Estonia Estonia

Effective From: 15 June 2025

WHO WE ARE

ACE Money Transfer IE Limited (“ACE”, “we”, “us”, “our”) of 19–22 Prosperity Chambers, Baggot Street Lower, Dublin 2, D02 X658, Ireland, with registration number 703066 are responsible for the personal information we hold about you. Personal information means information that is about you which identifies you directly or indirectly. We decide how and why your personal information is processed in accordance with data protection laws and this Privacy Policy describes how we deal with your personal information.

You can contact us at any time if you have queries about this Privacy Policy or wish to exercise any of the rights mentioned in it. You can find the contact details of our Data Protection Officer in the “Contact Details” section below. Where necessary we may request information to verify your identity before responding to your request in order to protect your personal information and prevent unauthorized disclosure.

This Privacy Policy is reviewed and updated periodically. The most current version will always be available on our website, and where required by law we will actively notify you of material changes (for example by email or an in-app notice)

WHAT KINDS OF PERSONAL INFORMATION ABOUT YOU DO WE PROCESS?

We may collect certain personal information which (either on its own or when combined with other information we hold about you) identifies you as an individual and which is about you. Set out below is the personal information that we generally process in connection with all our products and services.

Information that we generally process in connection with all our products and services includes the following:
  • Basic Personal Data
    • Your title, full name, signature, and contact details, including for instance your email address, home and mobile telephone;
    • Your home address;
    • Your date of birth;
    • Your place of birth, nationality; and
    • Demographic information such as age and gender.
    • Account identifiers such as your Customer ID or account reference number (where applicable).
  • Financial information:

    • Transactional Details, including:

    • Transaction Amount & Currency transferred;
    • Transaction Amount & Currency to be received by the payee;
    • Payee Name, Surname, Country, Contact Number & IBAN; and
    • Banks and payment service providers used to transfer money to us.
  • Data to comply with money laundering regulations:
    • Proof of your identity, such as a passport, driving licence, national ID card or residence permit;
    • Proof of address, such as a utility bill or bank statement; and
    • Details on the source of funds being sent, for example occupation details, payslips, credit card statements, tax rebate receipts or bank loan agreements.
    • Where required by applicable law, we may also process information relating to criminal offences or alleged offences for anti-money laundering and fraud prevention purposes, strictly in accordance with data protection laws. Such processing will only be carried out where authorised by applicable law and subject to appropriate safeguards.
    • In certain limited circumstances and for the purpose of prevention of fraud we may process biometric data for the purpose of uniquely identifying you. Where we use such identity verification and facial/liveness verification we do so subject to appropriate safeguards.

  • Personal information obtained from third party sources (where you have provided the relevant consent or where otherwise permitted by law), including:

    • Facebook, Twitter and Google profile contact information, images and names;
    • Banks and payment service providers used to transfer money to us;
    • advertising networks; and
    • search engine providers (such as Yahoo or Google).
  • Technical data, including:
    • information about your visit to our website, including page views, the length of visits to certain pages;
    • app downloads;
    • operating system;
    • IP address
    • device location data, including GPS location data, where available, and enabled on your device; and
    • browser type.
  • When you download our Mobile App, in addition to the information mentioned above we collect and process:
    • Information you give us. This is the information that you choose to give to us about you when you download or register to use the Mobile App, subscribe to our services or by corresponding with us. This information includes identity, contact, financial and marketing and communications data. If you contact us we will keep a record of that correspondence.
    • Most of this information is collected because it is necessary for us to perform our contract with you or to comply with our legal obligations (for example, anti-money laundering checks). In limited cases, such as when you choose to receive marketing communications or use certain optional features, we rely on your consent. Where we rely on consent, we will present you with a clear choice, record your preference, and you can withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
    • Information we collect about you and your device. Each time you use our Mobile App we collect limited technical information to keep the service secure and working, such as the type of device you use, operating system and version, app version, crash/diagnostic logs, and device push token. We use this to deliver the app, ensure performance and security, and send service notifications (e.g., OTPs, transaction alerts, service interruptions). This processing is based on performance of our contract and our legitimate interests in operating a secure service. You can manage service-notification settings in the app or at the device level; if you disable them, some functionality may be affected. Service notifications (such as OTPs and transaction alerts) are sent for account security and transaction processing and are not direct marketing. We may send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device or mobile app level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
    • Location Data. We may collect your location-based information for the purposes of identifying the location from which you are interacting with us. We will only share this information with our mapping provider (https://ipgeolocation.io/) for the sole purpose of providing you with this service. If you wish to use this particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time. You may opt-out of location-based services at any time by editing the setting at the device level. IP-based geolocation may also be used for fraud prevention and service security based on our legitimate interests.
    • Mobile Analytics Data. We may collect this data to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the mobile app, the events that occur within it, aggregated usage, performance data, and where the mobile app was downloaded from. We do not intentionally link the information we store within the analytics software to any personal data you submit within the mobile app. Where mobile analytics involve non-essential tracking technologies, such processing will be subject to your consent where required by applicable law.

