Last updated: October 13, 2021
1.2. By using our Services, Website or our Mobile App You (“you”, “your”) acknowledge and confirm that you have read, understood, and agree with Policy and to the data practices described in it. Also, after start using our services, this Policy becomes a Supplement to the GFI Terms and Conditions. If you do not agree with the Personal Data practices described in this Policy, you should not use our Services, the Website or the Mobile App.
1.3. We periodically at its sole discretion update or amend this Policy by publishing an updated version of the Policy on the Website. An amended or updated version of this Policy shall take effect upon its publishing on the Website. We encourage you to review this Policy periodically.
1.4. GFI will notify You 60 (sixty) days prior to any material amendment of the conditions related to this Policy come into force by publishing notifications on the Website . Should you not wish to accept those amendments, you should notify us in written 30 (thirty) days before amendments come into force. If You does not submit a notification to us with before the date when the amendments come into force it will mean that You fully agrees with the amendments in this Policy.
1.5. All capitalized terms and definitions, not defined in this Policy, have the meaning prescribed to them in the GFI Terms and Conditions.
Consent means any your confirmation given freely and knowingly by which you consent to the Processing of your Personal Data;
Company means Global Financial Innovations LTD, a licensed by Financial Conduct Authority as authorized payment institution incorporated in England and Wales with company number 11311307, address at Office 679 2 Kingdom Street, London, England, W2 6JP and is registered with the data protection authority of the United Kingdom under the reference number ZA354050;
You means a natural person, the company, or other legal entity on behalf of which such natural person uses or has expressed the intention of using the Service and whose Personal Data we process;
Cookies means small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses;
Data Subject means identified or identifiable natural person/s; person/s beings from whom Company collects information connection with it’s business and operations;
EU means the member states of European Union;
EEA— means the member states of the European Economic Area;
ICO means Information Commissioner’s Office, the data protection authority of the United Kingdom;
Processing means any operation carried out with Personal data (incl. collection, recording, storing, viewing, use, alteration, grant of access to, making enquiries, transfer, consultation, erasure or destruction, etc.);
Personal Data means any information relating to you as an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Service(s) means Company services, which are provided to Company clients. Company engaged in payment services provision, detailed description of Company services is specified in the Terms & Conditions
Service Provider means any natural or legal person who processes the Personal Data on behalf of the Company. It refers to third-party companies under the business partnership or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used;
UK— United Kingdom;
Web beacon means small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our sites, services, applications, messaging, and tools, that typically work in conjunction with cookies to identify our users and user behavior.
3. PURPOSE AND CONSENT
3.1. This Policy has been developed for purposes of compliance with the applicable laws and regulations, such as, UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 (DPA), United Kingdom Data Protection, Privacy and Electronic Communications (EU Exit) Regulations 2019, ICO guidance and in accordance with other requirements set out by the legal enactments of the European Union, (“ EU GDPR”) ( hereinafter all above mentioned- the “Regulations”).
3.2. The submission of your Personal Data to us, usually, obtain certain services provided by us. We strongly presume that by submitting your Personal Data to us, you agree to such data transfer, storing and processing. In order to make sure that your Personal Data is treated securely and in accordance with the highest security and privacy standards, we take all steps reasonably. We are under unconditional obligation to ensure confidentiality and adequate protection of your Personal Data.
3.3. Personal data is used to provide you with secure access to our services and to enhance your client experience with our services. Your Personal Data enables us to understand your individual needs so that we can provide you with best possible support and advice. Without information about you, we may not be able to provide you with the services or the support you request or require. All of the Personal Data we obtain is protected, collect, process and use to comply with applicable laws and regulations, including Anti Money Laundering and Counter Terrorism Financing legally binding obligations subject to Customers due diligence and Know Your Customer purposes.
3.4. This Policy explains:
3.4.1. Types of Personal Data we collect and process;
3.4.2. What purposes and on what grounds do we process Personal Data;
3.4.3. Do we transfer Personal Data to third party and outside UK;
3.4.4. Your rights in relation to the Personal Data processing carried out by us;
3.4.5. Providing the safety of Personal Data;
3.4.6. How long we keep the Personal Data;
4. PERSONAL DATA (CATEGORIES) WE COLLECT ABOUT YOU AND PROCESS
4.1. For the purposes specified in this Policy and within the scope of the intended purposes, we process your Personal Data sets (categories) as follows:
• Your identification data: First name, surname, identity number, date of birth, information specified in your identification document (passport or ID card) or other document containing you Personal Data
• Your contact information: postal address, telephone number, email address, other contact information, e.g. Skype, What’s App, Telegram, etc
• Information relating to your tax residence: country of birth, residence, taxpayer number, nationality, place of tax residence.
