Currency Online Group is the trading name for Travel Online Group Limited part of Currency Online Group Limited. This privacy notice is issued on behalf of the Travel Online Group Limited so when we mention, "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the Travel Online Group Limited group
responsible for processing your data. Travel Online Group Limited, Coach House Unit 42, 66-70 Bourne Road, Bexley, Kent, England, DA5 1LU is the controller and responsible for this website.
(PLEASE DO NOT SEND CURRENCY TO THIS ADDRESS - All Buyback orders must be sent to our secure PO BOX address, see Buyback pages for more details https://www.currencyonlinegroup.com/currencybuyback.
It is important that you read this privacy notice together with any other privacy notice which we may provide when we are collecting or processing your personal data so that you are made aware of how and why we are using your personal data. This privacy notice is in addition to any other notices we may provide and is not intended to override them.
We have appointed Paul Brewer as our data protection manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights or questions surrounding them, please contact the Paul Brewer using the details set out below.
Our full details are: Travel Online Group (trading name Currency Online Group)
Full name of legal entity: Travel Online Group
Data Protection Manager: Paul Brewer
Email address: Support@currencyonlinegroup.com
Postal address: Currency Online Group Limited, Coach House Unit 42, 66-70 Bourne Road, Bexley, Kent, England, DA5 1LU
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
INFORMATION COLLECTED FROM YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The nature of our site means that when you visit or order money on it, you may be asked to provide certain information such as your contact details. We may also collect use, store and transfer different kinds of personal data about you which we have grouped together as follows:
· Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender.
· Contact Data includes a billing address, delivery address, email address and telephone numbers.
· Financial Data includes bank account and payment card details.
· Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
· Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, traffic data, weblogs, other communication data, operating system and platform and other technology on the devices you use to access this website.
· Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
· Usage Data includes information about how you use our website, products and services.
· Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
This website is not intended for children and we do not knowingly collect data relating to children.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract in the provision of currency or our services and you fail to provide that data when requested, we may not be able to perform the services or provide the currency. In this case, we may have to cancel a service you have requested from us but we will notify you if this is the case at the time.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
· Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when:
· apply for our products or services;
· create an account on our website;
· subscribe to our service or publications;
· request marketing to be sent to you;
· enter a competition, promotion or survey; or
· give us some feedback.
· Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
· Technical Data from the following parties:
(a)analytics providers such as Google based outside the EU;
(b)advertising networks such as Khora digital based inside the EU; and
(c)search information providers such as Trace smart based outside the EU.
· Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Sage Pay based inside the EU.
· Identity and Contact Data from data brokers or aggregators such as Trace Smart based outside the EU.
· Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
Use of Your Information
The information you supply to us will enable us to carry out our obligations arising from any contracts entered into between you and us and to provide you with the currency or any other products and services you have requested and will also enable us to contact you where necessary. We may use the information you provide us with to verify your identity using third-party systems to do so. Your information is also important to us in helping us to administer, support, improve and develop our business and website. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
· Where we need to perform the contract we are about to enter into or have entered into with you.
· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
· Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data however, where you have provided consent on our site, we might use your information to let you know about other products and services which we offer and which may be of interest to you. We may also (at our discretion) use the information collected from you to contact you for your views on our business and to notify you about important changes or developments to the site or to the products or services we provide. You have the right to withdraw consent at any time by emailing s[email protected] or unsubscribing from our mailing list at any time.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
In the table below we have set out the ways we plan to use your personal data, and the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact s[email protected] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below or if you need further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities.
By way of explanation when looking at the table:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
Performance of a contract with you
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
Necessary for our legitimate interests (to develop our products/services and grow our business)
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at s[email protected].
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:
PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased currency from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the Currency Online Group Limited group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting [email protected] at any time, please do not reply to emails that state no reply, send a separate email to the above email address.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, or other transactions where we have a legitimate reason for processing this data.
DISCLOSURE OF INFORMATION
We may have to share your personal data with the parties set out below for the purposes set out in the table above under the heading “Purposes for which we will use your personal data”.
• External Third Parties.
• Service providers based outside the UK who provide IT and system administration services: Zenlime Ltd (with in the EU)
• Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide accounting services: Pomfrey accountants
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom
• ICE PLC
• City Forex
• Trace Smart (Lexis Nexis)
• Sage Pay, Barclaycard
• Royal Mail
• Compare Holiday Money, Money.co.uk, Travel Money Max.
• Currency Cloud
• UAE Exchange
• BFC exchange
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• We may also pass information on the usage of our site to other third parties but this will not include information that can be used to identify you.
• We do not transfer your personal data outside the European Economic Area (EEA).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
LINKS TO OTHER SITES
SECURITY AND DATA RETENTION
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. You accept the inherent security implications of being and transacting online and will not hold us responsible for any breach of security unless we have been negligent or in wilful default. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
To exercise any of your rights you can do so by emailing us at [email protected]. If you wish to exercise any of your rights, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
In order to assist you in exercising your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
When assisting you in exercising your rights we try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
CALLS TO US
Any phone calls made to us may be monitored and recorded for training and other lawful purposes.
CHANGES TO THIS POLICY
We welcome any comments, queries and requests relating to our use of your information. Such comments should be addressed to us at [email protected].
MANIGO CARDHOLDER & ACCOUNT PROVIDER, PRIVATE POLICYIntroduction
Glover Enterprise B.V values its user’s privacy.
