We have updated our Privacy Notice, in line with the new general data protection regulation (GDPR) which comes into force across the EU from 25th May 2018.
If you subscribe to or have purchased Travelex products and services (instore, online or via ATMs), you visit our websites or you download and use our mobile apps, this Privacy Notice forms a part of your contract with Travelex.
- If you subscribe to or have purchased Travelex products and services, this Privacy Notice forms a part of your contract with Travelex.
- Travelex recognises the importance of safeguarding the personal information (“information”) of its customers using the Travelex Services. This Privacy Notice (the “Notice”) sets out the basis on which any of your information will be collected, stored and used by us, and reflects Travelex's commitment to maintain the confidentiality and security of your information, and to provide its customers with the best possible service.
- This Website is provided by Travelex UK Limited and describes how your information is used by a member of the Travelex Group Companies (“Travelex”, “we”, “us”, “our”) when:
- you use this website (the “Website”), any of our mobile software applications (Apps) or platforms (together the “Sites”);
- you obtain services from our bureaux de change stores, by either using our online Click and Collect service or by walking in to one of our stores;
- you use our self-service kiosks or our smart-ATMs;
- you call the customer services telephone lines or when you interact with us using other channels including by email, live chat, SMS or social media platforms;
- you purchase or use Travelex branded products, or products we provide under the branding of our partners. These services and products are collectively referred to in this Notice as “Travelex Services”. Dependant on how the services are provided to you, the partner’s Privacy Notice may also apply.
- Travelex collects, stores, processes and discloses (collectively "uses") your information in a manner consistent with the General Data Protection Regulation 2016/679 (GDPR) that governs the EU, as well as the local laws of the countries in which it does business.
- If you have any requests concerning your information please refer to Section 11, or if you have any queries with regard to our practices please contact us using the contact details in Section 14.
- What Information we Collect
We collect your information when you interact with us for the provision of Travelex Services or through interaction with our Sites or promotions. The information we collect is either information you give to us, information we collect automatically, information we receive from third parties or information you provide about other people.
We collect and process your information in the following ways:
Information you give us
- You give us information about yourself when you purchase or use Travelex Services, or communicate with us (whether in writing, by phone or by any other means), or enter into any of our competitions, promotions or surveys. Where we request information from you, we will collect your information in the relevant forms or pages we use, including when you set up an account with us or when you register for loyalty schemes offered by us. You can choose to provide additional information to us when you contact us or otherwise interact with us.
- If you subscribe to receive our newsletter, then you will provide us with your name, email address and information indicating how you heard about us. You can also provide us with information on your marketing preferences.
- The registration details that you provide when you register a particular product sometimes include a unique ID for that product, your date of birth, the answer to a security question such as your mother's maiden name, your email address and marketing preferences. If you register your product, you will also have a unique password which enables you to access your account.
- If you purchase any Travelex Services, we will collect information from you that will enable us to complete your transaction. Such information can include your name, date of birth, home address, billing address, office address, e-mail address, the form(s) of identification you provide (e.g. passport or driving licence) and the information contained within those forms of identification, mobile telephone number, landline telephone number, credit or debit card information, other payment details, such as your bank account information, as required by us in order to complete your transaction and provide your payment choices and travel details (including future travel dates and destinations). If you do not provide the information we require to process a transaction, we may not be able to proceed with your order.
Information we collect automatically
- We collect details of your visits to our online services. This includes page interaction and online services site activity, including which website you came from, pages you viewed during your visit, and the page you viewed immediately after you left.
- When you download our mobile app or access our services from a portable device we may collect personal information from you such as, your name, email address, user name, password, mobile device information and system (for example android or IOS), and your geo-location. Dependant on your marketing and cookies preferences and your geo-location settings, we may present and display to you in the app targeted marketing and advertising messages. In addition, we may also collect information about how you use the app in order to improve app performance and our digital online services.
- We use the information we collect automatically:
- to administer our Sites for internal operations including troubleshooting purposes;
- to ensure that content from our Sites is presented in the most effective manner for you and your devices;
- as part of our effort to keep our Sites safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our Sites about goods or services that may interest you or them.
- When we collect CCTV images of you from equipment in place when you visit our premises such as at our bureaux de change stores and ATMs, we will do so for the prevention and detection of crime and public safety.
