Privacy Policy

UNITED KINGDOM - Data Privacy Notice (Effective Date - 11/09/19)

In this Data Privacy Notice ("Privacy Notice") we explain how we collect and use your personal information that we obtain when you use our services, visit or use our websites or mobile applications or otherwise interact with us in the European Economic Area ("EEA"), how we share your information and the steps we take to protect your information.

1. Who we are and the application of this Privacy Notice

This Privacy Notice applies to Toprate Mutual Finance Limited("TMFL", "we", "our"; or "us"). We are committed to the privacy and security of your Personal Data (as defined in section 2 below). This Privacy Notice describes how we collect and use Personal Data, in accordance with applicable law and our standards of ethical conduct. Toprate Mutual Finance Limited at 822 High Road, Tottenham London N17 0EY, United Kingdom, will be the "data controller" in relation to any Personal Data provided to us directly in person, or via email, phone, and post or via the following website: www.topratepay.com (the "Website"). This means that TMFL is responsible for deciding how it will hold and use Personal Data about you. Data Protection Officer can be contacted:

• By email at: compliance@topratepay.com
• By post to: 822 High Road,Tottenham London N17 0EY.

Attn.: Data Protection Officer

By using or navigating the Website or any product or service offered by us (collectively, the "Services"), you acknowledge that you have read, understand and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice. We encourage you to review and check the Website regularly for any updates to this Privacy Notice. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Notice as it applies from time to time.

2. Data Protection principles

"Personal Data" means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to you or your beneficiary's physical, physiological, mental, economic, cultural or social identity. We are committed to complying with applicable data protection laws and will make sure that Personal Data is:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with those purposes;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about; and
• Kept securely.

3. What Personal Data do we collect and how do we collect it?

Personal Data you give us. We may collect Personal Data when you give it to us, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak to us over the telephone, when you speak to us in person, when you write to us and when you visit the Website. We will also collect details of transactions you carry out through the Website and of the fulfillment of such transactions.

The types of Personal Data we collect will depend on the products or services you have requested from us. Any Personal Data collected is necessary for us to perform a contract and without such data we may not provide the desired Services.

We may collect and process the following Personal Data:

• Personal details, such as data which may identify you and/or the beneficiary of your transaction with us. This may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, sex, images, signature, passport/visa details;
• Financial details, such as data relating to you and your beneficiary's payment data and bank account obtained for the purposes of money transfers; and/or
• Additional details requested by law enforcement or requested pursuant to our compliance procedures in connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as relationship to the beneficiary of the transaction, the purpose of the transaction and proof of funds.

Cookies and similar technologies. When you use our Website or mobile apps we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:

• To measure the use of our Website and Services, including number of visits, average time spent on a Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs) etc., and to improve the content we offer;
• To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
• As part of our efforts to keep the Website safe and secure;

Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent you from using certain parts of our Website. It will also mean that some features on our Website will not function if you do not allow cookies.

4. How we use your Personal Data?

We use Personal Data and other data you provide to us only for the following purposes permitted by applicable laws:

• When necessary for the performance of a contract with you: we may use your data on the basis of our need to perform our obligations under a contract with you, to complete your transactions or other requests made by you, to respond to and process your queries or requests, or to contact you as necessary in connection with our performance of a contract with you. For example, if you enter into a contract for our remittance services, your data will necessarily be shared with the payment service provider that will pay out funds to your designated beneficiary in the remittance destination country, it may be shared with our agents and/or contractors to facilitate the refund of a qualifying payment order to you, and it may be used if we find it necessary to contact you in connection with our contract.

• When necessary to comply with a legal or regulatory obligation:we may use your data to comply with legal requirements and/or regulations specific to our business. For example, when you contract with us for remittance services, we are required to perform a certain level of due diligence prescribed by law and/or commensurate with any assessed risk which may result in the reporting of your data to legal and/or regulatory authorities and/or a request from us for additional information from you to assist in our risk assessment and/or to satisfy our compliance obligations.

• When you have provided your consent for the processing: if you have consented and you have not withdrawn your consent, we may contact you with marketing communications in relation to our Services or the services and products of TMFL Companies (see Section 10 Direct Marketing, below).
• When necessary in the pursuit of a legitimate interest of TMFL: if you provide information to us online or transact with us online, we may use your data to improve the content of our Website and Services in order to enhance your experience. We may use data, such as IP addresses and anonymous demographic data, to tailor your experiences with our Services by showing content in which we think you will be interested and displaying content according to your preferences. We may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of our Services. We also may use the data collected to evaluate and improve our Services and analyse traffic to our Services.

If in the future we use your Personal Data in the pursuit of our legitimate interest, we will strive to align our interests with yours such that under no circumstances will your data be used except as consented to by you or as otherwise permitted by applicable laws.

In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such data without further notice to you.

5. Is data collected shared with third parties?

TMFL Companies

We may share your personal data with other TMFL Companies in order to enable or facilitate us to provide you with any of the Services you have requested, where you have asked us to do so, to provide the Services to you outside of normal UK business hours and, where you have consented and not withdrawn your consent, for the TMFL Companies' direct marketing purposes.

Third-party service providers

We may share your Personal Data with the following third-party service providers to manage, enable or facilitate certain aspects of the Services (including the maintenance of our servers and processing or fulfilling orders for transactions):

• Compliance verification service providers
• Financial services providers, such as banks (Some of which are based outside the EEA)
• Credit control or debt collection agencies

We have safeguards in place with such third-party service providers requiring them to protect your personal data. To obtain a copy of the relevant safeguard measures please contact the Toprate Mutual Finance Ltd Data Protection Officer as indicated in Section 1 above.

Corporate Process

We may transfer your Personal Data to a third party as a result of a sale, acquisition, merger or reorganization involving TMFL, a company within the TMFL Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to make sure that your information is properly protected.

Legal and Regulatory

We may also disclose your Personal Data in special cases if required to do so by law enforcement agencies, law, court order, or other governmental authority, or when we believe in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to–or interfering with–; the rights or property of TMFL, the Services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).

Sharing Personal Data outside the United Kingdom

The nature of our products and Services means that we may need to share your Personal Data with recipients based in countries outside of the United Kingdom, including in the EEA and outside the EEA. The countries to which we may need to send your information would normally be obvious to you based on your requested transaction.

As explained above, we may share your personal data within the TMFL Group, which may involve transferring your data outside the EEA. Where we do so, we will ensure a similar level of protection to that afforded in the EEA; for example, on the basis the relevant recipient country has been deemed by the European Commission to provide an "adequate" level of protection for Personal Data or by contractual provisions that seek to ensure a level of protection and safeguarding of Personal Data.

If our use of third-party service providers involves sharing your Personal Data outside the EEA, we will make sure the service provider provides safeguards and assurances regarding the protection of your Personal Data.

How long is Personal Data retained?

