Privacy Policy

Our UK privacy policy can be found below.

If you are based in the EU or EEA please read this privacy policy.

Para leer nuestra EU Política de Privacidad en español pulse aquí.

TorFX takes data privacy very seriously and recognises the importance of protecting and respecting your personal data. This Privacy Policy describes the information we collect, how we use that information, to whom we pass the information, your rights and key contact information.

1. Overview

To provide you with our money transfer services (also known as “e-money services”) we need to collect information about you. Our aim is not to be intrusive, and we won’t ask you unnecessary questions. Any personal information we receive about you will be subject to strict controls to minimise the risk of misuse or unauthorised disclosure.

Please read this notice carefully, together with our Terms and Conditions. In this notice, we explain how and why we collect personal information about you in connection with services (‘’Redpin Services’’) provided by Currencies Direct Limited, Tor Currency Exchange Limited and other companies within the UK Redpin group of companies (together, “Redpin’’). Redpin (“our”, “us” and “we”) commits to using your information only in accordance with the terms of this Privacy Notice.

By visiting this website or providing your personal information to one of our employees, you consent to our use and disclosure of your personal information in the manner described in this Privacy Notice.

Please note that if you do not provide us with the information, we need to set up an account or make a payment for you, or to check your identity or source of funds, then we may be unable to do business with you.

A special note about children

Children are not eligible to use Redpin Services. We respectfully ask that minors (persons under the age of 18) do not submit any information to us or use Redpin Services.

2. The information we collect

We collect personal information about you including: name, address, contact details including telephone numbers, postal address and email, date of birth, employment and occupation details, proof of identity (including photographs and videos), nationality and residence, copy passport, national identity card and driving licence, proof of address (for example, copy utility bills), bank account details, transaction history, financial history and credit status, sanctions status, background checks, responses to security questions, voice recordings, device and IP (internet protocol) details, details about your health or any vulnerability you may have (where needed to meet our regulatory obligations) and other personal information as described in the rest of this Privacy Notice. We also collect information about your source of funds, for example bank and investment statements, proof of sale documentation and probate certificates.

If you are representing someone else, we will ask for proof of authority (for example, a power of attorney or evidence of your relationship). We collect this information from different sources as follows:

Information we collect from you

Information you provide to us

We collect personal information directly from you, for example when you complete the application process for Redpin Services or answer a survey.

When you communicate with us for customer service or other purposes, including by phone, email, text or using other methods, we retain that information and our responses to you.

We record calls on our telephone lines for quality control purposes, as evidence of transactions and to fulfil regulatory requirements. Any information you disclose to us will be held on these recordings, except for debit card numbers, which are not recorded to comply with The Payment Card Industry Data Security Standard. We also record any phone number used to call us where a call is connected, and the number not withheld.

Information we collect when you use our website or app

When you arrive at or leave the Redpin website (or any website created by one of our group companies), we receive the web address of the site that you came from or are going to.

While you are using our website (and depending on which cookies are enabled) we collect information on the services you search for or view, page response times and length of visits to specific pages, how you interacted with each page (including scrolling, clicks and mouse-overs), and methods used to browse away from the page.

We collect information about the device you are using, such as the type of device, operating system and platform, the type and version of browser, browser plug-in types and versions, the times you access our website/app and the time zone setting, mobile network information and unique device identifier, which may include your device's IMEI number and/or MAC address, or the mobile phone number used by the device.

If you give us permission, our app may collect information stored on your device, including contact information from your address book, photos, videos, or other digital content. The app may periodically re-collect this information to stay up to date.

Photographs and facial imaging

Before giving you access to certain services, we may ask you to upload a photograph of your identity document and/or use your device’s camera to verify your identity using facial recognition technology. We retain these photographs as part of our records.

Transaction information

When you use Redpin Services to purchase currency or send currency to someone else, we ask you to provide information related to that transaction. This information includes, details about your source of funds, recipient name and bank details, recipient address for some jurisdictions and sometimes the recipient’s email address and phone number.