• Information relating to your professional activity and your education: Your place of work, profession, position, occupation, length of service, education. Financial information: ownership, transactions, credits, income, liabilities, assets, including bank account and payment card numbers, cash flow, i.e. incoming and outgoing payments and information included thereof, transaction history, loan obligations, agreement and invoice copies, information on business activities, on own and/or business accounts with other credit institutions, other obligations or liabilities
• Data of related persons, if applicable (for example, beneficial owners, representatives of Client, family members, employees, heirs and other related persons of Client).
• Data about trustworthiness and Customer due diligence data that enables GFI to perform its due diligence measures regarding with applicable law Anti Money Laundering and Counter Terrorism Financing and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the Client is a politically exposed person, as well as data on origin of assets or wealth such as data regarding the Client’s transaction partners and business activities.
• Information relating to your contractual obligations with the GFI: Information about the services we provide to you, interests, information about the fulfilment or non-fulfilment of contractual obligations, submitted requests, claims, complaints.
• Information relating to your participation in contests or promotions offered by us or our partners, respond to our surveys or otherwise communicate with us, such as your letters, emails, telephone conversations (with or without audio recording) when you contact with the GFI as well as information about the devices and technologies used by you for communication.
• Information obtained online: cookies and data relating to the visitors of our website, mobile application: your location, your device, IP address and browser used, website from which you came to our website, views of our online ads.
• Your special category personal data: Legal enactments provide for the special category Personal Data types which we will process if allowed by the legal enactments. This is the special category Personal Data disclosing:
— racial or ethnic origin;
— religious or philosophic beliefs;
— political opinions;
— genetic, biometric data;
— health state data;
— data relating to criminal convictions and offences
• Information obtained about you from different public registers: Information we obtain from publicly available registers in the context of the provision of services and Client research.
• Other information: Pictures of your identification documents, selfie, and other personal data the collection of which might be necessary to render services or in accordance with the requirements of the applicable laws and regulations.
5. PURPOSES AND GROUNDS TO PROCESS YOUR PERSONAL DATA
5.1. We do not sell, exchange or give to any other person your information, whether public or private, for any reason whatsoever, without your consent, other than for the express purpose of providing our services to you.
5.2. We collect, process, and use Personal Data for the following purposes:
5.2.1. at the request of the Client prior to entering into an agreement, as well as to conclude, execute, maintain and terminate an agreement with the Client ;
5.2.2. to execute national and international transactions via financial institutions, settlement and payment systems;
5.2.3. to manage relations with the Clients, as well to authorize, provide, control and administer access to the services;
5.2.4. to implement the legitimate interests of the GFI or a third party; and Namely:
a) to provide the services to you, including without limitation to process your transactions;
b) to improve, personalize and facilitate your use of our services. For example, when you sign up for a Payment Account, we may associate certain information with your new account, such as information about prior transactions you made using our services;
c) to verify your identification and research in the framework of AML/CTF, including your research as a potential client or client, including identification of the origin of funds, screening against, sanction lists, publicly available registers in accordance with the procedure established by legal enactments, identification of the beneficial owner and PEP, to provide information to the supervisory authorities and investigative authorities in the cases provided by legal enactments, to verify information relating to you against credible publicly available information sources;
d) to process the requests and complaints received from you;
e) to ensure management of the GFI’s risks;
f) to measure, customize, and enhance our services, including the design, content, and functionality of the Mobile App and Website, or to track and analyze trends and usage in connection with our services;
g) to analyze use of our services;
h) within the framework of fraud prevention related to the use of services or prevention of the abuse of our services, to check information relating to you in publicly available registers and publicly available credible information sources;
i) to improve our Client service;
j) to send periodic emails, news and information, or to conduct surveys and collect feedback, about our services and to communicate with you about products, services, contests, promotions, discounts, incentives, and rewards offered by us and select partners, based on your communication preferences and applicable law, and the email address you provided for such communications;
k) to administer our internal information processing and other IT systems;
l) to operate our website and services, including to ensure their security;
m) to maintain back-ups of our databases and to keep the records in accordance with our internal policies and procedures and the applicable law;
n) to communicate with you, including without limitation to deliver the information and support you request, including technical notices, security alerts, and support and administrative messages, to resolve disputes, collect fees, and provide assistance for problems with our services or your Payment Account.
o) to establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights, your legal rights and the legal rights of others;
p) to comply with our obligations either required by law or by written agreements with third parties; q) displaying transactions history;
r) developing new products and services; and
s) in order to: (i)protect our rights or property, or the security or integrity of our services; (ii)enforce the terms of our Terms and Conditions or other applicable agreements or policies; (iv)investigate, detect, and prevent fraud, security breaches, and other potentially prohibited or illegal activities; (v)comply with any applicable law, regulation, or legal process.
