Moneycorp Group (“Moneycorp” “we”, “our”, “us”) is committed to ensuring that your personal data is used correctly and in accordance with the highest standards of Data Protection Law.
Moneycorp Group means Moneycorp Technologies Limited, TTT Moneycorp Limited, Moneycorp CFX limited, Moneycorp Financial Risk Management Limited, Moneycorp US Inc. and their branches, subsidiaries, affiliates and sister companies set out here.
When this policy mentions “Moneycorp,” “we,” “us,” or “our,” it refers to the Moneycorp company that you have contacted (or been contacted by) or contracted with.
For the purposes of Data Protection Law, Moneycorp will be deemed a Controller or Joint Controller of your personal data unless you are either (a) a Moneycorp Explorer Card customer or (b) a Moneycorp client’s recipient/beneficiary in which case, Moneycorp is a Processor of your personal data.
Please see the “Definitions and Glossary” section to understand the meaning of some of the terms used in this Policy.
What personal data do we collect?
Information you provide us when you use our Services or contact our team:
- Details such as your name, gender, address, date of birth, telephone number, email address and social security number (U.S. citizens only).
- If you have a Moneycorp account online, log-in credentials such as your username, password, passcode and security question answers.
- Copies of documents you provide to prove your age or identity so we can satisfy our ‘Know Your Customer’ checks. For example, government issued ID, passport, driving licence, marriage certificate and utility bill.
- Copies of documents you provide to prove your source of funds. For example, your bank statement or payslip.
- Bank account details.
- Personal details of your payees (“Beneficiary Details”) – note: by providing this information to Moneycorp, you agree to have obtained the payee’s consent to their personal data being processed by Moneycorp in its capacity as a Processor.
Information we collect about you when you use our Services or contact our team:
- Details of the transactions you carry out when using our Services, including geographic location from which the transaction originates.
- In relation to our websites, we will log your Internet protocol (IP) address so that it recognised next time you visit.
- CCTV Images at our bureaux de change.
We will update the information we hold on you as and when you provide it to us during our communications with you. However, whenever possible, you should advise us if information we hold on you needs updating or is no longer accurate.
When do we collect personal data about you?
- When you visit any of our websites or download and install the Moneycorp app.
- When you make an enquiry about our Services or open an account with us online, over the telephone, by post or in person.
- When you ask us to provide our Services to you.
- When you make international payments online, over the telephone, by post or in person.
- When you reserve or purchase foreign currency with us online or in person at one of our bureaux de change.
- When you enter into a competition or take up a promotional offer.
- When you sign up to receive our daily brief, whitepapers and other general marketing from us.
- When you sign up to receive rate alerts from us.
- When you register for one of our webinars.
- When you have given a third party permission (e.g. a Referring Partner) to share with us your personal data.
- When you report a problem, make a query or issue a complaint about our Services.
- When you visit a Moneycorp travel money bureaux de change, you may be recorded on CCTV.
- During correspondence with Moneycorp employees (or persons acting on our behalf) over telephone, email, post or in person.
The “lawful basis” we rely on to process your personal data
Data Protection Law sets out six lawful basis that organisations, businesses and governments can rely on to collect and process personal data. Moneycorp predominately relies on the following:
This means processing your personal data where you have explicitly given us permission to do so.
Performance of a Contract
This means processing your personal data in order to fulfil our contractual obligations with you.
This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.
This means processing your personal data where we or a third party have a legitimate interest to do so. We make sure we consider and balance any potential impact on your rights before we process your personal data for our legitimate interests. Where our interests are overridden by a negative impact on your privacy rights, we will not process your personal data.
How do we use your personal data?
We may process your personal data for the following purposes, depending on how you interact with us.
1. To complete the delivery of our foreign exchange, bank, international payment and wholesale banknote services (the “Services”)
Without your personal data, we would not be able to open your moneycorp account, facilitate your foreign exchange transactions and complete the delivery of our services.
As part of our online account opening process, we will send you a one-off follow up registration email should you not complete the second page of the online account registration page. We will do this on the basis of our legitimate interests.
At the start of the relationship, Moneycorp may also call or email you to discuss the reasons for opening an account and your foreign exchange needs. We will do this on the basis of our legitimate interests.
When you login into your Moneycorp Account online, we will send you, via SMS or email, a one-time password as part of our two-factor authentication login process. We will do this to comply with our legal and regulatory obligations.