Information about individuals who are not registered users of Redpin Services

If it is necessary for you to provide personal information about other individuals while dealing with us (for example the names of company directors, details about the other party to a joint account or details about a payee’s bank account), then you should make sure you have their permission before sharing those personal details with us. By using Redpin Services, you confirm that you have obtained these permissions. We will retain the details you give us about these third parties in accordance with our record retention policy.

Information we collect from third parties

Fraud prevention checks

To protect ourselves and our customers against fraud, we verify the information you provide with Anti-Fraud Agencies and Electronic Identity Verification Services. During verification, we receive information about you from such services and retain that as part of our records.

If you register a debit card or bank account with Redpin, we will use card authorisation and anti-fraud screening services to verify that your bank or card information and address match the information you supplied to us.

Identity verification using Electronic Verification Providers

Any electronic identity check with a credit agency may leave a record on your credit file. By using Redpin Services, you agree that we may carry out such searches in the knowledge that it may leave a record on your credit history. If you are a joint account holder, in certain circumstances credit agencies may link your record with your spouse, partner or other financial associates.

Background and sanctions checks

We conduct a background and sanctions check on all our customers (and for business customers, also on the business’s directors, shareholders, and partners). During this process we will obtain information about you and/or your business and the relevant directors, shareholders, and business partners from an identity verification provider.

Social media

If you allow us to, we will collect friend lists from Facebook and similar information from other third parties such as Twitter and Google – the app will periodically re-collect this information in order to stay up to date – and we may collect other information you have chosen to make publicly available on social media sites. Where we are one of your connections on a social media site, we may also collect information you have chosen to share with your connections on that site.

Information about you from other sources

We may also collect information about you from other sources, for example from:
- our other group companies, from any of the affiliates or partners we work with who refer customers to us and through our ‘’refer a friend’’ network;
- service providers, advertising networks, analytics providers and search-information providers;
- credit reference agencies;
- anti-fraud agencies, regulators, criminal records checks and the police;
- joint account holders and people who represent you;
- other financial businesses and banks (for example, when we are asked to investigate a potential fraud or incorrect payment); and
- publicly available sources, such as the media.

Sensitive data

If you reveal sensitive personal data to us, for example regarding your physical or mental health or regarding any vulnerability you may have, you will be giving consent to us keeping a record of your health or vulnerability status. We may use that information to help us make appropriate decisions about managing your transactions with us.

3. How we use your information and the lawful basis for use

Our primary purpose in collecting your information is to provide you with a smooth and efficient experience when using Redpin Services. However, the law requires us to have a legal basis for processing your personal information. One or more of the following legal bases will apply whenever we use or share your personal information:

- To allow us to take necessary actions to provide the service or product you have contracted for;
- To allow us to meet our legal obligations (for example, to carry out anti money laundering checks);
- To protect our legitimate interests (for example, to understand how our customers use our services or to prevent fraud);
- We have your permission (for example, where you have consented to marketing).

By submitting your information to Redpin and using Redpin Services, you agree that we may use and disclose your information for the following purposes:

Carrying out transactions, providing customer support and improving our services

We may use your information to:

  • provide you with the information, products and services that you request from us, including providing you with money transfer services and quotes;
  • complete customer on-boarding and due diligence;
  • understand your financial circumstances and requirements;
  • assess and process your application and to set up and complete any transaction you are undertaking with us and to communicate with you about your account and transactions;
  • provide customer support and to tailor any services we offer and to allow you to participate in any interactive features in our application process;
  • administer any promotion, survey or competition that you enter with us and to obtain feedback on our services;
  • deal with any complaint or query you may have;
  • help train our staff, improve the products and services we offer and enhance the functioning and presentation of Redpin apps, websites, application processes and technologies and to update the terms and conditions we use;
  • administer and update our internal records and systems;
  • carry out data analysis and market research; and
  • carry out debt collection activities and other legal proceedings in order to protect our business.

