Currency Matters Limited, the Company, needs to keep and process information about you for normal business purposes.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) which come into effect from 25th May 2018, you have several rights regarding your personal data and this document explains the types of data that the Company holds, the reasons for requesting it, and the purposes for which data is used.
The Company will keep and use data to enable it to run the business and manage the relationship with you effectively, lawfully and appropriately, during the account on-boarding process, whilst you are a client and when your relationship with the Company ends.
This includes using information to enable us to comply with regulatory and statutory obligations, the Company’s contract with the client and with any legal requirements.
The Company’s lawful basis for collecting and processing of client data are: Contractual, Legal Obligation (regulatory and statutory), Legitimate Interest and Consensual.
As a regulated financial company pursuing payment and foreign exchange activities, the Company may sometimes need to process a client’s data to pursue legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes and to protect the Company’s legal position in the event of legal proceedings.
If a client does not provide this data, the Company may be unable, in some circumstances, to comply with its obligations and the client will be informed about the implications of that decision.
Much of the information that the Company holds will have been provided by the client, but some may come from other sources, such as identity verification services.
The type of information the Company holds includes:
- Account application form and supporting documents
- Framework Contract and any amendments to it
- Correspondence with or about you (e.g. e-mails)
- Information needed for executing payments
- Contact and account user details
- Records of transaction
- Information needed for compliance monitoring
- Audit trails including login information
- Complaints records
- The Company monitors telephone activity, as detailed in the Company’s General Business Terms.
- Clients will inevitably be referred to in Company documents and records that are produced by Company personnel while carrying out their duties and the business of the company.
The Company holds its records primarily in electronic form however some records are kept in paper or retrievable media format.
When and how the Company shares personal data and locations of processing
Currency Matters Limited (the Company) will only share personal data with others when legally permitted to do so. When data is shared with others, contractual arrangements and security mechanisms are put in place to protect the data and to comply with the Company’s data protection, confidentiality and security standards. In common with other payments and foreign exchange service providers, the Company uses third parties (including banks and currency providers), some of whom are in other countries, to help us to deliver the services for clients.
As a result, personal data may be transferred outside the countries where the Company and its clients are located. This may include countries outside the European Union and to countries that do not have laws that provide specific protection for personal data. The Company has taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. If the Company transfers personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
Personal data held by us may be transferred to:
Other associate firms of the Company. We may share personal data with other firms where necessary for administrative purposes and to provide professional services to clients
Third party organisations that provide applications, functionality, data processing or ICT services to the Company. Third parties support us in providing services and infrastructure to help provide, run and manage our internal ICT systems and on-line platform. For example, providers of information technology, cloud-based software, identity verification, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are in secure data centres in Europe, and personal data may be stored in them.
Third party organisations that otherwise assist in providing goods, services or information
Auditors and other professional advisers
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation. Occasionally, requests may be received from third parties with authority to obtain disclosure of personal data, such as to check that compliance with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. Requests for personal data are only fulfilled if the Company is permitted to do so in accordance with applicable law or regulation
If the Company is processing data based on your explicit consent (e.g. for marketing purposes), you have the right to withdraw that consent at any time, however, there may be certain circumstances where data must be retained. Opting out of marketing activity is not one of these criteria.
Other than as mentioned below, the Company will only disclose information about you to third parties if legally obliged to do so or where the Company needs to comply with our contractual duties to you.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with legal or contractual requirements. The Company has in place safeguards including service level agreements to ensure the security of your data.
Your personal data will be retained following your last transaction with the Company, or termination of your contract with the Company, for a period in accordance with the Company’s legal obligations and the purpose for which it was originally collected.
If in the future, the Company intends to process your personal data for a purpose other than that which it was collected you will be provided with information on that purpose and any other relevant information.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have several rights regarding your personal data. You have the right to request from the Company, access to and rectification or erasure of your personal data, the right to restrict processing and object to processing as well as, in certain circumstances, the right to data portability.
If it has been necessary for you to provide consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that the Company has not complied with the requirements of the GDPR or DPA 18 regarding your personal data.
Identity and contact details of controller and data protection officer
Currency Matters Limited is the controller and processor of data for the purposes of the DPA 18 and GDPR.
If you have any concerns as to how your data is processed, you can contact:
The Company’s Data Protection Officer: Scott Morrow at email@example.com or you can write to using the address of the Company.
Changes to this privacy statement
The Company recognises that transparency is an ongoing responsibility, so this privacy statement is kept under regular review.
Data controller and contact information
The data controller is Currency Matters Limited with its registration address at Glenbourne House, 63 Burscough Street, Ormskirk, L39 2EL. If you have any questions about this privacy statement or how and why we process personal data, please contact us at: firstname.lastname@example.org