2. To respond to your queries and complaints
Without your personal data, we would not be able to effectively respond and handle queries or complaints. We may keep a record of our correspondence to demonstrate how we communicated with you throughout. We will do this on the basis of our legitimate interests and our legal obligations.
3. To comply with our legal and regulatory obligations
In order to meet our legal and regulatory requirements, we are required to carry out regulatory checks in order to prevent and detect fraud, money laundering, identity theft and other crimes.
4. To analyse, test and improve our systems and databases
We may use your personal data to ensure that our systems are tested thoroughly. This ensures that the system can cope with comparable volumes of information, that a wide range of realistic scenarios are covered, and that the test will reflect all the possible combinations that occur in the real environment. Test systems are isolated from external networks to ensure that live systems are not compromised. In addition, to ensure data is not compromised, we carry out various risk assessments, and have implemented safeguards to ensure data security. We will do this on the basis of our legitimate interests.
5. To develop new and improved products and services, including conducting market research and product analysis
6. For training and quality purposes
We are continually reviewing the quality of the services we provide in order to improve your experience with Moneycorp. We will do this on the basis of our legitimate interests.
7. To keep you informed about relevant products, special offers and market news
Moneycorp US Customers (Private & Corporate)
For Moneycorp US Inc. customers, we will keep you informed about relevant products, special offers and market news up and until you tell us otherwise (i.e. until you opt-out).
Moneycorp Technologies (Ireland), TTT Moneycorp, Moneycorp FRM and Moneycorp CFX Customers (Private)
For customers who agreed to receive to marketing before the 25th May 2018, we will continue to send you relevant products, special offers and market news unless you tell us otherwise (i.e. until you opt-out). We will rely on our legitimate interests and the soft opt-in exception made available by the Privacy and Electronic Communications Directive 2002 to do this.
For new private customers (inc. sole traders and non-limited partnerships), we will only keep you informed about relevant products, special offers and market news where you have explicitly consented.
Moneycorp Technologies (Ireland), TTT Moneycorp, Moneycorp FRM and Moneycorp CFX Customers (Corporate)
For new and existing corporate customers (exc. sole traders and non-limited partnerships) we will keep you informed about relevant products, special offers and market news up and until you tell us otherwise (i.e. until you opt-out).
You are free to opt out of receiving marketing communications from us at any time by one of the options set out in the “Managing your marketing preferences” section of this Policy.
Telephone & Email Recording
Telephone calls made and received by Moneycorp may be recorded and internally monitored for the purposes of:
- Ensuring that Moneycorp complies with its regulatory obligations;
- Evidencing your use of our Services;
- Investigating complaints;
- Gathering evidence in disputes; and
- Improving Moneycorp’s Services (training and quality control).
Moneycorp may also maintain a record of all emails sent by or to Moneycorp for the same purposes.
Who do we share your personal data with?
We may share your personal data with the following entities for the purposes described in this Policy:
1) Moneycorp subsidiaries, overseas branches and affiliate companies
A complete and up-to-date list can be found in the “Definition and Glossary” section of this Policy.
2) Third party service providers
- Agencies who provide credit referencing, identity & verification checks, adverse media checks, sanction screening, PEP checks and fraud prevention services.
- Auditors and professional advisers such as lawyers and consultants.
- Banks and financial services who facilitate our foreign exchange transactions and provide our Explorer Card product.
- Companies who host, support and maintain our website, databases, archives and other business systems.
- Companies who provide off-site hard copy information management facilities. Companies who provide Moneycorp with its customer relationship management applications.
- Companies who provide Moneycorp with its customer relationship management application.
- Companies who perform functions on our behalf in the areas of IT development, IT support, back office, compliance and finance.
- Companies that provide our email archiving and backup system.
- Companies that provide our telephone call recording system and tracking analysis software.
- Companies that carry out our direct marketing and research survey emails and texts.
- Companies that provide our online live chat platform.
- Companies who assist with providing our two-factor authentication security process.
- Companies that provide our online electronic signature software.
- Companies that provide our refer-a-friend programme.
- Companies that enable Moneycorp to collect customer reviews of its Services.
- Companies that provide our customer rewards and incentive scheme.
- Companies that provide Moneycorp with its appointment scheduling software.
- Companies that provide Moneycorp with its webinar platform.
- Cash-in-Transit Carriers (wholesale banknote clients only).