Compliance and risk management

We will use your information to help us comply with our legal and regulatory obligations, to investigate suspicious transactions, to issue any appropriate fraud or risk warnings and to manage our risk as a business, including as described below:

- to carry out background checks, to verify your identity and status and that of any persons or payees connected with you, to monitor ongoing transactions and to check source of funds;

- to carry out checks to:(a) ensure we do not deal with countries, entities or individuals that are subject to sanctions or involved in evading sanctions, (b) comply with counter-terrorist financing, anti-money laundering and data protection laws and regulations and (c) to help identify, prevent and take action against fraud and other types of financial crime; and

- to conduct investigations into actual or suspected violations of our Terms and Conditions.

Marketing

Where you have consented to marketing or are already a customer (or have indicated that you are potentially interested in our services) we (or any member of the Redpin group of companies) may use your personal information to send you marketing (including newsletters, updates, customer surveys and promotions), to make suggestions as to services and products that may be of interest, to analyse which marketing and which services are most appropriate for you and to improve our understanding of the effectiveness of our advertising and promotional campaigns.

Unsubscribing from marketing

You can unsubscribe from our marketing communications (or change your marketing preferences) whenever you choose. You can do this at the time you register with us or by selecting the ‘’unsubscribe’’ tab featured on our marketing communications or by logging in to your account with us, visiting your profile page and accessing the preference centre. You can also call us on our Customer Services number and ask us to unsubscribe you or change your marketing preferences over the phone.

4. Cookies

Our website (and the websites of other Redpin group companies) uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site and to provide interest-based advertising. You may adjust the settings on your browser to refuse cookies but some of the services on our website(s) may not work if you do so. For detailed information on the cookies, we use and the purposes for which we use them, please see our Cookie Policy.

5. Sharing information with third parties

We have given some detail below about the suppliers, partners, regulators, and other organisations with whom we share customer personal information. By registering with us or using Redpin Services, you consent to us sharing your personal information with these third parties (provided, of course, that this is done securely and with all the necessary contractual protections in place).

Banks and payment providers

When you ask us to process a currency or payment transaction, we will provide your information to the banks, payment service providers, card issuers and other businesses we deal with to complete the transaction.

Payees

When you authorise a payment, or receive a payment, relating to your Redpin account we may share your personal details with the payee or person making payment in certain circumstances.

Service providers

We work with a range of third party suppliers and partners who provide us with services across a range of sectors ( for example, customer record-keeping, account management and technology services) and may share your personal information with those third parties and their sub-contractors.

Anti-fraud, anti-money laundering, sanctions screening and risk management

We will share your personal information with business partners who carry out checks for us as part of customer on-boarding and for on-going due diligence. For example, we use third party suppliers to run verification checks on passport and identity documents you provide to us and a facial imaging company to check that any photograph you provide to us matches the photo on your identity document. We share your information with providers of sanctions-screening and anti-money-laundering services.

Credit reference agencies and fraud prevention agencies

We may share your personal information with credit reference agencies and fraud prevention agencies, who may then share that information with other organisations. We may continue to disclose personal information to them after you have closed your account with us.

Joint account holders and your representatives

We may share your personal information with anyone else named on your account with us or with someone representing you, such as a solicitor, accountant, insurer, or someone acting under a power of attorney. We may also share your personal information with another bank or business where you have told us that you are happy for us to release information to them.

Regulators

We are sometimes obliged to report transactions to the relevant financial or data protection regulator in the UK or elsewhere. We will provide your personal information to the regulators to meet these legal obligations.

Credit card associations

We may disclose your personal information in response to the requirements of credit card associations.

