Effective date 25 May 2018
2. What Personal Data Do We Collect?
We collect Personal Data about you when you visit our Sites or use our Services, including the following:
Registration and use information – When you register to use our Services by establishing a SUBSCRIPTION, we will collect Personal Data as necessary to offer and fulfil the Services you request. Depending on the Services you choose, we may require you to provide us with your name, postal address, telephone number, date of birth, gender, email address and identification information to establish a Subscription. We may require you to provide us with additional Personal Data as you use our Services.
Transaction and experience information – When you use our Services or access our Sites, for example, to order foreign currency, we collect information about the transaction, as well as other information associated with the transaction such as referral source, payment source, amount paid for products or services, Provider information, including information about any funding instruments used to complete the transaction, DEVICE INFORMATION, TECHNICAL USAGE DATA, and GEOLOCATION INFORMATION.
Participant Personal Data – When you use our Services or access our Sites, we collect Personal Data you provide us about the other participants associated with the transaction.
Personal Data about your friends and contacts – It may be easier for us to help you recommend us to your friends and contacts if you provide Personal Data such as name, email address and telephone number about your friends and contacts while using a Service or if you connect your contact list or friend list to your Subscription. If you choose to connect your contact list information on your device with your Subscription and/or establish an account connection between a social media platform and your Subscription, we will collect and use your contact list or friend list information to improve your experience when you use the Services.
Personal Data about you from third-party sources – We obtain information from third-party sources such as merchants, data providers, and credit bureaus, where permitted by law.
Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey or offer.
3. Why Do We Retain Personal Data?
4. How Do We Process Personal Data?
We may PROCESS your Personal Data for a variety of reasons that are justified under data protection laws in the European Economic Area (EEA) and Switzerland.
To operate the Sites and provide the Services, including to:
purchase foreign currency
authenticate your access to a Subscription
communicate with you about your Subscription, the Sites, the Services, or Spendology
create an account connection between your Subscription and a third-party account or platform
perform identity checks, evaluate applications, and compare information for accuracy and verification purposes
To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance and functionality. For example, we analyse User behaviour and perform research about the way you use our Services.
To manage risk and protect the Sites, the Services and you from fraud by verifying your identity, and helping to detect and prevent fraud and abuse of the Sites or Services.
To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
For our legitimate interests, including to:
enforce the terms of our Sites and Services;
manage our everyday business needs, such as monitoring, analysing; and
anonymise Personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services.
keep you informed about Spendology products and services. We may also Process your Personal Data to tailor certain Services or Site experiences to better match our understanding of your interests.
help you use our Services by responding to your requests, for example to contact you about a question you submitted to our customer service team.
With your consent, including to:
make it easier for you to find and connect with others, we may use your information you have shared with the Service to suggest connections between you and people you may know. For example, we may associate information that we learn about you through your and your contacts’ use of the Services, and information you and others provide to suggest people you may know or may want to transact with through our Services. Social functionality and features designed to simplify your use of the Services with others vary by Service.
You can withdraw your consent at any time and free of charge. Please refer to the section on “Your Privacy Choices” for more information on how to do that.
5. Do We Share Personal Data?
With other members of the Spendology corporate family: We may share your Personal Data with members of the Spendology family of entities to, among other things, provide the Services you have requested or authorised; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage the availability and connectivity of Spendology products, Services, and communications.
With other companies that provide services to us: We share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf.These third-party service providers may, for example, provide you with Services, verify your identity, assist in processing transactions, send you advertisements for our products and services, or provide customer support.
With other financial institutions that we have partnered with to jointly create and offer a product or service: We share Personal Data with other financial institutions that we have partnered with to jointly create and offer a product.These financial institutions may only use this information to market and offer Spendology-related products, unless you have given consent for other uses.
With the other parties to transactions when you use the Services, such as Providers and their service providers: We may share information with the other participants to your transactions, including Providers or their service providers when you use the Services to pay for goods or services.The information includes:
Personal Data necessary to facilitate the transaction;
Personal Data to help other participant(s) resolve disputes and detect and prevent fraud; and
Anonymous data and performance analytics to help Providers better understand the uses of our Services and to help Providers enhance Users’experiences.