WHAT IS THE SOURCE OF YOUR PERSONAL INFORMATION?

We will generally collect your personal information from you directly. If you are introduced to us by another member of ACE group of companies, a broker or other intermediary, we will obtain some personal information about you indirectly from them when they introduce you to us.

In addition, we obtain your personal information from other sources such as Fraud Prevention Agencies, and other organisations to assist in prevention and detection of crime, police and law enforcement agencies. We may also obtain personal information from publicly accessible sources, such as court judgments and publicly available registers. We may obtain such information where this is necessary for compliance with our legal obligations, for the prevention and detection of crime and fraud, and/or where otherwise permitted by applicable law.

Some of the personal information obtained to verify your account will have originated from publicly accessible sources. We use third parties to verify information including identity verification and screening providers. We periodically review these providers to ensure their controls remain appropriate. Where these providers act on our behalf, they do so under appropriate contractual safeguards.

DATA THAT YOU PROVIDE ABOUT THIRD PARTIES

At your request, where you provide us with information about third parties, e.g. recipients of transfers, we will also collect personal information in relation to those people (“Receiver Information”). By providing us with such information you confirm that you have obtained any necessary authorisation from such persons to the reasonable use of the Receiver Information for such purposes in accordance with this Policy, or are otherwise permitted to give to us the Receiver Information on their behalf. Please ensure that those other people are aware of this Policy and that the provisions of this Policy are clearly communicated to them. Where you provide Receiver Information, we use it only for the purposes of completing your transfer, complying with legal and regulatory obligations, and preventing and detecting fraud and crime. We do not use Receiver Information for direct marketing purposes.

WHAT DO WE DO WITH YOUR DATA AND WHO DO WE SHARE IT WITH?

We will only use your personal information when the law allows us to do so. Most commonly we use your personal information for the following purposes:

Transactional Purposes

We need to collect your personal information to process your transactions. To do so we require your and your beneficiaries’ bank account details or full name and address. Without the Receiver Information we would not be able to fulfil your transactions.

Regulatory Purposes

As a regulated institution, ACE must comply with the applicable money laundering, terrorist financing and data protection obligations, such as the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) and other regulations and guidelines enforced by the Central Bank of Ireland. As a result, ACE (and its partners) must conduct Know Your Customer (“KYC”) and Customer Due Diligence (“CDD”) checks to comply with legal and regulatory obligations. Any personal information obtained for the purposes of preventing money laundering or terrorist financing is only used for that purpose unless otherwise required or permitted by applicable law. There may be occasions where use of the data is permitted under another enactment. All of this helps us keep our service safe and secure.

Marketing Purposes

We may process your personal information to provide you with certain types of marketing communications that we believe will be relevant and of interest to you. This helps us to provide a more personalised service. We will always endeavour to make these communications relevant and un-intrusive, and you are able to opt out of our marketing communications at any time.

