Privacy Policy for ABA UK Customers
Privacy Policy for ABA UK Customers
Last Updated: November 2024
1. Overview
At WorldFirst, we pride ourselves on maintaining the highest levels of security, transparency and integrity in our work, and recognise the importance of protecting and respecting your personal data.
To provide you with our services we need to know things about you. We will only collect information we need to provide you with the services you have requested or as permitted by applicable law. We will endeavour to handle your information with the utmost care.
Any information we receive about you will be subject to strict controls to minimise the risk of misuse – including unauthorised access to, or disclosure of, your personal data. This Privacy Policy applies to information that WorldFirst may collect about visitors to its website (even if you do not become a customer), companies and individuals who register for its services, and continue using its services, and any other person who contacts WorldFirst over the telephone or in writing.
Please read this Privacy Policy carefully, together with the WorldFirst Terms and Conditions, Cookies Policy and any other documents referred to within or provided to you when you sign up to our services or from time to time as you use our services For the purposes of this Privacy Policy, the term “personal data” means any data that can identify you as an individual for example name, address and contact information (as defined by the UK GDPR). It does not include any anonymous data or any data which cannot be linked back to you.
2. Who we are
We are World First UK Limited (referred to in this Notice as “WorldFirst”, “we”, “us” or “our”) with our company address: Millbank Tower, 21-24 Millbank, London, UK, SW1P 4QP.
WorldFirst acts as the “controller” (as defined by UK GDPR) of your personal data for the activities described in this Privacy Policy. That means WorldFirst is the legal entity deciding why and how your personal data is collected and used.
If you would like to know more about any of the terms of this Privacy Policy, please contact us (please see Section 12 below) so that we can help you with any questions or concerns.
3. What information do we collect? And how do we collect it?
Information you provide to us
To access the Antom Merchant Portal or use WorldFirst services, you will be asked to provide identifying information about yourself (e.g. name, address, date of birth, and email address) and your company (together, “Account Information”), together with documents to verify the information provided – such as, proof of identification namely, a copy or record of your identity cards, passport or other travel document information, your proof of address, biometric information such as your facial image or voiceprint details, occupation, nationality, country of birth, source of funding, source of wealth and/or other information from checks, credit cards, bank statements, address proofs or money orders (together, “Identification Information”). You will also be asked to provide “Profile Information” including your username and password.
In order to make payments, you will be asked to provide the information required to facilitate the payment – e.g, Beneficiary Information (see below) and certain Transaction Information (see below) – in particular, bank account details and source of funds.
Through the course of our business relationship, we may ask for additional evidence in order for us to comply with our legal obligations – e.g. anti-money laundering regulations. These can include, but are not limited to, documents required to verify any information provided or evidence of source of funds (“KYC/ AML Information”).
Information we collect when you use our website or app
Our website uses cookies to provide you with a better experience on our website, for fraud prevention and to provide internet-based advertisements such as banner advertisements on the website or app. For detailed information on the cookies we use and the purposes for which we use them, please see our full Cookie policy.
The WorldFirst user community participants will have their sessions recorded to allow us to capture the feedback to improve our services and help with the development of new products.
For the detection and prevention of fraud and cyber-crime, we will collect information, including session, device and IP address (“Device Information”) to help ascertain the legitimacy of the account login. We will also collect information about your activities on and use of our website or app including, for example, browser history, product engagement, IP address or other unique identifiers, and other information regarding your interaction with our website or app and our advertisements (“Usage Information”).
Public information
For non-registered users, where permitted under applicable law, we may contact you using publicly available information or information from third parties (i.e., name and contact details), which you have consented to being shared, to let you know about products that could be relevant for your business. Such third party sources include, for example, social media platforms, company registration lists, and telephone and other publicly available directories.
Transactional information
Once your account is fully set up and you begin to transact with us we will collect, process and store your WorldFirst financial and transactional information. This information includes the amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details (together, “Transaction Information”). Such information may come from other banks and payment institutions.
Information about you that we receive from third parties
To protect ourselves and our customers against fraud, we verify the information you provide (e.g., the KYC/ AML Information) with anti-fraud agencies and electronic identity verification services, government registries and other sources of public records. In the course of verification, we receive and process information about you from such services. It may include the collection of biometric information (via facial recognition technologies) used for real identity verification and authentication purposes.
Information may also be collected from our affiliates, credit reference agencies and risk analysis service providers, such as credit reports and risk score/tags.
