Privacy Policy

SUMMARY:

Palla Financial Inc. ("Palla") "Privacy Policy" or "Policy" will govern how information on consumers and customers is collected, used, and shared by Palla, security safeguards that Palla has in place for protecting nonpublic personal information, and customer notification and consent options.

This policy is relevant to all employees, contractors, and external third parties who engage or participate in the process of collecting, using, protecting, updating, and sharing nonpublic personal information of consumers and customers.

PURPOSE

This Policy explains what personal information is collected from consumers and the manner in which Palla may use and share personal information collected on consumers in the course of offering and providing financial services. It also sets forth the options available to consumers if they seek to limit the use and sharing of their non-public personal information ("NPI") and how it is protected.

ROLES AND RESPONSIBILITIES

POLICY

REGULATION

The privacy provisions of the Gramm-Leach-Bliley Act ("GLBA") 15. U.S.C §§6801-6809 and its implementing regulations 16 CFR Part 313 require financial institutions to adhere to specific requirements concerning the protection and disclosure of non-public personal information ("NPI") about consumers and consumers of the institution. Since Palla Financial Inc. ("Palla") offers money transmission to US consumers, it is within the GLBA definition of a financial institution as it obtains nonpublic personal information from the consumers that use its services.

The GLBA requires financial institutions to explain their information-sharing practices to their consumers and to safeguard sensitive data. The GLBA regulates the sharing of personal information about individuals who obtain financial products or services from financial institutions. Under the GLBA, a "consumer" is defined as an individual, or that individual's legal representative, who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes.

SCOPE

This policy applies to all employees, contractors, and external third parties such as vendors, business partners and anyone who acts as an agent of Palla who use or access Palla facilities, information assets, or IT assets.

Financial companies choose how to share personal information collected on consumers in accordance with the GLBA. Federal and certain state laws require Palla to tell consumers how nonpublic personal information is collected, shared, and protected. Federal and certain state laws also give consumers the right to limit some but not all sharing. This privacy policy covers how personal information collected on consumers is used and protected.

EXCEPTIONS

If there is an exception to any requirement of this policy, a valid business case must be documented and approved. The exception approval will be retained for the duration of the exception in a secure and centralized location.

NON-PUBLIC PERSONAL INFORMATION

"Non-public personal information" or "NPI" refers to personally identifiable financial information; and any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available.

"Personally identifiable information" is information that consumers provide to Palla in connection with obtaining a financial product or service or information that is obtained about consumers in connection with providing them with a financial service or product. It does not include information that is available from public sources, such as telephone directories or government records. Palla collects, retains, and uses such information in order to administer its business, provide consumers with products and services, process their transactions, and to properly identify, and validate their identity.

Palla's Online Privacy Statement, which governs use of the website, www.palla.app, can be found in Appendix A.

A sample of Palla's Mail-in Form for opt-out preferences is included in Appendix B for use if Palla updates how they share data for marketing purposes at a later time.

COLLECTION, USE, AND RETENTION OF DATA

Palla may collect nonpublic personal information about consumers from the following sources:

1. Information (such as name, address, telephone number, email address, gender, occupation, nationality, identification type and number, social security number or tax identification number, and date of birth) obtained from consumers to register an account on its website or to conduct a transaction in person.
2. Information from consumer transactions providers and vendors, such as third-party providers used to process transactions on Palla's platform.
3. Information we receive from third parties, including government agencies, consumer-reporting agencies, and other lawful sources;
4. Information collected through internet web site "cookies."

Additional details on what information is collected can be found in Appendix A.

Not all data collected is stored in Palla's systems but may be used in verifying information related to accounts held with us and on transactions conducted through those accounts. Palla advises its customers about the general uses of the information collected on them. Palla will gladly and promptly provide additional explanation, if requested, as allowed by law.

SHARING OF INFORMATION

Palla may share consumer information for everyday business purposes: such as to process transactions, maintain account(s), respond to court orders and legal investigations, or to report to credit bureaus.

Palla will not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.

To the extent that Palla collects certain NPI about consumers in the course of offering and facilitating financial services rendered, Palla shall not disclose NPI to any unauthorized individual or entity, except as permitted by notice and opt out exceptions contained in the Privacy regulation under 16 CFR § 313.14 and 313.15.

