We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.
CurrencyFair takes the protection of personal data very seriously. In order to operate as a business and provide our services to you and industry, we collect, use and are responsible for some personal information about you. We do this in our capacity as a data processor under the General Data Protection Regulation (GDPR), which applies across the European Union (and in the United Kingdom through the Data Protection Act 2018).
We are committed to protecting your privacy and to ensuring that your personal information is used properly, lawfully and transparently.
This notice explains when and why we collect personal information about the people who work for our customers and for gas consumers. It explains how we use that information, the conditions under which we may disclose personal information to others and how we keep the personal information we collect and process secure.
This notice applies to CurrencyFair Limited (“CurrencyFair”, “we”, “our”, or “us”). We are registered in England and Wales under company number 5046877 and have our registered office at Colm House, 91 Pembroke Road, Ballsbridge, Dublin 4, Ireland.
As we are based in Ireland, we process data according to the Data Protection Act 2018. We also process data within the European Union and therefore GDPR applies to our processing.
To keep things simple for you, we maintain separate privacy notices for job applicants; and for people who work or who have worked for us. Please contact the Data Protection Officer for any queries by email on firstname.lastname@example.org.
In the course of the services that we provide to you, we collect your personal information. The personal information that you provide and how we use it may differ depending on the service that we provide to you.
To understand what we collect and how we use the personal information, we have separated our processing based on different types of activities. See sections below for more information.
We set out above who shares your information with CurrencyFair and who we share your information with. However, we may also share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party.
We will keep your personal information only as long as is necessary to conclude the purpose for which it was collected, or to meet legislative requirements. Personal information will be securely destroyed or put beyond use when it is no longer required, in accordance with our data retention and information management policy.
As set out above, we may transfer your personal information outside the European Economic Area (EEA) to what are described as “third countries”.
These third countries do not have the same data protection laws as Ireland and the EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to suitable safeguards. We often rely on Standard Contractual clauses, as approved by the EU, unless otherwise stated. These clauses are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Legally, you have a number of important personal data rights, free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the Data Protection Commissioner (DPC) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
We are committed to taking all reasonable measures to ensure the confidentiality and security of personal information for which we are responsible, whether computerised or on paper.
We have put controls in place to prevent unauthorised access to, modification or destruction of your personal information.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We hope that we can resolve any query or concern you raise about our use of your information.
To exercise all relevant rights, queries or complaints, you have the right to reach out to the Data Protection Officer by emailing email@example.com
If we or our Data Protection Officer do not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Data Protection Commissioner (DPC), or to seek a judicial remedy in the courts of Ireland. The DPC can investigate your claim and take action against anyone who has misused personal data. Further details are available on their website https://www.dataprotection.ie/en/individuals or via the DPC helpline:01 7650100 / 1800437 737.
This privacy notice was published on September 2023 and last updated on September 2023.
We may change this privacy notice from time to time, so please check this page regularly.