3) Public authorities & Regulatory Bodies
This will only be in response to lawful requests made from public authorities, regulatory bodies and law enforcement in order to meet national security, public interest and/or our legal and regulatory obligations.
4) Media Partners
Moneycorp provides its international payment services to and on behalf of a number of media companies. This includes Radio Times, Mail Finance, The Telegraph, City A.M., The Guardian, The Evening Standard, Sainsbury’s Bank and CNN (the “Media Partners”).
Moneycorp will not pass on your personal data to these Media Partners unless we either (a) have your explicit consent to do so or (b) you are a Mail Finance, Sainsbury’s Bank or Telegraph International Money Transfer customer.
For Mail Finance, Sainsbury’s Bank and Telegraph International Money Transfer customers, we will pass on your name and contact details to Mail Finance, Sainsbury’s Bank and the Telegraph so they can remove you from marketing intended for individuals who are not yet Main Finance, Sainsbury’s Bank or Telegraph International Money Transfer customers.
5) Referring Partners
If you have been referred to Moneycorp by a third party who you and Moneycorp both have a separate direct relationship with (e.g. an estate agent, law firm or an independent financial advisor), we may provide such third party with personal data relating to you (name & trading activity) in which they are interested in by virtue of Moneycorp’s agreement with them (e.g. for verifying and allocating commission earnt or to monitor the success of referrals) and where your interests and privacy rights do not override those interests.
6) Mastercard Prepaid Management Services
If you have a red or white Moneycorp Explorer Card, we will share your personal data with Mastercard Prepaid Management Services Limited (MPMS) who act as programme manager of the Explorer Card for and on behalf of the card issuer, Prepay Technologies Limited, who is the Controller of your personal data associated with your Explorer Card.
If you require any further details about your Moneycorp Explorer Card, then please contact MPMS at firstname.lastname@example.org
6) Other third parties
With your consent only, we may pass your data to a third party for their direct marketing purposes.
We may also pass your personal data to third parties for the purposes of administering Moneycorp promotions/prize draws/competitions you have entered in to. We will rely on our legitimate interests to do this.
In the event we sell divisions of our business, we may disclose your personal data to prospective purchasers and their advisers so they can evaluate the relevant business. We will rely on our legitimate interests to do this.
Please note our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
Sharing your personal data outside of the UK and EEA
To facilitate our global operations, the personal data that we collect from you may be transferred to, and stored at, destinations both in and outside the UK and EEA.
Where processed outside the UK and EEA, we will take appropriate steps to ensure your personal data still receives a level of protection that is consistent with UK and European data protection standards. For example, we will only share your personal data outside the UK and EEA if a) the location has received an adequacy decision from the UK government or European Commission b) we have an EU approved model clauses agreement in place or if the third party receiving your personal data has signed up to an UK or EU approved data sharing mechanism.
How do we protect your personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Personal data is protected by a defence in depth security programme that is aligned to best practice found in International Organisation for Standardisation (ISO 20071) and National Institute of Standards Technology (NIST) documentation. Protections include, but are not limited to, two-factor authentication, mature access control (with strict procedures around privileged access), network segmentation, standard security appliances (firewalls, IPS, AV, monitoring via SIEM), secure configuration and system hardening, monthly vulnerability assessments and yearly penetration tests, documented processes and procedures, DLP protection, rogue detection, and monthly rolling patch management and vulnerability remediation. Payment card information is tokenized to ensure it is protected. We also secure access to all transactional areas of our websites and apps using ‘https’.
We provide our employees with training and detailed information about our data handling practices through internal company policies such as our Data Protection Policy. All employees have to certify that they have read and understood the contents of our Data Protection Policy where is reviewed and updated on an annual basis. As well as our data protection policy, which governs how we process data throughout the Moneycorp Group, we have a separate suite of internal policies which govern areas such as information security and information classification.
If you know or have reason to believe that your Moneycorp account credentials have been lost, stolen or otherwise compromised or in case of any actual or suspected unauthorised use of your Moneycorp account, please contact us following the instructions in the Contact Us section below.
How long will we keep your personal data?
In accordance with our legal and regulatory obligations (for example, Money Laundering Regulations), we will retain your personal data for a period of six years from the end of your relationship with us (seven years if you are a Moneycorp PTY customer).
If you have not used your account for more than two years, it will be flagged as inactive and we’ll contact you to ask whether you want to keep it open. Unless you reply to say ‘yes’, we will close and deactivate your account.
