Privacy Policy

(w.e.f. May 25, 2018)

Aftab Currency Exchange Ltd is registered as a data controller with the UK Information Commissioner’s Office with a registration number Z2761765. This privacy policy describes how Aftab Currency Exchange Ltd collects and uses your personal information, including the information you provide on the website: www.acemoneytransfer.com, owned and operated by Aftab Currency Exchange Ltd (ACE, “we”, “us” or “our”) or our mobile application. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

We are committed to protecting and respecting Your privacy and handling Your information in an open and transparent manner.

This policy ("Privacy Policy") explains what information we collect from You, or You provide to us, what we will use it for and with whom we share that information.  The Privacy Policy also sets out Your rights and who You can contact for more information. Please read the following carefully to understand our views and practices regarding Your personal data and how we will treat it

In this Privacy Policy, Your information is sometimes called "personal data". We may also sometimes collectively refer to handling, collecting, protecting and storing Your personal data as "processing" such personal data.
In this Privacy Policy the term "Data Protection Legislation" means the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection.

What data do we collect?

We may collect, record and use information about You in physical and electronic form and will hold, use and otherwise process the data in accordance with the Data Protection Legislation and as set out in this Privacy Policy.
As a regulated financial institution, we are bound by the legal requirement to collect, verify and record certain data about you or recipients of your transactions. All types of data we gather may be used to prevent or detect crime.
We may collect and use the following data:
Basic personal data, such as (but not limited to):

  • Your name
  • Date of birth
  • Address
  • Phone number
  • E-mail address
  • demographic information such as age, education, gender, and interests

This data is necessary for ACE to provide the Service to you. We will request this data when you sign up, before the Service is provided.
Data for ‘Know Your Customer’ (KYC) regulations, such as (but not limited to):

  • Proof of your identity, like a passport, driving license, national ID card or residence permit
  • Proof of your address, like a utility bill or bank statement
  • Additional details on the source of funds being sent, like Occupation details, a pay-slip, credit card statement, tax rebate receipt or bank loan agreement

This data will sometimes be needed to conduct Know Your Customer (KYC), Customer Due Diligence (CDD) and security checks, as required by local and international regulations. This helps us keep your money safe, and we will only request these details when necessary.

Data about your recipient, such as (but not limited to):

We also collect from you information in relation to other people (e.g.: details of the recipients of Your money transfers), where You provide us with such information. By providing us with such information you confirm that you have obtained any necessary permissions from such persons to the reasonable use of their information for such purposes in accordance with this notice, or are otherwise permitted to give us this information on their behalf. Please also ensure that those other people are aware of this notice and that the provisions of this notice are clearly communicated to them.

Data from other third party sources, such as (but not limited to):

  • Facebook, Twitter or Google profile images and names
  • Banks and payment service providers used to transfer money to us
  • Advertising networks
  • Search engines providers (such as Yahoo.com or Google) 
  • Credit reference agencies

ACE collects this data only when you provide the relevant permission to social media sites.

Technical data, such as (but not limited to):

  • Page views
  • App downloads
  • Operating system
  • Browser type

This data is used to help us to understand how you use our Service, so that we can improve it.

When You download our Mobile App, in addition to the information mentioned above we:

  • automatically collect information on the type of device You use, operating system version, and system and performance information. We may send You push notifications from time-to-time in order to update You about any events or promotions that we may be running. If You no longer wish to receive these types of communications, You may turn them off at the device level. To ensure You receive proper notifications, we will need to collect certain information about Your device such as operating system and user identification information;
  • may collect Your location-based information for the purpose of locating a place that You may be searching for in Your area. We will only share this information with our mapping provider for the sole purpose of providing You with this service. Your geo-location data may be shared with third parties for the purpose of them serving You ads for places (such as restaurants) in Your area. You may opt-out of location-based services at any time by editing the setting at the device level; and
  • may use mobile analytics software to allow us to better understand the functionality of our Mobile Software on Your phone. This software may record information such as how often You use the Mobile App, the events that occur within it, aggregated usage, performance data, and where the Mobile App was downloaded from. We do not link the information we store within the analytics software to any personal data You submit within the Mobile App.

Why do we collect your data?

