Transfer Galaxy may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you accept any changes.
1. Who is Transfer Galaxy?
Transfer Galaxy is a digital-first money transfer service that enables customers to send money to their loved ones from a laptop, tablet or smartphone (the “Service”).
In the terminology of the General Data Protection Regulation (“GDPR”), Transfer Galaxy is the "controller" of your personal data and you, our customer, are the "data subject". This means that Transfer Galaxy determines the purposes and means of the processing of your personal data, while respecting your privacy rights.
2. What we collect
We may collect and process the following information about you:
- Information that you provide us in the course of using the Service, including your name, address, date of birth, personal identity number, email address, telephone number, bank account number, credit or debit card number, and proof of your identity such as your passport, driving license, national ID card etc.
- To facilitate the Service, we request certain third party personal data from you such as your recipient's full name, physical address, email address, and phone number
- Additional "know-your-customer" information from you or third party providers for the prevention or detection of crime or to help combat fraud, money laundering and terrorist financing
- Information about your usage of the Service, including your transaction history, how you use the Service to send or receive money, and to whom you send money
- We may collect information about your device, including where available your IP address, operating system and browser type, for system administration. This is statistical information about our users’ browsing actions and patterns
- In the event that we conduct competitions and campaigns, we may collect contact details of the participants and the winners and other information necessary to fulfil our obligations in relation thereto
You do not have to disclose any of the above data to us. However, if you choose not to, we may not be able to provide you with the Service.
3. What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- To process your transactions
- To verify your identity
- To collect payment for your use of the Service
- To send transaction alerts to you and/or the recipient of your remittance
- To provide you with information about the Service
- To send you marketing notices, service updates, and promotional offers
- To analyse our business operations
- To comply with applicable laws, regulations, and rules, such as those relating to "know-your-customer", anti-money laundering and counter-terrorist financing
4. Legal grounds for processing your personal data
In general, we are required to collect personal data including any "know-your-customer" information, verification of your identity and transaction records and communications with you in order to comply with our legal obligations.
In order to fulfil our contract with you and provide the Service we will process your personal data and relevant third party data to process your transactions, and collect payment for your use of the Service. The same applies in relation to competitions and campaigns, we will process the personal data of the participants and the winners to fulfil our part of the contract.
As long as you are a customer we believe that it is in your interest to receive occasional information about the Service and we may therefore send you marketing notices, service updates, and promotional offers that we believe are relevant for you based on your previous use of the Service. For the same reason, we may also process your data to analyse our business operations in order to improve the Service.
In situations where you give us specific consent to process certain kinds of personal data, you are able to withdraw that consent at any time. We will then stop processing such data and, if no other legal ground for keeping your personal data apply, we will also erase your data from our system.
5. How long we keep your personal data
Depending on what purpose your data is used for, the length of time we keep it may vary. Either way, we will only hold your data as long as necessary to serve the purpose it is used for. In general, we are required to keep our customer records including any "know-your-customer" information, for five years after a customer’s most recent transaction in order to comply with our legal obligations.
Please note that we may retain any personal data mentioned above for a longer period than stated above, if required by law or if required to protect the rights, property or safety of Transfer Galaxy or of the Service provided by us or our partners.
6. How we share information with others
We may share your personal data with:
- Third-party service providers under contract with Transfer Galaxy that help us with our business operations, such as transaction processing, fraud prevention, communication, customer support and marketing. These service providers are authorized to use your personal data only as necessary to provide these services to us
- In the event of a capital raising process or a sale process regarding some or all of our shares or assets, we may disclose your personal data to the prospective buyer
- Law enforcement and government officials, but only in connection with a formal request, subpoena, court order, or similar legal procedure, as well as circumstances where we believe in good faith that disclosure is necessary to comply with the law, report suspected illegal activity, or investigate violations of our Terms and Conditions
We will not sell or otherwise transfer the information we collect to third parties for their promotional purposes unless we have received your explicit permission to do so.
7. Transferring data outside of European Economic Area
Personal data which is submitted via our Service is sent to and stored on secure servers owned by, or operated for, us in the European Economic Area ("EEA"). Such data may be transferred to, or stored at, a destination outside the EEA and may also be processed by staff operating outside the EEA who work for us or for one of our service providers. Such transfers may be made in order to operate the Service, improve our Service, or to assist in our security or fraud protection activities.
Where recipients are outside the EEA, we will ensure that they provide an adequate level of protection for your personal data or that the transfer is otherwise permitted under applicable data protection legislation e.g. by using standard contractual clauses approved by the European Commission, by relying on a relevant adequacy decision by the European Commission, or on other legal grounds in accordance with applicable law.
8. Your rights related to personal data
The GDPR establishes certain rights in relation to your personal data, which are listed below:
- Information: the right to be informed about how we use your personal data
- Rectification: the right to correct, amend or update your personal data if it is wrong or has changed
- Erasure: the right to ask us to remove your personal data from our records
- Restriction: the right to ask us to stop processing your personal data
- Objection: the right to object to data processing, if you believe that our legitimate interest might infringe upon your rights
- Access and Portability: the right to access and receive your personal data which you have shared with us in a structured, commonly used and machine-readable format and the right to transmit the data to another controller
- Automated decision making: the right to not be subject to individual decisions made solely by automated means
At any time, you are welcome to contact us in relation to these rights. However, please note that there are certain exceptions where these rights may be superseded by laws and other requirements applicable to regulated financial institutions like Transfer Galaxy. An example of this would be the obligatory retention period, which supersedes the right to data erasure.
The security of your personal data is important to us. When you enter financial information (such as credit/debit card and banking information) within our Service, we encrypt the transmission of that information using secure socket layer technology (SSL). We use 256-bit data security encryption, so all information sent between your web browser and our Service remains private and secure.
Transfer Galaxy has also introduced technical and organisational measures to ensure the appropriate level of protection for any personal data processed by us. These measures ensure that the personal data is treated confidentially, is available to the extent needed within the organisation and that the content is correct. All measures are designed to take into account the requirements set out in the GDPR and the Payment Services Act (2010: 751).
11. Third party sites
The Service contains links to other websites. Transfer Galaxy is not responsible for the privacy practices or the content of these other websites. We encourage you to familiarize yourself with the privacy practices of these other sites prior to submitting your personal data to them.
If you feel that we have not addressed your question, request or concern adequately, you have a right to make a complaint with the Swedish Data Protection Authority (Sw. Datainspektionen). You may access their details at https://www.datainspektionen.se.
27 November 2020, Örebro, Sweden