PRIVACY POLICY
Please take the time to read the following information carefully so that you fully understand our views and practices regarding your personal information and how we will use it. If you do not agree to the matters set out in this policy, please do not access or use our Services. You must be over 18 years old to use our Services. We also recommend that you download and store this document in a safe place.
By using our website (our Site); our mobile application (our App) or any of our other products and services (collectively, our Services), you accept the practices described in this privacy policy (this Policy). This Policy also applies if you participate in our research projects.
In addition to this Policy, we may provide other privacy policies on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your data. This Policy supplements those other privacy policies and is not intended to override them.
ABOUT THIS POLICY
This Policy, together with our User Agreement (and any additional terms of use mentioned in our User Agreement) applies to your use of our Services, where such Services are made available or accessible via our Site, our App and once you have downloaded or streamed a copy of our App on your mobile or handheld device (your Device).
This Policy was last updated on 20 September 2020. It applies to users of our Services resident in the United Kingdom.
Where we use other capitalised words and phrases in this Policy (such as Agreement, Profile and Transaction), these have the same meaning as given to them in our User Agreement, unless we have defined them differently in this Policy.
- About this Policy
- Who are we?
- Who is our Data Protection Officer?
- Changes to this Policy
- Visitors to our Site (excluding subscribers to our Services)
- Subscribing to our Services
- Research participants
- Users of our LiveChat Service
- Children
- Transferring Personal Information outside the UK.
- Your Rights
- How we protect your Personal Information
- Direct Marketing
- Links to Third Party Websites and Third Party Services
WHO ARE WE?
Any personal information provided to or gathered by our Services is controlled by Istimar Ltd. (trading name Bayfikr) that trades from 33 Percy Laurie House, 217 Upper Richmond Road, London SW15 6SY who is the data controller (Istimar, we, us or our).
WHO IS OUR DATA PROTECTION OFFICER?
We have appointed a data protection officer (DPO) for you to contact if you have any questions regarding this Policy or believe we have breached the Data Protection Act 2018 and/or the General Data Protection Regulation ((EU) 2016/679) (DP Laws). Our DPO’s contact details are: Mr. Rascim Khan Khattak, 33 Percy Laurie House, 217 Upper Richmond Road, London, SW15 6SY; info@bayfikr.net
CHANGES TO THIS POLICY
We may amend this Policy at any time, and whenever we do so we will notify you by posting a revised version on our Site and App. Please review this Policy each time you make a Transaction as it may have been updated since you initially registered for our Services, or since your last Transaction.
If you do not agree with any of this Policy, or any change, you can end your Agreement with us and close your Profile by emailing us at info@bayfikr.net.
VISITORS TO OUR SITE (EXCLUDING SUBSCRIBERS TO OUR SERVICES)
Personal information we collect: We collect cookies and related information. Please see our Cookie Policy.
Using your personal information: Please see our Cookie Policy.
Sharing your personal information: We will share this information with:
- our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing, including to provide customer support and for troubleshooting, data analysis, testing, research, and statistical and survey purposes); and
- our website hosting suppliers, to enable them to maintain and host our Services.
Retaining your personal information: This information is kept for the timeframes referred to in the Cookie Policy and will then be deleted automatically. However:
- if we are required by law to retain it for longer, we will retain it for the required period; and/or
- where the information is being used in connection with legal proceedings (including prospective legal proceedings) it will be retained for the duration of those legal (and any enforcement) proceedings.
