1. Data Controller
The Data Controllers for the collection, processing and use of personal information are listed in the table below. If you have any questions about how we protect or use your data, please email us at privacy@capvistafintech.com
2. Data we collect about you
Personal data, or personal information, means any information about an identified or identifiable individual. It does not include anonymous data, which cannot be linked back to the individual. We will collect and process personal data about you as follows:
2.1 Information you give us.
- You may give us information about yourself when you sign up to use our Services, e.g. when you provide us with personal details including your name and email address. This also includes information you provide through your continued use of our Services, your participation in discussion boards or other social media functions on our Website or App, through entering a competition, promotion or survey, and by reporting problems with our Services. Additional information you give us for security, identification and verification purposes may include your address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security/insurance number, national identification number, personal description, photograph, tax reference number, proof of address, proof of residency, passport and/or National ID. If you fail to provide any of this information, it might affect our ability to provide our Services to you.
- For Brazil: This also includes the registry number of Cadastro de Pessoas Físicas do Ministério da Economia – CPF/ME.
- The content of your communications with us, which we collect via telephone call recordings, online chat, emails, direct messaging and other means.
- In some cases, including when you send or receive high value or high volume transactions, or where we need to comply with anti-money laundering regulations, we may also need more identification information from you, including a copy of your bank account statements.
- For New Zealand:
- Where we request further information from you to comply with our anti-money laundering obligations, we are doing so under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009. Providing such information to us is mandatory.
- You have the right to request access to and correction of personal information that we hold about you. If you would like to make a request, please submit it in writing to privacy@wise.com.
- In providing the personal data of any individuals other than yourself, including connected persons, you confirm that you have obtained consent from such individuals to disclose their personal data to us or are otherwise entitled to provide this information to us. You also confirm that you have brought this Policy to their attention if legally necessary, and have received their consent to our collection, use and disclosure of such personal data for the purposes set out in this Policy. The term ‘connected person’ means an individual connected to Wise through the use of our Services and could be an account holder, payment beneficiary, recipient of a designated payment, guarantor, director, shareholder, partners or members of a partnership, trustee, authorised signatory of a designated account, a friend you have recommended, individuals in your contact list or any other person who has a relevant relationship with Wise.
- If you enable your discoverability feature for some of our Services we will generate a link and a nickname on your behalf to be shared. Such a link may include your name, business name, account details, nickname and, at your option, your avatar or photograph.
- Please ensure that your personal data is current, complete and accurate by logging onto your account and updating it whenever necessary.
2.2 Information we collect about you. When you use our Services, we may collect the following information:
- details of the transactions you carry out when using our Services, including the geographic location from which the transaction originates;
- technical information, including the internet protocol (IP) address used to connect your device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and, if you’ve installed the App, installed applications on your mobile device that have remote access permissions;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (including scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our Customer Support service;
- information about your marketing and communication preferences.
2.3 Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties and may receive information about you from them. This may include:
- the payment service providers you use to transfer money to us will provide us with your personal information, including your name and address, as well as your financial information, including your bank account details;
- the bank whose account you link to your Wise account for the purpose of satisfying regulatory verification may provide us with your name, address and financial information, including source of funds and bank statement information;
- if you are a ‘connected person’ for a Wise customer, then that Wise customer may provide your personal information to us:
- Payment beneficiaries: name, account details, email, and additional verification information if requested by the recipient bank.
- Directors and ultimate beneficial owners: name, date of birth and country of residence.
- business partners may provide us with your name and address, as well as financial information, including card payment information;
- advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, including confirmation of how you found our website;
- in some jurisdictions, we may check the information you have provided to us with governmental or private identity record databases or with credit reference agencies to confirm your identity and to combat fraud.
2.4 Information from social networks.
- If you log into our Services using your social network account (including Apple ID, Facebook or Google) we will receive relevant information that is necessary for us to enable our Services to authenticate your access. The social network will provide us with access to certain information that you have provided to them, including your name, profile image and email address, in accordance with the social network service provider’s privacy policy. We use such information, together with any other information you directly provide to us when registering or using our Services, to create your account and to communicate with you about the information, products and services that you request from us. You may also be able to specifically request that we have access to the contacts in your social network account.