Personal Data is used for different purposes and is subject to different standards and regulations. In general, Personal Data is retained for as long as necessary to provide you with the Services you request, to comply with applicable legal, accounting or reporting requirements and to make sure that you have a reasonable opportunity to access the Personal Data.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example:

• Legal and Regulatory Requirements. TMFL shall retain Personal Data and transactional data for those periods required to comply with all retention and reporting obligations under applicable laws, including without limitation commercial, tax and anti-money laundering laws and regulations. Generally, this retention period will be a minimum of five years from the date of your transaction or the date our business relationship with you is terminated.
• Customer Service (administration of customer relationship, complaint handling, etc.). TMFL may process and retain your Personal Data for as long as we have an on-going relationship with you. Once our relationship has ended (for example because the Services have been delivered and paid for in full, or you have exercised your right to withdraw from the contract), we will, subject to any retention requirements under applicable laws, erase or anonymise your Personal Data.
• Personal Data provided to us for marketing purposes may be retained until you opt out or until TMFL becomes aware that any such data is inaccurate.

You may obtain a copy of our Retention Policy by contacting our Data Protection Officer.

7. Is correspondence that you send to us saved?

Yes. If you send us correspondence, including emails and faxes, we may retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any TMFL Group company, our partners, and our suppliers. We will retain these records in line with our Retention Policy.

8. Data Security

We are committed to maintaining the security of your Personal Data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.

We employ modern and secure techniques to protect our systems from intrusion by unauthorized individuals, and we upgrade our security regularly as better methods become available. Our data centers and those of our partners utilise state-of-the-art physical security measures to prevent unauthorised access to the facility. In addition, all Personal Data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access. All TMFL employees who have access to, or are associated with, the processing of Personal Data are contractually obliged to respect the confidentiality of your data and abide by the privacy standards we have established. Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of Personal Data.

9. Does this Privacy Notice apply to other websites?

No. Our Website may contain links to other internet websites. By clicking on a third-party advertising banner or certain other links, you will be redirected to such third-party websites.

We are not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third-party administrators or webmasters before providing any Personal Data.

10. Direct marketing

With your consent, TMFL or a TMFL Company may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for our Services or at another point) and you have not withdrawn such consent or if there is another legitimate basis to send such communications to you.

All marketing emails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time.

Additionally, you can unsubscribe from marketing by contacting us by a method described in Section 13 of this Privacy Notice.

You should note that we are opposed to third-party spam mail activities and do not participate in such mailings, nor do we release or authorise the use of customer data to third parties for such purposes.

11. What are my data protection rights?

Subject to verification of your identity, you may request access to and have the opportunity to update and amend your Personal Data. You may also exercise any other rights you enjoy under applicable data protection laws. Please use the contact details in Section 13 of this Privacy Notice. "Data Subjects" have the right to:

• 1. Request access to any Personal Data we hold about them as well as related data, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making;
• 2. Obtain without undue delay the rectification of any inaccurate Personal Data we hold about them;
• 3. Request that Personal Data held about them is deleted provided the Personal Data is not required by us, a TMFL Company for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
• 4. Under certain circumstances, prevent or restrict processing of your Personal Data, except to the extent processing is required for the establishment, exercise or defence of legal claims; and
• 5. Under certain circumstances, request transfer of Personal Data directly to a third party where this is technically feasible.

Also, where you believe that TMFL has not complied with its obligations under this Privacy Notice or the applicable law, you have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have, and we will respond in line with our Complaints Procedure (see Section 12 of this Privacy Notice).

12. Privacy-related complaints procedure

Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you have the right to make a complaint to a Data Protection Authority or through the courts.

Although not required, we would encourage you to let us know about any privacy-related complaint you might have, and we will respond in line with our complaints procedure–our contact details are set out below.

Privacy-related complaints or concerns can be lodged with our privacy team:

• By email at: compliance@topratepay.com
• By post to: 822 High Road, Tottenham, London N17 0EY, United Kingdom

Attn.: Data Protection Officer

TMFL employees are required to direct any privacy-related complaints or concerns to our privacy team.

TMFL will aim to send an acknowledgement within 10 days of receipt of the complaint/concern.

TMFL will conduct an investigation in accordance with relevant laws and will aim to respond substantively within 28 days of receipt of the complaint/concern.

If further time is required to investigate your complaint/concern, TMFL will write to you within 28 days of receiving the complaint/concern, informing you of the investigation timeline which will be no longer than an additional two months for the complaints procedure to be concluded.

In the case of a rejection of the complaint, TMFL will provide you with a written explanation for the rejection.

If the complaint/concern is considered justified, TMFL will take reasonable steps to try to address the complaint/concern to your reasonable satisfaction.

If you are not satisfied with the reply/outcome, or otherwise with the handling of the complaint, you have the right to lodge a claim before a relevant Data Protection Authority or the courts. In the United Kingdom the Data Protection Authority is the Information Commissioner's Office (website: https://ico.org.uk/for-the-public/ and telephone: 0303 123 1113).

For all other complaints or concerns about our Services that are unrelated to privacy, please contact our Customer Service Team on

Contact us

If you have any questions or concerns about this Privacy Notice or TMFL's data practices, please contact our privacy team:

• By email at: compliance@topratepay.com
• By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

Attn.: Data Protection Officer

Any complaints will be handled in line with our complaints procedure as set out in Section 12 of this Privacy Notice.

EUROPE - Data Privacy Notice – Effective Date - 11/09/19

In this Data Privacy Notice ("Privacy Notice") we explain how we collect and use your personal information that we obtain when you use our services, visit or use our websites or mobile applications or otherwise interact with us in the European Economic Area ("EEA"), how we share your information and the steps we take to protect your information.

1. Who we are and the application of this Privacy Notice

   This Privacy Notice applies to Toprate Mutual Finance Ltd Limited ("TMFL", "we", "our"; or "us"). We are committed to the privacy and security of your Personal Data (as defined in section 2 below). This Privacy Notice describes how we collect and use Personal Data, in accordance with applicable law and our standards of ethical conduct. Toprate Mutual Finance Ltd Limited at 822 High Road, Tottenham, London N17 0EY, United Kingdom, will be the "data controller" in relation to any Personal Data provided to us directly in person, or via email, phone, and post or via the following website: www.topratepay.com (the "Website"). This means that TMFL is responsible for deciding how it will hold and use Personal Data about you. Data Protection Officer can be contacted:

   • By email at: compliance@topratepay.com
   • By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

   Attn.: Data Protection Officer

   By using or navigating the Website or any product or service offered by us (collectively, the "Services"), you acknowledge that you have read, understand and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.
   We encourage you to review and check the Website regularly for any updates to this Privacy Notice. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Notice as it applies from time to time.

2. Data Protection principles

   "Personal Data" means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to you or your beneficiary's physical, physiological, mental, economic, cultural or social identity. We are committed to complying with applicable data protection laws and will make sure that Personal Data is:

   • Used lawfully, fairly and in a transparent way;
   • Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with those purposes;
   • Relevant to the purposes we have told you about and limited only to those purposes;
   • Accurate and kept up to date;
   • Kept only as long as necessary for the purposes we have told you about; and
   • Kept securely.

