- Introduction: Xpress Money as Data Controller
- Purpose of this Privacy Statement
- Personal Data processed by XM
- Legal basis for processing Personal Data
- Purpose of Data Processing:
- Personal Data Sharing
- Cross Border Personal Data Transfers
- Data Subject’s Rights
- XM Contact
- Solicited/Un-Solicited Communications
- Security Measures to protect Personal Data
- Retention of Personal Data
- Removal from XM Marketing Communications
- Changes to this Privacy Statement
1. Introduction: Xpress Money as Data Controller
Xpress Money is an international money transfer organisation, working with some of the largest banks and non-banking financial companies, Xpress Money has established one of the largest agent-based remittance networks in the industry. Present across 200,000 agent locations in 165 countries, Xpress Money is focused on rapid expansion to the far corners of the globe.
These agents are independent entities from Xpress Money who offers, along with other services, money remittance trough Xpress Money platform.
When an Data Subject provides his/her Personal Data to an agent based in Africa or Asia (including Middle East), with the purpose to complete a remittance transaction trough Xpress Money platform, Xpress Money Services Limited, entity incorporated in the Abu Dhabi Global Market, United Arab Emirates (hereinafter refer as “XM”), will receive such Personal Data and act as a Data Controller as defined by the Abu Dhabi Global Market Data Protection Regulations (hereinafter “Data Protection Regulations”).
XM is strongly committed towards protecting the Personal Data of its customers and beneficiaries, including potential and former ones (hereinafter referred to as “Data Subjects”). XM has a long history of handling personal, including sensitive information, confidentially. XM values the ongoing trust Customers have in it to protect their privacy.
Many users of XM services are anxious about the information they provide to XM, and how XM process that information. This validates the need for this privacy statement to address those concerns. XM is strongly committed towards protecting the Personal Data.
2. Purpose of this Privacy Statement
Being transparent and providing accessible information to Data Subjects about how XM will use their Personal Data is a key element of the Data Protection Regulations.
In response of that, XM has created this privacy statement to provide clarity on how XM collects, uses, discloses, and manages Personal Data. XM encourages Data Subjects to review this privacy statement and become familiar with it.
3. Personal Data processed by XM
3.1 What does Personal Data mean?
Personal Data means any information related to a specific individual, such as name, address, telephone number and e-mail address.
XM collects Personal Data from Data Subjects mainly through its network of agents and in some other cases, through digital mechanisms, such as XM website.
3.2 Personal Data collected by the XM Agents
To provide the remittance services asked by XM customers, XM collects the following Personal Data through its network of agents:
- Full Name (sender and recipient of the transaction)
- Address (sender and recipient of the transaction)
- Nationality (sender and recipient of the transaction)
- Telephone, including mobile (sender and recipient of the transaction)
- Relationship between sender and recipient of the transaction
- Birth Place
- Labor details
- Origin of the financial resources
- Financial background
- Identification document (e.g. National ID, Driving License, Passport) and the data contained there
- Bank Statements
- Transaction amounts
- Bank account numbers
- Credit / Debit card numbers
- Marketing & other Contact Preferences
As a financial institution and in connection with identity verification, fraud prevention and similar security purposes, XM collects and/or confirms some of these Personal Data elements through third parties’ sources such as government agencies and consumer reporting agencies.
3.3 Personal Data collected by XM websites
At its websites, XM collects Personal Data and aggregate information that Data Subjects voluntarily provide there, or by the implementation of cookies (as explained in the next section).
3.3.1 Definition and usage of cookies
A "cookie" is a small piece of information that is stored on your device (such as your computer) and which records the way that you use a website so that, when you revisit that website, it allows XM to provide tailored options based on the information that has been collected from your last visit. Cookies can also be used to analyse traffic and, in some cases, for providing you with tailored advertising and marketing.
Users of XM websites accept cookies, when visiting XM website for the first time. However, they are not required to turn on cookies in order to have a functioning website. Only after accepting to turn on the cookies, Personal Data will be processed. A different option is that the user sets his/her browser to warn him/her with a message for each cookie, only the cookies that have been accepted will be processing Personal Data. Whilst essential cookies are necessary to run XM Websites, the rest are not compulsory and require your consent.