2.5 Sensitive data.
- As part of our identity verification process we collect, use and store biometric data, namely:
- We extract face scan information from photos and videos to compare pictures of you on identity documents with each other and with a selfie that you provide to verify your identity and for anti-fraud checks, and to improve these processes. We may ask you to specifically consent to the collection, use and storage of your biometric data during the verification process, where privacy regulations require it in your jurisdiction. If you do not consent, we offer alternate methods to verify your identity which may take longer. The same documents and photos are required for both processes. We will not disclose or disseminate any biometric data to anyone other than our identity verification providers, or when required by applicable laws and regulations, or pursuant to a valid order from a court. We never sell, lease, trade or otherwise benefit from your biometric data. We will retain biometric data for the period necessary to complete the identity verification process, and in any case no longer than 1 year after collection, unless required by law or legal process to keep it longer.
- For USA: See our US Facial Scan Privacy Notice for more information on how we process this data;
- We monitor the way you login and interact with our website or app in order to validate your identity and support the detection of fraudulent and suspicious attempts to access your Wise Account;
- If you consent to linking your bank account to your Wise account for the purpose of satisfying regulatory verification, we may also process a limited amount of sensitive data when we carry out verification of your financial documents.
- We extract face scan information from photos and videos to compare pictures of you on identity documents with each other and with a selfie that you provide to verify your identity and for anti-fraud checks, and to improve these processes. We may ask you to specifically consent to the collection, use and storage of your biometric data during the verification process, where privacy regulations require it in your jurisdiction. If you do not consent, we offer alternate methods to verify your identity which may take longer. The same documents and photos are required for both processes. We will not disclose or disseminate any biometric data to anyone other than our identity verification providers, or when required by applicable laws and regulations, or pursuant to a valid order from a court. We never sell, lease, trade or otherwise benefit from your biometric data. We will retain biometric data for the period necessary to complete the identity verification process, and in any case no longer than 1 year after collection, unless required by law or legal process to keep it longer.
- Your jurisdiction may have rules that classify other information described in section 2 as sensitive. All sensitive information is subject to appropriate levels of protection;
- For India: We may collect your Aadhaar-related data, including your demographic details for the purposes of verifying your identity to use our Services. We collect your Aadhaar data based on your voluntary and informed consent. Please note that the provision of your Aadhaar related data is voluntary, and you may choose to provide us with other officially valid documents notified by financial regulators such as passport, voter identification document and driving licence for such purposes. You will not be denied the Services in the event you choose not to provide us with your Aadhaar related data.
2.6 Children’s data. Our products and services are directed at adults, and are not intended for children. We therefore do not knowingly collect data from children. Any data collected from a child before their age is determined will be deleted
3. How we protect your personal information
3.1 We take the safeguarding of your information very seriously. The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data during transmission, and any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to ensure it stays secure, including:
- Communications over the Internet between you and Wise systems are encrypted using strong asymmetric encryption. This makes it unreadable to anyone who might be listening in;
- We update and patch our servers in a timely manner;
- We run a Responsible Disclosure and bug bounty program to identify any security issues in Wise services;
- Our technical security team proactively monitors for abnormal and malicious activity in our servers and services;
- When information you’ve given us is not in active use, it is encrypted at rest.
3.2 We are regularly audited to confirm we remain compliant with our security certifications, including SOC 2 and PCI-DSS. As part of these audits, our security is validated by external auditors.
3.3 We restrict access to your personal information to those employees of Wise who have a business reason for knowing such information and third party service providers’ processing data on our behalf. All Wise employees who have access to your personal data are required to adhere to this Policy and all third-party service providers are requested by Wise to ensure appropriate safeguards are in place. In addition, contracts are in place with third-party service providers that have access to your personal data, to ensure that the level of security and protective measures required in your jurisdiction is in place, and that your personal data is processed only as instructed by Wise.
3.4 We continuously educate and train our employees about the importance of confidentiality and privacy of customer personal information. We maintain physical, technical and organisational safeguards that comply with applicable laws and regulations to protect your personal information from unauthorised access.