16 CFR § 313.14 exceptions to notice and opt out requirements apply to various types of information-sharing that are necessary for processing and servicing transactions at the consumer's request or for administering or enforcing a financial transaction requested or authorized by the consumer. This includes disclosing NPI to service providers and partners who perform other administrative activities for a consumer's account, to process or complete a transaction requested, maintain the consumer's account, or to otherwise enforce a transaction and ensure payment is made to the appropriate beneficiaries.

16 CFR § 313.15 exceptions apply to certain types of information-sharing, including disclosures for purposes of preventing fraud, responding to judicial process or a subpoena, or complying with federal, state, or local laws.

The following are examples of appropriate information disclosures under this exception, among others:

• To protect the confidentiality or security of records pertaining to the consumer, service, product, or transaction;

• To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;

• For required institutional risk control or for resolving consumer disputes or inquiries;

• To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681et seq.), or from a consumer report reported by a consumer reporting agency;

• To comply with Federal, State, or local laws, rules, and other applicable legal requirements;

• to comply with legal processes such as subpoenas or court orders;

• To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities; or

• To respond to judicial process or government regulatory authorities having jurisdiction over you for examination, compliance, or other purposes as authorized by law.

• For any other lawful purpose as permitted by this Privacy regulation.

Palla may also disclose aggregate information about customers and former customers to third parties with whom Palla may have a joint marketing agreement, or those companies who perform marketing services on behalf of Palla. This includes all information collected directly or indirectly from consumers. Palla also uses consumer information to market its services and obtain feedback on potential new services from consumers.

Palla will permit only authorized employees and authorized third parties such as consultants or contract employees trained in the appropriate handling of sensitive customer information, to have access to that information, and only if required by their business responsibilities. Employees or others who violate Palla's Privacy Policy are subject to its disciplinary process, up to and including termination and prosecution.

Federal law gives the consumer the right to limit only:

• Sharing for affiliates' everyday business purposes—information about a consumer's creditworthiness

• Palla affiliates from using consumer information to market to consumers; and

• Sharing for companies that are not affiliated with Palla to market to consumers.

Palla shares information about consumer transactions and experiences with its bank partners, vendors, and program managers in course of normal business and as required by law.

GLBA SAFEGUARDS RULE & INFORMATION SECURITY PROGRAM

Palla restricts access to non-public personal information ("NPI") about consumers to its employees, contractors, and external third parties only for the purposes of processing transactions or providing services. The Company maintains physical, electronic, and procedural safeguards that comply with federal standards to guard consumer information. To ensure the protection of this information, Palla maintains an information security program that is compliant with the GLBA Safeguards rule in accordance with Section 15 USC §6801(b) of the Privacy Regulation:

• To ensure the security and confidentiality of consumer records and information;

• To protect against any anticipated threats or hazards to the security or integrity of such records; and

• To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any consumer.

According to 16 CFR §314.4, the following are the minimum elements of an information security program required by the regulation in compliance with the GLBA Safeguards Rule:

• Designation of an employee or employees to coordinate the information security program.

• Identification of internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized use or compromise of information and assess the adequacy of any safeguards in place to control these risks.

  • At a minimum, a risk assessment will consider risks in each relevant area of the Company's operations, including:

    • Employee training and management;

    • Information systems, including network and software design, as well as information processing, storage, transmission, and disposal; and

    • Detecting, preventing, and responding to attacks, intrusions, or other systems failures.

• Design and implementation of information safeguards to control the risks identified from the risk assessment and will regularly test and monitor the effectiveness of the safeguards' key controls, systems, and procedures.

• Oversight of service providers by:

  • Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the consumer information; and

  • Requiring service providers by contract to implement and maintain such safeguards.

• Evaluation and adjustment of the information security program in accordance with the testing and monitoring required; any material changes to operations or business arrangements; or any other circumstances that are known or have reason to know may have a material impact on the Company's information security program.

To that end, Palla will ensure the following within its Privacy program:

• Maintain and update as required current policies and procedures to protect consumer records and information;

• Protect the collection, storage, and transmission of all NPI; and

• Educate employees about privacy policy and procedures.

In addition, Palla shall maintain physical, electronic, and procedural safeguards to NPI. In an effort to ensure the security and confidentiality of consumers information and records, protect against anticipated threats to its integrity and unauthorized access, Palla will maintain an information security program that is compliant with the GLBA Safeguards rule, and will, at a minimum, include the following:

• Ensure access to consumers' non-personal financial information is provided to only those employees who need to know such information in order to provide products or services to consumers;

To the extent possible, Palla will limit access to its offices where confidential information could be observed or overheard by individuals that do not need to know such information;

• Checking references or doing background checks before hiring employees who will have access to customer information.

