Totipay
Privacy Policy

version 2.0
effective date: 21st September 2023

What’s on this page?

We are committed to protecting and respecting your privacy

We will:

  • always keep your personal data safe and private;
  • never sell your personal data.
  • allow you to manage and review your marketing choices at any time.

1. About us

Totipay Limited (No. 10338529) is Registered by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Reference 938488). Registered address: 66-68 Radclyffe House, Hagley Road, Birmingham, B16 8PF, United Kingdom.

2. Why do I need to read this Policy?

We will collect your personal data when you use:

  • our website at www.totipay.com;
  • the Totipay app; or
  • any of the services you can get access to through the Totipay app or website.

When we say ‘personal data’, we mean information which can be used to personally identify you (for example, a combination of your name and postal address).

This policy contains important information

This policy explains what information we collect, how we use it, and your rights if you want to change how we use your personal data. If you have concerns about how we use your personal data, you can contact us at [email protected].

3. What personal data do you collect about me?

We collect different types of personal information from you and others

The information below explains what personal data we collect and use.

Information you give us

We collect information you provide when you:

  • fill in any forms;
  • correspond with us;
  • register to use the Totipay app;
  • open an account or use any of our services;
  • take part in online discussions, surveys or promotions;
  • speak with a member of our customer support team (either on the phone, email or through the Totipay app);
  • enter a competition; or
  • contact us for other reasons.

We will collect the following information:

  • Your name, address, and date of birth;
  • Your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
  • Your Totipay User ID, password and other registration information;
  • Details of your bank account, including the account number, sort code and IBAN;
  • Identification documents (for example, your passport or driving licence), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;
  • Records of our discussions, if you contact us or we contact you (including records of phone calls);
  • Your image in photo or video form (where required as part of our Know-Your-Client (KYC) checks or where you upload a photo to your Totipay account).

If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this policy to their attention beforehand.

Information from your device

Whenever you use our website or the Totipay app, we collect the following information:

  • Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
  • Information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page.
  • Information on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used.

Information about your location

If you have location services in the Totipay app switched on, we track your location using GPS technology.

Information from your employer

Where a company that holds a Totipay account nominates you as an Authorized Representative, your employer will give us information about you. Typically, this will include your name and business contact details and depending on the role, this may include your Identification document.

Information from websites or social media

We may collect information about you if you make it publicly available on websites, social media websites or apps. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you. We do this as part of our KYB and KYC checks and to comply with our anti-money laundering or sanctions screening obligations

Information from publicly available sources

We collect, or may ask you to provide, personal data from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches and KYB purposes.

4. Legal basis for using my data

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.

Keeping to our contracts and agreements with you

We need certain personal data to provide our services and cannot provide them without this personal data.

Legal obligations

In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).

Legitimate interests

We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy.

Consent

Where you’ve agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.

Substantial public interest

Where we process your sensitive personal data (sometimes known as special category personal data) to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.

5. How do we use your personal data?

We use your personal data so we can provide the best service, tell you about products and services you may be interested in, and meet our legal obligations.

Providing our services

Whenever you apply for a product or service, we will use your personal data to check your identity (as part of our KYB process) and decide whether or not to approve your application.

If you are already a Totipay customer, we use your personal data to meet our obligations relating to any transactions you make (for example, making payments into and out of your Totipay account). If you ask us to exchange the currency of the e-money you hold in your Totipay account, we’ll use your personal data to help us do that.

We use your personal data to give you details of our products and services and to help us develop new products and services.

We use your personal data to contact you by phone and provide you with information about our products or services, as well as customer support services. We may monitor or record any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyze, assess and improve our services, and for training and quality control purposes.

Protecting against fraud

We use your personal data to check your identity to protect against fraud, keep to financial-crime laws and to confirm that you are eligible to use our services. We also use it to help us better understand your financial circumstances and manage fraud risks related to your Totipay account.

Our legal basis is one or more of the following:

  • keeping to contracts and agreements between you and us;
  • legitimate interests (to develop and improve how we deal with financial crime and meet our legal responsibilities); or
  • legal obligations.

Marketing and providing new products and services that might interest you

We use your personal data to do the following:

  • provide you with information about other products and services we offer that are similar to those you have already used (or asked about, where allowed by law).
  • provide you with information about our products or services which we think you might be interested in. To help us do this, we may use information about you to help us better understand your interests. You can opt out of this by using the privacy settings by emailing us at [email protected].
  • if you agree, provide you with information about our partners’ promotions or offers which we think you might be interested in.
  • if you agree, allow our partners and other organisations to provide you with information about their products or services.
  • measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you.
  • ask your opinion about our products or services.
  • process applications for products and services available through us, and make decisions about whether to approve applications.

    • Remember, you can ask us to stop sending you marketing information by adjusting your marketing choices (the Do you use my information for marketing? section below explains how to do this).

    Our legal basis is one or more of the following:

    • legitimate interests (to develop our products and services, define types of customers for new products
    • or services, and to be efficient about how we meet our legal and contractual duties); or
    • consent (for you to receive marketing from other organisations).

