To provide you with our money transfer services (also known as “e-money services”) we need to collect information about you. Our aim is not to be intrusive, and we won’t ask you unnecessary questions. Any information we receive about you will be subject to strict controls to minimise the risk of misuse – including unauthorised access to, or disclosure of, your personal data.
This includes consenting to the processing of any sensitive personal information you provide, as described below in section 2. It also includes information you provide when you browse our website, request a quote, register for an account, enter into a contract for the supply of money transfer services, enter a competition, promotion or survey and when you contact us for other reasons.
A special note about children
Children are not eligible to use TorFX Services. We respectfully ask that minors (persons under the age of 18) do not submit any information to us or use TorFX Services.
Information we may collect from you
We may collect and process the following information about you:
Information you provide to us
You may provide us with information by filling in forms on our website, our partners’ websites or by talking with us by over the phone or corresponding with us via email or otherwise.
This includes information you provide when you browse our website, request a quote, register for an account, enter into a contract for the supply of money transfer services, enter a competition, promotion or survey and when you contact us for other reasons.
To open a TorFX account or use TorFX Services, you must provide your name, address, phone number and email address – and we may ask you to provide identity document number(s) and copies of identification documents, for example your driving license or passport, or a utility bill.
In order to make payments using TorFX Services, you may be asked to provide debit card details (including the long number, start and expiry dates and the card verification value code (CVV/CVC)) your destination bank details (account number, sort code, IBAN, SWIFT, ABA or routing number).
We may also ask you to choose two different security questions to answer (such as your city of birth or your pet's name). If we ask you to set up these security answers, we will be unable to provide our services unless you provide this information.
Additional verification information
We may ask you to send us additional information if:
The additional information may include a copy of your driving licence, passport, and/or a recent utility bill, or other information verifying your identity and address, or to answer additional questions to help verify your information.
We may also ask for evidence of source of funds or wealth, for example bank statement, investment statement, business transaction summary, proof of property sale or probate documents.
When we communicate
When you communicate with us for customer service or other purposes, including by phone, email or using other methods, we retain that information and our responses to you.
We record calls on our telephone lines for quality control purposes, as evidence of transactions and to fulfil regulatory requirements. Any information you disclose to us will be held on these recordings, with the exception of debit card numbers, which are not recorded to comply with The Payment Card Industry Data Security Standard. We also record any phone number used to call us where a call is connected and the number not withheld.
We ask that you do not disclose sensitive personal information, including the state of your health, in any communication, however if you should do so voluntarily, you consent for us to hold that information in our communication records and phone recordings (see further details below).
Information we collect when you use our website or app
When you arrive at or leave the TorFX website, whether connected by a fixed line or wirelessly, we receive the web address of the site that you came from or are going to.
While you are using our site we collect information on the services you search for or view, page response times and length of visits to specific pages, how you interacted with each page (including scrolling, clicks and mouse-overs), and methods used to browse away from the page.
We collect information about the device you are using, such as the type of device, operating system and platform, the type and version of browser, browser plug-in types and versions, the times you access our website/app and the time zone setting, mobile network information and unique device identifier, which may include your Device's IMEI number and/or MAC address, or the mobile phone number used by the Device. We do not capture GPS information about you.
If you give us permission, our app may collect information stored on your Device, including contact information from your address book, photos, videos or other digital content. The app may periodically re-collect this information in order to stay up-to-date.
Photographs and facial imaging
If you use certain functionalities provided by us (including our mobile website or app) we may ask you to upload a photograph of your identity document and/or use the Device’s camera to verify your identity using facial recognition in order to provide these specific services. Your face must be recognisable.
When you use TorFX Services to purchase currency or send currency to someone else, we ask you to provide information related to that transaction. This information includes the amount, currency and type of the transaction, source of funds, exchange rate, recipient name and bank details, recipient address for some jurisdictions and, optionally, the recipient’s email address and phone number.
Individuals who are not registered users of TorFX Services
If it is necessary for you to provide personal information about other individuals in the course of dealing with us, for example regarding directors and shareholders of a company, or the other party to a joint account, you should do so only where you are authorised by those individuals.
