1) Who is Xpress Money?
Xpress Money is an international money transfer organisation, working with some of the largest banks and non-banking financial companies, Xpress Money have established one of the largest agent based remittance networks in the industry. Present across 200,000 agent locations in 165 countries, Xpress Money is focused on rapid expansion to the far corners of the globe.
Agents are independent entities from Xpress Money who offers, along with other services, money remittance trough Xpress Money platform.
When an individual provides his/her Personal Data to an agent within the European Union with the purpose to complete a remittance transaction trough Xpress Money platform, Xpress Money UK Limited (hereinafter refer as “XM”) will receive such Personal Data and act as a Data Controller as defined by the General Data Protection Regulation hereinafter “GDPR”).
XM is strongly committed towards protecting the Personal Data of its customers and beneficiaries, including potential and former ones (hereinafter referred to as “Data Subjects”). XM has a long history of handling personal, including sensitive information, confidentially. XM values the ongoing trust Customers have in it to protect their privacy.
Many visitors to XM web sites and mobile apps are anxious about the information they provide to XM, and how XM process that information. This validates the need for this privacy statement to address those concerns. XM is strongly committed towards protecting the Personal Data.
2) What is this document about?
Being transparent and providing accessible information to individuals about how XM will use their Personal Data is a key element of the UK’s Data Protection regulation and GDPR.
A privacy statement is a legal document that provide clarity on how XM collects, uses, discloses, and manages Personal Data. It fulfils a legal requirement to protect Data Subjects.
3) What Personal Data is collected by Xpress Money?
3.1) What does it mean Personal Data?
Personal Data means information that can be linked to a specific individual, such as name, address, telephone number and e-mail address. XM encourages Data Subjects to review its privacy statement, and become familiar with it, but they should know that XM do not sell or rent their Personal Data to third parties
XM collects Personal Data from Data Subjects through its network of agents, and through digital mechanisms, such as XM website.
3.2) Why the Personal Data is collected?
XM collects Personal Data when Data Subjects asks an agent to provide them with a remittance service completed trough XM platform, or when the Data Subjects provide their Personal Data proactively trough XM digital mechanisms such as its websites. This Personal Data may include identities and contact information of senders and recipients of money transfers, credit card, banking or other billing information, birth dates and other personal identifiers, information used to verify Data Subjects’ identity for security and fraud prevention purposes, identification number and amounts paid, transferred or otherwise processed.
Note: XM does not require you to register or provide any information to us in order to view our website or have access to its content.
3.3) What Personal Data is collected by Xpress Money?
XM collects information about Data Subjects’ transactions with XM, including transaction history, such as frequency of use and amounts paid, transferred or otherwise processed.
In connection with identity verification, fraud prevention and similar security purposes, XM collects and/or confirm identity-related information, financial background and similar information through third parties’ sources such as government agencies and consumer reporting agencies. The typical Personal Data XM collects from Data Subjects (directly or indirectly through agents) is as follows:
- Full Name (sender and recipient of the transaction)
- Address (sender and recipient of the transaction)
- Nationality (sender and recipient of the transaction)
- Telephone, including mobile (sender and recipient of the transaction)
- Relationship between sender and recipient of the transaction
- Birth Place
- Labour details
- Identification document (e.g. National ID, Driving License, Passport)
- Bank Statements
3.4) What additionally XM collects through its websites?
At our websites, XM collects both Personal Data and aggregate information that Data Subjects voluntarily provide either while on the website or in response to emails in relation to features provided on the website. XM does not require Data Subjects to register or provide data in order to view XM website or have access to its content.
Additionally, XM may place a text file called a "cookie" in the browser files of the user’s computer to obtain aggregate information related to such things as how many Data Subjects visit the website, which pages they access, what information they download, the type of web browser and operating system Data Subjects use, the name of the Internet Service Provider used and so on. When Data Subjects visit XM websites, XM automatically collects this information, and combine it with similar information collected about all other visitors. By collecting this information, XM learns how to best tailor its website for its visitors.
Anyone can visit XM website without revealing their identity. XM tracks the internet address of the domains from which people visit its sites and analyse such data for trends and statistics, but the user remains anonymous.
For better management of XM websites, XM may collect the following information:
- IP Address (domain information)
- Host information
- Information on type of SSL
- Host location
- User activity tracking on XM website
Data Subjects accepts cookies by turning them on, when visiting XM website for the first time. However, they are not required to turn on cookies in order to have a functioning website. Only after accepting to turn on the cookies, Personal Data will be processed. A different option is that the user sets his browser to warn him/her with a message for each cookie, only the cookies that have been accepted will be processing Personal Data.
4) On which legal grounds Xpress Money relays on to process Personal Data?
Data Subjects’ Personal Data will be processed only if and to the extent that at least one of the following applies:
Compliance with Legal Obligations
XM may process Data Subjects’ Personal Data, when it is necessary for the compliance with a legal obligation, e.g. Anti-Money Laundering screening and reporting activities, to protect XM rights and to comply with court order or judicial proceedings.
XM may process Data Subjects’s Personal Data when there is a weighed and balanced legitimate interest where the processing is needed and such interest is not overridden by the rights of others, including the Data Subjects. e.g., to provide the service required, internal documentation, contact customers in relation to the transaction or for customer care initiatives and fraud prevention.
In certain scenarios, XM will process Personal Data from Data Subjects only after they have provided their consent for that specific purpose. For example, before sending direct marketing materials to customers and/or potential customers XM must obtain their consent.