Communications
All calls (including video calls) are recorded and correspondence retained for the purposes of quality control and training, as evidence of transactions and to fulfill regulation requirements. Any information you disclose to us will be held on these recordings in compliance with applicable law (“Call Recording Information”).
Individuals who are not registered users of WorldFirst
· Connected parties
WorldFirst will collect information about connected parties to a WorldFirst client during the course of the business relationship from the client to comply with our legal obligations – e.g. directors or shareholders, ultimate beneficiary owners, and/or suppliers of a World First client (“Connected Party Information”). Where customers provide this information, they are responsible for bringing this Privacy Policy to the attention of the individuals concerned.
· Payers and payees
WorldFirst will collect information required to be able to send a payment to an individual, who may not be a WorldFirst client. This will include name and bank account details that are required by regulations to process the payment (“Payer/Payee Information”).
Transfers of your personal data outside of the EEA/UK
Our operations are supported by a network of computers, servers and other infrastructure and information technology, including third party service providers – as identified in Section 5 below. Some of these are established in countries outside of the European Economic Area (“EEA”) or the UK. Your personal data identified in Section 3 above, are transferred outside of the EEA/UK as permitted by applicable data protection and privacy laws and regulations, including but not limited to the following countries: Australia, Hong Kong, Japan, the United States, China, Singapore and Turkey.
WorldFirst has entered into standard contractual clauses (“SCCs”) for intra-group transfers of personal data including, without limitation to the WorldFirst Group Companies identified in Section 5 below that are located outside of the UK and/or the EEA in countries which do not offer an adequate level of data protection. The categories of personal data processed by the data importers are set out in Section 3 above. The data importers may also (onward) transfer personal data to third party recipients who may be located outside the EEA/UK for the purposes set out in Sections 4 and 5 below. The data importers will only make such (onward) transfers to recipients ensuring appropriate safeguards are in place where required, or where otherwise permitted by the SCCs and which may include entry into SCCs.
Where WorldFirst transfers personal data to other recipients located outside of the EEA/UK, WorldFirst will always ensure that the recipient is based in a country with adequate data protection laws (e.g., Japan), that appropriate contractual obligations (e.g., SCCs) are implemented, that they otherwise adhere to Binding Corporate Rules, or that an appropriate derogation to legitimise the transfer can be relied on.
If you would like further information or a copy of the relevant contractual safeguards, you can contact us using the details set out in Section 12 below.
4. What do we use your information for and in reliance on what legal bases?
The purposes and legal bases upon which we process your personal data include:
Category of Personal Data | Purpose of Processing | Lawful Basis for Processing |
All personal data in Section 3 above other than Usage Information, Facial Image, Payer/Payee Information and Device Information | Registration and Administration: We use your personal data to enable you to register with us. Once you have an account with us we will use your personal data to contact you and to reply to any queries or requests. We will use your personal data in the administration of your account, which includes us contacting you in order to update your account details (this assists with keeping our records up to date) or in order to notify you of changes or improvements to our products or services that may affect our service to you, or to send you notices an disclosures as required by law you cannot opt-out of the receipt of these service messages. | To perform a contract (Art. 6(1)(b) UK GDPR) To comply with a legal obligation e.g., financial tax reporting and bookkeeping laws (Art. 6(1)(c) UK GDPR) |
All personal data in Section 3 above other than Usage Information, and Device Information | Provide Payment Services: We use your personal data in order to supply our products and services to you including, enabling transactions and facilitating payments and to meet our contractual obligations to you. This will include the sharing of your personal data with other financial institutions, including banks, money service operators and payment service providers, to manage risk and meet their legal and regulatory obligations, such as conducting verification checks on payers, payees and transactions (see Section 5 below). | To perform a contract (Art. 6(1)(b) UK GDPR) To comply with a legal obligation (see below) (Art. 6(1)(c) UK GDPR) To pursue our legitimate interests to operate and improve our business and minimise any unintended disruption, risk or fraud to the services that we offer to you, to transfer your personal data within the WorldFirst Group for internal administrative purposes, and to make your experience of our products and services efficient and effective (Art. 6(1)(f) UK GDPR) |
Usage Information, Device Information | Improve our Products and Services: To understand our customers’ actions, behaviours, preferences, transactions, expectations, and feedback in order to improve our products and services, develop new products and services, including to design financial services or related products for your use and to improve the relevance of offers of products and services by us | To pursue our legitimate interests to make your experience of our products and services efficient and effective and to improve the same (Art. 6(1)(f) UK GDPR) |