  • For email, SMS, and push notifications, we will only send marketing communications where you have given us your consent, or, if you are an existing customer, under the limited “soft opt-in” exemption (for our own similar products and services). You can withdraw consent or opt out at any time by using the unsubscribe link in our messages, changing your app/device settings, or contacting us.
  • For postal marketing, we may rely on our legitimate interests in promoting our services. You have the right to object at any time. We will always endeavour to keep our marketing relevant and not excessive, and we will never sell your personal information to third parties for their own marketing.
Analytical Purposes

We may collect and analyse data such as website or Mobile App visit logs, on our own or by using the services of third parties, in order to improve the quality of our service.

  • Where this involves the use of non-essential cookies, SDKs, or similar technologies, we will only process your data with your consent, which you can withdraw at any time through our cookie banner, preference centre, or device settings. For more information, please see our Cookie Policy.
  • For limited essential analytics (e.g., service performance, fraud detection, error logging), we rely on our legitimate interests in maintaining a secure and reliable service.
  • Where we use trusted third-party providers (for example, analytics or monitoring service providers), they act under Data Processing Agreements and may transfer data outside the EEA only with appropriate safeguards (e.g., Standard Contractual Clauses) or other lawful transfer mechanisms permitted under applicable law.

DATA THAT WE PROVIDE TO THIRD PARTIES

All third parties that process or handle personal information on behalf of ACE Money Transfer IE Limited are engaged only under a legally binding contract in which such third parties are bound to:

  • act solely on ACE’s documented instructions;
  • implement appropriate technical and organisational measures to safeguard personal information;
  • maintain confidentiality;
  • ensure secure transfer, storage, and deletion of personal information; and
  • use only authorised other third parties who are under the same obligations.

In accordance with the EU Digital Operational Resilience Act (DORA, Regulation (EU) 2022/2554), ACE performs due diligence at onboarding and periodic risk assessments thereafter of all third-party service providers handling personal information. This includes reviewing their security controls, resilience, incident response readiness and regulatory compliance history.

Only third parties that continue to meet our legal, security and operational standards are authorised to process personal information on our behalf.

In addition, we may share your personal information with third parties when it is necessary for the fulfilment of the service or to comply with applicable laws. Depending on the purpose, this may include Basic Personal Data, Financial Information, anti-money laundering and due-diligence data, personal information obtained from third-party sources, and technical data. We set out below some purposes for which we may share your personal information with third parties:

  • we may share your Basic Personal Data, Financial Information and data to comply with money laundering regulations with third parties, such as our partners and intermediaries including our recipient pay-out partners and our mapping provider, our professional advisors including legal advisors, auditors and actuaries, subcontractors, processors and outsourced service providers when they are necessary for the fulfilment of our service to you;
  • we may share your Basic Personal Data, Financial Information, data to comply with money laundering regulations, Personal information obtained from third party sources and technical data with other organisations and businesses who provide services to us, such as back-up and hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back-office functions;
  • we may share your Basic Personal Data, Financial Information and data to comply with money laundering regulations with other payment services providers such as when you ask us to share information about your account with them and with financial institutions and trade associations;
  • we may share your Basic Personal Data, Financial Information, data to comply with money laundering regulations, Personal information obtained from third party sources and technical data when required by law, for example for the purposes of security, taxation and criminal investigations, including with governmental and regulatory bodies, tax authorities here and overseas, for instance if you are subject to tax in another jurisdiction;
  • we may share your Basic Personal Data, Financial Information, data to comply with money laundering regulations, Personal information obtained from third party sources and technical data with a court of law and with other organisations where that is necessary for the administration of justice, to protect vital interests and/or to protect the security or integrity of our business operations;
  • we may also share your Basic Personal Data and a record of your marketing preferences with other companies within the ACE group of companies for the purposes of sending you marketing communications only where you have provided clear specific and informed opt-in consent, including consent to (i) the sharing of your personal data with the relevant ACE group company for marketing purposes and (ii) being contacted by that group company via the relevant communication channel(s) (such as email, SMS, WhatsApp, push notifications or other electronic means). Such consent will be recorded and you may withdraw it at any time. For postal marketing communications sent by post, we may rely on our legitimate interests where permitted by law, and you have the right to object at any time. We may also share this data with market research organisations acting under contractual obligations as our processors who help us to develop and improve our products and services;
  • we may share Basic Personal Data, Financial Information, data to comply with money laundering regulations, Personal information obtained from third party sources and technical data with buyers of ACE or the ACE group of companies and their professional representatives as part of any restructuring or sale of our business or assets (and, where necessary, during due diligence under appropriate confidentiality and security controls this personal information will only be shared on the completion of any such sale); and
  • we may also share your Basic Personal Data with credit reference agencies for the purposes of identity verification, assessing creditworthiness, and fraud prevention (see below where we explain more).

WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING WHEN WE SHARE IT WITH OTHERS)?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing more than one legal ground may be relevant (except where we rely on consent). Here are the legal grounds that are relevant to us:

  1. Processing necessary to perform our contract with you or for taking steps prior to entering into it:

    2. We process the following personal information:

    • Title, full name, signature, and contact details,
    • Your home address;
    • Your date of birth;
    • Your place of birth, nationality;
    • Demographic information such as age and gender;
    • Location data;
    • Financial information (such as the amount you transfer and payee details);
    • Banks and payment service providers used to transfer money to us;

    for the purposes of:

    • Administering and managing your account and related services, including updating your records and contacting you about your account;
    • Sharing your personal information with other payment services providers such as when you ask us to share information about your account with them;
    • All stages and activities relevant to processing your transaction(s) including enquiry, registration, administration, management and requests for transfers; and
    • For certain types of profiling and automated decision-making where this is strictly necessary for entering into or performing a contract with you (for example, automated fraud prevention checks or transaction approvals that must be carried out in order to provide the service). Where such processing takes place, you have the right to obtain human intervention, to express your point of view, and to contest the decision

  2. Processing that is necessary for legitimate interests:

    3. Where we consider that it is appropriate for us to do so we process the following personal information:

    • Data obtained from third party sources, such as:

      • Facebook, Twitter and Google profile contact information, images and names;
      • Banks and payment service providers used to transfer money to us;
      • Advertising networks; and
      • Search engine providers (such as Yahoo or Google);

    • Technical data, such as:

      • Information about your visit to our website, including page views, the length of visits to certain pages;
      • App downloads;
      • Operating system;
      • IP and GPS address; and
      • Browser type;

    • When you download our Mobile App:

      • Location data;
      • Mobile analytics data, such as information on how often you use the mobile app, the events that occur within it, aggregated usage, performance data, and where the Mobile App was downloaded from;
      • Information about your device, such as the type of device you use, operating system version, and device and performance information;

    for the purposes of:

    1. Administering and managing your account and services relating to that, updating your records, tracing your whereabouts to contact you about your account and recent transactions, to assess your credit worthiness and advise you in relation to products and services;
    2. To test the performance of our products, services and internal processes;
    3. To adhere to guidance and best practice under the regimes of governmental and regulatory bodies;
    4. For management and audit of our business operations including accounting and insurance;
    5. To carry out searches to verify your account at the time of the first transaction, and following notification of any changes to your address;
    6. To carry out monitoring and to keep records (see below);
    7. To administer our good governance requirements and those of other members of our group;
    8. For direct marketing communications carried out on the basis of our legitimate interests only where permitted by law (for example, postal marketing or electronic marketing to existing customers about our own similar products and services under the “soft opt-in” exemption), and we will always provide a clear and easy opt-out in every message;
    9. For limited profiling and automated decision-making that supports our services and does not produce legal or similarly significant effects on you (for example, estimating transaction timing or analysing aggregated usage patterns). Where profiling or automated decision-making could have legal or similarly significant effects, we will not rely on legitimate interests and will only carry out such processing where it is necessary for a contract, required by law, or based on your explicit consent, and you will have the right to obtain human intervention, to express your point of view, and to contest the decision; and
    10. When we share your personal information with these other people or organisations;
      • Our legal and other professional advisers, auditors and actuaries;
      • Financial institutions and trade associations;
      • Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back-office functions;
      • Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
      • Credit Reference Agencies (see below where we explain more); and
      • Market research organisations who help us to develop and improve our products and services.
      • Other companies within ACE group of companies for direct marketing communications only where permitted by law for example, postal marketing, which may be carried out on the basis of our legitimate interests, subject to your right to object at any time). For electronic direct marketing communications (such as email, SMS, WhatsApp or push notifications) relating to the products or services of another ACE group company, we will only share your contact details with that group company where you have provided a clear, specific and informed opt-in consent identifying the relevant group company and the communication channel(s) to be used (where required by applicable law) and we will record such consent, which you may withdraw at any time. In all cases, you can opt out at any time

