Amaiz - Privacy policy

Last updated 4 June 2024.

Protecting your data

This policy sets out the basis on which Amaiz Ltd (“Amaiz”, “we”, “us”, “our”) will process any personal data about you that we collect from you or third parties, or that you provide to us, under the Data Protection Act 2018 (including the General Data Protection Regulation (EU) 2016/679 as implemented in the UK (“UK GDPR”), and any replacement statute from time to time (the “DPA”).

Words beginning with a capital letter that are not defined where they first appear in this policy will have the meaning given to them in the Amaiz Personal Account Terms & Conditions or Amaiz Business Account Terms and Conditions, as the case may be (“Service Terms”), which include this policy and govern your use of the Amaiz Account, Amaiz App, Amaiz Card and associated services (“Services”).
Data Controller

Amaiz Ltd are the data controller responsible for your personal data and we are registered with the Information Commissioner’s Office with reference number ZA308506.
Data Protection Compliance Manager

We have appointed a data protection compliance manager, who has a number of important responsibilities including:
- Monitoring Amaiz’s compliance with the GDPR and other data protection laws;
- Raising awareness of data protection issues, training Amaiz staff and conducting internal audits; and
- Cooperating with supervisory authorities such as the ICO on our behalf.
  
  You can contact our data protection compliance manager at: dpo@amaiz.com If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us via email.
  
  All questions relating to data and your privacy are welcomed and should be addressed to our support team. If you have any questions, comments or requests regarding this privacy policy then please:
  
  Contact Amaiz support at support@amaiz.com; and take a look at some helpful guidance on ICO website which can be found here.
Information we collect about you

In the course of providing the Services, we may collect and process the personal data specified in Annex A, for the relevant purpose and on the relevant legal basis also specified in that Annex.

Where relevant to your application and/or role the Services, we may check your details with a fraud prevention agency/agencies and credit reference agencies and if you give false or inaccurate information and we identified fraud, this will be recorded and may be shared by those agencies with other organisations and us, so that we and those other organisations, including law enforcement agencies and debt collection agencies, may access, use and search these records to check the details provided to us in the course of your job application or employment.

Please contact us at support@amaiz.com if you want to receive details of the relevant fraud prevention agencies.

More information about credit reference agencies, their role as fraud prevention agencies, the data they hold, for how long, your rights and how they use personal data is available at the following links to each agency’s Credit Reference Agency Information Notice:

Call Credit:
- www.callcredit.co.uk/crain
  
  Equifax
- www.equifax.co.uk/crain
  
  Experian:
  - www.experian.co.uk/crain
  Any credit reference agency we search will keep a record of any search, and other financial service providers may use it to assess applications they receive from you in the future.
How we use your data

We may use the personal data that we collect for the purposes explained in Annex A to this Policy.
Your rights

Your rights under the DPA and how to exercise them are explained the table in Annex B to this Privacy Policy.

This policy itself provides confirmation of the details required in relation to your right of access.

Our Services may, from time to time, contain links to and from the websites of partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We aim to keep your personal data up to date, so please advise them of any changes by e-mailing support@amaiz.com.

You must notify us by emailing support@amaiz.com within thirty days if any of any change in your name, residential address, telephone number, e-mail address, or referees' address, and any other details that we may reasonably consider to be material to our dealings with you.

Fees: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Disclosure of your information

We will keep your personal data confidential and only disclose it to others for the purposes explained in Annex A to this Policy.
Storing and transferring your data

The personal data that we collect will be stored in the UK and may be transferred to, and stored at, a destination inside the European Economic Area (EEA). As we provide an international service your data may be processed outside of the EEA in order for us to fulfil our contract with you to provide the Amaiz Services. We will need to process your personal data for us, for example, to action a request made by you to execute an international payment, process your payment details, carry out anti- money laundering and counter-terrorist financing checks and provide ongoing support services.