When you engage an individual who is not a TorFX customer in a transaction, e.g. by sending a payment to that individual, we will retain the information that you submit to us, including, for example, the other party's name and/or bank details.
Although the information on Connected Parties and/or Recipients is stored for a certain period of time in compliance with applicable law, we will not use it to market to the non-registered person.
Information about you that we receive from third parties
Fraud prevention checks
To protect ourselves and our customers against fraud, we verify the information you provide with Anti-Fraud Agencies and Electronic Identity Verification Services. In the course of verification, we receive information about you from such services.
If you register a debit card or bank account with TorFX, we will use card authorisation and anti-fraud screening services to verify that your bank or card information and address match the information you supplied to TorFX, and that the card has not been reported as lost or stolen.
Identity verification using Electronic Verification Providers
We conduct a background check on all our customers (and for business customers, also on the business’s directors, shareholders and partners). During this process we will obtain information about you and/or your business, its directors, shareholders and partners, from an identity verification provider.
If you allow us to, we will collect friend lists from Facebook and similar information from other third parties such as Twitter and Google – the app will periodically re-collect this information in order to stay up-to-date – and we may collect other information you have chosen to make publicly available on social media sites. Where we are one of your connections on a social media site, we may also connect information you have chosen to share with your connections on that site.
Information about you from other sources
We may also collect information about you from other sources, including other companies (subject to their privacy policies and applicable law), and from other accounts we have reason to believe you control.
We may receive information about you if you use any of the other websites we, or our group companies, operate or the other services we provide. We are also working closely with third parties (including, for example, business partners and affiliates, customers who participate in our refer-a-friend programme, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with the information you provide to us.
We will use information we receive from business partners for marketing purposes only if you have provided your consent to do so, either to the third party which collected the information, or to us.
Data privacy regulations prohibit the processing of ‘special categories of personal data’, also called ‘sensitive data’ unless you have given your consent.
Sensitive data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life or sexual orientation. There are also restrictions on processing of criminal convictions and offences.
To avoid infringing these restrictions, it is TorFX’s policy that we do not ask for or collect any of the above data from you or any other party, so we therefore ask that you please do not reveal any sensitive data about yourself or others in any communication with us.
If you do reveal sensitive data, for example by phone or in an email, you will be giving express consent for us to process that information by storing the recording of the telephone call, or the email or other communication.
Our primary purpose in collecting your information is to provide you with a safe, smooth, efficient and customised experience. By submitting your information to TorFX and using TorFX Services you agree that we may use your information for the following purposes:
Fulfilling your requests
We will use your information to:
Compliance and risk management
As an authorised financial institution, we are obliged to carry out background checks on individuals, companies and connected parties, and to monitor ongoing transactions. This is to prevent fraud and money laundering, including to help protect your accounts from fraudulent activity and to allow us to alert you and/or relevant law enforcement agencies if we detect such fraudulent activity on your account.
Communication and customer service
We communicate with our users on a regular basis via email, phone and SMS to provide requested services and help you manage your account. These activities include:
We use your email and physical address to:
Users cannot opt out of these communications, but they will be primarily service-oriented rather than promotional.
As we are obligated to send these communications to current customers, if you do not wish to receive these communications at all, then unfortunately you must close your account, however if you do not wish to receive them in a particular way, please contact us to advise us of your preferred communication method.
We also use your email address to send you other types of communications that you can control, including market updates, customer surveys and special promotions. These communications are to:
You can choose whether to receive some, all or none of these communications and the methods by which you receive them when you request a quote, enquire or complete the registration process (or at any time thereafter) by logging in to your account on the TorFX website, visiting your profile page and accessing the preference centre – or by calling us and amending your preferences over the phone. We may also send you SMS messages for the same purposes.
