This Privacy Policy ("Policy") outlines the principles and practices that Ultra Gate Technologies (Private) Limited ("Company"), adheres to in collecting, processing, using, disclosing, retaining and managing personal data of our customers ("Users"). This policy does not cover any external websites or services that are not under our ownership, control, or authority of the Company, including those operated by third-party merchants.

Unless otherwise specified, all capitalized terms in this Policy shall have the meanings assigned to them in our Terms and Conditions, which can be accessed here.

This Privacy Policy governs the collection, use, retention, storage, protection, management, and deletion of Users' Personal Data across all departments within the Company. It ensures that every aspect of Personal Data handling, from initial collection to final deletion, adheres to the highest standards of security and compliance. All employees and contractors with access to this Personal Data must strictly follow this Policy. Additionally, the Policy guarantees that Personal Data is managed consistently and securely throughout the Company, maintaining the privacy and trust of our Users.

Personal Data: Information that can be used to directly or indirectly identify an individual. This includes but is not limited to:

• Contact Information: Names, postal addresses (including billing addresses), telephone numbers and email addresses.
• Financial Information: Payment card numbers, bank account details, transaction histories, and other financial data related to User transactions.
• Identification Data: Government-issued identification numbers (e.g., Social Security Number, CNIC No, NTN or Taxpayer IDs), driver's license numbers, passport numbers, and other similar identifiers.
• Account Information: Account numbers, usernames, passwords, security questions, and answers used to access and secure Accounts.
• Biometric data: Fingerprints, facial recognition data, and other biometric identifiers, where applicable.
• Device and Usage Data: IP Addresses, browser types, operating system details, device identifiers, and usage patterns on the Company's Digital Platform.
• Transaction Data: Details about transactions conducted through the Company's services.
• Communication Data: Records of communication between Users and the Company including customer service interactions, email correspondence, and feedback.
• Geolocation Data: Information about a User's location when accessing the Company's Digital Platform.
• Browsing Data: Information about User behavior on the Company's Digital Platform, such as cookies, clicks, pages viewed, time spent on the Digital Platform, and any other interactions made.
• Referral Data: Information about how Users were referred to the Company's Services, such as referral URLs or partner promotions.
• KYC (Know Your Customer) Data: Additional verification information required for regulatory compliance, such a photograph, utility bills, and all such other documents to verify identity and address of the Users obtained to perform KYC checks.
• Fraud Detection Data: Patterns and indicators used to identify and prevent fraudulent activities, including unusual transaction patterns and flagged behaviors.
• Third-Party Data: Information obtained from third-party sources, such as credit bureaus, identity verification partners, social media platforms, and public databases. The Company's identity verification partners utilize a variety of data sources to confirm identities, including government records and publicly accessible information. This Personal Data acquisition is completely aimed at fulfilling legal obligations and to preventing fraudulent or illicit activities in relation to Company's services and/or products.

Personal Data does not include data that has been anonymized or aggregated in a way that cannot identify a specific individual.

The Company does not knowingly collect Personal Data pertaining to children under the age of 18 or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected Personal data from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data. Please contact us at support@ultragatetechnologies.com in case of any discrepancies during the use of our Services.

The Company collects and processes the Users' Personal Data to ensure transparency and legality in each step:

• Account Registration: Assessing eligibility for creating and maintaining an Account.
• User Relationship Management: Managing interactions and maintaining long-term relationships with Users.
• Service Fulfillment: Delivering on Company's commitments under Service Agreements.
• Legal Compliance and Requirements: Ensuring that all Company activities comply with relevant laws, regulations, and statutory mandates, including adherence to court orders.
• Contractual Obligation: Enforcing Terms and Conditions as agreed upon by Users.
• Service and Product Enhancement: Improving the quality of Services and developing new product offerings to better suit User requirements.
• Communications: Sending updates and promotional materials to Users.
• Explicit Consent: Processing certain types of Personal Data only after obtaining specific written consent from the User.

Consent and Notification:

Users' Personal Data is collected subject to Users' knowledge and information of the purpose for which Personal Data is collected and that the Users have given their written consent, except where otherwise permitted or required by law. Users are responsible for providing accurate and complete information and are expected to inform the Company promptly of any changes to their Personal Data.