4. Ways we use your information
4.1 Lawful basis: We will only use your personal data when the law allows us to. Depending on the country in which you are in, we rely on the following legal bases to process your personal data:
- Where you have given us your consent to process your data – please note that when we are processing your personal data on the basis of consent, the applicable local regulations apply;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we have a legal obligation to process your personal data to comply with laws, regulations or court orders;
- Where it is necessary to fulfil our obligations under a contract with you;
- Where it is necessary to protect the vital interests of yourself or other individuals.
4.2 Purposes for which we will use your personal data: the ways we plan to use your personal data are described below, including which of the legal bases we rely on to do so in the UK, the EU, Türkiye and Brazil (*only included as a lawful basis under the LGPD). We have also identified what our legitimate interests are where appropriate.
to carry out our obligations relating to your contract with us for provision of payments services and multi-currency accounts
Lawful basis for processing, including basis of legitimate interest:
Necessary to fulfil our obligations under a contractto provide you with information, products and services
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to keep our records up-to-date, decide which of our products and services may be of interest to you, to tell you about them and deliver them to you)
Where you’ve consented for us to process your personal data in a certain wayto comply with any applicable legal and/or regulatory requirements, including to respond to requests from public and government authorities, including public and government authorities outside your country of residence, upon demonstration of lawful authority, and to comply with court orders from the relevant jurisdiction.
Lawful basis for processing, including basis of legitimate interest:
Legal obligation
Necessary to fulfil our obligations under a contract
Legitimate interest (to be efficient about how we meet our legal obligations and to comply with regulations that apply to us)
Credit protection, including the provisions of the relevant legislation*
The regular exercising of rights in judicial, administrative or arbitral proceedings*to prevent and detect crimes, including fraud and financial crime
Lawful basis for processing, including basis of legitimate interest:
Legal obligation
Legitimate interest (to detect and prevent criminal activity in connection with our Services and improve how we manage instances of suspected financial crime)
Credit protection, including the provisions of the relevant legislation*to notify you about changes to our Services and send you other administrative information
Lawful basis for processing, including basis of legitimate interest:
Legal obligation
Legitimate interest (to provide you with a good customer service and keep you up-to-date with new developments)
Necessary to fulfil our obligations under a contractas part of our efforts to keep our Services safe and secure
Lawful basis for processing, including basis of legitimate interest:
Legal obligation
Legitimate interest (protecting our customers and ourselves from loss or harm)
Necessary to fulfil our obligations under a contractto administer our Services and for internal operational, planning, audit, troubleshooting, data analysis, testing, research, statistical and survey purposes
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to keep our records up to date, efficiently fulfil our legal and contractual duties, carry out our administrative operations, and develop new and existing products and services)to undertake system or product development, including helping third party suppliers improve the services they provide to us, to improve our Services and to ensure that they are presented in the most effective manner
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to develop existing and new products and services and to efficiently meet our legal and contractual obligations)to allow other Wise customers to request or send money to you through our services when providing information that matches your phone number or email address
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to provide an efficient and innovative service to our customers)
Necessary to fulfil our obligations under a contractto measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to market our products and services in the most efficient manner)
Where you’ve consented for us to process your personal data in a certain way.to allow you to participate in interactive features of our Services, when you choose to do so
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to provide an efficient and innovative service to our customers)
Where you’ve consented for us to process your personal data in a certain way.to use your email address to provide you with information about other similar goods and services we offer
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to market our products and services)
Where you’ve consented for us to process your personal data in a certain wayto provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.
