DATA PRIVACY

 

Last Updated: 05 April 2024

Money Mechanix is committed to ensuring that your personal data is used correctly and in accordance with the highest standards of Data Protection Law. 

When this policy mentions “Money Mechanix,” “we,” “us,” or “our,” it refers to the company, Money Mechanix Limited (registered in England and Wales registered no. 10811892), that you have contacted (or been contacted by). When this policy mentions “Currencycloud” or “Equals Connect”, it refers to the respective company that provides payment services to you and whom you will be contracted with for the provision of these services. The delivery of the applicable Services to you as a “Client” involves the processing of your personal Information by the respective “Service Provider”, either Currencycloud or Equals Connect, on behalf of Money Mechanix.  To view their respective Privacy Policies click here: Currencycloud or Equals Connect.  

This Data Privacy Policy (“Policy”) explains in detail the types of personal data Money Mechanix may collect about you and what we do with your personal data. It also sets out what we do to keep your personal data secure, as well as your rights in relation to the personal data we hold about you.

 For the purposes of Data Protection Law, Money Mechanix will be deemed a data controller of your personal data.

 Please refer to the “Definitions” section to understand the meaning of some of the terms used in this Policy.   

 

What personal data do we collect?

Personal data such as your name, residential address, date of birth, telephone number, mobile number, email address, occupation, bank account details, details in your identification documentation (e.g. passport, social security number or other tax identification number), utility bill, and/or driving licence, visa and copies of any other documents you provide to prove your age or identity so we can satisfy our ‘Know Your Customer’ checks.

When you book transactions with us, we need to collect information about the other parties involved in the transaction, including beneficiary name, account number, address (“Beneficiary Details”), the source of the funds, the reason for the transaction and the devices and payment methods used to complete transactions. By providing this information to Money Mechanix, you agree to have obtained the payee’s consent to their personal data being processed by Money Mechanix in its capacity as a Processor. This is necessary for us to make a payment to them and you confirm that you know they agree or that you are otherwise allowed to give us this information and will inform them of the contents of this Privacy Policy.

If you are using our services on behalf of a business entity, we need to collate information about the business including the organisational structure of the company and individuals involved in the business including their name, address, job title of signatory, email, phone, Identity documents of signatory, proof of bank account details and similar details of other authorised personnel. We may also collect entity formation documents or other corporate records such as company registration details etc. 

Money Mechanix is required under AML/ CTF Laws to collect Personal Data of individuals who ultimately own or control corporate clients, directly or indirectly (“Beneficial Owners”) – This is to ensure that they have authority to act on behalf of the business entity and provide that information. Such information may include the Beneficial Owner’s name, date of birth, title, mailing address, phone number, email address, nationality, occupation and social security number or other tax identification number. You confirm that you know the Beneficial Owners agree or that you are otherwise allowed to give us this information and will inform the Beneficial Owners of the contents of this Privacy Policy. 

 

When do we collect personal data about you?

Money Mechanix only collects Personal Data when it is reasonable and practicable to do so, or is authorised by applicable laws. 

 We collect Personal Data when you:

  • complete an application or form, or register for an account;
  • speak to us over the phone or communicate to us via emails
  • make payments using the online platform;
  • report a problem, make a query or issue a complaint about our Services; 
  • when you download the copy of our marketing materials online;
  • give a third party permission (e.g. a Referring Partner) to share with us your personal data; and 
  • connect with us via your social media account. 

 

Information collected from Third Parties

We collect Personal Data about you from the Service Provider, either Currencycloud or Equals Connect, accorded to our terms of business. 

 

The “Lawful basis” we rely on to process your personal data 

Data Protection Law sets out the key, lawful basis that organisations, businesses and governments can rely on to collect and process personal data. Money Mechanix predominately relies on the following: 

  • Consent: processing your personal data where you have explicitly given us permission to do so.
  • Performance of a Contract: processing your personal data in order to fulfil our contractual obligations with you. 
  • Legal Obligations: processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject. 
  • Legitimate Interests: processing your personal data where we or a third party have a legitimate interest to do so. We make sure we consider and balance any potential impact on your rights before we process your personal data for our legitimate interests. Where our interests are overridden by a negative impact on your privacy rights, we will not process your personal data. 

 

How do we use your information?

The way we collect and use data is always lawful. We use your personal data to provide information on the services you have requested or products you have ordered. Data is collected and used on a lawful basis where our interests do not outweigh your interests which is outlined below. We use your data to: 

  • Provide products and services to you under contract. 
  • Take steps prior to entering into a contract.
  • Decide whether to enter a contract.
  • Manage and perform a contract.
  • Make sure our records are up to date.
  • Fulfil our legal obligations
  • When you exercise your rights under GDPR (General Data Protection Regulation) and make requests.
  • For compliance with legal and regulatory requirements, and related disclosures.
  • For the establishment and defence of legal rights.
  • For activities relating to the prevention, detection and investigation of crime.
  • To verify your identity and prevent fraud and money laundering, including sharing the data we have collected from you with fraud prevention agencies. By law, we are required to review transactions and report any which may be suspected of being related to money laundering activities.
  • To monitor communications (emails, calls and other) and activities on your account.
  • Carry out our legitimate interests, without acting against your privacy rights:
  • For good governance, accounting, managing and auditing our business.
  • For market research, analysis and developing statistics.
  • To detect, prevent and investigate fraud, money laundering and other crimes and to verify your identity in order to protect our business

 

 With your consent, we will:

  • Send you marketing communications.
  • Disclose your personal data to other people or organisations when you ask us to.
  • Process any special categories of personal data at your request.
  • How long do we hold on to your information?

