TransferWise Europe SA/NV Privacy Policy

Dated: 28 March 2019

This policy explains what you can expect from us and what we need from you in relation to your personal data. Please read this carefully as this policy is legally binding when you use our Services. Check the Customer Agreement for the meaning of defined words (those with capital letters).

For the purpose of the relevant data protection regulations, TransferWise Europe SA are the “data controller” of your information. We are located on 17 Avenue Marnix, 1000, Brussels. Our registration number with the Belgian Crossroads Bank for Enterprises is 713.629.988. If you have any questions about how we protect or use your data, please email our Data Protection Officer, Mr Shan Lee, at privacy@transferwise.com.

1. How do we protect your personal information

1.1 We are serious about guarding the security of your personal information and use a secure server to store your personal information. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Transport Layer Security technology.

1.2 As you will know, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during transmission, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

1.3 We restrict access of your personal information to those employees of TransferWise who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.

1.4 We are compliant with all applicable laws and regulations applicable to the processing of data, including the EU Regulation 2016/679 (the “GDPR”) and the Belgian Law of 30 July 2018 on the protection of natural persons with regards to the processing of personal data (the “Belgian Data Protection Law”).

2. Information we may collect from you

We may collect and use the following data about you:

2.1 Information you give us.

(a) You may give us information about you when you sign up to use our service, e.g. when you provide us with your personal details, such as your name and email address. This also includes information you provide through your continued use of our Services, participate in discussion boards or other social media functions on our Website or App, enter a competition, promotion or survey, and when you report a problem with our Services. The information you give us may include your name, address, e-mail address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security number, personal description and photograph.

(b) We may also need additional commercial and/or identification information from your e.g. if you send or receive certain high-value or high-volume transactions or as needed to comply with our anti-money laundering obligations under applicable law.

(c) In providing the personal data of any individual (other than yourself) to us during your use of our Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.

2.2 Information we collect about you. With regard to your use of our Services we may automatically collect the following information:

(a) details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;

(b) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

(c) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our Customer Support number.

2.3 Information we receive from other public or private sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them.

For example:

  • the banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
  • business partners may provide us with your name and address, as well as financial information, such as card payment information;
  • advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website;
  • credit reference agencies do not provide us with any personal information about yourself, but may be used to corroborate the information you have provided to us.

2.4 Information from social media networks. If you log in to our Services using your social media account (for example, Facebook or Google) we will receive relevant information that is necessary to enable our Services and authenticate you. The social media network will provide us with access to certain information that you have provided to them, including your name, profile image and e-mail address. We use such information, together with any other information you directly provide to us when registering or using our Services, to create your account and to communicate with you about the information, products and services that you request from us. You may also be able to specifically request that we have access to the contacts in your social media account so that you can send a referral link to your family and friends. We will use, disclose and store all of this information in accordance with this privacy policy.

3. Cookies

3.1 Our Services use cookies to distinguish you from other users. This helps us to provide you with a good experience and also allows us to improve our Services. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

4. Purposes of the data processing and legal basis

We process your personal data for the following purposes:

  • (a) to carry out our obligations relating to your contract with us and to take steps at your request prior to entering into such contract (art. 6, 1, b) of the GDPR);
  • (b) to comply with any applicable legal and/or regulatory requirements (art. 6, 1, c) of the GDPR);
  • (c) to pursue our legitimate interests provided that these legitimate interests are not overridden by your interests or fundamental rights and freedoms (art. 6, 1, f) of the GDPR).
    Our legitimate interests include:
    • keeping our Services safe and secure;
    • constantly improving our Services and to ensure that they are presented in the most effective manner;
    • measuring or understanding the effectiveness of advertising we serve and delivering relevant advertising to you;
    • providing you with information about other similar goods and services we offer;
    • providing you, or permitting selected third parties to provide you, with information about goods or services we feel may interest you;
  • (d) to perform a task carried out in the public interest (such as the prevention of money laundering and terrorism financing) (art. 6, 1, e) of the GDPR)

5. Disclosure of your information

5.1 We may share your information with selected third parties including:

  • (a) affiliates, business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with them or you;
  • (b) advertisers and advertising networks solely to select and serve relevant adverts to you and others; and
  • (c) analytics and search engine providers that assist us in the improvement and optimisation of our site; and
  • (d) our group entities or subsidiaries - which can be found by clicking here

5.2 We may disclose your personal information to third parties:

  • (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • (b) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Customer Agreement and other applicable agreements; or to protect the rights, property, or safety of TransferWise, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • (c) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
  • (d) to prevent and detect fraud or crime;
  • (e) in response to a subpoena, warrant, court order, or as otherwise required by law;
  • (f) to assess financial and insurance risks;
  • (g) to recover debt or in relation to your insolvency; and
  • (h) to develop customer relationships, services and systems.