By submitting your personal data, you agree to this transfer, storing and processing.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App and/or our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised and unlawful access and processing, as well as accidental loss, destruction or damage. We use sophisticated website encryption technology to protect sensitive data that you submit to us online. We use this technology to reduce the risk of your data being

intercepted by unauthorised persons during transmission. However, the transmission of information via the Internet or other public networks is not completely secure and, while we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Services and any transmission is at your own risk.
Data retention

Your personal data will be stored for the duration of the Service Terms and any other agreement that we have with you, and for such time after that as required by Applicable Law or the limitation period for bringing claims under those agreements.

Amaiz is required under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain personal data about you and your Amaiz Transactions for a period of five years from the last transaction or end of the business relationship. Also, as an FCA authorised e-money institution, we are under further regulatory obligations to retain your data for a certain amount of time. For instance, under the Electronic Money Regulations 2011 you have the right to redeem your e-money up to six years after termination of the Service Terms or other business relationship. We will not hold any of your personal data for more than 6 years after the termination of our business relationship, unless we are compelled to do so by a regulatory body or law enforcement agency.
Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection

issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at support@amaiz.com .
Changes to Privacy Policy

We may make changes to this policy on the same basis as changes to the Service Terms.

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by SMS and/or e-mail when you next start the App or log onto the Site. The new terms may be displayed on- screen, and you may be required to read and accept them to continue your use of the App or the Services.
Cookies

This section sets out our policy on cookies and any personal data collected by us through their use (“Cookie Policy”).
- What are cookies?
  
  Cookies are data files containing small amounts of information which are downloaded to the device or browser you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website which recognises that cookie.
  
  Please note that we can also collect information about Service usage from data contained in “log files” from third parties. Log files are not cookies; they do not contain
  
  any personal data; and they are not used to identify your personal use of the Service. When you request any web page from the Service, web servers automatically obtain your domain name and IP address, but they reveal nothing personal about you and that data is only used to examine Service traffic in aggregate, to investigate abuse of the Service and its users, and/or to cooperate with law enforcement. Such data is not disseminated to third parties, except in aggregate.
  - How do we use cookies?
    
    We use cookies in order to ensure our Services function correctly and to improve our understanding of how they are used in order to make improvements. Cookies cannot harm your computer or other device.
  - What cookies do we use?
    
    Firstly, we explain what each type is and then, in the table below, we have stated which types we actually use.
    
    In general, there are four different types of cookies.
    - Necessary cookies: those required for the operation of our Services, which do not gather information about you that could be used for marketing or remembering where you have been on the internet.
    - Analytical/performance cookies: these allow us to collect information about how you use our Services, such as, how you move around our website and if you experience any errors. These cookies do not collect personal data. The information collected is anonymous and is only used to help us improve the way the Services work, understand what interests our users generally and measure how effective our
      
      advertising is. Some of the performance cookies we use are issued as part of services provided by third parties, like Google Analytics.
    - Functionality cookies: these are used to provide services or to recognise you when you return to our website, for example. These would enable us to personalise our content for you, greet you by name and remember your preferences and improve your visit.
    - Targeting cookies: these record your visit to the Service, the pages you have visited and the links you have followed. They are linked to services provided by third parties, such as "Like" and "Share" buttons. The third party provides these services in return for recognising that you have visited our website and are subject to the privacy policy of the third party who set them (e.g. a social media or network service). The third party may subsequently use information about your visit to target advertising to you on other websites and present you with advertisements that you may be interested in.
  - How do I manage my cookie settings
  Please note that configuring your computer and/or mobile browser to reject ‘necessary’, ‘performance’ or ‘functional’ cookies may severely impact your experience on our website and some parts of our Services will not function at all.
  
