Travelex Privacy Statement
Your privacy and your rights are important to us. This privacy notice explains what information we collect about you and how we use it. By ‘we’ or ‘us’ or ‘our’ we mean Travelex Foreign Coin Services Limited and its subsidiaries, Worldwide House, Thorpe Wood, Peterborough, PE3 6SB.
If you subscribe to, or have purchased, Travelex products and services (instore, online or via ATMs), you visit our websites or you download and use our mobile apps or services we provide within mobile device wallets or other third party applications, this Privacy Notice will apply.
- Travelex recognises the importance of safeguarding the personal information (“information”) of its customers using the Travelex Services. This Privacy Notice (the “Notice”) sets out the basis on which any of your information will be collected, stored and used by us, and reflects Travelex's commitment to maintain the confidentiality and security of your information, and to provide its customers with the best possible service.
- This Website is provided by Travelex Foreign Coin Services Limited and describes how your information is used by a member of the Travelex Group Companies (“Travelex”, “we”, “us”, “our”) when:
- you use this website (the “Website”), any of our mobile software applications (Apps) or platforms (together the “Sites”);
- you use services we provide within mobile device wallets or third-party applications;
- you obtain services from our bureaux de change stores, by either using our online Click and Collect service or by walking in to one of our stores;
- you use our self-service kiosks or our smart-ATMs;
- you call the customer services telephone lines or when you interact with us using other channels including by email, live chat, SMS or social media platforms;
- you purchase or use Travelex branded products, or products we provide under the branding of our partners. These services and products are collectively referred to in this Notice as “Travelex Services”. Dependant on how the services are provided to you, the partner’s Privacy Notice may also apply.
2. What Information we collect
- Travelex collects, stores, processes and discloses (collectively "uses") your information in a manner consistent with the General Data Protection Regulation 2016/679 (as may in future be amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (UK GDPR), that governs in the United Kingdom, as well as the Data Protection Act 2018
- We collect and process your information in the following ways:
Information you give us
- You give us information about yourself when you purchase or use Travelex Services, or communicate with us (whether in writing, by phone, via social media or by any other means), or enter into any of our competitions, promotions or surveys. Where we request information from you, we will collect your information in the relevant forms or pages we use, including when you set up an account with us or when you register for loyalty schemes offered by us. You can choose to provide additional information to us when you contact us or otherwise interact with us.
- If you subscribe to receive our newsletters, then you will provide us with your name, email address and information indicating how you heard about us. You can also provide us with information on your marketing preferences.
- The registration details that you provide when you register a particular product sometimes include a unique ID for that product, your date of birth, the answer to a security question, your email address and marketing preferences. If you register your product, you will also have a unique password which enables you to access your account.
- If you purchase any Travelex Services, we will collect information from you that will enable us to complete your transaction. Such information can include your name, date of birth, home address, billing address, office address, e-mail address, the form(s) of identification you provide (e.g. passport or driving licence) and the information contained within those forms of identification, mobile telephone number, landline telephone number, credit or debit card information, other payment details, such as your bank account information, as required by us in order to complete your transaction and provide your payment choices and travel details (including future travel dates and destinations). If you do not provide the information we require to process a transaction, we may not proceed with your order.
Information we collect automatically
- Travelex also collects certain information about you by automated means, such as cookies and web beacons, whenever you visit our Sites or when you use the Travelex Services and how you use them. More information can be found in our Cookie Statement.
- When you download our mobile app or access our services from a mobile device we may collect personal information from you such as, your name, email address, user name, password, mobile device information and system (for example android or IOS), and your geo-location. Dependant on your marketing and cookies preferences and your geo-location settings, we may present and display to you in the app targeted marketing and advertising messages, or information about how you use the app in order to improve app performance and our digital online services.
- We use the information we collect automatically:
- to administer our Sites for internal operations including troubleshooting purposes;
- to ensure that content from our Sites is presented in the most effective manner for you and your devices;
- as part of our effort to keep our Sites safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our Sites about goods or services that may interest you or them.