Service improvements and account management
We will use your information to deliver and improve TorFX Services and manage your account, including:
We will use this information to:
Location information / IP (Internet Protocol) address:
We will use information about your location, derived from your IP address:
Third party information
We will combine third party information with information you give to us and that we collect about you. We will use all of this information:
Questionnaires, surveys, competitions and profile data
From time to time we may offer you optional questionnaires, surveys and competitions. If you choose to answer these questionnaires, surveys or competitions, we may use your information to improve TorFX Services, send you marketing or advertising information, manage the competitions and for such purposes as collecting demographic information or assessing users' interests and needs. You will be given notice of how the information will be used prior to your participation in the survey, questionnaire or competition.
Accessing and changing your information
You can review the information you have provided to us and make any desired changes to your information or to the settings on your TorFX account at any time by logging in to your account on the TorFX website, visiting the profile page and changing your details.
To support our business and provide services to you
Just like most banks and financial/payment service providers, TorFX works with third-party service providers (including banking partners and banking intermediaries) who provide important functions that allow us to make our money transfer services easier, faster, and safer.
This includes business partners under contract with us who support our business operations, such as fraud prevention, bill collection, marketing, customer service, contract administration and technology services. We need to disclose user data to them from time to time so that the services can be performed. Our contracts dictate that these business partners only use your information in connection with the services they perform for us and not for their own benefit.
Banks and payment providers
When you ask us to process a currency or payment transaction, we will provide your information to the business partners who are contracted to TorFX to complete this transaction, for example passing bank details to correspondent bank(s) or payment provider(s) involved in the transaction.
Anti-fraud, anti-money laundering, sanctions and risk management
To carry out the checks described in section 3, we will provide your information to our third party business partners who carry out these checks, including photographs of yourself or your identity documents that you have provided to us.
Reporting to regulators
As a regulated financial institution, in some jurisdictions we are obliged to report transactions to the relevant financial regulator. We will provide your information to the regulators to meet these legal obligations.
Credit card associations and legal process
We may also disclose necessary information in response to the requirements of credit card associations or a civil or criminal legal process.
We may disclose or share your information in order to enforce or apply the Terms and Conditions – and other agreements – between you and us, or to investigate potential breaches to protect the rights, property, or safety of TorFX, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and, if required, to obtain professional advice.
Where required by law
We may disclose necessary information to the police and other law enforcement agencies, security forces, competent governmental, intergovernmental or supranational bodies, competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations, and other third parties, including TorFX Group companies, where we are legally compelled and/or permitted to do so.
Mergers and acquisitions
Analytics and search engine providers
If you are referred to us by a third party – either via our affiliate network or via the refer-a-friend promotion – depending on the arrangement, we may notify them when you book a transaction.
If you are registering with us via, or as part of, an asset-sharing or “co-ownership” partner, we will share personal data and details of your transactional information to some/all parties included in your shared asset, for the purposes of reconciliation of payments in the group.
We have a select group of affiliates to whom we occasionally refer customers. If we think you may benefit from these services, we will ask you if you would like us to pass on your details. We will always name the affiliate and ask you for permission before we refer you, and we will pass on your details only where you give us permission to do so. If we refer you, we will typically pass on your name, email address and telephone number.
Third party websites
Our site may, from time to time, contain links to the websites of our business partners, advertisers and affiliates.
If you request a quote directly on a third-party website or via a third party application, any information that you enter on that website or application (and not directly through TorFX’s website) may be shared with the owner of any such third party website.
Please note that these websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any information to third party websites.
Platforms with which our services are integrated
Some of services are available through integration on third party e-commerce platforms to facilitate your use of those platforms. In order to do so, information we collect about you may also be shared with the operator of those platforms in accordance. Information that we may share includes: your bank account details, "know your client" information, and information about your account with us including transactions.
TorFX is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EEA.
The laws in some countries may not provide as much legal protection for your information as in the EEA. In these circumstances, our policy to protect your data is to rely on findings of adequacy by the European Commission (for countries in scope of those findings), the EU-US Privacy Shield (for transfers to the USA) or standard contractual clauses adopted by the European Commission or the UK Information Commissioner (for all other countries).
Each time you attempt to make a money transfer using your TorFX account, TorFX may transfer your relevant information to the recipient and any intermediate banks or payment service providers, who may be located outside the EEA, and any other service providers as described above, in order to process, execute or otherwise deal with and provide information about the payment.
