PRIVACY POLICY

Please take the time to read the following information carefully so that you fully understand our views and practices regarding your personal information and how we will use it. If you do not agree to the matters set out in this policy, please do not access or use our Services. You must be over 18 years old to use our Services. We also recommend that you download and store this document in a safe place.

By using our website (our Site); our mobile application (our App) or any of our other products and services (collectively, our Services), you accept the practices described in this privacy policy (this Policy).

1. ABOUT THIS POLICY

This Policy, together with our User Agreement (and any additional terms of use mentioned in our User Agreement) applies to your use of our Services, where such Services are made available or accessible via our Site, our App and once you have downloaded or streamed a copy of our App on your mobile or handheld device (your Device).

This Policy was last updated on 24 May 2018. It applies to users of our Services resident in the European Economic Area.

Where we use other capitalised words and phrases in this Policy (such as Agreement, Profile and Transaction), these have the same meaning as given to them in our User Agreement, unless we have defined them differently in this Policy.

1. About this Policy
2. Who are we?
3. Who is our Data Protection Officer?
4. Changes to this Policy
5. Visitors to our Site (excluding subscribers to our Service)
6. Subscribing to our Services
7. Users of our LiveChat Service
8. Children
9. Transferring Personal Information outside the EEA.
10. Your Rights
11. How we protect your Personal Information
12. Direct Marketing
13. Links to Third Party Websites and Third Party Services

2. WHO ARE WE?

Any personal information provided to or gathered by our Services is controlled by Remitly UK Ltd that trades from Welby House, 96 Wilton Road, London SW1V 1DW who is the data controller (Remitly, we, us or our).

3. WHO IS OUR DATA PROTECTION OFFICER?

We have appointed a data protection officer (DPO) for you to contact if you have any questions regarding this Policy or believe we have breached the Data Protection Act 2018 and/or the General Data Protection Regulation ((EU) 2016/679) (DP Laws). Our DPO’s contact details are: Mr. Mark Doggett, Welby House, 96 Wilton Road, London SW1V 1DW; privacy@remitly.com.

4. CHANGES TO THIS POLICY

We may amend this Policy at any time, and whenever we do so we will notify you by posting a revised version on our Site and App. Please review this Policy each time you make a Transaction as it may have been updated since you initially registered for our Services, or since your last Transaction.

If you do not agree with any of this Policy, or any change, you can end your Agreement with us and close your Profile by emailing us at service@remitly.com or otherwise calling us on + 44 (0) 800 0869 992.

5. VISITORS TO OUR SITE (EXCLUDING SUBSCRIBERS TO OUR SERVICES)

Personal information we collect: We collect cookies and related technology. Please see our Cookie Policy.

Using your personal information: Please see our Cookie Policy.

Sharing your personal information: We will share this information with:

• our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing, including to provide customer support and for troubleshooting, data analysis, testing, research, and statistical and survey purposes); and

• our website hosting supplier, to enable them to maintain and host our Services.

Retaining your personal information: This information is kept for the timeframes referred to in the Cookie Policy and will then be deleted automatically. However:

• if we are required by law to retain it for longer, we will retain it for the required period; and/or

• where the information is being used in connection with legal proceedings (including prospective legal proceedings) it will be retained for the duration of those legal (and any enforcement) proceedings.

6. SUBSCRIBING TO OUR SERVICES

Personal information we collect: When you subscribe to our Services:

• Creating a profile - you will need to provide your email address and a password Profile (we will not have access to, and will therefore not share, your password). Please note that you have to create a Profile to be able to carry out Transactions;

• Carrying out Transactions - you will need to provide the following additional personal information:

  • your name, address, date of birth, phone number, financial instrument details (either debit/credit card or bank account details); and

  • if requested by us, certain Government issued identification documentation including your passport, drivers licence and/or EEA identity cards, (as well as a picture of yourself with your identification documentation), together with documentation that proves your address; and

  • certain information about the person to whom you are sending money to (the recipient) so that we can facilitate funds transfers including the recipient's: first name and last name, address, phone number (optional), and the recipient’s financial institution details allowing them to collect the money transfer (this may be the recipient’s bank account details - if the recipient will receive the funds directly into their bank account; or a financial institution’s details - if a cash pick up option is available);

• Transactions that meet or exceed our sending tier limits (see the ‘sending limits’ tab in your Profile) you will need to also provide us with the following additional personal information: details of your last Transaction with us (amount and recipient’s details); the payment method you intend on using with our Services; your average send amount; how often you intend on using our Services; whether you intend to send to multiple recipients and from different locations; your relationship with the recipient and the reason for sending money; your occupation; your employer and evidence of how you will fund your Transaction (such as a bank statement or payslip).

