1. home
    2.   /  Privacy Policy

Privacy Policy

Last update: Mar 19, 2024

  1. Introduction
  2. How we obtain your personal information
  3. What personal information do we collect?
  4. Why do we collect your data?
  5. Legal basis for processing your personal information
  6. How do we keep your data safe and secure?
  7. How long do we keep your personal information?
  8. Who do we share your information with?
  9. Where do we store your personal information?
  10. Automated decision making
  11. Third party websites
  12. What are your rights?

1. Introduction

Who are Kixy?

  • 1.1. Kixy operates www.Kixy.com (our "Site") and the smartphone application which can be downloaded at App Store and Google Play (our "App"). Kixy also provides an online money transfer service via our Site and our App (together, our "Service"). In this privacy policy, terms such as “we”, “us”, "our" and “Kixy” refer to Kixy Ltd, a company incorporated and registered in England and Wales under company number 11201126 with its registered office located at 40 Gracechurch Street, London EC3V 0BT, United Kingdom.

  • 1.2. Kixy is the “data controller” of any personal information that you provide to us or which we receive in relation to your use of our Service and you are the “data subject”. This means that Kixy determines the purposes and means of processing your personal information, while respecting rights concerning your privacy.

Our values and what this privacy policy is for

  • 1.3. We respect your privacy and we want you to feel confident and comfortable with how your personal information will be looked after or used by us when you access our Service, contact us, or otherwise interact with us. We have prepared this privacy policy to explain to you how we collect, use, store, disclose and protect your personal information in connection with our Service. This privacy policy also explains what rights you have in relation to your personal information.

  • 1.4. Please take the time to read and understand this privacy policy. By engaging in the way set out in this privacy policy, you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.

  • 1.5. Please note that our Service is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 18. If you are under the age of 18, please do not attempt to access our Service. We will take appropriate steps to delete the personal information of persons under the age of 18. 

How to contact us

  • 1.6. If you have any questions about this privacy policy or our use of your personal information, you can contact our Compliance Officer as follows:  Email: privacy@Kixy.com

  • 1.7. You can also contact us to inform us of any changes to the personal information we hold about you. This will help us ensure that our records are accurate and up to date. 

Changes to this privacy policy

  • 1.8. Kixy may make changes to this privacy policy so please remember to check back from time to time. Where we have made any changes to this privacy policy, we will post these on our Site and our App or otherwise notify you of any material changes by email. Any changes will be effective immediately unless otherwise stated. This privacy policy was last updated on 18/10/2021.

2. How we obtain your personal information

  • 2.1. We will collect, use, store and transfer different kinds of information that you provide to us when you:

    • Apply for an account.

    • Use any of our services.

    • Make an enquiry, provide feedback, make a complaint or contact us over the phone, by email or other means. 

    • Report a problem with our Site or our App.

    • Interact with our social media accounts which may include Twitter, Facebook and Instagram.

    • Use our Site and our App generally. This means that we will collect certain information about how you use our Site and our App and the device that you use to access our Site and our App, even where you have not created an account or logged in. This information may include login data, IP address, operating system, and any actions on our Site and our App, and may be collected by a third-party analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies and similar technologies please refer to our Cookies Policy.

3. What personal information do we collect?

  • 3.1. Like most companies, we collect various types of data about our customers and users of our Site and our App. Some of it may be considered personal information, which means information that makes you directly or indirectly identifiable as an individual.

  • 3.2. We may collect and use the following data:

    • Identity and contact data. This includes basic personal information, such as names, address, date of birth, phone number, e-mail address and other contact details you may provide to us.

    • KYC and CDD data. If you sign up for an account with us we will need to collect certain information from you in order to comply with our Know Your Customer ("KYC") and Client Due Diligence ("CDD") obligations, such as proof of your identity (e.g. passport, driving licence, national ID card or residence permit), proof of your address (e.g. utility bill or bank statement), your image in photo or video form and additional details on source of funds (e.g. payslip, credit card statement, tax rebate receipt or bank loan agreement).