  All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the ‘settings’, 'preferences' or 'options' menu of the browser you are using, but you could also look for a ‘help’ function or contact the browser provider. If you are unsure as to how to manage your cookies, please see the following links to view instructions for the most commonly used web browsers:
  
  Firefox internet settings Chrome cookie settings Opera cookie settings Safari cookie settings Edge cookie settings
  
  You should check the privacy policy and tools provided by any third-party service you may use that set Targeting cookies on your browser or device.
General

This Privacy Policy shall be governed by and construed in accordance with English law and the parties agree that the courts of England shall have exclusive jurisdiction to decide any dispute arising under it, except that you may bring proceedings in the courts of Northern Ireland or Scotland if you are resident in either of those jurisdictions.

Annex A

Personal Data Collected

Purpose

Basis for processing

Information you give us "Submitted Information": This is information you give us about you by filling in forms or on the App and/or the Site, or by corresponding with us (for example, by e-mail or). It includes information you provide when you register for an Amaiz account,, subscribe to any of our services, enter into any transaction (such as a Top Up, Instant Transfer, Amaiz Bank Transfer, Electronic Money Exchange), participate in discussion boards or other social media functions, enter a competition, promotion or survey and when you report a problem with your account, the Services, or the Site. If you contact us, we will keep a record of that correspondence, and may use redacted information for other services. The information you give us may include your name, address, date of birth, e-mail address, phone number, username, password and other registration information, financial, details of your account including the bank account number, sort code, IBAN, details of your debit and credit cards including the long number, relevant expiry dates and CVC, identification document numbers, copies of identification documents (for example, passport, driving licence and utility bill) personal description and photograph and any other information you provide us in order to prove your eligibility to use our Services.
transaction information including date, time, amount, currencies used, exchange rate, beneficiary details, details and location of the merchant or ATMs associated with the transaction, IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, device information used to facilitate the payment and the payment instrument used;
details of your transaction details relating to your use of our

to manage and administer the Services;
to enable you to use the Services;
to deal with enquiries, complaints and feedback from you;
To give you any notices under any agreement with you;
To keep you informed about your relationship with us;
To update our records;
To identify, prevent, detect or tackle fraud, money laundering and other crime;
To carry out checks required by applicable regulation or regulatory guidance;
To carry out our obligations arising from and exercise our rights under, any agreements between you and either of us or other users of the Service;
To check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.

For the above purposes, each of we may disclose your personal data to any member of our group, which means our subsidiaries, in any part of the EEA or elsewhere.

To disclose to third parties:
If it is under a duty to disclose or share your personal data in order to comply with any legal obligation;
To enforce this Privacy Policy or any other agreement with you;
to a credit reference agency to check your identity and to prevent fraud, (it will also keep a record of your request and use it whenever anyone applies to be authenticated in your name);

processing is

necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which we are subject;

(f) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

services, including who you have sent money or electronic money to, foreign exchange transactions you have entered into, the time, date and location of the place the transaction was entered into.

c) location Information. We use GPS technology and your IP address to determine your location – this may be used when the App is running in the foreground and the background of your Device. This is used to prevent fraud, for instance if your mobile device is saying that you are based in the UK, but your card is being used to enter into an ATM Withdrawal or point of sale purchase in Spain, we may not allow that transaction to be processed. Our card protection and fraud-prevention measures require this personal data for the feature to work.

to our banking and financial service providers, card manufacturing, personalization and delivery service providers agents and subcontractors, acting for the purpose of operating the Services;
to debt collectors and other third parties to trace you and recover any debt;
to provide a unified service across all of our products and services, we may disclose your personal information to any member of the Amaiz group, which means any of our subsidiaries or related entities. Companies in the Amaiz group will be acting as joint controllers or processors in order to provide the Amaiz Services;
In the event that we sell any business or assets, in which case it may disclose your personal data to the prospective seller or buyer of such business or assets;
To protect the rights, property, or safety of us, our customers, or others (which includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction);
To investigate, prevent or detect fraud or carry out checks against money laundering;
For audit purposes and to meet obligations to any relevant regulatory authority or taxing authority.

