TransferWise Privacy Policy

Last Updated: September 10th, 2020

Version Number: 1

Our Privacy Policy in Portuguese

This Privacy Policy is an overview of how we collect, use, and process your personal data when you use our website https://transferwise.com/br (hereinafter: “Website”), our web application (hereinafter: “Web App”) and our mobile app (hereinafter: “App”; jointly called: “Services”). If anything here only applies to one of our services, we’ll explicitly point this out to you.

Please read this Policy carefully, as it becomes legally binding when you use our Services. For the full definition of the capitalised words here, check our Customer Agreement. We take privacy and protection of your data very seriously and are committed to handling the personal information of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.

This Privacy Policy is destined to customers who use our services in Brazilian national territory, and it's in accordance with the local regulation in force regarding privacy and protection of personal data.


1. Responsible Entity

2. Information we collect from you

3. How do we protect your personal information

4. Ways we use your information

5. Disclosure of your information

6. Sharing and storing your personal data

7. Profiling and Automated Decision Making

8. Cookies

9. Personal Data Retention

10. Your rights

11. Third-party links

12. Responsibility and communication in case of security breaches

13. Changes to our privacy policy

14. Contact


1. Responsible Entity

The responsible entity for the collection, processing and use of personal data is TransferWise Brasil Correspondente Cambial Ltda., a company enrolled under the CNPJ/ME nº 28.973.560/0001-41 (“TransferWise Correspondente”, "TransferWise", "us", “we” or “our”).

TransferWise is registered with the Banco Central do Brasil as a foreign exchange correspondent of MS Bank S.A. Banco de Câmbio S.A., a company enrolled under the CNPJ/ME nº 19.307.785/0001-78 (“MS Bank”) or by Banco Rendimento S.A., a company enrolled under the CNPJ/ME nº 68.900.810/0001-38 ("Rendimento" and together with MS Bank, the "Banks"). The data processing is carried out by TransferWise Correspondente following the bank guidelines, which as a "controller", supervises it.

The "person in charge" is the person responsible for managing a communication channel with you. For the purposes of this policy, Mr. Shan Lee will be the "person in charge" and you can speak to him through the following email privacy@transferwise.com. If you have any questions about how we protect or process your data, please send an email to the abovementioned email address.

2. Data we collect about you

We will collect and process the following data about you:

  • 2.1 Information you give us.
    • (a) You may give us information about you when you sign up to use any of our services. This also includes information you provide through your continued use of our Services, participate in discussion boards or other social media functions on our Website or App; enter a competition, promotion or survey, and when you report a problem with our Services. The information you give us may include your name, address, e-mail address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, registry number of Cadastro de Pessoas Físicas or Ministério da Economia – CPF/ME, personal description and photograph. If you fail to provide any of these information, it might affect our ability of providing you our services;
    • (b) In some cases, such as when you send or receive high value or high volume transactions, or where we need to comply with anti-money laundering regulations, terrorist financing, or any other legal obligation, internal compliance policies or other rules applicable to our services, we may also need more commercial or identification information from you; and
    • (c) In providing the personal data of any individual (other than yourself) that receive payments from you during your use of our Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.
  • 2.2 Information we collect from you With regard to your use of our Services, we may automatically collect the following information:
    • (a) details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;
    • (b) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
    • (c) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our Customer Support number.
  • 2.3 Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working with third parties and may receive information about you from them.

For example:

  • (a) the banks and other institutions you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
  • (b) business partners may provide us with your name and address, as well as financial information, such as card payment information;
  • (c) advertising networks, analytics providers and search information providers may provide us with pseudonymous information about you, such as confirming how you found our website;
  • (d) credit reference agencies do not provide us with any personal information about yourself, but may be used to corroborate the information you have provided to us.
  • 2.4 Information from social media networks. If you log in to our Services using your social media account (for example, Facebook or Google) we will receive relevant information that is necessary to enable our Services and authenticate you. The social media network will provide us with access to certain information that you have provided to them, including your name, profile image and e-mail address. We use such information, together with any other information you directly provide to us when registering or using our Services, to create your account and to communicate with you about the information, products and services that you request from us. You may also be able to specifically request that we have access to the contacts in your social media account so that you can send a referral link to your family and friends. We will use, disclose and store all of this information in accordance with this Privacy Policy.