3. What Personal Data do we collect and how do we collect it?

   Personal Data you give us. We may collect Personal Data when you give it to us, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak to us over the telephone, when you speak to us in person, when you write to us and when you visit the Website. We will also collect details of transactions you carry out through the Website and of the fulfillment of such transactions.

   The types of Personal Data we collect will depend on the products or services you have requested from us. Any Personal Data collected is necessary for us to perform a contract and without such data we may not provide the desired Services.

   We may collect and process the following Personal Data:

   • Personal details, such as data which may identify you and/or the beneficiary of your transaction with us. This may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, sex, images, signature, passport/visa details;
   • Financial details, such as data relating to you and your beneficiary's payment data and bank account obtained for the purposes of money transfers; and/or
   • Additional details requested by law enforcement or requested pursuant to our compliance procedures in connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as relationship to the beneficiary of the transaction, the purpose of the transaction and proof of funds.

   Cookies and similar technologies. When you use our Website or mobile apps we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:

   • To measure the use of our Website and Services, including number of visits, average time spent on a Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs) etc., and to improve the content we offer;
   • To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
   • As part of our efforts to keep the Website safe and secure;

   Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent you from using certain parts of our Website. It will also mean that some features on our Website will not function if you do not allow cookies.

4. How we use your Personal Data?

   We use Personal Data and other data you provide to us only for the following purposes permitted by applicable laws:

   • When necessary for the performance of a contract with you: we may use your data on the basis of our need to perform our obligations under a contract with you, to complete your transactions or other requests made by you, to respond to and process your queries or requests, or to contact you as necessary in connection with our performance of a contract with you. For example, if you enter into a contract for our remittance services, your data will necessarily be shared with the payment service provider that will pay out funds to your designated beneficiary in the remittance destination country, it may be shared with our agents and/or contractors to facilitate the refund of a qualifying payment order to you, and it may be used if we find it necessary to contact you in connection with our contract.
   • When necessary to comply with a legal or regulatory obligation: we may use your data to comply with legal requirements and/or regulations specific to our business. For example, when you contract with us for remittance services, we are required to perform a certain level of due diligence prescribed by law and/or commensurate with any assessed risk which may result in the reporting of your data to legal and/or regulatory authorities and/or a request from us for additional information from you to assist in our risk assessment and/or to satisfy our compliance obligations.
   • When you have provided your consent for the processing: if you have consented and you have not withdrawn your consent, we may contact you with marketing communications in relation to our Services or the services and products of TMFL Companies (see Section 10 Direct Marketing, below).
   • When necessary in the pursuit of a legitimate interest of TMFL: if you provide information to us online or transact with us online, we may use your data to improve the content of our Website and Services in order to enhance your experience. We may use data, such as IP addresses and anonymous demographic data, to tailor your experiences with our Services by showing content in which we think you will be interested and displaying content according to your preferences. We may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of our Services. We also may use the data collected to evaluate and improve our Services and analyse traffic to our Services.

   If in the future we use your Personal Data in the pursuit of our legitimate interest, we will strive to align our interests with yours such that under no circumstances will your data be used except as consented to by you or as otherwise permitted by applicable laws.

   In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such data without further notice to you.

5. Is data collected shared with third parties?

   TMFL Companies
   We may share your personal data with other TMFL Companies in order to enable or facilitate us to provide you with any of the Services you have requested, where you have asked us to do so, to provide the Services to you outside of normal UK business hours and, where you have consented and not withdrawn your consent, for the TMFL Companies' direct marketing purposes.

   Third-party service providers
   We may share your Personal Data with the following third-party service providers to manage, enable or facilitate certain aspects of the Services (including the maintenance of our servers and processing or fulfilling orders for transactions):

   • Compliance verification service providers
   • Financial services providers, such as banks (Some of which are based outside the EEA)
   • Credit control or debt collection agencies
   We have safeguards in place with such third-party service providers requiring them to protect your personal data. To obtain a copy of the relevant safeguard measures please contact the Toprate Mutual Finance Ltd Data Protection Officer as indicated in Section 1 above.

   Corporate process
   We may transfer your Personal Data to a third party as a result of a sale, acquisition, merger or reorganization involving TMFL, a company within the TMFL Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to make sure that your information is properly protected.

   Legal and regulatory
   We may also disclose your Personal Data in special cases if required to do so by law enforcement agencies, law, court order, or other governmental authority, or when we believe in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to–or interfering with–; the rights or property of TMFL, the Services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).

   Sharing Personal Data outside the United Kingdom
   The nature of our products and Services means that we may need to share your Personal Data with recipients based in countries outside of the United Kingdom, including in the EEA and outside the EEA. The countries to which we may need to send your information would normally be obvious to you based on your requested transaction.

   As explained above, we may share your personal data within the TMFL Group, which may involve transferring your data outside the EEA. Where we do so, we will ensure a similar level of protection to that afforded in the EEA; for example, on the basis the relevant recipient country has been deemed by the European Commission to provide an "adequate" level of protection for Personal Data or by contractual provisions that seek to ensure a level of protection and safeguarding of Personal Data.

   If our use of third-party service providers involves sharing your Personal Data outside the EEA, we will make sure the service provider provides safeguards and assurances regarding the protection of your Personal Data.

6. How long is Personal Data retained?

   Personal Data is used for different purposes and is subject to different standards and regulations. In general, Personal Data is retained for as long as necessary to provide you with the Services you request, to comply with applicable legal, accounting or reporting requirements and to make sure that you have a reasonable opportunity to access the Personal Data.

   To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example:

   • Legal and Regulatory Requirements. TMFL shall retain Personal Data and transactional data for those periods required to comply with all retention and reporting obligations under applicable laws, including without limitation commercial, tax and anti-money laundering laws and regulations. Generally, this retention period will be a minimum of five years from the date of your transaction or the date our business relationship with you is terminated.
   • Customer Service (administration of customer relationship, complaint handling, etc.). TMFL may process and retain your Personal Data for as long as we have an on-going relationship with you. Once our relationship has ended (for example because the Services have been delivered and paid for in full, or you have exercised your right to withdraw from the contract), we will, subject to any retention requirements under applicable laws, erase or anonymise your Personal Data.
   • Personal Data provided to us for marketing purposes may be retained until you opt out or until TMFL becomes aware that any such data is inaccurate.

   You may obtain a copy of our Retention Policy by contacting our Data Protection Officer.

7. Is correspondence that you send to us saved?

   Yes. If you send us correspondence, including emails and faxes, we may retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any TMFL Group company, our partners, and our suppliers. We will retain these records in line with our Retention Policy.

8. Data Security

   We are committed to maintaining the security of your Personal Data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.

