FOREIGN CURRENCY DIRECT IS COMMITTED TO PROTECTING AND RESPECTING YOUR PRIVACY

1. What is this document and why should you read it?

This fair processing notice explains how and why Foreign Currency Direct plc (also referred to as “FCD”, “we”, “our” and “us”) uses personal data about those individuals who purchase goods or services from us, supply goods or services to us, visits our website at www.currencies.co.uk (the “Website”), or otherwise communicates or engages with us (referred to as “you”).

You should read this notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we give to you, that might apply to our use of your personal data in specific circumstances in the future.

2. FCD’s data protection responsibilities

“Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples of your personal data, if they identify you.

The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.

FCD is a so-called "controller" of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.

3. What types of personal data do we collect and where do we get it from?

We collect different types of personal data about you when you visit our Website, purchase something from us or otherwise communicate or engage with us. We also obtain some personal data from other sources, and create some personal data ourselves.

If any of the personal data we hold about you changes, such as your contact details, please inform us without delay by contacting us via email at info@currencies.co.uk or via telephone on 01494 725353.

We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.

Category

Type of personal data

Collected from

Contact Information
  • Name
  • Address
  • Telephone number
  • Email address
  • Your communication preferences
  • The above information in relation to any nominated person or representative appointed by you
  • You
  • Your nominated representative
  • A third party appointed by us to make referrals
  • An existing client of ours making referrals
  • Publicly available sources
Background And Identity Check Information
  • Contact Information (see above)
  • Time at existing home address and previous home addresses
  • Date of birth
  • Gender
  • Passport
  • Driving licence
  • Government issued photo identification
  • Nationality
  • Tax residency
  • Utility bill and/or other proof of address or identity, such as a bank statement or driving license
  • Employment Status (including whether you are employed, retired or receive benefits)
  • Financial status and condition
  • Source of wealth
  • Credit reference checks
  • In relation to our corporate clients, the above background and identity check information in relation to directors, relevant employees or beneficial owners of the corporate client.
  • You
  • Your nominated representative
  • Third party systems used for our identity and background checks
Client Information
  • Contact Information (see above)
  • Individual reference number or account number (relevant to your account(s), product(s) or service(s))
  • Amount(s) to be exchanged
  • Payment information
  • Your banking details (including any standing order or direct debit mandates)
  • Fraud checks or flags raised about your transaction(s), including payment refusals
  • Evidence of source or destination of funds or wealth and the reason(s) for carrying out the currency exchange transactions and money transfers
  • Communications we may have with you, whether relating to your account(s), received services or otherwise. Please note that we record calls to our customer services team
  • Any additional information that you provide to us voluntarily or for account security, including (for example) mother’s maiden name
  • Responses to surveys or feedback requests
  • Sensitive Information (see sub-categories below)
  • You
  • Your nominated representative
  • Third party fraud checking service
  • Your bank
Website Information
  • IP address and other online identifiers / web beacons
  • Details of your online browsing activities on our website, including the full Uniform Resource Locators (URL), clickstream to, through and from the site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages on our Website, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page
  • Your browser type and version, relevant plug-ins, operating system and platform
  • Your time zone settings
  • User names, passwords and other log-in information used on our Website
  • Your account settings including any default preferences, any preferences we have observed, such as the types of offers that interest you, or the areas of our website that you visit.
  • You
  • Device used to access the Website
  • Our Website (including the cookies used)
Sensitive Information
  • Information relating to actual or suspected criminal convictions and offences (pursuant to anti-money laundering and identity checks)
  • You
  • Your nominated representative
  • Third party systems used for our identity, background and fraud checks

4. What do we do with your personal data and why?

We process your personal data for particular purposes in connection with your use of the Website, the provision of services or goods from us to you (or vice versa), your communication or other engagement with us and the management and administration of our business.

We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.

Please note that where we have indicated in the table that our processing of your personal data is either:

(a) necessary for us to comply with a legal obligation; or

(b) necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it,

and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.

Purpose of processing

Lawful basis

Your consent

To perform a contract with you

To comply with a legal obligation

For our legitimate interests

1. Responding to your enquiries and/or complaints Yes Yes
(It’s important that we can respond to you in relation to such matters)
2. Communicating with you about your transaction, product or service (e.g. periodic statements), verifying that your instructions are genuine and processing them accordingly Yes
3. Sending you information and communications as set out in the section “How do we communicate with you?”, below Yes
(We may need your consent in relation to certain direct marketing communications)
Yes
(It is important to keep you updated of transactions made with us and notified of factual updates to our engagement with you)
4. Contacting you when we have updated this Notice and considering whether it is necessary to advise you about any changes to the way we are processing your personal data Yes
5. Inviting you to provide optional feedback about your transaction experience, via independent global rating and review providers Yes
(It is in our interests to carry obtain feedback on our services and conduct market research)
6. Supplying your details to marketing automation and inbound Sales system providers Yes