6 DISCLOSURE AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES
6.1. Any third party that receives or has access to Personal Data is required to protect such Personal Data and use it only to carry out the services they are performing for you or for GFI, unless otherwise required or permitted by applicable law. We shall ensure any such third party is aware of our obligations under this Policy and we enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Data disclosed to them than the obligations we undertake to you under this Policy and Regulations or which are imposed on us under applicable data protection laws.
6.2 We transfer your Personal Data to:
a) our Service Providers and EU Representative as reasonably necessary for providing our services to you including, the ensure your payments and identification;
b) our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds;
c) other credit institutions, financial institutions, payment card companies, financial services intermediaries;
d) participants of the European and international payment systems and their related parties, such as
SEPA, SWIFT or Faster Payments;
e) governmental bodies and regulatory authorities, judicial bodies, investigation bodies, sworn bailiffs, sworn notaries based on written requests or the duties binding upon the GFI stipulated by the legal enactments;
f) our associates, audit firms, legal service providers, translator, agents, attorneys or other representatives for compliance with legal obligations to which we are subject or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
g) our group companies, including our affiliates, for rendering our services, compliance with applicable laws and improving the quality of our services;
h) our Service Providers that run advertising campaigns, contests, special offers, or other events or activities in connection with our services;
6.3. Within the framework of processing your Personal Data, access to your Personal Data will be granted only to the authorized staff of the GFI and our counterparties who need it to perform their work duties and who process your Personal Data only in accordance with the Personal Data processing purposes and grounds specified in this Policy in compliance with the technical and organizational requirements for the processing of Personal Data specified in the Regulations.
7. INTERNATIONAL TRANSFER OF PERSONAL DATA
7.1. To provide our Services we partner with and use Service Providers that are based both in the UK and outside the UK. We will only partner with Service Providers that meet the ICO and Regulations requirements and where a contractual agreement is in place to protect your Personal Data and rights. In all cases, we will only share the Personal Data that is absolutely necessary to provide our Services, fulfil our obligations to you, and to fulfil any legal or regulatory requirements.
7.2. We will transfer Personal Data to Service Provider solely for the purposes of providing our services to you and only on as need to know basis. Each transfer will be protected by appropriate safeguards of the relevant legally binding obligations of the recipient to protect and handle your Personal Data in accordance with this Policy and Regulations.
7.3. Company use secure servers within UK, EU/EEA, having adequate data protection legal frame and appropriate safeguarding methodsWe will do our best to protect your Personal Data, but we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk only. It is your responsibility to keep your login and passwords credentials, and other authentication means confidential and not to share them with anybody.
8. THIRD-PARTY ADVERTISING AND ANALYTICS
8.2. The third-party service providers that we engage are bound by confidentiality obligations and applicable laws with respect to their use and collection of your information.
8.3 This Policy does not apply to and we are not responsible for, third-parties’ cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.
9. YOUR RIGHTS SUBJECT TO YOUR PERSONAL DATA PROCESSING
9.1. The Company shall ensure the following rights of Data Subject:
• Right to Access
You have the right to get from us:
information relating to your Personal Data that we process;
confirmation or rejection of whether we process your Personal Data or not;
additional information relating to the processing of your Personal Data in order to verify the accuracy of your Personal Data and whether we process your Personal Data in accordance with the requirements of the legal enactments.
9.2. Right to Rectification You have the right to
rectify any inaccurate Personal Data about you; and complete any incomplete Personal Data.
In the event of any change in your Personal Data as well as if you have identified that we are processing inaccurate or incomplete Personal Data, please inform us of the need for rectifications. In this case, the GFI is entitled to request you to submit documents supporting rectifications.
9.3. Right to Erasure
You have the right to demand erasure of Personal Data with us if:
the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
you withdraw consent to consent-based processing;
you object to the processing of your Personal Data under the applicable law;
the processing of Personal Data is done for direct marketing purposes only;
your Personal Data have been unlawfully processed; and
erasure of Personal Data is specified in the data storage periods determined for us in the legal enactments.
