Our Trust Policies

description

Data Privacy Policy

Introduction 

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

Who we are

CurrencyFair takes the protection of personal data very seriously. In order to operate as a business and provide our services to you and  industry, we collect, use and are responsible for some personal information about you. We do this in our capacity as a data processor under the General Data Protection Regulation (GDPR), which applies across the European Union (and in the United Kingdom through the Data Protection Act 2018). 

We are committed to protecting your privacy and to ensuring that your personal information is used properly, lawfully and transparently.

This notice explains when and why we collect personal information about the people who work for our customers and for gas consumers. It explains how we use that information, the conditions under which we may disclose personal information to others and how we keep the personal information we collect and process secure. 

This notice applies to CurrencyFair Limited (“CurrencyFair”, “we”, “our”, or “us”). We are registered in England and Wales under company number 5046877 and have our registered office at Colm House, 91 Pembroke Road, Ballsbridge, Dublin 4, Ireland.

As we are based in Ireland, we process data according to the Data Protection Act 2018. We also process data within the European Union and therefore GDPR applies to our processing. 

To keep things simple for you, we maintain separate privacy notices for job applicants; and for people who work or who have worked for us. Please contact the Data Protection Officer for any queries by email on compliance@currencyfair.com.

The personal information we collect and use

In the course of the services that we provide to you, we collect your personal information. The personal information that you provide and how we use it may differ depending on the service that we provide to you. 

To understand what we collect and how we use the personal information, we have separated our processing based on different types of activities. See sections below for more information. 

  • CurrencyFair to Customer Relationship Management 
  • Potential new suppliers
  • CurrencyFair Website Users 
  • Miscellaneous 

Who we share your personal information with

We set out above who shares your information with CurrencyFair and who we share your information with. However, we may also share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party.

How long do we keep your information for? 

We will keep your personal information only as long as is necessary to conclude the purpose for which it was collected, or to meet legislative requirements. Personal information will be securely destroyed or put beyond use when it is no longer required, in accordance with our data retention and information management policy.

Transfer of your information out of the EEA

As set out above, we may transfer your personal information outside the European Economic Area (EEA) to what are described as “third countries”. 

These third countries do not have the same data protection laws as Ireland and the EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to suitable safeguards. We often rely on Standard Contractual clauses, as approved by the EU, unless otherwise stated. These clauses are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. 

We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Your rights

Legally, you have a number of important personal data rights, free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations (data portability)
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the Data Protection Commissioner (DPC) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email our Data Protection Officer at compliance@currencyfair.com and let us have enough information to identify you, for example let us know your name and the customer you work for.
  • let us have proof of your identity and address (the level of proof required will be dependent on your request type, but examples include a copy of a recent utility bill or a scan of your driver’s licence), and
  • Let us have some information about your request, such as what it is you want to access or which data you object to us processing. 

Keeping your personal information secure

We are committed to taking all reasonable measures to ensure the confidentiality and security of personal information for which we are responsible, whether computerised or on paper. 

We have put controls in place to prevent unauthorised access to, modification or destruction of your personal information. 

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to contact us or the DPC

We hope that we can resolve any query or concern you raise about our use of your information.

To exercise all relevant rights, queries or complaints, you have the right to reach out to the Data Protection Officer by emailing compliance@currencyfair.com

If we or our Data Protection Officer do not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Data Protection Commissioner (DPC), or to seek a judicial remedy in the courts of Ireland. The DPC can investigate your claim and take action against anyone who has misused personal data. Further details are available on their website https://www.dataprotection.ie/en/individuals or via the DPC helpline:01 7650100 / 1800437 737.

Changes to this privacy notice

This privacy notice was published on September 2023 and last updated on September 2023.

We may change this privacy notice from time to time, so please check this page regularly.