Privacy Notice

Scope/Document Purpose

This document outlines the Privacy Policy and the requirements for publication of the reasons on why we collect, retain, and use personal and sensitive data.  The Policy outlines the responsibilities for the Executive Management team and should be read in conjunction with the policies listed at the end of this document. This document will be reviewed annually or when required by the Data Protection Officer, reflecting any changes to legislation or perceived risk.

 

Definitions

Cookies

A cookie is a small file of data, typically of letters and numbers, that a website asks your browser to store on your computer or mobile device. Cookies are sent back to the originating website on each subsequent visit, and are essential to the effective operation of our website, and to enable you to shop online with us.

Consent

Freely given, specific, informed and unambiguous indication of the data subject's wishes, a clear, affirmative action which agrees to the processing of personal data

Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

Data Controller

Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Data Processor

A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller

Data Subject

A living individual/ natural person

 

Personal Data

Any information relating to an identified or identifiable natural person (‘data subject’); anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

 

Special Category Data

Personal data, revealing:

  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade-union membership;
  • data concerning health or sex life and sexual orientation;
  • genetic data; or
  • biometric data
  • criminal data (convictions and offenses)

 

Policy (Introduction/Objectives)

When you register with us or ask us to provide you with any of our products or services, you are agreeing that we may handle your information in accordance with this Privacy Notice and other associated policies relating to the protection of personal and sensitive data.

We use your information only in accordance with this Notice and take all necessary steps to ensure we keep your information secure.

This Notice should be read carefully along with our Terms & Conditions (T’s & C’s); by accessing our websites you confirm that you have read, understood, and agree to them.

 

How to contact us

We are a member of EC Money Holdings Ltd.  As a group of companies we are registered in England and Wales.

Eurochange – Registered No: 02519424 (https://www.eurochange.co.uk/)

Our Registered Office: Essex House, Rutherford Close, Meadway Corporate Centre, STEVENAGE, Hertfordshire, SG1 2EF

If you have any questions about our Privacy Policy or the information that we hold about you, please contact us in writing by email at [email protected] or by post to the Data Protection Officer to: eurochange Ltd, PO Box 435, Stevenage, Hertfordshire SG1 9GA, alternatively you can find contact details relating to our company on our website.

What information we collect about you

We collect basic personal information, but also more detailed records may be requested for us to manage our regulatory obligations.

  • name, address, date of birth, email address, country of birth, passport details, driving licence details, source of wealth/funds, your preference for marketing purposes
  • employee data, inc. education, references, criminal and financial
  • images of individuals (CCTV, proof of ID), voice recordings and biometrics (fingerprints)
  • website user statistics, inc. IP addresses, social media, smart device information, geolocation, searches and site visits and other identifying information
  • payment details using a trusted third-party provider

We collect special category data regarding health for colleagues and for applications for insurance services.

We may collect information relating to criminal convictions (current or spent), offences, CCJ’s, etc., where permitted in law for the purpose of a criminal reference check.

 

How we collect your information

Most of the personal data that we process is provided to us directly by you or your business (directors, officers, and ultimate beneficial owners).  We will collect your information when:

  • you apply for employment
  • you register/on board with us
  • you register/on board with one of our clients through our white label website service
  • you speak with us over the telephone, when you write to us (by post or by email)
  • you transact with us or use our products and services either in branch, online or at your place of work/business
  • when you visit our website. We may use cookies to collect information about your use of our and, our white label, websites and the devices that you use

Information may also be obtained from third parties, such as:

  • trusted data controllers for the purpose of transacting within Agent relationships
  • credit agencies, fraud prevention, law enforcement, government departments/agencies, accreditation/licensing providers
  • open source and online search services, i.e. media, electoral registers, Companies House
  • social media, inc. Facebook, Twitter, TikTok, LinkedIn etc.

 

Cookies

In general, you can visit eurochange and our white label websites, without identifying who you are, or revealing any information about yourself. However, cookies are used to store small amounts of information on your computer, which allows certain information from your web browser to be collected.

Cookies are widely used on the internet and do not identify the individual using the computer, just the computer being used. Cookies and other similar technology, make it easier for you to log on to, and use our websites, during future visits, and some are essential to facilitate our online ordering services.

  • By using and browsing our websites, you consent to cookies (where appropriate) being used in accordance with our Cookies Notice. If you do not consent, you can disable cookies, or stop using our website. You can disable cookies through browser settings or within your email programme.
  • When you use affiliate sites, web chat, social media, we will track your details to enable us to meet our contractual obligations to our service providers and to assess your response to advertising campaigns
  • To ensure that you are provided with the relevant information, to make an informed decision, we will use a third party system, to give details of what Cookies categories, have been designated and how to manage your consent for their use

 

How we use your information

Employment checks

All employees of the business are subject to the pre-employment checks such as references and may be subject to credit scoring and DBS checks.  These checks are conducted due to the nature of risk associated with the type of business that we operate, and that we operate within highly regulated industries.