Information we collect about you and your Device. Each time you visit the App or our Site we will automatically collect the following information:

(i) technical information, including the internet protocol (IP) address used to connect your computer or Device to the Internet, your login

To identify, prevent, detect or tackle fraud, money laundering and other crime;
to prevent your Amaiz Card being used fraudulently;
to improve your browsing experience by personalising the Services;
To develop and improve the

Service;

(b) processing is

necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;

(f) processing is necessary for the purposes of the

information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, Device information and the type of mobile device you use, a unique Device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting "Device Information"; (ii) information about your visit, including the full uniform resource locators (URL), clickstream to, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse overs), methods used to browse away from the page, device information;	To ensure that content on the Services is presented in the most effective manner for you and for your computer; To disclose to third parties: To comply with a current judicial proceeding, a court order or legal process served on us or our Services, any request by any regulator who may have jurisdiction over us from time to time or for audit purposes and to meet obligations to any relevant regulatory authority or taxing authority; To enforce this Privacy Policy or other agreement with you;	legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
(iv) information stored on your Device, including if you allow Amaiz to access contact information from your address book, login information, photos, videos or other digital content, check ins (Content Information). The App will periodically recollect this information in order to stay up-to- date;
We may make and retain copies of passports or other identification evidence that you provide for anti- money laundering and anti-fraud purposes;	To identify, prevent, detect or tackle fraud, money laundering and other crime; To carry out checks required by applicable regulation or regulatory guidance;	(b) processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
	To disclose to third parties for: To comply with a current judicial proceeding, a court order or legal process served on us or our Services, any request by any regulator who may have jurisdiction over us from time to time or for audit purposes and to meet obligations to any relevant	(c) processing is necessary for compliance with a legal obligation to which we are subject; (f) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such

	regulatory authority or taxing authority; To enforce this Privacy Policy or other agreement with you; to a credit reference agency to check your identity and to prevent fraud, (it will also keep a record of your request and use it whenever anyone applies to be authenticated in your name);	interests are overridden by
		your interests or
		fundamental rights and
		freedoms which require
		protection of personal data.
Information about your physical or mental health or condition (where necessary and appropriate to comply with regulatory requirements relating to customers with such conditions)	to meet our employment and related regulatory obligations; to manage and administer the Services; to enable you to use the Services; To disclose to third parties for: To comply with a current judicial proceeding, a court order or legal process served on us or our Services, any request by any regulator who may have jurisdiction over us from time to time or for audit purposes and to meet obligations to any relevant regulatory authority or taxing authority; To enforce this Privacy Policy or any other agreement with you; to agents and subcontractors, acting for us, to use for the purpose of operating the Services; to debt collectors and other third parties to trace you and recover any debt;	processing is necessary for the establishment, exercise or defence of legal claims; An exemption under the Act also applies to records of our intentions in relation to any negotiations with you to the extent that the provisions would be likely to prejudice those negotiations.
Marketing	To provide you with information, products or services that you request or which we decides may interest you; For statistical analysis; To identify which elements of the Services or other products might interest you; If we decide to engage advertisers to promote our products and services, the	With your consent
Submitted Information, Location Information or transaction information) Records of any surveys that you may be asked to complete;		We have established an Amaiz Subscription Centre, where you can view and make individual decisions about your personal data use concerning marketing emails. For push notifications, please see

advertisers and their advertising networks may require anonymised personal data to serve relevant adverts to you and others. We will never disclose identifiable information about individuals to advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 700 men aged under 28 have clicked on their advertisement on any given day). We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant for a sub-section of our users (for example, women in Manchester). In some instances, we may use personal data we have collected from you to enable our advertising partners to display their advertisement to their target audience; We also use analytics and search engine providers that assist us in the improvement and optimisation of our site;

your mobile device setting for more details.

You will receive marketing communications from us if you have signed up to and/or utilise the Amaiz Services and, in each case, you have not opted out of receiving marketing notifications.

Third-party Marketing: We will obtain your express opt-in consent before we share your personal data with any company outside the Amaiz group of companies for marketing or promotional purposes.