Lawful basis for processing, including basis of legitimate interest:
Where you’ve consented for us to process your personal data in a certain way.to take steps to recover amounts owed to us, including via insurance claims, and to allow us to pursue available remedies or limit damages that we may sustain
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to protect our assets)
Credit protection, including the provisions of the relevant legislation*to allow a third party or a financial institution that sent money to recover money received by you in error or due to fraud
Lawful basis for processing, including basis of legitimate interest:
Legal obligation
Legitimate interest (to allow third parties to recover funds)to verify information you provide to us and to enforce our Customer Agreement with you
Lawful basis for processing, including basis of legitimate interest:
Legitimate interest (to protect our assets)on rare occasions, to help safeguard our customers, employees or other individuals by notifying the emergency services
Lawful basis for processing, including basis of legitimate interest:
Vital interestFor UK: to carry out our obligations relating to your contract with us for provision of the Company Formation Services
Lawful basis for processing, including basis of legitimate interest: Necessary to fulfil our obligations under a contract
5. Disclosure of your personal data
5.1 We may share your personal data with the following third parties:
- affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter into with them or you and to help them improve the services they provide to us;
- advertisers and advertising networks to select and serve relevant adverts to you and others;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- our group entities and subsidiaries, which can be found by clicking here;
- in the event that we sell any of our business or assets or combine with another organisation, in which case we may disclose your personal data to the prospective buyer of such business or assets or prospective organisation with which our business or assets may be combined;
- limited information is sent to payment beneficiaries when you initiate a payment transaction;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Customer Agreement and other applicable agreements, or to protect the rights, property, or safety of Wise, our customers, our employees or others;
- to prevent and detect fraud or crime and to assist us in conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so. Please note that if we, or a fraud prevention agency, determine that a fraud or money laundering risk is posed, we may refuse to provide the services requested or we may stop providing existing products and services to a customer. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services.
- in response to a subpoena, warrant, court order, properly constituted police request or as otherwise required by law;
- to assess financial and insurance risks;
- to recover debt or in relation to your insolvency or to allow a party or a financial institution that sent money to recover money received by you in error or due to fraud;
- to develop customer relationships, services and systems; and
- if you consent, to share your details when using our Services
5.2 If your discoverability feature is enabled, Wise customers can search for you via your nickname, or the email address or phone number registered to your Wise account. You can manage this discoverability feature under your account settings. You can also generate a link to share with any users to make it easier to send and receive money.
5.3 If you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to privacy@capvistafintech.com
6. EEA (European Economic Area) – disclosure of your personal data
If you are an EEA resident holding a balance with us (Multi-Currency Account), we are legally obliged to disclose the following personal data to the Central Point of Contact of the National Bank of Belgium (“CPC”)
On a continuous basis:
- Belgian bank and payment accounts and powers of attorney on these accounts. For each account, the account number, the capacity of the customer (account holder or proxy holder) and the start or end date of the account must be reported;
- the existence of certain financial contracts concluded in Belgium: start or end date of the contractual relationship with the customer and type of contract;
- the existence of certain financial transactions involving cash: the type of transaction, the capacity of the customer (the customer himself/herself or his/her authorised representative) and the date of the transaction.
Periodically:
- the amount standing to the credit of the relevant cash accounts on June 30, and December 31, of each calendar year;
- the “aggregate amount” of such investment services contracts, i.e., the value of the assets under our custody and our liabilities to clients under those contracts on June 30, and December 31, of each calendar year.
To enable identification of the persons behind these accounts, financial contracts and transactions involving cash, we must also report the following information:
- for natural persons: National Register number (or BIS number) or, failing that, name and first name, date of birth, place of birth (optional) and country of birth;
- for legal persons: number under which they are registered at the Crossroads Bank for Enterprises or, failing that, full name, legal form, if any, and country of establishment.
This data is recorded by the CPC and kept for a period of 10 years. The CPC keeps a list of the information requests it receives for five years.
Under strict conditions, the CPC may disclose this data to the Belgian tax authorities and other authorities and persons that are legally entitled to request information from the CPC. The data may be used in the context of (i) tax-related inquiries, (ii) the investigation of criminal offences, (iii) the combatting of money laundering, terrorist financing and serious criminal offences, and (iv) for any other purpose authorised under Belgian law.
You have the right to consult the data linked to your name by the CPC at the National Bank of Belgium (Boulevard de Berlaimont 14, 1000 Brussels). You also have the right to ask, preferably via us, for any inaccurate data recorded by the CPC and linked to your name to be corrected or deleted. You may do so by visiting the NBB’s website and following the stipulated process.
7. Japan – disclosure of your personal data
In section 7, ‘we’ refers to Wise Payments Japan K.K.
We do not disclose your personal data to any third parties unless consented by you or otherwise permitted by applicable law.
We may entrust your personal data to third-party service providers, in which case we will execute a service contract with such third parties and supervise them to secure your personal data.