Information we receive from third parties
- We also receive information from third parties (including publicly available information). This information includes:
- Non-personal information used to supplement existing information, such as demographics and affluence metrics (e.g. social-demographic groupings through matching postcode information).
- Information about you from other members of the Travelex Group Companies, and other sources with whom Travelex work closely to provide the Travelex Services to you (including Travelex partners, third party payment and delivery service providers, advertising networks, analytics providers, identity verification services, credit reference agencies, fraud prevention services and social media platforms).
- How we use the information we collect
The information we hold on you will be used in a number of ways. This is generally to provide you with the services that you request from us, to keep you informed and to improve your customer experience and the quality of the Travelex Services. In some instances we use this information to send you marketing communications we think are relevant to you, but we only do this where it is lawful to do so or you have given your consent to receiving this information. You have the right to object to us sending you such information at any time. We will collect, process and retain your data for the purpose of us providing to you payment services, but this does not affect your data protection rights.
We use your information for the following purposes:
To provide a requested service or carry out a contract with you
- collecting payment, processing and fulfilling your order and otherwise providing you with the information and Travelex Services you request from us;
- providing you with any alerts, in-app messages or other messages, and newsletters that you have registered to receive;
- when we partner with other organisations to provide a particular Travelex Service (these partners will be identified to you at the time of the provision of the relevant Travelex Service e.g. when you visit the partner website or bureaux de change);
- providing you with service messages, including messages notifying you about changes to Travelex Services or changes to our terms, conditions and policies;
- enforcing any contract entered into between you and us for the provision of Travelex Services.
Where we have your consent
- contacting you (including by email, social media or SMS) with marketing messages according to your marketing preferences.
- contacting you via email with short surveys, according to your survey preferences;
- when you are using a portable device (such as mobile phone, tablet or wearable device), we may use your precise geo-location to provide you with location-based services and provide you with targeted advertisements. You can control your geo-location settings within the app settings or you mobile device settings;
- enabling us and third party websites to display relevant and targeted advertisements, based on previous behaviour, purchases, or any other relevant information;
- sending you an e-receipt if you confirm you would like one;
- where you have consented, collecting your marketing preferences and sharing these with a Travelex Partner.
Where we have a legitimate interest
- improving customer experience and our quality of Travelex Services. This can also include tracking emails to know when they are opened and read and the type of device they emails are accessed from;
- data analysis and research to allow us to derive insight and to help make the Travelex Services personalised and relevant, as well as to develop our business processes and Travelex Services. In doing so, we will anonymise your data so that we may continue to use it for analysis and research after the period that it has been used for processing our services to you. Where data is anonymised, we ensure that it cannot be used (singularly or with other data) to re-identify you.
Note that where we rely on legitimate interests for processing your information, we carry out a ‘balancing test’ to ensure that our interests are not outweighed by your fundamental rights of privacy. More information on such balancing tests is available from Travelex on request.
Where we have a legal obligation
- complying with our legal and regulatory obligations (including fraud prevention, anti-money laundering and sanction screening). This includes checking the information you provide to us against information from Experian and Norkom.
- Information we share
Even where shared, we ensure your information will only be used for the purposes outlined in this notice.
We share your information with Travelex Group Companies and with other companies in the limited circumstances, for specific purposes.
Except as above, we do not share your information with companies, organisations or individuals outside of Travelex for marketing purposes nor do we sell your information.
In the event that our business is acquired by a third party or we enter into any kind of merger or other acquisition type, your information where required would be shared with the relevant party.
Our partners include:
- Supermarket chains;
- Banks and building societies;
- Airports and airlines;
- Other retail businesses.
- We share your Personal Information with fraud prevention agencies in the provision of certain Travelex Services to you. These agencies keep a record of our enquiries and record, use and give out information we give them to make assessments and to help make decisions on you to prevent fraud and money laundering.
- We also disclose information about you to law enforcement authorities or other government officials, if we are required to do so by law or legal process, or when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity such as financial crime.