With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for Spendology’s business purposes or as permitted or required by law, including:
if we need to do so to comply with a law, legal process or regulations;
to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to Spendology or Spendology’s corporate family;
if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
to protect the vital interests of a person;
with credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes;
to investigate violations of or enforce a user agreement or other legal terms applicable to any Service;
to protect our property, Services and legal rights;
to facilitate a purchase or sale of all or part of Spendology’s business;
in connection with shipping and related services for purchases made using a Service;
to help assess and manage risk and prevent fraud against us, and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals and Providers;
to banking partners as required by card association rules for inclusion on their list of terminated merchants;
to credit reporting and collection agencies;
to companies that we plan to merge with or be acquired by; and
to support our audit, compliance, and corporate governance functions.
With your consent:
We also will share your Personal Data and other information with your consent or direction, including if you authorise an account connection with a third-party account or platform.
In addition, Spendology may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services. This data will not personally identify you or provide information about your use of the Sites or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent.
6. How Do We Work with Other Services and Platforms?
linking your Account to a social media account or social messaging service;
connecting your Subscription to a third-party data aggregation or financial services company, if you provide such company with your Account log-in credentials;or
using your Subscription to make payments to a Provider or allowing a Provider to charge your Account.
Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices.Before authorising an account connection, you should review the privacy notice of any third-party that you authorised to have an account connection that will gain access to your Personal Data as part of the account connection.For example, Personal Data that Spendology shares with a third-party account or platform such as a social media account may in turn be shared with certain other parties, including the general public, depending on the account’s or platform’s privacy practices.
7. International transfers
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.
The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area and Switzerland.These countries do not always afford an equivalent level of privacy protection.We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data.
If you make transactions with parties outside the EEA or Switzerland or connect our Service with platforms, such as social media, outside the EEA or Switzerland, we are required to transfer your Personal Data with those parties in order to provide the requested Service to you.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties.We do not respond to DNT signals.
9. What Privacy Choices Are Available To You?
Choices Relating to the Personal Data We Collect
Personal Data You may decline to provide Personal Data when it is requested by Spendology, but certain Services or all of the Services may be unavailable to you.
Location and other device-level information The device you use to access the Sites or Services may collect information about you, including Geolocation Information and User usage data that Spendology may then collect and use. For information about your ability to restrict the collection and use of such information, please use the settings available in the device.
Choices Relating to Our Use of Your Personal Data
Finding and connecting with others If available, you may manage your preferences for finding and connecting with others from your account of the Service you use.
Choices Relating to Account Connections
If you authorise an account connection to a third-party account or platform, such as a social media account, you may be able to manage your connection preferences from your Account or the third-party account or platform. Please refer to the privacy notice that governs the third-party platform for more information on the choices you may have.
Choices Relating to Cookies
You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you delete, disable,or block certain cookies and other tracking technologies.You can learn more by visiting AboutCookies.org. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a Service or Site.
Choices Relating to Your Registration and Subscription Information
If you have a Subscription, you generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. Please email firstname.lastname@example.org if you do not have an Account or if you have questions about your Account information or other Personal Data.
Choices Relating to Communication
Notices,Alerts and Updates from Us:
Marketing We may send you marketing content about our Sites, Services, products,products we jointly offer with financial institutions, as well as the products and services of members of the TMC corporate family through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications. Email email@example.com if you wish to opt out of these marketing communications. For messages sent via push notifications, you may manage your preferences in your device.
Informational and Other We will send communications to you that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that you request from us. You may not opt out of receiving these communications.However, you may be able to adjust the media and format through which you receive these notices.
10. What Are Your Rights?
Subject to limitations set out in EEA data protection laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability.Please contact us if you wish to exercise these rights.If you wish to complete an access request to all personal data that TMC holds on you, please note that photo identity will be required to prove your identity.
If you have a Subscription with any of our Services, you generally can review and edit Personal Data in the Account by logging in and updating the information directly.We may use automated decision-making for decisions concerning credit with your consent or where necessary for the entry into or performance of a contract or authorised by Union or Member state law. Please email firstname.lastname@example.org if you require more information on automated-decision making.