SUBSCRIBING TO OUR SERVICES
Personal information we collect: When you subscribe to our Services:
- Creating a profile - you will need to provide your email address and a password (we will not have access to, and will therefore not share, your password). Please note that you have to create a Profile to be able to carry out Transactions;
- Carrying out Transactions - you will need to provide one or all of the following additional personal information:
- your name, address, date of birth, phone number, financial instrument details (either debit/credit card or bank account details); and
- if requested by us, certain Government issued identification documentation including your passport, drivers licence and/or UK identity cards, (as well as a picture of yourself with your identification documentation), together with documentation that proves your address; and
- Transactions that meet or exceed our sending tier limits (see the ‘sending limits’ tab in your Profile) you will also need to provide us with the following additional personal information: details of your last Transaction with us (amount and recipient’s details); the payment method you intend on using with our Services; your average send amount; how often you intend on using our Services; whether you intend to send to multiple recipients and from different locations; your relationship with the recipient and the reason for sending money; your occupation; your employer and evidence of how you will fund your Transaction (such as a bank statement or payslip).
- Entering a competition or promotion, or participating in surveys - you will need to provide your name and email address (unless a survey is being run on an anonymous basis) and certain other personal information that you may be asked to provide in our survey forms.
- #WhyISend– if you decide to share your story of why you , you will need to provide certain information in our online form (which is available via our Site and App).
- Importing contacts - we may give you the ability to import contacts* from your Gmail, Yahoo Mail or other email providers as well as allowing you to manually enter them to invite them to become members of our Services (we do not collect the username and password for the email account you wish to import your contacts from as you provide it directly to that email service provider and after your approval they send us your email contacts).
- Using our referral service via e-mail to tell a friend* about our Services, you will need to provide your friend's name and email address.
- Before providing us access to any other person’s details, you must obtain their prior consent to you sharing their personal information with us and we will let them know that you have supplied their details to us.
Where you have:
- imported your contacts, at your instruction, we will send an email invite and at most one reminder email inviting him or her to visit our Site. We store this information for the sole purpose of sending this email; and/or
- referred a friend to us, we will automatically send your friend an email and at most one reminder email inviting him or her to visit our Site. We store this information for the sole purpose of sending this email and tracking the success of your referral.
In both cases, your contact/friend may at any time REQUEST TO REMOVE this information from our database and we will honour such request. We will retain a copy of that email address on a “suppression list” in order to comply with their no-contact request. They are free to change their marketing choices at any time.
In addition, we will collect the following information:
- transaction logs which contain information about your Transaction (such information is also provided in the form of an email receipt which you will receive when you complete a Transaction), including a unique transaction reference number which links to each Transaction;
- information you give to us when you contact customer services (we will also automatically generate a customer ID for you when you sign up to our Services so that we can identify you in our CRM system);
- information we (lawfully) receive from third party sources such as identity verification services, electronic database services, credit reporting agencies, business partners, sub-contractors in technical, payment and delivery services, advertising networks, and market research service providers;
- the following technical information will be automatically collected when you use our Site or App:
- the hardware and software you use when accessing our Services (which may include the type of Device you use), a unique device identifier (for example, your Device’s IMEI number, or the mobile number used by your Device), your IP address, mobile network information, your mobile operating system, the type of mobile browser you use, the pages you access on our Site, and other websites that you visit prior to accessing our Services;
- GPS technology to determine your current location (some of our location enabled Services require your personal information for this to work.);
- your usage of our Services, including how and to whom you use our Services to send or receive money; and
- cookies (please see our Cookie Policy).
Using your personal information: We will use this information as follows:
- primarily to comply with our legal obligations, specifically under European national laws implementing the: fourth Anti Money Laundering Directive (EU 2015/849) such as the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the second Payment Services Directive (EU 2015/2366) such as the UK Payment Services Regulation 2017, as well as the EU Wire Transfer Regulation (2015/847), UK Proceeds of Crime Act 2002, UK Terrorism Act 2000, various UK, EU and UN sanctions legislation and the various associated regulatory rules and guidance in relation to risk investigation, risk scoring, fraud, counter terrorist financing, anti-money laundering, consumer protection and complaint handling. We will use the above referenced information to comply with our legal obligations, with the exception of the details of the persons you refer to our Service.