    • Payment and transaction information. As a regulated financial institution, we are bound by the legal requirement to collect, verify and record certain data about your transactions including recipients of your transactions.

    • Site and App usage data. This includes information about your interactions with our Service, such as login data, IP address, page views, searches, and other actions on our Site and our App.

    • Technical data. For example, your geographical location, information about the device you use to access the Service such as your hardware model, mobile network information and unique device identifiers. 

    • Marketing and communications data.

This includes your preferences in receiving marketing from us and our third parties and your communication preferences.

  • 3.3. In certain circumstances, we will receive information about you from other third parties, such as:

    • Advertising parties. We may receive personal information that you submit to any third party website that you access from an advertisement on the Service. Please check the privacy policy of any third party website to which you submit information.

    • Service providers. We may collect personal information from banks and payment service providers used to transfer money to us, our Site developers, App developers, IT support providers, customer service support providers and marketing services providers. 

    • Third party providers. When you ask us to, we will collect personal data from accounts you hold with third party banks so that you can see everything in one place.

    • Publicly available sources. We may use publicly available sources, for example, credit reference agencies, to carry out identity, credit and compliance checks. 

    • Other third parties. We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us. If you log into your customer account using your Facebook or Google profiles, we will receive access to your Facebook and Google profiles (as applicable), including your profile picture, associated email address and contact list.

4. Why do we collect your data?

  • 4.1. We use your information in the following ways:

    • To provide access to our Service. We collect your data to provide you with access to our Service in a convenient and optimal manner and to personalize and improve our Service for you.

    • Transactional purposes. We need to collect data in order to process your transactions.

    • Regulatory purposes. As regulated financial institutions, both Kixy and our partners (including TPL) are required to conduct KYC and CDD checks to comply with our legal and regulatory requirements. These include our requirements under Anti Money Laundering and Counter Terrorist Financing legislation. All of this helps us keep our Service safe and secure.

    • User and customer support. In order to provide user or customer service and support, we share your information with our Site developers, App developers, IT support providers, payment services provider and security providers as necessary to provide the relevant support.

    • Marketing purposes. We may process your personal information to provide you with certain types of marketing communication that we believe will be relevant and of interest to you and where we have your consent or it is in our legitimate interests (for more information on our legitimate interests, please see Section 5.3 below). We will always endeavour to make these communications relevant and unobtrusive, and you are able to object to marketing communication from us at any time.

    • Research and analytical purposes. We may collect and analyse data such as Site visit logs in order to help us to understand how you use our Service so that we can improve the quality of our Service, marketing, customer relationships and experiences.

 

  • 4.2. You do not have to disclose any of the above information to us. However, if you choose to withhold certain information, we may not be able to provide you with our Service.

5. Legal basis for processing your personal information

  • 5.1. We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected, and use, your personal information.

  • 5.2. In almost every case the legal basis will be one of the following:  

    • Performance of your contract with us and the provision of our Service. 

    • Your consent (where we request it). 

    • Our legitimate interests or the legitimate interests of a third party (where appropriate). 

    • Where we need to comply with a legal or regulatory obligation. 

  • 5.3. Where we use your information for our legitimate interests (or that of a third party), we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests (or those of a third party) do not automatically override yours and we will not use your information if we believe your interests should override ours, unless we have other grounds to do so (such as your consent or a legal obligation).  You can object to data processing based on our legitimate interest at any time by contacting us at privacy@Kixy.com or by changing the settings on your Kixy account.

  • 5.4. Where we collect any personal data which can be categorised as "special category" personal data (for example, biometric data obtained from images or videos you upload as part of our KYC and identity checks) we will, in addition to the legal basis described in Section 5.2 above, always obtain your explicit consent (which you are free to withdraw at any time although this may affect our ability to offer you our Service).

