Privacy

Who We Are

We are The Currency Cloud Group Limited.

We operate a proprietary payment platform that automates the payment lifecycle from receipt of funds through currency conversion and payment (our “Services“).

We are headquartered in England. Our company number is 06324658 and our registered office is at
Stewardship Building, 1st Floor, 12 Steward Street, London, England, E1 6FQ. All references in this policy to “Currencycloud” “our” “us” or “we” refer to our group companies; Currency Cloud Limited and Currency Cloud Services Limited in the United Kingdom, Currencycloud B.V. in the Netherlands, Currency Cloud Inc. in the USA, and suppliers which provide services to us, as appropriate. All references in this policy to our “Website“, are a reference to the website owned by Currencycloud at www.currencycloud.com.

Any questions related to data privacy may be directed to the Data Protection Officer (DPO)
contactable via email at dpo@currencycloud.com or via mail address post to:

The Data Protection Officer
The Currency Cloud Limited
1st Floor Stewardship Building
12 Steward Street
London
E1 6FQ

Our values and what this policy is for: We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information which you can find here in section 6.

In line with these values, this privacy policy tells you what to expect when we collect and use personal information about you. We have tried to make it easy for you to navigate so you can find the information that is most relevant to you and our relationship with you. If you have any feedback on this privacy policy, please let us know using our contact details in section 12

Who this policy applies to

This policy applies to:

  1. Visitors to our Website
  2. Customers and users of our Services
  3. Prospective customers
  4. People who contact us with enquiries
  5. Our suppliers and employees of our suppliers.

Depending on our relationship, we will collect and use your information in different ways. Please click on the links to the right to find out the information that we collect about you and how we use this information.

Your right to object

You have various rights in respect of our use of your personal information as set out in section 6 .  Two key rights are that you may:

  1. ask us to stop using your personal information for direct-marketing purposes.  If you exercise this right, we will stop using your personal information for this purpose; and
  2. ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person’s, legitimate interest.  

You can find out more information in section 6

What you need to do and your confirmation to us

Please read this privacy policy carefully to understand how we handle your personal information.

1. How we obtain your personal information

1.1 You may provide us with your personal information voluntarily. However, we may also receive information about you from third parties such as [marketing agencies, market research companies, our suppliers, contractors and consultants at our group companies, your colleagues and business contacts, public websites and public agencies], which we refer to as “third party sources” or “suppliers” throughout this policy.

1.2 You may give us personal information about yourself by using the online forms provided on our Website, completing forms for or at events, setting up an account with us, or by contacting us by phone, email or other means. This includes, for example, where you provide your personal information to us in order to receive information or Services from us (including when you use the demo facility on our Website). If you are a supplier, you may also give us personal information about you when you are offering or providing services to us.

2. Collection of your personal information and how we use it

Please go to the section or sections below that best describes our relationship with you to find out the information that we collect about you and how we use this information.  We refer to this as “personal information” throughout this policy.

2.1 Visitors to our website.

(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
(i)     your first and name;
(ii)    your company and/or personal email address;
(iii)   your telephone number;
(iv)   your company name;
(v)    your job title;
(vi)   your company’s industry, trade details and regulated status;
(vii)  general information about your interest in our products;
(viii) information provided when you correspond with us;
(ix)   any updates to information provided to us;
(x)    personal information we collect about you or that we obtain from our third party sources; and

(xi) the following information created and recorded automatically when you visit our Website:

(A) Technical information. This includes: the Internet protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform. We use this personal information to administer our Website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our webpages; and

(B) Information about your visit and your behaviour on our Website (for example, the pages that you click on). This may include the website you visit before and after visiting our Website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.

(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i)   to allow you to access and use our Website;
(ii)  to receive enquiries from you through the Website about our Services and Website;
(iii) for improvement and maintenance of our Website and to provide technical support for our Website;
(iv)  to ensure the security of our Website;
(v) to recognise you when you return to our Website, to store information about your preferences, and to allow us to customise our Website according to your individual interests; and
(vi) to evaluate your visit to the Website and prepare reports or compile statistics to understand the type of people who use our Website, how they use our Website and to make our Website more intuitive. Such details will be anonymised as far as reasonably possible and you will not be identifiable from the information collected.

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

(c) A word about cookies
(i) Some pages on our Website use cookies, which are small files placed on your internet browser when you visit our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.

(ii) Where we use cookies on our Website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Website or to use all the functionality provided through our Website.

(iii) For detailed information on the cookies we use and the purposes for which we use them, please refer to our cookies policy here https://www.currencycloud.com/legal/cookie-policy.

2.2 Customers and users of our service

(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
(i)    your first and last name;
(ii)   your company and/or personal email address;
(iii)  your telephone number;
(iv)  your company name;
(v)   your job title;
(vi)  your company’s industry, trade details and  regulated status;
(vii) general information about your interest in our – products and Services;
(viii) information provided when you correspond with us;
(ix)   any updates to information provided to us;
(x)    information you provide to help us provide you with improved Services, for example if we ask you to fill in a survey or questionnaire;
(xi)   information about your marketing preferences;
(xii)  details of transactions performed on our platform;
(xiii) when you use the Services or a third party processes a payment from you:
(A) payer name, date of birth, address, banking and identity document details for transactions performed;
(B) beneficiary name, date of birth, address, banking and identity document details for transactions performed.

