Effective from 10/01/2023
This Privacy Policy applies to all customers of First Digital Trade Europe UAB, a company registered in the Republic of Lithuania with registration number 306129492 and registered address at Kaykyos 18-10 01100 Vilnius Lithuania ("CRH Money", "CRH Money.com", "we", "our"). Please read it carefully before providing us with any information about yourself.
CRH Money ("CRH MONEY", "CRH Money", "CRH Money.com") is a trademark of First Digital Trade Europe UAB under license from CRH Royalty Spa
1. Introduction
This policy demonstrates our commitment to transparency and protection of your privacy rights and establishes the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
It applies to the processing of personal data by First Digital Trade Europe UAB, in relation to:
• use of any of our products, services or applications (collectively the "Services"),
• visiting or using our website, CRH Money.com ("Site") or mobile application ("App"), including the Ipermoney application.
Please note that our Services, Site and App are not intended for minors under 18 years of age and we do not knowingly collect data relating to minors.
Please contact us using the details provided at the end of the policy, for feedback or any privacy requests you may have. To be able to use our services, you must accept the terms and conditions of this Privacy Policy in its entirety.
2. Purpose
This Privacy Policy is intended to give you information about why and how we collect and process your personal data.
It is intended to inform you about your privacy rights and how the data protection principles established in the EU (European Union) General Data Protection Regulation ("GDPR") and post-Brexit privacy law, publicly known as UK GDPR, protect you.
It is important that you read this policy together with any other notice or policy we may provide on specific occasions when we collect or process personal data about you so that you are fully aware of why and how we are using your data. This policy supplements other notices and policies and is not intended to replace them.
3. Who we are
In the context of this Policy, First Digital Trade Europe UAB. is the Data Controller. The controller of your personal data is the legal entity that determines the "means" and "purposes" of any processing activity it performs.
4. Data Protection Officer
We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this Privacy Policy. If you have questions or complaints regarding this Privacy Policy or our privacy practices, or if you wish to exercise your legal rights, please contact our DPO at dpo@crhmoney.com
5. Privacy complaints
You have the right to make a complaint to a supervisory authority about how we process your personal data. If you reside in an EEA (European Economic Area) Member State, you have the right to make a complaint about how we process your personal data to the supervisory authority in the EEA Member State of your habitual residence, place of work or place of the alleged infringement, or the Bulgarian data protection authority (personal data protection commission).
We would appreciate, however, the opportunity to address your concerns before you approach a data protection regulatory authority, so please do not hesitate to contact us in the first instance.
6. Our duties and your duties in case of changes
We regularly review our Privacy Policy. This version was last updated on the date marked at the beginning of the document. From time to time, there will be new versions of this document. Additionally, we will also inform you about substantial changes to this Privacy Policy in a way that will effectively bring the changes to your attention. It is important that the personal data we hold about you is up-to-date and accurate. We remind you that it is your responsibility to keep us informed if your personal data changes during your relationship with us.
7. Third party links
Our Website and any applicable web browser, as well as our mobile application or application programming interface necessary to access the Services ("Applications"), including the Ipermoney app, may include links to third-party websites, plug-ins and applications ("Third Party Sites"). By clicking on such links or enabling such connections, third parties may collect or share data about you. We do not control these third party sites and are not responsible for their privacy notices and policies. When you leave our site or our applications, we encourage you to read the privacy notice or policy of every third party site you visit or use.
8. Information we collect from you
You may provide us with certain information, for example when you request or apply for Services, register to use and/or use any Service, by completing forms on any of our websites or corresponding with us by phone, email, web chat or otherwise. We may collect some of it through automated means, for example using cookies when you visit our websites. Read our Cookie Policy to learn more. We may also obtain data about you from third parties, such as credit reference and fraud prevention agencies.
CRH Money also collects non-personal information or may anonymize personal information to make it non-personal. Non-personal information is information that does not allow the identification of a specific individual, either directly or indirectly. CRH Money may collect, create, store, use and disclose such non-personal information for any reasonable business purpose. For example, CRH Money may use aggregated transactional information for business purposes, such as trend analysis and the use of data analytics to gain insights and understanding about payment transaction patterns and usage.
To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined as personal information under any local law and where such local law is applicable to the Services, we will handle such identifiers as personal information.
Please note that CRH Money provides services to both individual consumers and businesses and this privacy policy applies to both and should be read and interpreted accordingly.