Legal proceedings

We may share your personal information with other organisations and with professional advisers, courts and debt collection agencies in order to: enforce our Terms and Conditions and any other agreements entered into between you and us (or between you and any Redpin group company), to investigate potential breaches of those Terms and Conditions or other agreements, to investigate fraud or criminality, to carry out or defend legal proceedings, to take enforcement action and to protect the rights, property, reputation or security of Redpin, our customers, or others.

The police, law enforcement agencies and other authorities

We may disclose your personal information to the police and other law enforcement agencies, security forces, tax authorities, intelligence services, and other authorities and government agencies in the UK and elsewhere where we are legally compelled and/or permitted to do so.

The Financial Ombudsman

We may share your information with the Financial Ombudsman Service (or any successor organisation) and with any other ombudsman or consumer protection body in the UK or elsewhere investigating a complaint or other issue raised in connection with your use of Redpin Services.

Mergers and acquisitions

As with any business, it is possible that in the future any member of the Redpin group could buy, merge with, or be acquired by, another company. We may disclose your information to the prospective seller or buyer of such business or assets, along with its financiers, sponsors, and professional advisers. If a Redpin group company or a substantial proportion of its assets is acquired by a third party, information held by it about its customers and potential customers (and any consent they have given to marketing and any other right to market to them) will be one of the transferred assets, and such successor company would continue to be bound by this Privacy Notice unless and until it is amended.

Group companies

We may share your personal information with other members of the Redpin group of companies (and the parent companies of each Redpin group company and each company having direct or indirect control of those parent companies) where they provide, or may provide, services to you or where the sharing of that information otherwise supports Redpin’s business.

Analytics and search engine providers

We share your IP (internet protocol) address with analytics and search engine providers that assist us in the improvement and optimisation of our website, and also to permit certain third party advertising on third party websites. Please also see our Cookie Policy.

Analytics and search engine providers

We share your IP (internet protocol) address with analytics and search engine providers that assist us in the improvement and optimisation of our website, and also to permit certain third party advertising on third party websites. Please also see our Cookie Policy.

Affiliates and our referral network

If you are referred to us by a third party – either via our affiliate network or via the refer-a-friend promotion – we may notify them when you book a transaction and share your personal information and transaction history with them.

We have a select group of partners to whom we occasionally refer customers. If we think you may benefit from these services, we will ask you if you would like us to pass on your details. We will always name the partner and ask you for permission before we refer you, and we will pass on your details only where you give us permission to do so. If we refer you, we will typically pass on your name, email address and telephone number.

Third party websites

Redpin websites may, from time to time, contain links to the websites of our business partners, advertisers, and affiliates.

We offer certain Redpin Services through third parties (for example, through e-commerce platforms). If you request a quote via a website or platform operated independently by a third party, any information that you enter on that website or platform (and not directly through a Redpin group company website) will be shared with the owner of that website or platform. We may also share other information about you with the owners of these third-party websites and platforms, for example your account details and customer on-boarding details.

Please note that third party websites and platforms have their own privacy notices and we do not accept any responsibility or liability for those notices, or the way third party websites or platforms operate. Please check the relevant privacy notice before you submit any information to a third party website or platform.

6. Transferring personal data overseas

The information that we collect from you may be transferred to, and stored in, a country outside the UK or European Economic Area (EEA). It may also be processed by staff operating outside the UK or EEA who work for Redpin or for our suppliers, partners or affiliates. These staff may be engaged in the fulfilment of your request, the processing of your payment details and the provision of support services.

The laws in some countries may not provide as much legal protection for your information as in the UK or EEA. In these circumstances, our policy to protect your personal data is to rely on findings of adequacy by the European Commission (for countries in scope of those findings) or standard contractual clauses or international data transfer agreements adopted by the European Commission or the UK Information Commissioner.

Each time you attempt to make a money transfer using a Redpin account, Redpin may transfer your relevant information to the recipient and any intermediate banks or payment service providers, who may be located outside the UK or EEA, and any other service providers as described above, in order to deal with and provide information about the payment.

