1. INTRODUCTION

WRKR Holding Co. ”WRKR ”, ”we ”, ”our ”, or ”us” is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our digital services, platforms, and infrastructure solutions.

As a strategic investment holding company operating at the intersection of public and private sectors, we understand the critical importance of maintaining trust through transparent data practices. This policy applies to all users of our services, including government agencies, corporate clients, and individual citizens accessing our digital public infrastructure.

This Privacy Policy has been designed to comply with applicable privacy laws worldwide, including but not limited to the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Protection of Personal Information Act (POPIA) of South Africa, the Nigeria Data Protection Regulation (NDPR), and other applicable national and regional data protection laws.

2. WHO WE ARE

WRKR Holding Co. is a strategic investment holding company founded on the principle that digital infrastructure should be accessible to everyone. We combine technical expertise with practical implementation strategies to deliver solutions that transform how governments serve citizens and how businesses meet regulatory requirements. Our subsidiary ecosystem includes Piipul, Slice Finance, and Uhuru, creating integrated solutions for both public and private sectors.

3. INFORMATION WE COLLECT

3.1 Information You Provide to Us

Depending on the services you use, you may provide us with:

• Personal Identification Information: Name, government ID numbers, contact details, biometric data (where legally permitted and with appropriate consent), and other information required for identity verification systems.
• Contact Information: Email address, phone number, physical address, alternative contact details.
• Financial Information: Payment details, transaction history, bank account information, credit information, and other financial data necessary for digital payment solutions.
• Account Information: Login credentials, user preferences, profile information, authentication data.
• Service-Specific Information: Information required to provide specific government services, licensing, permits, or other functionality.
• Communications: Records of your communications with us, including support requests, feedback, and survey responses.
• Documentation: Copies of identification documents, proof of address, and other documentation required for KYC (Know Your Customer) and regulatory compliance.

3.2 Information We Collect Automatically

When you interact with our platforms, we may automatically collect:

• Device Information: Device type, hardware model, operating system version, unique device identifiers, browser type, language settings, mobile network information.
• Log Data: IP address, access times, pages viewed, features used, actions taken on our platforms, referring websites, crash reports, system activity, and timestamps.
• Location Data: General location information derived from IP address or more precise location when permitted by settings and device permissions.
• Usage Information: How you interact with our services, features accessed, time spent on platforms, search queries, frequency of use, and interaction patterns.
• Network Information: Information about your connection, including connection speed, latency, and network performance.
• Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar technologies as detailed in our Cookie Policy.

3.3 Information From Third Parties

We may receive information about you from:

• Government agencies as part of our service delivery partnerships
• Financial institutions for payment processing and verification
• Identity verification and authentication services
• Credit reference agencies and fraud prevention services
• Business partners and service providers
• Publicly available sources and databases
• Other authorized third parties necessary to provide our services

3.4 Special Categories of Personal Data

In limited circumstances and only where permitted by law, we may process special categories of personal data (also known as sensitive personal data) such as:

• Biometric data for identification purposes
• Information about criminal convictions for regulatory compliance
• Health information for specific service delivery requirements

We only process such data where we have a valid legal basis and appropriate safeguards in place.

4. HOW WE USE YOUR INFORMATION

We use your information to:

• Deliver and improve our digital public infrastructure services
• Process transactions and administer payment systems
• Verify identity for secure access to government services
• Comply with legal obligations and regulatory requirements
• Detect and prevent fraud, unauthorized access, and other security threats
• Analyze usage patterns to improve service efficiency
• Communicate with you about your account and our services
• Provide customer support and resolve issues
• Develop new services and features based on user needs
• Personalize your experience with our services
• Conduct research and analytics to improve our infrastructure
• Enforce our terms, conditions, and policies
• Protect the rights, property, or safety of WRKR Holding Co., our users, or others
• Fulfill any other purpose for which you provided the information
• Complete government service delivery functions in our role as a service provider

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

5. LEGAL BASIS FOR PROCESSING

We process your personal information based on one or more of the following legal bases:

• Contractual Necessity: To fulfill our obligations in contracts with you or government partners, including delivering services you have requested or preparing to enter into a contract with you.
• Legal Obligation: To comply with applicable laws, regulations, court orders, government requests, or other legal requirements.
• Legitimate Interests: To operate and improve our services, protect against fraud and security threats, analyze and enhance our offerings, or conduct our business effectively, provided these interests are not overridden by your fundamental rights and freedoms.
• Public Interest: For the performance of tasks carried out in the public interest or in the exercise of official authority vested in us, particularly regarding our government service partnerships.
• Consent: Where you have explicitly agreed to the processing of your personal data for one or more specific purposes. You have the right to withdraw your consent at any time.
• Vital Interests: To protect someone's life, health, or safety in exceptional circumstances.

For special categories of personal data, we process such information only where:

• You have given explicit consent
• Processing is necessary for carrying out obligations in the field of employment, social security, or social protection law
• Processing is necessary to protect your vital interests or those of another person where you are physically or legally incapable of giving consent
• Processing is necessary for the establishment, exercise, or defense of legal claims
• Processing is necessary for reasons of substantial public interest, on the basis of applicable law

6. HOW WE SHARE YOUR INFORMATION

We may share your information with:

6.1 Service Providers and Partners

• Technology providers and data processors that help deliver our services
• Government agencies with whom we partner to deliver public services
• Payment processors and financial institutions for transaction processing
• Identity verification and authentication services
• Cloud hosting and storage providers
• Analytics and research partners
• Communication and customer support services
• Professional advisors including lawyers, auditors, and insurers

We only share information that is necessary for these providers to perform their functions, and they are contractually obligated to protect your information and prohibited from using it for any other purpose.

6.2 Legal Requirements

• In response to lawful requests from public authorities, including to meet national security or law enforcement requirements
• To comply with legal process, applicable laws, or regulations
• To protect our rights, privacy, safety, or property, or that of our users or others
• To detect, prevent, or address fraud, security issues, or technical problems
• To enforce our terms of service or other agreements

6.3 Business Transfers

• In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets
• As part of due diligence for such transactions
• To a successor entity, provided they continue to honor the promises in this Privacy Policy

6.4 With Your Consent

• Where you have explicitly consented to the sharing of your information
• For any other purpose disclosed to you at the time we collect your information

We implement appropriate safeguards when sharing data with third parties and require them to respect the security and privacy of your information through contractual provisions and compliance verification.

6.5 Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, statistical analysis, and other business purposes.

7. DATA SECURITY

WRKR Holding Co. implements robust security measures to protect your personal information, including:

• End-to-end encryption of sensitive data in transit and at rest
• Multi-factor authentication and strong access controls
• Regular security assessments, vulnerability scanning, and penetration testing
• Advanced threat detection and prevention systems
• Physical, technical, and administrative safeguards for our systems
• Employee training on data protection, security, and privacy best practices
• Vendor security assessment and ongoing monitoring
• Incident response planning and simulation exercises
• Continuous monitoring and system logging
• Regular security updates and patch management

We maintain a comprehensive information security program that is regularly reviewed and updated to address emerging threats and vulnerabilities. Our security practices are designed to comply with international standards, including ISO 27001 and NIST frameworks.

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We strive to protect your personal information but cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, please immediately notify us using the contact information in Section 14.

8. DATA RETENTION

We retain your personal information for as long as necessary to:

• Provide the services you have requested
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Meet legitimate business purposes
• Fulfill government service delivery requirements

We implement data minimization principles an

8. DATA RETENTION

We retain your personal information for as long as necessary to:

• Provide the services you have requested
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Meet legitimate business purposes
• Fulfill government service delivery requirements

We implement data minimization principles and regularly review our retention practices to ensure we only keep information as long as necessary. Our retention periods consider:

• The nature and sensitivity of the information
• Potential risks of harm from unauthorized use or disclosure
• Purposes for which we process the data and whether we can achieve these purposes by other means
• Applicable legal, regulatory, tax, accounting, or reporting requirements
• Contractual obligations with our clients and partners