If you do not provide the information we have described in the above section, you will not be able to make any Transactions;
- to perform a contract – including running competitions, promotions and surveys – specifically, your name and email address. If you do not provide this information you will not be able to participate in such competitions, promotions or surveys (unless a survey is being run on an anonymous basis);
- for our or a third party’s legitimate interests – specifically certain contact and personal details, Transaction information, technical information (including cookies) and your customer ID so that we can:
- seek customer feedback on, and help us to improve and develop, our Services;
- give you rewards or incentives for using or recommending our Services;
- grow our business and to inform our marketing strategy and advertising campaigns;
- collect information that will enable us to understand why and how you interact with us and our Services;
- work with our third party partners so that we and/or they can offer, provide and/or track rewards, incentives and/or performance of campaigns, in accordance with our contract with them; and
- market our Services to you, or conduct market research, provided your marketing and communication preferences in your Profile allow us to do this;
- for our legitimate interests - certain technical information about your Device so we can conduct business and marketing analytics;
- for our legitimate interests – when you have referred a friend to us or instructed us to contact an imported contact, we will use their name and email so that we can market our services to them; and
- your consent - #WhyISend, and cookies (please see our Cookie Policy<span style="text-decoration:underline;">)</span>.
We will not contact your recipients except as instructed by you or as required to complete a Transaction, comply with our legal or regulatory obligations, and/or to conduct market research (see section 7). This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.
In connection with the activities above, we may conduct automated processing and/or profiling based on your interactions with our Service, your Profile information and other information you may provide to us from time to time, together with information obtained from third parties. In limited cases, automated processes may restrict or suspend access to our Services if such processes detect activity that we believe poses a safety or other risk to our Services, other users, or third parties.
For example: our automated processes may let us know that you are using our Services in a country where we are not allowed to do business. This is important because we do not want to break any laws when providing our Services.
Another example is that we may use your personal information to carry out identity checks. This is also important as it helps us confirm who you are and to help prevent others from imitating you.
Sharing your personal information:
- All of your information and all of your recipient’s information will be shared with:
- our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing, including (i) to process an application to register and use our Services (ii) to verify your identity (iii) to process your Transactions (iv) to track, improve and personalise our Services, content, marketing and advertising (v) to provide our other services and related customer services and (vi) for risk investigations, troubleshooting, data analysis, testing, research, and statistical and survey purposes);
- other companies within our group for the purposes of providing customer services and risk investigations;
- our platform, database and website hosting suppliers to enable them to maintain, protect, support and host our Services;
- our outsourced customer service provider(s) to support our customer service functions;
- various third parties who provide software and tools to enable our Services to operate (including email, instant messaging, document/contract management and file-sharing); and
- third parties in the event of the sale, acquisition or merger of some or all of our assets if your personal information is part of the transferred assets (we shall notify you in the event of such an occurrence, as well as any choices you may have regarding your personal information, by placing a notice on our Site and App).
- All of your information (except cookies) and your recipient’s information will be shared with the police, security forces, any law enforcement agencies, competent governmental intergovernmental or supranational officials and bodies, competent agencies, and regulatory bodies (including self-regulatory bodies or schemes) to ensure that we comply with our legal obligations in relation to complaint handling, consumer protection, payment services regulation, fraud, counter-terrorist financing and anti-money laundering.
- All of your information (except cookies) and your recipient’s information will be shared with:
- external lawyers that we engage from time to time to help us protect the rights, property, or safety of Istimar Ltd., our clients, suppliers, contacts or others (including enforcing and defending this Policy); and/or
- external auditors that we engage from time to time to audit us.
- All of your information (except your customer ID and certain technical information about your location) and all of your recipient’s information will be shared with third party software providers that allow us to capture information about how you use, and interact with, our Services so that we can improve our Services and assist in any legal defence concerning your use of our Services.
- Your name, address, email address, date of birth, phone number and debit/credit card and bank account details, certain technical information about your Device and location, your Transaction details and all of your recipient’s information will be shared with various fraud vendors (including fraud checkers) that we engage from time to time to help us comply with our legal obligations in relation to risk scoring, fraud, counter-terrorist financing and anti-money laundering.
