Effective Date: September 19, 2023
Version number: 1.1
Personal data means any information about an identified or identifiable individual. It does not include anonymous data, which cannot be linked back to an individual.
1. About us
The Taptap Send group is made up of different companies (set out below, together referred to as “Taptap Send”). Taptap Send offers international remittance services (and other services depending on your location) via its App (the “Services”).
The Taptap Send company providing the Services to you will be responsible for processing your personal data for that Service. We’ll let you know which company you have a relationship with when you first apply for or use a Service. It differs depending on where you live:
“Taptap Send”, “we”, “our” or “us” means the responsible Taptap Send entity. They are known as the ‘controller’ of your personal data. “You” means any visitor to our website or App or user of our Services.
2. How to contact us about your privacy and data protection
You can contact us about your privacy, to exercise your data rights and for information about how we use, process, store and protect your personal data by emailing us at email@example.com.
3. Types of personal data we collect and how we get it
Most of the personal data we process is provided to us directly by you. This sets out the information we collect and process, and where we get it from. The collection and use of data is crucial to providing our Services and keeping the Services safe. Data helps us increase the safety of your online payments, while reducing the risk of fraud, money laundering and other harmful activity.
Due to the Services we offer, we may process personal data of individuals other than App users, such as the recipients of payments or other individuals making enquiries or complaints.
4. Age requirement
Our Services are not designed for those under the age of 18. If we become aware of anyone using our Services who may be under 18, we will take all reasonable steps to ensure we do not process their data any further and will tell them this.
5. Sensitive personal data
In limited circumstances, we will also collect, process and store sensitive personal data to enable us to comply with our legal and regulatory obligations (e.g. biometric data to carry out anti-money laundering checks). Your jurisdiction may have rules that classify other information as sensitive. All sensitive information is subject to appropriate levels of protection.
6. Our legal basis for using your personal data
We must have a valid legal reason for using your personal data. The legal reasons we rely on are:
● Contractual obligations: We need personal data to provide our Services and cannot provide them without it. We use personal data to enter into agreements with you and meet our contractual obligations. Where we process personal data that is special category data (i.e., biometric data or data which may reveal political opinions), we process it on the additional legal basis that such processing is necessary for substantial public interest reasons (e.g., to prevent or detect unlawful acts).
● Legal obligations: In some cases, we have a legal responsibility to collect and store your personal data (for example, for tax purposes or under anti-money laundering laws we must hold certain information about our customers).
● Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
● Consent: Where you have given us your consent to process your personal data.
You explicitly consent to us accessing, processing and retaining personal data for provision of payment services and electronic money services.
7. How we use your personal data
We use your personal data for a variety of reasons that we set out below.
We use your data to provide our Services:
● To fulfil agreements with you and to otherwise administer our relationship with you.
● To process payments and prove transactions have been executed.
● To process information about your contacts to make it easy for you to find and connect them and improve payment accuracy.
● To administer profiles of users on our databases.
● To provide you with customer support (we may record and monitor any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our Services for quality and training purposes).
● To provide, maintain, personalise, optimise, and improve the Services, including research and analytics regarding use of the Services, or to remember you when you leave and return to the Services.
We use your data to keep our Services up and running:
● To monitor website and App usage, including to determine enhancements and technical improvements.
● For customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research and statistical purposes.
We use your data to meet our legal obligations and enforce our rights:
● To confirm your identity and verify your personal and contact details.
● To comply with applicable laws, including anti-money laundering, counter terrorist financing and sanctions laws, including to verify your identity.
● To establish, exercise or defend a legal claim.
● To action any data subject right requests.
● To meet our legal and regulatory obligations.
We use your data to protect you and other users against fraud:
● To detect, investigate and prevent activities which may be fraudulent or illegal, or which may misuse or Services or break our policies.
● To comply with financial crime laws and to confirm that you’re eligible to use our Services. We also use it to help us manage fraud risks related to your account.
We use your data to communicate with you:
● To communicate with you in relation to our Services, including to notify you of changes, seek your views or comments on our Services and to handle any enquiry or complaint you may have made.
We use your data for marketing and providing Services that might interest you:
● To improve our Services and for general business development, for example to develop new products and features and explore new business opportunities.
● For marketing, product and customer analysis, including testing, for example to improve our product range and optimise our customer offerings.
● To be able to administer your participation in competitions, offerings, and events.
● To provide you with information, news, and marketing about our Services, including where we partner with others to offer similar services.
8. Who we share your personal data with
Due to the nature of our business, there may be times we share your data with the following third parties. (We do not sell your personal data.)
● Taptap Send group companies: We share data with members of the Taptap Send group to provide our Services.
● Taptap Send recipients: We also share your personal data with the person who provides your payment method and recipients (through service providers) that you transfer money to. Where you make a transfer, the recipient may receive your details with your payment (for example, your name and IBAN).