- to establish communication that allows you to give feedback and/or reviews on Travelex services.
- When we collect CCTV images of you from equipment in place when you visit our premises such as at our bureaux de change stores and ATMs, we will do so for the prevention and detection of crime and public safety.
Information we receive from third parties
- We also receive information from third parties (including publicly available information). This information includes:
- Non-personal information used to supplement existing information, such as demographics and affluence metrics (e.g. social-demographic groupings through matching postcode information).
- Information about you from other members of the Travelex Group Companies, and other sources with whom Travelex work closely to provide the Travelex Services to you (including Travelex partners, third party payment and delivery service providers, advertising networks, analytics providers, identity verification services, credit reference agencies, fraud prevention services and social media platforms).
3. How we use the information we collect
The information we hold on you will be used in a number of ways. This is generally to provide you with the services that you request from us, to keep you informed and to improve your customer experience and the quality of the Travelex Services. In some instances we use this information to send you marketing communications we think are relevant to you, but we only do this where it is lawful to do so, or you have given your consent to receiving this information.
You have the right to object to us sending you such information at any time. We will collect, process and retain your data for the purpose of us providing to you payment services, but this does not affect your data protection rights.
We use your information for the following purposes:
To provide a requested service or carry out a contract with you
- collecting payment, processing and fulfilling your order and otherwise providing you with the information and Travelex Services you request from us;
- providing you with any alerts, in-app messages or other messages, and newsletters that you have registered to receive;
- when we partner with other organisations to provide a particular Travelex Service (these partners will be identified to you at the time of the provision of the relevant Travelex Service e.g. when you visit the partner website or bureaux de change);
- providing you with service messages, including messages notifying you about changes to Travelex Services or changes to our terms, conditions and policies;
- enforcing any contract entered into between you and us for the provision of Travelex Services.
Where we have your consent
- contacting you (including by email, social media, mobile app notifications or SMS) with marketing messages according to your marketing preferences.
- contacting you via email with short surveys, according to your survey preferences;
- when you are using a mobile device (such as mobile phone, tablet or wearable device), we may use your precise geo-location to provide you with location-based services and provide you with targeted advertisements. You can control your geo-location settings within the app settings or your mobile device settings;
- enabling us and third-party websites to display relevant and targeted advertisements, based on previous behaviour, purchases, or any other relevant information;
- sending you an e-receipt if you confirm you would like one;
- where you have consented, collecting your marketing preferences and sharing these with a Travelex Partner.
Where we have a legitimate interest
- improving customer experience and our quality of Travelex Services. This can also include tracking emails to know when they are opened and read and the type of device they emails are accessed from. Travelex or a third-party partner of Travelex may also send a concurring email alongside any confirmation of purchase that aims to gather feedback and/or reviews on Travelex products and services.
- data analysis and research to allow us to derive insight and to help make the Travelex Services personalised and relevant, as well as to develop our business processes and Travelex Services. In doing so, we will anonymise your data so that we may continue to use it for analysis and research after the period that it has been used for processing our services to you. Where data is anonymised, we ensure that it cannot be used (singularly or with other data) to re-identify you;
- sharing any loyalty card number you have provided to us, with the providers of the loyalty scheme, in order for you to receive points, where you have already consented to this with the loyalty scheme provider;
- Travelex carries out direct marketing from business to business (B2B) which means, if you engage with us in your professional capacity (for example: if you represent a company with whom Travelex have an existing or prospective business relationship) we may keep you up to date with services we offer/provide. B2B customers will have the right to opt out of receiving marketing communications at any time. To see how you can exercise your right to opt out, see section 5 below.
Note that where we rely on legitimate interests for processing your information, we carry out a ‘balancing test’ to ensure that our interests are not outweighed by your fundamental rights of privacy. More information on such balancing tests is available from Travelex on request.