- Your name, address and date of birth, and your recipient’s name and address will be shared with various sanctions screeners that we engage from time to time to help us comply with our legal obligations in relation to risk scoring, fraud, sanctions compliance, counter-terrorist financing and anti-money laundering.
- Your name, address, date of birth, phone number, Government issued identification documentation, the picture of yourself with your identification documentation, and your recipient’s date of birth will be shared with various third parties that we engage from time to time to provide support to us in relation to our legal obligations in relation to “know your customer” (such as background checks, identity verification services/databases, regulatory reporting, and ID documentation authentication, validation and conversion). In order to verify your identity, Istimar Ltd uses the services of GBG and Sanction Scanner. GBG and Sanction Scanner will check your identity documents are valid, and also confirm that your photo matches the photo on the documents. The results of the check will then be shared with Istimar Ltd. Your photo and ID documents will be shared with GBG and Sanction Scanner for this purpose as well as to allow GBG and Sanction Scanner to maintain, protect and improve its services. A copy of GBG’s privacy policy can be found here. A copy of Sanction Scanner’s privacy policy can be found here.
- Your contact and personal details, and debit/credit card and bank account details, the Transaction reference, Transaction details, certain technical information about your Device and location, and all of your recipient’s information will be shared with our banks and other payment processors, to process your Transactions (including any related issues e.g. fraud checks).
- Your name, customer ID, certain technical information about your Device and location, the Transaction reference number and your recipient’s financial institution details are provided as standard to our distribution partners (such as your bank or credit card issuer and your recipient's bank), but some distribution partners may also request (and we would have to provide) your email address, date of birth, address, phone number, Transaction logs, debit/credit card and bank account details and Government issued identification documentation, as well as your recipient’s name, address and phone number.
- Your name, address, email address, date of birth (but only for us to send “happy birthday” messages), phone number, debit/credit card and bank account details, certain technical information about your Device and location, and the Transaction reference will be shared with a third party provider that we engage from time to time to send email confirmations of your Transactions (which we are under a legal obligation to do) (if we do not send these ourselves).
- Your name and phone number, the Transaction reference, and your recipient’s name and phone number will be shared with a third party provider who we use to send confirmation of your Transactions (which we are under a legal obligation to do) via SMS.
- Your name, email address, address, phone number, date of birth and your debit/credit card and bank account details will be shared with a third party tracking provider, so that we can maintain and enhance our Service offering.
- Your customer ID will be shared with various third party software providers to enable us to track engineering issues related to your use of our Services.
- Certain technical information about your Device ID will be shared with third party providers who assist us with marketing analytics.
- Certain contact and personal details, Transaction information, technical information (including cookies) and your customer ID will be shared with third party providers so that they can assist us from time to time with:
- seeking customer feedback on, and helping us to improve and develop, our Services (including conducting surveys); and/or
- marketing our Services to you or conducting market research.
- Your contact details will be shared with third party providers so that they can validate that those contact details are correct.
- Your email, certain technical information and information about your location and your Device ID, and your friend's name and email address will be shared with third party providers so that they can assist us with our marketing activities and advertising campaigns;
- Certain contact and personal details, Transaction information and your customer ID will be shared with third party providers so that they can help us understand why and how you interact with us and our Services.
- Certain contact details and Transaction information will be shared with third party partners so that we and/or they can offer, provide and/or track rewards, incentives and/or performance of campaigns, in accordance with our contract with them.
- Your name and email address will be shared with third party providers so that they can distribute gift cards that we may give you from time to time as a reward or incentive for using or recommending our Services.
- Your email address and phone number (and in some instances also your name) will be shared with:
- social media platforms who provide marketing services to us; and
- third party contractors so that they can assist us from time to time with seeking customer feedback on, and helping us to improve and develop, our Services (including conducting surveys).