● Taptap Send service providers: We will share your personal data with various suppliers who provide us with services that we need in order to provide our Services to you, for example:
○ Suppliers who provide us with IT, payment and delivery services;
○ Suppliers who help us meet our legal and regulatory obligations, such as identity verification service providers and background check providers (these providers may use your data to conduct checks with credit reference agencies, financial or credit institutions, official registers and databases, as well as fraud prevention agencies to verify your identity);
○ Our banking and financial services partners and payments networks;
○ Analytics providers and search information providers;
○ Customer-service providers, survey providers and developers (including chatbot services); and
○ Communications service providers.
● For legal reasons: There may also be instances where we may need to share data with a competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
● To advertisers and advertising networks, analytics and search engine providers: We provide limited information about your in-App activity (not personal data) with these providers solely to select and serve relevant adverts to you and others.
9. International data transfers
As our Services are international, we may need to transfer your personal data outside the country you are located in to help us provide our Services.
Personal data that we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates, subcontractors, vendors or partner payment processors maintain facilities. The laws in the U.S. and other countries regarding personal information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. It may also be processed by staff operating outside the country you are located in, who work for us or for one of our payment processors. Such staff may be engaged in, among other things, the fulfilment of your payment order, the processing of your payment details and the provision of customer support. By submitting your personal data, you agree to this transfer, storing or processing.
If we transfer your personal data to another country that doesn’t offer a standard of data protection equivalent to where you are located, we will make sure that your personal data is sufficiently protected. For example, we’ll make sure that a contract with strict data protection safeguards is in place before we transfer your personal data.
10. Marketing communications
We may use the contact details you provide to send you marketing communications by email, telephone, SMS, whatsapp, push notification, social media or other communication formats about our Services. This may include news, promotional officers, opportunities to enter competitions and win prizes and updates regarding our company and Services (including new services and products).
You have the right to ask us not to process your personal information for marketing purposes. You can exercise this right simply at any time telling us or following the instructions in the communication e.g. unsubscribing from emails and SMS. We respect your choice and will stop sending you such communications as soon as reasonably practicable and within one month of receiving your request to unsubscribe. You are free to change your marketing choices at any time. We may contact you to reaffirm your consent to marketing.
Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request.
If you opt-out, we may still send you important service and administrative messages, from which you cannot opt-out.
11. Website links
● Remember your information so you do not have to re-enter it
● Track and understand how you use and interact with our online Services and emails
● Tailor our online Services to your preferences
● Measure how useful and effective our Services and communications are to you
● Otherwise manage and enhance our Services
13. Automated decision-making
We use automated processes to check that your application to access the Services and your use of the Services meet our required standard, including verifying your identity, and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to login to your account, or to close your account. If this happens, you will be notified and offered the opportunity to provide further information and challenge the decision through an appeal mechanism, which includes a manual review. In any case, if you feel that an automated process may have impacted you, please contact us at firstname.lastname@example.org.
14. Data retention
We will generally keep your personal data for ten years after our business relationship with you ends, or for as long as necessary in line with various local requirements, such as for example, best practice recommendations (e.g. supervisory authority recommendations), relevant guidelines (e.g. employment guidance) or for as long as mandated under specific legislation (e.g. tax laws).
We will also determine appropriate retention periods based on our legitimate interests where identified. As a regulated financial institution, we are required by law to store some of your data beyond the termination of your relationship with us. After such time, your data will only be accessed or processed if absolutely necessary. We will always delete data that is no longer required by relevant legislation.
When personal data needs to be deleted, we will either delete manually or automatically, or anonymise it if deletion is not possible.
15. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use reasonable physical and technical safeguards to protect your personal information, both during transmission and storage. No method of transmission over the internet, including by email, or method of electronic storage is 100% secure. So, we cannot guarantee its absolute security.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Transport Layer Security technology. You are responsible for keeping confidential any passwords we give you. We ask you not to share this password with anyone else and not to use this password for other services or products.
In addition, we limit access to your personal data to those who need it to do their jobs (i.e. employees, agents, contractors and other third parties who have a business need to know). Where this is a third party, they will only process your personal data on our instructions and they are subject to a duty of confidentiality.
16. Data protection rights
Data protection laws enable several rights in relation to how an organisation processes your personal data.
If you would like to exercise any of the below rights you can do so by sending us a written request to email@example.com. For security reasons, we can't deal with your request if we’re not sure of your identity, so we may ask you for proof of ID.
Your ability to exercise these rights will depend on a number of factors. Sometimes, we won’t be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you). If you object to us using personal data which we need in order to provide our Services, we may need to close your account as we won’t be able to provide the Services.
When you exercise one of your rights it may take us up to one month to respond or implement your changes.