Depending on how and if you use our Services, Website or App (including Ipermoney), we will collect, use, store and transfer different types of personal data about you that we have grouped into categories as follows:
8.1. Data categories
Personal data category |
Examples of specific parts of personal data |
|
Identity data |
name, including a visual image of the face, national identity cards, passports, driving licenses or other forms of identification documents, a visual image of your face that we will use, in collaboration with our subcontractors. |
|
Social identity data |
your group/company data, assessment, compliance assessment |
|
Contact information |
residence details, numbers, documentation proving address. |
|
Financial data |
bank account,
|
|
Transaction data |
bank account, account details, source of funds and related documentation. |
|
Technical data |
Internet connectivity data, Internet Protocol (IP) address, operator and carrier data, login data, browser type and version, device type, category and model, time zone setting and location data, language data, application version and location . and SDK version, browser plug-ins in types and versions, operating system and platform, diagnostic data such as crash logs and any other data we collect for the purpose of measuring technical diagnostics and other information stored or available relating to devices that you allow us to access when you visit the Site, or use the Services or App (including Ipermoney) |
|
Profile data |
your username and password, your accounts, requests from you for products or services, your interests, preferences and feedback, other information generated by you when communicating with us, for example when making a request to our customer service. |
|
Usage data |
information about how you use the Site, Services, mobile applications (including Ipermoney) and other offerings made available by us, including: device download time, installation time, interaction type and time, event time, name and source. |
|
Marketing and communication data |
your preferences in receiving marketing from us or from third parties, |
|
Biometric data |
Data relating to your biometrics is used for verification purposes on the documents provided. The data is processed and retained by Sumsub, for more information please check the provider's website: https://sumsub.com/privacy-notice-service/ |
|
8.2. Special categories of personal data
Some types of sensitive personal data are subject to additional protection under the legislation applicable to you. These are called "special categories" of personal data. Special categories are:
• Personal data revealing racial or ethnic origin.
• Political opinions.
• Religious or philosophical beliefs.
• Trade union membership.
• Genetic data and biometric data processed for the purpose of uniquely identifying a natural person.
• Health-related data.
• Data concerning a natural person's sex life or sexual orientation.
We do not usually collect sensitive personal data or in cases where we are explicitly required to do so, we collect your consent and inform you beforehand about the purpose.
8.3. Refusal to provide personal data
Where we need to collect personal data by law or under the terms of a contract we have with you and you refuse to provide such data when requested, we may not be able to perform the contract we have or are trying to enter into with you – for example, to provide you with Services. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
9. How we collect your data
We use different methods to collect information from and about you, including:
9.1. Direct interaction.
This happens when you visit our Website or Application (including Ipermoney), request our services, open an account, etc.
9.2. Indirect automated interaction.
When you interact with us through our site or our app, we will automatically collect technical data about your equipment, actions and browsing patterns. We collect this personal data using cookies, server logs and other similar technologies. We will also collect Transaction data and Usage data. We may also receive technical data and marketing and communication data about you if you visit other websites that use our cookies.
9.3. Third parties or publicly available sources.
We also obtain information about you, including social identity data, from third parties or publicly available sources. These sources may include:
• fraud and crime prevention agencies,
• a customer who refers you,
• publicly available information on the Internet.
10. How we use your data
10.1. General use
We use the information we collect about you to provide you with the products we offer, to inform you about changes to our products and to improve our products. Your information may also be used to contact you regarding your account, your use of the Services, to alert you to potential problems, as well as to respond to your questions. We also use this information to provide you with information about other products that we or selected third parties offer that are similar to those you have used or shown interest in, or that we think may interest you. If you use one of our financial products, we will also use your information to assess your financial situation and to try to identify and pursue fraud and other abuses of the financial system.
10.2. Legal basis
We will only use your personal data when applicable legislation allows us to. In other words, we must ensure we have a legal basis for such use. Most commonly, we will use your personal data in the following circumstances:
• performance of a contract – we use this basis for the provision of our Services;
• legitimate interests – our interests (or those of a third party), where we ensure we use this basis to the extent that your individual interests and rights do not override such interests;
• compliance with a legal obligation – processing your personal data where it is necessary to comply with a legal obligation to which we are subject;
• consent – free, specific, informed and unambiguous indication of your wishes by which, by a statement or by a clear affirmative action, you express consent to the processing of personal data concerning you.
