Ria Promoters Privacy Notice

Version 3.2 — April 2025

This Privacy Notice explains how we process your Personal Data when you engage with our services or interacting with us in any other way. It also details how we may share your Personal Data with third parties and the safeguards we have implemented to protect your information.

References to “we,” “us,” and “our” in this Privacy Notice refer to Ria, a segment of Euronet Worldwide. The specific legal entity acting as the Data Controller is listed in Our Companies section.

We recommend reviewing this Privacy Notice regularly for updates, which will be posted on our Website/App. Where local laws require additional information, these are provided in the Regional Privacy Notices section.

To reach the Privacy Department or the Data Protection Officer (DPO)

• Email: dpo@riamoneytransfer.com
• Postal mail: DPO, Calle Cantabria 2, 2-A Alcobendas Madrid, Spain

Notice to Promoters

This Privacy Notice applies to individuals and representatives involved in a business relationship with us, when you apply or become a promoter agent (“Promoter”).

What Type of Personal Data Do We Collect?

Identifiers or Identification Data

The Personal Data we collect from you may include name, surname, title, gender, date of birth, nationality, and identification documents, including document number, passport or visa details, country of birth, and address. We also collect other contact details such as your residential and/or business address, email address, telephone and/or fax numbers, as well as unique identification numbers (for example, Tax ID) and other contact data (“Contact details”). Additionally, we may process images, videos, or your signature.

Purposes and Legal Basis for Processing:

• Services Provision: To provide the requested services. This processing is required to fulfil our contractual obligations.
• Company Representation: To represent the company in matters of legal requirement (contracts, negotiations). This processing is required to fulfil our contractual obligations.
• Operational Support: To provide support to operations. This processing is based on our legitimate interest.
• Giveaway Participation: To enable your participation in events organized by us or in a specific giveaway. This processing is based on your consent.
• Regulatory Compliance: To meet our legal obligations related to documentation and communication retention. We keep correspondence including emails, faxes, and any kind of electronic communication, together with any records of the customer's account. We also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers. This is processed based on our legal obligations.
• Account Management: To manage your account(s), including registration, administration, maintenance, and servicing. This processing is required to fulfil our contractual obligations.
• Marketing: To provide advertising and marketing. This processing is based on your consent.
• Market research & consumer feedback: To analyze any information that you voluntarily share with us about your experience of using our products and services. This processing is based on consent.

Financial Details and Professional or Employment-related Information

We collect your personal financial data when you become a Promoter. We collect financial data such as bank account information, in order to provide you with our Services.

Purposes and Legal Basis for Processing:

• Supply/Performance of Services: This processing is required to fulfil our contractual obligations.
• Account Management: This processing is required to fulfil our contractual obligations.

Non-Identifiable Data

Whenever possible, we use data that does not directly identify you (such as anonymous demographic and usage data), rather than Personal Data (“Non-Identifiable Data”).

Purposes:

• Internal Improvement: This Non-Identifiable Data may be used to improve our internal processes or the delivery of services, without further notice to you.
• Service Evaluation: We may use aggregate data to analyze, evaluate, and improve our Services.

General Notice

Where Do We Obtain Your Personal Data

We collect Personal Data from the following sources:

• Directly from you through your direct interactions and the submission of online forms, requests for information or complaints, as set out above.

How Long We Keep Personal Data

We retain Personal Data only as long as necessary to provide requested services and to meet legal, accounting, and reporting obligations. The retention period is determined by specific requirements and may include:

• Customer Service and Contractual Relationship: We retain your Personal Data while you remain our customer. When our contractual relationship concludes, we restrict your data to ensure it is only accessible to comply with legal requirements.
• Marketing: We will process your Personal Data for marketing purposes unless you have opted out, as described in this Privacy Notice, or until we become aware that you are no longer interested, or that your data is no longer accurate.
• Legal and Regulatory Requirements: We keep your Personal Data as long as needed to comply with all applicable legal obligations, including commercial, tax, and anti-money laundering regulations. During this period, your Personal Data is restricted to prevent use for any other purpose and will be accessed only when necessary to fulfill these obligations.

Please note that if you request data deletion we may still be required to retain some of it to comply with our legal obligations. The information retained will only be accessible by limited personnel to comply with any legal requirement and will be duly deleted after the obligation is due.

Do We Disclose Personal Data?

Euronet Group Affiliates

We may disclose Personal Data to Euronet and its affiliated companies for everyday business purposes and fulfil compliance obligations within the Group.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details, Behavioral and Technical Data.

Purpose: Sharing data with affiliates for customer service, compliance, and daily business functions. This may include 24/7 customer support requiring data access across Euronet Group affiliates.

In the event of a sale, acquisition, merger, or reorganization involving Euronet or any company within the Euronet Group, we may transfer Personal Data to third parties, ensuring appropriate protection measures.

This processing is carried out to comply with legal obligations and/or to perform contractual obligations, as applicable.

Third-Party Service Providers

We may share certain Personal Data with third-party service providers to support compliance verification, service delivery, and marketing efforts.

Types of Personal Data: Identification, Financial Details, Contact Details, Transactional, and Technical Data.