• Asking every new employee to sign an agreement to follow the company's confidentiality and security standards for handling customer information.

• Ensure company issued electronic devices used in the course of business such as computers, laptops, cell phones and PDA devices are password protected;

• Instruct employees to use care when handling documents containing confidential information to ensure they are not seen or read by unauthorized persons and store such documents in secure locations (i.e., locked files) when they are not in use;

• Consumer records, and any other records that may contain non-public financial information, shall be kept in drawers and file cabinets in a secure area. They shall be removed only when needed to service the consumers' account and shall be kept in secured areas;

• Palla shall require all non-affiliated organizations that come into contact with non-public confidential information (lawyers, accountants, consultants, regulators, etc.) to conform to Palla's privacy standards and will require them to keep the provided information confidential and used as requested;

• When documents containing non-public financial information are to be disposed of, they shall be destroyed by shredding or some other secure manner that can prevent readable copies from being used;

• Palla maintains a retention schedule in the Information Security Policy that includes Personally Identifiable Information, which is retained for seven years, or as noted within in the Information Security Policy, after which it is purged or destroyed in a secure manner when no longer necessary.

• All employees will be made aware of the Company's policies and procedures regarding its Privacy program upon hire and at least annually thereafter.

CUSTOMER NOTIFICATION & CONSENT

Palla's online privacy statement is posted in a clear and conspicuous manner on a page on its website, without requiring a login or similar steps or conditions to access the notice. Palla requires consumers to acknowledge receipt as a necessary step to obtaining a financial product or service. Palla may update its privacy statement at any time. If the online privacy statement changes, Palla will ensure that it is updated on its website for consumers to view at any time. The online privacy statement contains the Company's contact information for the consumer to exercise their opt-out options, as applicable. In addition, consumers may request an updated privacy statement by calling Palla Customer Service at (786) 625-6048 from 8:00AM to 5:00PM MT, Monday through Friday or via email at support@palla.app.

Palla provides its customers with the opportunity to remove their names used for mail, telephone, or online marketing upon initial customer contact and subsequently on an annual basis in the event that Palla makes changes to the Privacy Policy regarding sharing of information for marketing purposes. This opt-out choice includes products and services offered by Palla and its affiliate and non-affiliate marketing partners, as permitted by law. Customers may notify Palla of opt out choices by contacting Palla via its website, email, U.S. mail, or telephone.

Except as permitted by law and outlined above, Palla limits the release of customer information. Palla releases information only with a customer's consent or request, or when Palla is required to do so by law or other regulatory authority. When a court order or subpoena requires Palla to release customer information, Palla notifies the customer promptly in order to provide the customer with the opportunity to exercise their legal rights. The only exception to this policy is when Palla is prohibited from notifying the customer by law or due to a court order, or in cases in which fraud, money laundering or criminal or illegal activity is suspected.

If this privacy policy is modified, Palla will notify its customers of these changes via e-mail, U.S. mail, via telephone, and post the updated privacy information on its website. Palla will post the annual privacy policy notice to the customers on the website. When Palla posts the annual privacy policy notice, Palla will also e-mail cardholders notifying customers of the annual privacy notice. A paper annual privacy policy notice will be made available to a consumer upon request.

Should customers need to update any information previously supplied to Palla, they may contact Palla Customer Service at (786) 625-6048 from 8:00AM to 5:00PM MT, Monday through Friday or e-mail Palla at support@palla.app. to initiate a request to update customer information while providing a secure method to do so.

If Palla changes its marketing preferences to share information with affiliates or non-affiliates for marketing purposes, and customers wish to opt out of Palla and any third parties of Palla's marketing offers, Palla can be contacted via U.S. mail at the following address:

Palla Financial Inc.