When personal information is no longer necessary, we securely delete or anonymize it in accordance with our data retention policy and applicable laws. In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. YOUR PRIVACY RIGHTS

Depending on applicable laws and your location, you may have rights to:

• Access: Request confirmation of whether we process your personal information and receive a copy of that information.
• Correction: Request that we correct inaccurate or incomplete personal information about you.
• Deletion: Request that we delete your personal information in certain circumstances, subject to legal retention requirements.
• Restriction: Request that we temporarily or permanently stop processing all or some of your personal information.
• Object: Object to our processing of your personal information based on our legitimate interests or for direct marketing purposes.
• Data Portability: Request a copy of your personal information in a structured, commonly used, and machine-readable format or request transmission to another controller where technically feasible.
• Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your personal information.
• Non-Discrimination: Not be subject to discrimination for exercising your privacy rights.
• Opt-Out of Sale/Sharing: Where applicable, opt out of the ”sale ” or ”sharing ” of your personal information as defined under relevant laws.
• Automated Decisions: Contest automated decisions made about you that produce legal or similarly significant effects and request human intervention.
• Complaint: Lodge a complaint with a supervisory authority.

Different rights apply in different regions, and some rights are subject to certain exceptions and limitations. We will respond to your requests within the timeframe prescribed by applicable law (generally 30 days for most jurisdictions).

To exercise these rights, please contact us using the information in Section 14. We may need to verify your identity before fulfilling your request. If we cannot fulfill your request, we will explain why.

10. CROSS-BORDER DATA TRANSFERS

As a company operating across multiple African countries (including Nigeria, Ghana, South Africa, and Kenya) and globally, we may transfer your information across borders to deliver our services. When we transfer personal information to countries other than the one in which you are located, we implement appropriate safeguards in compliance with applicable data protection laws.

• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Adequacy Decisions
• Derogations for specific transfers
• Additional Safeguards such as encryption and pseudonymization

We conduct transfer impact assessments to evaluate the risks and ensure your information remains protected regardless of location. For more information, please contact us using the details in Section 14.

11. CHILDREN'S PRIVACY

Our services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18 without appropriate parental or guardian consent.

If you believe we have inadvertently collected information from a child under 18, please contact us using the information provided in Section 14.

For educational services, we comply with applicable laws such as FERPA and COPPA.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. When we make material changes, we will:

• Post the updated Privacy Policy on our platforms
• Update the “Last Updated” date
• Provide notice through our applications or via email
• Obtain consent where required by law

Your continued use of our services after updates constitutes your acceptance. If you do not agree, you may discontinue use of our services.

13. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to recognize you, remember preferences, and improve your experience. These include:

• Essential Cookies
• Analytical/Performance Cookies
• Functionality Cookies
• Targeting/Advertising Cookies
• Social Media Cookies

You can manage cookie preferences through your browser settings. Please note that some features may not function properly if cookies are disabled.

Our websites currently do not respond to “Do Not Track” signals.

14. CONTACT US

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

• Email: privacy@getwrkr.com
• Website: www.getwrkr.com
• Phone: +1-646-631-6118
• Data Protection Officer: dpo@getwrkr.com

For urgent matters, please mark your email as ”Urgent Privacy Concern ”.

15. DISPUTE RESOLUTION

If we cannot resolve your complaint directly, you may have the right to lodge a complaint with your local data protection authority. You may also:

• Pursue binding arbitration
• Seek judicial redress
• Use alternative dispute resolution programs

You agree any dispute will be resolved individually, and you waive participation in any class or collective actions.

16. ADDITIONAL DISCLOSURES

• Data Controller and Processor: WRKR may act as either a controller or processor depending on the service context.
• Joint Controllers: In some cases, we and our partners may jointly control your data.
• Automated Decision-Making: We use safeguards like human oversight and bias testing where required.
• Data Processing Records: We maintain detailed records of processing activities to comply with legal requirements.

By using our services, you acknowledge that you have read and understood this Privacy Policy.