• Entering a competition, promotion or survey - you will need to provide your name and email address (unless a survey is being run on an anonymous basis).

• Importing contacts - we may give you the ability to import contacts* from your Gmail, Yahoo Mail or other email providers as well as allowing you to manually enter them to invite them to become members of our Services (we do not collect the username and password for the email account you wish to import your contacts from as you provide it directly to that email service provider and after your approval they send us your email contacts).

• Using our referral service via e-mail to tell a friend* about our Services, you will need to provide your friend's name and email address.

* Before providing us access to any other person’s details, you must obtain their prior consent to you sharing their personal information with us and we will let them know that you have supplied their details to us.

Where you have:

• imported your contacts, at your instruction, we will send an email invite and at most one reminder email inviting him or her to visit our Site. We store this information for the sole purpose of sending this email; and/or

• referred a friend to us, we will automatically send your friend an email and at most one reminder email inviting him or her to visit our Site. We store this information for the sole purpose of sending this email and tracking the success of your referral.

In both cases, your contact/friend may at any time REQUEST TO REMOVE this information from our database and we will honour such request. We will retain a copy of that email address on a “suppression list” in order to comply with their no-contact request. They are free to change their marketing choices at any time.

In addition, we will collect the following information:

• transaction logs which contain information about your Transaction (such information is also provided in the form of an email receipt which you will receive when you complete a Transaction), including a unique transaction reference number which links to each Transaction;

• information you give to us when you contact customer services (we will also automatically generate a customer ID for you when you sign up to our Services so that we can identify you in our CRM system);

• information we (lawfully) receive from third party sources such as identity verification services, electronic database services, credit reporting agencies, business partners, sub-contractors in technical, payment and delivery services, advertising networks, and market research service providers;

• the following technical information will be automatically collected when you use our Site or App:

  • the hardware and software you use when accessing our Services (which may include the type of Device you use), a unique device identifier (for example, your Device’s IMEI number, or the mobile number used by the Device), your IP address, mobile network information, your mobile operating system, the type of mobile browser you use, the pages you access on our Site, and other websites that you visit prior to accessing our Services;

  • GPS technology to determine your current location (some of our location enabled Services require your personal data for this to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose);

  • your usage of our Services, including how and to whom you use our Services to send or receive money; and

• cookies (please see our Cookie Policy).

Using your personal information: We will use this information as follows:

• primarily to comply with our legal obligations, specifically under European national laws implementing the: fourth Anti Money Laundering Directive (EU 2015/849) such as the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the second Payment Services Directive (EU 2015/2366) such as the UK Payment Services Regulation 2017, as well as the EU Wire Transfer Regulation (2015/847), UK Proceeds of Crime Act 2002, UK Terrorism Act 2000, various UK, EU and UN sanctions legislation and the various associated regulatory rules and guidance in relation to risk investigation, risk scoring, fraud, counter terrorist financing, anti-money laundering, consumer protection and complaint handling. We will use the above referenced information to comply with our legal obligations, with the exception of the details of the persons you refer to our service.

If you do not provide the information we have described in the above sections, you will not be able to make any Transactions;

• to perform a contract – including running competitions, promotions and surveys –specifically, your name and email address. If you do not provide this information you will not be able to participate in such competitions, promotions or surveys (unless a survey is being run on an anonymous basis);

• for our legitimate interests – specifically certain contact details, Transaction information and technical information so that we can:

  • seek customer feedback on, and help us to improve, our Services; and

  • market our Services to you, or conduct market research, provided your marketing and communication preferences in your Profile allow us to do this;

• for our legitimate interests - certain technical information about your Device so we can conduct business and marketing analytics;

• for our legitimate interests – when you have referred a friend to us or instructed us to contact an imported contact, we will use their name and email so that we can market our services to them (see as detailed above); and

• your consent - cookies – please see our Cookie Policy.