Retaining your personal information: We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider (amongst other things):
- obligations and/or retention periods imposed on us by applicable laws and/or our regulators
- the amount, nature, and sensitivity of the personal information
- the potential risk of harm from unauthorised use or disclosure of your personal information, and
- the purposes for which we process your personal information and whether we can achieve those purposes through other means.
Please note that by using our Services you expressly agree to us retaining your personal data (including data related to your Transactions and our collection and verification of your identity) for longer than 5 years following the end of your legal relationship with us. This is to allow us to detect and prevent fraud and/or other illegitimate uses of our Service.
RESEARCH PARTICIPANTS
*Personal information we collect: *If you participate in any research projects for us (by phone, in-person, electronic survey or otherwise), we will hold your name, contact details and any other personal information you choose to give us when taking part in our research projects.
Using your personal information: We will use this information for our legitimate interests namely to conduct our research projects which may also help us to improve and/or develop our products and services.
Sharing your personal information: We will share this information with:
- our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing);
- other companies within our group; our platform, database, and website hosting suppliers to enable them to maintain, protect, support and host those solutions which are used to store our research;
- various third parties who provide software and tools which are used to operate our business (including email, instant messaging, document/contract management and file-sharing); and
- third parties in the event of the sale, acquisition or merger of some or all of our assets if your personal information is part of the transferred assets (we shall notify you in the event of such an occurrence, as well as any choices you may have regarding your personal information, by placing a notice on our Site).
Retaining your personal information: We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider (amongst other things):
- obligations and/or retention periods imposed on us by applicable laws and/or our regulators;
- the amount, nature, and sensitivity of the personal information;
- the potential risk of harm from unauthorised use or disclosure of your personal information; and
- the purposes for which we process your personal information and whether we can achieve those purposes through other means.
USERS OF OUR LIVECHAT SERVICE
We use a third-party provider to supply and support our LiveChat service which we use to answer questions about our Services and assist you with our Site functionality.
Personal information we collect: If you use the LiveChat service we will collect: your name, email address (optional) and the contents of your LiveChat session.
Using your personal information: We will use this information to answer your questions.
Sharing your personal information: We will share this information with:
- our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing, including to provide customer support and for troubleshooting, data analysis, testing, research, and statistical and survey purposes); and
- our service provider to enable them to maintain and host our LiveChat service.
Retaining your personal information: We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider (amongst other things):
- obligations and/or retention periods imposed on us by applicable laws and/or our regulators;
- the amount, nature, and sensitivity of the personal information;
- the potential risk of harm from unauthorised use or disclosure of your personal information; and
- the purposes for which we process your personal data and whether we can achieve those purposes through other means.
If you have visited our Site, please also see Visitors to our Site above.
CHILDREN
We ask that persons under the age of 18 (which we treat as children and minors) refrain from using our Services or submitting any personal information to us. Persons under the age of 18 years are not eligible to use our Services and if we discover that someone under the age of 18 has registered a Profile with us, we will close it.
TRANSFERRING PERSONAL INFORMATION OUTSIDE THE UK
We share your personal information within the Istimar Ltd. group and to external third parties (the categories of which are referred to in this Policy). This may involve transferring your personal information outside the UK. Whenever we transfer your personal information outside the UK, we will ensure a similar degree of protection is afforded to it. In some instances, your personal information may be transferred to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission. In other instances, we will ensure at least one of the lawful safeguards are implemented, which may include:
- Where we transfer personal information within the Istimar Ltd. group and to certain external third parties, we may use specific contracts approved by (as applicable) the UK Government and/or European Commission. which give personal information the same protection it has in Europe; or
- Where we use external third parties based in the US, we may transfer personal information to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal information shared between (as applicable) the UK and the US.
