What is the GDPR?
The General Data Protection Regulation (GDPR) is one of the biggest legislative changes made since 1975. To be effective from May 25, 2018, the primary goal of these changes is protection of personal data and rights of EU residents.
Our Commitment toward GDPR
We are committed to upholding the privacy and rights of our customers across the CurrencyTransfer.com platform. The essence of the GDPR directly aligned with our core values of customer trust and data privacy. We are actively working toward defining our roadmap for GDPR to overhaul our systems and processes in accordance with the standards. We endeavour to achieve GDPR compliance prior to the May 25, 2018 deadline.
Whom does the GDPR affect?
The GDPR applies not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the location of the companies.
Where is your data stored?
Your data is stored on the Amazon Web Services platform. These servers are based in London, England and in Ireland. We store app data in London and customer data in Ireland to ensure additional security on your private documents.
Is your data encrypted?
Yes. Data is transferred to CurrencyTransfer.com using HTTPS and stored at rest using Transparent Data Encryption.
How do you delete data?
You can delete both your own account as well as individual recipients and all their data from CurrencyTransfer.com within the app itself. Account delete functions are instant cannot be recovered.
Which sub processors do you use?
We use multiple 3rd party applications to help us deliver the CurrencyTransfer.com experience. You can read more about those apps in our List of 3rd Party Applications.
Do you have a specific data processing agreement?
Who is your Data Processing Officer?
CurrencyTransfer.com isn’t required to have a GDPR Officer. GDPR only requires an officer if the organisation is a public body, conducts large scale systematic monitoring of individuals such as behaviour tracking, or tracks special categories of data such as health.