This policy together with the Cardholder Agreement, which was either (i) provided to you when you were issued with your gift card, open loop, winnings or other pre-paid card (“Card”) or (ii) is available online at the website advised to you when you purchased your Card, sets out the basis on which any personal data we collect about you, or that you provide to us, will be used by us, the conditions under which it may be disclosed to others and how it is kept secure.
2. Who is processing your personal data
We are EML Money Designated Activity Company (company number 423276).
If we are the issuer of your Card, then we are the data controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed.
If your Card was issued by a financial institution, then we will process your personal information on their behalf then this will be explained in the Cardholder Agreement issued to you with your Card.
3. Information we collect from you
3.1 Information you give us
Usually our Cards are issued anonymously and in which case we do not collect any personal information about you. However, in some circumstances where a Card is issued above a certain load limit we are legally required to obtain personal information from you before you can be issued with a Card, or we may need to obtain personal information from you in order to provide you with a service that you have requested. In such circumstances, we may collect your personal information when you correspond with us by phone, e-mail or when you purchase Cards and provide personal data as part of the purchase (whether online or in store).
The information you give us may include your name, address, e-mail address, phone number, identification information and any other information as necessary for us to provide you with the Card services you have requested, any requested customer support services and to comply with our anti-money laundering obligations and to prevent financial crime.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, date of birth and photograph.
- Contact Data includes address, email address and telephone numbers.
- Transaction Data includes details about the payments made or received on your Card.
- Technical Data includes your login data, browser type and version, time zone setting and location and other technology on the devices you use to access this website.
- Profile Data includes your username and password.
- Usage Data includes information about how you use our website.
- Marketing and Communications Data includes your preferences in receiving marketing from us.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to issue you with a Card). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Information we collect from other sources
here you purchase your Card from one of our partners or distributors, we may ask them to collect information about how you use your Card and transactions you undertake in order to comply with our anti-money laundering obligations and to prevent financial crime. If you choose to continue with your Card purchase and provide the requested personal information to the distributor, then the distributor will pass this information to us.
The information you give us may include information necessary for us to be able to verify your identity.
4. How we use your personal information
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
Note that we will not use your personal information for marketing purposes.
4.1 Where there is a LEGAL REQUIREMENT
We will use your personal information to comply with our legal obligations: (i) in connection with our obligations in relation to anti-money laundering; (ii) to identify you when you contact us; and/or (iii) to verify the accuracy of data we hold about you.
4.2 Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
- for prevention of fraud and other criminal activities (including financial crime);
- to correspond or communicate with you;
- for the management of queries, complaints, or claims;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to notify you about changes to our services; and
- for the establishment and defense of our legal rights.
We may also monitor or record telephone calls with you, to make sure we to assess and improve our service to customers, follow your instructions correctly and train our staff.
4.3 Where it is required to complete a CONTRACT
We may use and process your personal information where we have supplied you (or continue to supply you) with any services in connection with your Card, where we have arranged for the supply of another company’s Cards or services to you, or where you are in discussions with us about any new Card or service. We will also use and process your personal data if you require customer services support with respect to your Card or you lose your Card and request a replacement.
We will use this information in connection with the contract for the supply of Cards or services when it is needed to carry out that contract or for you to enter into it.
5. Others who may receive or have access to your personal information
5.1 Our Group companies
We may share your information with other companies within the EML group. They may use your personal information in the ways set out in the “How we use your personal information” section above, in connection with the products and/or services that complement our own range of products and/or services.
Please see our website for the details of our group companies with whom we may share your personal information.
5.2 Our suppliers and service providers
We may disclose your information to our third-party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud service providers (such as hosting and email management), foreign exchange providers and administrative services.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
5.3 Third parties who provide products and services to you
We work closely with various third parties to including business partners, suppliers and sub-contractors and may share your information with them strictly as necessary in order to provide you with the Card you purchased and associated services (such as transaction processing).
We may also share your information:
- with the financial institution which issued your Card (if it was not issued by us directly);
- with persons acting as our agents (and our distributors which sell our Cards from time to time) under a strict code of confidentiality;
- with your employer, where the Card has been provided to you for use in the course of your employment; and
- with partners with whom we run loyalty programmes. If this applies to you, such disclosure will be under a strict code of confidentiality and limited to information confirming whether a card carrying the partner’s brand has been issued and whether it has been activated.
5.4 To meet our legal obligations
We will share your personal information where we are legally obliged to do so (under any law or regulation) or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation as part of our checks to prevent fraud, financial crime or money laundering, including with fraud prevention agencies and other organisations which may use the information to prevent fraud and money laundering.
5.5 Credit/debit card payment processors
When you purchase any products or services online, your credit/debit card payment is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.
5.6 Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
The personal information that you provide may be disclosed to fraud prevention agencies which may keep a record of that information. The checks performed by these agencies are to confirm your identity only, a credit check is not performed, and your credit rating will be unaffected.
We may also disclose and use information in aggregate (so that no individual customers are identified) for marketing and strategic development purposes.
6. Where We Store Your Personal Data
All information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our group companies or operational divisions are incorporated in a country outside of the EEA or if any of our servers or those of our third-party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the EEA.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Links to other websites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Please check these policies before you submit any personal data to these websites.
8. Your Rights as a Data Subject
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
- Accessing your personal information: You have the right to ask for a copy of the information that we hold about you (commonly known as a "data subject access request"). by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- Correcting and updating your personal information: The accuracy of your information is important to us. if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
- Withdrawing your consent: Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
- Objecting to our use of your personal information and automated decisions made about you: Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
- Erasing your personal information: In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
- Restricting processing of your information: You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Transferring your personal information in a structured data file: Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- Complaining to the Irish data protection regulator: You have the right to complain to the Data Protection Commissioner (DPC) if you are concerned about the way we have processed your personal information. Please visit the DPC’s website at www.dataprotection.ie further details.
9. How long do we hold your information
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 6 years after the date it is no longer needed by us for any of the purposes listed under How we use your personal information above. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal information or restricting its processing below); or
- in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
- By post, to 2nd Floor, La Vallee House, Upper Dargle Road, Bray, Co. Wicklow, A98 W2H9, Ireland
- By telephone, on +353 1 255 7111, or
- By email: [email protected]
Last Updated: 12 July 2021