5.3 If you are a Belgian resident holding a balance with us (Borderless Account), we have to disclose the following data to the Central Point of Contact of the National Bank of Belgium (“CPC”) by 31 March of each year:

  • Your identification data including your national register number (For undertakings, the Crossroads Bank for Enterprises entry number) or, in the absence thereof, the surname, official first name, date and place of birth;
  • the end date of the calendar year to which the disclosed data relates (i.e. the calendar year prior to the one in which it was disclosed to the CPC);
  • a list of the accounts you hold at any time during the calendar year referred to above;

This data is recorded by the CPC and kept for a period of 8 years. You have the right to consult the data held on your name by the CPC at the National Bank of Belgium (Boulevard de Berlaimont 14, 1000 Brussels). You have the right to ask, via us, for any inaccurate data held in your name by the CPC to be corrected or deleted. The data disclosed to the CPC may be accessed by the tax authorities, either to determine your taxable income, or to ascertain your financial position to ensure payment of taxes and withholding taxes owed on principal and additional amounts, any tax increases and administrative fines, interest and costs.

5.4 We do not have a published list of all of the third parties with whom we share your data with, as this would be heavily dependent on your specific use of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to You, you can request this by writing to privacy@transferwise.com.

5.5 We make our best efforts to transfer your personal data only to third parties which share our concern for privacy and apply high standards in this respect.

6. Where we store your personal data

6.1 The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your payment order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.  We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

7. Sharing your data outside of the EEA

7.1 In order to provide our Services to you, it is sometimes necessary for us to transfer your data to the third parties outlined in section 5.1 that are based in countries located outside of the European Economic Area which are not subject to an adequacy decision by the European Commission. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organisational security measures to protect your data. We also ensure a level of data protection at least equivalent to the one prevailing in the European Union by having appropriate contractual protections in place with these third parties.

8. Profiling and Automated Decision Making

8.1 We may use some instances of your data in order to customise our Services and the information we provide to you, and to address your needs - such as your country of address and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we only use pseudonymised data where ever possible. This activity has no legal effect on you.

8.2 As part of being a highly technical and innovative company, we may use Automated Decision Making (ADM) in order to improve your experience, or to help fight financial crime. For example, so that we can provide you with a fast and efficient service, we may use ADM to verify your identity documents, or to confirm the accuracy of the information you have provided to us. We can perform a manual double check on your demand.

9. Data Retention

9.1 As a regulated financial institution, TransferWise is required by law to store some of your personal and transactional data beyond the closure of your account with us. Your data is only accessed internally on a need to know basis, and it will only be accessed or processed if absolutely necessary.

9.2 We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate.

9.3 Retention periods defined for the storage of your data can be found by clicking here.

10. Your rights

10.1 You have the right to ask us not to contact you for marketing purposes by contacting us at privacy@transferwise.com, or by adjusting your notification preferences in the “Settings” section of your account page.

10.2 You have the right to correct any personal information We hold on you that is inaccurate, incorrect, or out of date.

10.3 You have the right to ask us to delete your data when it is no longer necessary, or no longer subject to a legal obligation to which TransferWise is subject to.

10.4 You have the right to transfer your personal data between data controllers, for example, to move your account details from one online platform to another.

10.5 Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.

11. Access to information

11.1 Subject to applicable laws, you may have the right to access information we held about you. Your right of access can be exercised in accordance with the relevant data protection legislation.

12. Changes to our privacy policy

12.1 Any changes we may make to our privacy policy will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

13. Contact

13.1 Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@transferwise.com.

13.2  If you feel that we have not addressed your questions or concerns adequately, you may make a complaint with the Belgian Data Protection Authority. For more information, please follow this link.