 

We keep your data whether you become a customer or not:

  • For as long as it takes to deal with your query
  • For as long as you might legally bring a claim against us
  • After your account has been closed or otherwise come to an end based on our legal and regulatory requirements

 

How we safeguard your personal data

Money Mechanix ensures personal data is encrypted when it is stored, when it is in transit over the internet and when it is traveling between Data Centres.

Data shared with Service Provider Currencycloud is secured and only used for authorised purpose as outlined here. As a data processor Currencycloud may engage with the Sub-Processors detailed in the following “Technology Partners”  website page as updated from time to time. 

What are your rights?

Under GDPR (General Data Protection Regulation), you have:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right of erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

 

If you would like further information about data protection you can visit the Information Commissioner’s Office (ICO) at ico.org.uk. The ICO is the UK’s independent authority set up to uphold information rights in the public interest and data privacy for individuals. We comply with all ICO regulatory and statutory requirements. You have the right to make a complaint to the ICO regarding the handling of your data.

 

Fraud prevention and money laundering checks

We may use your personal details in order to conduct identity checks as required by law as a measure to prevent money laundering.

The personal data we have collected from you at application or any stage may be shared with fraud prevention agencies. We are required by law to review transactions and report any which may be suspected of being related to money laundering activities.

 

Automated decision making

We may process your personal data without human intervention to evaluate your personal situation, such as transactional history and account-opening anniversary events. We may do this to decide what marketing communications might be suitable for you, to analyse statistics and to assess risks.

This is all done on the basis of our ‘legitimate interests’, to protect our business, and to develop and improve our products and services. If we use automated decision making including profiling activity to assess your application, this will be performed on the basis of it being necessary to perform the contract.

 

Sharing your information

We will not sell, share, or rent your information to others except as set out in this policy.

We may share your information with:

  • Organisations that provide operational services relating to the performance of the services that you use. Our strategic partners are, where required by law, authorised and regulated to the required standards.
  • The purchaser of the company or the purchaser of its assets in the event of the sale of the company or its assets.

While our website may contain links to other sites, we are not responsible for their privacy practices or content.

 

 

Transferring your information overseas

We might transfer your personal data outside of the UK and EEA (European Economic Area). In this event, we will always take all necessary steps to ensure the data is held securely and processed in line with applicable laws to the UK.

 

 

Opting out of marketing preferences

You are free to opt out of receiving all marketing communications from us and our strategic partners at any time by contacting us.

 

Should you be opted in to receive email correspondence, there is an unsubscribe link in each email we send out, if you use this, we will not send any unsolicited mail to your registered email address.

Communications regarding changes to existing products or services held, our terms, conditions and policies are important and sometimes critical. You may not opt out of receiving these communications.

 

 

Use of cookies

Our website uses cookies. A cookie is a piece of data stored on your computer’s hard drive that identifies your computer while you are using our site. Once you shut down your browser software, the cookie simply terminates until you re-enter the site.

 

Cookies have a number of uses. For example, cookies are part of the mechanism that allows you to sign in and out of our website rather than having to enter your password repeatedly during a session. Cookies can be used for analytics purposes to estimate the number of users to our site. Once you are logged in, cookies can be used to enable us to track and target your interests to enhance your experience on our site. They may also be used for other purposes, such as to maintain the security of the site and provide information on what we need to do to provide administration support to the site. Some of our strategic partners use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies.

 

We provide specific details about the cookies we use and the reasons for using these cookies in our Cookie Policy to enable site visitors to make an informed decision and thus provide informed consent.

 

Reviewing, correcting or updating your personal data

If any of your details are recorded incorrectly and need to be changed, please contact us by email with details of the required changes and the reasons for the change. Proof of change of address may be needed.

 

Alternatively you can write to the Data Protection Officer (DPO) regarding accessing your personal data or any part of this privacy policy by writing to Money Mechanix, 69b High Street, Harpenden, AL5 2SL or by emailing [email protected] .

 

Definitions

“Controller or joint controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 “Data Protection Laws” means the GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (“UK GDPR”), together with the Data Protection Act 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 and other data protection or privacy legislation in force from time to time in the United Kingdom. In circumstances where and solely to the extent that the UK GDPR applies, references to the GDPR and its provisions shall be construed as references to the UK GDPR and its corresponding provisions.

“Personal Data” means information that can be used to directly or indirectly identify a living person. Also referred to as ‘personal information’, ‘personally identifiable information’ and ‘non-public personal information’.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

 “Process, Processing, Processed” means operation or set of operations which are performed on data. This includes collecting, viewing, recording, organising, structuring, storing, using and destroying.

“Security Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information. A Security Breach includes a “personal data breach,” a “breach of security of a system” or similar term (in each case, as defined in any other Applicable Data Protection Law) as well as any other event that compromises the security, confidentiality or integrity of Personal Information.

 “Services” means foreign exchange and international payment services provided by Currencycloud or Equals Connect.

 

 

Changes to the Privacy Policy

If we make any changes to our privacy policy, we will notify you by email to your registered email address so you will always know what information we collect, how we use it and under what circumstances, if any, we disclose your personal data.

 

 If we want to change the use of personal information we have already collected about you, we will notify you by email. If you have not provided us with your email address you must regularly check the website for an up to date version of the privacy policy. It is then up to you to decide whether you will let us use your information in this way. We will use information in accordance with the most recently published privacy policy.