Taptap Send Global Privacy Policy

Version 2
Version 1
English · Français
Deutsch · Italiano
Español · Tiếng Việt
Português

Effective Date: October 4, 2023
Version number: 1.2

This Privacy Policy explains how we collect, store, use, share and process your personal data when you use our website, services or mobile application (the “App”). It also describes the rights you have over your personal data.

Personal data means any information about an identified or identifiable individual. It does not include anonymous data, which cannot be linked back to an individual.


1. About us
The Taptap Send group is made up of different companies (set out below, together referred to as “Taptap Send”). Taptap Send offers international remittance services (and other services depending on your location) via its App (the “Services”).

The Taptap Send company providing the Services to you will be responsible for processing your personal data for that Service. We’ll let you know which company you have a relationship with when you first apply for or use a Service. It differs depending on where you live:

Country / region Taptap Send entity Data protection authority
EU Data controller: Taptap Send Belgium S.A.
Address and company information here.
Phone +32 460 20 73 09
Belgian Data Protection Authority (www.dataprotectionauthority.be)
You can find the list of other EU data protection authorities and their contact details at (https://edpb.europa.eu/about-edpb/about-edpb/members_en)
UK Data controller: Taptap Send UK Limited
Address and company information here.
Phone: +44 808 168 7707
Information Commissioner’s Office (ICO) (www.ico.org.uk)
ICO registration number ZA282361.
US TapTap Send Payments Co.
Address and company information here.
Phone: +1 833 916 0670
Federal Trade Commission (FTC) (www.ftc.gov/)
Canada Taptap Send Payments Canada Inc.
Address and company information here.
Phone: +1 833 916 0670
Office of the Privacy Commission of Canada (OPC) (www.priv.gc.ca/en/)
UAE Data controller: Taptap Send (DIFC) Limited
Address and company information
here.
Phone: +971 800 03 212 18
Data Protection Commissioner in the DIFC (www.difc.ae)


“Taptap Send”, “we”, “our” or “us” means the responsible Taptap Send entity. They are known as the ‘controller’ of your personal data. “You” means any visitor to our website or App or user of our Services.

This is a global Privacy Policy, which means that it applies to Taptap Send customers and their personal data in all the regions and countries listed above. Throughout this policy we refer to data protection legislation, but the legislation that is applicable to you will depend on which Taptap Send entity provides Services to you. The data protection legislation applicable to the Taptap Send entities includes (but is not limited to) the UK General Data Protection Regulation, EU General Data Protection Regulation, Dubai DIFC Data Protection Law 2020, UK Privacy Electronic Communication Regulation 2011, EU e-Privacy legislation, and other applicable data protection laws.

If you live in the US, TapTap Send Payments Co. is responsible for the provision of financial services to U.S. users (e.g., payment-related information) as set forth in its Consumer Privacy Notice pursuant to the Gramm-Leach-Bliley Act. In the event of conflict between the Consumer Privacy Notice and this Privacy Policy, the Consumer Privacy Notice will apply.


2. How to contact us about your privacy and data protection
You can contact us about your privacy, to exercise your data rights and for information about how we use, process, store and protect your personal data by emailing us at privacy@taptapsend.com.

Your location Data Protection Officer (“DPO”)
UK, US, Canada or Europe

Our DPO is Evalian Limited, you can contact them at:
Email: dpo@evalian.co.uk
Website: www.evalian.co.uk
Address: West Lodge, Leylands Business Park
Colden Common, Hampshire
SO21 1TH, United Kingdom
UAE We have appointed a DPO to oversee compliance with this Privacy Policy. If you have any questions over how we protect or use your data, please email our DPO at privacy@taptapsend.com

3. Types of personal data we collect and how we get it
Most of the personal data we process is provided to us directly by you. This sets out the information we collect and process, and where we get it from. The collection and use of data is crucial to providing our Services and keeping the Services safe. Data helps us increase the safety of your online payments, while reducing the risk of fraud, money laundering and other harmful activity.