   We employ modern and secure techniques to protect our systems from intrusion by unauthorized individuals, and we upgrade our security regularly as better methods become available. Our data centers and those of our partners utilise state-of-the-art physical security measures to prevent unauthorised access to the facility. In addition, all Personal Data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access. All TMFL employees who have access to, or are associated with, the processing of Personal Data are contractually obliged to respect the confidentiality of your data and abide by the privacy standards we have established. Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of Personal Data.

9. Does this Privacy Notice apply to other websites?

   No. Our Website may contain links to other internet websites. By clicking on a third-party advertising banner or certain other links, you will be redirected to such third-party websites.

   We are not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third-party administrators or webmasters before providing any Personal Data.

10. Direct marketing

    With your consent, TMFL or a TMFL Company may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for our Services or at another point) and you have not withdrawn such consent or if there is another legitimate basis to send such communications to you.

    All marketing emails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time.

    Additionally, you can unsubscribe from marketing by contacting us by a method described in Section 13 of this Privacy Notice.

    You should note that we are opposed to third-party spam mail activities and do not participate in such mailings, nor do we release or authorise the use of customer data to third parties for such purposes.

11. What are my data protection rights?

    Subject to verification of your identity, you may request access to and have the opportunity to update and amend your Personal Data. You may also exercise any other rights you enjoy under applicable data protection laws. Please use the contact details in Section 13 of this Privacy Notice. "Data Subjects" have the right to:

    1. Request access to any Personal Data we hold about them as well as related data, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making;
    2. Obtain without undue delay the rectification of any inaccurate Personal Data we hold about them;
    3. Request that Personal Data held about them is deleted provided the Personal Data is not required by us, a TMFL Company for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
    4. Under certain circumstances, prevent or restrict processing of your Personal Data, except to the extent processing is required for the establishment, exercise or defence of legal claims; and
    5. Under certain circumstances, request transfer of Personal Data directly to a third party where this is technically feasible.

    Also, where you believe that TMFL has not complied with its obligations under this Privacy Notice or the applicable law, you have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have, and we will respond in line with our Complaints Procedure (see Section 12 of this Privacy Notice).

12. Privacy-related complaints procedure

    Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you have the right to make a complaint to a Data Protection Authority or through the courts.

    Although not required, we would encourage you to let us know about any privacy-related complaint you might have, and we will respond in line with our complaints procedure–our contact details are set out below.

    Privacy-related complaints or concerns can be lodged with our privacy team:

    • By email at: compliance@topratepay.com
    • By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

    Attn.: Data Protection Officer

    TMFL employees are required to direct any privacy-related complaints or concerns to our privacy team.

    TMFL will aim to send an acknowledgement within 10 days of receipt of the complaint/concern.

    TMFL will conduct an investigation in accordance with relevant laws and will aim to respond substantively within 28 days of receipt of the complaint/concern.

    If further time is required to investigate your complaint/concern, TMFL will write to you within 28 days of receiving the complaint/concern, informing you of the investigation timeline which will be no longer than an additional two months for the complaints procedure to be concluded.

    In the case of a rejection of the complaint, TMFL will provide you with a written explanation for the rejection.

    If the complaint/concern is considered justified, TMFL will take reasonable steps to try to address the complaint/concern to your reasonable satisfaction.

    If you are not satisfied with the reply/outcome, or otherwise with the handling of the complaint, you have the right to lodge a claim before a relevant Data Protection Authority or the courts. In the United Kingdom the Data Protection Authority is the Information Commissioner's Office (website: https://ico.org.uk/for-the-public/ and telephone: 0303 123 1113).

    For all other complaints or concerns about our Services that are unrelated to privacy, please contact our Customer Service Team on

13. Contact us

    If you have any questions or concerns about this Privacy Notice or TMFL's data practices, please contact our privacy team:

    • By email at: compliance@topratepay.com
    • By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

    Attn.: Data Protection Officer

    Any complaints will be handled in line with our complaints procedure as set out in Section 12 of this Privacy Notice.

    Contact Us    

CANADA - Data Privacy Notice – Effective Date - 11/09/19

In this Data Privacy Notice ("Privacy Notice") we explain how we collect and use your personal information that we obtain when you use our services, visit or use our websites or mobile applications or otherwise interact with us in the European Economic Area ("EEA"), how we share your information and the steps we take to protect your information.

1. Who we are and the application of this Privacy Notice

   This Privacy Notice applies to Toprate Mutual Finance Ltd Limited ("TMFL", "we", "our"; or "us"). We are committed to the privacy and security of your Personal Data (as defined in section 2 below). This Privacy Notice describes how we collect and use Personal Data, in accordance with applicable law and our standards of ethical conduct. Toprate Mutual Finance Ltd Limited at 822 High Road, Tottenham, London N17 0EY, United Kingdom, will be the "data controller" in relation to any Personal Data provided to us directly in person, or via email, phone, and post or via the following website: www.topratepay.com (the "Website"). This means that TMFL is responsible for deciding how it will hold and use Personal Data about you. Data Protection Officer can be contacted:

   • By email at: compliance@topratepay.com
   • By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

   Attn.: Data Protection Officer

   By using or navigating the Website or any product or service offered by us (collectively, the "Services"), you acknowledge that you have read, understand and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.
   We encourage you to review and check the Website regularly for any updates to this Privacy Notice. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Notice as it applies from time to time.

2. Data Protection principles

   "Personal Data" means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to you or your beneficiary's physical, physiological, mental, economic, cultural or social identity. We are committed to complying with applicable data protection laws and will make sure that Personal Data is:

   • Used lawfully, fairly and in a transparent way;
   • Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with those purposes;
   • Relevant to the purposes we have told you about and limited only to those purposes;
   • Accurate and kept up to date;
   • Kept only as long as necessary for the purposes we have told you about; and
   • Kept securely.

3. What Personal Data do we collect and how do we collect it?

   Personal Data you give us. We may collect Personal Data when you give it to us, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak to us over the telephone, when you speak to us in person, when you write to us and when you visit the Website. We will also collect details of transactions you carry out through the Website and of the fulfillment of such transactions.

   The types of Personal Data we collect will depend on the products or services you have requested from us. Any Personal Data collected is necessary for us to perform a contract and without such data we may not provide the desired Services.

   We may collect and process the following Personal Data:

   • Personal details, such as data which may identify you and/or the beneficiary of your transaction with us. This may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, sex, images, signature, passport/visa details;
   • Financial details, such as data relating to you and your beneficiary's payment data and bank account obtained for the purposes of money transfers; and/or
   • Additional details requested by law enforcement or requested pursuant to our compliance procedures in connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as relationship to the beneficiary of the transaction, the purpose of the transaction and proof of funds.

   Cookies and similar technologies. When you use our Website or mobile apps we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:

   • To measure the use of our Website and Services, including number of visits, average time spent on a Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs) etc., and to improve the content we offer;
   • To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
   • As part of our efforts to keep the Website safe and secure;

   Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent you from using certain parts of our Website. It will also mean that some features on our Website will not function if you do not allow cookies.

