This Privacy Notice applies to personal information processed by Exchangefair Ltd where Exchangefair Ltd is the Controller and the Data Subject is not an employee or officer of Exchangefair Ltd.
Exchangefair Ltd is a company registered in England and Wales, with a registered address at 28 Cathedral Road, Cardiff, Wales, CF11 9LJ. The company provides virtual payment services for individuals and corporates; “EUID” * for KYC video verification; transaction monitoring software *; and we “white label” our App, We are regulated by the UK Financial Conduct Authority and possess a money transfer licence from UK HMRC. We have appointed a “Data Protection Officer” who you can contact by writing to “Data Protection Officer” at our registered address, or by email to email@example.com.
We process data about you to fulfil the terms of our contracts with our customers and suppliers, who may be your employer, and to contact you about our products and services, as well as meet our regulatory obligations. The legal basis of the processing is our legitimate interest as a business, combined with your consent.
We collect this data directly from you through our website; from your employer under the terms of our contract with them; from our partners, such as conference organisers; from KYC and other information you provide us as part of our client onboarding process; from third parties such as Dow Jones and freely available public sources.
We do not share your information with other organisations for their benefit, but do engage appropriately vetted sub-processors as our suppliers, or providers of data processing services to us. We only transfer data to sub-processors who are in the EEA, or in a jurisdiction judged adequate by the European Commission, or where we have contractual terms approved by the European Commission.
We only retain personal data about you for as long as we need it, or are required to do so by regulation. If we are processing your personal data due to a contract, we will retain this information only for as long as the contract and any terms or conditions of it that rely on the personal data are in force. We will retain your contact details for communicating with you for other purposes.
We employ appropriately robust policies, controls, and procedures to safeguard personal data that we hold, and we fully comply with all applicable data protection requirements.
Your rights under GDPR are summarised below.
You can contact us to exercise any of these rights, apart from the right to complain to a “Supervisory Authority”, by writing to the Data Protection Officer at our registered address, or by email to firstname.lastname@example.org. You will need to provide evidence of your identity.
We will respond to your request as quickly as possible and within one month. It may take up to three months to fulfil your request properly, and we will inform you of any anticipated delay of more than a month. We may charge a fee or refuse to act on your request if is manifestly unfounded, excessive, or repetitive.
This Notice informs you of who we are, the purpose, and legal basis of processing what personal data we process and where we might transfer it to. You can request more information from us if you do not understand this Notice.
You can contact us, as above, at any time to request confirmation that we have or are processing personal data about you; to get access to this data; and to receive a copy of this Notice at any time. We will share this information with you in paper or electronic format, as appropriate. When providing a written copy of the data requested, this will be limited to one copy. We will charge a reasonable fee for additional copies.
We will not share with you data about other Data Subjects without their written consent, and this may affect completeness of information that we are able to provide you.
We will correct personal data about you if it is incorrect, or complete any missing information that we should hold.
We will remove personal data about you from our records, provided either, it is no longer necessary; you no longer consent in writing to our holding or processing the data; and we have no legal or regulatory reason, or other over-riding legitimate reason to continue; or we have processed the data unlawfully; or the data must be retained for legal reasons.
You can ask us to stop holding or processing personal data about you until we have corrected any inaccuracies; the processing is unlawful but you do not wish us to erase the data; we no longer require the data but you require it for legal reasons; or we are taking necessary and reasonable time in considering whether there is any other reason for us to continue to hold or process the data.
If we are using personal data about you for direct marketing purposes, we will stop this within seven days of a request in writing to our Data Protection Officer for this to be discontinued.