Information we collect when you:
- register for the App;
- use our Services;
- fill your details and transaction details;
- correspond with us;
- respond to any of our Services;
- take part in online discussions;
- speak with a member of our team or use a chat-bot;
- enter competitions; and/or
- contact us for other reasons.
- Name, address and date and place of birth
- E-mail address, phone number and details of the device you use (e.g. device ID).
- Income and occupation.
- Proof of address.
- Details and copies of your identification documents (for example passport or government ID) and your image to compare against these (either in photo or video form).
- Records of our discussions, if you contact us or we contact you (including records of phone calls and chat conversations).
- Your geographical location and IP address.
- Your device settings (e.g. language preference, time zone).
- Information relating to your transaction (e.g. the person you are sending money to, payment reason).
- Information relating to how you pay us (e.g. encrypted card information and bank details)
- Credit reports and other consumer report information.
Information we collect when you use our Services on our App or website. - Information on use of our products, including the date, time and amount of transfers, currencies and exchange rate used, beneficiary details, your IP address, messages sent or received, details of device used to make payment and the payment method used.
- Technical information, including your IP address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including the full URL clickstream to, through and from our Website or App (including date and time); page response times, download errors, length of visits to certain pages, page interaction information, methods used to browse away from the page.
- Optional information:
   - If you turn on location services on or in the App, we receive information about your location using GPS technology.
   - If you give us access, information stored on your device like contact information from your contacts list.
Information we collect from others. Information from your use of third-party applications, such as the Apple App Store or Google Play Store, social networking sites, such as name, your social network ID, location information, email, device ID, browser ID, and profile picture. Your use of third-party applications is subject to the privacy policy and terms of service for such applications.

Information from our service providers in destination countries, such as names associated with particular phone numbers.
Information we collect from social media. Occasionally, we’ll use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks (to comply with our anti-money laundering or sanctions screening obligations).
Information from other public sources. We have a legal obligation to verify your identity as part of our anti-money laundering checks. To do this we collect information and contact details from publicly available sources, such as online registers or directories.


Due to the Services we offer, we may process personal data of individuals other than App users, such as the recipients of payments or other individuals making enquiries or complaints.

4. Age requirement
Our Services are not designed for those under the age of 18. If we become aware of anyone using our Services who may be under 18, we will take all reasonable steps to ensure we do not process their data any further and will tell them this.


5. Sensitive personal data
In limited circumstances, we will also collect, process and store sensitive personal data to enable us to comply with our legal and regulatory obligations (e.g. biometric data to carry out anti-money laundering checks). Your jurisdiction may have rules that classify other information as sensitive. All sensitive information is subject to appropriate levels of protection.


6. Our legal basis for using your personal data
We must have a valid legal reason for using your personal data. The legal reasons we rely on are:

● Contractual obligations: We need personal data to provide our Services and cannot provide them without it. We use personal data to enter into agreements with you and meet our contractual obligations. Where we process personal data that is special category data (i.e., biometric data or data which may reveal political opinions), we process it on the additional legal basis that such processing is necessary for substantial public interest reasons (e.g., to prevent or detect unlawful acts).
Legal obligations: In some cases, we have a legal responsibility to collect and store your personal data (for example, for tax purposes or under anti-money laundering laws we must hold certain information about our customers).
Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
Consent: Where you have given us your consent to process your personal data.

You explicitly consent to us accessing, processing and retaining personal data for provision of payment services and electronic money services.

7. How we use your personal data
We use your personal data for a variety of reasons that we set out below.

We use your data to provide our Services:
● To fulfil agreements with you and to otherwise administer our relationship with you.
● To process payments and prove transactions have been executed.
● To process information about your contacts to make it easy for you to find and connect them and improve payment accuracy.
● To administer profiles of users on our databases.
● To provide you with customer support (we may record and monitor any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our Services for quality and training purposes).
● To provide, maintain, personalise, optimise, and improve the Services, including research and analytics regarding use of the Services, or to remember you when you leave and return to the Services.

We use your data to keep our Services up and running:
● To monitor website and App usage, including to determine enhancements and technical improvements.
● For customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research and statistical purposes.


We use your data to meet our legal obligations and enforce our rights:
● To confirm your identity and verify your personal and contact details.
● To comply with applicable laws, including anti-money laundering, counter terrorist financing and sanctions laws, including to verify your identity.
● To establish, exercise or defend a legal claim.
● To action any data subject right requests.
● To meet our legal and regulatory obligations.