4. How we use your Personal Data?

   We use Personal Data and other data you provide to us only for the following purposes permitted by applicable laws:

   • When necessary for the performance of a contract with you: we may use your data on the basis of our need to perform our obligations under a contract with you, to complete your transactions or other requests made by you, to respond to and process your queries or requests, or to contact you as necessary in connection with our performance of a contract with you. For example, if you enter into a contract for our remittance services, your data will necessarily be shared with the payment service provider that will pay out funds to your designated beneficiary in the remittance destination country, it may be shared with our agents and/or contractors to facilitate the refund of a qualifying payment order to you, and it may be used if we find it necessary to contact you in connection with our contract.
   • When necessary to comply with a legal or regulatory obligation: we may use your data to comply with legal requirements and/or regulations specific to our business. For example, when you contract with us for remittance services, we are required to perform a certain level of due diligence prescribed by law and/or commensurate with any assessed risk which may result in the reporting of your data to legal and/or regulatory authorities and/or a request from us for additional information from you to assist in our risk assessment and/or to satisfy our compliance obligations.
   • When you have provided your consent for the processing: if you have consented and you have not withdrawn your consent, we may contact you with marketing communications in relation to our Services or the services and products of TMFL Companies (see Section 10 Direct Marketing, below).
   • When necessary in the pursuit of a legitimate interest of TMFL: if you provide information to us online or transact with us online, we may use your data to improve the content of our Website and Services in order to enhance your experience. We may use data, such as IP addresses and anonymous demographic data, to tailor your experiences with our Services by showing content in which we think you will be interested and displaying content according to your preferences. We may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of our Services. We also may use the data collected to evaluate and improve our Services and analyse traffic to our Services.

   If in the future we use your Personal Data in the pursuit of our legitimate interest, we will strive to align our interests with yours such that under no circumstances will your data be used except as consented to by you or as otherwise permitted by applicable laws.

   In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such data without further notice to you.

5. Is data collected shared with third parties?

   TMFL Companies
   We may share your personal data with other TMFL Companies in order to enable or facilitate us to provide you with any of the Services you have requested, where you have asked us to do so, to provide the Services to you outside of normal UK business hours and, where you have consented and not withdrawn your consent, for the TMFL Companies' direct marketing purposes.

   Third-party service providers
   We may share your Personal Data with the following third-party service providers to manage, enable or facilitate certain aspects of the Services (including the maintenance of our servers and processing or fulfilling orders for transactions):

   • Compliance verification service providers
   • Financial services providers, such as banks (Some of which are based outside the EEA)
   • Credit control or debt collection agencies
   We have safeguards in place with such third-party service providers requiring them to protect your personal data. To obtain a copy of the relevant safeguard measures please contact the Toprate Mutual Finance Ltd Data Protection Officer as indicated in Section 1 above.

   Corporate process
   We may transfer your Personal Data to a third party as a result of a sale, acquisition, merger or reorganization involving TMFL, a company within the TMFL Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to make sure that your information is properly protected.

   Legal and regulatory
   We may also disclose your Personal Data in special cases if required to do so by law enforcement agencies, law, court order, or other governmental authority, or when we believe in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to–or interfering with–; the rights or property of TMFL, the Services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).

   Sharing Personal Data outside the United Kingdom
   The nature of our products and Services means that we may need to share your Personal Data with recipients based in countries outside of the United Kingdom, including in the EEA and outside the EEA. The countries to which we may need to send your information would normally be obvious to you based on your requested transaction.

   As explained above, we may share your personal data within the TMFL Group, which may involve transferring your data outside the EEA. Where we do so, we will ensure a similar level of protection to that afforded in the EEA; for example, on the basis the relevant recipient country has been deemed by the European Commission to provide an "adequate" level of protection for Personal Data or by contractual provisions that seek to ensure a level of protection and safeguarding of Personal Data.

   If our use of third-party service providers involves sharing your Personal Data outside the EEA, we will make sure the service provider provides safeguards and assurances regarding the protection of your Personal Data.

6. How long is Personal Data retained?

   Personal Data is used for different purposes and is subject to different standards and regulations. In general, Personal Data is retained for as long as necessary to provide you with the Services you request, to comply with applicable legal, accounting or reporting requirements and to make sure that you have a reasonable opportunity to access the Personal Data.

   To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example:

   • Legal and Regulatory Requirements. TMFL shall retain Personal Data and transactional data for those periods required to comply with all retention and reporting obligations under applicable laws, including without limitation commercial, tax and anti-money laundering laws and regulations. Generally, this retention period will be a minimum of five years from the date of your transaction or the date our business relationship with you is terminated.
   • Customer Service (administration of customer relationship, complaint handling, etc.). TMFL may process and retain your Personal Data for as long as we have an on-going relationship with you. Once our relationship has ended (for example because the Services have been delivered and paid for in full, or you have exercised your right to withdraw from the contract), we will, subject to any retention requirements under applicable laws, erase or anonymise your Personal Data.
   • Personal Data provided to us for marketing purposes may be retained until you opt out or until TMFL becomes aware that any such data is inaccurate.

   You may obtain a copy of our Retention Policy by contacting our Data Protection Officer.

7. Is correspondence that you send to us saved?

   Yes. If you send us correspondence, including emails and faxes, we may retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any TMFL Group company, our partners, and our suppliers. We will retain these records in line with our Retention Policy.

8. Data Security

   We are committed to maintaining the security of your Personal Data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.

   We employ modern and secure techniques to protect our systems from intrusion by unauthorized individuals, and we upgrade our security regularly as better methods become available. Our data centers and those of our partners utilise state-of-the-art physical security measures to prevent unauthorised access to the facility. In addition, all Personal Data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access. All TMFL employees who have access to, or are associated with, the processing of Personal Data are contractually obliged to respect the confidentiality of your data and abide by the privacy standards we have established. Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of Personal Data.

9. Does this Privacy Notice apply to other websites?

   No. Our Website may contain links to other internet websites. By clicking on a third-party advertising banner or certain other links, you will be redirected to such third-party websites.

   We are not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third-party administrators or webmasters before providing any Personal Data.

10. Direct marketing

    With your consent, TMFL or a TMFL Company may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for our Services or at another point) and you have not withdrawn such consent or if there is another legitimate basis to send such communications to you.

    All marketing emails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time.

    Additionally, you can unsubscribe from marketing by contacting us by a method described in Section 13 of this Privacy Notice.

    You should note that we are opposed to third-party spam mail activities and do not participate in such mailings, nor do we release or authorise the use of customer data to third parties for such purposes.