Where we have a legal obligation
- complying with our legal and regulatory obligations (including fraud prevention, anti-money laundering and sanction screening). This includes checking the information you provide to us against information from Nice Actimize, Experian and Norkom.
4. Profiling and automated decision making
- We may use some of your data to personalise or administer Travelex Services, the information we provide to you, and to fulfil our obligations to you. Information includes your country of residence and transaction history. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we use pseudonymised data wherever possible. This activity has no legal effect on you.
- We use automated tools to verify your identity and to help prevent fraud or other illegal activities. We use these tools to make a manual decision to accept or decline a transaction. We do not use your data to make any automated decisions that affect your legal rights.
5. Information we share
We only share your information with Travelex Group Companies and with other companies in the limited circumstances set out below, for specific purposes. We do not sell your information.
Even where shared, we ensure your information will only be used for the purposes outlined in this notice:
- In the event that our business is acquired by a third party or we enter into any kind of merger or other acquisition type, your information where required would be shared with the relevant party.
Our partners include:
- Supermarket chains;
- Banks and building societies;
- Airports and airlines;
- Other retail businesses.
- We share some of your Personal Information with certain types of recipients who will process your Personal Information on our behalf, for example, cloud service providers, which would include Amazon Web Services, Inc., and payment gateways and services providers such as CyberSource Ltd. We also disclose your Personal Information to fraud prevention agencies such as ThetaRay Ltd in the provision of certain Travelex Services to you. These agencies keep a record of our enquiries and record, use and give out information we give them to make assessments and to help make decisions on you to prevent fraud and money laundering.
- We also share information about you to law enforcement authorities or other government officials, if we are required to do so by law or legal process, or when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity such as financial crime.
- We also share your information with a third party when we:
- have your prior consent to do so;
- are processing your information through a trusted business partner, who is acting on Travelex’s explicit instructions and in accordance with this Notice, confidentiality and levels of security;
Our business partners include:
- payment gateways and payment services providers
- international money transfer services providers
- identity verification providers and credit referencing agencies
- providers of fraud prevention, anti-corruption and anti-money-laundering checks
- cloud and online security services providers
- outsourced service providers to the Travelex Group
- providers of telecommunications, webchat and networking services
- marketing communications providers
- online advertisers and targeted advertising providers
- social media networks
- are using a third party to send targeted advertisements on our behalf, using an identifier such as an email address or site cookies. This will only be done with your express consent, in accordance with our Cookie Statement;
- have aggregated, non-personally identifiable information, which is to be used for segmentation, statistical modelling, general research or trend analysis;
- sell or buy any new business or assets, in which case we disclose your information to the prospective seller or buyer of such business assets;
- are purchased by a third party, in which case information held by us including your information will be transferred. We will notify you of this through the most appropriate means;
- need to comply with the obligations we have to our third party product issuers or third parties providing products or services on our behalf, so that they can process your order or otherwise provide the information, products or services you have requested (please note that these third party product issuers have their own privacy policies and accordingly we cannot accept any responsibility or liability for the handling of your information by such third parties in accordance with such policies);
6. How to opt in or opt out from direct marketing, third party marketing and surveys
We may use the information you give us on our Sites for direct marketing purposes to provide you with updates, newsletters, events, offers and promotions or other communications by email, that we think may interest you but, where required by law your prior consent will be obtained before sending direct marketing.
To continually improve Travelex products and services, Travelex or a third-party partner of Travelex may send you emails containing requests for feedback and/or reviews.
You have the right to opt in or opt out of direct marketing and surveys from us at any time by:
- Visiting our online Privacy Centres, where available on our Sites,
- By adjusting your notifications settings within our mobile app or the mobile device’s own settings,
- Clicking the ‘unsubscribe’ link in any email we have sent you,
- Or calling us on 0345 8727 627.