We will do our best to protect your information, however we cannot guarantee the security of your information transmitted to our site or sent to us by email or other non-secure electronic methods; any such transmission is at your own risk. Once we have received your information, we will use protective procedures and security features to try to prevent unauthorised access.
We are obliged by financial markets laws to retain account data for 5 years after the closure of an account. In some circumstances, such as an enquiry from a law enforcement agency, we may have to hold it longer. We may also retain information if required to protect our interests, for example in case of litigation. When data falls outside those retention periods we will take steps to delete it from our system. Where you have asked us not to contact you, we will retain that information on a ‘do not contact’ list to reduce the risk of us contacting you in the future.
System security and monitoring
To ensure data privacy, confidentiality and integrity, all information disclosed, shared, stored or used and any transactions performed by you through our website and app are encrypted.
To provide a secure environment for our website and app, we hold your data in secure data centres with high levels of physical and technical security, including using firewall systems, data encryption and anti-virus protection. We use security surveillance systems to detect and prevent illegitimate access to and activities on our systems. External security experts conduct regular security reviews on our systems and we work with them to keep abreast of information security technology developments and implement relevant enhancement.
To control access to our services, every customer is required to input a Username and Password. To help us protect your information, you are advised to do the following:
We keep our security technology up-to-date to protect your information, but we do not have control over the devices you use to access TorFX Services.
It is your responsibility to safeguard your online information and transactions by taking all reasonable measures which may include the following:
You have the following rights:
To ask us to correct any information we hold about you if it is incorrect.
Whilst we endeavour at all times to keep your information accurate, we welcome your corrections. You can correct your profile at any time by logging onto your account via the TorFX website, or you can call your account manager to make any changes. We may ask you for additional verification information if you are changing certain details such as your name or your address.
To ask us to erase your information if we no longer have any reason to hold it, also known as the ‘right to be forgotten’.
Our Data Retention Policy (see section 7) explains the circumstances when we can or are obliged to retain information, however outside of those periods we will delete your information in line with our data retention policy and on request. We will maintain a record that you made an erasure request to reduce the likelihood of us contacting you in the future but we will use that information for no other purpose.
To ask us to return to you information you provided to us, also known as ‘data portability’.
You can ask us to send you in electronic format the information you provided to us under our Terms and Conditions or under consent.
To ask us not to process your information where you previously gave consent or where we are exercising our legitimate interest.
If you make a request for us to stop processing your information, we will investigate to see if there is a compelling reason for processing to continue and will discuss the conclusion of the investigation with you.
You cannot object to processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party. If you previously gave consent and we processed your data on the basis of that consent, you cannot object to that past processing, however you can ask us to stop processing it in the future.
To ask not to be subjected to automated decision making and profiling.
TorFX puts the human factor at the heart of our customer service, so there are no circumstances when profiling or other automated decision making will have a legal impact on you without a person reviewing and making a decision on the result. If you feel you may have been unfairly impacted by profiling, our team can manually assess whether the decision is fair and discuss the situation with you.
To ask for a copy of the information we hold about you.
We will endeavour to respond to your request within 30 days, however at time of high demand we may need 90 days to compile a full response.
To ask us not to process your information for marketing purposes.
You can do this by checking or unchecking certain boxes on the forms we use to collect your information, or by logging onto your account and managing your contact preferences, or by clicking on the ‘unsubscribe’ link(s) at the foot of every marketing or promotional email.
You may exercise any of the above rights by contacting us at [email protected] or by calling your Account Manager.
The Data Controller
The Data Controller is TorFX Limited, Registered office address PZ360, St Mary’s Terrace, Penzance, Cornwall, TR18 4DZ, company registration number 5193147.
Contacting us with questions or requests
Complaints to the Data Protection Officer
If you believe that we have breached a privacy law with which we should comply, please send an email to [email protected] We aim to respond in a reasonable time, normally within 30 days. Our Compliance team and Data Protection Officer will look after your complaint and will give you additional information about how it will be managed.
Complaints to the UK Information Commissioner
You have the right to complain to the UK Information Commissioner's Office if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website.