Registration and administration

We use your information to enable you, once your registration/on boarding is complete, for the administration of your account, to contact you, to update our records about you, and to respond to, and process your queries and requests. Personal information may be checked against third party/independent systems that review the electoral register and other databases to validate your identity. 

Monitoring

We record and may monitor and use:

  • CCTV inc. voice recording, telephone calls, and transcripts of our telephone calls with you, in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve the quality of our service. Conversations may also be monitored for staff training purposes.
  • transactional information to help to detect or prevent fraud or other crimes
  • credit reference, sanctions, political exposure, and family related associate checks

Automated decision making

Whilst we currently use some automated systems that are designed to assist us in identifying individuals for employment and transacting purposes, we ensure that any automated decision is always reviewed by the business and arbitrated with human intervention.

Profiling

Profiling’ is the use of personal information to predict an individual’s behaviour, such as their performance at work, economic situation, personal preferences, interests, reliability, behaviour, location, or movements etc. 

 

Your information may be used:

  • to carry out marketing analysis, e.g., we look at what you have viewed on our sites and apps, what products and services you have bought, to better understand what your interests and preferences are, and to improve our marketing (if you have opted in to receive such information) by making it more relevant to you
  • for statistical purposes such as analysing the performance of our sites and apps, to understand how visitors use them and where they are used

 

Data sharing with third parties

EC Money Holdings Ltd

We may share your information with other members of the Group where we need to do so, to provide you with any of the products or services you have requested, where we have a lawful reason or where you have requested us to do so.

Your instructions

We may share your information with anyone (for example, an agent) who you have told us or, who we are otherwise aware, is acting on your behalf, or who introduces you to us, or who you have asked us to contact, or have given permission for them to share your data with us.

Prevention and detection of crime

Our products and services, are subject to laws and regulation for:

  • money laundering
  • fraud
  • terrorist financing
  • bribery and corruption
  • sanctions

We may be required by this legislation, the regulators, by the Police or other law enforcement agencies (e.g., in connection with criminal prosecutions, money laundering or fraud investigations), by order of a court or otherwise by law, to use and share your information in the detection, prevention or prosecution of crime, tax evasion, fraud or for audit purposes.

Credit controls and debt collections agencies

We may share your information with credit control or debt collection agencies, if you owe us money and we engage their services to recover funds owed to us by you.

On a business sale or purchase

If we decide we want to sell our business, or receive an offer to buy our business, we may have to share some of your information with a prospective purchaser and their legal, financial, or other advisers. In these circumstances, we will take appropriate steps to ensure that your information is properly protected.

Others

We do not sell, trade, or otherwise transfer to outside parties, your personally identifiable information unless explicitly requested by you.

This does not include trusted third parties (inc. TrustPilot, in anonymised form) who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.

You may sometimes ask us about, or we may sometimes ask you if you are interested in, products or services which we are unable to provide but which someone else we know (“eurochange contact”) may be able to provide, (for example, travel insurance or financial services). Please note that we are not responsible for, and cannot be liable to you, for any products or services of any eurochange contact or any acts or omissions of any eurochange contact.

Your information will be passed to third parties for the purpose of validating identity, and for the completion of credit references, and DBS checks for employees of the business.

 

Information sharing outside of the UK

The nature of our products and services means that we may need to share your information with:

  • people or businesses
  • law enforcement, judicial, governments tax, regulatory or trade bodies

based in countries outside of the United Kingdom.  All countries in the European Economic Area (EEA), which includes the UK, have similar standards of legal protection for your personal information.

We may, depending on your geographical location, run your accounts and provide other services from our offices outside the EEA (such as India) that may not have a similar standard of data protection legislation to the UK. If so, we will require your personal information to be protected to at least UK standards and any reciprocal adequacy controls that the UK has agreed. 

We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation if, for example, you make a CHAPS or a foreign payment.

These external organisations may process and store your personal information abroad, and may have to disclose it to foreign authorities, to help them in their fight against crime and terrorism.

The countries to which we may need to send your information would normally be obvious to you, (e.g., if you have instructed us in connection with a purchase of a property in France then, we will usually be dealing with people or businesses based in France (which may include banks, lawyers and estate agents) that are connected with the purchase, in order to fulfil our contractual obligations to you). 

In many instances we will be dealing with people or businesses which you have asked us to deal with, or who you already know, or who already know you.

If these are based outside the EEA, your personal information may not be protected to standards similar to those in the UK.

 

Lawful basis

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (‘the Act’), the lawful basis for processing your personal data is:

 

Your consent

We obtain marketing preferences and consent from you during the registration and on boarding process, and during transactions, where you can opt in, to receive information relating to our products and services or those of our agents. 

Your preferences can be updated or withdrawn by:

  • by visiting one of our branches
  • by calling or writing to our customer support team (contact details can be found on the relevant website)

All of the above, will all be able to update your information after having verified that they are managing your information.  If you do opt out, you may still see some generic, non-personalised advertising when you are using our online services, and we may, from time to time, provide you with servicing messages.