7. Third Party Marketing Cookies and Social Advertising
We encourage you to learn more about how companies use advertising on social media and how to adjust your marketing preferences by checking their privacy statements and opt out options.
8. Retention of your Information
We will keep your information only for as long as is for the purposes set out in this Privacy Notice and to fulfil our legal obligations. Where you are a customer this is usually at least for as long as you remain a customer, to be able meet our legal and contractual obligations to you, and if necessary, to resolve any disputes. We will not keep more information than we need.
- We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we retain some of your information after you cease to use Travelex Services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes or for Anti Money Laundering obligations.
- When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time (for example, our obligations under anti money laundering laws);
- statute of limitations under applicable law(s);
- (potential) disputes;
- guidelines issued by relevant data protection authorities; and
- our legitimate interests, where we need to consider retaining information to meet any other obligations.
Otherwise, we securely erase your information once this is no longer needed.
9. Links to Third Party and Travelex Group websites
Our Sites may contain links to and from the websites of our group companies, selected partner networks, advertisers and affiliates, including websites which are outside of our control and are not covered by this Notice.
If you access other sites using the links provided, the operators of these sites collect information from you which will be used by them in accordance with their privacy notice, which differ from ours. Please note that these other sites have their own privacy policies and accordingly we cannot accept any responsibility or liability for such policies.
On some pages of our Sites, third parties that provide content, applications, services (such as a webchat service enabling you to speak to an adviser about the Travelex Services) or plug-ins through our Sites track your use of content, applications and plug-ins or customize content, applications and plug-ins. For example, when you share an article using a social media button on our Sites (e.g. Facebook, Twitter, LinkedIn, or Google Plus), the social network that has created the button will record that you have done this, or when you speak to an advisor about the Travelex Services, they will provide you with advice over the Facebook chat facility, and Facebook has access to your information. You should check the Privacy Notice of third party websites to find out how they manage cookies and process your information.
We take all reasonable steps to ensure that all information collected through our Sites is treated securely and in accordance with this Notice. We do this by applying appropriate technical and organisational measures that meet all of the standards of our regulatory obligations, including regular review measures.
We have a number of security measures in place to protect your information you provide to us through our Sites against unauthorized disclosure, use, alteration, or destruction. However, when transmitting information over the internet, please bear in mind that no transmission over the internet can ever be guaranteed secure. Therefore, while we endeavour to protect your information, please note that we cannot guarantee the security of any information that you transfer over the internet to us.
As part of using our Sites you are sometimes asked to set-up a user name and password. You are responsible for maintaining the confidentiality of your user name and password and are responsible for all activities that are carried out when logged using your name and password. You are responsible for ensuring the security of the passwords that you set.
11. Mobile Payments
When you pay with Apple Pay, Google Pay or other mobile payment services, information that you enter on your device is encrypted and sent to the providers’ servers. If you use the camera to enter the card information, the information is never saved on your device or in your photo library.
Once received, the provider decrypts the data, determines your card’s payment network and re-encrypts the data with a key that only your payment network (or any providers authorised by your card issuer) can unlock.
Travelex does not automatically receive your card information when you use mobile payments, but it may receive details of card type (e.g. Mastercard, Visa) and the last 4 digits of your card number in order to complete to your transaction.
12. International Transfers
In providing the Travelex Services to you we sometimes transfer your information to other countries outside of the EU and the EEA. Where this has a particular impact is if we have to send your Personal Information to a country/region which is not subject to an adequacy decision. The European Commission grants adequacy decisions, we will use appropriate safeguards to transfer your Personal Information. If a country/ region has no adequacy decisions, such as the United States of America, in accordance with our standards, policies, regulatory and legal obligations, we will use appropriate safeguards to transfer your Personal Information to that country which includes using the EU’s Standard Contractual Clauses, Binding Corporate Rules, approved codes of conducts or certifications.