We collect your data to personalise and improve our Service for you. The specific purposes for which we collect your data include:

Transactional purposes 
We need to collect data in order to process your transactions. Without data such as you and your beneficiaries bank account details or full name and address, we would be unable to transfer money for you.

Regulatory purposes
As regulated financial institutions, both ACE and our partners are required to conduct Know Your Customer (KYC) and Customer Due Diligence (CDD) checks to comply with our legal and regulatory requirements.
These include our requirements under Anti Money Laundering (AML) and Counter Terrorist Financing (CTF) legislation. All of this helps us keep our Service safe and secure.

Marketing purposes  We may process your personal data to provide you with certain types of marketing communication that we believe will be relevant and of interest to you. This helps us provide you with a more personalised Service. This kind of activity is permitted by our ‘legitimate interest’ (for more information on legitimate interest, please see Section 8 of this Policy). We will always endeavour to make these communications relevant and unintrusive, and you are able to object to marketing communication from us at any time.

Analytical purposes  We may collect and analyse data such as website or app visit logs in order to improve the quality of our Service.
You do not have to disclose any of the above data to us. However, if you choose to withhold certain data, we may not be able to provide you with our Service.

Legal grounds for using Your personal information

The law permits us to process Your personal data in the way we do because the processing is:

  • necessary for the purposes of the legitimate interests that we pursue, which are:
    • to run and administer our business;
    • to prevent fraud;
    • to provide you with our services;
    • to evaluate, develop or improve our services;
    • to keep you informed about relevant products and services you are using;
    • to discharge our legal obligations to store and disclose information where necessary; and/or
    • to provide You with an efficient and smooth customer experience;
  • necessary for the performance of our contract with You to provide You with our services;
  • necessary in order to comply with a legal obligation to which we are subject; or
  • permitted by You, because You have given us consent

How do we keep your data safe and secure?

All the data that you provide to us is encrypted on our secure servers. We restrict access to your data to specific employees of ACE who have an important business-related reason for handling it. Our communications are encrypted using the TLS (Transport Layer Security) technology protocol.
All of the data we collect from you or from other sources will always be stored in accordance with this Privacy Policy.

How long do we keep your data?

We will only keep the information we collect about You for as long as required for the purposes set out above, or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.
The period for which we will retain information about You will vary depending on the type of information and the purposes that we use it for. In general, we will keep our records for up to 5 years after you have terminated your relationship with us, in order to comply with our legal obligations.
We may retain Your contact information collected for the purposes of sending You marketing communications in accordance with this policy for as long as You do not unsubscribe from receiving the same from us.

Who do we share your data with?

We share your personal data with third parties only when it is necessary for the fulfilment of the Service or to comply with applicable laws.
We will never sell your personal data to other organisations.
We work with partners who help us to complete your transactions. If they are based outside the EEA, we will share your personal data with them only when they apply essential safeguards, or if it has been established by EU institutions that the relevant country has an appropriate data protection regime in place, or when we otherwise ensure that the appropriate level of protection is applied for data processing.
The following are some purposes for which we may share your data with third parties:

To fulfil the contract between you and ACE 
We may share your data with third parties, such as our partners and intermediaries, when they are necessary for the fulfilment of the Service.

When required by law 
We may share your data when required by law, for example for the purposes of security, taxation and criminal investigations.

For marketing and communication 
We may share your data with third parties such as providers of customer service tools, marketing campaign tools, email communication tools, analytics software (for marketing purposes) and data visualisation tools (for analytical purposes).
If we sell or buy any business or assets, we may be obliged to share your personal data with the prospective seller or buyer.

What are your rights?

The law gives you a number of important rights in relation to your personal data, which are listed below.
There are certain exceptions where these rights may be superseded by laws and other requirements applicable to regulated financial institutions like ACE. An example of this would be the obligatory retention period (seen Section 5), which supersedes the right to data erasure.
Your rights are:

  • The right to be informed: the right to be informed about how we use your personal data
  • The right of access and data portability: the right to request access to the data that we have about you, to obtain the data within a month of asking for it, and to use it for your own purposes
  • The right to rectification: the right to correct, amend or update your personal data if it is wrong or has changed (this can usually be done using the settings provided on your account)
  • The right to erasure: the right to ask us to remove the data we hold about you from our records
  • The right to be forgotten: the right to request erasure of any links to your personal data, or of any copy or replication of any public personal data
  • The right to restrict processing: the right to ask us to stop processing your personal data
  • The right to object: the right to object to data processing, if you believe that our legitimate interest might infringe upon your rights
  • Rights related to automated decision-making and profiling: the right not be subject to individual decisions made solely by automated means.
  • The right to notification in the event of breach: the right to be immediately informed if we identify a data breach
  • The right to raise a complaint: the right to contact our Data Protection Officer if you are not happy with how we have handled your personal data
  • The right to lodge a complaint with a supervisory authority: the right to submit a complaint to the Information Commissioner’s Office (ICO) if you are not satisfied with our Data Protection Officer’s response, or if you believe that we are not processing your personal data in a lawful way (For more details please refer to the Commissioner’s Office website

If you would like to read more about your rights in relation to your personal data, please refer to the Information Commissioner’s Office website

Legitimate interest

Legitimate interest is a specific legal justification for the collection and processing of your personal data. It applies when we have reasonable grounds to collect and/or process your personal data to improve our Service, as long as this does not infringe on your rights.

Our legitimate interest may justify some examples of automated decision-making. One of those is our estimated transaction timing, which we use to determine the time in which the transfer will reach your beneficiary.

We believe that if you are an active customer of ACE, it is in your interest to receive occasional information about our Service. We may therefore send you communications about offers or promotions that we believe are relevant for you based on your previous use of the Service. If we notice that you are having problems using our Service, we may on our own initiative decide to contact you, in some cases by phone, to offer help.

We may also process your data to help develop new product features that we believe will improve the Service. We may contact you occasionally to assess your satisfaction with the Service. We may also use your data to determine the effectiveness of marketing or promotional campaigns. We may also contact you with information about any changes in the Service, and/ or other important updates.

We will only share anonymised or encrypted data with the third parties. We may also provide our partners with anonymous aggregated data about our customers for marketing and analytical purposes, to help optimise our marketing communications.

You can object to data processing based on our legitimate interest at any time by contacting us at [email protected] or by changing the settings on your ACE account.

Cookies Policy

Cookies are small text files which are stored on your device when you access ACE. They allow us to recognise you and store data about your past activity and your preferences so that we can personalise and improve the Service for you. Cookies and other similar technologies may collect data such as language preference, country and previously viewed pages.
We use the following cookies:

  • Necessary cookies: these cookies enable the basic use of our Service  e.g. enabling content reserved for registered users
  • Personalisation cookies: these cookies allow our Service to be personalised for you  e.g. remembering your preferred language or sending country
  • Analytical cookies: these cookies allow us to see how people use our Service so that we can understand how to improve it e.g. seeing how many people are logged in at a given time of day

By using our Service, you agree to place the cookies described above on your device. You have the right to withdraw your consent at any time. If you would like to delete our cookies, you can do so by changing the settings of your browser.
Blocking or deleting cookies may mean that some features of the Service may not be available to you. 

Logging in to ACE with your Facebook and Google account

You can log in to ACE using your Facebook or Google profiles. This allows us to authenticate your identity by obtaining access to:

  • Your e-mail address associated with your Facebook and Google profile
  • Your Facebook public profile
  • Your Google basic profile
  • Your Google contacts

Any of your personal data that we receive from third parties will be subject to this Privacy Policy and the privacy policies of those third parties.
By using your Facebook or Google login credentials, your personal data may be processed by Facebook or Google marketing tools. An example of this is the Facebook tool called ‘Lookalike Audiences’ or a similar tool used by Google called ‘Customer Match’. These help us to identify people who have similar interests or behaviours to those of our customers. We may use similar tools provided by Facebook or Google in the future.

Changes in Privacy Policy

ACE may change this Privacy Policy from time to time. Any changes will be effective immediately unless stated otherwise. The date of the most recent update is displayed at the top of the page.
Any dispute or claim arising in connection with this Privacy Policy will be considered in relation to the English version only.

Contact details

You can contact ACE:
By post: 61-67 Pall Mall Court, Manchester M2 4PD, United Kingdom
Via our website: www.acemoneytransfer.com
ACE has a Data Protection Officer who is responsible for matters related to privacy, data protection and data security. Our Data Protection Officer can be contacted at [email protected]com.