10.3. Marketing
We may use your identity data, contact data, technical data, transaction data, usage data and profile data to form an opinion on what we think you may want or need, or what might interest you. This is how we decide which products, services and offers might be relevant to you. You will receive marketing communications from us if you have requested information from us and consented to receive marketing communications, or if you have purchased from us and have not opted out of receiving such communications. We will use your marketing and communication data for our respective activities.
10.4. Third party marketing
We will obtain your consent before sharing your personal data with third parties for marketing purposes.
10.5. Opt-out
You can ask us to stop sending marketing messages at any time by following the opt-out links on any marketing message sent to you.
Additionally, you can let us know directly that you prefer not to receive any marketing messages by sending an email to dpo@crhmoney.com
If you opt out of receiving marketing messages, this will not apply to service messages that are directly related to your use of our Services (e.g., maintenance, changes to terms and conditions and so on).
10.6. Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Site may become inaccessible or not function properly. For more information about the cookies we use, see Cookie Preferences.
10.7. Change of purpose
We will use your personal data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.
10.8. Sale or transfer of business
We may also need to process your data in connection with or during the negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving all or part of our shares, activities or assets. This will be based on our legitimate interests in executing such transaction or to satisfy our legal obligations.
11. Disclosure of personal data
We will not disclose your personal information to anyone except as described in this policy.
We may share your personal information with other Group companies or with our partner companies.
Your personal information (if necessary, but generally limited to full name and email address) may be shared with the recipient/sender of a payment in the context of the specific relevant transaction. This could result in the transfer of personal data outside the European Economic Area (EEA) or the United Kingdom. We may share your personal information with third parties to provide you with the products we offer, including service providers, credit reference agencies and financial institutions. We may also share your personal information with third parties, including our or other applicable regulatory authorities and third parties you may have dealt with, to prevent crime and reduce risk, if required by law, where we deem it appropriate, to respond to legal proceedings, for the purpose of investigating a breach of third party business terms, or to protect the rights or property of CRH Money, our customers or others.
12. Data retention
Information we collect from you may be transferred, stored and processed by recipients located in destinations outside the European Economic Area ("EEA"). These countries may have different data protection standards than those of the territory in which you reside. We will take reasonable steps to ensure that recipients use and protect your information securely.
If we have provided you with (or if you have chosen) a password, access code or any other secure means or access or authentication that allows you to access certain parts of our site, you are responsible for keeping this password confidential and complying with our instructions. You must not share credentials with anyone else and you authorize CRH Money to act on instructions and information from anyone who enters your credentials.
The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
13. Data retention
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve such purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements.
Here are some factors we usually consider when determining how long we need to retain your personal data:
● in case of complaint;
● if we reasonably believe there is a prospect of litigation in relation to our relationship with you or if we believe we need to retain information to defend any future legal claims (e.g., email addresses and content, chats, letters will be retained for up to 10 years from the end of our relationship, depending on the applicable statute of limitations in your country).
● to comply with any applicable legal and/or regulatory requirement in relation to certain types of personal data:
– under EU anti-money laundering legislation (Anti-Money Laundering Directives) we are required to retain your personal data for a period of 5 years after the end of the relationship between us as a company and you as a customer; such period may be further extended in some cases if so provided and in accordance with applicable legislation; the same also applies under UK anti-money laundering legislation;
– if information is needed for audit purposes and so on;
● in accordance with relevant industry standards or guidelines;
● in accordance with our legitimate business need to prevent abuse of promotions we launch. We will retain a customer's personal data for the period of the promotion and for a certain period after its end to prevent the appearance of abusive behavior.
Please note that, under certain conditions, you can ask us to delete your data: see your legal rights below for more information. We will respect your deletion request ONLY if the conditions are met.
14. Your legal rights
You have rights that we must make you aware of. The rights available to you depend on the reason we process your personal data. If you need more detailed information or wish to exercise any of the rights listed below, please contact us.
15. Charges
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
16. Time limit for responding to a legitimate request
The legal period provided by GDPR for responding to a legitimate request is one month. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests. Please note that we may ask you to provide some necessary details to verify your identity when you request to exercise a legal right relating to your personal data.
17. Contact us
All comments, questions and requests regarding our use of information are welcome. If you wish to exercise any of your rights, contact us via dpo@crhmoney.com.
It only takes a few minutes to register your FREE Bankio account.