  3. Processing necessary to comply with our legal obligations:

    4. We process the following personal information:

    • Proof of your identity;
    • Proof of address, such as a utility bill or bank statement;
    • Details on the source of funds being sent (where required);

    for the purposes of:

    1. For compliance with laws that apply to us, such as under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) and other regulations and guidelines enforced by the Central Bank of Ireland;
    2. For establishment, defence and enforcement of our legal rights or those of any other member of our group;
    3. For activities relating to the prevention, detection and investigation of crime;
    4. To carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies pre-application, at the application stage, and periodically after that.
    5. To carry out monitoring and to keep records (see below);
    6. To deal with requests from you to exercise your rights under data protection laws;
    7. To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud) we only process information about offences where authorised by law; and
    8. When we share your personal information with these other people or organisations:
      • Other payment services providers such as when you ask us to share information about your account with them;
      • Law enforcement agencies, governmental and regulatory bodies,

  4. Processing with your consent:

    5. When you request that we share your personal information with someone else and consent to that;

    • a. For direct marketing communications; and
    • b. For some of our profiling and other automated decision-making processing.

CONSENT

We may also, from time to time, ask you for your consent for other processing purposes, which we will explain to you at the time. Much of what we do with your personal data is not based on your consent and is instead based on the above legal grounds. Consent will always be freely given, specific, informed and unambiguous.

HOW AND WHEN CAN YOU WITHDRAW YOUR CONSENT?

For processing that is based on your consent, you have the right to withdraw that consent for future processing at any time. You can do this by contacting us using the details below. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal. The consequence might be that we cannot send you some marketing communications or provide certain optional features or processing activities that are based on your consent (but this outcome will be relevant only in cases where we rely on consent).

IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE THE EEA?

We are based in Ireland but sometimes your personal information may be transferred outside Ireland and the European Economic Area. If it is processed within the EU or other parts of the European Economic Area (EEA) then it is protected by the same EU data protection standards. Some countries outside the EEA have been deemed by the European Commission to provide an adequate level of protection for personal information (“adequacy decisions”). Where there is no adequacy decision, we will ensure that appropriate safeguards are in place — for example, by using the European Commission’s Standard Contractual Clauses (SCCs) together with supplementary measures where necessary — before transferring your personal information. For more information about these safeguards and how to obtain a copy of them please contact us using the contact details provided at the end of this Privacy Policy.

From time to time, your personal information may be transferred to, stored in or accessed from a destination outside the EEA. It may also be processed by staff operating outside of the EEA who work for us, or one of our partners.

Our service facilitates the transfer of currency to jurisdictions across the globe. The recipient pay-out partner will request information to verify the identity of the sender. Your personal information will therefore be transferred to the jurisdiction to which you choose to transfer the money as this is necessary for the performance of the contract with you and for compliance with applicable legal and regulatory obligations.

Where such transfers are required to complete a transaction you have requested, we will rely on an adequacy decision or appropriate safeguards (such as SCCs) where available. Where an adequacy decision or appropriate safeguards are not available for the relevant destination or pay-out partner, and the transfer is necessary to carry out the money transfer you have requested, we may rely on a transfer exception permitted by law. We will only rely on your explicit consent in limited circumstances where required and after informing you of any potential risks.

All information you provide to us is stored on our secure servers. Our servers are hosted in Ireland and the information is encrypted.