Disclosure of Personal Data:

The Company may disclose Users' Personal Data to relevant government authorities, legal advisers, service providers, related corporate entities, prospective merger or acquisition parties, or as mandated by court orders or international compliance-related laws. Disclosure will occur in compliance with applicable laws and with prior consent from the User, unless such disclosure is mandated by law.

By providing Personal Data to the Company, Users are considered to have given their implicit consent to the collection, use, retention, storage, protection and management of their Personal Data. This consent is valid until it is rescinded in writing or until the termination of the individual's relationship with the Company.

Individuals wishing to withdraw their consent may do so at any time by following these specific steps:

• i. Contact us at:
  • Email: support@ultragatetechnologies.com – Send your withdrawal request via email for prompt processing.
  • Postal Address: Z house, Mansoor Tower G5/5, 1st Floor Block-8, Clifton, Karachi Sindh, Pakistan
• ii. Include the Following Information in Your Request:
  • Full Name and Contact Information: To verify your identity and facilitate contact if necessary.
  • Account Information: Include your Account login ID / email address.
  • Specific Consents to Withdraw: Kindly specify which data uses or processing activities you are withdrawing consent for.
  • Signature: Include your signature with a postal request. For emails, type your full name.

Processing of the Withdrawal request:

The Company aims to process all withdrawals of consent within thirty (30) working days from receipt of such request. The User will receive confirmation once the consent has been successfully withdrawn.

Impact of Withdrawal:

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal and may be subject to consequences outlined by the Company if it affects the ability to provide Services.

Retention of Data Post-Withdrawal:

Withdrawal of consent does not necessarily imply the deletion of the User's Personal Data. The Company is obligated to retain certain information for a specified period to comply with AML and other applicable laws and regulations.

6. THIRD-PARTY DATA USE

The Company may obtain Personal Data about Users from third-party sources. This information is used solely to improve the security, efficiency, and customization of our Services. Specifically, it aids in verifying User identities, enhancing the accuracy of the Personal Data we maintain, and preventing fraudulent transactions. We are committed to ensuring that this third-party data is handled with the same level of integrity, security, and confidentiality as the Personal Data collected directly from Users. It is used exclusively in accordance with this Policy to uphold User privacy and expectations.

7. INTERNATIONAL TRANSFER OF PERSONAL DATA

Our global operations sometimes necessitate the transfer of personal data across international borders. When processing Personal Data outside of Pakistan, we ensure compliance with applicable local and international data protection laws, including but not limited to the GDPR, PIPEDA, CalOPPA, CCPA, DIFC Law No. 05 of 2020, by implementing robust safeguards such as standard contractual clauses. This ensures that the data protection offered is equivalent to that required under local regulations. Our data transfers include sharing with subsidiaries, associates, sister concerns, or affiliates both outside and within Pakistan, adhering strictly to the legal requirements of the respective jurisdictions. By using our Services, Users explicitly consent to these international transfers of their Personal Data, ensuring that their Personal Data remains protected and secure, maintaining privacy and security across all jurisdictions involved.

8. ACCESS AND CORRECTION OF PERSONAL DATA

Users have the right to access and correct their personal data held by our Company. To make such a request, please contact us via email at support@ultragatetechnologies.com or by sending a written request to our postal address as provided in our policy. When submitting your request, include your full name, contact information, and specify the data you wish to access or correct. This will help us efficiently locate and verify your identity. We commit to processing all requests within 30 days and will inform you of the outcome or any necessary extensions. Access may be provided to specific data elements or documents as required by your request. If any data is found to be inaccurate or incomplete, you can request an update, correction, or deletion. If the Company is unable to fulfill your request, we will provide clear reasons for our inability to do so, ensuring transparency in our processes.