The internet is a global environment, so using the internet to collect and process your information necessarily involves transmitting data internationally. Therefore, by browsing our Sites and communicating electronically with us, you acknowledge our processing of your information in this way. However, we will take all reasonable steps to ensure that all information collected through our Sites is treated securely and in accordance with this Notice and strict data protection standards.
In providing our services to you, such as fulfilling orders and taking payments, we may transfer the data we collect from you and about you to destinations outside of the UK, within the Travelex group of companies, with our third-party processors, or with our partners. This is because the information is processed in those other locations. Where we do so, we ensure that security measures and appropriate safeguards are put in place to protect your information and ensure that all transfers of your information comply with applicable data protection law. We also ensure that processing is only ever carried out in accordance with our instructions.
In all cases where we transfer information across borders, we rely on acceptable and defined legal mechanisms to ensure that we protect data at all times. For transfers between Travelex group companies, we have in place an intra group transfer agreement. Or we may use new standards as these are developed by the appropriate regulatory authorities
13. Your rights
By law, you have a number of rights (subject to certain conditions) when it comes to your information. These include the right to ask us what information we hold about you, and to request us to modify any incorrect details, add missing information, or to delete the information we hold. You also have the right to object to us processing your data or ask us to restrict processing your information. If you want to use the information that we hold about you for services with others, you can ask us to provide your data in a commonly used electronic format. You can exercise any of these rights by contacting us using the contact details and form referred to in Section 16.
You can obtain further information about your rights, or make a complaint to your data protection authority with regards to how we use your information, and Section 16 provides contact details should you need them.
- The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing.
- The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Notice.
- The right of access. You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your information in accordance with data protection law. You can do this by writing to us using the contact details in Section 16.
- The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by writing to us using the contact details in Section 16.
- The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold by writing to us using the contact details in Section 16.
- The right to restrict processing. You have rights to ‘block’ or supress further use of your information. When processing is restricted, we can still store your information, but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
- The right to data portability. You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. This is not a general right however and there are exceptions.
- The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.
- The right to withdraw consent. If you have given your consent to anything we do with your information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your information at any time by contacting us using the contact details in Section 16.
14. Children's Privacy
We collect information on children under the age of 16 for the purpose of providing foreign currency when they use Travelex Services. This only applies where an accompanied minor walks in to one of our stores and carries out a transaction over-the-counter. We only collect this information with the prior consent of the responsible parent or guardian that accompanies them.
We do not knowingly collect or solicit any additional information from children under the age of 16. If you are under the age of 16, you should not register or provide information on the Travelex Applications. If we later obtain actual knowledge that a user is under 16 years of age, we will take steps to remove that user’s information from our systems. If you believe that we might have any information from or about a child under 16, please notify us using the contact details at section 16.
15. Changes to Our Notice
This notice was last updated in December 2023. It will be updated from time to time to take into account changes to the Travelex Services or, for example, to reflect changes to applicable regulations.
Any changes we make to our notice will be posted on our Website. Please do check our notice to take notice of any changes made. By providing us with your information, using the online services and/or any service or product offered via the online services, providing us with information in-store at one of our bureaux or over the phone, use one of our ATMs or by placing orders after we have changed the terms of our notice, you will be deemed to have accepted these changes. We will advise you of significant changes to this Notice where we have your contact details.
You can obtain further information about your rights, or make a complaint to your data protection authority with regards to how we use your information, and this section provides contact details should you need them.
Questions, comments and requests regarding this Notice are welcomed and should be addressed to email@example.com or Customer Services Department, Worldwide House, Thorpe Wood, Peterborough PE3 6SB.
Our Data Protection Officer can be contacted at firstname.lastname@example.org.
HOW TO CONTACT YOUR LOCAL SUPERVISORY AUTHORITY
Details of the UK supervisory authority: The Information Commissioner's Office. You can contact them in the following ways:
Phone: 0303 123 1113
Post: Information Commissioner's Office