8. Sharing and storing your personal data
8.1 While our main processing centres are in the UK and the EU, we may transfer your data to and store it in countries outside of your jurisdiction, which do not offer an equivalent level of protection to your country. It may also be processed by staff operating outside of your jurisdiction. Such staff may be engaged in activities that include the fulfilment of your payment order, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
8.2 In the above cases, we ensure that appropriate safeguards, including Standard Contractual Clauses and/or International Data Transfer Agreements, are in place. A copy of these documents can be provided by sending a request to privacy@apvistafintech.com
8.3 In Switzerland, we ensure that such safeguards are in place unless we can rely on an exception. An exception may apply, for example, in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing.
9. Profiling and automated decision making
9.1 We may use some elements of your data to customise our Services and the information we provide to you, and to address your needs, including your country of residence and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected – and we use pseudonymised data wherever possible. This activity has no legal effect on you.
9.2 We use automated processes to check that your application to access Wise services and your use of Wise services meet our required standard, including verifying your identity, and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to login to your Wise account, or to close your account. If this happens, you will be notified and offered the opportunity to provide further information and challenge the decision through an appeal mechanism, which includes a manual review. In any case, if you feel that an automated process may have impacted you, please contact Wise Customer Support.
10. Cookies
We use small files known as cookies to distinguish you from other users and see how you use our site and products while providing you with the best experience. They also enable us to improve our services. For detailed information on cookies and other technologies we use, and the purposes for which we use them, see our Cookie Policy.
11. Data retention
11.1 We will retain your personal data only for as long as is necessary to fulfil the purposes for which we collected it. As a regulated financial institution, Wise is required by law to store some of your personal and transactional data beyond the closure of your account with us. We only access your data internally on a need-to-know basis, and we’ll only access or process it if absolutely necessary.
11.2 We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate. We do this automatically, so you don’t need to contact us to ask us to delete your data. Deletion methods include shredding, destruction and secure disposal of hardware and hard-copy records, and deletion or over-writing of digital data.
12. Amazon Payment Service Provider Programme
12.1 Wise participates in the Amazon Payment Service Provider Programme (the “Programme”). If your Wise account details are or have been entered into Amazon Seller Central, Amazon may ask us to send to them details about you, your accounts, payments from those accounts since 1st January 2015, and external accounts linked to your Wise account. All payment service providers participating in the Programme provide the same information to Amazon.
12.2 The processing purposes and interests are i) required by Amazon to help them prevent and detect crime and to uphold the standards of conduct required by Amazon and ii) to help Wise prevent and detect crime.
12.3 In the UK, EEA, Indonesia, Türkiye, and Brazil, the lawful basis for processing is legitimate interests. The interests and processing purposes are as described in section 12.2.
12.4 In jurisdictions outside the UK, EEA, Indonesia, Türkiye and Brazil, you consent to this data sharing by continuing to use your Wise account.
12.5 If you do not wish for Wise to provide the above information to Amazon, you should not provide your Wise account details to Amazon and you will not be able to use your Wise account to receive money from your Amazon storefront.
12.6 This programme does not apply to Wise customers who only buy products from Amazon and do not sell products on Amazon.
13. Your rights
13.1 Laws applicable in your jurisdiction may grant you certain rights regarding the information we hold about you. If you have any questions in relation to our use of your personal information, contact us at privacy@apvistafintech.com
13.2 Your exercise of these rights may be subject to certain exemptions, including to safeguard the public interest (including the prevention or detection of crime), where it is in our interests (including the maintenance of legal privilege), and where the rights of other persons are involved (including where your request relates to information about other individuals).
13.3 We may need to retain certain information for record-keeping purposes and to comply with our obligations under applicable laws and regulations, including but not limited to our anti-money laundering obligations, and/or to complete any transactions that you began prior to requesting a change or deletion.
13.4 You will not normally have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee where permitted by local laws or if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
13.5 We may need to request specific information from you to help us confirm your identity and your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
13.6 If you no longer want to receive marketing-related emails from us, you may opt-out by following the instructions in any such email. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt-out, we may still send you important administrative messages, from which you cannot opt-out.
13.7 If you would like to make a request, the best way to do so would be to contact us at the contact details listed in the Appendix.