We use your data to protect you and other users against fraud:
● To detect, investigate and prevent activities which may be fraudulent or illegal, or which may misuse or Services or break our policies.
● To comply with financial crime laws and to confirm that you’re eligible to use our Services. We also use it to help us manage fraud risks related to your account.


We use your data to communicate with you:
● To communicate with you in relation to our Services, including to notify you of changes, seek your views or comments on our Services and to handle any enquiry or complaint you may have made.

We use your data for marketing and providing Services that might interest you:
● To improve our Services and for general business development, for example to develop new products and features and explore new business opportunities.
● For marketing, product and customer analysis, including testing, for example to improve our product range and optimise our customer offerings.
● To be able to administer your participation in competitions, offerings, and events.
● To provide you with information, news, and marketing about our Services, including where we partner with others to offer similar services.


8. Who we share your personal data with
Due to the nature of our business, there may be times we share your data with the following third parties. (We do not sell your personal data.)

● Taptap Send group companies:
We share data with members of the Taptap Send group to provide our Services.


● Taptap Send recipients:
We also share your personal data with the person who provides your payment method and recipients (through service providers) that you transfer money to. Where you make a transfer, the recipient may receive your details with your payment (for example, your name and IBAN). 


● Taptap Send service providers:
We will share your personal data with various suppliers who provide us with services that we need in order to provide our Services to you, for example:
      ○ Suppliers who provide us with IT, payment and delivery services;
      ○ Suppliers who help us meet our legal and regulatory obligations, such as identity verification service providers and background check providers (these providers may use your data to conduct checks with credit reference agencies, financial or credit institutions, official registers and databases, as well as fraud prevention agencies to verify your identity);
      ○ Our banking and financial services partners and payments networks;
      ○ Analytics providers and search information providers;
      ○ Customer-service providers, survey providers and developers (including chatbot services); and
      ○ Communications service providers.


● Third parties authorised by you: We share data with parties directly authorised by you. The use of data by an authorised third party is subject to the third party’s privacy policy and any agreements you have with them. 


● For legal reasons:
There may also be instances where we may need to share data with a competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.


● To advertisers and advertising networks, analytics and search engine providers:
We provide limited information about your in-App activity (not personal data) with these providers solely to select and serve relevant adverts to you and others.



9. International data transfers
As our Services are international, we may need to transfer your personal data outside the country you are located in to help us provide our Services.

Personal data that we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates, subcontractors, vendors or partner payment processors maintain facilities. The laws in the U.S. and other countries regarding personal information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. It may also be processed by staff operating outside the country you are located in, who work for us or for one of our payment processors. Such staff may be engaged in, among other things, the fulfilment of your payment order, the processing of your payment details and the provision of customer support. By submitting your personal data, you agree to this transfer, storing or processing.

If we transfer your personal data to another country that doesn’t offer a standard of data protection equivalent to where you are located, we will make sure that your personal data is sufficiently protected. For example, we’ll make sure that a contract with strict data protection safeguards is in place before we transfer your personal data.

10. Marketing communications
We may use the contact details you provide to send you marketing communications by email, telephone, SMS, whatsapp, push notification, social media or other communication formats about our Services. This may include news, promotional officers, opportunities to enter competitions and win prizes and updates regarding our company and Services (including new services and products).

You have the right to ask us not to process your personal information for marketing purposes. You can exercise this right simply at any time telling us or following the instructions in the communication e.g. unsubscribing from emails and SMS. We respect your choice and will stop sending you such communications as soon as reasonably practicable and within one month of receiving your request to unsubscribe. You are free to change your marketing choices at any time. We may contact you to reaffirm your consent to marketing.

Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request.

If you opt-out, we may still send you important service and administrative messages, from which you cannot opt-out.


11. Website links
This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them. Please refer to a website’s privacy policy when using it.

12. Cookies
We use cookies and other tracking technologies on our website, App and in emails we send you. Cookies help us to do the following:

● Remember your information so you do not have to re-enter it
● Track and understand how you use and interact with our online Services and emails
● Tailor our online Services to your preferences
● Measure how useful and effective our Services and communications are to you
● Otherwise manage and enhance our Services

By continuing to use our website/App, you are agreeing to our use of cookies.