Background and Identity Check Information

7. Performing anti-money laundering checks in relation to your investment(s) and/or other engagements with us Yes Yes
(Performing anti-money laundering checks in relation to your use of our services and/or other engagements with us)
8. Performing identity checks in relation to your transaction(s) and/or other engagements with us Yes Yes
(We need to ensure that the identity of our customers/suppliers is verified)
9. Performing checks with credit reference agencies (PLEASE ALSO SEE THE BELOW SECTION ‘PROTECTION AGAINST FRAUD AND CREDIT CHECKS’) Yes
10. Ensuring that you are eligible for a transaction or service Yes
11. Verifying the adequacy of your income, net worth or source of funds or source of wealth Yes Yes
(We need to ensure compliance with anti-money laundering requirements)
12. To carry out checks in relation to corporate clients, individual client representatives or other relevant individuals connected with clients (including, without limitation, directors or relevant employees and beneficial owners), for example conducting sanctions screening, identity checks and conducting searches with credit reference agencies Yes Yes
(It is important that we seek to verify those that we have dealings with)

Website Information

13. Ensure the operation and performance of the Website (PLEASE ALSO SEE THE COOKIES SECTION BELOW) Yes
(To ensure the Website functions correctly)
14. To improve the functionality of the Website Yes
(It is in our interest to keep the Website up to date and improve its functionality for the benefit of users)
15. To enable you to create accounts and log-in to them via the Website Yes Yes
(It is in our interests to grant you access to a private log-in where you can access information relevant to you and your transactions and services)
16. To use targeted cookies in relation to advertising, including to measure or understand the effectiveness of advertising we provide to you and others, and to deliver relevant advertising to you e.g. email and display advertising
(PLEASE ALSO SEE THE COOKIES SECTION BELOW)
Yes
17. To allow you to participate in interactive features of the service, when you choose to do so Yes Yes
(It is in our interest in enable you to more easily manage the services you receive)

Client Information

18. To process any transaction or other service requests, including by enabling payments to be made Yes
19. To provide you with any incentives you qualify for, such as gift cards Yes
20. To recover any money amounts owed to us Yes Yes
(It is in our interest to ensure we receive payment for our services)
21. To assess any payments made by you for fraud and to minimise the risk of false details being used, including the abuse of card details by fraudsters (PLEASE ALSO SEE THE BELOW SECTION ‘PROTECTION AGAINST FRAUD AND CREDIT CHECKS’) Yes Yes
(It is important that we seek to limit incidents of fraud)
22. To contact the bank of the account notified to you by FCD into which any payments are to be made, or an intermediary bank, to check that the payment has been received before proceeding with any payments as part of the services Yes

All categories

23. Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity Yes
(where a relevant legal obligation applies)
Yes
(It is in our interests to receive payment for services and avoid instances of fraud)
24. To comply with binding requests made by you when exercising your legal rights (such as those contained within this notice) Yes
(where mandatory)
Yes
(where good governance)
25. Complying with binding requests or instructions from applicable regulators, law enforcement agencies, any court or otherwise as required by law Yes
(where mandatory)
Yes
(where good governance)
26. Recording incoming and outgoing calls for quality control, risk management and regulatory purposes Yes
(where mandatory)
Yes
(where good governance)
27. To carry out monitoring of trades and transactions for continued compliance with our regulatory obligations (such as anti-money laundering) and to keep records of the transactions we have undertaken Yes
28. For our general record-keeping and customer/supplier relationship management Yes Yes
(for example, to comply with obligations under laws relating to consumer, taxation, accounting, data protection and money laundering)
Yes
(We need to store customer/supplier related information so we can refer back to it)
29. Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation Yes
(We have a legitimate interest in being able to sell any part of our business)
30. Resolving any complaints from or disputes with you Yes
(We need to be able to try and resolve any complaint or dispute you might raise with us)

 

We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports.  For example, to help us understand and improve the use of our Website.

5. Sensitive Information

Some of the processing described in the above table will include the processing of ‘special categories of personal data’ and/or sensitive personal data (together, “Sensitive Information” – as set out in the table at paragraph 3, above). This refers to sensitive or special categories of personal data which we are required to process with more care, according to applicable laws.

The table below sets out the different purposes for which we process your Sensitive Information and the relevant lawful basis on which we rely for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

Purpose of processing

Sensitive information – lawful basis

You have given your explicit consent to the processing

It is necessary to protect somebody’s vital interests or they are incapable of giving consent

It is necessary for the establishment, exercise or defence of legal claims

It is necessary for reasons of substantial public interest

Performing anti-money laundering checks Yes Yes
Performing identity checks Yes Yes

6. Who do we share your personal data with, and why?

Sometimes we need to disclose your personal data to other people.