If you inform us you longer wish to have a Moneycorp account, we will close and deactivate your account.
At the end of the retention period, your personal data will either be anonymised (so that it can only be used in a non-identifiable way for statistical analysis, business planning), made inaccessible or unintelligible (for system integrity purposes) or deleted completely. However, we may retain your information beyond this retention period if we have a legitimate business interest to do so (or we can rely on another lawful basis).
Your data protection rights
You have a number of rights under Data Protection Law which, in certain circumstances, you may be able to exercise in relation to the personal data we process about you. This includes:
Right to Access: You have a right to receive a copy of the personal data we hold about you. This is commonly known as a Data Subject Access Request. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required.
Right to Data Portability: You have a right to receive certain information you have provided to us in a ‘machine-readable’ format and/or request that we transmit it to a third party.
Right to Erasure: You have a right to request that we erase your personal data. However, we may not always be able to comply with your request of erasure for specific legal and regulatory reasons which will be notified to you, if applicable, at the time of your request.
Right to Object: In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection authority. Further details can be found in the "Contact" section of this Policy.
Right to Rectification: Where your personal data is inaccurate, out-of-date or incomplete, you have the right to request an amendment to it.
Right to Withdraw Consent: Where you have given us your consent to process your personal data, you have the right to change your mind at any time and withdraw that consent.
If you wish to exercise any of these rights, please get in touch by using the details in the “Contact Us” section below. Please note we may ask you to verify your identity before proceeding with any request you make. Once we have verified your identity, we will endeavour to respond to your request within 30 calendar days.
Managing your Moneycorp marketing preferences
There are a number of ways you can update or stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in marketing email communication that we send you. We will then stop any further emails from that particular business entity of Moneycorp. Please note that unsubscribe links are not included in service emails because you cannot unsubscribe from service emails.
- If you have a Moneycorp Bank or International Payments account, login into your account, visit the ‘My Account” section of the homepage and click on the “Manage my Communications” link.
- Email DataProtection@moneycorp.com or call +44 (0)20 3823 0009
If you have downloaded Moneycorp’s App (UK only) and wish to disable push notifications, you can do this by following the below steps:
For iOS Devices:
- Open your Settings app and tap “Notifications”
- Swipe up until you see the Moneycorp App
- Select the Moneycorp App and tap the check box next to “Allow Notifications” to disable
For Android Devices:
- Open your Settings app and tap “More”
- Tap Application Manager and select “Downloaded”
- Select the Moneycorp App and tap the check box next to “Show Notifications” to disable
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Moneycorp US Inc. Customers
If you are a Moneycorp US Inc. customer, your personal data will processed be in accordance with the terms of this Policy and applicable U.S federal and state law. For the purposes of this Policy, references to ‘personal data’ includes ‘non-public personal information’ as defined in The Gramm-Leach-Bliley-Act.
As part of the Moneycorp Group, please note your personal data may be stored and processed by other Group entities and third party service providers located outside the United States.
California Privacy Rights
Like all our clients, you have the right to request a copy of your personal information. Under the CCPA, you can also request that we disclose how we have collected, used, and shared your personal information over the past 12 months, including the categories of personal information we collected and our purposes for doing so; the categories of sources for that information; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so. California residents also have the right to submit a request for deletion of personal information under certain circumstances. If you wish to do any of these things, please contact us following the instructions in the Contact Us section below However, please note that you must verify your identity and request first before further action is taken. As a part of this process, government identification may be required.
California residents also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising one of their Californian privacy rights. Moneycorp does not sell the personal information of any of its clients and does not discriminate in response to privacy rights requests.
In accordance with the CCPA, Moneycorp will also (a) never share your personal information with third parties for their own direct marketing purposes without your consent or (b) collect new categories of personal information or use them for materially different purposes without first notifying you.
We value your feedback on our data protection processes and aim to resolve any and all complaints to your full satisfaction. We agree to ensure open lines of communication regarding your complaints, and that all complaints will be given an impartial internal review.
For any questions or complaints about the use or disclosure of your personal data, please contact our Data Protection Team via one of the following:
Post: Attn: Data Protection Team, Moneycorp, 24 Windsor Place, Dublin 2, Ireland (for EU-based clients) or Attn: Data Protection Team, Moneycorp, Floor 5, Zig Zag Building, 70 Victoria Street, London, SW1E 6SQ (for UK-based clients, Non-EU & Non-US clients).