429 Lenox Ave

Miami, FL 33139

APPENDIX A

PALLA ONLINE PRIVACY STATEMENT

1. EFFECTIVE DATE

   July 21, 2021

2. PRIVACY REGULATION

   The privacy provisions of the Gramm-Leach-Bliley Act ("GLBA") 15. U.S.C §§6801-6809 and its implementing regulations 16 CFR Part 313 require financial institutions to adhere to specific requirements concerning the protection and disclosure of non-public personal information ("NPI") about consumers and consumers of the institution. Since Palla Financial Inc. ("Palla") offers money transmission and prepaid card services to US consumers, it is within the GLBA definition of a financial institution as it obtains nonpublic personal information from the consumers who use its services.

   The GLBA requires financial institutions to explain their information-sharing practices to their consumers and to safeguard sensitive data. The GLBA regulates the sharing of personal information about individuals who obtain financial products or services from financial institutions. Under the GLBA, a "consumer" is defined as an individual, or that individual's legal representative, who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes.

   Palla shares information for its own marketing purposes and for joint marketing with other financial companies such as the partner bank and third-party vendors used to manage Palla's platform. Palla may also share U.S. consumers' personal information with its affiliates for marketing purposes. Palla shares information with affiliates about consumers' transactions and experiences for everyday business purposes as part of providing financial services with its affiliates. Palla's Privacy Notice is therefore based on a notice to consumers on how their information is shared. Currently, Palla does not sell information for marketing purposes to affiliates or non-affiliates.

3. OUR COMMITMENT TO PRIVACY

   Privacy Promise

   Palla takes privacy very seriously and knows that you care about how your NPI is used and shared. Federal and certain state laws require us to tell you how we collect, share, and protect your nonpublic personal information. Federal and certain state laws also give consumers the right to limit some but not all sharing. As such, Palla is committed to protecting our consumers' privacy and security. This Privacy Statement explains how Palla may collect, process, retain, share, and transfer your NPI. This Policy explains what personal information is collected and the manner in which Palla may use and share such personal information. It also sets forth the options available to consumers if they seek to limit the use and sharing of their NPI.

   Security is Paramount

   At Palla, we recognize that the trust of our customers is one of our most important assets. As such, it is our goal to ensure the privacy of our customers' nonpublic personal information that we collect. No data is disclosed except for everyday business purposes and what is permitted by law.

   The following outlines some of the steps we take on a daily basis to ensure that our customers' information is secure, private, and used only in a manner consistent with our customers' wishes. We will safeguard, according to our strict standards of security and confidentiality, any and all information our customers share with us. We use administrative, physical, and technological security techniques and processes designed to protect the integrity and privacy of our customers' information.

4. APPLICABILITY OF THIS PRIVACY STATEMENT

   This Privacy Statement applies to all information collected by Palla through Palla websites (for purposes of this Privacy Statement, "websites" includes www.palla.app our mobile websites, and our mobile applications) and the services associated with it ("Palla" or "Services"). This Privacy Statement applies to information related and retrieved in connection to the Service. You should read this Privacy Statement in its entirety as certain sections may apply differently to residents of different jurisdictions.

   This Privacy Statement applies to you and information collected from you if you are an individual who resides in the United States and uses our Sites or Services for your own personal, family or household purposes.

   
   

   FACTS	WHAT DOES PALLA DO WITH YOUR PERSONAL INFORMATION?
   WHY?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some, but not all, sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
   WHAT?	The types of personal information we collect, and share depend on the product or service you have with us. This information may include, but is not limited to, the following: Domestic and foreign government issued identification numbers such as driver's license, passport, visa, social security number or tax identification number; Date of birth, address, email address, occupation, employer, mobile number, nationality, country of birth, gender; Debit card information, such as the card number, issuer, expiration date, security code, and any bank account and account balances information used to debit outgoing transfers funds and credit incoming transfers funds. Transaction history Transactional profile, monthly transaction amount, frequency of transfers, parties to transactions Phone conversations and email communications Internet protocol (IP) address, geo-location information, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data You consent to our collection, transfer, and storage of information by computers or other transfer or storage devices in the United States and elsewhere. When you are no longer our customer, we continue to share your information as described in this notice.
   HOW?	All financial companies need to share consumers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their consumers' personal information; the reasons Palla chooses to share; and whether you can limit this sharing.
   WHEN?	This privacy statement was last revised on July 21, 2021.