11. What are my data protection rights?

    Subject to verification of your identity, you may request access to and have the opportunity to update and amend your Personal Data. You may also exercise any other rights you enjoy under applicable data protection laws. Please use the contact details in Section 13 of this Privacy Notice. "Data Subjects" have the right to:

    1. Request access to any Personal Data we hold about them as well as related data, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making;
    2. Obtain without undue delay the rectification of any inaccurate Personal Data we hold about them;
    3. Request that Personal Data held about them is deleted provided the Personal Data is not required by us, a TMFL Company for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
    4. Under certain circumstances, prevent or restrict processing of your Personal Data, except to the extent processing is required for the establishment, exercise or defence of legal claims; and
    5. Under certain circumstances, request transfer of Personal Data directly to a third party where this is technically feasible.

    Also, where you believe that TMFL has not complied with its obligations under this Privacy Notice or the applicable law, you have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have, and we will respond in line with our Complaints Procedure (see Section 12 of this Privacy Notice).

12. Privacy-related complaints procedure

    Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you have the right to make a complaint to a Data Protection Authority or through the courts.

    Although not required, we would encourage you to let us know about any privacy-related complaint you might have, and we will respond in line with our complaints procedure–our contact details are set out below.

    Privacy-related complaints or concerns can be lodged with our privacy team:

    • By email at: compliance@topratepay.com
    • By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

    Attn.: Data Protection Officer

    TMFL employees are required to direct any privacy-related complaints or concerns to our privacy team.

    TMFL will aim to send an acknowledgement within 10 days of receipt of the complaint/concern.

    TMFL will conduct an investigation in accordance with relevant laws and will aim to respond substantively within 28 days of receipt of the complaint/concern.

    If further time is required to investigate your complaint/concern, TMFL will write to you within 28 days of receiving the complaint/concern, informing you of the investigation timeline which will be no longer than an additional two months for the complaints procedure to be concluded.

    In the case of a rejection of the complaint, TMFL will provide you with a written explanation for the rejection.

    If the complaint/concern is considered justified, TMFL will take reasonable steps to try to address the complaint/concern to your reasonable satisfaction.

    If you are not satisfied with the reply/outcome, or otherwise with the handling of the complaint, you have the right to lodge a claim before a relevant Data Protection Authority or the courts. In the United Kingdom the Data Protection Authority is the Information Commissioner's Office (website: https://ico.org.uk/for-the-public/ and telephone: 0303 123 1113).

    For all other complaints or concerns about our Services that are unrelated to privacy, please contact our Customer Service Team on

13. Contact us

    If you have any questions or concerns about this Privacy Notice or TMFL's data practices, please contact our privacy team:

    • By email at: compliance@topratepay.com
    • By post to: 822 High Road, Tottenham, London N17 0EY United Kingdom

    Attn.: Data Protection Officer

    Any complaints will be handled in line with our complaints procedure as set out in Section 12 of this Privacy Notice.

Australia - Data Privacy Notice

WHO WE ARE?

Toprate Mutual Finance Ltd Pty Ltd (“Toprate Mutual Finance Ltd”) of 822 High Road, Tottenham London N17 0EY is a data controller of your personal information. This privacy policy is issued on behalf of the Toprate Mutual Finance Ltd Limited (Toprate Mutual Finance Ltd UK), parent company of “Toprate Mutual Finance Ltd”.

When we mention “Toprate Mutual Finance Ltd”, "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the “Toprate Mutual Finance Ltd UK” Group responsible for processing your data. “Personal information” means information that is about you or from which we can identify you. This privacy notice describes how we deal with your personal information. We are the data controller of this information under relevant data protection laws because in the context of our business relationship with you we decide how and why it is processed in the ways explained in this privacy notice.

We can be contacted at any time including if you have queries about this privacy notice or wish to exercise any of the rights mentioned in it.

You will see at the end of this privacy notice that we mention the privacy notices of relevant third parties. We do need to share these with you. Please read them carefully and contact those organisations if you have questions (their details are in their notices).

This privacy notice may be updated from time to time. You should check https://topratepay.com/privacy-policy. this webpage is regularly updated so that you can read the up-to-date version. We may send you an updated copy (depending on whether we are required to do that or not).

WHAT KINDS OF PERSONAL INFORMATION ABOUT YOU DO WE PROCESS?

We may collect certain personal information which (either on its own or when combined with other information we hold about you) allows us to identify you as an individual and which is about you. We set out below personal information that we generally process in connection with all our products and services.

PERSONAL INFORMATION THAT WE GENERALLY PROCESS IN CONNECTION WITH ALL OUR PRODUCTS AND SERVICES

This includes:

• Basic Personal Data
  • Your title, full name, signature, and contact details, including for instance your email address, home and mobile telephone;
  • Your home address;
  • Your date of birth and/or age;
  • Your place of birth, nationality;
  • Demographic information such as age and gender;
• Data to comply with Money Laundering Regulations:
  • Proof of your identity, such as a passport, driving licence, national ID card or residence permit;
  • Proof of address, such as a utility bill or bank statement;
  • Details on the source of funds being sent, for example occupation details, payslips, credit card statements, tax rebate receipts or bank loan agreements.
• Personal information obtained from third party sources (where you have provided the relevant permission), including:
  • Facebook, Twitter and Google profile contact information, images and names;
  • Banks and payment service providers used to transfer money to us;
  • advertising networks; and
  • search engine providers (such as Yahoo or Google).
• Technical data, including:
  • information about your visit to our website, including page views, the length of visits to certain pages;
  • app downloads;
  • operating system;
  • IP address; and
  • browser type.

When you download our Mobile App, in addition to the information mentioned above we collect and process:

• Information you give us.
• This is the information that you consent to give to us about you when you download or register to use the Mobile App or website, subscribe to our services or by corresponding with us. This information includes identity, contact, financial and marketing and communications data. If you contact us, we will keep a record of that correspondence.
• Information we collect about you and your device.
• Each time you use our Mobile App/Website we will automatically collect information on the type of device you use, operating system version, and system and performance indication. We may send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
• Location Data.
• Mobile Analytics Data.
• We may collect this data to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the mobile app, the events that occur within it, aggregated usage, performance data, and where the mobile app was downloaded from. We do not link the information we store within the analytics software to any personal data you submit within the mobile app.

WHAT IS THE SOURCE OF YOUR PERSONAL INFORMATION?

We will generally collect your personal information from you directly. If you are introduced to us by a broker or other intermediary, we will obtain some personal information about you indirectly from them when they introduce you to us.

In addition, we obtain your personal information from other sources such as Fraud Prevention Agencies, and other organisations to assist in prevention and detection of crime, police and law enforcement agencies.

Some of the personal information obtained to verify your account will have originated from publicly accessible sources. In particular, the information will draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll).

DATA THAT YOU PROVIDE ABOUT THIRD PARTIES

At your request, where you provide us with information about third parties, e.g., recipients of transfers, we will also collect personal information in relation to those people (“Receiver Information”). By providing us with such information you confirm that you have obtained any necessary permissions from such persons to the reasonable use of the Receiver Information for such purposes in accordance with this notice, or are otherwise permitted to give to us the Receiver Information on their behalf. Please ensure that those other people are aware of this notice and that the provisions of this notice are clearly communicated to them.