    To keep our services up and running

    We use your personal data to manage our website and the Totipay app, (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content from our website is presented in the most effective way for you and your device.

    We also use your personal data to allow you to take part in interactive features of our services, to tell you about changes to our services, and to help keep our website and the Totipay app safe and secure.

    Our legal basis is one or more of the following:

    • keeping to contracts and agreements between you and us;
      • l
    • egitimate interests (to be efficient about how we meet our obligations and keep to regulations that apply to us); or
    • consent (where required by law).

    Preparing anonymous statistical datasets

    We prepare anonymous statistical datasets about our customers’ spending patterns:

    • or forecasting purposes
    • to understand how customers use Totipay
    • to comply with governmental requirements and requests
    • These datasets may be shared internally or externally with others, including non-Totipay companies. We produce these reports using information about you and other customers. The information used and shared in this way is never personal data and you will never be identifiable from it. Anonymous statistical data cannot be linked back to you as an individual.

      • Meeting our legal obligations, enforcing our rights, protecting our business and other legal uses

      We use your personal data to:

      • to share it with other organisations (for example, government authorities, law enforcement authorities, tax authorities, fraud prevention agencies)
      • if this is necessary to meet our legal or regulatory obligations
      • to protect ourselves, including our rights, property, personnel or products
      • to help prevent and fight harmful or unlawful behaviour and spam communications
      • in connection with legal claims
      • to help detect or prevent crime

      Sometimes, we are legally required to ask you to provide information about other people. For example, we might ask you to explain:

      • your relationship with somebody who pays money into your Totipay account
      • how somebody got the money in the first place to pay it into your Totipay account.

      If you, or your company, give us personal data about other people, it is your responsibility to ensure they understand how we will process their personal data.

      6. Do you make automated decisions about me?

      Depending on the Totipay products or services you use, we may make automated decisions about you.

      This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. We do this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information.

      Where we make an automated decision about you you have the right to ask that it is manually reviewed by a person. You can find out more about this in the What are my rights? section below.

      For example, we may make automated decisions about you that relate to:

      Opening accounts:

      • KYB, anti-money laundering and sanctions checks; and
      • identity and address checks.

      Detecting fraud:

      • monitoring your account to detect fraud and financial crime.

      Our legal basis is one or more of the following:

      • keeping to contracts and agreements between you and us; or
      • legal obligations.

      7. How do we use you information for marketing?

      If you sign up to our services, and where allowed by law, we will assume you want us to contact you by post, email and SMS text message with information about Totipay products, services, offers and promotions. We may use the personal data we have collected about you in order to tailor our offers to you.

      You can adjust your preferences, or tell us you don’t want to hear from us, at any time by reaching out to [email protected].

      We won’t pass your details on to any organisations outside Totipay for their marketing purposes without your permission.

      8. What are my rights?

      The information below explains what rights you have and what those rights mean.

      You have the right to be told about how we use your personal data

      We provide this privacy policy to explain how we use your personal data.

      If you ask, we will provide a copy of the personal data we hold about you. We can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers.

      You can ask us to correct your personal data if you think it’s wrong, you can have incomplete or inaccurate personal data corrected. Before we update your file, we may need to check the accuracy of the new personal data you have provided.

      You can ask us to delete your personal data

      You can ask us to delete your personal data if:

      • there’s no good reason for us to continue using it;
      • you gave us consent (permission) to use your personal data and you have now withdrawn that consent;
      • you have objected to us using your personal data;
      • we have used your personal data unlawfully; or
      • the law requires us to delete your personal data.

      Just to let you know, we may not be able to agree to your request. As a regulated financial services provider, we must keep certain customer personal data even where you ask us to delete it (we’ve explained this in more detail below). If you’ve closed your Totipay account, we may not be able to delete your entire file because these regulatory responsibilities take priority. We will always let you know if we can’t delete your information.

      You can object to us processing your personal data for marketing purposes

      You can tell us to stop using your personal data for marketing.

      You can object to us processing other personal data (if we are using it for legitimate interests)

      If our legal basis for using your personal data is ‘legitimate interests’ and you disagree with us using it, you can object.

      However, if there is an overriding reason why we need to use your personal data, we will not accept your request.

      If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services.

      You can ask us to restrict how we use your personal data

      You can ask us to suspend using your personal data if:

      • you want us to investigate whether it is accurate;
      • our use of your personal data is unlawful but you do not want us to delete it;
      • we no longer need the information, but you want us to continue holding it for you in connection with a legal claim; or
      • you have objected to us using your personal data (see above), but we need to check whether we have an overriding reason to use it.

      You can ask us to transfer personal data to you

      If we can, and are allowed to do so under regulatory requirements, we will provide your personal data in a structured, commonly used, machine-readable format.

      You can withdraw your permission

      If you have given us any consent we need to use your personal data, you can withdraw your consent at any time by sending an email to [email protected].

      (Note, it will have been lawful for us to use the personal data up to the point you withdraw your permission).