Unfortunately, transmission of information via the internet cannot be considered completely secure. We do our utmost to protect your personal information, however we cannot guarantee the security of those transfers. Any transmission of your personal information is at your own risk. While ACE implements industry-standard encryption and security protocols, transmission of information over the internet always carries inherent risks, and absolute security cannot be guaranteed. Customers are advised to take appropriate measures, such as safeguarding login credentials, when interacting with our services.

Once we have received your personal information, we will use strict procedures and security controls to try to prevent unauthorised access.

WHAT SHOULD YOU DO IF YOUR PERSONAL INFORMATION CHANGES?

You should tell us without delay so that we can update our records. Keeping your information accurate and up to date helps us meet our legal obligations and ensures we can continue to provide our services effectively. You can notify us of any changes by contacting us through the details provided in this Privacy Policy or via your account settings (where available). From time to time, we may also take steps to verify that the information we hold remains accurate.

DO YOU HAVE TO PROVIDE YOUR PERSONAL INFORMATION TO US?

We are unable to provide you with products and services or to process your application without having personal information about you. This processing is necessary either for the performance of our contract with you or for compliance with our legal obligations. Your personal information is required before you can open an account with us, or it is required during the life of that contract, or it is required so we can comply with legal obligations that apply to us. If we do not receive this information, this may impact our ability to continue dealing with you in compliance with our obligations and internal policies.

In cases where providing some personal information is optional, we will make this clear. For instance, we will say in application forms, in branch or on our website if alternative (such as work) telephone number or contact details can be left blank.

DO WE DO ANY MONITORING INVOLVING PROCESSING OF YOUR PERSONAL INFORMATION?

In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person face to face meetings and other communications.

We may monitor where permitted by law and we will do this where the law requires it. In particular, where we are required by the regulatory regime to record certain company telephone lines or in person meetings (as relevant) we will do so.

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks on your account) and for quality control and staff training purposes.

Some of our monitoring may check for obscene or profane content in communications.

We may conduct short term carefully controlled monitoring of your activities on your account(s) where this is necessary for our legitimate interests or to comply with our legal obligations. For instance, where we suspect fraud, money laundering or other crimes.

Email exchanges, web chat, telephone calls and in person meetings between us and you in connection with your application and/or your account(s) may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for the quality control and staff training purposes.

Recordings and monitoring data will be retained only for as long as necessary to fulfil the purposes outlined above and in accordance with our Records Retention Policy.

PROFILING AND OTHER AUTOMATED DECISION MAKING

This section is relevant where we make decisions about you using only technology, and where none of our employees or any other individuals have been involved in the process. For instance, in relation to transactions, triggers and events such account opening anniversaries and maturity dates. We may also use profiling to help determine what marketing communications are most relevant to you, to analyse statistics, or to assess lending and insurance risks.

We will only carry out profiling or automated decision-making where permitted by law:

  • Where the activity is low-impact and does not produce legal or similarly significant effects on you, we may rely on our legitimate interests, as described in this Privacy Policy.
  • Where the decision could have legal or similarly significant effects, we will only carry out such processing if it is necessary for entering into or performing a contract with you, is authorised by law, or is based on your explicit consent and will implement appropriate measures to safeguard your rights and freedoms.

In those cases, we will inform you when such automated decision-making takes place, and you have the right to obtain human intervention, to express your point of view, and to contest the decision.

You also have a separate right to object to profiling carried out for direct marketing purposes at any time (see ‘rights to object’ below).

FOR HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

Unless we explain otherwise to you, we will hold your personal information for the duration of any contract you have with us, for as long as you keep using our Mobile App and website, for the duration of any complaint handling procedure relating to you or to deal with any subsequent claim or dispute that might arise in connection with your relationship with us. These are determined in accordance with our Retention Policy. We also hold your personal information for such a period of time as is necessary to comply with our legal and regulatory obligations, for example, anti-money laundering and customer due diligence records must generally be kept for at least five years after the end of our relationship with you or completion of an occasional transaction.

