Privacy Policy

Last updated: 1 February 2026

1. Introduction

CurrencyGram Ltd ("CurrencyGram", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our services.

CurrencyGram Ltd is the data controller for your personal data. We are registered with the Information Commissioner's Office (ICO) under registration number ZA123456.

2. Information We Collect

2.1 Information You Provide

• Identity data: Full name, date of birth, nationality, and a photo of your ID document
• Contact data: Email address, phone number, and residential address
• Financial data: Bank account details, transaction history, income information
• Account data: Username, password, account preferences, and settings
• Communications: Messages you send us through customer support or feedback

2.2 Information Collected Automatically

• Device data: Device type, operating system, unique device identifiers
• Usage data: How you interact with our app and website, features used, pages visited
• Location data: Approximate location based on IP address (precise location only with your consent)
• Transaction data: Details of payments, transfers, and other account activity

3. How We Use Your Information

We use your personal data for the following purposes:

• Providing services: Opening and managing your account, processing transactions, issuing cards
• Regulatory compliance: Identity verification (KYC), anti-money laundering (AML) checks, fraud prevention
• Security: Protecting your account from unauthorised access and fraudulent activity
• Communication: Sending service updates, security alerts, and transaction notifications
• Improvement: Analysing usage patterns to improve our products and services
• Marketing: Sending promotional communications (only with your explicit consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to fulfil our contract with you (providing banking services)
• Legal obligation: Processing required to comply with FCA regulations, anti-money laundering laws, and tax reporting
• Legitimate interests: Processing for fraud prevention, security, and service improvement
• Consent: Processing for marketing communications and optional features

5. Data Sharing

We may share your personal data with:

• Payment networks: Mastercard and banking partners to process your transactions
• Regulatory bodies: FCA, HMRC, and law enforcement when required by law
• Identity verification providers: To verify your identity when you open an account
• Cloud service providers: For secure data storage and processing (data remains in the UK/EEA)
• Professional advisers: Auditors, legal advisers, and consultants as necessary

We never sell your personal data to third parties. We never share your data with third parties for their marketing purposes without your explicit consent.

6. Data Retention

We retain your personal data for as long as your account is active, plus:

• Transaction records: 7 years after your account is closed (legal requirement)
• Identity documents: 5 years after your account is closed
• Customer support records: 3 years after your last interaction
• Marketing preferences: Until you withdraw consent

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data (subject to legal requirements)
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw marketing consent at any time

To exercise any of these rights, contact us at [email protected] or through the app's privacy settings.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Strict access controls and employee training
• ISO 27001 certified data centres

9. Cookies

Our website uses cookies and similar technologies to improve your experience, analyse usage, and provide personalised content. You can manage your cookie preferences through your browser settings. For full details, see our Cookie Policy.

10. International Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area. Where we need to transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO.

11. Children's Privacy

CurrencyGram services are not directed at children under 16 (or 18 for standard accounts). We do not knowingly collect personal data from children under these ages. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email and/or in-app notification at least 30 days before the changes take effect. The "last updated" date at the top indicates the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact our Data Protection Officer:

• Email: [email protected]
• Post: Data Protection Officer, CurrencyGram Ltd, 25 Finsbury Square, London, EC2A 1DS
• Phone: +44 (0) 20 7946 0958

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we handle your data.