Customer Data in strict accordance with the requirements of the Data Protection Laws and Regulations. Instructions provided to BuckDaddy for processing shall similarly comply with Data Protection Laws and Regulations. The Customer (as Controller of Customer Data) bears sole responsibility for the accuracy, quality, and legality of the Customer Data, the means by which the Customer acquired such data, and for ensuring that the disclosure and processing of Customer Data to provide the Services align with the agreements and Data Protection Laws and Regulations. The Customer shall be responsible for the actions of its Users or Customers.

BuckDaddy's processing of Customer Data shall at all times conform to Data Protection Laws and Regulations.

BuckDaddy utilizes information for the following purposes:

• To operate and maintain online systems, web and mobile applications, and the website.
• To enhance customer service by more efficiently responding to customer service requests and support needs.
• To personalize user experience by aggregating data to understand how Users as a group utilize services and resources.
• To improve online systems, web and mobile applications, and the website based on provided feedback.
• To administer promotions, contests, surveys, or other features that Users have consented to receive regarding topics deemed of interest.
• To dispatch periodic emails containing updates pertinent to services, orders, and transactions availed or processed. This may also include responding to inquiries, questions, and other requests.
• To process valid transactions (e.g., payments, exchanges, finance-related activities) requested by and on behalf of a client (e.g., merchants, payment institutions, networks, or banks).

BuckDaddy processes this information on its servers located globally or through contracted third-party processors (such as payment institutions, networks, or banks), which may or may not be situated in the Data Subject's or User's country of residence.

BuckDaddy may engage third-party Sub-processors in connection with the provision of Services, provided that BuckDaddy imposes data protection obligations on such Sub-processors that are no less protective than those stipulated in the agreement with the Customer, to the extent applicable to the nature of services provided by such Sub-processor.

VI. Choices Regarding Collected Information

BuckDaddy collects the Data Subject's personal information to efficiently and diligently administer its services. Therefore, the Data Subject's personal information is required for any of the following BuckDaddy transactions:

• To verify the identity of the Data Subject to prevent money laundering or other unauthorized transactions.
• To outsource limited operational assignments to an authorized third party.
• To exercise terms and conditions as stipulated in the contract and agreed upon by both the Data Subject and BuckDaddy.
• To assist other financial institutions in facilitating the Data Subject's requested transactions or inquiries regarding failed transactions.
• To introduce new services and products of BuckDaddy to the Data Subject via direct mail, e-mail, questionnaires, or other marketing methods.
• To enhance the relationship between BuckDaddy and the Data Subject.

Prior to the collection of required information, BuckDaddy shall seek explicit consent from the Data Subject or User, clearly stating the purpose for which such information is being collected. Notifications will be provided should BuckDaddy process collected information (e.g., in financial transactions) and in instances where the purpose of processing undergoes changes or amendments.

Collected information may be accessed via web or mobile applications, particularly for those who have created a user account to avail of BuckDaddy's products and services. Users may log in or sign in with their provided credentials to:

• Update such information.
• Review and display details.
• Download such information in a readable format.
• Request permanent deletion of such information.
• Withhold or revoke consent to process personal data, with basis as specified by Data Protection Laws and Regulations.

For information collected by BuckDaddy through offline and manual means, requests for access, updates, and removal should be submitted via email to [email protected].

As a Processor of Customer Data, BuckDaddy shall notify the Customer of any Data Subject Requests received by BuckDaddy pertaining to the Data Subject's rights as defined by Data Protection Laws and Regulations, and shall assist the Customer in fulfilling such requests. In the event BuckDaddy incurs costs in providing such assistance, the Customer shall be responsible for said costs. In the event of regulatory requests, BuckDaddy shall notify its Customer or Users of any legally binding request for disclosure of Customer or User Data by a law enforcement authority, unless prohibited by law (e.g., under criminal law to preserve the confidentiality of an investigation).

VII. Protection of Information

BuckDaddy employs appropriate data collection, storage, and processing practices and implements robust security measures to safeguard against unauthorized access, alteration, disclosure, or destruction of User's personal information, username, password, transaction information, and data stored within BuckDaddy's online systems, web and mobile applications, and website.

BuckDaddy ensures that any person authorized to process Customer Data or User Data, including its employees, agents, and subcontractors, shall be bound by a duty of confidentiality that shall, to the extent permitted by law, survive for five (5) years following the termination of their employment, contractual, or other agreement.

BuckDaddy obtains third-party certifications and conducts audits applicable to the processing of Customer Data and User Data. Upon request, and where applicable, BuckDaddy shall provide the most recent third-party certifications and audit reports.

BuckDaddy maintains security incident management policies and procedures and shall notify Customers and Users without undue delay upon becoming aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer or User Data transmitted, stored, or otherwise processed by BuckDaddy or BuckDaddy’s Sub-processors. BuckDaddy shall make reasonable efforts to identify the cause and remediate the incident to the extent such remediation is within BuckDaddy’s control. This obligation is not applicable if the incident is caused by Customers or Users.

VIII. Sharing of Personal Information

BuckDaddy does not engage in the sale, trade, or rental of Customer Data or User's personal identification information to third parties. BuckDaddy may share generic aggregated demographic information regarding visitors and users with its business partners, trusted affiliates, and advertisers for the purpose of business intelligence and to facilitate improvements to the company and its products and services.

Information may be disclosed to regulators, law enforcement bodies, government agencies, courts, or other third parties when BuckDaddy deems it necessary to comply with applicable laws or regulations, or to exercise, establish, or defend its legal rights. Where possible and appropriate, notification of such disclosure will be provided to the Data Subject.

Information may also be shared with an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger, or acquisition of any part of BuckDaddy's business.

IX. Electronic Newsletters

Should Users elect to opt-in to a mailing list, they will receive emails which may include company news, updates, and related product or service information. Users who wish to unsubscribe from future emails may utilize the detailed unsubscribe instructions provided at the bottom of each email, or contact BuckDaddy via the company's official product and service communication channels or contact details published on its website and in publications.

X. Compliance with Children's Online Privacy Protection Act

Protecting the privacy of minors is of paramount importance. Consequently, BuckDaddy does not knowingly collect or maintain information from individuals under the age of thirteen (13), and no part of its website is structured to attract individuals under thirteen (13).

XI. Amendments to this Privacy Policy

BuckDaddy reserves the sole discretion to update this Privacy Policy at any time. Upon any updates, a notification will be displayed on the main pages of BuckDaddy's websites and web applications, and on the main screens of its mobile applications. Additionally, BuckDaddy shall send an email to all relevant parties. BuckDaddy encourages Users to frequently review this Policy for any changes to remain informed about BuckDaddy's practices in protecting collected personal information. Users acknowledge and agree that it is their responsibility to periodically review this Privacy Policy and become aware of modifications.

XII. Acceptance of Privacy Policy and Terms and Conditions

By affirmatively indicating acceptance (e.g., via a checkbox or tick-box) that the User has read the Privacy Policy and Terms and Conditions of the service, Users signify their acceptance and consent to be bound by this Data Privacy Policy. Should a User not agree with this Policy, they shall be unable to proceed with the use of the online systems, web and mobile applications, and websites provided by BuckDaddy.

BuckDaddy shall seek explicit acceptance and consent from Users upon any changes to this Privacy Policy and the Terms and Conditions.

XIII. Contact Information

For any inquiries concerning this Privacy Policy, BuckDaddy's data processing practices, or its online systems, web and mobile applications, or websites, please contact BuckDaddy at [email protected].

This document was last updated in June 2024, and last reviewed on July 21st, 2025.