Opting Out: You can ask us or third parties to stop sending you marketing messages at any time by adjusting your marketing preferences by following the unsubscribe links on any marketing message sent to you.

Annex B Your Rights

Your Rights and How to Exercise Them

Exception

Right of Access: To obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision- making, including profiling, referred to in Article 22(1) of the GDPR and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

How to exercise:

This Privacy Policy provides confirmation of the details required in relation to your right of access.

Under the DPA, you have a right to access certain personal records that we hold about you. Any access request may be subject to a fee to meet our costs (as the case may be) in providing you with details of the information they hold about you if the request is unfounded or excessive.

If you wish to exercise this right, then please reach out to our support team via the in-App chat function or email dpo@amaiz.com

Right to rectification: to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

We must communication to each recipient to whom the rectified personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

We shall inform the data subject about those recipients if the data subject requests it.

You can exercise the right at any time by contacting us at support@amaiz.com .

Right to erasure: to obtain from us the erasure of personal data concerning you without undue delay where:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

you object to the processing based on legitimate interest where there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation to which we are subject.

We must communication to each recipient to whom the erased personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

We shall inform the data subject about those recipients if the data subject requests it.

You can exercise the right at any time by contacting us at support@amaiz.com.

Processing is necessary for

(b) compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or

(e) the establishment, exercise or defence of legal claims.

Where we are not able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example, as an FCA authorised firm, Amaiz is under certain obligations to retain certain data for a minimum of 6 years (see above). Please note that these retention requirements supersede any right to erasure requests under applicable data protection laws.

Right to request the restriction of processing concerning you: to obtain from us restriction of processing where:

the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
you object to the processing based on legitimate interest pending the verification whether our legitimate grounds override yours.

We must communication to each recipient to whom the restricted personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

We shall inform the data subject about those recipients if the data subject requests it.

You can exercise the right at any time by contacting us at support@amaiz.com .

Where processing has been restricted under this right, such personal data shall, except for storage, only be processed:

with your consent; or
for the establishment, exercise or defence of legal claims; or
for the protection of the rights of another natural or legal person; or
for reasons of important public interest of the Union or of a Member State.

Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter with you (including the Amaiz Services). In this case, we may have to cancel your use of the Amaiz Services, but we will notify you if this is the case at the time.

The right to data portability: to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:

the processing is based on consent or is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract; and
the processing is carried out by automated means.

You have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to the right to erasure.

If you wish to exercise this right, then please reach out to our support team via the in-App chat function or email dpo@amaiz.com

That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

The right to object to processing: to object, on grounds relating to your situation, at any time to processing of personal data concerning you which is based on processing necessary for the purposes of the legitimate interests pursued by us or a third party (except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data), including profiling.

You can exercise the right at any time by contacting us at support@amaiz.com,

Where:

we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject; or
for the establishment, exercise or defense of legal claims.

If you object to the processing of certain data, then we may not be able to provide the Amaiz Services and it is likely we will have to terminate your account.

The right to ask us not to process your personal data for direct marketing purposes: to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You have the right to ask us not to process your personal data for marketing purposes. Each of we will usually inform you (before collecting your data) if it intends to use your data for such purposes or if it intends to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms used to collect your data.

You can also exercise the right at any time by contacting us at support@amaiz.com

The right not to be subject to automated individual decision-making, including profiling: to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

You can exercise the right at any time by contacting us at support@amaiz.com

If the decision:

is necessary for entering into, or performance of, a contract between you and us;
is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
is based on the data subject's explicit consent.

In the cases referred to in points (a) and (c) we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express his or her point of view and to contest the decision.

Protecting your data

Data Controller

Data Protection Compliance Manager

Information we collect about you

How we use your data

Your rights

Disclosure of your information

Storing and transferring your data

Data retention

Complaints

Changes to Privacy Policy

General

Annex A

Annex B Your Rights