This Privacy and Cookie Policy (“Privacy Policy”) outlines the commitment to your privacy and the protection of your information when you engage with our Services. It details the types of data collected, how it's utilised, and the safeguards in place to ensure your privacy rights are upheld. It applies to our website and all related sites, software, and tools (collectively, our “Services”). By accessing our Services, you consent to the data practices detailed in this Privacy Policy. Your rights regarding your data are paramount, including the option to decline its use for marketing purposes or any processing that doesn't align with a clear business necessity or public benefit. If you have any questions about how your information is gathered, stored, shared or used, please contact our Compliance department at [email protected].

Who we are

This Privacy Policy applies to Sika Box US Incorporated (“Sika Box,” “Sika,” “the Company,” “We,” “Us,” or “Our”), a technology company registered at The Green STE A, Dover, Delaware, 19901. Sika Box provides technology infrastructure to support secure cross-border transactions. All sensitive payment data is handled by certified third-party providers

Who This Privacy Policy Applies To

This Privacy Policy outlines how Sika Box handles personal data responsibly and transparently during our business operations. It applies to all individuals interacting with Sika Box — including employees, merchants, clients, service providers, and third-party partners — across our jurisdictions of operation: Canada, the United States, Kenya, Nigeria, and Ghana. While we engage with businesses, this Policy specifically governs the personal data of individuals within those entities. If you provide personal data about another individual, you must ensure you have obtained their explicit consent to do so. This Policy governs how we collect, use, store, transfer, and disclose personal data across our services, tools, websites, and internal systems. Sika Box is fully committed to protecting personal information in compliance with applicable data protection laws across all jurisdictions in which we operate. This includes, but is not limited to, adherence to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Nigeria Data Protection Regulation (NDPR). We regularly review and update our privacy practices to ensure secure, lawful, and transparent data handling aligned with both local and international regulatory standards. Sika Box's services are intended for use by individuals aged 18 and above. We do not knowingly collect or process data from minors.

The Information We Collect About You

To deliver tailored services and ensure a seamless experience, Sika Box collects personal and business-related information from individuals and organizations interacting with us. This data enables us to establish contact, understand your specific needs, fulfil regulatory obligations, and provide efficient service delivery.

Categories of Data We Collect

The categories of data we may collect, use, and store — depending on your relationship with us (as an employee, merchant, client, contractor, or third-party provider) — include:

• Personal Identification Information: Full name, phone number, email address, physical address; Government-issued identification documents; Tax Identification Numbers (TINs); Financial information (e.g., bank account details).
• Technical and Usage Data: IP address, browser type, time zone, and device information; Login credentials and usage patterns on our website and platforms; Navigation history, page views, session duration, and referral paths; Language settings and user preferences.
• Profile & Access Data: Usernames and passwords for platform access (e.g., Merchant Dashboard); Device activity logs (for employees/contractors using internal systems).
• Communication & Marketing Preferences: Contact details, professional role, and preferred communication channels; Opt-in or opt-out status for promotional communications.
• Financial and Business Data: Business registration documents; UBO declarations, PEP status, AML compliance forms (KYB/KYC); Bank account and transaction details; Service history and contractual records.
• Sensitive or Special Categories of Data: Biometric data (e.g., facial recognition during KYC); Criminal record checks, solely for fraud prevention or regulatory screening.
• Aggregated Data: Statistical summaries for internal reporting, research, or analytics.

How We Use Your Personal Data

Sika Box processes personal data solely for lawful and legitimate purposes, including regulatory compliance, service delivery, risk management, and continuous improvement.

• Performing KYC, AML, and due diligence checks
• Verifying identity and assessing risk
• Delivering requested services and fulfilling contracts
• Enhancing user experience and service quality
• Sending updates, offers, and compliance communications (with consent)
• Supporting internal operations and third-party collaboration where necessary
• Meeting legal and regulatory obligations

Data Retention

We retain onboarding documentation and personal data for a minimum of five (5) years from the date of last engagement or as otherwise required by applicable local or international laws. Data may be retained for a longer period if necessary to:

• Comply with legal, tax, or regulatory obligations
• Respond to inquiries from regulators or competent authorities
• Resolve disputes or enforce contractual rights

Data Security Measures

We apply industry-standard technical and organizational measures, including:

• Data anonymization
• Segregation of public, restricted/confidential and institutional data
• Access control by role and department
• Google Workspace with MFA
• Encrypted storage (at rest and in transit)
• Periodic review and access revocation

When We May Share Information We Collect

In accordance with this Privacy Policy, your personal data may be shared under certain conditions.

• Sika may share your information with other subsidiaries, affiliates for the purpose of the provision of our services or when such affiliates provide support services to Sika.
• Analytics and search engine providers that assist Us in the improvement and optimisation of our website and Merchant Dashboard.
• External consultants, vendors, and service providers might handle your data during service provision, including IT specialists who manage our digital platforms.
• Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes.
• Legal and regulatory demands may necessitate sharing your data with government and law enforcement.
• Additionally, we may exchange information with other organisations for fraud prevention and to safeguard our company's, merchants and end users' rights and safety.

International Data Transfers

As part of its global operations, Sika Box may transfer personal data to and from countries outside the user's country of residence. These transfers may involve jurisdictions that do not offer the same level of data protection as local laws. To ensure the ongoing protection of personal data across borders, Sika Box applies appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) or equivalent legal mechanisms
• Encryption of data in transit
• Contractual obligations requiring third parties to maintain robust security standards
• Ongoing due diligence of vendors handling personal data

Data Breach Notification

In the event of a confirmed or suspected data breach affecting personal information, Sika Box will promptly notify all impacted clients, users, and partners, in accordance with applicable data protection laws. Notifications will include:

• A description of the nature of the breach
• The categories of data involved
• The potential consequences
• The measures taken or to be taken to mitigate the effects and prevent recurrence
• Guidance on steps affected parties can take to protect themselves

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and correct your data
• Request erasure ("right to be forgotten")
• Restrict or object to processing
• File a complaint with a supervisory authority

Cookies and Tracking Technologies

Sika Box uses cookies and similar tracking technologies to enhance your browsing experience, improve website performance, and deliver personalized content and advertising. When you first visit our site, you will be presented with a cookie banner to manage your preferences in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK Privacy and Electronic Communications Regulations (PECR). You can choose to accept or reject different categories of cookies at any time. Please note that disabling certain types of cookies may affect your experience and limit the services we can provide.

Types of Cookies We Use

1. Strictly Necessary Cookies (Always Active): These cookies are essential for the operation of the website. They enable core functions such as security, network management, and accessibility. You cannot opt out of these cookies. 2. Analytics Cookies: These cookies help us understand how users interact with our website by collecting and reporting information anonymously. This data is used to improve website functionality and user experience. In some cases, analytics cookies may also support advertising measurement. 3. Managing Your Preferences You can update your cookie settings at any time through your browser settings or by clicking the "Cookie Preferences" link on our site. For users in jurisdictions requiring explicit consent (e.g., EU/UK), we will not place non-essential cookies without your permission.

Questions

For inquiries regarding our Privacy Policy or data handling practices, please reach out to our Compliance team at [email protected]. They are available to address any concerns or questions you may have, ensuring transparency and trust in our processes. Your privacy and the security of your data are important to us.

Changes to this Policy

This policy is reviewed annually or upon significant change in our operations or legal requirements. Any amendments will be effectively communicated on the website. The above statement reflects the latest modification as of the noted date. By continuing to access Our website and utilise the Services following any policy updates, you accept the conditions of the updated Privacy Policy.