To enable our systems to recognize your browser or device and to provide, market, and improve APS Services,
we and approved third parties use cookies and other identifiers. For more information about cookies and how
we use them, please read our Cookies Notice.

Information about our customers is an important part of our business and we are not in the business of selling
our customers’ personal information to others. We share personal information only as described below and with
Amazon.com, Inc. and the affiliates that Amazon.com, Inc. controls that are either subject to this Privacy Notice
or follow practices at least as protective as those described in this Privacy Notice.

• Transactions Involving Third Parties: We make available to you services, software, and content
provided by third parties for use on or through APS Services. We may share personal information with
those third parties to enable such APS Services, for example, to facilitate your onboarding experience.

• Third-Party Service Providers: We employ other companies and individuals to perform functions on
our behalf. Examples include: sending communications, processing payments, assessing compliance
risks, analyzing data, providing marketing and sales assistance (including advertising and event
management), conducting customer relationship management, verifying identity, fraud screening, and
providing training. These third-party service providers have access to personal information needed to
perform their functions, but may not use it for other purposes. Further, they must process that
information in accordance with this Privacy Notice and as permitted by applicable data protection law.

• Business Transfers: As we continue to develop our business, we might sell or buy businesses or services.
In such transactions, personal information generally is one of the transferred business assets but
remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, you consent
otherwise). Also, in the unlikely event that APS or substantially all of its assets are acquired, your
information will of course be one of the transferred assets.

• Protection of APS and Others: We release account and other personal information when we believe
release is appropriate to comply with the law, enforce or apply our terms and other agreements, or
protect the rights, property, or security of APS, our customers, or others. This includes exchanging
information with other companies and organizations for fraud prevention and detection and credit risk
reduction.

• At Your Option: Other than as set out above, you will receive notice when personal information about
you might be shared with third parties, and you will have an opportunity to choose not to share the
information.

Depending on the scope of your interactions with APS Services, your personal information may be
stored in or accessed from multiple countries, including the United States. Whenever we transfer
personal information to other jurisdictions, we will ensure that the information is transferred in
accordance with this Privacy Notice and as permitted by applicable data protection laws.

At APS, security is our highest priority. We design our systems with your security and privacy in mind.

• We maintain a wide variety of compliance programs that validate our security controls.

• We protect the security of your information during transmission to or from APS websites, applications,
products, or services by using encryption protocols and software.

• We follow the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data.

• We maintain physical, electronic, and procedural safeguards in connection with the collection, storage,
and disclosure of personal information. Our security procedures mean that we may request proof of
identity before we disclose personal information to you.

You can view certain information about your account and your interactions with APS Services See Information
You Can Access for a list of examples of information that you can access. If you cannot access your information
yourself, you can always contact us for assistance.

You have choices about the collection and use of your personal information. Many APS Services include settings
that provide you with options as to how your information is being used. You can choose not to provide certain
information, but then you might not be able to take advantage of certain APS Services.

• Account Information: If you want to add, update, or delete information related to your account, please
contact us at MyData-ps@amazon.com. When you request to update or delete any information, we
usually keep a copy of the prior version for our records.

• Communications: If you do not want to receive promotional messages from us, please unsubscribe
using the link at the bottom of our communications, or adjust your communications practices by
contacting MyData-ps@amazon.com.

• Cookies Preferences: You can change your cookie preferences on APS sites at any time by clicking
“Cookie Preferences” in the footer of the APS site. You can also manage cookies through your browser
settings. The Help feature on most browsers and devices will tell you how to remove cookies from your
device, how to prevent your browser or device from accepting new cookies, how to have the browser
notify you when you receive a new cookie, or how to disable cookies altogether.

We don’t provide APS Services for children. If you’re under 18, you may use APS Services only with the
involvement of a parent or guardian.

APS Services may embed content provided by others or include links to other websites and applications. These
companies may collect information about you when you interact with their content or services. We are not
responsible for the practices of these companies. Please consult their privacy policies to learn about their data
practices.

We keep your personal information to enable your continued use of APS Services, for as long as it is required in
order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for
tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal
information varies depending on the purpose for its use, and we will delete your personal information in
accordance with applicable law.

If you have any concerns about privacy at APS, please contact us at MyData-ps@amazon.com with a thorough
description, and we will try to resolve the issue for you.

For any prospective or current customers of APS, our mailing address is: Payfort International FZ LLC, DP
Headquarters Building, 6th Floor, Al Falak Street, Dubai Internet City, Dubai, UAE, ATTN: Legal Director
If you interact with APS Services on behalf of or through your organization, then your personal information may
also be subject to your organization’s privacy practices, and you should direct privacy inquiries to your
organization.

Our business changes constantly, and our Privacy Notice may also change. You should check our websites
frequently to see recent changes. You can see the date on which the latest version of this Privacy Notice was
posted. Unless stated otherwise, our current Privacy Notice applies to all personal information we have about
you and your account. We stand behind the promises we make, however, and will never materially change our
policies and practices to make them less protective of personal information collected in the past without
informing affected customers and giving them a choice.

We provide additional information about our controllers and data protection officers (as applicable), the privacy,
collection, and use of personal information of prospective and current Merchants of APS Services located in
certain jurisdictions.

