Privacy Policy
WHO IS THE DATA CONTROLLER?
WHAT IS PERSONAL DATA?
WHAT IS PROCESSING?
WHAT LAW APPLIES?
WHAT ARE THE LEGAL BASES FOR PROCESSING YOUR DATA?
Personal Data:
a) You have given your consent;
b) The data is necessary for the fulfilment of a contract/pre-contractual measures;
c) The data is necessary for the fulfilment of a legal obligation; or
d) The data is necessary to protect our legitimate interests, provided that your interests are not overridden.
WHAT PERSONAL DATA DO WE COLLECT FROM YOU?
We may collect and process the following Personal Data about you:
a) Personal Data that you give us: This is information about you that you give to us. It may include, for example, your name, email address, and phone number when you contact us. The legal basis is the initiation of a contract with you and your consent.
Special category Data
We may need to process sensitive information about you. This is information that can reveal a person’s:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic or biometric data (if used for identification purposes)
- information concerning a person’s health, sex life, or sexual orientation
According to the DPA and the GDPR, we need a second lawful basis to use special category data. This is typically your explicit consent or exercising legal rights, establishing, defending, or exercising legal claims or reasons of substantial public interest.
When you sign up for a TransferPier account
When you sign up for a TransferPier account, we process and collect:
- personal details like your name, date, and place of birth;
- contact details like your home address (and previous addresses), email and phone number;
- information about your identity, such as a copy of your ID document, a selfie of yourself;
- information about your right to live in the UK and your tax residency; and financial details.
- details you give us when you sign up for a specific service;
- Details you give us, which we pass to our partners when you let us know you’re interested in their services;
- information you give us through in-app chat and emails; and
answers you give to surveys about us and our services. - Information we get from external sources
When you sign up for a TransferPier account, we search your record at:
- credit reference agencies to verify your identity
- fraud prevention agencies, KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties.
We may also collect information about you from public sources, which may include:
- official public records, like the Electoral Register or Companies House;
- and information published by the press or on social media.
Information we collect or generate when you use the TransferPier App and our services
- Details about payments to and from your TransferPier account;
- details about services from us and our partners that you show interest in
- Details about how you use our app;
If you contact us, we collect the following information so we can help:
- the phone number you’re calling from and information you give us during the call (we record all calls);
- the email address you use and the contents of your email (and any attachments); and
- public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.
- The legal basis for providing the above is the fulfilment of the user contract for the use of the App as well as your consent.
- We also collect, use, and share aggregated data, such as statistical or demographic data, for any purpose, including improving our App and services. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
- We process data in the context of administrative tasks as well as organisation of our data, business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
- Lastly, we use your data (name and email) within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive promotions or special events. The legal basis for processing is our legitimate interest.
b) Personal Data that our App collects about you:
The App can be downloaded from the “Google Playstore” a service offered by Google LLC, or the Apple App service “App Store” a service of Apple Inc., to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
As far as we are aware, Google collects and processes the following data:
license check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits
the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, and location information. It cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP
address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection, such as your service provider and signal strength, and information about device sensors such as accelerometer, gyroscope, and compass.
We may request permission to store your App data including your Internet Connection and Network, Push Notifications, Gallery, Camera and Location. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures, and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.
When you use one of our location-enabled services, we may collect and process information about your location (latitude and longitude) and the time the location information is recorded to provide the services with location-based information and features. Some of these services require your Personal Data for the feature to work, and we may associate location data with your device ID and other information we hold about you. We keep this data for no longer than is reasonably necessary for providing services to you. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.
When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as
part of the performance of the contract using Firebase Cloud Messaging for Push Notifications for Android devices and the Apple Push Notification service (APNs) for iOS devices.
You can adjust or stop receiving push messages at any time via
a) the device settings of your device or
b) or by enabling or disabling specific types of notifications within the App. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
OTHER USES OF YOUR PERSONAL DATA
We may also collect, store, and use your Personal Data for the following purposes:
- to operate, manage, develop, and promote our business and, in particular, our relationship with you and related transactions, including, for example:
- marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you);
- to operate, administer, and improve our App and other aspects of the way in which we conduct our business;
- to offer you our App and services;
- to provide you with services or information that you may have requested; and
- to keep you informed and updated on relevant topics or services you may be interested in.
- to protect our business from fraud, money laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes;
- to comply with our legal and regulatory obligations, bring and defend legal claims and assert legal rights; and
- if the purpose is directly connected with an assigned purpose previously made known to you.
We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing.
Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where
we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances, we may also be required by law to disclose or otherwise process your Personal Data.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.
STORAGE AND RETENTION
Your personal data will remain with us in a designated database hosted on our own proprietary server until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy to support our App and our services. If you wish to learn more about how the relevant provider processes your personal data, please follow the links embedded in the above-mentioned provider’s name.
Typically, and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations. Equally, if you have
consented to it, or where we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, accounting, and similar services that allow us to perform our contractual obligations, administrative tasks, and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called “processing agreement”.
We may also disclose information in other circumstances, such as when you agree to it or if the law, a court order, a legal obligation, or a regulatory authority asks us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our rights, property, or personal safety of our staff, the App and its users.
COOPERATION WITH PROCESSORS, JOINT CONTROLLERS, AND THIRD PARTIES
If, in the course of our processing, we disclose data to other persons and companies (processors, jointly responsible persons or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission, users have consented, a legal obligation provides for this or on the basis of our legitimate interests.
If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.
HOW WE SECURE YOUR PERSONAL DATA
Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”), for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our App.
YOUR RIGHTS AND PRIVILEGES
Privacy rights You can exercise the following rights:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
Update your information and withdraw your consent
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.
Access Request
What we do not do
- We do not request Personal Data from minors and children;
We do not process special category data without obtaining prior specific consent; - We do not use automated decision-making, including profiling; and
- We do not sell your Personal Data.
Who is the competent data protection authority?
The supervisory authority for Data Protection in the UK is The Information Commissioner’s Office (ICO) (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns before you contact the ICO.
Data Breaches and Notification
Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.
USA SPECIFIC PROVISIONS
The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state’s legislature and that no data protection framework similar to the GDPR exists on a federal level, we are committed to following and applying the relevant privacy rules and regulations for your state. As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data. Further, the following also apply
i. “Shine the Light”
“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
ii. COPPA (Children Online Privacy Protection Act)
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parentsin control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
iii. CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
iv. Telephone Consumer Protection Act (TCPA)
v. Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our App does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
vi. Right to complain
CANADA AND MEXICO SPECIFIC PROVISIONS
Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private
Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).
HELP AND COMPLAINTS
If you have any questions about data protection at TransferPier, you can contact us by email at info@transferpier.com
CHANGES
The first version of this policy was issued on Saturday, 10th of May, 2025, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.