We will not contact your recipients except as instructed by you or as required to complete a Transaction and/or comply with our legal or regulatory obligations. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.

In connection with the activities above, we may conduct automated processing and/or profiling based on your interactions with our Service, your Profile information and other information you may provide to us from time to time, together with information obtained from third parties. In limited cases, automated processes may restrict or suspend access to our Services if such processes detect activity that we believe poses a safety or other risk to our Services, other users, or third parties.

For example: our automated processes may let us know that you are using our Services in a country where we are not allowed to do business. This is important because we do not want to break any laws when providing our Services.

Another example is that we may use your personal information to carry out identity checks. This is also important as it helps us confirm who you are and to help prevent others from imitating you.

Sharing your personal information:

• All of your information and all of your recipient’s information will be shared with:

• our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing, including (i) to process an application to register and use our Services (ii) to verify your identity (iii) to process your Transactions (iv) to track, improve and personalise our Services, content and advertising (v) to provide our other Services and related customer services and (vi) for troubleshooting, data analysis, testing, research, and statistical and survey purposes);

  • other companies within our group (namely Remitly, Inc, Remitly Global, Inc., Remitly Global Operations Inc. and Remitly Nicaragua S.A.) for the purposes of providing customer services and risk investigations;

  • our website hosting supplier to enable them to maintain and host our Services;

  • our outsourced customer service provider(s), to support our customer service functions;

  • various third parties who provide tools to enable our Service to operate (including email, instant messaging, document management and file-sharing);

• third parties in the event of the sale, acquisition or merger of some or all of our assets if your personal information is part of the transferred assets (we shall notify you in the event of such an occurrence, as well as any choices you may have regarding your personal information, by placing a notice on our Site and App).

• All of your information (except cookies) and your recipient’s information will be shared with the police, security forces, any law enforcement agencies, competent governmental intergovernmental or supranational officials and bodies, competent agencies, and regulatory bodies (including self-regulatory bodies or schemes) to ensure that we comply with our legal obligations in relation to complaint handling, consumer protection, payment services regulation, fraud, counter-terrorist financing and anti-money laundering.

• All of your information (except cookies) and your recipient’s information will be shared with:

  • external lawyers that we engage from time to time to help us protect the rights, property, or safety of Remitly, our clients, suppliers, contacts or others (including enforcing and defending this Policy); and/or

  • external auditors that we engage from time to time to audit us.

• All of your information (except your customer ID and certain technical information about your location) and all of your recipient’s information will be shared with a third party software provider that allows us to capture information about how you use our Services so that we can improve our Services and assist in any legal defence concerning your use of our Services.

• Your name, address, email address, date of birth, phone number and debit/credit card and bank account details, certain technical information about your device and location, your Transaction details and all of your recipient’s information will be shared with various fraud vendors that we engage from time to time to help us comply with our legal obligations in relation to risk scoring, fraud, counter-terrorist financing and anti-money laundering.

• Your name, address and date of birth, and your recipient’s name and address will be shared with various sanctions screeners that we engage from time to time to help us comply with our legal obligations in relation to risk scoring, fraud, sanctions compliance, counter - terrorist financing and anti-money laundering.

• Your name, address, email address, date of birth, phone number and debit/credit card and bank account details, certain technical information about your device and location, your Transaction details and all of your recipient’s information will be shared with various fraud vendors that we engage from time to time to help us comply with our legal obligations in relation to risk scoring, fraud, counter-terrorist financing and anti-money laundering.

• Your name, address, date of birth, phone number, Government issued identification documentation, and the picture of yourself with your identification documentation and your recipient’s date of birth will be shared with various third parties that we engage from time to time to provide support to us in relation to our legal obligations in relation to “know your customer” (such as background checks, identity verification services/databases, regulatory reporting, and ID documentation authentication, validation and conversion). In order to verify your identity, Remitly uses the services of Onfido. Onfido will check your identity documents are valid, and also confirm that your photo matches the photo on the documents. The results of the check will then be shared with Remitly. By continuing to use our Services, you consent to your photo and ID documents being shared with Onfido for this purpose, for Remitly to receive these services from Onfido as well as to allow Onfido to maintain, protect and improve its services. A copy of Onfido’s privacy policy can be found here.

• Your name, address, and debit/credit card and bank account details, the transaction reference, Transaction details will be shared with our payment processors, to process your Transactions.