11. How Do We Protect Your Personal Data?
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Subscription/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorised.
12. Can Children Use Our Services?
The Sites and Services are not directed to children under the age of majority.We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of majority, we will promptly delete it, unless we are legally obligated to retain such data. Email email@example.com if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority.
13. What Else Should You Know?
14. Contact Us
If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the Supervisory Authority for data protection in your country.
Our Data Protection Officer can be contacted at Spendology Limited, Beacon House, Beacon Business Park, Weston Road, Stafford ST18 0WL, United Kingdom.
SUBSCRIPTION means a guest or member subscription to a Spendology Product or Service.
DEVICE INFORMATION means data that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to your device type; your device’s network connections; your device’s name;your device IP address; information about you’re your device’s web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data (e.g., Touch ID/Fingerprint to verify your identity).
GEOLOCATION INFORMATION means information that identifies, with reasonable specificity, your location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.
PERSONAL DATA means information that can be associated with an identified or directly or indirectly identifiable natural person.“Personal Data” can include, but is not limited to,name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, gender, and government-issued credentials (e.g., driver’s license number, national ID, passport number).
PROCESS means any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means,such as collection, recording, organisation, structuring, storage,adaptation or alteration, retrieval, and consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
SERVICES means any products, services, content,features, technologies, or functions, and all related websites,applications and services offered to you by Spendology with a Subscription.
TECHNICAL USAGE DATA means information we collect from your phone, computer or other device that you use to access the Sites or Services.Technical Usage Data tells us how you use the Sites and Services, such as what you have searched for and viewed on the Sites and the way you use our Services, including your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies.
USER means an individual who uses the Services or accesses the Sites and has established a relationship with Spendology (for example, by taking out a Subscription and agreeing to the Spendology Terms and Conditions).
Banking Regulations Notice for Customers in the EEA
FATCA and CRS Law Statement
Specifically, you consent to and direct Spendology to do any and all of the following with your information:
Disclose necessary information to: the police and other law enforcement agencies;security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations, and other third parties, including Spendology companies, that (i) we are legally compelled and permitted to comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US Foreign Account Tax Compliance Act (“FATCALaw”) and 18 December 2015 on the OECD common reporting standard (“CRSLaw”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our User Agreement (including without limitation, your funding source or credit or debit card provider).
If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities.
We may also share, access and use (including from other countries)necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please email firstname.lastname@example.org if you want to receive further details of the relevant fraud prevention agencies.
Disclose Account Information to intellectual property right owners if under the applicable national law of an EU member state they have a claim against Spendology for an out-of-court information disclosure due to an infringement of their intellectual property rights for which Spendology Services have been used (for example, but without limitation, Sec. 19, para 2, sub-section 3 of the German Trademark Act or Sec. 101, para 2, sub-section 3 of the German Copyright Act).
Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.
Disclose necessary information to the payment processors, Providers, auditors,customer services providers, credit reference and fraud agencies,financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies,agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide Spendology Services to you. We also set out in the list of third parties non-exclusive examples of the actual third parties (which may include their assigns and successors) to whom we currently disclose your Account Information or to whom we may consider disclosing your Account Information,together with the purpose of doing so, and the actual information we disclose (except as explicitly stated, these third parties are limited bylaw or by contract from using the information for secondary purposes beyond the purposes for which the information was shared).
Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in Birmingham. However, this aggregated information is not tied to personal information.
Share necessary Subscription Information with unaffiliated third parties (listed here) for their use for the following purposes:
Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk As part of our fraud prevention and risk management efforts, we also may share necessary Subscription Information with our Providers in cases where Spendology has placed a hold or other restriction on your account based on disputes, claims, chargebacks or other scenarios regarding the sale or purchase of goods. Also, as part of our fraud prevention and risk management efforts, we may share Subscription Information with Providers to enable them to operate their programmes for evaluating Users.
Customer Service For customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
Shipping In connection with shipping and related services for purchases made using Spendology.
Legal Compliance To help them comply with anti-money laundering and counter-terrorist financing verification requirements.
Service Providers to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.