We would like to inform you about the management of your personal data in accordance with Art. 13, 14 General Data Protection Regulation (GDPR), as well as the Data Protection Act (DPA 2F018). For the purpose of data protection legislation, the data controller is Glover Enterprise B.V, Level 36, One Canada Square, London, E14 5AB. We are registered as a Data Controller with the Information Commissioner's Office (ICO), registration number ZA214276.
Monavate is a controller of some of your personal information as it relates to, and is required for, the administration and operation of the card.Monavate is registered as a Data Controller with the Information Commissioner's Office (ICO), registration number ZA806303.
What we do with your personally identifiable information
It is always up to you whether to disclose personally identifiable information to us via the Travel Online Group Ltd App (In App), although if you elect not to do so, we reserve the right not to register you as a user or provide you with any products or services.
“In App Personally identifiable information” means information that can be used to identify you as an individual, such as, for example:
- your name, email address, phone number, residence address, information collected during registration: date of birth, photos taken for the liveliness check, contacts;
- user account ID, financial, payment, purchase history information associated with the account, app information and performance (crash logs), diagnostics, device ID, data usage and handling. If you do provide personally identifiable information to us, either directly or through a service provider or other business partner, we will:
- not sell or rent it to a third party without your permission — although unless you opt out (see below), we may use your contact information to provide you with information we believe you need to know or may find useful, such as (for example) news about our services and products and modifications to the Terms of Service;
- take commercially reasonable precautions to protect the information from loss, misuse and unauthorised access, disclosure, alteration and destruction;
Other information we collect
We may collect other information that cannot be readily used to identify you. We may use this information, individually or in the aggregate, for technical administration of our services; research and development; customer and account administration; and to help us focus our marketing efforts more precisely.
Travel Online Group Ltd uses “cookies'' to store personal data on your computer. We may also link information stored on your computer in cookies with personal data about specific individuals stored on our servers. If you set up your Web browser (for example, Internet Explorer or Firefox) so that cookies are not allowed, you might not be able to use some or all of the features of our Website(s).
For more information, please see our Cookies Policy. For further definition of the cookies, please visit www.allaboutcookies.org.
Where we store your personal data
Information you provide when you apply or sign up for the App, go through our identity or account verification process, authenticate into your account, communicate with us, answer our questions, or otherwise use the App or the website https://www.currencyonlinegroup.com/ is stored on secured servers provided by third party hosting vendors.
The data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. Prior to transmission of your information outside the EEA, we will ensure that adequate measures are in place to ensure the security of your data which are equal to EEA standards in accordance with this policy.
Travel Online Group Ltd works closely with third parties in order to help deliver services to you. These third parties are business partners, technical sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies and fraud prevention tools. Information we may collect about you from such parties can include credit search information, information which helps us to conduct checks and help us verify your identity and the identity of any other cardholder. This allows us to comply with “know your customer”, anti-money laundering and other legal requirements which are aimed at detecting and preventing financial crime.
These suppliers are (but not limited to):
Sum & Substance Limited (‘SumSub’)
Travel Online Group Ltd is required by law to retain certain personal data and information for a minimum of at least 5 years from the date of the last In App transaction you make for example
Your privacy responsibilities
To help protect your privacy, be sure:
- not to share your In App user ID or password with anyone else;
- to take customary precautions to guard against “malware” (viruses, Trojan horses, bots, etc.), for example by installing and updating suitable anti-virus software;
- to inform us, as soon as practicably possible, should any of the above take place. For further information regarding data compromisation, please review Travel Online Group LTD Terms of Service.
Your data protection rights
You have rights under data protection laws in relation to your personal data. You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected; however, we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please be aware that we may not always be able to comply with your request of erasure for legal reasons which you will be advised of at the time of your request. Travel Online Group Ltd. are required to retain certain information for a minimum of 5 years, this requirement supersedes any right to erase requests under applicable data protection laws.
Object to processing of your personal data. This is in situations where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may be able to show that we have compelling legitimate grounds to process your information which override your rights. Due to regulatory requirements, Travel Online Group Ltd has numerous obligations to process and retain certain personal information for compliance purposes, these requirements supersede any right to objection requests under applicable data protection laws. If you object to the processing of certain personal information, we may not be able to provide you with our services and it is likely we will have to terminate your account.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please be aware that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our Services but we will notify you if this is the case at the time.
Request the transfer of your personal data to you or to a third party. We will provide you with your personal information in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Please be aware that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Please be aware, if you withdraw your consent, we may not be able to provide our Services to you and we will advise you of this following receipt of your request
Should you wish to exercise any of your rights, please contact us at [email protected]
Data subject access requests (DSAR)
Should you wish to make a DSAR, please contact [email protected] outlining what data you are requesting, and the reason for your request. You will not have to pay a fee, however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information collected from minors
You must be at least 18 years old to use Travel Online Group Ltd Website and In App services. Travel Online Group Ltd does not knowingly collect information from minors under 18.
Other information we may use
Travel Online Group Ltd offers the ability to make in-app peer-to-peer payments and in-app chat messaging to otherTravel Online Group Ltd members. To use both these functions we will require access to your phone contacts database. Before we access your phone contact database your permission will be requested. Travel Online Group Ltd does not store your phone contact database on our servers.
Questions or comments?
to [email protected], or contact us via any of the ways described in the Contact Us page at