- We also share your information with a third party when we:
- have your prior consent to do so;
- are processing your information through a trusted business partner, who is acting on Travelex’s explicit instructions and in accordance with this Notice, confidentiality and levels of security;
Our business partners include:
- - payment gateways and payment services providers
- - identity verification providers and credit referencing agencies
- - providers of fraud prevention, anti-corruption and anti money-laundering checks
- - cloud and online security services providers
- - outsourced service providers to the Travelex Group
- - providers of telecommunications, webchat and networking services
- - marketing communications providers
- - online advertisers and targeted advertising providers
- - social media networks
- are using a third party to send targeted advertisements on our behalf, using an identifier such as an email address or site cookies;
- have aggregated, non-personally identifiable information, which is to be used for segmentation, statistical modelling, general research or trend analysis;
- sell or buy any new business or assets, in which case we disclose your information to the prospective seller or buyer of such business assets;
- are purchased by a third party, in which case information held by us including your information will be transferred. We will notify you of this through the most appropriate means;
- need to comply with the obligations we have to our third party product issuers or third parties providing products or services on our behalf, so that they can process your order or otherwise provide the information, products or services you have requested (please note that these third party product issuers have their own privacy policies and accordingly we cannot accept any responsibility or liability for the handling of your information by such third parties in accordance with such policies);
- How to opt in or opt out from direct marketing, third party marketing and surveys
We use the information you give us on our Sites for direct marketing purposes to provide you with updates, newsletters, events, offers and promotions or other communications by email, that we think may interest you but, where required by law your prior consent will be obtained before sending direct marketing.
We may also from time to time send you surveys about or products and services. We will only do this where we have your consent.
You have the right to opt in or opt out of direct marketing and surveys from us at any time by visiting our Privacy Centre, clicking the ‘unsubscribe’ link in any email we have sent you, sending an email to email@example.com, or calling us on 0845 8727 627.
- Third Party Marketing Cookies and Social Advertising
We encourage you to learn more about how companies use advertising on social media and how to adjust your marketing preferences by checking their privacy statement and opt out options.
- Retention of your Information
We will keep your information only for as long as is for the purposes set out in this Privacy Notice and to fulfil our legal obligations. Where you are a customer this is usually at least for as long as you remain a customer, to be able meet our legal and contractual obligations to you, and if necessary, to resolve any disputes. We will not keep more information than we need.
- We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we retain some of your information after you cease to use Travelex Services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes or for Anti Money Laundering obligations.
- When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time (for example, our obligations under anti money laundering laws);
- statute of limitations under applicable law(s);
- (potential) disputes;
- guidelines issued by relevant data protection authorities; and
- our legitimate interests, where we need to consider retaining information to meet any other obligations
Otherwise, we securely erase your information once this is no longer needed.
- Links to Third Party and Travelex Group websites
Our Sites contain links to and from the websites of our group companies, selected partner networks, advertisers and affiliates, including websites which are outside of our control and are not covered by this Notice.
If you access other sites using the links provided, the operators of these sites collect information from you which will be used by them in accordance with their privacy notice, which differ from ours. Please note that these other sites have their own privacy policies and accordingly we cannot accept any responsibility or liability for such policies.
On some pages of our Sites, third parties that provide content, applications, services (such as a webchat service enabling you to speak to an adviser about the Travelex Services) or plug-ins through our Sites track your use of content, applications and plug-ins or customize content, applications and plug-ins. For example, when you share an article using a social media button on our Sites (e.g. Facebook, Twitter, LinkedIn, or Google Plus), the social network that has created the button will record that you have done this, or when you speak to an advisor about the Travelex Services, they will provide you with advice over the Facebook chat facility, and Facebook has access to your information. You should check the Privacy Notice of third party websites to find out how they manage cookies and process your information.
We take all reasonable steps to ensure that all information collected through our Sites is treated securely and in accordance with this Notice. We do this by applying appropriate technical and organisational measures that meet all of the standards of our regulatory obligations, including regular review measures.
We have a number of security measures in place to protect your information you provide to us through our Sites against unauthorized disclosure, use, alteration, or destruction. However, when transmitting information over the internet, please bear in mind that no transmission over the internet can ever be guaranteed secure. Therefore, while we endeavour to protect your information, please note that we cannot guarantee the security of any information that you transfer over the internet to us.
As part of using our Sites you are sometimes asked to set-up a user name and password. You are responsible for maintaining the confidentiality of your user name and password and are responsible for all activities that are carried out when logged using your name and password. You are responsible for ensuring the security of the passwords that you set.
- International Transfers
In providing the Travelex Services to you we sometimes transfer your information to other countries. Where we transfer your information outside the European Union or EEA (i.e. countries that are members of the EU together with Norway, Iceland and Lichtenstein) we ensure that all data is treated with the same security measures regardless of location, and in accordance with our standards, policies, regulatory and legal obligations.