YOUR RIGHTS
In relation to personal information we hold about you, you have the right to:
- get access your personal information and information about our processing of it
- ask us to correct the record of your personal information maintained by us if it is inaccurate or to complete incomplete personal information
- ask us, in limited certain instances, to erase your personal information or cease processing
- object to us processing your personal information for direct marketing purposes
- object to decisions based solely on automated processing, including profiling
- challenge us processing your personal information which has been justified on the basis of our legitimate interests
- ask us, in certain limited instances, to restrict processing personal information to merely storing
- ask us, in certain limited instances, to transfer your personal data to another online provider
- prevent processing that is likely to cause damage or distress to you and seek compensation from us for any damages caused to you by us breaching DP Laws
- be notified of a personal data breach which is likely to result in high risk to your rights and freedoms and
- complain to your applicable data protection authority.
Your recipients also have these rights in relation to their personal information that we process.
If you (or your recipients) would like to exercise any of these rights, please contact info@bayfikr.net (we may ask you/your recipient to verify your/their identity - please cooperate with us in our efforts to verify your identity). Please note that we may need certain personal information to enable us to provide the Services and/or information you ask for, so changes you make to your preferences, or restrictions you ask us to make on how we use personal information, may affect what information we can provide.
Please also note that sometimes we may not be able to stop using your personal information when you ask us to (for example, where we need to use it because the law requires us to do so or we need to need to retain the information for regulatory purposes). In other cases, if we stop or restrict using your personal information we will not be able to provide our Services to you, such as carrying out. We will tell you if we are unable to comply with your request, or how your request may impact you, when you contact us.
HOW WE PROTECT YOUR PERSONAL INFORMATION
We employ industry accepted standards in protecting the information you submit to us. We have put in place SSL (Secure Socket Layer) encryption technology to protect your sensitive information such as bank account number, credit card number, date of birth and government identification number, transmitted through our Site and/or our App. We also require the use of security credentials (which may, for example, include a username and password) from each user who wants to access their information on our Site and/or our App.
Where we have given you (or you have chosen) security credentials (such as a password) that enable you to access certain parts of our Service, you are responsible for keeping these details confidential and secure. Moreover, if you allow access to our Services via using your fingerprint on your Device (for example, via Apple Touch ID), then you should not allow any other person to register their fingerprint on that Device as it may allow them access to our Services and you could be held responsible for their actions. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and any transmission of personal information is at your own risk. If you have any questions about security, you can contact us at info@bayfikr.net
DIRECT MARKETING
You have the right to ask us not to process your personal information for marketing purposes. You can exercise this right simply at any time by carrying out ‘unsubscribe’ actions which are made available to you (such as clicking on the ‘unsubscribe’ link in each promotional email we send you). We will honour your choice and refrain from sending you such communications. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request. You are free to change your marketing choices at any time.
You may also control how we use some of your personal information as part of our Services (such as how we may communicate with you) by confirming your preferences in your Profile. Please note that not all communications can be switched off – for example, we may be required to send you email notices about our Services to comply with our legal obligations under the national laws and regulator guidance implementing the
second Payment Services Directive (Directive (EU) 2015/ 2366).
LINKS TO THIRD PARTY WEBSITES AND THIRD PARTY SERVICES
Parts of our Service use Google Maps services, including the Google Maps API(s). Use of these features is subject to the Google Maps Additional Terms of Use and the Google Privacy Policy. By using this Site and the Service you also agree to the Google Terms (as amended from time to time).
Our Site and App includes links to other websites whose privacy practices may differ from those of Istimar Ltd. If you submit personal information to any of those websites, your information is governed by their privacy policies and we do not accept any responsibility or liability for these policies or for any personal information which may be collected and processed via those websites or services (such as contact and location data). We encourage you to carefully read the privacy policy of any website or software application you use or visit.
This Policy does not cover the practices of third parties that you may engage with when using the Services, such as your mobile network operator or other users of our Services. You should contact them about their privacy policy before providing them with any personal information.
Our Site and App includes social media features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our Site and our App. These features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our Site or App. Your interactions with these features are governed by the privacy policy of the company providing it. More information on using social media via our Services can be found in our Cookie Policy.