Privacy Policy

13th July 2023. Version 1.1.

At Remitiva, we are committed to protecting and respecting your privacy and safeguarding any personal data that you give to us. We are transparent about the processing of your personal data and this Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

We are a Controller under the UK GDPR and the Data Protection Act 2018. Our Data Protection Officer is Kristy Gouldsmith and she can be contacted at [email protected]

We are:

FM Finance Ltd t/a Remitiva
Suites 15-16
Pure Offices
Hatherley Lane
Cheltenham Office Park
United Kingdom
gl51 6sh
[email protected]

PERSONAL DATA PROCESSED

We will ask you to provide us with personal data when you use our services or make an inquiry. The following information will explain what personal data we collect and how we use it.

1. Information you provide to access and use our services

We enable you to send card-to-card transfers between the UK, the Channel Islands, Gibraltar, Isle of Man and the Eurozone countries. When you use our service, we need to process your personal data. In compliance with UK and European legislation, it is mandatory for all individuals to provide their personal information during the registration process for any financial service. As an entity authorized and regulated by the FCA, it is essential for us to identify our Platform users. This requirement enhances the overall security for all members by effectively mitigating risks associated with money laundering, fraudulent activities and identity theft.

After setting up their accounts, our customers will initially have a pre-determined sending limit over the six-months period. To increase this limit, we need to process additional personal data: proof of identity (such as a passport or ID card) and proof of residential address (such as a utility bill or bank statement). We may also require source of funds (pay slips, bank statement) in some cases.

For the basic service, we need:

• - full name;
• - date of birth (to screen your name against Sanctions/Politically Exposed Persons lists);
• - home address
• - information about your payment, specifically the purpose of the payment and the source of funds;
• - card details – number, name on card, expiration date, CVV;
• - email and phone number

If you wish to upgrade your monthly limit, then we will also need:

• - proof of identity (such as a passport or ID card)
• - proof of residential address (such as a utility bill or bank statement)

Recipient’s personal data

We need the recipient’s name, the name on their card, the card number and their address to process the funds transfer. You have the option of sending an email notification to the recipient.

This table sets out the data inputted by you and what data we collect automatically:

Information inputted by you
Sender Data	Recipient Data
Full Name - Mandatory	Full Name - mandatory
Address - Mandatory	Country of Residence - mandatory
Date of Birth - Mandatory	Card Number (no CVV) - mandatory
Purpose of transfer - Mandatory	Address - mandatory
Source of Funds - Mandatory	Email Address - optional
Email Address - Mandatory
Telephone Number - Mandatory
Photo ID and liveliness image - (optional if increasing limit)
Proof of address - (optional if increasing limit)
Proof of source of funds - (optional if increasing limit)

Additional Information analysed automatically
Sender Data	Recipient Data
Location of Sender (IP address) - Automatically	Issuer Card Country - Automatically
Issuer Card Country - Automatically	Issuer Card BIN* - Automatically
Issuer Card BIN* - Automatically	Recipient on sanction / Watch list
Sender on sanction / Watch list - Automatically
Length of time the user has been a client - Automatically
Transaction averages - Automatically

* BIN code refers to the initial sequence of four to six numbers that appears on a credit/debit card. The number is used to identify the card's issuing bank or other financial institution. The BIN number ties an issuer to all the cards it issues, and to all the transactions on those cards.

2. Information we collect from your use of our services

We get data about the devices (eg. computer, mobile phone or tablet) that you use when you interact with our systems. We use this information to protect the security of our systems and for analytical purposes.

• - Device Information, information about your device, including your hardware model, operating system and version, country and language settings, and information about the device’s interaction with our services;
• - Use Information, such as internet or other electronic network activity information which includes information about how you use and interact with our services, including your access time, “log-in” and “log-out” information, browser type and language, your IP address, the domain name and location of your internet service provider, other attributes about your browser, any specific page you visit on our platform, content you view, features you use, the date and time of your use of the services, your search terms, and the website you visited before you visited or used the services.

We use this data to continue to improve our products and services.

3. Communicating with you to obtain feedback and to provide information about our services

We would like to communicate with you in order to obtain your feedback about our products and services. This information is helpful for use to understand how people are using them. You can unsubscribe from these emails at any time.

