Privacy Policy
1. ABOUT US
EMERALD FINANCIAL GROUP (UK) LTD, trading as Emerald24, (“EMERALD24” or “we”, “our”, “us”), is a company registered in England & Wales (Reg. No. 11557885) and authorised as an Electronic Money Institution (EMI) by the Financial Conduct Authority (“FCA”) (FRN 900908). We are registered with the UK Data Protection Authority (Information Commissioner’s Office or ICO) under the reference number ZA553246.
This Privacy Policy explains how and why we use your personal information when you open an account and use EMERALD24 App, EMERALD24 Web, Card, or other services for account holders.
2. INFORMATION WE COLLECT AND HOLD ABOUT YOU AND HOW THIS INFORMATION IS USED
Information you provide to us through the EMERALD24 App or EMERALD24 Web
● information you provide when applying for an account with us – your name, surname, address, contact information, including phone number and email address, place and date of birth, tax residency (tax payer number and country), your identification number, if any, identification document, information on source of income, etc;
● a short video of yourself and your selfie, which you provide as part of the onboarding process;
● the log–in credentials and settings you choose for accessing EMERALD24 App or EMERALD24 Web and using your Card;
● information you give us through the EMERALD24 App or EMERALD24 Web when you contact us;
● answers you give to surveys so we can improve our services.
Information We collect, if you get in touch
If you use other ways to get in touch than the EMERALD24 App or EMERALD24 Web, we collect the following information so we can answer your questions or take necessary action:
● phone number you are calling from and information you provide us during the call;
● e-mail address you use and the content of your electronic message (and any attachments);
● public details from your social media profile (like LinkedIn) if you reach out to us via these platforms, and the contents of your messages or posts to us.
Information we collect when you use the EMERALD24 App or EMERALD24 Web and our services
We collect this information to provide you with services in a safe and lawful way, and to keep improving the services. This includes:
● details about payments to and from your EMERALD24 account;
● details about how you use EMERALD24 App or EMERALD24 Web,
Information we collect from your phone, mobile device (gadget) and PC
● mobile network and operating system you use, so we can analyse how our application and software works and fix any issues;
● your IP address and device ID for security reasons (we’ll link your mobile phone number with your device).
Information we obtain from external sources
When you apply for our services, we search for records about you at KYC (Know Your Customer) and AML/CTPF (Anti Money Laundering / Countering Terrorism and Proliferation Financing) service providers to fulfil our legal obligations. We may also collect information about you from public sources as the internet for AML/CTPF reasons or market research.
3. LEGAL BASIS FOR COLLECTING AND PROCESSING YOUR INFORMATION
The UK GDPR and DPA 2018 require us to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal obligation, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.
We need to use your data for evaluation, whether to enter into a contract with you, or under an existing contract we have with you. We use details about you to:
● consider your application;
● provide you the services we agreed to in line with our Terms and Conditions;
● send you messages about your account and other services you use if you get in touch, or we need to tell you about something;
● exercise our rights under contracts we’ve entered into with you;
● investigate and resolve complaints and other issues.
We need to use your data to comply with the law. We:
● confirm your identity when you sign up or get in touch;
● check your record at immigration and fraud prevention agencies;
● prevent illegal activities like money laundering, tax evasion and fraud;
● keep records of information we hold about you in line with the legal requirements;
● adhere to applicable laws and regulations (according to which we may have to share customer details with regulatory bodies, tax authorities, law enforcement agencies or other third parties);
● perform our obligation under normative regulations, like Consumer Duty;
● check if information about your tax residency corresponds to information we hold about your activity with the account, so we don’t have a reason to doubt your tax residency.
When it’s in our legitimate interest. We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which does not involve overriding your privacy rights. We:
● tell you about products and services through the EMERALD24 App, EMERALD24 Web or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We do this so we can make sure our marketing is useful. That might include instructing platforms to show or not show our adverts to existing customers. We don’t share any identification information with social media companies other than your mobile advertising ID. You can disable or reset your mobile advertising ID in your device’s operating system;
● provide you with transaction reports;
● track, analyse and improve the services we provide to you and other customers and how you respond to ads we show. We may ask for feedback if you have shown interest in a service. We do this so that we can make our products better and understand how to market them;
● protect the rights, property or safety of us, our customers or others;
● carry out security and maintenance checks to make sure our app and other services run smoothly for you;
● manage our business risk and financial affairs and protect our customers and staff.