WHAT DO WE DO WITH YOUR DATA AND WHO DO WE SHARE IT WITH?

We will only use your personal information when the law allows us to do so. Most commonly we use your personal information in the following purposes:

Transactional Purposes

We need to collect your personal information in order to process your transactions. To do so we require you and your receivers bank account details or full name and address. Without the Receiver Information we would not be able to fulfil your transactions.

Regulatory Purposes

As a regulated institution, Toprate Mutual Finance Ltd must comply with the Money Laundering, Terrorist Financing Regulations. As a result, Toprate Mutual Finance Ltd (and its partners) must conduct Know Your Customer (“KYC”) and Customer Due Diligence (“CDD”) checks to comply with legal and regulatory obligations. Any personal information obtained for the purposes of preventing money laundering or terrorist financing is only used for that purpose. There may be occasions where use of the data is permitted under another enactment. All of this helps us keep our service safe and secure.

Marketing Purposes

We may process your personal information to provide you with certain types of marketing communication that we believe will be relevant and of interest to you. This helps us to provide a more personalised service. We will always endeavour to make these communications relevant and un-intrusive, and you are able to object to marketing communication from us at any time.

Analytical Purposes

We may collect and analyse data such as website or app visit logs, on our own or by using services of third parties, in order to improve the quality of our service.

In addition, we may share your personal data with third parties when it is necessary for the fulfilment of the service or to comply with applicable laws. We set out below some purposes for which we may share your personal information with third parties:

• we may share your personal information with third parties, such as our partners and intermediaries, when they are necessary for the fulfilment of the service; and
• we may share your personal information when required by law, for example for the purposes of security, taxation and criminal investigations.

We may also, from time to time, ask you for your consent for other purposes, which we will explain to you at the time. Much of what we do with your personal data is not based on your consent and is instead based on other legal grounds. However, for processing that is based on your consent, you have the right to revoke that at any time.

WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING WHEN WE SHARE IT WITH OTHERS)?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing more than one legal ground may be relevant (except where we rely on a consent). Here are the legal grounds that are relevant to us:

• 1) Processing necessary to perform our contract with you or for taking steps prior to entering into it:
  • Administering and managing your account and related services, including updating your records and tracing your whereabouts to contact you about your account;
  • Sharing your personal information with other payment services providers such as when you ask us to share information about your account with them;
  • All stages and activities relevant to processing your transaction(s) including enquiry, registration, administration, management and requests for transfers; and
  • For some of our profiling and other automated decision making.
• 2) Where we consider that it is appropriate for us do so, processing is necessary for the following legitimate interests which apply to us and in some cases other organisations (who we list below) are:
  • Administering and managing your account and services relating to that, updating your records, tracing your whereabouts to contact you about your account and recent transactions, to assess your credit worthiness and advise you in relation to products and services;
  • To test the performance of our products, services and internal processes;
  • To adhere to guidance and best practice under the regimes of governmental and regulatory bodies
  • For management and audit of our business operations including accounting and insurance;
  • To carry out searches to verify your account at the time of the first transaction, and following notification of any changes to your address;
  • To carry out monitoring and to keep records (see below);
  • To administer our good governance requirements and those of other members of our group;
  • For direct marketing communications insofar as believe that the marketing will be interesting and relevant to you;
  • For some of our profiling and other automated decision making (for example when estimating transaction timing); and
  • When we share your personal information with these other people or organisations;
    • Other payment services providers such as when you ask us to share information about your account with them;
    • Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;
    • Our legal and other professional advisers, auditors and actuaries;
    • Financial institutions and trade associations;
    • Governmental and regulatory bodies
    • Tax authorities who are overseas for instance if you are subject to tax in another jurisdiction, we may share your personal information directly with relevant tax authorities overseas
    • Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
    • Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
    • Credit Reference Agencies (see below where we explain more); and
    • Market research organisations who help us to develop and improve our products and services.
• 3) Processing necessary to comply with our legal obligations:
  • For compliance with laws that apply to us;
  • For establishment, defence and enforcement of our legal rights or those of any other member of our group;
  • For activities relating to the prevention, detection and investigation of crime;
  • To carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies pre-application, at the application stage, and periodically after that.
  • To carry out monitoring and to keep records (see below);
  • To deal with requests from you to exercise your rights under data protection laws;
  • To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud); and
  • When we share your personal information with these other people or organisations:
    • Other payment services providers such as when you ask us to share information about your account with them;
    • Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;
    • Law enforcement agencies and governmental and regulatory bodies and
    • Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
• 4) Processing with your consent:
  • When you request that we share your personal information with someone else and consent to that;
  • For direct marketing communications; and
  • For some of our profiling and other automated decision making.

HOW AND WHEN CAN YOU WITHDRAW YOUR CONSENT?

Much of what we do with your personal information is not based on your consent, instead it is based on other legal grounds. For processing that is based on your consent, you have the right to take back that consent for future processing at any time. You can do this by contacting us using the details below. The consequence might be that we cannot send you some marketing communications (but this outcome will be relevant only in cases where we rely on explicit consent).

IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE AUSTRALIA?

From time to time, your personal information may be transferred to, stored in or accessed from a destination outside Australia. It may also be processed by staff operating outside of the Australia who work for us, or one of our partners.

We share your personal information within the Toprate Mutual Finance Ltd UK Group. This will involve transferring your personal data to our central office function, based in Pakistan. We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.

Whenever we transfer your personal data out of the Australia, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Australia.

All information you provide to us is stored on our secure servers. Our servers are hosted in the United Kingdom and the information is encrypted.

Our service facilitates the transfer of currency to jurisdictions across the globe. The recipient pay-out partner will request information to verify the identity of the sender. Your personal information will therefore be transferred to the jurisdiction to which you choose to transfer the currency.

Unfortunately, transmission of information via the internet cannot be considered completely secure. We do our utmost to protect your personal information, however we cannot guarantee the security of those transfers. Any transmission of your personal information is at your own risk.

Once we have received your personal information, we will use strict procedures and security controls to try to prevent unauthorised access.

WHAT SHOULD YOU DO IF YOUR PERSONAL INFORMATION CHANGES?

You should tell us without delay so that we can update our records.

DO YOU HAVE TO PROVIDE YOUR PERSONAL INFORMATION TO US?

We are unable to provide you with products and services or to process your application without having personal information about you. Your personal information is required before you can open an account with us, or it is required during the life of that contract, or it is required by laws that apply to us.

In cases where providing some personal information is optional, we will make this clear. For instance, we will say in application forms, on website or on in our mobile app if alternative (such as work) telephone number contact details can be left blank.

DO WE DO ANY MONITORING INVOLVING PROCESSING OF YOUR PERSONAL INFORMATION?

In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person face to face meetings and other communications.

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks on your account) and for quality control and staff training purposes.