We will ensure that your Personal Data available to us is erased, including erased by our Service Providers, if Personal Data is no longer necessary for the purposes for which we were processing it. We will not be able to ensure that your Personal Data is erased if we need to ensure such processing in the cases stipulated by law providing for the information or document storage periods which, for instance, are set out in the applicable anti money laundering and terrorism financing law. Likewise, the GFI is entitled to refuse to erase your Personal Data if it requires disproportionate effort.
9.4. Right to Restrict Processing
You have the right to restrict processing of Personal Data if:
you contest the accuracy of the Personal Data;
processing is unlawful, but you oppose erasure;
we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise or defense of legal claims; and
you have objected to processing, pending the verification of that objection, in which case we may continue to store your Personal Data, but we will only otherwise process it: (i)with your consent; (ii)for the establishment, exercise or defense of legal claims; (iii)for the protection of the rights of another natural or legal person; or (iv)for reasons of important public interest.
9.5. Right to Object to Processing
You have the right to object to our processing of your Personal Data by any reason to the extent that the legal basis for the processing is the performance of a task carried out in the public interest or in the exercise of any official authority vested in us or the purposes of the legitimate interests pursued by us or by a third party. Please note, that we will cease processing your Personal Data if such processing was done for direct marketing purposes. Otherwise, we may disregard your objection if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
9.6. Right to transmit Personal Data to the extent that:
the legal basis for our processing of your Information is your consent, a necessity to perform a contract to which you are party, or to satisfy your request prior to entering into a contract; and
such processing is carried out by automated means.
Please be advised, that information subject to your Personal Data portability may also contain third parties’ Personal Data; therefore, we will assess the impact of such Personal Data transfer in relation to the rights and freedoms of third parties.
9.7. Right to Complain
If you believe that in the processing of your Personal Data we have violated your right to privacy, in order to protect your statutory interests, you have a legal right to file a complaint with the GFI , ICO or bring legal action in accordance with law.
We would prefer that complaints are emailed to firstname.lastname@example.org or at the following address: Office 679 2 Kingdom Street, London, England, W2 6JP. If we fail to resolve your complaint to your satisfaction, you may pursue your complaint via the ICO. Details of how to do so can be found at https://ico.org.uk/make-a-complaint.
9.8. Right to Withdraw Consent
You may withdraw your consent to us processing your Personal Data at any time, however such withdrawal will not affect the lawfulness of processing of your Personal Data before it.
10. SECURITY MEASURES AND TECHNICAL SOLUTIONS
10.1. We take reasonable measures, including administrative, technical and organizational, to ensuring physical and environmental security of Personal Data, encrypting Personal Data, providing computer network protection, personal device protection, data backup and other protection measures thus also protecting your Personal Data from loss, theft, misuse, and unauthorized access, disclosure, alteration
10.2. Within the framework of processing of your Personal Data, access to your Personal Data is restricted to our authorized staff and authorized staff of our Service Providers who need it for the performance of their work duties and who process your Personal Data in compliance with the technical and organizational requirements for the processing of Personal Data specified in the legal enactments. The Service Providers to whom we have entrusted the processing of your Personal Data have, prior to the commencement of cooperation, been thoroughly assessed and informed about the set of measures that they must take to ensure the processing, confidentiality and protection of your Personal Data in accordance with this Policy and Regulations.
10.3. In the event that Personal Data in our possession or under our control is compromised as a result of a security breach (such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of Personal Data) we shall promptly take appropriate and reasonable steps to mitigate the effects of such a security breach, to the extent such efforts are within GFI reasonable control.
11. TIMELINE TO KEEP THE PERSONAL DATA
11.1. GFI keeps Personal Data for no longer than it is necessary in accordance to our obligations and legislation setting out the timeframes for the retention of information. As a general rule, we hold your Personal Data for a period of 5, in other cases 7 years from the end of the business relationship or last. The information which concerns transactions is retained for a period of 10 years while we are in a business relationship.
11.2. There are a couple of exceptions which may be applicable to these general time-periods:
Our legal obligations establish that me must hold your Personal Data for a longer period, or delete it sooner.
You exercise your right to have your Personal Data erased from our systems prior to the expiry of the period of retention.
We have a legitimate reason to keep it (for example, helping us to respond to queries or complaints, to show that we have given you fair treatment, in the fight against financial crime).
12. IN CASE OF QUESTIONS
12.1. Should you have questions or concerns relating to the processing of your Personal Data and this Policy, please contact us either by emailing to to our designated Data Protection Officer at email@example.com or at the Company’s registered address: Office 679 2 Kingdom Street, London, England, W2 6JP
12.2. We will provide to You all required information relating to the processing of your Personal Data, including answers to unclear issues will be given to you.