Under your consent. We’ll ask for your consent to share information about you with companies we work with when we need your permission (see “Who we share your data with” below).
You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of our services.
4. PARTIES WE SHARE YOUR INFORMATION WITH
Companies that provide services to us
Here we mean companies, that help us provide services you use and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name):
● companies that issue EMERALD24 Cards;
● card schemes, like Visa and Mastercard;
● KYC (Know Your Customer) and AML/CTPF (Anti Money Laundering / Countering Terrorism and Proliferation Financing) service providers that help us with identity verification, fraud and other relevant checks like Onfido, LexisNexis;
● cloud computing power and storage providers like Amazon Web Services (AWS) and Google Cloud;
● companies that help us with technical support;
● companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
● software companies that we use for emailing you;
● companies that offer benefits or rewards through special programmes you sign up to via the EMERALD24 App or EMERALD24 Web.
Anyone you give us permission to share it with
We tell you in the EMERALD24 App or EMERALD24 Web, when we need your consent to share your data with:
● other payment services providers, like banks, if you use account switching or aggregation services;
● people you’ve asked to represent you, like solicitors.
Law enforcement and other external parties
We may share your details with:
● authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons;
● the police, courts or dispute resolution bodies if we have to;
● other payment services providers, like banks, to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment;
● any other third parties where necessary to meet our legal obligations.
● correspondent banks / safeguarding / payment channels used for processing of your payments.
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
5. HOW LONG WE KEEP YOUR INFORMATION
We will hold your personal information for no longer than reasonably necessary – not more than 5 years either from the moment a) we have rejected your application to open an account, or b) we or you terminated business relationship and/or closed the Account, except in cases where there is a legal reason to hold it longer (e.g., due to AML reasons, claims, initiated court proceedings).
To establish how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
6. YOUR RIGHTS
You have a right to:
● access the personal data we hold about you, or to get a copy of it;
● ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else;
● make us correct inaccurate data;
● ask us to delete, ‘block’ or suppress your data, though for legal reasons we might not always be able to do it;
● restrict the processing of your personal data, for example, to say no to us to use your data for direct marketing and in certain other ‘legitimate interest’ circumstances;
● withdraw any consent you’ve given us, i.e. to object to processing of your personal data;
● ask a member of staff to review a computer-made (automated) decision;
● ask that we transfer the personal information you gave us to another organisation, or to you in certain circumstances.
To do any of these things, please contact us by e-mail. As per UK data protection laws, we will respond to you in a one month’s time.
Please note, that in some cases, deleting, blocking or restricting processing of particular data may result in that we no longer be able to provide some or all of our services to you.
7. WHERE WE STORE AND SEND YOUR DATA
We may transfer and store the data we collect from you to organisations within and outside the UK. When we do this, we make sure that your data is protected and that:
● the country we make the transfer to (including, where the recipient (a company or organisation) is located), has adequate data protection regulations*, or
● in the case of absence, we ensure we take appropriate safeguarding actions, including transfer risk assessment and ensuring the right level of protection of your data.
* EEA member-states, Gibraltar, Republic of Korea, Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, and, with some disclaimers, Canada, USA and Japan.
8. HOW WE PROTECT YOUR PERSONAL DATA
We comply with our obligations under the applicable data protections laws by:
● keeping personal data up to date;
● storing and destroying it securely;
● not collecting or retaining excessive amounts of data;
● protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organizational measures are in place to protect personal data.
9. HOW TO MAKE A COMPLAINT
If you have a complaint about how we use your personal information, please contact us through the EMERALD24 App or EMERALD24 Web, or send an email to complaints@emerald24.co.uk and we’ll do our best to fix the problem.
If you’re still not happy, you can refer your complaint to the UK’s supervisory authority – the Information Commissioner’s Office (ICO).
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Helpline number: 0303 123 1113
For more details, you can visit a website www.ico.org.uk, where you also can file a complaint online.
10. COOKIES
We use cookies to analyse how you use our website. Please read the Cookies Policy for more information available at our website.
11. CHANGES TO THIS POLICY
We reserve the right to change this Privacy Policy and should we intend to do so it will be done by following, and, you will be informed according to, the variation procedure described in the Chapter 19 (Variation) of our Terms and Conditions. That also means if you, within the specified time frame, do not notify us on the contrary, we will treat that you have agreed to an updated (changed) version of the Privacy Policy.