1. Who we are?
UAE Exchange UK Limited and its affiliates (collectively referred to as “we”, “us”, “our” or UAEX) are strongly committed towards protecting the Personal Data of its customers, including potential and former customers, (hereinafter referred to as "Customer"). We have a long history of handling personal, including sensitive information, confidentially. We value the ongoing trust you have in us to protect your privacy.
Many visitors to our branches and web sites are anxious about the information they provide to us, and how we treat that information. This validates the need for this Privacy Statement to address those concerns. UAE Exchange is strongly committed towards protecting the Personal Data.
2. What is this document about?
Being transparent and providing accessible information to individuals about how UAEX will use their Personal Data is a key element of the UK’s Data Protection regulation and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice/statement.
A privacy statement is a legal document that discloses some or all of the ways a UAEX collects, uses, discloses, and manages Personal Data. It fulfils a legal requirement to protect individuals.
3. What Personal Data we collect?
3.1 What do we mean by personal data?
Personal Data means information that can be linked to a specific Customer, such as name, address, telephone number and e-mail address. We encourage our Customers to review our Privacy Statement, and become familiar with it, but they should know that we do not sell or rent their Personal Data to third parties.
We collect Personal Data from our Customers at our physical branches or through digital mechanisms, such as our website and our mobile applications.
3.2 Why we collect?
We collect Personal Data when our Customers ask us to provide them with a service. This Personal Data may include identities and contact information of senders and recipients of money transfers, credit card, banking or other billing information, birth dates and other personal identifiers, information used to verify Customer’s identity for security and fraud prevention purposes, identification number and amounts paid, transferred or otherwise processed.
Note: We collect Personal Data from our Customers at our stores or through online platforms, such as our website and our mobile applications. We don’t require you to register or provide any information to us in order to view our website or have access to its content.
3.3 What we collect at our stores?
We collect information about Customers’ transactions with us, including transaction history, such as frequency of use and amounts paid, transferred or otherwise processed.
In connection with identity verification, fraud prevention and similar security purposes, we collect and/or confirm identity-related information, financial background and similar information through third parties’ sources such as government agencies and consumer reporting agencies. The typical Personal Data UAEX collects from Customers is as follows, however in the absence of main ID documents UAE EXCHANGE can request alternatives to confirm identity:
- Full Name
- Age (DOB)
- Birth Place
- Telephone (including Mobile)
- Identification document (e.g. National ID, Driving License, Firearm License Card, Passport) Nationality
- Bank Statements
3.4 What additionally we collect when you use our online services?
At our websites, we collect both Personal Data and aggregate information that the Customers voluntarily provide either while on the website or in response to emails in relation to features provided on the website. We don’t require you to register or provide data to us in order to view our website or have access to its content.
Additionally, we may place a text file called a "cookie" in the browser files of the user’s computer to obtain aggregate information relates to such things as how many Customers visit the website, which pages they access, what information they download, the type of web browser and operating system Customers use, the name of the Internet Service Provider used and so on. When our Customers visit our website, we automatically collect this information, and combine it with similar information collected about all other visitors. By collecting this information, we learn how to best tailor our website to our visitors.
Anyone can visit our website without revealing their identity or any Personal Data. We track the internet address of the domains from which people visit us and analyse this data for trends and statistics, but the user remains anonymous.
For better management of our websites, we may collect the following information:
- IP Address (Maybe Domain Information)
- Host Information
- Information on type of SSL
- Host Location
- User activity tracking on UAE EXCHANGE website
The website users accept cookies by turning them on, when visiting the website for the first time. However, the user is not required to turn on cookies in order to have a functioning website. Only after accepting to turn on the cookies, Personal Data will be processed. A different option is that the user sets his browser to warn him/her with a message for each cookie, only the cookies that have been accepted will be processing Personal Data.