6. How do we keep your data safe and secure?

  • 6.1. We have put in place appropriate security measures to prevent your personal information from being accidentally destroyed, lost, used or accessed in an unauthorised way. 

  • 6.2. All the information that you provide to us is encrypted on our secure servers. We restrict access to your information to specific employees of Kixy who have an important business-related reason for handling it. Our communications are encrypted using the TLS (Transport Layer Security) technology protocol. All of the information we collect from you or from other sources will always be stored in accordance with this privacy policy.

7. How long do we keep your personal information?

  • 7.1. Depending on what purpose your personal information is used for, the length of time we keep it may vary. Either way, we will only hold your information for as long as it is necessary to serve the purpose it is used for, taking into account the amount, nature and sensitivity of the information.

  • 7.2. Please note that we are legally required to keep information obtained for KYC, CDD and security purposes (including transaction records and our communications with you) for at least five years after the most recent transaction.

8. Who do we share your information with?

  • 8.1. We may share your personal information with certain third parties in order to allow us to provide our Service and other services to you, enforce our rights or to comply with applicable laws including our legal and regulatory obligations. We will never sell your personal information to other organisations.

  • 8.2. Third parties with whom we may share your personal information include:

    • Our service providers. Third party service providers, including partners and intermediaries, we work with to deliver our Service, who are acting as processors and provide us with:

      1. development and hosting services; 

      2. payment services;

      3. IT, system administration and security services; and

      4. marketing and advertising services.

    • Regulators and governmental bodies. Regulators, governmental bodies and other authorities acting as processors or separate controllers who require reporting of processing activities in certain circumstances, for example, for the purposes of security, taxation and criminal investigations.

    • Marketing partners. Any selected third party that you consent to our sharing your information with for marketing purposes.

    • Prospective sellers and buyers of our business. If we sell or buy any business or assets, we may be obliged to share your personal information with the prospective seller or buyer.

    • Other third parties (including professional advisers). Any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

  • 8.3. We require all third parties to respect the security of your personal information and to treat it in accordance with the law.

  • 8.4. The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at  https://www.cifas.org.uk/fpn.

 

9. Where do we store your personal information?

  • 9.1. We work with partners who help us to complete your transactions and may be based outside of the United Kingdom ("UK") or the European Economic Area ("EEA"). This means that the personal information that we collect from you may be transferred to, and stored at, a destination outside of the UK or the EEA, including countries, which have less strict, or no data protection laws, when compared to those in the UK or Europe.

  • 9.2. Whenever we transfer your personal information as set out in Section 9.1 above, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely and in accordance with this privacy policy. In these cases, we will only transfer your personal information where it has been established by the European Commission (in the case of transfers out of the EEA) or the UK Government (in the case of transfers out of the UK) that the relevant country has an appropriate data protection regime in place, or where we otherwise ensure that the appropriate level of protection is applied in respect to data processing in the recipient country. If you are located in the UK or EEA, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

 

10. Automated decision making

  • 10.1. Automated decision making refers to a decision which is taken solely on the basis of automated processing of your personal information. This means processing using, for example, software code or an algorithm, which does not require human intervention.

  • 10.2. We may use automated decision making where it is necessary for entering into or to perform a contract with you and appropriate measures are in place to safeguard your rights; or, in limited circumstances, with your explicit consent. For example, we may use automated decision making to:

    • carry out anti-money laundering and sanctions checks including identity and address checks; and

    • to monitor your account to detect fraud and financial crime.

    The results of any check may affect the type of products or services we can offer you. 

  • 10.3. You have certain rights in respect of automated decision making, where that decision has significant effects on you, including where it produces a legal effect on you. Please refer to Section 12 for more information about your rights.