Purpose:

• Compliance and Fraud Prevention: Personal Data may be shared with verification and analytics providers to fulfill regulatory obligations and mitigate risk (e.g., to verify customer data or detect suspicious activity). This processing is carried out to comply with our legal obligations or, where applicable, based on your consent.
• Service Delivery: Our Partners and third parties, such as agents and correspondents, may access Personal Data to assist in delivering services. This processing is based on our contractual obligation.
• Marketing: Advertising networks and social media platforms may receive data to deliver personalized ads and adapt to user preferences. This processing is based on your consent.

Note: The definition and scope of “third-party service providers” may vary based on country regulations.

Authorities

We may be required to disclose your Personal Data, including Sensitive Personal Data, to legal or regulatory authorities for compliance, to enforce agreements, or to fulfill legal requests.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details.

Purpose: To comply with applicable laws, respond to binding requests from public authorities, support investigations, or fulfill obligations related to the processing of financial transactions. This processing is based on our legal obligations.

Partners

Personal Data may be shared with strategic partners when necessary to deliver our services or to ensure they comply with their legal obligations.

Types of Personal Data: Identification Data, Transactional Data, Financial Details.

Purpose and Legal Basis for Processing:

• Purpose: Service provision in collaboration with strategic partners. This is carried out as part of our contractual obligations.
• Regulatory Compliance: To help our partners comply with legal or regulatory requirements applicable to them. This processing is based on legal obligations.
• Operational Efficiency and Risk Management: To support secure and seamless service delivery across different partners or service providers, or to prevent abuse or misuse of our services. This processing is based on our legitimate interests.

Professional Partners

We may disclose Personal Data to professional advisors, including lawyers, consultants, auditors, or accountants, to fulfill our legal and business obligations.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details.

Legitimate Interest

When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. You may request information on any processing based on legitimate interest.

International Transfers

We are a global company with global operations, partners and suppliers. Where it is necessary for the efficient and effective performance of a business transaction or the fulfilment of one of the uses of Personal Data outlined above, we may need to transfer your Personal Data, from the country of collection to other countries, which may have data protection laws that are different from the laws where you live. When such transfer is required, we implement appropriate safeguards to ensure it receives the same level of protection and the transfer is done according to our legal obligations.

Personal Data of Minors

We do not provide services directly to minors, as defined by applicable local legislation, or proactively collect their personal information. If you are considered a minor under your local laws, ensure to have the necessary authorizations from your legal guardian to use the Sites or Offerings or share personal data with us.

If you learn that a minor has unlawfully provided us personal data, please contact us at dpo@euronetworldwide.com.

Security

We are dedicated to safeguarding your Personal Data and have implemented robust, commercially reasonable security measures to prevent its loss, misuse, or unauthorized alteration. We continuously work to protect your data in line with international best practices by applying rigorous physical, electronic, and managerial safeguards.

To prevent unauthorized access, we employ advanced physical and organizational security measures that are regularly updated to ensure the highest level of protection while maintaining cost efficiency. All Personal Data is stored in secure locations, protected by firewalls and other sophisticated security systems with restricted administrative access.

Our personnel, as well as all activities related to your Personal Data, are governed by strict confidentiality agreements that enforce compliance with our organization's Privacy Policy.

Accuracy of Personal Data

We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data.

You may request a correction or update to your Personal Data if it is inaccurate, as outlined in the Your Rights section below.

Your Rights

To exercise any of your rights, please email us at dpo@euronetworldwide.com. To safeguard your privacy and maintain security, we may ask you to verify your identity and provide additional information.

Depending on your location, your rights concerning Personal Data under applicable laws may include:

1. Right to Know: You have the right to know what Personal Data is collected, sold, or shared, and with whom.
2. Right to Access: You may request access to a copy of your Personal Data.
3. Right to Correct: You can request corrections to inaccuracies in your Personal Data.
4. Right to Delete: You may request deletion of your Personal Data under certain conditions.
5. Opt-Out Rights:
   • You may opt-out of the processing of Personal Data for targeted advertising.
   • You may opt-out of the processing of Sensitive Personal Data.
   • You may opt-out of the processing of Personal Data for profiling that leads to legal or significant effects on you.
6. Right to Limit Use of Sensitive Data: You may request to limit the use and disclosure of Sensitive Personal Data to specific, permitted purposes.
7. Right to Restrict Processing: You can request restrictions on data processing under certain conditions.
8. Right to Object: You may object to the processing of your Personal Data, for example, for direct marketing purposes.
9. Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects.
10. Right of No Retaliation: You have the right not to face discrimination for exercising your Personal Data rights.

We will respond to your requests promptly and within the timeframe required by law.

Please note that some rights may not be enforceable due to business or legal requirements necessary to provide our services, such as anti-money laundering, contractual, or compliance obligations. However, we will always respond to any rights requests as outlined above, and you may have additional rights based on your location.

Privacy Complaints

If you have a complaint about how we process your Personal Data, please contact us at dpo@euronetworldwide.com.

Under applicable privacy laws, you may also have the right to lodge a complaint with a Data Protection Authority or other regulatory body if you believe we have not fulfilled our obligations under this Privacy Notice or the relevant legal requirements.