Some of our monitoring may check for obscene or profane content in communications.

We may conduct short term carefully controlled monitoring of your activities on your account(s) where this is necessary for our legitimate interests or to comply with our legal obligations. For instance, where we suspect fraud, money laundering or other crimes.

Email exchanges, web chat, telephone calls and in person meetings between us and you in connection with your application and/or your account(s) may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for the quality control and staff training purposes.

PROFILING AND OTHER AUTOMATED DECISION MAKING

This section is relevant where we make decisions about you using only technology, and where none of our employees or any other individuals have been involved in the process. For instance, in relation to transactions, triggers and events such account opening anniversaries and maturity dates. We may do this to decide what marketing communications are suitable for you, to analyse statistics and assess lending and insurance risks.

We can do this activity based on our legitimate interests (and they are listed in the section about legal grounds above) only where the profiling and other automated decision making does not have a legal or other significant effect on you. In all other cases, we can do this activity only where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent. In those cases, you have the right to obtain human intervention to contest the decision (see ‘rights in relation to automated decision making which has a legal effect or otherwise significantly affects you’ below). Profiling for direct marketing can mean there is a separate right to object (see ‘rights to object’ below).

FOR HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

Unless we explain otherwise to you, we will hold your personal information for up to 7 years, in accordance with local regulations as applicable, following the termination of our relationship in case of:

• queries from you;
• legal claims by you; and/or
• legal and/or regulatory requirements to which we are subject.

If you would like further information about our data retention practices, please contact us.

We may retain your contact information collected for the purposes of sending you marketing communications in accordance with this policy for as long as you do not unsubscribe from receiving the data from us.

WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LAWS?

Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them, we will explain at that time if they are engaged or not.

• The right to be informed about your processing of your personal information;
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
• The right to object to processing of your personal information;
• The right to restrict processing of your personal information;
• The right to have your personal information erased (the “right to be forgotten”);
• The right to request access to your personal information and to obtain information about how we process it;
• The right to move, copy or transfer your personal information (“data portability”);
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

If you are unhappy with our response, Under the Privacy Act you may complain to the Office of the Australian Information Commissioner about the way we handle your information.

The Commissioner can be contacted at: 822 High Road, Tottenham, London N17 0EY Email: compliance@topratepay.com www.oaic.gov.au

In addition, you have the right, at any time, to object to processing of personal data for direct marketing purposes.

If you wish to exercise any of these rights against the Credit Reference Agencies or any other intermediary who is data controller in its own right, you should contact them separately.

DATA ANONYMISATION AND USE OF AGGREGATED INFORMATION

Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy notice.

We will only share anonymised and encrypted data with third parties. We may also provide our partners with anonymous aggregated data about our customers for marketing and analytical purposes, to help optimise our marketing communications.

YOUR MARKETING PREFERENCES AND WHAT THIS MEANS

We may use your home address, phone numbers, email address and social media (e.g., Facebook, Google and message facilities in other platforms to contact you to send you communications about offers or promotions that we believe are relevant for you based on your previous use. We will only do this if we have a legal ground which allows it under data protection laws – see above for our legal ground for marketing. You can opt out of our marketing at any time by contacting us or by following the instructions on how to do that in the marketing email or other communication.

DATA PRIVACY NOTICES FROM OTHER ORGANISATIONS

We have mentioned that we share your personal information with receiver banks, partners who help us to complete your transactions and Credit Reference Agencies. They require us to pass on to your information about how they will use your personal information to perform their services or functions as data controllers in their own right. These notices are separate to our own.

In addition, when you log into your account via Facebook, Google, YouTube, Instagram, Twitter or LinkedIn your data will be processed by these policies and as such your personal information will also be subject to these third-party privacy notices.

In circumstances where you use your Facebook or Google login credentials to create and/or log in to your account your personal information may be processed by Facebook or Google marketing tools. These tools identify individuals with reference to their particular interests or behaviours to those of our customers.

CHANGES IN PRIVACY POLICY

Toprate Mutual Finance Ltd may change this Privacy Policy from time to time. All changes to this Privacy Policy are effective when they are posted on this page. When we change the policy in a material manner, we will let you know via email and/or a prominent notice on our Site. The date of the most recent update is displayed at the top of the page.

Any dispute or claim arising in connection with this Privacy Policy will be considered in relation to the English version only.

CONTACT DETAILS

You can contact Toprate Mutual Finance Ltd:

By post: 380 St Kilda Road melbourne 3004 , Australia

Via our website: https://topratepay.com/

You can also contact our Data Protection Officer if you have any questions about this notice, would like further information about the points raised or to exercise any of your rights. Contact details for our Data Protection Officer are:

Email: compliance@topratepay.com

 

United States - Privacy Policy

This privacy policy ("Policy") describes how Hami Express dba (doing business as) Toprate Mutual Finance Ltd("Toprate Mutual Finance Ltd", "we", "us" or "our") collects, protects and uses the personally identifiable information ("Personal Information") you ("User", "you" or "your") may provide on the www.topratepay.com website and any of its products or services (collectively, "Website" or "Services"). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Collection of personal information

We receive and store any information you knowingly provide to us when you create an account, make a purchase, fill any online forms on the Website. When required this information may include your email address, name, phone number, address, bank information, or other Personal Information. You can choose not to provide us with certain information, but then you may not be able to take advantage of some of the Website's features. Users who are uncertain about what information is mandatory are welcome to contact us.

Collection of non-personal information

When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device's IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.

Managing personal information

You are able to access, add to, update and delete certain Personal Information about you. The information you can view, update, and delete may change as the Website or Services change. When you update information, however, we may maintain a copy of the unrevised information in our records. Some information may remain in our private records after your deletion of such information from your account. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

Use and processing of collected information

Any of the information we collect from you may be used to process transactions; run and operate our Website and Services. Non-Personal Information collected is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.

We may process Personal Information related to you if one of the following applies: (i) You have given their consent for one or more specific purposes. Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This, however, does not apply, whenever the processing of Personal Information is subject to European data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (ii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Information transfer and storage

Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section.

The rights of users

You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following: (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information; (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent; (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing; (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected; (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it; (vi) you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us; (vii) you have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.

The right to object to processing

Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Privacy of children

We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Website or Service, please contact us. You must also be at least 18 years of age to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf).

Do Not Track signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information.

Affiliates

We may disclose information about you to our affiliates for the purpose of being able to offer you related or additional products and services. Any information relating to you that we provide to our affiliates will be treated by those affiliates in accordance with the terms of this Privacy Policy.

Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.

Data breach

In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will send you an email, get in touch with you over the phone.

Legal disclosure

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Changes and amendments

We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. When we do we will revise the updated date at the bottom of this page. Continued use of the Website after any such changes shall constitute your consent to such changes.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services.

Contacting us

If you have any questions about this Policy, please contact us by writing us on compliance@topratepay.com and/or compliance@topratepay.com

This document was last updated on June 11, 2020