We will also provide you with information about our other products and services. You can unsubscribe to these emails at any time.

LEGAL BASES WE USE TO PROCESS YOUR INFORMATION

Purpose	Type of data	Legal basis for processing
To facilitate and enable our relationship with you as a prospective, new or existing client To provide the services that you have requested	full name; date of birth (to screen the customer’s name against Sanctions/Politically Exposed Persons lists); home address information about your payment, specifically the purpose of the payment and the source of funds; card details – number, name, expiration date, CVS email and phone number If you wish to upgrade your monthly limit, then we will need: proof of identity (such as a passport or ID card) proof of residential address (such as a utility bill or bank statement)	Performance of a contract Necessary to comply with a legal obligation
To make the funds transfer: Recipient’s data	Name Name on card Card number Address	Consent – you must have obtained the consent of the recipient for us to process their personal data.
To use data analytics to improve our website, products/services To send feedback surveys	Technical, device and usage details Name and email	Consent
To administer and protect website and systems (including troubleshooting, testing, system maintenance, support, reporting and hosting of data)	Technical and device details	Necessary for our legitimate interests (IT services, network security)

WHEN AND WITH WHOM WE SHARE YOUR INFORMATION

We share your personal data with third parties who:

• - help us provide our services (e.g., vendors who help us with fraud prevention, identity verification, and fee collection services) as well as financial institutions, website hosting, data analysis, IT and related infrastructure, communications and auditing;
• - help us with our marketing;
• - assist us with running our business, complying with our legal obligations and defending our rights and those of our customers (e.g. consultants, accountants and lawyers).

We will share your personal data with third parties who assist us with fraud prevention and identify verification. We will also respond to requests from courts, law enforcement agencies, regulatory agencies, and other government authorities.

We will share your personal data with third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.

When a third-party entity processes your personal data on our behalf, we have a data sharing agreement with them that sets out their obligations under data protection law.

A full list of entities that we share data with is available here.

INTERNATIONAL DATA TRANSFERS

We may use third-party service providers to, process and store your personal data in countries outside of the UK. Many of our providers are in the EU but we do use providers in the USA and China. The UK government has determined that the USA and China are non-adequate countries for data transfers. We use the appropriate contractual safeguards as set out by the UK and the EU for these transfers.

RETENTION OF YOUR INFORMATION

We retain your personal data in an identifiable format for the least amount of time necessary to fulfil our legal or regulatory obligations and for our business purposes. Data are retained for the following periods of time:

Type of data	Purpose	Retention period
AML, identity and fraud check information Contact details	Providing our services AML and identity checks Customer due diligence	5 years after termination of the User Agreement, or from the last contact, as applicable
Technical, device and usage details>	Securing our website and systems	Indefinite
Analytical data	Improving our website, products/services,	1 year
Contact details for marketing purposes	Marketing, customer relationships and experiences	1 year after termination of the User Agreement

CHILDREN’S PERSONAL INFORMATION

Our services are not directed at children under the age of 18. If we learn that any information that we have collected has been provided by a child under the age of 18, we will promptly delete that information.

YOUR RIGHTS

• - To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
• - To rectify incorrect personal data that we are processing.
• - To request that we erase your personal data if:
  • - we no longer need it;
  • - if we are processing your personal data by consent and you withdraw that consent;
  • - if we no longer have a legitimate ground to process your personal data; or
  • - we are processing your personal data unlawfully
• - To object to our processing if it is by legitimate interest.
• - To restrict our processing if it was by legitimate interest.
• - To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out by automated means.

If you want to exercise any of these rights, please contact our Customer Support.

YOUR OPT-OUT AND DEACTIVATION OPTION

If you decide to deactivate your Platform Account, you can do so by getting in touch with our Customer Support. It's important to note that we may keep archived copies of your information, as well as records of any transactions you may have engaged in. This retention period will be in accordance with the relevant laws, or as we reasonably deem necessary to adhere to applicable laws, regulations, or legal processes, prevent fraud, collect outstanding fees, resolve disputes, address issues with our services, assist with investigations, enforce our User Agreement or other applicable agreements or policies, or take any other actions in line with applicable laws.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/