CASHet PRIVACY NOTICE

Effective: November 19, 2025

Overview

CASHet and its affiliates (“CASHet”, “we”, “us” or “our”) are committed to maintaining meaningful privacy protections for all individuals who interact with CASHet. This Privacy Notice (“Privacy Notice”) describes CASHet’s practices with respect to your personal information, including the types of information we collect, how we use and share that information, and your choices. This Privacy Notice covers information collected through:

  • Our websites that link to this Privacy Notice (“Websites”);

  • Our online mobile application, platforms, services, and tools that can only be accessed with valid login credentials (“Online Services and Platforms”).

Collection of Information and Categories of Sources

CASHet collects information: (i) directly from you when you provide it to us voluntarily; (ii) automatically when you interact with our Websites and Online Services and Platforms; and (iii) from third parties such as our clients and business partners. The types of personal information that we collect from you will depend on who you are and your relationship with us.

Information you provide to us directly may include:

  • Contact Information, such as postal address, email address and telephone number;

  • Demographic information, such as date of birth;

  • Online Credential Information, such as username and password;

Information we collect automatically includes:

  • Transaction Information, such as details about payments from you and other details of products and services you have purchased from us;

  • Technical Information, such as IP address, browser type, internet service provider, operating system, date/time stamp, location, browser plug-in types and versions, mobile device identification numbers, cookies, web beacons, pixel tags and other technology on the devices you use to access our online platform(s); and

  • Usage Information, such as information about how you use our online platforms and other services, such as the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), search queries, and methods used to browse away from the page.

Information we collect from third parties includes:

  • Publicly Available Information, such as information available from websites, directories, and other public sources;

  • Financial Information;

  • Tax Information; and

  • Talent and Crew Information from our clients about their current, prospective, and former members, including name, address, email address, date of birth, and telephone number.

Use of Information and Legal Bases for Processing

We use the information collected through our Websites and Online Services and Platforms to:

  • Provide and improve our products and services;

  • Integrate and sync with our software;

  • Understand how you interact with our Websites and Online Services and Platforms;

  • Register users;

  • Communicate with you, including by communicating with you through chat features, sending announcements, email alerts, event registrations, campaigns, newsletters, updates, and support and administrative messages;

  • Send marketing and promotional communications to you, if you have not objected to receiving such messages, such as product and service marketing communications (e.g., product updates/releases, training opportunities and invitations to events), customer surveys, and industry news.

  • Authenticate users;

  • Perform analytics;

  • Prevent and detect fraud and misuse;

  • Comply with legal requirements;

  • Provide customer service support and respond to your inquiries

  • Conduct surveys;

  • Generate leads;

  • Conduct investigations regarding violations of our policies, terms of use, or other legal rights, in accordance with applicable law; and

  • Perform any other function requested by you or our clients.

 

If you are located in the United Kingdom or Canada, we rely on the following legal bases:

  • Contractual necessity: to provide services you requested;

  • Legal obligations: to comply with financial and anti-fraud laws;

  • Legitimate interests: to improve our services and ensure security;

  • Consent: to market available services or where otherwise required.

 

Information Sharing and Disclosures

We may share and disclose your personal information as necessary for the purposes set out in this Privacy Notice:

  • With our affiliates.

  • With our third-party processors/service providers. All processors/service providers are governed by this Privacy Notice or are bound by confidentiality or data protection agreements that offer similar protections.

  • With our companies that assist us in our marketing, advertising and promotional activities.

  • Analytics and search engine providers that assist us in the improvement and optimisation of our online platforms.

  • With third parties designated by our clients, such as payment processors and card issuers.

  • With government, competent authorities, law enforcement officials or the courts and as otherwise required to meet national security or law enforcement requirements or to prevent illegal activity (where required by law).

  • Where required to establish, exercise or defend our legal rights, including to enforce or apply our Terms of Use or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person, or to prevent any illegal activity.

  • To protect the rights, property or safety of CASHet, our staff, our customers/clients or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

  • We do not sell your personal information.

Third Party Applications and Sites

CASHet may make third party applications available through its Websites, Online Services and Platforms. Collection of information by a third-party application is governed by the privacy policy of the third-party application provider.

Data Security        

We use industry standard security safeguards to protect our Websites, Online Services and Platforms against unauthorised or unlawful access and against accidental loss, theft, disclosure, copying, modification, destruction or damage. We review our security policies and procedures on a regular basis and update them as needed to maintain their relevance. We require all third parties to whom we transfer personal information to maintain adequate security safeguards in compliance with applicable laws and standards to protect personal information.