XM will process Personal Data of Data Subjects to comply with its contractual obligations. For example: XM will transfer Personal Data from Data Subjects to third parties in order to provide the service required by Data Subjects, this in alignment with the terms and conditions of such service.
5) What does XM do with Personal Data?
XM generally uses Personal Data from Data Subjects for the purposes of providing them a service. This may include the following purposes:
- Authorising and processing Data Subjects’ transactions, including effecting and administering money transfers and ensuring proper payment to the designated recipient of funds.
- Monitoring and improving XM website and its content.
- Sending information about XM products and services.
- Customer care initiatives to improve XM services.
- Meeting legal, regulatory, self-regulatory, risk management, fraud prevention and security requirements, which may include (among other measures) verifying the identity of the sender and recipient of funds and checking identities against money laundering, terrorist financing or similar watch lists established by regulatory agencies or similar bodies. For identity verification purposes, senders and recipients of money transfers may be required to produce valid identification or consent to verification by other means before releasing funds.
- Maintaining business and transaction records for reasonable periods, and generally managing and administering XM business.
- Meeting insurance, audit and processing requirements.
- Otherwise with the Data Subjects’ consent or as permitted or required by law.
Automated Processing (Profiling)
XM will not carry out automated processing which is based on profiling, unless expressly authorized by law, carried out in the course of entering or performance of a contract, or when the Data Subject has given his consent.
XM may conduct automated processing of Data Subjects’ Personal Data, such as: address, employment information, date of birth and transactions amounts with the sole purpose to comply with anti-money laundering regulations.
6) Personal Data transfers
In alignment with the purposes established in this privacy statement, XM may disclose Personal Data from its Data Subjects to:
- Data Processors: XM will transfer Personal Data to third-party service providers, acting in behalf of XM (hereinafter “Data Processors”) including affiliates of XM acting as Data Processors to perform services on XM behalf, for example: information technology, data hosting, marketing, customer care, fraud prevention, etc. XM takes reasonable measures to ensure that Personal Data that is processed by Data Processors is protected and not used or disclosed for purposes other than as directed by XM.
- Third Party Data Controllers and Joint Controllers: XM will transfer Personal Data to third parties acting independently from XM but only in connection to the services required by the Data Subjects, for example: the network of agents and, if applicable, any intermediary banks or other financial institutions involved in the transaction of XM services.
- Relevant Authorities: XM may disclose Data Subjects’ Personal Data as necessary to meet legal and regulatory requirements. This may include lawful requirements to disclose Personal Data to government authorities, for example, disclosures in compliance with suspicious activity reporting requirements under anti-terrorism, anti-money laundering and similar laws and regulations.
7) Cross Border Personal Data Transfers
Where Data Subjects’ Personal Data is required to be shared with Data Processors based outside of the European Union, the Data Processor will be required to comply with and safeguard Data Subjects’ Personal Data under the terms of UK and GDPR regulations.
XM is committed to protecting the privacy and confidentiality of personal information when it is transferred. Where such transfers occur, we will ensure that Data Subjects’ Personal Data will only be transferred to countries, whose data protection laws are considered adequate or where adequate safe guards are in place either through appropriate contractual arrangements or as required by law.
8) What are the Data Subjects rights?
Data Subjects have the following rights:
- To be Informed: That’s the purpose of this privacy statement.
- Access their Personal Data to know what XM process from the and for what’s purposes (among other things).
- Data portability. In certain scenarios Data Subjects may request XM to provide a copy of their Personal Data in a digital format or send it to a third party appointed by them.
- Rectify, their Personal Data when this is not accurate
- Erasure, including the right to be forgotten.
- Restriction of processing. In such case and if applicable, XM will only store the Personal Data to comply with relevant regulation, but it won’t be processed for anything else.
- Right to object to processing, for example: when if the Data Subject doesn’t want to be contacted by XM for marketing purposes. However, all XM marketing communications includes an opt out mechanism where Data Subjects can request this automatically.
9) How can Data Subjects reach XM?
For a Data Subject’s rights request, and queries or suggestions about this privacy statement, Data Subjects can contact XM at: firstname.lastname@example.org
Also, if our Data Subjects believes XM is processing their Personal Data failing to comply with the applicable regulation, they have the right to submit a complaint to the relevant Data Protection Authority.
10) Member Communications and Email
We employ a strict policy against sending unsolicited email. Please note that opting not to receive email does not exempt the user from receiving administrative emails.
XM customer care department may contact Data Subjects in response to their inquiries, to provide services at the Data Subjects’ request and to manage their requirements.
XM websites and emails may contain links to various other websites. While XM makes every effort to ensure that our advertisers post clear and complete privacy statements and observe appropriate data protection practices, each of these websites has a privacy statement that may differ from XM one. The privacy practices of other websites and companies are not covered by this statement.
11) How does XM protect Personal Data?
XM follows generally accepted industry standards to protect the Personal Data, since it is collected, transmitted used and finally disposed. No method of transmission over the internet, or method of electronic storage, is 100% secure, therefore while XM strive to use commercially acceptable means to protect the Personal Data, XM cannot guarantee its absolute security.
11.1) How long XM stores Personal Data?
XM will keep the Personal Data collected and processed from its Data Subjects as long as it is needed to fulfil the purposes established in this privacy statement. Once the Personal Data is not needed for those purposes, XM will keep it with the only purpose to comply with regulations applicable to XM, that period may be up to 5 years.
Changes to this Privacy statement
Please note that we review our Privacy Statement from time to time, and we may make periodic changes to the policy in connection with that review. Therefore, the user may wish to bookmark this page and/or periodically review this page to make sure the user has the latest version.