Kingdom of Saudi Arabia

• Controller of Personal Information. When PayFort Saudi Closed JSC is the provider of APS Services, Payfort Saudi
JSC, Building no. 3627, Shopping Front Project, 8166 King Khaled International Airport Road Postal Code 13413
Riyadh, Kingdom of Saudi Arabia, is the data controller of personal information collected or processed as part of
the onboarding of Merchants for the provision of APS Services.

Processing. We process your personal information on one or more of the following legal bases:

• as necessary to enter into a contract with you or a legal entity you represent, to perform our contractual
obligations, to provide APS Services, to respond to requests from you, or to provide customer support;
• where we have a legitimate interest, as described in this Privacy Notice (see How We Use Personal
Information above);
• as necessary to comply with relevant law and legal obligations, including to respond to lawful requests
and orders; or
• with your consent.


Information We Retain After Your Account is Closed.

• After the closure of your APS account, we may need to keep certain information for an additional period
of time for legal and legitimate business purposes. For example, we may retain personal information
such as your contact information (e.g., name, email address, physical address)and any invoices that APS
has sent to you (e.g., record of purchases, applicable discounts, and tax information) for tax and
accounting purposes. If applicable, APS may also retain records of communications with you, as well as
relevant logs (e.g., a log of your account closure) for dispute resolution purposes. We further may keep
records for preventing fraud and ensuring security, for example in case of misuse of our services or
violation of our terms.

Your Rights. Subject to applicable law, you have the right to:

• ask whether we hold personal information about you and request copies of such personal information
and information about how it is processed;
• request that inaccurate personal information is corrected;
• request deletion of personal information that is no longer necessary for the purposes underlying the
processing, processed based on withdrawn consent, or processed in non-compliance with applicable
legal requirements;
• request us to restrict the processing of personal information where the processing is inappropriate;
• object to the processing of personal information; and
• request portability of personal information that you have provided to us (which does not include
information derived from the collected information), where the processing of such personal
information is based on consent or a contract with you and is carried out by automated means.

Questions and Contacts. If you wish to do any of these things or have a data-protection related question, and
you are a customer of PayFort Saudi Closed JSC, please contact us at MyData-ps@amazon.com.

When you consent to our processing your personal information for a specified purpose, you may withdraw your
consent at any time, and we will stop any further processing of your data for that purpose.

Cookies. Please refer to our Cookies Notice.

Transfers outside of the Kingdom of Saudi Arabia. When we transfer your personal information outside the
Kingdom of Saudi Arabia, we do so in accordance with the terms of this Privacy Notice and applicable data
protection law.

Information You Give Us

You provide information to us when you:

• search for, subscribe to, or purchase APS Services;
• create or administer your APS account (and you might have more than one account if you have used
more than one email address when using APS Services);
• configure your settings for, provide data access permissions for, or otherwise interact with APS
Services;
• register for or attend an APS event;
• communicate with us by phone, email, or otherwise;
• complete a questionnaire, a support ticket, or other information request forms;
• post on APS websites or participate in community features; and
• employ notification services.

Depending on your use of APS Services, you might supply us with such information as:

• your name, email address, physical address, phone number, and other similar contact information;
• payment information, including credit card and bank account information;
• information about your location;
• information about your organization and your contacts, such as colleagues or people within your
organization;
• usernames, aliases, roles, and other authentication and security credential information;
• content of feedback, testimonials, inquiries, support tickets, and any phone conversations, chat
sessions and emails with or to us;
• your image (still, video, and in some cases 3-D) and other identifiers that are personal to you when you
attend an APS event or use certain APS Services;
• information regarding identity, including government-issued identification information;
• corporate and financial information; and
• VAT numbers and other tax identifiers.


Automatic Information

We collect information automatically when you:

• visit, interact with, or use APS Services (including when you use your computer or other device to
interact with APS Services);
• open emails or click on links in emails from us; and
• interact or communicate with us (such as when you attend an APS event or when you request customer
support).


Examples of the information we automatically collect include:

• network and connection information, such as the Internet protocol (IP) address used to connect your
computer or other device to the Internet and information about your Internet service provider;
• computer and device information, such as device, application, or browser type and version, browser
plug-in type and version, operating system, or time zone setting;
• the location of your device or computer;
• authentication and security credential information;
• APS Services metrics, such as offering usage, occurrences of technical errors, diagnostic reports, your
settings preferences, backup information, API calls, and other logs;
• the full Uniform Resource Locators (URL) clickstream to, through, and from our website (including date
and time) and APS Services, content you viewed or searched for, page response times, download errors,
and page interaction information (such as scrolling, clicks, and mouse-overs);
• email addresses and phone numbers used to contact us; and
• identifiers and information contained in cookies (see our Cookies Notice).


Information from Other Sources

Examples of information we receive from other sources include:

• marketing, sales generation, and recruitment information, including your name, email address, physical
address, phone number, and other similar contact information;
• subscription, purchase, support, or other information about your interactions with products and
services offered by us, our affiliates (such as APS training courses), or third parties in relation to APS
Services;
• search results and links, including paid listings (such as Sponsored Links); and
• credit history information from credit bureaus.

Information You Can Access

Examples of information you can access through APS Services include:
• your name, email address, physical address, phone number, and other similar contact information;
• usernames, aliases, roles, and other authentication and security credential information;
• your subscription, purchase, usage, billing, and payment history;
• payment settings, such as payment instrument information and billing preferences; and
• tax information.

Merchants can access the information above through the APS Merchant Dashboard.