13. Automated decision-making
We use automated processes to check that your application to access the Services and your use of the Services meet our required standard, including verifying your identity, and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to login to your account, or to close your account. If this happens, you will be notified and offered the opportunity to provide further information and challenge the decision through an appeal mechanism, which includes a manual review. In any case, if you feel that an automated process may have impacted you, please contact us at privacy@taptapsend.com.


14. Data retention
We will generally keep your personal data for ten years after our business relationship with you ends, or for as long as necessary in line with various local requirements, such as for example, best practice recommendations (e.g. supervisory authority recommendations), relevant guidelines (e.g. employment guidance) or for as long as mandated under specific legislation (e.g. tax laws).

We will also determine appropriate retention periods based on our legitimate interests where identified. As a regulated financial institution, we are required by law to store some of your data beyond the termination of your relationship with us. After such time, your data will only be accessed or processed if absolutely necessary. We will always delete data that is no longer required by relevant legislation.

When personal data needs to be deleted, we will either delete manually or automatically, or anonymise it if deletion is not possible.

15. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use reasonable physical and technical safeguards to protect your personal information, both during transmission and storage. No method of transmission over the internet, including by email, or method of electronic storage is 100% secure. So, we cannot guarantee its absolute security.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Transport Layer Security technology. You are responsible for keeping confidential any passwords we give you. We ask you not to share this password with anyone else and not to use this password for other services or products.

In addition, we limit access to your personal data to those who need it to do their jobs (i.e. employees, agents, contractors and other third parties who have a business need to know). Where this is a third party, they will only process your personal data on our instructions and they are subject to a duty of confidentiality.


16. Data protection rights
Data protection laws enable several rights in relation to how an organisation processes your personal data.

If you would like to exercise any of the below rights you can do so by sending us a written request to privacy@taptapsend.com. For security reasons, we can't deal with your request if we’re not sure of your identity, so we may ask you for proof of ID.

Your ability to exercise these rights will depend on a number of factors. Sometimes, we won’t be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you). If you object to us using personal data which we need in order to provide our Services, we may need to close your account as we won’t be able to provide the Services.

When you exercise one of your rights it may take us up to one month to respond or implement your changes.


United Kingdom and the European Union
● Right to be informed -
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our Privacy Policy to explain this.


● Right to access data -
You have the right to receive a copy of the Personal Data we hold about you (this is sometimes referred to as a “Subject Access Request”).


● Right to rectification -
You have the right to have any incomplete or inaccurate information we hold about you corrected. You can also make updates yourself in the App.


● Right to erasure -
You have the right to ask us to delete your personal data if it is no longer necessary for the purpose for which it was collected or needed by us to meet our legal obligations or for a legitimate interest.


● Right to restrict processing -
You can tell us to stop using your personal data, including for marketing. 


● Right to objection -
You have the right to object to us processing your personal data. If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object. However, we will assess whether our interests are overridden by your fundamental rights and freedoms. 


● Right to portability -
You can ask us to transfer personal data to you or another company.

Canada
● Right to be informed -
You have the right to know what personal data we collect about you, how we use it, for what purpose when you give us consent to process your personal data. We use the Privacy Policy to explain this.


● Right to access data -
You have the right to be informed of the existence and use of your personal data and to receive a copy of the personal data we hold about you.


● Right to rectification -
You have the right to have any incomplete or inaccurate information we hold about you corrected You can also make updates yourself in the App.


● Right to objection -
You have the right to object to us processing your personal data where our legal basis for processing is consent.    


United Arab Emirates
● Right of access -
Upon request, we will provide you with information about whether we hold any of your personal data. We will also provide, free of charge, access to one copy of your personal data that we may hold.


● Right of rectification -
You may request to review, delete or update your personal data to ensure it is accurate. You can also make updates yourself in the App.


● Right to erasure -
You have the right to ask us to delete your personal data if it is no longer necessary for the purpose for which it was collected or needed by us to meet our legal obligations or for a legitimate interest. We will inform you which of your personal data may be erased without violating our legal obligations.


● Right to restrict or object to our processing. -
You have the right to ask us not to process your personal data if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling) or using your data for direct marketing (including profiling). You also have the right to ask us not to process your personal data while a rectification request is pending.


● Right to data portability.
You have the right to request a copy of your personal data , including your transaction history. Your transaction history is downloadable in machine-readable format from the App.