Inside FCD’s Group:

We are part of a wider group of companies. Therefore, we will need to share your personal data with other companies in the FCD group for our general business management purposes and, in some cases, to meet our client needs where providing services across branches/locations and/or for authorisations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis.

Access rights between members of the FCD group are limited and granted only on a need to know basis, depending on job functions and roles.

Where any FCD group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.

Outside FCD’s Group:

From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our outsourced IT systems software and maintenance, back up, and server hosting providers.

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:

(a)  services provided to you or us by a third party acting independently to FCD but which has a relationship with FCD, for example certain payment, fraud or credit checking services;

(b) the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors; and

(c) the disclosure of your personal data in order to comply with a regulator or law enforcement request, legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.

We have set out below a list of the categories of recipients with whom we are likely to share your personal data:

(a) IT support, Website and data hosting providers and administrators;

(b) banks and payment service providers in relation to transactions you perform with us;

(c) providers of risk management solutions, which includes IBAN validation services, transaction monitoring systems or sanction, PEP and adverse media screening solutions;

(d) independent global rating and reviews providers;

(e) consultants and professional advisors including legal advisors and accountants;

(f) specialist document storage and archiving companies;

(g) marketing automation, advertising networks and email service providers;

(h) SMS providers, as an additional method to communicate to you regarding transactions;

(i) courts, court-appointed persons/entities, receivers and liquidators;

(j) providers of incentives or any other rewards you may qualify for;

(k) business partners and joint ventures;

(l) introducers and affiliates, in the event that you are referred to us by a third party;

(m) insurers; and

(n) governmental departments, statutory and regulatory bodies including (in the UK) (n) the Department for Work & Pensions, Information Commissioner’s Office, the police, the National Crime Agency and Her Majesty’s Revenue and Customs.

7. Where in the world is your personal data transferred to?

As part of an organisation that deals in international transfers of currency, FCD may transfer your personal data to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.

If any disclosures of personal data referred to above require your personal data to be transferred from within to outside the European Economic Area, we will seek to ensure that it is adequately protected by way of safeguards, including the use of EU Standard Contractual Clauses, reliance on an adequacy decision of the European Commission in relation to the relevant recipient jurisdiction or reliance on a US recipient being certified under the EU/US Privacy Shield framework.

For more information about what appropriate safeguards we use and how to obtain a copy of them or to find out where they have been made available, please contact us using the details below.

8. How do we keep your personal data secure?

We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

9. How long do we keep your personal data for?

We will only retain your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:

(a) any laws or regulations that we are required to follow, such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017;

(b) whether we are in a legal or other type of dispute with each other or any third party;

(c) the type of information that we hold about you; and

(d) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

10. How do we communicate with you?

We will use your personal data to communicate with you:

(a) in relation to any transactions you perform with us;

(b) to administer our relationship with you;

(c) to respond to any questions or complaints that you may have; and

(d) to invite you to take part in market research or request feedback on our products and services.

From time to time and with your opt-in consent (if required), we will provide you with information about our products, services, promotions and/or offers (or those of third parties) which may be of interest to you. Such communications will be sent either by email, text, post or telephone.

We may also (with your opt-in consent, if required) provide your contact details to third parties so that they might send you details of their products, services, promotions and/or offers directly.

If you do not wish to receive direct marketing communications from us, you can opt-out at any time by either following the instructions within the communication or emailing info@currencies.co.uk or telephoning 01494 725353.

If you decide at any point that you no longer wish to receive direct marketing communications from a third party, please contact that third party directly or follow the instructions (if any) given in their communication to you.

11. Cookies

When you visit the Website, a number of “cookies” are generated and deployed.

If you do not agree to our use of cookies, you should set your browser settings accordingly or not use the Website. Please be aware that if you disable the cookies that we use, this may impact your user experience while using the Website.

The table below summarizes the different types of cookie we use on the Website, together with their respective purpose and duration (i.e. how long each cookie will remain on your device).

Two types of cookies may be used on the Website - "session cookies" and "persistent cookies". Session cookies are temporary cookies that remain on your device until you leave the Website. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or "lifetime" of the specific cookie and your browser settings).

Cookies used on the Website

Type of Cookie

What do they do?

Do these cookies collect my personal data / identify me?