2.5 Sensitive data

TransferWise processes sensitive data only to carry out verification of identity documents that contain biometric data. The main goal is to prevent fraud and ensure the security of our customers along the identification and account authentication process. We limit this process to the minimum required in order to achieve this purpose.

2.6 Children and teenagers' data

Our products and services are directed at adults aged 18 years and over, and not intended for children or teenagers. We do not knowingly collect data from this age group. Our verification process prevents TransferWise from collecting this data. If any data is collected from a child or teenagers without verification of parental consent, it will be deleted.

3. How do we protect your personal information

  • 3.1 We take the safeguarding of your information very seriously, and take a number of steps to ensure it stays secure. For example:
    • (a) Communication over the Internet between you and TransferWise servers is encrypted using strong asymmetric encryption. This makes it unreadable to anyone who might be listening in;
    • (b) We update and patch our servers in a timely manner;
    • (c) We run a Responsible Disclosure and bug bounty program to identify any security issues in TransferWise services
    • (d) Our technical security team proactively monitors for abnormal and malicious activity in our servers and services; and
    • (e) When information you’ve given us is not in active use, it is encrypted at rest. This means it’s unreadable from server hard-drives without the decryption key.

You can find out more from our security page.

  • 3.2 We do regular audits such as (i) System and Organization Controls, Type 2 - "SOC 2" and (ii) Payment Card Industry Data Security Standard - "PCI DSS". As part of these audits, our security is validated by external auditors.
  • 3.3 We restrict access to your personal information to those employees of TransferWise who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer personal information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.
  • 3.4 Although we adopt all these measures in order to guarantee the integrity, availability and protection of your personal data, security breaches caused by unlawful acts of third parties may occur. In face of any suspicious event, we encourage you to contact us immediately through privacy@transferwise.com.

4. Ways we use your information

  • 4.1 We use your information in the following ways:
    • (a) to carry out our obligations relating to your contract with us and to provide you with the information, products and services;
    • (b) to comply with any applicable legal and/or regulatory requirements;
    • (c) to notify you about changes to our Services;
    • (d) as part of our efforts to keep our Services safe and secure;
    • (e) to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • (f) to improve our Services and to ensure that they are presented in the most effective manner;
    • (g) to allow other Transferwise customers to request or send money to you through our services when providing matching information for your phone number or email;
    • (h) to measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;
    • (i) to allow you to participate in interactive features of our Services, when you choose to do so;
    • (j) to provide you with information about other similar goods and services we offer; and
    • (k) to combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above.

5. Disclosure of your information

  • 5.1 We may share your information with selected third parties including:
    • (a) affiliates, business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with you, or with them that might be related in any way to the service we provide you;
    • (b) advertisers and advertising networks solely to select and serve relevant adverts to you and others;
    • (c) analytics and search engine providers that assist us in the improvement and optimisation of our site; and
    • (d) our group entities or subsidiaries.
  • 5.2 We may disclose your personal information to third parties in other specific conditions, including:
    • (a) affiliates, business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with you, or with them that might be related in any way to the service we provide you;
    • (b) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
    • (c) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Customer Agreement and other applicable agreements; or to protect the rights, property, or safety of TransferWise, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
    • (d) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
    • (e) to prevent and detect fraud or crime;
    • (f) in response to a subpoena, warrant, court order, or as otherwise required by law;
    • (g) to assess financial and insurance risks;
    • (h) to recover debt or in relation to your insolvency; and
    • (i) to develop customer relationships, services and systems.
  • 5.3 We do not have a list of all third parties we share your data with, as this would be dependent on your specific usage of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to privacy@transferwise.com.

6. Sharing and storing your personal data

  • 6.1 We may transfer and store your data at a destination outside of the brazilian national territory. It may also be processed by staff operating outside of Brazil who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your payment order, the processing of your payment details and the provision of support services. This process is needed so we can perform in accordance with our Customer Agreement. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
  • 6.2 In order to provide our Services to you, it is sometimes necessary for us to transfer your data to the third parties outlined in section 5.1 that are based outside of brazilian national territory. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organisational security measures to protect your data. We also ensure we have appropriate contractual protections (e.g. binding corporate rules, Standard Contractual Clauses or other accepted data transfer safeguards) in place with these parties receiving the data outside of Brazil.

