Foreign Currency Exchange Limited (“FCE” or “We”) is committed to protecting your personal privacy.
Please read the following carefully to understand how we handle your information.
For the purpose of the General Data Protection Regulation 2016 (“GDPR”), the data controller is Foreign Currency Exchange Limited, which trades as FC Exchange, part of Global Reach Group Ltd. Registered Company No. 09907831.
Our lawful basis for using your personal information
The GDPR sets out a number of different reasons for which a company may collect and process your information. For the most part, we require your personal data to enable us to deliver our services to you, and we rely on the following lawful bases to do so:
1. Contractual obligations
Most of the information we collect from you is necessary to fulfil our contract with you and serve you as a customer.
For example, we require your banking details in order to settle payments on orders you place.
2. Legal obligations
In certain cases, we are required by law to collect and process your information.
For example, we require personal information to carry out Anti-Money Laundering (AML) checks, and we pass on the details of people involved in fraud or other criminal activity affecting FCE to relevant authorities.
In specific situations, we will collect and process your information with your consent.
For example, when you tick a box to receive marketing material from us, or ask us to contact you about our products and services.
We will always make it clear to you what you are consenting to and what information is necessary for which services. If you have given consent to the use of your personal information, you are entitled to withdraw this consent at any time. Please be aware, however, that in some circumstances the withdrawal of your consent may result in us being unable to provide some services to you.
4. Legitimate interests
Sometimes, we use your personal information to pursue our legitimate business or commercial interests in a way you might reasonably expect as part of running our business and operating our website. We will not rely on our own legitimate interests without first considering your own rights, freedoms or interests.
For example, we may use your personal information to create a smoother customer service experience, because we have a legitimate interest in improving our products, services, and relationships with our clients and partners.
Whenever we process your data for these purposes, we will ensure that we always keep your personal data rights in high regard and take account of these rights. You also have the right to object to this processing. If you wish to do so, please let us know by contacting DPO@Globalreach-partners.com. Please bear in mind that if you object, this may affect our ability to provide you with some of our services.
The information we may collect from you
The information we collect and process may broadly include:
|Type of personal information||Description|
|Contact||Your name and contact details (address, email, phone number).|
|Transactional||Details about your accounts, and payments made to and from these accounts.|
|Communication records||Details recorded during our written and verbal communications with you (emails, records of phone calls).|
|Publicly available information||Information that you have made openly available about you in the public domain (such as information on your LinkedIn or company's website).|
|Documentary data||Additional personal information held on copies of documents you provide us, such as identification, and proof of residential address documents. For examples see our full list of approved documents.|
|Consents||Any consents or preferences you indicate, such as marketing or communication preferences.|
|Usage data||Information about how you use our products and services.|
|National Identifier||For example your National Insurance Number or Tax Identification Number (TIN).|
|Special category data||
Occasionally, we may inadvertently collect particularly sensitive data that the law treats differently. This may include data pertaining to:
- Racial or ethnic origin
- Religious, political or philosophical beliefs
- Biometric data
- Health Data
- Lifestyle information
- Criminal convictions and offences
Please note: We will never store this data without your explicit consent. We store this data with the utmost care, and for the purpose of providing our services to you.
Information gathered when you visit our website. This might include; the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browsing plug-in types and versions, operating system and platform, Uniform Resource Locators (URL), and how you navigate our website.
How we collect your information
Information from other sources
Where we have obtained your consent, have a legitimate interest, or legal obligation, we may receive or share your information from other companies within the Global Reach group of companies if you use any of the other websites we operate (www.globalreach-partners.com) or other services we provide.
We may also receive or share your data from other third parties, such as:
- Our partners (companies that introduce you to us)
- Our clients (when they wish to make a payment to you)
- Credit reference agencies (such as Callcredit and Equifax)
- Fraud prevention agencies (such as Action Fraud)
- Identity verification agencies
- Agents, suppliers, sub-contractors and advisers
- Government and law enforcement agencies (such as Companies House and HMRC)
We may combine the information about you which we receive from other sources with the information you give to us and the information we collect about you, for the same purposes set out above.
Information you provide about other people
If you provide us with information about another person, you confirm that you have informed them of our identity and the purposes for which their information will be processed.
You may provide another individual's bank account details (if you are asking us to make a payment to them), or contact details, such as; email address, mobile phone number or postal address. These are used to notify an individual that they will be receiving a payment from us on your behalf. A message may be sent to the other person using the contact details provided by you and this message will make reference to your name and explain to the recipient that you were the source of his/her contact details. We will never use the contact details you provide of another individual for marketing purposes.
How we use your information
We will use the information you provide us to:
- Provide you with the information, products and services that you request from us;
- Comply with our legal reporting obligations;
- Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- Notify you about changes to our services; and
- Ensure that content from our website is presented in the most effective manner for you and for your computer;
We will use the information we collect about you to:
- Manage our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- Improve our website to ensure that content is well presented for you and for your computer;
- To comply with our legal reporting obligations;
- Measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- Continue our efforts to keep our website safe and secure; and
- Make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Sharing your information
We may disclose your personal information to third parties under the following circumstances:
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
- In order to conduct any necessary background checks on you before offering our products and services
- In order to enforce or apply our terms and conditions and other agreements;
- To protect the rights, property, or safety of FCE, our customers, or others;
- Where we have a legitimate business interest that is not overridden by your own rights and freedoms; or
- Where we have obtained your consent.
Transfers and security
We may be required to transfer your information to other countries outside the European Economic Area (“EEA”), for example, when reporting to foreign authorities. In these cases, we will ensure our actions comply with the data security standards set out in the GDPR. We will also take all reasonable steps to ensure that this information is stored securely and is not passed on or sold to a third party for marketing purposes.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features, in line with the standards set out in the GDPR, to try to prevent unauthorised access.
How long we store your information
We only retain your data for the period necessary to fulfill the purpose for which it was originally processed, or in order to fulfill a legal obligation. For example, as a financial institution, we are legally required to retain client records for anti-money laundering purposes.
You have a range of rights over your information and we will endeavor to respect any requests to exercise them.
You may request access to the information we hold about you by making a Subject Access Request (SAR). Once we have confirmed your identity, we will comply with a SAR free of charge within 30 days, unless we deem the request unfounded or excessive. In this event, we will explain why we have decided not to action your request.
You may request that we correct the information we hold on you when it is incorrect, out of date, or incomplete.
You may request that we destroy, delete or discontinue using your personal information when it is no longer necessary for the purpose we originally collected it.
You may request that we stop processing your information when you contest its accuracy or the lawfulness of the processing.
- Withdrawing consent
Whenever you have given us your consent to use your information, you have the right to change your mind at any time and withdraw your consent.
- Legitimate interests
In cases where we are processing your information on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We will do so unless we believe we have a legitimate overriding reason to continue processing your information.
You have the right to stop our use of your information for direct marketing activities through all channels, or selected channels. You always have the opportunity to opt-out and we will always comply with your request.
To do so, click the ‘unsubscribe’ link in any email communication we send to you to notify us that you would like us to stop any further emails.
Submitting a request
You can request to exercise these rights at any time by contacting us at DPO@GlobalReach-Partners.com
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may refuse to comply with the request in such circumstances. If we choose not to action your request we will explain to you the reasons for our refusal.