If you are based in the US and have any questions about this Policy or believe our customer records contain incorrect information about you, please contact us on 1-800-239-2389 or email us at Legal.US@moneycorp.com.
Contacting the Regulator:
If you feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data,you have the right to lodge a complaint with your national Data Protection Authority.
In the UK, this is the Information Commissioner’s Office. You can contact them by visiting https://ico.org.uk/global/privacy-notice/how-you-can-contact-us/
In Ireland, this is the Data Protection Commission. You can contact them by visiting https://www.dataprotection.ie/en/contact/how-contact-us
For a complete list of all European Data Protection Authorities, click here: https://ec.europa.eu.
For US customers, complaints can be made to the Federal Trade Commission – https://www.ftc.gov.
For Australia customers, complaints can be lodged with the Office of the Australian Information Commissioner – https://www.oaic.gov.au.
For Hong Kong customers, complaints can be lodged with the Privacy Commissioner for Personal Data – https://www.pcpd.org.hk.
For Canadian customers, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada, or in some Canadian provinces, your local Privacy Commissioner.
For other non-data protection matters, please contact your Account Executive or your usual point of contact. You can also speak to a member of our team by calling Customer Services here.
Effective Date: 25th May 2018
Last Modified: 17th December 2020
We reserve the right to amend this Policy from time to time without notice in order to be consistent with Data Protection Law requirements. Where we do make significant changes to this Policy, we will take appropriate steps to bring those changes to your attention.
Glossary and Definitions
|Controller or Joint Controller|| |
This means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
|Data Protection Law|| |
This means the EU General Data Protection Regulation 2016/679 (GDPR) and European Member’s States national implementing legislations; the e-Privacy Directive 2002/58/EC (as amended by Directive 2008/136/EC) and European Member’s States national implementing legislations; US Federal Law (including, but not limited to The Federal Trade Commission Act, The Gramm-Leach-Bliley-Act of 1999 (GLBA), The CAN-SPAM Act 2003 and the Telephone Consumer Protection Act) (applicable to Moneycorp Inc and Moneycorp US Inc. only); US State Law (including, but not limited to The California Consumer Privacy Act 2018, The Standards for The Protection of Personal Information of Residents of the Commonwealth and The Florida Information Protection Act (applicable to Moneycorp Inc and Moneycorp US Inc. only); The Australian Privacy Act 1988 and the Spam Act 2003 (applicable to TTT Moneycorp PTY Limited only); The Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (Ordinance) (PCDP) (applicable to Moneycorp (Hong Kong) Limited only); The Data Protection Regulations 2020 ( Data Protection Law DIFC Law No. 5 of 2020) (UAE representative office only); and The Lei Geral de Proteção de Dados (No. 13, 709/18), The Internet Bill of Rights Law (Marco Civil da Internet) and The Consumer Protection Code (Código de Defesa do Consumidor) (applicable to Moneycorp Banco de Câmbio only).
|European Economic Area|| |
The means the countries of the European Union and members countries of the European Trade Association. A complete list of applicable countries can be found at: https://www.gov.uk/eu-eea
|Moneycorp Group|| |
This includes: Moneycorp Bank Limited (Gibraltar); Moneycorp CFX Limited (UK); Moneycorp Financial Risk Management Limited (UK) including Irish and Spanish branches; Moneycorp (Hong Kong) Limited (including UK branch); Moneycorp Shared Services Limited (UK); Moneycorp S.L.U. (Spain); Moneycorp Technologies Limited (UK); Moneycorp Technologies Limited (Ireland);Moneycorp Inc. (U.S.). Moneycorp US Inc. (U.S); Moneycorp Banco de Câmbio (Brazil); TTT Moneycorp Limited (UK) including French, Irish, Romanian and Spanish branches and UAE Representative Office. For full details including company registration numbers and addresses please click here.
|Personal Data|| |
This means information that can be used to directly or indirectly identify a living person. Also referred to as ‘personal information’, ‘personally identifiable information’ and ‘non-public personal information’.
This means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
|Process, Processing, Processed|| |
This means operation or set of operations which are performed on data. This includes collecting, viewing, recording, organising, structuring, storing, using and destroying.
|Referring Partner|| |
This means an entity who has referred an individual or company to a Moneycorp Group establishment in order to engage in our services. They are also known as Introducers and include property agents, law firms, financial accountants and banks.
This means our foreign exchange, international payment and bank products and services provided by Moneycorp Group companies.