7. Profiling and Automated Decision Making

  • 7.1 We may use some elements of your data — such as your country of residence and transaction history - to customise our Services and the information we provide to you, and to address your specific needs. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful to you. When we do this, we take all necessary measures to ensure that your privacy and security are protected — and we only use pseudonymised data wherever possible.
  • 7.2 We may use Automated Decision Making (ADM) to improve your experience, or to help fight financial crime. For example, so that we can provide you with a fast and efficient service, we may use ADM to verify your identity documents, or to confirm the accuracy of the information you have provided to us.

8. Cookies

  • 8.1 Our Services uses cookies to distinguish you from other users and identify how you use our Services. This helps us to provide you with a good experience and also allows us to improve our Services. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

9. Personal Data Retention

  • 9.1 As a foreign exchange correspondent, TransferWise is required by law to store some of your personal and transactional data, even after the closure of your account with us. We only access your data internally on a need to know basis, and we’ll only access or process it if absolutely necessary.

  • 9.2 We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate. However, your personal data may also be retained after your account is closed for the purpose of ensuring our regular exercise of rights in judicial, administrative or arbitration proceedings, when necessary to serve our legitimate or third party interests, or when otherwise authorized by applicable law.

  • 9.3 Learn more about the retention periods for your data here

10. Your rights

  • 10.1 Subject to applicable laws, you may have the right to access information we hold about you. If you have any questions in relation to our use of your personal information, contact us. You may have the right to require us to:
    • (a) confirm of the existence of treatment, and provide more details about the use we make of your information, within up to 15 (fifteen) days from your request;
    • (b) provide you with a copy of the information that you have provided to us, up to 15 (fifteen) days counting from the day you made the request;
    • (c) update any inaccurate, incorrect, or out of date personal information we hold;
    • (d) hide, block or delete any personal information that is no longer necessary, that might be excessive or no longer subject to a legal obligation to which TransferWise is subjected to. It may not be possible to delete your data at the time of request, as outlined on the item 9 above, however, once the required time has passed then we will be able to comply with your request;
    • (e) remove any personal data that has been processed without your consent, unless its preservation is allowed by law, or in the case of item 9 above;
    • (f) the portability of personal data to another service or product provider, as long as this right is regulated in Brazil.
    • (g) information from public and private authorities which we share your data with;
    • (h) when the treatment is based on consent, information on the possibility of not providing it and on the consequences of the refusal;
    • (i) when the treatment is based on consent, the revocation of your consent so that that particular treatment activity is stopped;
    • (j) the interruption of marketing activities directed to you, which can be done by contacting us or adjusting your notification preferences through the settings of your account;
    • (k) when decisions are made solely on the basis of the TDA provided for in item 7 above, you may request that we provide information about the decision making methodology and criteria and ask us to verify that the automated decision was made correctly. We may reject the request, as allowed by applicable law, even when the provision of the information results in the disclosure of a commercial or industrial secret or interferes with the prevention or detection of fraud or other crimes. However, under the circumstances, we usually check if the algorithm and the database are working regularly without error or some kind of bias, in order to adjust the process, if needed;
    • (l) opposition to any treatment based on one of the hypotheses in which their consent is waived, in case of non-compliance with the provisions of the applicable legislation, safeguarding the public interest that may justify the continuity of the treatment; and
    • (m) object to any processing based on our legitimate interests ground or a third-party, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
  • 10.2 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check whether it is possible to respond. If it is not possible to respond immediately to your request, we will indicate the reasons of fact or law that prevent us from doing so. In most cases, we will respond within one month, unless a shorter period has been outlined in this Privacy Policy or applicable law.

11. Third-party links

  • 11.1 Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that, apart from the websites we own, we do not take any responsibility for them. Please check these policies before you submit any personal data to these websites.

12. Responsibility and communication in case of security breaches

  • 12.1 The Banks and TransferWise are subject to the liability regime provided for in the applicable legislation.
  • 12.2 In the event that, in compliance with applicable law, we notify the National Data Protection Authority (ANPD) about a security breach that may cause you significant risk or damage, we will also inform you.

13. Changes to our privacy policy

  • 13.1 To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this Privacy Policy at any time without notice by posting a revised version on this website. To stay up to date on any changes, check back periodically.

14. Contact

  • 13.1 Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@transferwise.com. You can also use the address provided in item 1 above.
  • 14.2 If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can contact ANPD or other public body with responsibility for enforcing privacy laws, if ANPD is no longer available.

Back to top