9. Retention and Disposal of Personal Data

a. Retention Period and Adjustment:
The Company retains Users’ Personal Data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable legal, compliance, accounting, or reporting obligations. The specific retention periods for different categories of Personal Data are determined based on the nature of the Personal Data, its intended use, and relevant legal or operational requirements, as outlined in the Service Agreements. Retention periods are regularly reviewed and adjusted in response to changes in legal obligations, data volumes, and evolving service development needs. This ensures that Personal Data is retained appropriately and managed in accordance with regulatory and operational standards.

b. Disposal and Anonymization:
Once the retention period has expired, Personal Data is either securely deleted or anonymized to prevent any possibility of reconstruction or further processing. Disposal methods are selected based on the sensitivity and volume of the Personal Data, ensuring that all Personal Data is handled with the highest security standards and in line with best practices.

c. Special Considerations for Sensitive Data:
For sensitive Personal Data, the Company implements enhanced measures to manage both retention and disposal processes. These measures are designed to meet stricter regulatory requirements and to protect such data from unauthorized access or misuse.

d. Documentation and Compliance:
The Company maintains comprehensive documentation of data retention and disposal activities to ensure accountability and to provide evidence of compliance with this Policy and relevant data protection regulations.

10. Protection and Access of Personal Data

The Company employs administrative, physical, and technical measures to safeguard Users’ Personal Data against unauthorized access, disclosure, and/or modification. Data disclosure is restricted to stakeholders on a need-to-know basis. While stringent security measures are in place, the Company does not guarantee absolute protection against unauthorized access, copying, or disposal of data.

Users have the right to request access to their Personal Data or information regarding its utilization or disclosure. Depending on the nature of the request, access may be granted to the data itself or confirmation of the data held by the Company. In cases where the Company is unable to fulfill a request, reasons will be provided.

11. DATA SECURITY

We are committed to safeguarding personal data through robust technical and organizational measures in compliance with all applicable local laws, our agreements with merchants, and client arrangements. This includes implementing industry-standard encryption, secure servers, firewalls, and access controls to prevent unauthorized access, disclosure, alteration, or destruction of data. Regular security audits, employee training, and adherence to data minimization principles ensure ongoing protection. In collaboration with our merchants and clients, we uphold strict data security protocols to maintain the integrity and confidentiality of all personal data processed under our care.

12. Cookie Policy

Cookies and tracking technologies are small data files placed on your device by your web browser when you use our Services. These technologies serve various purposes:

• Essential Cookies: Necessary for the core functionality of our Services, allowing you to navigate and use essential features.
• Performance Cookies: Collect data about your browsing habits to help us improve our Services and ensure an optimal user experience.
• Functional Cookies: Remember your preferences and settings to enhance your experience by personalizing content.
• Advertising Cookies: Used to deliver relevant advertisements to you and measure the effectiveness of our marketing efforts.

13. Third-Party Links

Our Digital Platform may contain links to external websites or resources that are not operated or controlled by the Company. These third-party websites may have their own privacy policies and practices, which differ from ours.

We are not responsible for the content, privacy practices, or data protection measures of these external sites. Users are encouraged to review the privacy policies and terms of use of any third-party sites they visit. While we strive to provide links to reputable and trustworthy sites, we cannot guarantee the privacy or security of information collected by these external sites. Any data provided to or collected by these third parties is governed by their respective policies and practices, and we disclaim any responsibility for their actions.

14. CHANGES TO THIS POLICY

To enhance user awareness and compliance, this Policy may be updated at any time and will be communicated to users through email notifications and/or visible notices on our Digital Platform. Users will have a 30-day period to review any changes before they take effect, allowing ample time to understand the implications of these updates. Continued use of our Services after this period will be regarded as implied acceptance of the new terms. Please ensure your contact details are up-to-date to receive these notifications. If you disagree with the changes, you may discontinue using our Services and contact us for any further assistance

15. GOVERNING LAW

This Policy shall be governed by the applicable local laws in the country where the Services are being provided to the User.

16. Contact Us

For any questions, concerns, or feedback regarding data protection, please contact our concerned officer:

• Email: support@ultragatetechnologies.com
• Postal Address: Z house, Mansoor Tower G5/5, 1st Floor Block-8, Clifton, Karachi, Sindh, Pakistan

We offer multiple contact options to ensure that you can reach us through your preferred method. This helps us maintain a transparent dialogue and provides you with the support you need regarding your data privacy concerns.