Following are the broad categories of cookies used on XM websites:
3.4.2 Third Party Marketing Cookies and Social Advertising
- Essential cookies: These cookies make XM website operation work and therefore they cannot be turned off or rejected. These cookies do not gather any information about you and do not have the ability to remember how you have used our website;
- Performance cookies: XM use these cookies to help in the analysis on how its website is used and to improve its performance. For example, XM use them to understand where visitors to XM site are based, how many people visit the website and which sections of the website are the most used;
- Functionality cookies: These cookies allow XM website to remember if you have previously visited XM site or the choices you made to provide a more personalised online experience.
- Third-Party cookies: These are only installed if the user accept the cookies. They collect information from their device and perform tasks that analyse behaviour and collect other information, such as demographics. These cookies may be used to provide you with personalised advertising.
3.4.3 How to manage cookies
Our Performance, Functionality and Third-Party cookies are not strictly necessary for our website to work but will provide you with a better browsing experience. You can delete or block these cookies, but if you do this, you may have to manually adjust some preferences every time you visit our website and some features of the site may not work as intended. Most internet browsers are initially set up to automatically accept cookies, however you can decide at any time what type of cookies you want to accept. You can change the settings on your browser to block cookies or to alert you when cookies are being sent to your device.
3.4 Personal Data collected by XM through Social Media
In addition to the above XM may process Personal Data derived from Data Subjects’ social media resources like: Facebook, Twitter, YouTube, LinkedIn, Instagram, Google+, Pinterest, Weibo and WeChat, as the information Data Subjects choose to make available. These Personal Information elements may include but not limited to:
- Public Social Media Profile Name
- E-mail (if left public)
- Mobile number (if left public)
- Region (if left public)
- XM related posts (if left public). For example: Mentions & Hashtags
4. Legal basis for processing Personal Data
Personal Data will be processed by XM only if and to the extent that at least one of the following applies:
Compliance with Legal Obligations
XM may process Data Subjects’ Personal Data, when it is necessary for the compliance with a legal obligation, e.g. Anti-Money Laundering screening and reporting activities, to protect XM rights and to comply with court order or judicial proceedings.
XM may process Data Subject’s Personal Data when there is a weighed and balanced legitimate interest where the processing is needed, and such interest is not overridden by the rights of others, including the Data Subjects. e.g., to provide the service required, internal documentation, contact customers in relation to the transaction or for customer care initiatives and fraud prevention.
In certain scenarios, XM will process Personal Data from Data Subjects only after they have provided their consent for that specific purpose. For example, before sending direct marketing materials to customers and/or potential customers XM must obtain their consent.
XM will process Personal Data of Data Subjects to comply with its contractual obligations. For example: XM will transfer Personal Data from Data Subjects to third parties in order to provide the service required by Data Subjects, this in alignment with the terms and conditions of such service. Purposes of the Personal Data processing
5. Purpose of Data Processing:
XM generally uses Personal Data from Data Subjects for the purpose of providing them a service. This may include the following:
5.1 Automated Processing
- Authorising and processing Data Subjects’ transactions, including effecting and administering money transfers and ensuring proper payment to the designated recipient of funds.
- Monitoring and improving our services including websites/mobile apps and its content.
- Sending information about XM products and services.
- Customer care initiatives to improve XM services.
- Meeting legal, regulatory, self-regulatory, risk management, fraud prevention and security requirements, which may include (among other measures) verifying the identity of the sender and recipient of funds and checking identities against money laundering, terrorist financing or similar watch lists established by regulatory agencies or similar bodies. For identity verification purposes, senders and recipients of money transfers may be required to produce valid identification or consent to verification by other means before releasing funds.
- Maintaining business and transaction records for reasonable periods, and generally managing and administering XM business.
- Meeting insurance, audit and processing requirements.
- Otherwise with the Data Subjects’ consent or as permitted or required by law.
XM may conduct automated processing of Data Subjects’ Personal Data, such as: address, employment information, date of birth and transactions amounts with the sole purpose to comply with anti-money laundering regulations.
6. Personal Data Sharing
In alignment with the purposes established in this privacy statement, XM may disclose Personal Data from its Data Subjects to:
- Data Processors: XM will share Personal Data with third-party service providers, acting in behalf of XM (hereinafter “Data Processors”) including affiliates of XM acting as Data Processors to perform services on XM behalf, for example: information technology, data hosting, marketing, customer care, fraud prevention, etc. XM takes reasonable measures to ensure that Personal Data that is processed by Data Processors is protected and not used or disclosed for purposes other than as directed by XM.
- Third Party Data Controllers and Joint Controllers: XM will share Personal Data with third parties acting independently from XM but only in connection to the services required by the Data Subjects, for example: any intermediary banks or other financial institutions involved in the transaction of XM services.
