Privacy Notice for Identity Verification

At Gaijin, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice outlines how we collect, process, and protect your personal data specifically for the purpose of identity verification. For information regarding the processing of your personal data in other aspects of our relationship, please refer to the relevant privacy documents provided to you based on the nature and basis of our interaction.

1. DATA CONTROLLER 

Your data is processed by Gaijin Network Ltd, a Cypriot company with registration number HE 312702 and registered office at 63 Ifigeneias Street, Office 302, Strovolos 2003, Nicosia, Cyprus. In some cases, other entities within Gaijin group, as indicated in the respective agreement with you, may also be considered data controllers. 

2. DATA WE COLLECT

- Full name;

- Email;

- Identification documents (e.g., passport, ID card);

- Selfie;

- Address.

3. PURPOSE OF PROCESSING

We collect and process your information for the following purposes:

- To comply with applicable laws and regulations, including Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements;

- To prevent and detect fraud;

- To communicate with you (e.g., via email, post mail).

4. LEGAL BASIS FOR PROCESSING

The processing of your personal data is carried out based on the following legal grounds:

- Consent: Data used in the identity verification process, such as your selfie and provided documents, is processed based on your explicit consent. 

- Legitimate Interest: We process your contact information based on our legitimate interest to communicate with you, protect our intellectual property and confidential information, as well as properly verify you as a counterparty to a respective agreement with you.

5. ALTERNATIVE OPTIONS

If you choose not to give your consent for automated identity verification or if you lack the required documents for this method, you can request an alternative verification method via video chat. During this video chat, you will show your identification document via camera to a person authorized by Gaijin. Alternative verification can be requested at the initial stage of cooperation or by referring to your regular point of contact at Gaijin.

6. DATA PROTECTION AND SECURITY

Your personal data is protected using encryption and stored securely, accessible only to authorized personnel. We implement technical and organizational measures to ensure a level of security appropriate to the risk.

7. DATA RETENTION

We retain verification data only for as long as necessary to fulfill the relevant verification purpose. It is generally retained for 30 days. Where additional information is required or further steps are needed to complete the verification and onboarding process, certain verification data may be retained for up to 90 days. Once the applicable retention period expires, the data is securely deleted.

Contact information is retained until the relevant purpose is achieved or until you exercise your right to opt out or request deletion.

8. HOW WE SHARE DATA

We share personal data with:

- Gaijin Affiliates, where necessary, to manage your relationship with Gaijin.

- Trusted identity verification service providers, located in the European Union, to perform verification services on our behalf. Information about their processing of personal data is available in their respective privacy policies:

• Checkin.com Group AB — https://checkin.com/privacy-policy
• Veriff OÜ — https://www.veriff.com/privacy-notice

When data is transferred outside the European Union, we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

9. YOUR RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

- Right to Access: Request access to the personal data we hold about you.

- Right to Rectification: Request correction of inaccurate or incomplete data.

- Right to Erasure: Request deletion of your personal data when no longer necessary or when processing is unlawful.

- Right to Restriction of Processing: Request restriction on processing in certain circumstances.

- Right to Data Portability: You can receive your personal data in a structured, commonly used, and machine-readable format, where technically feasible.

- Right to Object: You have the right to object to the processing of your personal data, where processing is based on legitimate interest. In such cases, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing.

- Right to Withdraw Consent: If you choose to withdraw consent for automated processing, you can request to complete identity verification via an alternative video conference method.

- Right to Lodge a Complaint: If you believe that your data protection rights have been violated, you have the right to complain with a supervisory authority. The competent supervisory authority is the Office of the Commissioner for Personal Data Protection in the Republic of Cyprus.

You may exercise your rights by contacting privacy@gaijin.net or your regular point of contact within the company.

10. FURTHER INFORMATION

For a comprehensive overview of our data protection practices, please refer to the relevant privacy documents provided to you at other stages of our interaction.

Last updated: April 17, 2026