13.8 Subject to some country-specific variations, you have the right to:
- Request a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. We may need to verify the accuracy of the new data you provide to us.
- Ask us to delete personal data where there is no good reason for us to continue to process it. You may also have the right to ask us to delete your personal data where (i) you have successfully exercised your right to object to processing (see below), (ii) where we may have processed your personal data unlawfully or (iii) where we are required to delete your personal data to comply with local law. We may not always be able to comply with your deletion request for specific legal reasons which will be notified to you, if applicable, in our response to your request, including financial regulations that may require us to hold your personal data for a period after the closure of your account.
- Withdraw your consent for us to process data, where our lawful basis for processing is based on that consent. Note that withdrawal of consent does not affect the lawfulness of processing which may have taken place prior to withdrawal of consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
- Request us to cease direct marketing to you, or profiling you for the purpose of direct marketing, by contacting us or adjusting your notification preferences in the settings section of your account.
- Where we use wholly automated decision making-processes, request that we provide information about the decision-making methodology and ask us to verify that an automated decision that results in a legal impact on you has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias or if required by law to adjust the processing.
- Object to any processing based on the legitimate interests ground when there is something about your particular situation where you feel processing on this ground impacts your fundamental rights and freedoms.
- Ask us to suspend the processing of your personal data in the following situations: (i) if you want us to determine the data’s accuracy; (ii) where our processing of the data is unlawful but you do not want us to delete it at this time; (iii) where you wish us to retain the data even if we no longer require it because you need it to establish, exercise or defend legal claims; or (iv) you have objected to us using your data but we need to confirm whether or not we have over-riding legitimate grounds to continue using it.
- Request the transfer of your personal data to a third party or yourself. We will provide you or your chosen third party with the personal data you provided to us in a structured, commonly used, machine-readable format. This right applies only to information where we used the information to perform a contract with you or where you initially consented for us to use it.
14. California – your rights
If you are a California resident:
You may have certain rights under the California Consumer Privacy Act (“CCPA”) regarding your personal data, including:
- The right to be informed of the personal data we collect, use, and process for purposes listed in section 4. Further detail on:
- the categories of personal data collected,
- the sources from which we collect it,
- the business or commercial purposes of collection,
- as well as the categories of third parties to whom we disclose personal data, are described within this Privacy Policy, as supplemented by Wise U.S. Consumer Privacy Notice.
- The right to request the specific pieces of personal data that we have collected about you in the twelve (12) months preceding your request;
- The right to request deletion of your personal data that we collected;
- The right to correct any inaccurate information that we hold about you;
- The right to limit the use of your sensitive personal information to only that which is necessary for providing products or services;
- The right to opt-out of the sale or sharing of personal information, however please note that Wise does not engage in the sale of personal information as contemplated by the CCPA. As detailed in this Privacy Policy, we share personal information with other businesses for a variety of reasons. While we often benefit from such exchanges, we do not share personal information for the sole purpose of receiving compensation for that information; and
- The right not to be discriminated against for exercising any of these rights.
- The right to be informed of the personal data we collect, use, and process for purposes listed in section 4. Further detail on:
You should be aware that this section does not apply to:
- Personal information covered by certain sector-specific privacy laws, including the Gramm-Leach-Bliley Act and its implementing regulations, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994; or
- Other information subject to a CCPA exception.
“Shine the Light” and “Eraser” Laws: you may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes
15. Other Jurisdictions
You may also have certain rights regarding the information we hold about you under other data protection and privacy laws.
16. Third-party links
Our Services may, from time to time, contain links to the websites of our partner networks, advertisers and affiliates. Please note that these websites have their own privacy policies and that we do not accept any responsibility for them, so if you follow a link, check these policies before you submit any personal data to these websites.
17. Changes to our Privacy Policy
To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this Policy at any time by posting a revised version on this website. To stay up to date on any changes, check back periodically.
18. Contact
18.1 Please send any questions, comments or requests about this Policy to our privacy team at privacy@apvistafintech.com, where you can also contact our Data Protection Officer. You can also write to us or our Data Protection Officer at our registered office that applies to you, as listed in the Appendix.
18.2 If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws, as listed in the Appendix.