By submitting your information and making use of Redpin Services, you agree to such transfers, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.

7. Data Retention Policy

We will keep your personal information on record for as long as you are a customer and for a period of time (typically, up to six or seven years) after the closure of your account. This period of six or seven years is linked to the period of time available to bring a claim. In some circumstances, such as an enquiry from a law enforcement agency or where there is a legal requirement, we may have to hold the information for longer. We may also retain information if required to protect our interests, for example in case of litigation or to manage a complaint or to help detect fraud. Where you have asked us not to contact you, we will retain that request on a ‘do not contact’ list to reduce the risk of us contacting you in the future.

8. Keeping personal data secure

We have security measures in place designed to prevent data loss, to preserve data integrity, and to control access to the data. All Redpin employees who have access to your personal data are required to comply with our privacy and data protection policies.

To ensure data privacy, confidentiality and integrity, all information disclosed, shared, stored, or used and any transactions performed by you through our website and app are encrypted.

Customer responsibilities

We keep our security technology up to date to protect your information, but we do not have control over the devices you use to access Redpin Services. It is vital that you work with us to help keep your personal data secure and to prevent fraud.

It is your responsibility to safeguard your online information and transactions by taking all reasonable measures, including the following:

  • Keep your personal data (for example, passports) secure and private.
  • Never share passwords or log-in details with anyone and never write them down.
  • Choose a secure password and change it regularly (and use a different password for different service providers).
  • Do not click on any internet link contained in an email or SMS which directs you to a Redpin website. Always manually type our address www.currenciesdirect.com into your internet browser or use the app.
  • Log out and close your browser before visiting other websites once you have completed your transactions.
  • Ensure that you use the latest version of your internet browser and that you have up-to-date anti-virus, firewall and other security software installed on your device.
  • Read the fraud and security pages on our website before you start a transaction and always double-check payee account details direct with the payee.

9. Customer rights

You have the legal rights set out below:

To ask us for a copy of the personal information we hold about you as an individual.

To ask us to correct or complete any information we hold about you.

Whilst we endeavour at all times to keep your information accurate, we welcome your corrections. You can correct or complete your profile at any time by logging onto your account via the relevant Redpin group company website, or you can call your account manager to make any changes. We may ask you for additional verification information if you are changing certain details such as your name or your address.

To ask us to erase your personal information in certain circumstances.

We will delete your information in line with our data retention policy and the guidance of the Information Commissioner’s Office regarding alternatives to deletion. We will maintain a record that you made an erasure request to reduce the likelihood of us contacting you in the future, but we will use that information for no other purpose.

To ask us to send your personal information to another organisation or back to you, in certain circumstances.

To ask us to stop processing your personal information or to restrict the way in which we process your personal information in certain circumstances.

You may exercise any of the above rights by contacting us at [email protected] or by calling your Account Manager.

10. Contacting us

Contacting us with questions or requests

If you have any questions about this Privacy Notice or Redpin’s information practices, you can contact us by emailing: [email protected] or by writing to us at: Data Protection Officer, Redpin Holdings Limited, 1 Canada Square, Canary Wharf, London, United Kingdom, E14 5AA.

Complaints to the Data Protection Officer

If you have a complaint about how we handle data protection issues or how we have responded to a request, please email [email protected]. Our Compliance team and Data Protection Officer will investigate your complaint and respond to you. You may also email Redpin’s Data Protection Officer direct on: [email protected].

Complaints to the UK Information Commissioner

You have the right to complain to the UK Information Commissioner's Office if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO, please see their website. The ICO helpline is: 0303 123 1113.

11. Changes to this Privacy Notice

We may amend this Privacy Notice at any time. Any changes we may make will be posted on this website, so please check back frequently.

Your continued use of our website(s) after the posting of a new version of this Privacy Notice will constitute your acceptance of any changes.