The internet is a global environment, so using the internet to collect and process your information necessarily involves transmitting data internationally. Therefore, by browsing our Sites and communicating electronically with us, you acknowledge our processing of your information in this way. However, we will take all reasonable steps to ensure that all information collected through our Sites is treated securely and in accordance with this Notice and strict data protection standards.
In providing our services to you, such as fulfilling orders and taking payments, we may transfer the data we collect from you and about you to destinations outside of the European Economic area (“EEA”), within the Travelex group of companies, with our third party processors, or with our partners. This is because the information is processed in those other locations. Where we do so, we ensure that security measures and appropriate safeguards are put in place to protect your information and ensure that all transfers of your information comply with applicable data protection law. We also ensure that processing is only ever carried out in accordance with our instructions.
In all cases where we transfer information across borders, we rely on acceptable and defined legal mechanisms to ensure that we protect data at all times. We may use Standard Contractual Clauses that have been provided by the EU Commission, other agreements and ‘adequacy’ protections that have been defined and approved by the European Commission or the relevant Supervisory Authority. For transfers between Travelex group companies, we have in place an intra group transfer agreement, incorporating Standard Contractual Clauses. Or we may use new standards as these are developed by the appropriate regulatory authorities.
- Your Rights
By law, you have a number of rights (subject to certain conditions) when it comes to your information. These include the right to ask us what information we hold about you, and to request us to modify any incorrect details, add missing information, or to delete the information we hold. You also have the right to object to us processing your data or ask us to restrict processing your information. If you want to use the information that we hold about you for services with others, you can ask us to provide your data in a commonly used electronic format. You can exercise any of these rights by contacting us using the contact details and form referred to in Section 14.
You can obtain further information about your rights, or make a complaint to your data protection authority with regards to how we use your information, and Section 14 provides contact details should you need them.
- The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing.
- The right to be informedYou have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Notice.
- The right of access. You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your information in accordance with data protection law. You can do this by writing to us using the contact details in Section 14.
- The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by writing to us using the contact details in Section 14.
- The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold by writing to us using the contact details in Section 14.
- The right to restrict processing. You have rights to ‘block’ or supress further use of your information. When processing is restricted, we can still store your information, but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
- The right to data portability. You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. This is not a general right however and there are exceptions.
- The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.
- The right to withdraw consent. If you have given your consent to anything we do with your information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your information at any time by contacting us using the contact details in Section 14.
- Children's Privacy
We collect information on children under the age of 16 for the purpose of providing foreign currency when they use Travelex Services. This only applies where an accompanied minor walks in to one of our stores and carries out a transaction over-the-counter. We only collect this information with the prior consent of the responsible parent or guardian that accompanies them.
We do not knowingly collect or solicit any additional information from children under the age of 16. If you are under the age of 16, you should not register or provide information on the Travelex Applications. If we later obtain actual knowledge that a user is under 16 years of age, we will take steps to remove that user’s information from our systems where section 11.1 does not apply. If you believe that we might have any information from or about a child under 16, please notify us using the contact form at section 14.
- Changes to our Notice
This notice was last updated on the 4 May 2018. It will be updated to take into account changes to the Travelex Services or for example to reflect changes to applicable regulations.
Any changes we make to our Notice will be posted on our Website. Please do check our Notice to take notice of any changes made. By providing us with your information, using the online services and/or any service or product offered via the online services, providing us with information in-store at one of our bureaux or over the phone, use one of our ATMs or by placing orders after we have changed the terms of our Notice, you will be deemed to have accepted these changes. We will advise you of significant changes to this Notice where we have your contact details.
You can obtain further information about your rights, or make a complaint to your data protection authority with regards to how we use your information, and this section provides contact details should you need them.
Questions, comments and requests regarding this Notice are welcomed and should be addressed to firstname.lastname@example.org or Customer Services Department, Worldwide House, Thorpe Wood, Peterborough PE3 6SB.
Our Data Protection Officer can be contacted at email@example.com.
HOW TO CONTACT YOUR LOCAL SUPERVISORY AUTHORITY
Details of the UK supervisory authority: The Information Commissioner's Office. You can contact them in the following ways:
Phone: 0303 123 1113
Post: Information Commissioner's Office