4. What are our legal grounds for processing your Personal Data?
Customers Personal Data will be processed only if and to the extent that at least one of the following applies:
Compliance with Legal Obligations
UAEX may process Customer’s Personal Data, when it is necessary for the compliance with a legal obligation, e.g. Anti-Money Laundering screening and reporting activities, to protect UAEX rights and to comply with court order or judicial proceedings.
Protection of Interest
UAEX may process Customer’s Personal Data, if it is necessary in order to protect Customer’s vital Interests e.g. emergency health care or another processing activity needed to protect someone’s life. This ground is particularly relevant when the Customer is incapable of giving consent for the processing. In case vital Interests can reasonably be protected in a less intrusive way, the processing activity cannot rely on Protection of Interest as a legal ground.
UAEX may process Customer’s Personal Data when there is a weighed and balanced legitimate interest where the processing is needed and such interest is not overridden by the rights of others, including the Customers. e.g., to provide the service required, internal documentation, provide direct marketing to Customers (only when they are UAEX active customers, potential customers should provide their consent for this purpose) and fraud prevention.
In certain scenarios, UAEX will process Personal Data from its Customers only after they have provided their consent for that specific purpose. For example, before sending direct marketing materials to individuals that are not active customers (i.e. potential customers) UAEX must obtain their consent.
UAEX will process Personal Data of its Customers to comply with its contractual obligations. For example: UAEX will transfer Personal Data from its Customers to third parties in order to provide the service required by the Customers, this in alignment with the terms and conditions of such service.
5. What do we do with your Personal data?
UAE Exchange generally uses Personal Data from its Customers for the purposes of providing them a service. This may include the following purposes:
- Authorising and processing Customer’s transactions, including effecting and administering money transfers and ensuring proper payment to the designated recipient of funds.
- Collecting amounts owing to us, and otherwise enforcing and collecting on Customer’s accounts or agreements with us.
- Monitoring and improving our website and its content.
- Sending information about our products and services to our Customers.
- Meeting legal, regulatory, self-regulatory, risk management, fraud prevention and security requirements, which may include (among other measures) verifying the identity of the sender and recipient of funds and checking identities against money laundering, terrorist financing or similar watch lists established by regulatory agencies or similar bodies. For identity verification purposes, senders and recipients of money transfers may be required to produce valid identification or consent to verification by other means before releasing funds.
- Maintaining business and transaction records for reasonable periods, and generally managing and administering our business.
- Meeting insurance, audit and processing requirements.
- Otherwise with the Customer’s consent or as permitted or required by law.
Automated Processing (Profiling)
UAEX will not carry out automated processing which is based on profiling, unless expressly authorized by law, carried out in the course of entering or performance of a contract.
UAEX may conduct automated processing of Customer’s Personal Data, such as: address, employment information, date of birth and transactions amounts with the sole purpose to comply with anti-money laundering regulations.
6. Whom do we share it with?
We may disclose Personal Data from our Customers to our affiliates and unaffiliated third parties in connection with the purposes described in this Privacy Statement as follows:
- To Provide Services. In order to process and complete requested money transfers and other transactions, we may disclose Personal Data to the recipient of a Money Transfer, to our agents or affiliates, and, if applicable, the recipient and any intermediary banks or other financial institutions or financial services companies involved in the transaction or our services. The purpose of data sharing is but not limited to:
- Group Affiliates – To perform requested transaction, recipient validation, security checks and processing
- Partner Banks – Transition processing, other checks as applicable (including Security checks)
- Physical Data Storage – Physical Personal Data in the form of hard copy document/s shall be stored at UAEX approved storage facilities and/or third-party vendors who will securely store Customer’s Personal Data without having access to it unless required by UAEX.
- Service Providers. UAE Exchange may transfer Personal Data to service providers (including affiliates, third parties of UAE Exchange acting in this capacity) that perform services on our behalf, for example, information technology and/or data hosting or processing services and for the purpose of ID verification. We take reasonable measures to ensure that Personal Data that may be processed by our service providers on our behalf is protected and not used or disclosed for purposes other than as directed by us, subject to legal requirements applicable to UAEX’s affiliates, agents and service providers, for example, lawful requirements to disclose personal information to government authorities in those countries.