• Your name, customer ID, certain technical information about your Device and location, the Transaction reference number and your recipient’s financial institution details are provided as standard to our distribution partners (such as your bank or credit card issuer and your recipient's bank), but some distribution partners may also request (and we would have to provide) your date of birth, address, phone number, debit/credit card and bank account details and Government issued identification documentation, as well as your recipient’s name, address and phone number.

• Your name, address, email address, date of birth (but only for us to send “happy birthday” messages), phone number and debit/credit card and bank account details, certain technical information about your Device and location, the Transaction reference will be shared with a third party provider that we engage from time to time to send email confirmations of your Transactions (which we are under a legal obligation to do) (if we do not send these ourselves).

• Your name and phone number, the Transaction reference, and your recipient’s name and phone number will be shared with a third party provider who we use to send confirmation of your Transactions (which we are under a legal obligation to do) via SMS.

• Your name, email address, address, phone number, date of birth and your debit/credit card and bank account details will be shared with a third party tracking provider, so that we can maintain and enhance our Service offering.

• Your customer ID will be shared with various third party software providers and tools to enable us to track engineering issues related to your use of our Services.

• Certain technical information about your Device ID will be shared with a third party provider who assist us with marketing analytics.

• Certain contact details, Transaction information and technical information will be shared with third party providers so that they can assist us from time to time with:

  • seeking customer feedback on, and help us to improve, our Services (including conducting surveys); and/or
  • marketing our Services to you or conducting market research.

• Your contact details will be shared with third party providers so that they can validate that those contact details are correct.

• Your email address and phone number (and in some instances also your name) will be shared with:

  • social media platforms who provide marketing services to us; and
  • third party contractors so that they can assist us from time to time with seeking customer feedback on, and help us to improve, our Services (including conducting surveys).

Retaining your personal information: We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider (amongst other things):

• obligations and/or retention periods imposed on us by applicable laws and/or our regulators

• the amount, nature, and sensitivity of the personal information

• the potential risk of harm from unauthorised use or disclosure of your personal information, and

• the purposes for which we process your personal information and whether we can achieve those purposes through other means.

Please note that by using our Services you expressly agree to us retaining your personal data (including data related to your Transactions and our collection and verification of your identity) for longer than 5 years following when end your legal relationship with us. This is to allow us to detect and prevent fraud and/or other illegitimate uses of our Service.

7. USERS OF OUR LIVECHAT SERVICE

We use a third-party provider, to supply and support our LiveChat service which we use to answer questions about our Services and assist you with our Site functionality.

Personal information we collect: If you use the LiveChat service we will collect: your name, email address (optional) and the contents of your LiveChat session.

Using your personal information: We will use this information to answer your questions.

Sharing your personal information: We will share this information with:

• our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing, including to provide customer support and for troubleshooting, data analysis, testing, research, and statistical and survey purposes); and

• our service provider to enable them to maintain and host our LiveChat service.

Retaining your personal information: We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider (amongst other things):

• obligations and/or retention periods imposed on us by applicable laws and/or our regulators

• the amount, nature, and sensitivity of the personal information

• the potential risk of harm from unauthorised use or disclosure of your personal information, and

• the purposes for which we process your personal data and whether we can achieve those purposes through other means.

If you have visited our Site, please also see Visitors to our Site above.

8. CHILDREN

We ask that persons under the age of 18 (which we treat as children and minors) refrain from using our Services or submitting any personal information to us. Persons under the age of 18 years are not eligible to use our Services and if we discover that someone under the age of 18 has registered a Profile with us, we will close it.

9. TRANSFERRING PERSONAL INFORMATION OUTSIDE THE EEA

We share your personal information within the Remitly Group and to the external third parties (the categories of which are referred to in this Policy). This may involve transferring your data outside the European Economic Area (EEA). Whenever we transfer your personal information out of the EEA, we will ensure a similar degree of protection is afforded to it. In some instances when we provide the Services to you, your personal information may be transferred to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission. In other instances, we will ensure at least one of the lawful safeguards are implemented, which may include:

• Where we transfer personal information within the Remitly Group and to certain external third parties, we may use specific contracts approved by the European Commission. which give personal information the same protection it has in Europe; or

• Where we use external third parties based in the US, we may transfer personal information to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal information shared between the Europe and the US.

