Privacy Policy

1. Introduction and Scope

Welcome to ONEX (operated by the legal entity defined in our Terms of Service, hereinafter referred to as "ONEX", "we", "us", or "our"). We are committed to protecting the privacy of our customers and the security of their data.

This Privacy Policy (the "Policy") explains how we collect, process, disclose, and protect personal and corporate information when you access or use the ONEX platform (the "Platform"), our website at https://onex.center (the "Website"), and the financial settlement and B2B invoice payment services we provide (collectively, the "Services").

This Policy applies to our corporate clients, their representatives, employees, and beneficial owners (collectively, "Users" or "you"). Our Services are strictly B2B (business-to-business) and are not intended for individuals acting in a personal or household capacity.

2. Information We Collect

To provide our international supplier settlement services and ensure compliance with strict financial regulations, we collect the following categories of information:

A. Corporate and KYB (Know Your Business) Information

• Entity Details: Legal name, trade name, country of incorporation, date of establishment, registration number, and corporate tax identification number.
• Address Details: Registered office address, primary business location, and proof of address (e.g., utility bills, corporate bank statements).
• Ownership Structure: Shareholder registry, organograms, and details of Ultimate Beneficial Owners (UBOs) holding 25% or more of the entity's equity or voting rights.
• Business Activity: Industry type, website URL, source of funds, and estimated monthly transaction volumes.

B. Representative and Personal Information (KYC)

• Identity Details: Full legal name, date of birth, nationality, gender, and copy of a valid government-issued identification document (e.g., passport, national ID card, driver's license).
• Proof of Identification: Live photographic selfie or video verification to confirm the identity of authorized representatives.
• Contact Information: Corporate email address, telephone number, and physical office address.
• Employment Context: Job title, role within the organization, and power of attorney or board resolution authorizing representation of the corporate client.

C. Transactional and Financial Information

• Settlement Details: Recipient supplier details, supplier bank name, SWIFT/BIC code, account number or IBAN, intermediary bank routing info, and invoice documents (detailing goods, services, amounts, and dates).
• Payment Operations: Originating bank account details, routing codes, amounts, transaction dates, and conversion rates fixed for the settlement.
• Digital Asset Logs: Crypto wallet addresses, hash signatures, and blockchain transaction IDs associated with payments or settlements.

D. Technical and Usage Data

• Device and Connection Details: IP address, device type, operating system version, browser type, network provider, and geographic location.
• Access Logs: Time of access, pages viewed, time spent on the Website, clickstream data, and system events.

3. Legal Bases for Processing

We process your data under the following legal bases:

1. Contractual Necessity: To perform our obligations under our service agreements, process B2B payments, and manage your account.
2. Legal and Regulatory Compliance: To satisfy our statutory obligations, including but not limited to Anti-Money Laundering (AML), Counter-Terrorism Financing (CFT), and Know Your Customer (KYC) compliance under applicable international financial regulations.
3. Legitimate Interests: To protect our Platform against fraud, maintain security, optimize server performance, and conduct internal analytics to improve our Platform's efficiency.
4. Consent: Where you have explicitly provided consent (e.g., for optional marketing communication or cookie preferences).

4. How We Use Your Data

ONEX processes the collected data for the following specific purposes:

• Corporate KYB & Individual KYC Verification: Assessing applications, validating corporate structures, performing sanctions list checks, and executing mandatory AML/CFT verifications.
• Processing and Settling Invoices: Routing international payments to suppliers, managing currencies (USD, CNY, AED, TRY, EUR), and executing conversions.
• Platform Maintenance and Security: Monitoring transaction patterns to identify anomalies, detecting and preventing financial fraud, protecting infrastructure against cyber threats, and managing server logs.
• Client Support: Responding to inquiries, resolving billing disputes, and managing transactions.
• Regulatory Reporting: Submitting periodic reports, tax disclosures, or complying with requests from financial authorities and law enforcement.

5. Sharing and Disclosure of Information

We do not sell your personal or corporate data. To execute global settlements and maintain compliance, we may share information with:

• Banking Partners and Financial Institutions: Correspondent banks, local clearing networks, digital asset custodians, and liquidity providers involved in the routing and execution of cross-border settlements.
• Compliance and Verification Providers: Third-party services that perform identity verification (KYC/KYB), sanctions scanning, and fraud prevention checks.
• Regulatory and Law Enforcement Authorities: Financial intelligence units, tax authorities, and legal bodies when we are under a statutory obligation to do so.
• Professional Advisors: Auditing firms, legal counsel, and consultants to ensure company governance and operational safety.

6. International Data Transfers

Because ONEX operates a global cross-border payments infrastructure, your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have different data protection regulations.

When transferring data across borders, we implement necessary safeguards, including entering into Standard Contractual Clauses (SCCs) approved by the European Commission, and ensuring that our banking and liquidity providers comply with equivalent security and data privacy frameworks.

7. Data Retention

We retain your information only as long as necessary to fulfill the purposes for which it was collected, or to comply with applicable statutory laws.

• AML/KYC Compliance Records: Under global financial guidelines (including FATF and EU AML Directives), we are required to retain identity verification documents, corporate files, and transaction histories for a minimum of five (5) to seven (7) years following the termination of the business relationship.
• General Technical Logs: Server logs and usage metadata are typically retained for up to twelve (12) months unless required for security audits or active investigations.

8. Security Measures

ONEX employs institutional-grade security architecture to protect your data:

• Encryption: All data in transit is encrypted using TLS 1.3 protocols, and all data at rest is encrypted using AES-256 algorithms.
• Access Controls: Strict internal access policies restrict data access only to authorized compliance officers and systems engineering personnel on a need-to-know basis.
• Security Audits: Regular penetration testing, vulnerability scanning, and compliance audits of our digital assets and server infrastructure.
• Redundancy: Multi-zone backups and failover configurations to protect against data loss or service disruption.

9. Your Privacy Rights

Depending on your jurisdiction (such as under the GDPR or local data protection frameworks), you may have the following rights:

• Right to Access: Request a copy of the personal and corporate data we hold about you.
• Right to Rectification: Request corrections to incomplete or inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to our overriding legal obligations to retain transaction and compliance logs for AML purposes.
• Right to Restrict or Object: Limit how we process your data or object to processing based on legitimate interests.
• Right to Data Portability: Request transfer of your data to another service provider in a structured, machine-readable format.

To exercise any of these rights, please contact our compliance desk at the email address provided in Section 11.

10. Cookies and Tracking

We use necessary, functional, and analytical cookies on our Website to improve your user experience and monitor Platform performance.

• Necessary Cookies: Essential for the Website to function securely, such as remembering your language preference or dark mode settings.
• Analytical Cookies: Help us analyze traffic patterns and identify usability bottlenecks. These are anonymized and do not track individual users.

You can manage your cookie preferences directly in your browser settings.

11. Policy Updates and Contact Information

We may update this Privacy Policy periodically to reflect changes in our Services, operational procedures, or global legal requirements. We will notify you of any material changes by posting the updated Policy on this page and updating the "Last updated" date at the bottom.

If you have any questions, concerns, or requests regarding this Privacy Policy or how ONEX handles your business data, please contact our compliance desk:

Compliance Desk & Data Protection Officer - Email: compliance@onex.center - Address: ONEX Compliance Department (as detailed in corporate registry agreements)