- Business Transactions. Customers’ Personal Data may be used by UAE Exchange and disclosed to parties connected with the contemplated or actual financing, securitisation, insuring, sale, assignment or other disposal of all or part of our business or assets (including, for example, your account with us), for purposes related to the evaluation and performance of these transactions, including:
- Permitting such parties to evaluate and determine whether to proceed or continue with the transaction, and
- Fulfilling reporting, inspection or audit requirements or obligations to such parties.
- Successors and assigns of UAE Exchange and/or its business or assets may use and disclose your Personal Data for similar purposes as described in this Privacy Statement.
- Legal Requirements, Regulation - UAE Exchange may disclose your Personal Data as necessary to meet legal, regulatory, self-regulatory, audit, and security requirements, and as otherwise with your consent or as permitted or required by law. This may include lawful requirements to disclose Personal Data to government authorities, for example, disclosures in compliance with suspicious activity reporting requirements under anti-terrorism, anti-money laundering and similar laws and regulations.
7. Cross Border Personal Data Transfer?
Where your Personal Data is required to be shared with Data Processors based outside of the EU, the Data Processor will be required to comply with and safeguard your Personal Data under the terms of UK and GDPR regulations.
UAEX is committed to protecting the privacy and confidentiality of personal information when it is transferred. Where such transfers occur, we will ensure that your Personal Data will only be transferred to countries, whose data protection laws are considered adequate or where adequate safe guards are in place either through appropriate contractual arrangements or as required by law.
8. What are your rights?
Customers may withdraw their consent to process their Personal Data at any time, subject to contractual and legal restrictions and reasonable written notice. If Customers withdraw their consent to certain uses of your Personal Data, UAE EXCHANGE may no longer be able to provide certain services.
UAE EXCHANGE Customers have the following rights:
- Rectify, for example if the information is not accurate anymore
- Erasure, including the right to be forgotten
- Restriction of processing
- Data portability
- Right to object to processing, where possible we will stop processing your data if you object to processing based on legitimate interests, from direct marketing and for research and statistics e.g.(Profiling).
9. How can you reach us?
For a Customer Rights request, and if you have any questions or suggestions about our Privacy Statement, you can contact us at: firstname.lastname@example.org
Also, if our Customers believes UAEX is processing their Personal Data failing to comply with the applicable regulation, they have the right to submit a complaint to the relevant Data Protection Authority.
10. Member Communications and Email
We employ a strict policy against sending unsolicited email. Please note that opting not to receive email does not exempt the user from receiving administrative emails.
UAEX Customer Care department may contact Customers in response to their inquiries, to provide services at the Customer’s request and to manage their requirements.
Our websites and emails may contain links to various other websites. While we make every effort to ensure that our advertisers post clear and complete privacy statements and observe appropriate data protection practices, each of these websites has a privacy statement that may differ from that of ours. The privacy practices of other websites and companies are not covered by this policy.
11. How do we protect your Personal Data?
We follow generally accepted industry standards to protect the Personal Data processed by us, since it is collected, transmitted used and finally disposed. No method of transmission over the internet, or method of electronic storage, is 100% secure, therefore while we strive to use commercially acceptable means to protect the user’s Personal Data, we cannot guarantee its absolute security.
We reserve the right to disclose the user’s Personal Data as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our website.
11.1 How long we store your data?
UAE EXCHANGE will keep the Personal Data collected and processed from its Customers as long as it is needed to fulfil the purposes established in this Privacy Statement. Once the Personal Data is not needed to provide the service required or for direct marketing purposes, UAEX will keep it with the only purpose to comply with UK regulations, that period may be up to 5 years.
12. Changes to this Privacy Statement
Please note that we review our Privacy Statement from time to time, and we may make periodic changes to it in connection with that review. Therefore, the user may wish to bookmark this page and/or periodically review this page to make sure the user has the latest version.