Privacy Policy-
Personal Data Protection

23 March 2026

1. Introduction

OSolto is an intermediary in international payments and currency exchange, registered with ORIAS and operating within the regulatory framework defined by ACPR, with its headquarters located at 60 rue François 1er, 75008 Paris. By using our Site, you agree to the practices described in this policy, in accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and the Data Protection Act of 6 January 1978.

2. Information that we collect

Personal Data: We may collect information such as your name, email address, phone number, postal address, and financial data (IBAN, transaction history) when you voluntarily provide them through the forms on our Site or in the context of account opening.

Non-Personal Data: We may collect technical information such as browser type, operating system, and IP address to improve the functionality of our Site.

3. Use of information

We use the information collected for:

Providing, operating, and managing our Site and services
Executing international payments and currency operations
Complying with our legal and regulatory obligations (AML-CFT, ACPR)
Preventing fraud and ensuring the security of transactions
Sending you communications related to your contracts and, with your prior consent, commercial information

4. Sharing of information

We do not sell, trade, or transfer your personal data to third parties without your consent, except in the following cases: our technical partners (including Currencycloud, a payment service provider regulated by the FCA) involved in the execution of services, the relevant administrative and judicial authorities as part of our legal obligations, and subcontractors bound by contractual confidentiality obligations. Any transfer outside the European Union is governed by the standard contractual clauses of the European Commission.

5. Data retention

Your personal data is kept for the entire duration of the contractual relationship, and then for 5 years from the end of the contract. In the absence of a concluded contract, the data is retained for 3 years from the last contact. These periods may be extended in the event of ongoing legal proceedings or a specific regulatory obligation.

6. Security

We implement appropriate technical and organisational measures to protect your personal data: encryption of data in transit, strict access control for authorised personnel, and hosting on secure systems. These practices are regularly assessed and updated. However, no electronic transmission or storage system is completely infallible.

7. Your rights

In accordance with the GDPR, you have the right of access, rectification, erasure, objection, data portability, and withdrawal of consent regarding your personal data. To exercise these rights, please contact us at info@osolto.com or by mail at the address: OSolto — DPO, 60 rue François 1er, 75008 Paris. We are committed to responding within 30 days. If you are not satisfied with our response, you can lodge a complaint with the CNIL: www.cnil.fr/fr/plaintes.

8. Amendments to this policy

We reserve the right to modify this Privacy Policy at any time. Changes will be posted on this page with the date of the update. We encourage you to check this page regularly.