You have the right to request that we rectify or delete personal data collected and maintained about you. However, there are some circumstances where your request to rectify or delete your personal data may be denied if it is necessary for us to retain your information (for example, for legal or regulatory reasons).

US State privacy rights
In this section “Personal Information” means data that can be categorised into data that directly identifies you individually.

● If you live in California, we comply with the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA).
● If you live in Colorado, we comply with the Colorado Privacy Act (CPA).
● If you live in Connecticut, we comply with the Senate Bill 6 for an Act Concerning Personal Data Privacy and Online Monitoring (CTDPA).
● If you are in Utah, we comply with Senate Bill 227 for the Consumer Privacy Act (UCPA).
● If you live in Virginia, we comply with the Consumer Data Protection Act (CDPA).

If you live in any of the above states, you have the following rights in relation to the processing of your Personal Information:
● Right to be informed - We are required to tell you important information about what we do with your Personal Information. We do this through this Privacy Policy. In particular, it sets out:
     ○ The categories of Personal Information (and sensitive Personal Information) to be collected and the purposes for which these are collected and used (including whether information is sold or shared);
     ○ How long we will keep your Personal Information (including sensitive Personal Information) for;
     ○ How and where you can exercise the rights you have under data protection legislation applicable to you i.e. through our email address privacy@taptapsend.com;
     ○ The categories of Personal Information we share with third parties, and the categories of those third parties;


● Right to access -
You have the right to ask us to confirm whether or not we are processing your Personal Information and access it. In particular, you can ask us:
     ○ What categories of Personal Information and what specific pieces of Personal Information we have collected about you
     ○ The categories of sources from which the Personal Information is collected
     ○ The business or commercial purpose for collecting or sharing your Personal Information
     ○ The categories of third parties to whom we disclose your Personal Information


● Right to rectification - you have the right to correct inaccuracies in Personal Information we hold about you, taking into account the nature of the Personal Information and the purposes of processing it.


● Right to erasure - You have the right to request deletion of Personal Information we hold about you.


● Right to data portability.
You have the right to request a copy of your Personal Information, including your transaction history. Your transaction history is downloadable in useable, machine-readable format from the App that allows you, as far as possible, to transfer the Personal Information without impediment.


● Right to opt-out -
You the right to opt out of the processing of your Personal Information for purposes of:
     ○ Targeted advertising; or
     ○ The sale of Personal Information(excepted as permitted or required by law).


● "Do Not Sell My Personal Information” - You have the right to opt out of “sales” of Personal Information. We do not “sell” Personal Information. We do not have actual knowledge of any “sale” of Personal Information of any individual under the age of sixteen (16).


● Right to not be subject to automated decision-making -
You have the right to opt out of us processing your Personal Information for the purposes of profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.

Additional rights in Virginia - You have the right to appeal any refusal by us to take an action following your request to exercise your rights.


● Additional rights in California -
You have the right to request us to limit our use of the sensitive Personal Information to what is necessary to perform the services as reasonably expected. You also have the right to not be discriminated against because of the exercise of any of the above rights.


17. Concerns and complaints
We understand you may have concerns and complaints in relation to this Privacy Policy and in relation to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by emailing us at privacy@taptapsend.com. If you’re unhappy with how we’ve handled your personal data or any request you have made to exercise your rights, you can complain using the details set out below.

Where you are based How to make a complaint
EU Our lead EU supervisory authority is the Belgium Authority, and you can submit a complaint via this
link
If you are based elsewhere within the European Economic Area a list of supervisory authorities can be found
here.
UK You can submit a complaint directly to the UK ICO via this link.
US If you have any concerns about our use of your personal data, you can make a complaint to the Attorney General of your State or Territory of residence, or to our regulator in your State or Territory of residence.
Canada If you are based in Canada, you can contact the Office of the Privacy Commissioner via this link.
You can also find a list of supervisory authorities in different provinces here.
UAE For Dubai DIFC privacy complaints, you can contact the Commissioner whose contact details are available using this link.

18. Changes to this Privacy Policy
We will make changes to this Privacy Policy from time to time to reflect changes to law, best practice and how we process personal data. We will do this by posting a revised version on this website. We recommend that you check this webpage occasionally to stay up to date.

19. What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.