You can also use our unsubscribe function, that is available on all of our email communications with you.

We may provide information about you to companies outside of our business (when the white label service is in place), to use for their own marketing purposes, when you have given us your consent to do so.

 

Our contractual obligations

We use your personal information to:

  • to register your interest with us
  • to open an account and meet our contractual obligations to you
  • to provide you with products and services which you use, or information on similar products or services which we think may be of interest to you (if you have opted in to receive such information). This may include information concerning promotions or offers
  • notify you about changes or developments relating to our products and services that you use

We might contact you by post, telephone, email, or text unless you have asked us not to. If you are a registered client/customer, we may also display personalised advertising to you when you use our online account service and mobile app.

 

Our legal obligations

We are required by law to collect, process, and retain information about you.  We do this when we:

  • open registrations/accounts
  • confirm your identity, source of wealth/funds
  • monitor transactions for the detection and prevention of crime. We may require the gathering of information on suspected financial crime and fraud and may require this information to be shared with law enforcement and regulatory bodies
  • assess credit worthiness of individuals and businesses
  • share information with third parties such as the regulators, by the Police or other law enforcement agencies (e.g., in connection with criminal prosecutions, money laundering or fraud investigations), by order of a court or otherwise in the detection, prevention or prosecution of crime, tax evasion, fraud or for audit purposes
  • investigate and resolve complaints
  • investigate breaches of conduct, policies, and procedures by our colleagues

 

Our legal obligations

To ensure that, as a business, we are providing the most appropriate products and services and to continue to improve and develop our customer facing propositions, we will use your personal data to:

  • research your experience with us and to monitor the products and services that we have provided to you
  • assess the quality of our customer service and to provide training for our colleagues. Calls to our customer support team and other communications may be recorded and monitored for these purposes
  • analyse customer complaints – to understand processing errors/failures and to improve our service provision

 

Retention and storage

We will retain your details for as long as they are needed for the relevant purposes listed under the ‘How we use your data’ and the ‘Data Sharing’ section of this notice. 

We have different retention periods depending on the product or service provided, e.g.:

  • eurochange – 5 years after the date of the last transaction for Travel Money products

When your personal information is no longer needed as defined by our Retention Policy, the data will be deleted or anonymised when no longer needed.  Databases are managed with systemised housekeeping programmes to identify when the correct time period has elapsed and will automatically operate on a daily basis.

We may retain certain records for other legitimate purposes (including after your relationship with us has ended), e.g., to resolve any potential disputes, cross-check against future applications and to comply with other reporting, legislative and retention obligations.

Where there is a legal requirement to segregate data from the destruction process, this is managed according to our Retention Policy and flagged within the system, and when no longer needed for complaint handling or for the detection/prevention of crime, it will be un-flagged for the automated process to complete.

 

Information security

All data that we collect is held on servers located within the EEA, is kept secure, and personal/sensitive data is only accessed by authorised personnel.

We use industry-standard products to protect our systems and your personal data, which is held on our servers, and we ensure that any third parties, with whom we share your information, has the same level of protection.  Regular testing is conducted on our systems to ensure that they remain secure.

 

Data Protection Act and your rights

We are required to handle information which we hold about you, that is capable of identifying you (either alone or with any other information we may hold about you) in accordance with the Act, which regulates the use of “personal data” in the United Kingdom.

  • Your right of access – You have the right to ask us for copies of your personal information
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
  • Your right to restriction of processing – you have the right to object to the processing of your personal information in certain circumstances
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances

You are not required to pay any charge for exercising your rights.  If you make a request, we have one month to respond to you.

Please contact us, in writing at [email protected] or by post to the Data Protection Officer at: eurochange Ltd, PO Box 435, Stevenage, Hertfordshire SG1 9GA, alternatively you can find contact details relating to our business or affiliated white label clients on our respective websites.

 

Children’s Online Privacy Protection Act compliance

We are in compliance with the requirements of Children’s Online Privacy Protection Act (COPPA) and we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

 

Changes to our policy

We reserve the right to change our policy at any time. When we do make changes, we will update our Privacy Notice on our website.  We recommend that you check our website periodically for any changes which may affect you.

 

How to complain

If you have any concerns about the use of your personal information, you can make a complaint to us by writing to:

Data Protection Officer

Eurochange Ltd

PO Box 435

STEVENAGE

Hertfordshire

SG1 9GA

You can also complain to the ICO if you are unhappy with how we have used your data.

 

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

WILMSLOW

Cheshire

SK9 5AF

 

Helpline number 0303 123 1113

ICO website: https://www.ico.org.uk  

You can find out more about the Act and your rights by visiting the website of the Information Commissioner.

 

Responsibilities

This policy Notice was approved by the Board of Directors and is issued on a version-controlled basis under the signature of the Managing Director (MD).