Account Information, Profile Information, Identification Information, KYC/AML Information, Facial Image, Beneficiary Information, Transaction Information | Prevention and Detection of Crime: We are subject to strict anti-money laundering and counter-terrorist financing regulations which requires us to undertake due diligence on our customers and their beneficiaries. This may include the conduct of soft searches through an identity-referencing agency and through other sources of information and the use of scoring methods to identify risk and to verify identity. These activities may involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. It may also include the sharing of personal data with police, law enforcement, tax authorities or other government and fraud prevention agencies | It is necessary for a task carried out in the public interest for the prevention of money laundering, terrorist financing or proliferation financing. (Art. 6(1)(e) and Article 9(2)(g) UK GDPR) To pursue our legitimate interests to cooperate and assist law enforcement in the fight against financial crime (Art. 6(1)(f) UK GDPR) |
Name and contact details | Direct Marketing: We may use your information to keep you up to date concerning WorldFirst Group Companies’ products and services, tell you about new products/services or to ask about your experience with us. You can opt-out from direct marketing or adjust your personal preferences at any time. The classes of services, products and subjects that may be marketed include money services, payment services, financial services, foreign exchange services, reward programmes, loyalty programmes, privileges, co-branding programmes and promotions for related products and services. | To pursue our legitimate interests to send you marketing communications (Art. 6(1)(f) UK GDPR) Where required under applicable law, we will ask for and rely on your consent (Art. 6(1)(a) UK GDPR) |
Call Recording Information | Monitoring: We record all our telephone calls for security and training purposes e.g., to assess the quality of our customer services and to provide staff training | To pursue our legitimate interests to assess the quality of our customer services (Art. 6(1)(f) UK GDPR). |
All personal data in Section 3 above | To defend and enforce our rights including, against legal claims that involve us or other WorldFirst Group companies, and to manage regulatory matters, investigations, data breaches, and/or data subject requests, and to administer our business (including for legal, internal and external reporting and accounting purposes), including reporting and accounting within the World First Group Companies. | To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) UK GDPR) To pursue our legitimate interests to defend and enforce our rights (Art. 6(1)(f) UK GDPR) |
All personal data in Section 3 above
| To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us or any WorldFirst Group Company | To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) UK GDPR)
|
All personal data in Section 3 above
| To enable analysis within the World First Group Companies in relation to any of the above purposes and to improve the service that we provide to you. | To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) UK GDPR)
|
Designated information | With your instruction or consent from time to time, to share your personal data with third parties as independent controllers for the third party’s own use. | Where required under applicable law, we will ask for and rely on your consent (Art. 6(1)(a) UK GDPR) |
5. Who do we share your data with?Who do we share your data with?
We will only share your personal data with other companies in accordance with applicable data protection laws.
WorldFirst Group Companies
WorldFirst Group Companies refers to the companies owned (whether partially or wholly) by Ant International, including but not limited to the companies listed below:
WorldFirst Netherlands B.V. (EU)
WorldFirst Pty Ltd (Australia)
WorldFirst Asia PTE Ltd (Singapore)
WorldFirst Japan K.K (Japan)
WorldFirst Asia Ltd (China – Hong Kong)
AISG Labs Pte. Ltd. (Singapore)
These WorldFirst Group Companies will access and process your personal data categories included in Section 3to assist in the provision of services to you including, for back-up purposes, to assist with compliance and anti-money laundering activities and for internal audit and risk purposes. However, the way information is accessed, processed and transmitted and our level of security remains consistent across WorldFirst Group Companies.
Banking Partners
WorldFirst uses various banking partners around the world to ensure your payment can get to where it needs to go as quickly as possible. When you transact with WorldFirst, we will need to share your personal data with payment providers or banking partners including, those located outside of the UK, such as intermediary or beneficiary banks – e.g. if you ask us to make a USD payment to China – Hong Kong the funds may be cleared through an intermediary bank in the US before reaching China – Hong Kong.
For transparency, verification and legal requirements, we are required to include certain information on the payment which could include: Account Information, Payer/Payee Information, Identification Information, KYC/AML Information and Connected Party Information.
In addition, where you use the services of a banking partner of ours, and/or a banking partner requests us to provide certain data about you according to your authorization, we may share your data with such banking partner to provide the relevant banking services to you.
Trusted Partners
We work with certain platforms, that refer merchants and participants to the services and platforms provided by us. If one of our trusted partners introduced you to WorldFirst, we may provide them with your personal data that is necessary to fulfil our contractual obligations with the partner.