If you have created a profile on one of our Online Services and Platforms, you play an important role in keeping your information secure. You should not share your username, password, or other account information with anyone.

In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk.

If you believe that the security of our systems or services has been compromised, please contact us immediately as detailed in the “Contact” section.

Data Retention

We retain your personal information in accordance with applicable laws and regulations and our retention policy based on these laws and regulations.

The period for which we keep your personal information is determined by a number of criteria, including for as long as your account is active, for as long as needed to provide you or our clients with the services requested, or as long as needed to comply with our legal obligations, resolve disputes, and enforce any agreements.

 

Your Rights

Depending on your location and subject to applicable law, you may have the following rights in relation to your personal information:

  • Right of access. You can ask us for a copy of your personal information, confirmation whether your personal information is being used by us, and details about how and why it is being used.

  • Right to rectify/update your information. You can ask us to correct any personal information that is inaccurate.

  • Right to delete your information. You can ask us to delete your personal information in certain specific circumstances.

  • Right to restrict use of your information. You can ask us to restrict the way that we process your personal information in certain specific circumstances.

  • Right to object. You can ask us to consider any valid objections which you have to our use of your personal information in certain circumstances.

  • Right to stop marketing. You can ask us to stop using your personal information for direct marketing purposes.

  • Right to data portability. You can ask us to provide you with the personal information that you have provided to us, in a structured and commonly-used electronic format, or to transmit that information directly to another company if that is technically feasible. This right only applies where we use your personal information on the basis of your consent or performance of a contract, and where our use of your personal information is carried out by automated means.

  • Right to withdraw consent. In circumstances where we process your personal information on the basis of your consent, you have the right to withdraw your consent at any time.

  • Right to opt-out of sale of personal information. We do not sell personal information, therefore we do not offer an opt-out.

  • Right not to be discriminated against for exercising these rights. We do not discriminate against individuals who exercise their privacy rights.

  • Right to appeal any decision by EP relating to these rights. You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal information inconsistent with your rights.

Please note that some of these rights may be subject to exceptions under applicable data protection law (such as exceptions to ensure we can continue to use the information to comply with our own legal obligations or to establish, exercise or defend legal claims).

To exercise your rights, please contact us at privacy@cashet.com.

You may be required to provide additional information necessary to confirm your identity before we can respond to your request. The information you provide will not be used for any other purpose.

If you prefer not to receive cookies while browsing our Websites, you can set your browser to warn you before accepting cookies and refuse cookies when your browser alerts you to their presence. You can also refuse all cookies by turning them off in your browser, although you may not be able to take full advantage of our Websites if you do so. You may be required to accept cookies in order to complete certain actions on our Websites.

International Data Transfers

We may transfer your personal information from your country or jurisdiction to other countries or jurisdictions around the world.

When we transfer data to a different country or territory, we follow applicable data protection laws in doing so. In particular, when we transfer data from the EEA or UK across other international borders, we rely on adequacy decisions, data transfer agreements, or other EU-Commission or UK Information Commissioner’s Office-approved (as applicable) mechanisms for such transfers, including standard contractual clauses.

Data Privacy Framework

CASHet complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  CASHet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework website.

 

Jurisdiction-Specific Provisions

United States-California

As described in this Privacy Notice, “applicable law” includes the California Consumer Privacy Act of 2018 (“CCPA”) and any subsequent amendments thereto.

This Privacy Notice discloses the categories of personal information we have collected from California residents over the past twelve months, the categories of sources from which the information was collected, the business or commercial purposes for which the information was collected, and the categories of third parties with whom we shared that information. In the past twelve months, the categories of personal information that CASHet disclosed to third parties for business and commercial purposes are detailed in the “Collection of Information and Categories of Sources” section.

If you are a resident of California, we do not sell personal information to third parties and we have no actual knowledge of selling the personal information of minors under 16 years of age.

If you are a consumer located in California, we process your personal information in accordance with California law (e.g., the “CCPA”).

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf using the methods described in the “Your Rights” section. We may still require you to directly verify your identity and confirm that you provided the authorized agent permission to submit the request.

Canada

As described in this Privacy Notice, “applicable law” includes the Federal Personal Information Protection and Electronic Documents Act (PIPEDA), and any subsequent amendments thereto.

United Kingdom

As described in this Privacy Notice, “applicable law” includes the Data Protection Act 2018, UK General Data Protection Regulation (GDPR) 2016/679, and any subsequent amendments thereto, and other laws and regulations of the United Kingdom.  

If you are a resident of the United Kingdom or if we have identified CASHet as your data controller, and you believe our processing of your information is not in line with the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Information Commissioner’s Office, or the data protection regulator in the country where you live/work. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office.