We may retain your contact information collected for the purposes of sending you marketing communications in accordance with this Policy for as long as you do not unsubscribe from receiving such communications from us.

WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LAWS?

You have the following rights under data protection laws.

  • The right to be informed about your processing of your personal information;
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
  • The right to object to processing of your personal information;
  • The right to restrict processing of your personal information;
  • The right to have your personal information erased (the “right to be forgotten”);
  • The right to request access to your personal information and to obtain information about how we process it;
  • The right to move, copy or transfer your personal information (“data portability”);
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

If you have given your consent to the processing of your personal data, you have the right to withdraw this consent at any time. If you do withdraw consent at any time, this will not affect the lawfulness of the processing based on consent up until that time.

These rights do not apply in all circumstances and are subject to various exemptions which we will explain if you wish to exercise any of these rights.

We may request proof of identity before responding, and we may refuse or charge a reasonable fee for requests that are manifestly unfounded or excessive.

If you wish to exercise any of these rights against the Credit Reference Agencies or any other intermediary who is data controller in its own right, you should contact them separately.

You have the right to complain to the Irish Data Protection Commission which enforces data protection laws: https://www.dataprotection.ie/. You may also lodge a complaint with the supervisory authority in the EU/EEA Member State of your residence, place of work, or where you believe an infringement of data protection law has occurred.

DATA ANONYMISATION AND USE OF AGGREGATED INFORMATION

Your personal information may be converted into statistical or aggregated data that cannot reasonably be used to re-identify you. Once anonymised, such data is no longer considered personal data under data protection laws. It may then be used to produce statistical research and reports. This aggregated non-personal information may be shared and used for purposes outside of this Privacy Policy.

YOUR MARKETING PREFERENCES AND WHAT THIS MEANS

We may use your home address, phone numbers, email address and social media (e.g. Facebook, Google and message facilities in other platforms to contact you and send you communications about offers or promotions that we believe are relevant for you based on your previous use. We will also remind you from time to time of your marketing options if you have shown an interest in receiving such. We will only do this if we have a legal ground which allows it under data protection laws – see above for our legal ground for marketing. You can opt out of our marketing at any time by contacting us (details of which can be found at the end of this Policy) or by following the instructions on how to do that in the marketing email or other communication.

We will only send you marketing where we have a lawful basis under data protection laws. This may be based on your consent (for example, where required for electronic communications to new customers) or on our legitimate interests, such as the “soft opt-in” exemption for existing customers in relation to our own similar products and services.

DATA COLLECTION POLICIES FROM OTHER ORGANISATIONS

We have mentioned that we share your personal information with beneficiary banks, partners who help us to complete your transactions and Credit Reference Agencies.

These organisations act as independent data controllers in their own right and determine how and why they process your personal information and require us to pass on information about you so that they can perform their services or functions. Their privacy Policies are separate from ours, and you should review them directly for more information on how they process your data.

In addition, when you log into your account via Facebook, Google, YouTube, Instagram, Twitter or LinkedIn your data will be processed in accordance with the privacy policies of those platforms. Your personal information will therefore also be subject to those third-party data collection policies, which are governed by the relevant platform’s own terms and privacy Policy. We recommend that you review those platform privacy policies before using those login options.

In circumstances where you use your Facebook or Google login credentials to create and/or log in to your account your personal information may be processed by Facebook or Google marketing tools. These tools may identify individuals and target content or advertisements based on interests or behaviours that are similar to those of our customers, in line with the respective platform’s policies.

CHANGES IN PRIVACY POLICY

ACE may change this Privacy Policy from time to time. All changes to this Privacy Policy are effective when they are posted on this page. When we change the Privacy Policy in a material manner, we will let you know via email and/or a prominent notice on our Site. The date of the most recent update is displayed at the top of the page.

CONTACT DETAILS

You can contact us by post: 19–22 Prosperity Chambers, Baggot Street Lower, Dublin 2, D02 X658, Ireland or via our website: https://acemoneytransfer.com/

You can contact our Data Protection Officer via email: privacy@acemoneytransfer.com