United Kingdom and the European Union
● Right to access data - You have the right to receive a copy of the Personal Data we hold about you (this is sometimes referred to as a “Subject Access Request”).
● Right to rectification - You have the right to have any incomplete or inaccurate information we hold about you corrected. You can also make updates yourself in the App.
● Right to erasure - You have the right to ask us to delete your personal data if it is no longer necessary for the purpose for which it was collected or needed by us to meet our legal obligations or for a legitimate interest.
● Right to restrict processing - You can tell us to stop using your personal data, including for marketing.
● Right to objection - You have the right to object to us processing your personal data. If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object. However, we will assess whether our interests are overridden by your fundamental rights and freedoms.
● Right to portability - You can ask us to transfer personal data to you or another company.
● Right to access data - You have the right to be informed of the existence and use of your personal data and to receive a copy of the personal data we hold about you.
● Right to rectification - You have the right to have any incomplete or inaccurate information we hold about you corrected You can also make updates yourself in the App.
● Right to objection - You have the right to object to us processing your personal data where our legal basis for processing is consent.
United Arab Emirates
● Right of access - Upon request, we will provide you with information about whether we hold any of your personal data. We will also provide, free of charge, access to one copy of your personal data that we may hold.
● Right of rectification - You may request to review, delete or update your personal data to ensure it is accurate. You can also make updates yourself in the App.
● Right to erasure - You have the right to ask us to delete your personal data if it is no longer necessary for the purpose for which it was collected or needed by us to meet our legal obligations or for a legitimate interest. We will inform you which of your personal data may be erased without violating our legal obligations.
● Right to restrict or object to our processing. - You have the right to ask us not to process your personal data if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling) or using your data for direct marketing (including profiling). You also have the right to ask us not to process your personal data while a rectification request is pending.
● Right to data portability. You have the right to request a copy of your personal data , including your transaction history. Your transaction history is downloadable in machine-readable format from the App.
You have the right to request that we rectify or delete personal data collected and maintained about you. However, there are some circumstances where your request to rectify or delete your personal data may be denied if it is necessary for us to retain your information (for example, for legal or regulatory reasons).
US State privacy rights
In this section “Personal Information” means data that can be categorised into data that directly identifies you individually.
● If you live in California, we comply with the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA).
● If you live in Colorado, we comply with the Colorado Privacy Act (CPA).
● If you live in Connecticut, we comply with the Senate Bill 6 for an Act Concerning Personal Data Privacy and Online Monitoring (CTDPA).
● If you are in Utah, we comply with Senate Bill 227 for the Consumer Privacy Act (UCPA).
● If you live in Virginia, we comply with the Consumer Data Protection Act (CDPA).
If you live in any of the above states, you have the following rights in relation to the processing of your Personal Information:
○ The categories of Personal Information (and sensitive Personal Information) to be collected and the purposes for which these are collected and used (including whether information is sold or shared);
○ How long we will keep your Personal Information (including sensitive Personal Information) for;
○ How and where you can exercise the rights you have under data protection legislation applicable to you i.e. through our email address firstname.lastname@example.org;
○ The categories of Personal Information we share with third parties, and the categories of those third parties;
● Right to access - You have the right to ask us to confirm whether or not we are processing your Personal Information and access it. In particular, you can ask us:
○ What categories of Personal Information and what specific pieces of Personal Information we have collected about you
○ The categories of sources from which the Personal Information is collected
○ The business or commercial purpose for collecting or sharing your Personal Information
○ The categories of third parties to whom we disclose your Personal Information
● Right to rectification - you have the right to correct inaccuracies in Personal Information we hold about you, taking into account the nature of the Personal Information and the purposes of processing it.
● Right to erasure - You have the right to request deletion of Personal Information we hold about you.
● Right to data portability. You have the right to request a copy of your Personal Information, including your transaction history. Your transaction history is downloadable in useable, machine-readable format from the App that allows you, as far as possible, to transfer the Personal Information without impediment.
● Right to opt-out - You the right to opt out of the processing of your Personal Information for purposes of:
○ Targeted advertising; or
○ The sale of Personal Information(excepted as permitted or required by law).
● "Do Not Sell My Personal Information” - You have the right to opt out of “sales” of Personal Information. We do not “sell” Personal Information. We do not have actual knowledge of any “sale” of Personal Information of any individual under the age of sixteen (16).
● Right to not be subject to automated decision-making - You have the right to opt out of us processing your Personal Information for the purposes of profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.
● Additional rights in Virginia - You have the right to appeal any refusal by us to take an action following your request to exercise your rights.
● Additional rights in California - You have the right to request us to limit our use of the sensitive Personal Information to what is necessary to perform the services as reasonably expected. You also have the right to not be discriminated against because of the exercise of any of the above rights.
17. Concerns and complaints
19. What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.