- Successors: if XM is purchased by/sold to a third party, in which case personal data held by XM including you as our customer will be transferred. We will notify you of this through the most appropriate means
- Relevant Authorities: XM may disclose Data Subjects’ Personal Data as necessary to meet legal and regulatory requirements. This may include lawful requirements to disclose Personal Data to government authorities, for example, disclosures in compliance with suspicious activity reporting requirements under anti-terrorism, anti-money laundering and similar laws and regulations.
7. Cross Border Personal Data Transfers
In providing services to its customers, XM may transfer the Personal Data collected to destinations outside of the country where the Personal Data was originally collected, within the XM group of companies, with third party processors, or with XM partners. This is because the Personal Data is processed in those other locations. Where XM do so, XM ensure that security measures and appropriate safeguards are put in place to protect the Personal Data and ensure that all transfers comply with applicable data protection law. XM also ensures that processing is only ever carried out in accordance with XM instructions.
In all cases where XM transfers Personal Data across borders, XM rely on acceptable and defined legal mechanisms to ensure that XM protects Personal Data at all times. XM may use agreements and ‘adequacy’ protections that have been defined and approved by the relevant Data Protection Authorities.
8. Data Subject’s Rights
Data Subjects have certain right over their Personal Data being processed by XM. In summary, the Data Subject rights are:
- To be informed: Data Subject’s right to know how, why, for how long, on what legal bases his/her Personal Data is processed. This is the main purpose of this privacy statement.
- Access: Data Subject’s right to access their Personal Data to know what XM process from the and for what’s purposes (among other things).
- Rectify: Data Subject’s right to correct their Personal Data when this is not accurate.
- Erasure: Data Subject’s right to permanently delete their Personal Data after fulfilling certain requirements. The right is not absolute and only applies in certain circumstances.
- Restriction of processing. This means that an Data Subject can limit the way that XM uses their Personal Data. In such case and if applicable, XM will only store the Personal Data to comply with relevant regulation, but it won’t be processed for anything else.
- Right to object: In some cases, Data Subject have the right to object to certain processing, for example, if the Data Subject does not want to be contacted by XM for marketing purposes.
- Data portability. In certain scenarios Data Subjects may request XM to provide a copy of their Personal Data in a digital format or send it to a third party appointed by them.
9. XM Contact
For a Data Subject’s rights request, and queries or suggestions about this privacy statement, XM may be contacted at: firstname.lastname@example.org
10. Solicited/Un-Solicited Communications
XM employs a strict policy against sending unsolicited communications. Please note that opting out from Marketing/Customer Care communications does not exempt the user from receiving administrative communications (i.e. Transaction Notifications).
XM may contact Data Subjects in response to their inquiries, to provide services at the Data Subjects’ request and to manage their requirements.
XM websites and emails may contain links to various other websites. While XM makes every effort to ensure that its advertisers post clear and complete privacy statements and observe appropriate data protection practices, each of these websites has a privacy statement that may differ from XM one. The privacy practices of other websites and companies are not covered by this statement.
11. Security Measures to protect Personal Data
XM takes all reasonable steps to ensure that all Personal Data collected through its agents and websites is treated securely and in accordance with this privacy statement and strict data protection standards.
12. Retention of Personal Data
XM only retain Personal Data for as long as is necessary for XM to use it as described in this privacy statement or to comply with XM legal obligations. When determining the relevant retention periods, XM will take into account different factors, including: contractual obligations and rights; legal obligations to retain data for a certain period of time (for example, anti-money laundering laws); statute of limitations under applicable law; potential disputes; guidelines issued by relevant data protection authorities; and XM legitimate interests, where we need to consider retaining information to meet any other obligations. Otherwise, XM securely erase Personal Data once this is no longer needed.
13. Removal from XM Marketing Communications
Data Subjects may want to discontinue receiving marketing information from XM. While this may mean that Data Subjects will not receive product or service information of interest to them, XM respect Data Subject’s wishes not to be informed directly of these promotions or product introductions.
Data Subjects may inform XM that they want to opt-out for these communications by exercising their Data Subject rights (as explained in this privacy statement) or by opting out through the marketing materials received.
14. Changes to this Privacy Statement
XM reviews this privacy statement from time to time and may make periodic changes to it in connection with that review. Therefore, Data Subjects should periodically review XM website to make sure they are aware on the latest version.
Back to Top