Introduction

• [Company Name] ("we," "our," "us") is committed to protecting your personal data and respecting your privacy.
• This Privacy Policy explains how we collect, use, store, and share your information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data Use and Access Act 2025, the Money Laundering Regulations 2017, and the Financial Conduct Authority (FCA) requirements.
• We act as a Data Controller for the personal data we process. If you have any questions, please contact our Data Protection Officer (DPO) at:
• Email: [Insert DPO Email]
• Address: [Insert Business Address]

What Data We Collect

• Identification Data: Full name, date of birth, nationality, passport or ID details.
• Contact Data: Address, phone number, email address.
• Financial Data: Bank account details, payment information, transaction history.
• Compliance Data: Source of funds, proof of address, AML/KYC documentation.
• Technical Data: IP address, device information, website usage data.

Lawful Basis for Processing

• Legal Obligation: To comply with AML/KYC requirements under HMRC and FCA regulations.
• Contractual Necessity: To provide money transfer and related services you request.
• Legitimate Interests: To prevent fraud, ensure network security, and improve services.
• Consent: For optional marketing communications (you can withdraw consent anytime).

How We Use Your Data

• Verify your identity and comply with AML/KYC obligations.
• Process transactions and provide requested services.
• Monitor and report suspicious activities to HMRC or law enforcement.
• Maintain accurate records for regulatory audits.
• Communicate service updates and respond to inquiries.

Data Sharing

• Regulatory Authorities: HMRC, FCA, law enforcement agencies.
• Payment Partners: Banks, payment processors, and correspondent MSBs.
• Service Providers: IT, compliance, and audit firms under strict confidentiality agreements.
• We do not sell your personal data to third parties.

International Transfers

• If we transfer your data outside the UK, we ensure appropriate safeguards such as:
• UK-approved Standard Contractual Clauses (SCCs).
• Transfers to jurisdictions with adequacy decisions.

Data Retention

• We retain your personal data for:
• 5 years after the end of the business relationship, as required by AML regulations.
• Longer if required by law or for ongoing investigations.

Your Rights

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Erase data (subject to legal obligations).
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time.
• To exercise these rights, contact: [Insert DPO Email].
• You may also complain to the Information Commissioner’s Office (ICO): https://ico.org.uk

Security Measures

• We implement robust technical and organizational measures, including:
• Encryption of data in transit and at rest.
• Multi-factor authentication for system access.
• Regular audits and staff training on data protection.

Updates to This Policy

• We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be available on our website.