      You can ask us to carry out a human review of an automated decision we make about you

      If we make an automated decision about you that significantly affects you, you can ask us to carry out a manual review of this decision.

      Your ability to exercise these rights will depend on a number of factors. Sometimes, we will not be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you).

      9. How do I exercise my right?

      To exercise any of your rights set out in the previous section, you can send us an email at [email protected].

      For security reasons, we can’t deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.

      Totipay will usually not charge you a fee when you exercise your rights. However, we are allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.

      If you are unhappy with how we have handled your personal data you can complain to your local data protection authority.

      10. Do you share my personal data with anyone else?

      Suppliers

      The information below explains which suppliers we normally share your personal data with and why.

      Suppliers who provide us with IT, payment and delivery services: To help us provide our services to you.

      Our banking and financial-services partners and payments networks: To help us provide our services to you. This includes banking and lending partners, banking intermediaries and international payment-service providers.

      Analytics providers and search information providers: To help us improve our website or app.

      Customer-service providers, survey providers and developers: To help us to provide our services to you.

      Communications services providers: To help us send you emails, push notifications and text messages.

      Identity verification and KYC/KYB Service providers: To help us verify your identity so we can provide services to you.

      Partners who help to provide our services

      We may share your personal data with our partners to provide you, or the company that holds the Totipay account, with certain requested services.

      We‘ll only share your personal data in this way if you, or the company that holds the Totipay account, have asked for the relevant service or it is provided as part of our membership plans. From time to time, we may work with other partners to offer co-branded services or promotional offers, and we will share some of your personal data with those partners. We will always make sure you understand how we and our partners process your personal data for these purposes.

      Third party payers

      We may share your name with third parties that pay money into your Totipay account. This is necessary to confirm that the payment has been made to the correct account.

      For legal reasons

      We also share your personal data with other financial institutions, financial services companies, government authorities, law enforcement authorities, tax authorities, companies and fraud prevention agencies to check your identity, investigate or protect against suspected fraud, keep to tax laws, anti-money laundering laws, or any other laws, and confirm that you are eligible to use our products and services.

      If fraud is detected, you could be refused certain services by Totipay or others.

      We may also need to share your personal data with other third party organizations or authorities:

      • if we have to do so under any law or regulation
      • if we sell our business
      • in connection with suspected or actual criminal or fraud investigations
      • to enforce our rights (and those of our customers or others)
      • in connection with legal claims

      Social media and advertising companies

      When we use social media for marketing purposes, your personal data may be shared with the social-media platforms so that they can check if you also hold an account with them. If you do, we may ask the advertising partner or social-media provider to:

      • use your personal data to send our adverts to you, because we think that you might be interested in a new Totipay product or service;
      • not send you our adverts, because the marketing relates to a service that you already use; or
      • send our adverts to people who have a similar profile to you (for example, if one of our services is particularly useful to people with similar interests to the ones on your social-media profile, we may ask our advertising partner or social-media partner to send our adverts for that service to those people).

      Our legal basis is:

        l
      • egitimate interests.

      You can contact us at any time, by emailing [email protected], if you do not want us to share your personal data for advertising purposes.

      Remember you can also manage your marketing preferences directly with any social media provider that you have an account with.

      Where you ask us to share your personal data

      Where you direct us to share your personal data with a third party, we may do so. For example, you may authorise third parties to act on your behalf (such as a lawyer, accountant or family member or guardian under a power of attorney).

      11. Will my information go outside of the United Kingdom or Europe?

      As we provide an international service, we may need to transfer your personal data outside the United Kingdom or European Economic Area (EEA) in order for us to provide our services.

      For example, if you ask to make an international payment, we will send funds to banks outside of the United Kingdom or EEA. We might also send your personal data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing support services.

      We may share your personal data with fraud-prevention and law enforcement agencies that are based outside of the United Kingdom or EEA.

      We will take all reasonable steps to make sure that your personal data is handled securely and in line with this privacy policy and UK data protection laws.

      If you would like more information, please contact us by sending an email to [email protected].

      12. How do you protect my personal data?

      We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. This section sets out some of the security measures we have in place.

      We use a variety of physical and technical measures to keep your personal data safe and prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data.

      While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to our app, a website or other services. We use HTTPS (HTTP Secure), where the communication protocol is encrypted through Transport Layer Security for secure communication over networks, for all our app, web and payment-processing services.

      If you use a password for the Totipay app or our website, you will need to keep this password confidential. Please do not share it with anyone.

      When you use our services, which includes our social network accounts, do not share any personal data that you don’t want to be seen, collected or used by other customers, as this personal data will become publicly available.

      13. How long do you keep my personal data?

      We will generally keep your personal data for five years after our business relationship with you ends or such period as may be required by applicable local laws.

      We are required to keep your personal data for this long by anti-money laundering and e-money laws. We may keep your personal data for longer because of a potential or ongoing court claim or another legal reason.

      14. How will you keep me updated on how you use my personal data?

      If we change the way we use your personal data, we will update this policy and, if appropriate, let you know by email, through the Totipay app or through our website.