10. YOUR RIGHTS

In relation to personal information we hold about you, you have the right to:

• get access your personal information and information about our processing of it

• ask us to correct the record of your personal information maintained by us if it is inaccurate or to complete incomplete personal information

• ask us, in limited certain instances, to erase your personal information or cease processing

• object to us processing your personal information for direct marketing purposes

• object to decisions based solely on automated processing, including profiling

• challenge us processing your personal information which has been justified on the basis of our legitimate interests

• ask us, in certain limited instances, to restrict processing personal information to merely storing

• ask us, in certain limited instances, to transfer your personal data to another online provider

• prevent processing that is likely to cause damage or distress to you and seek compensation from us for any damages caused to you by us breaching DP Laws

• be notified of a personal data breach which is likely to result in high risk to your rights and freedoms and

• complain to the ICO if you believe we have breached DP Laws (please contact the ICO via www.ico.gov.uk).

Your recipients also have these rights in relation to their personal information that we process.

If you (or your recipients) would like to exercise any of these rights, please contact privacy@remitly.com (we may ask you/your recipient to verify your/their identity - please cooperate with us in our efforts to verify your identity). Please note that we may need certain personal information to enable us to provide the Services and/or information you ask for, so changes you make to your preferences, or restrictions you ask us to make on how we use personal information, may affect what information we can provide.

Please also note that sometimes we may not be able to stop using your personal information when you ask us to (for example, where we need to use it because the law requires us to do so or we need to need to retain the information for regulatory purposes). In other cases, if we stop or restrict using your personal information we will not be able to provide our Services to you, such as carrying out money transfers. We will tell you if we are unable to comply with your request, or how your request may impact you, when you contact us.

11. HOW WE PROTECT YOUR PERSONAL INFORMATION

We employ industry accepted standards in protecting the information you submit to us via our Services. We have put in place SSL (Secure Socket Layer) encryption technology to protect your sensitive information such as bank account number, credit card number, date of birth and government identification number, transmitted through our Site and/or our App. We also require the use of security credentials (which may, for example, include a username and password) from each user who wants to access their information on our Site and/or our App.

Where we have given you (or you have chosen) security credentials (such as a password) that enable you to access certain parts of our Service, you are responsible for keeping these details confidential and secure. Moreover, if you allow access to our Services via using your fingerprint on your Device (for example, via Apple Touch ID), then you should not allow any other person to register their fingerprint on that Device as it may allow them access to our Services and you could be held responsible for their actions. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and any transmission of personal information is at your own risk. If you have any questions about security of our Services, you can contact us at service@remitly.com.

12. DIRECT MARKETING

You have the right to ask us not to process your personal information for marketing purposes. You can exercise this right simply at any time by carrying out ‘unsubscribe’ actions which are made available to you (such as clicking on the ‘unsubscribe’ link in each promotional email we send you). We will honour your choice and refrain from sending you such communications. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request. You are free to change your marketing choices at any time.

You may also control how we use some of your personal information as part of our Services (such as how we may communicate with you) by confirming your preferences in your Profile. Please note that not all communications can be switched off – for example, we may be required to send you email notices about our Services to comply with our legal obligations under the national laws and regulator guidance implementing the second Payment Services Directive (Directive (EU) 2015/ 2366).

13. LINKS TO THIRD PARTY WEBSITES AND THIRD PARTY SERVICES

Parts of our Service use Google Maps services, including the Google Maps API(s). Use of these features is subject to the Google Maps Additional Terms of Use and the Google Privacy Policy. By using this Site and the Service you also agree to the Google Terms (as amended from time to time).

Our Site and App includes links to other websites whose privacy practices may differ from those of Remitly. If you submit personal information to any of those websites, your information is governed by their privacy policies and we do not accept any responsibility or liability for these policies or for any personal information which may be collected and processed via those websites or services (such as contact and location data). We encourage you to carefully read the privacy policy of any website or software application you use or visit.

This Policy does not cover the practices of third parties that you may engage with when using the Services, such as your mobile network operator or other users of our Services. You should contact them about their privacy policy before providing them with any personal information.

Our Site and App includes social media features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our Site and our App. These features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our Site or App. Your interactions with these features are governed by the privacy policy of the company providing it. More information on using social media via our Services can be found in our Cookie Policy.