Necessary Cookies that are essential to making the Website work correctly. They enable visitors to move around our website and use our features. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session. These cookies do not identify you as an individual.
If you do not accept these cookies, it may affect the performance of our website.
Performance / Analytical Cookies that help us understand how visitors interact with our web properties by providing information about the areas visited, the time spent on the Website and any issues encountered, such as error messages. They help us improve the performance of our Website, alert of any concerns and more. These cookies don’t identify you as an individual. All data is collected and aggregated anonymously.
Functionality Cookies that allow our web properties to remember the choices you make (such as your user name, language or the region you are in) to provide a more personalized online experience. The information these cookies collect may include personally identifiable information that you have disclosed, such as a username, for example. We shall always be transparent with you about what information we collect, what we do with it and with whom we share it.
If you do not accept these cookies, it may affect Website performance and functionality and may restrict access to web content.
Targeting / Advertising Cookies Cookies that record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. They are also used to track the effectiveness of advertising campaigns. The information these cookies collect will include your IP address and your online browsing preferences.

Some targeting/advertising cookies may be placed on behalf of third party organisations. These include:

Cookie Name

Source

Notes

test_cookie www.doubleclick.net This cookie is used to check if the browser supports cookies.
conversion www.googleadservices.com This cookie is used for tracking conversions.
Facebook Pixel www.facebook.com This cookie is used to measure, optimize and build audiences for advertising campaigns served on Facebook.

What are Cookies?

Cookies are files or pieces of information that may be stored on your computer (or other internet-enabled devices, such as a smartphone or tablet) when you visit the Website. A cookie will usually contain the name of the website from which the cookie has come from, the "lifetime" of the cookie (i.e. how long it will remain on your device) and a value, which is usually a randomly generated unique number.

We use cookies to make the Website easier to use and to better tailor our web presence and products to your interests and needs. Cookies may also be used to help speed up your future activities and experience on the Website. We also use cookies to compile anonymous, aggregated statistics that allow us to understand how people use our web properties and to help us improve web structure and content. We cannot identify you personally from this information.

Most internet browsers are initially set up to automatically accept cookies. You can change the settings to block cookies or to alert you when cookies are being sent to your device. There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings.

If you disable the cookies that we use, this may impact your experience while on the Website. For example, you may not be able to visit certain areas of the Website.

If you use different devices to view and access the Website (e.g. your computer, smartphone, tablet etc.), you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.

If you would like more information about cookies, FCD can recommend aboutcookies.org and www.allaboutcookies.org as helpful resources. Both websites also provide instructions on how to reject cookies if you would like to do so.

12. Protection against fraud

The personal data we collect from you may be shared with Fraud Prevention Agencies (Action Fraud) who will use it to prevent and investigate fraud and money-laundering.

If fraud is detected, your request to transact or acquire other services may be refused, or existing transactions, services or other relationships with us may be terminated. Further details of how your information will be used by us and these fraud prevention agencies is set out in the tables above, and details of your data protection rights can be found at the end of this notice.

You can read the full notice from the Action Fraud here: https://www.actionfraud.police.uk/privacy/data-sharing

13. Credit Reference Agencies (CRAs)

In order to process your transactions or request for services with us, we may need to supply your personal data to CRAs and they will give us information about you, including about your financial situation and financial history. CRAs will supply us with both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to verify the accuracy of the data you have provided to us.

In respect of the UK, the role of CRAs as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail within the Credit Reference Agencies Information Notice (CRAIN), which can be found on each of the CRAs’ websites:

Further, and again in respect of the UK, you have a right to apply to the CRAs for a copy of your file. Please be aware that the information held by one CRA may different to that held by another. Should you wish to exercise this right, please contact the CRA directly, using the following details:

Call Credit

Post: Callcredit Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Web Address: http://www.callcredit.co.uk/consumer-solutions/contact-us

Email: consumer@callcreditgroup.com

Phone: 0330 024 7574

Equifax

Post: Equifax Ltd, Customer Service Centre PO Box 10036, Leicester, LE3 4FS.

Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html

Email: https://www.equifax.co.uk/ask

Phone: 0333 321 4043 or 0800 014 2955

Experian

Post: Experian, PO BOX 9000, Nottingham, NG80 7WF

Web Address: http://www.experian.co.uk/consumer/contact-us/index.html

Email: consumer.helpservice@uk.experian.com

Phone: 0344 481 0800 or 0800 013 8888

14. What are your rights in relation to your personal data and how can you exercise them?

Where our processing of your personal data is based on your consent (please see the tables above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.

Where our processing of your personal data is based on the legitimate interests (please see the tables above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.

You have the right to (subject to applicable laws and certain limitations):

(a) access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;

(b) require us to correct any inaccuracies in your personal data without undue delay;

(c) require us to erase your personal data;

(d) require us to restrict processing of your personal data;

(e) receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated; and

(f) object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).

You also have the right to lodge a complaint with the relevant Supervisory Authority (in the UK this would be the Information Commissioner’s Office, for example.

15. Updates to this notice

We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We will update you on material changes to this notice by sending you an email. We also encourage you to check this notice on a regular basis.

16. Where can you find out more?

If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any issues or concerns with us, you can telephone on 01494 725353 or email info@currencies.co.uk.