11. Third party websites

  • Our Service may contain advertisements and links to websites that are operated by third parties including our affiliates. We do not control and accept no liability or responsibility for those advertisements, websites or feeds and this privacy policy does not apply to those advertisements or websites. Please consult the terms and conditions and privacy policy of the third party responsible for such advertisements or websites to find out how they collect and use your personal information and to establish what they may use your personal information for.  

12. What are your rights?

  • 12.1. Data protection laws give you a number of important rights in relation to your personal information, which are listed below. There are certain exceptions where these rights may be superseded by laws and other requirements applicable to regulated financial institutions like Kixy. An example of this would be the obligatory retention period (see Section 7.2), which supersedes the right to data erasure.

Your rights

  • 12.2 Subject to certain legal conditions, your rights include:

    • Information. The right to be informed about how we use your personal information.

    • Access. The right to request, free of charge, details of and access to a copy of the personal information that we hold about you, usually within a month of asking for it, and to use it for your own purposes.

    • Portability. The right, in certain circumstances, to ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form.

    • Rectification. The right to correct, amend or update your personal information if it is wrong, incomplete or has changed (this can usually be done using the settings provided on your account).

    • Erasure. The right to ask us to remove the personal information we hold about you from our records where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. This includes the "right to be forgotten" i.e. the right to request erasure of any links to your personal information, or of any copy or replication of any public personal information.

    • Restriction. The right to ask us to stop processing your personal information where you have asked for it to be erased or where you have objected to our use of it.

    • Objection. The right to object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and you believe that our legitimate interest might infringe upon your rights. You can also object to our use of your personal information for direct marketing purposes.

  • 12.3. In relation to our very limited automated decision making as set out in Section 10 of this privacy policy, you have the right to contest any decision made and to request for human intervention in the process. We shall consider your point of view in relation to such decision.

Exercising your rights

  • 12.4. If you wish to exercise your rights, please contact us using the contact details set out at Section 1.7 of this privacy policy. You will not have to pay a fee to exercise the above rights, however, we reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal information. 

  • 12.5. Please also note that we may ask for proof of your identity. This is a security measure to ensure that we do not disclose personal information to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

  • 12.6. We will try to respond to all legitimate requests within one month. Sometimes it may take us longer if your request is complex or you have made several requests. In this case, we will notify you and keep you updated.  

  • 12.7. Please also be aware that not all of those rights are absolute and there may be circumstances in which we will not fully comply with your request because of a specified legal ground or exemption.   

Complaints

  • 12.8. If you are not happy with how we have handled your personal information, you can submit a complaint to our Compliance Officer using the contact details set out at Section 1.7 above.

  • 12.9. You have the right to submit a complaint to the Information Commissioner’s Office ("ICO"), the UK supervisory authority for data protection issues (www.ico.org.uk), as well as the relevant authority in your country of work or residence, if you are not satisfied with our Data Protection Officer’s response, do not believe we have handled your request to exercise your rights in an appropriate manner or if you believe that we are not processing your personal information in a lawful way.

  • 12.10. If you would like to read more about your rights in relation to your personal information, please refer to the ICO's website.

Company

About usCareers

Products

PersonalBusiness

Features

Multi-CurrencyDirect DebitSocial Finance

Resources

ContactStaying SafeIBAN

Legal

TermsCookiesPrivacyLegal status

Get the app

Qr-code
apple-storegoogle-play

You can receive email updates about Kixy products, news and offers. Following the unsubscribe link at any time will allow you to withdraw your consent. Please see our Privacy Notice for more information.

Innovate Finance
logo

If you would like to find out more about Kixy services and products, or if you have any other questions, please see the Terms & Conditions, or contact us via our chat or website.

Kixy LTD is registered with the Financial Conduct Authority under the Payment Services Regulations 2017 for the provision of payment services (reference number: 814005). Kixy LTD's registered address: 40 Gracechurch Street, London, England, EC3V 0BT. For Canadian customers, Kixy Services Inc. is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a Money Service Business (MSB) with registration number M21855906.