   
   
   

   Reasons we share your personal information	Does Palla Share?	Can you limit this sharing?
   For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus	Yes	No
   For our marketing purposes - to offer our products and services to you or send you marketing and promotional messages	Yes	No
   For joint marketing with other financial companies - to offer jointly marketed products and services to you or send you marketing and promotional messages.	Yes	No
   For our affiliates' everyday business purposes -information about your transactions and experiences	Yes	No
   For our affiliates' everyday business purposes -information about your creditworthiness	No	Yes
   For our affiliates to market to you	No	Yes
   For nonaffiliates to market to you	No	Yes

   
   
   

   To limit our sharing

   Call 786-652-6048 —our menu will prompt you through your choice(s) Visit us online: www.palla.app or Send us an email at support@palla.app or mail us at the following address: 429 Lenox Ave, Miami, FL 33139 Please note: If you are a new consumer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.

   Questions?

   Call (786) 625-6048 or go to www.palla.app for more information.

   
   
   

   Who we are
   Who is providing this Privacy Policy?	Palla Financial Inc. ("PALLA")
   What we do
   How does PALLA protect my personal information?	To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures can include physical, electronic, procedural, and computer safeguards and secured files and buildings. PALLA also limits the sharing of personal information to only those employees that need access to it.
   How does PALLA protect my personal information?	We collect your personal information, for example, when you: Register online Provide account information or otherwise provide contact information Conduct a transaction, complete a payment or use or request other products or services from us Use your credit or debit card or provide bank account information Use PALLA online services to conduct a prepaid card transaction or to send or receive funds Provide your government issued ID or tax identification number Use or visit our online sites or navigate through mobile apps providing our services (for example, to complete a transaction or manage your account) Communicate with our customer representatives via phone, online, or email We also collect your personal information from others, such as credit bureaus, affiliates, non-affiliates, or other companies, all in compliance with and subject to the limitations of applicable law.
   Why can't I limit all sharing?	Federal law gives you the right to limit only: sharing for affiliates' everyday business purposes - information about your creditworthiness sharing for affiliates to market to you sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing.

   
   
   

   Definitions
   Affiliates	Companies related by common ownership or control. They can be financial and nonfinancial companies.
   Nonaffiliates	Companies that are not related by common ownership or control. These can be financial and nonfinancial companies.
   Joint marketing	A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
   Other Important Information
   State Privacy Laws California residents: In accordance with California law, we will not share information we collect about you with companies outside of Palla except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled. Nevada residents: This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing customers, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by calling us at (786) 625-6048 or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: BCPINFO@ag.state.nv.us. Texas residents: If you have a complaint, first contact Palla at (786) 625-6048. If you still have an unresolved complaint regarding the company's money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); www.dob.texas.gov. Vermont residents: In accordance with Vermont law, we will not share information we collect about you with companies outside of Palla except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.
   CHILDREN'S POLICY Our website is not directed at children under the age of 13. Palla does not knowingly collect or maintain information from persons under the age of 13. If we become aware that we have collected NPI from a child under the age of 13, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have inadvertently collected information from a child under the age of 13.
   EXTERNAL WEBSITES Our website may be linked to or from third party websites. Palla is not responsible for the content or privacy practices of websites that are linked to or from our website.
   COOKIES Some of our web pages may contain "cookies", small data files which are sent to your web browser and stored on your computer or mobile device to, among other things, allow us to recognize you as a returning customer and log your browsing trends and remember your website preferences to make your experience more convenient and personal. Cookies may also be used for future analysis by us or third parties to analyze trends, optimize website use, and to learn more about customer preferences which altogether help us improve our products and services. You may configure your web browser to not accept cookies or to notify you if a cookie is sent to you. Disabling cookies may limit functionality of our websites and/or applications and may also impact service levels.
   ONLINE ACTIVITIES Palla does not honor any web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer's online activities over time and across third-party websites or online services.
   CHANGES Palla reserves the right to modify this Privacy Statement. To the extent required by applicable law, we will notify you and give you the opportunity to opt out of any material change in the way we use or disclose personal information you previously have provided. You can get an updated Privacy Statement by calling us at or (786) 625-6048 by visiting our website at www.palla.app.

   
   
   

   Mail-in Form
   Mark any/all you want to limit: Do not share information about my creditworthiness with your affiliates for their everyday business purposes. Do not allow your affiliates to use my personal information to market to me. Do not share my personal information with nonaffiliates to market their products and services to me.
   	Mail to:
   Name:
   Address:	Palla Financial, Inc. 429 Lenox Ave Miami, FL 33139
   City, State, Zip
   User email
   User mobile #