(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to provide you with our Services and Website;
(ii) to perform transaction monitoring in order to identify transactions which involve fraud, money laundering or criminal offences, or are contrary to legal or regulatory requirements on us. This involves a type of automated decision making that may reject your transaction where its characteristics trigger a concern in relation to these areas;

  • if we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
  • A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
  • As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making as outlined in section 6 of this policy: if you want to know more please contact us using the details above.

(iii) to deal with any enquiries you have about our Services and Website;
(iv) to provide support for any issues you might have with our Services or Website, and undertake improvement and maintenance of our Services and Website;
(v) to send you certain communications (including by email) about our Services such as service announcements and operational messages (for example, about down time or maintenance);
(vi) to carry out statistical analysis and market research on people who may be interested in our Services;
(vii) to comply with our legal and regulatory obligations in relation to our Services (for example, to comply with the relevant Financial Conduct Authority regulatory requirements and guidance); and
(viii) if you have provided a personal email address and consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by email or post) with information about our Services which either you request, or which we feel will be of interest to you (including newsletters).

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

(c) Source of personal information. We may receive some of your personal information from third parties, such as your colleagues or business contacts that may feel our Services are relevant to you, or when you register for one of our events.

(d) Information we need to provide Services to you. We need certain types of personal information so that we can provide Services to you and perform contractual and other legal and regulatory obligations that we have. If you do not provide us with such personal information, or if you ask us to delete it, you may no longer be able to access our Services.

2.3 Prospective customers

(a) We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your first and name;
(ii) your company and/or personal email address;
(iii) your telephone number;
(iv) your company name;
(v) your job title;
(vi) your company’s industry, trade details and regulated status;
(vii) identification documents and/or information to verify your identity and details of the financial transactions you wish to execute on our Services;
(viii) general information about your interest in our products and Services;
(ix) information provided when you correspond with us;
(x) any updates to information provided to us;
(xi) your name, date of birth, known aliases and associated personal data we collect about you or that we obtain from our third party sources, for example, third party identity verification service providers.

(xii) employment details, device identifiers including IP address and vehicle details. 

(b) How we use your personal information
We will collect, use and store the personal information listed above as follows:
(i) we process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
(ii) if you have provided a personal email address and consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by email or post) with information about our products and Services which either you request, or which we feel will be of interest to you (including newsletters).

Please see sections 2.6 and 2.7 for more details about how we use your personal information.
Source of personal information.

(c) Source of personal information. We may receive some of your personal information from third parties, such as marketing agencies, your colleagues or business contacts that may feel our Services are relevant to you, or when you register for one of our events.

2.4 People who contact us with enquiries

We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your first and last name;
(ii) your company and/or personal email address;
(iii) your telephone number;
(iv) your company name;
(v) your job title;
(vi) your company’s industry, trade details and regulated status;
(vii) general information about your interest in our products and Services;
(viii) information provided when you correspond with us; and
(ix) any updates to information provided to us.

(b) How we use your personal information
We will collect, use and store the personal information listed above to deal with any enquiries or issues you have about our Services or our business. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes.

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

2.5 Our suppliers and employees of our suppliers who work for us.

(a) We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your first and last name;
(ii) company contact information (phone number, postal address, and email address);
(iii) your job title;
(iv) information provided when you correspond with us;
(v) any updates to information provided to us;
(vi) personal information we collect about you from third party sources such as LinkedIn; and
(vii) Work history/CVs, pitch and tender information.

(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to enable us to receive and manage services from you (including supplier due diligence, payment and expense reporting and financial audits);
(ii) to assess your working capacity;
(iii) to confirm information on CVs and performance reference checks, to assess you or your employer’s suitability to work for us;
(iv) for equal opportunities monitoring;
(v) for health and safety records and management;
(vi) for security vetting and criminal records checks (where applicable and allowed by law); and
(vii) for CCTV monitoring and other security of company facilities.

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

(c) Source of personal information. We may receive some of your personal information from third party sources, such as your employer or your employer’s company website. We may also collect this personal information from publicly-available sources, such as LinkedIn.

(d) Information we need to provide Services to you. Please note that we need certain types of personal information so that you or your employer can provide services to us. If you do not provide us with such personal information, or if you or your employer ask us to delete it, you may no longer be able to provide services to us.

 

2.6 Additional reasons

Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:
(a) to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;
(b) for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so;
(c) to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so;
(d) to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

2.7 Further processing

We will not use your personal information in any way that is incompatible with the purposes set out in this section 2. Please contact us using the details in section 12 if you want further information on the analysis we will undertake to establish if a new use of your personal information is compatible with these purposes.

3. Legal basis for use of your personal information

3.1 We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:
(a) our use of your personal information is necessary to perform our or a third party’s obligations under any contract with you (for example, to provide Services to you, to fulfil an order which you place with us or a third party, to comply with the terms of use of our Website which you accept by browsing our Website and/or to comply with our contract to provide services to or receive services from you or your employer); or
(b) our use of your personal information is necessary for complying with our legal obligations (for example, complying with our regulatory obligations to the Financial Conduct Authority); or
(c) where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our Website). Our legitimate interests are to:
(i) run, grow and develop our business;
(ii) operate our Website;
(iii) select appropriately skilled and qualified suppliers;
(iv) marketing, market research and business development;
(v) provide efficient and effective Services to our customers, make and receive payment and provide customer services;
(vi) place, track and ensure fulfilment of orders with our suppliers; and
(vii) for internal group administrative purposes.

If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details at section 12; or
(d) where you have provided a personal email address to us, we may process your personal information in some cases for marketing purposes on the basis of your consent.

If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at marketing@currencycloud.com and we will stop doing so.

4. How and why we share your personal information with others

4.1 We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of our Services to our customers, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).

4.2 We will share your personal information with the following third parties or categories of third parties:
(a) our service providers and sub-contractors, including but not limited to payment processors, foreign exchange, banking and compliance providers for the fulfilment of financial transactions, suppliers of technical and support services, insurers, logistic providers, and cloud service providers;

(b) the Financial Conduct Authority (and any other legal, regulatory or governmental body that we are required to disclose information to), credit control and debt collection agencies;

(c) companies that assist us in our marketing, advertising and promotional activities; and
(d) analytics and search engine providers that assist us in the improvement and optimisation of our Website.
4.3 Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.
4.4 We will also disclose your personal information to third parties:
(a) where it is in our legitimate interests to do so to run, grow and develop our business, such as:
(i) if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets; and
(ii) if substantially all of Currencycloud’s or any of its affiliates’ assets are acquired by a third party, in which case personal information held by Currencycloud will be one of the transferred assets;
(b) if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, any lawful request from government, regulator or law enforcement officials or prevent illegal activity;
(c) in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party or to prevent any illegal activity; or
(d) to protect the rights, property, or safety of Currencycloud, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

4.5 We may also disclose and use anonymised, aggregated reporting and statistics about users of our Website or our products and Services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

4.6 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

5. How long we store your personal information

5.1 We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

5.2 Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

6. Your Rights

6.1 You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at “support@currencycloud.com” at any time. You have the following rights:
(a) Right of access. You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the European Economic Area (“EEA”).
(b) Right to update your information. You have a right to request an update to any of your personal information which is out of date or incorrect.
(c) Right delete your information. You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 12. We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 12.
(d) Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 12.

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contract details in section 12.
(e) Right to stop marketing: You have a right to ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
(f) Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services.
This right only applies where we use your personal information on the basis of your consent or performance of a contract and where our use of your information is carried out by automated means.
(g) Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
6.2 We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

6.3 If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

7. Marketing

7.1 We may collect and use your personal information for undertaking marketing by email telephone and post.

7.2 We may send you certain marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing and business development purposes.

7.3 However, we will always obtain your consent to direct marketing communications where we are required to do so by law (for example, if you have provided a personal email address to us) and if we intend to disclose your personal information to any third party for such marketing.

7.4 If you wish to stop receiving marketing communications, you can contact us by email at marketing@currencycloud.com at any time.

8. Where we may transfer your personal information

8.1 Your personal information may be used, stored and/or accessed by staff operating outside the EEA working for us, other members of our group or suppliers, including in the USA, Thailand, Singapore, and the Ukraine. Further details on to whom your personal information may be disclosed are set out in section 4.

8.2 If we provide any personal information about you to any such non-EEA members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following permitted in Articles 45, 46 and 49 of the General Data Protection Regulation:
(a) in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them; or
(b) the transfer is necessary for the performance of a contract with you (e.g., to implement a payment instruction).

8.3 Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us our DPO by email at “dpo@currencycloud.com” at any time. 

8.4 Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

9. Risks and how we keep your personal information secure

9.1 The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private.

9.2 For this reason, Currencycloud is committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures. These include, include the classification of all data; encryption and access restrictions.

9.3 In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our Website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

9.4 Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We require you not to share a password with anyone.

10. Links to other websites

Our Website and Services may contain links and pages to other websites operated by third parties. Please note that this privacy policy applies only to the personal information that we collect through our Website and Services and we cannot be responsible for personal information that third parties may collect, store and use through their website. You should always read the privacy policy of each website you visit carefully.

11. Changes to our privacy policy

We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our privacy policy.

12. Further questions and how to make a complaint

12.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact our DPO by email at “dpo@currencycloud.com” or by post at the address set out in the ‘Overview’ section above. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

12.2 You may also make a complaint to the Information Commissioner’s Office, or (in certain circumstances) the data protection regulator in the country where you usually live or work and where an alleged infringement has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.

The practices described in this privacy policy statement are current as of 16 September 2020