We may also cooperate with trusted partners to provide value-added services to you. Such value-added services may include, without limitation to, helping you to open and manage a store on designated e-commerce platform, or assisting your application for financial services provided by our trusted partners. We may share your personal data to such trusted partners, in order for them to evaluate and determine whether you are suitable for their services, and help detect and prevent fraud, money laundering and other criminal or abusive behaviour. We require trusted partners to undertake a strict confidentiality obligation and not to use your data that we share with them for any other purposes. We would also require trusted partners to adopt sufficient technical security measures to protect your data.
Additionally, we may share your contact details with a trusted partner for marketing purposes if you have given your consent to do so as required under applicable law You may opt-out from direct marketing or adjust your personal preferences at any time.
Advertising Providers
We may share personal data with companies that help us with our marketing efforts, including social media platforms, advertising networks, and AdTech companies. This allows us to serve interest-based advertisements that may be more relevant to you.
Contractors, Professional Advisors and Service Providers
We may share any personal data identified in Section 3 above with our contractors, professional advisers and third party service providers who provide administrative, customer support, telecommunication, computing, remittance, background checks, web hosting, marketing and advertising services, audit and compliance, identity authentication or other services to us in connection with the operation or maintenance of our products and services We may also share your personal data with vendors to help detect and protect against fraud or data security vulnerabilities. These companies do not have any rights to market other services to you.
Regulators and Law Enforcement Agencies
We may share your personal data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. This may include all personal data identified in Section 3 above.
Other Parties
We may share your personal data with actual or proposed entities involved in any merger, acquisition, corporate reorganisation or financing, or similar transaction with us, including in the event of the sale of all or part of our assets. All personal data categories included in Section 3 may be disclosed on a need-to-know basis depending on our business needs and the type of corporate transaction.
Also, we may share your personal data with any person acting on your behalf provided that you have given us the permission to do so.
6. How long do we keep your personal data for?
WorldFirst will only retain your personal data for as long as is necessary to provide our services to you and will not hold or process your personal data for any longer than we are legally permitted to. The criteria used to determine the appropriate retention period includes:
· Regulatory requirements WorldFirst is subject to
· Limitation periods and whether a legal claim could be brought against WorldFirst
· Necessity of information to provide our service to our customers or otherwise for the purposes of collection that we notified you of
· The types of personal data being processed
· The legal basis for processing your information – e.g. consent
Information about connected parties and beneficiaries, which may not belong to a WorldFirst client, are stored for a period to comply with applicable legal requirements.
7. Direct marketing
Whether you are a registered World First user or a visitor to our website, World First Group Companies may, with your consent (where required by applicable law), use your personal data to perform direct marketing activities to keep you updated about our products, market or exchange rates and market updates.
We will seek your consent for direct marketing activities in accordance with applicable law.
If you change your mind on which communications you would like to receive or how you would like to receive them or you decide that you do not wish to receive direct marketing communications, you can unsubscribe at any time by:
• if you are a registered user, managing your preferences through the World First Online trading platform; or
• clicking the link to unsubscribe at the bottom of any direct marketing email that you receive.
You will not miss any service we provide by not choosing to receive marketing from us and you can change your mind whenever you like as often as you like.
8. What are your rights?
You have certain rights in respect of your personal data as outlined below. If you would like to exercise any of the below rights then please contact Privacy Office (privacy@worldfirst.com) and we will respond to your request. However, please note that the below rights are not absolute and may be subject to limitations. Where we are legally permitted to, we may decline your request in full or in part, but we may provide an explanation with the response.
As necessary we will request you to provide proof of identity and to provide sufficient information to enable us to locate relevant information and verify that the person making the request is entitled to do so.
Non-registered users (e.g. website users, connected parties and payers/payees) have the same rights as any registered users and may contact World First to request for any of the above.
To ask for information that WorldFirst holds about you to be corrected
Where the personal data that we hold about you are incorrect, you have the right to request amendments to be made.
To ask us to erase your information if we no longer have a reason to hold it
You have a right to request for the deletion of your personal data that we hold.
To ask us to restrict the processing of your personal data
You have a right to ask that we restrict or suppress the processing of your personal data which means that whilst we are permitted to store the personal data we cannot otherwise process it.
To ask for a copy of the information WorldFirst holds about you
You have a right to receive a copy of your personal data. You also have the right to ask for a copy of your personal data to be provided to a third party in certain circumstances.
To withdraw your consent
You have a rights to withdraw your consent to the processing of your personal data at any time (where WorldFirst is processing your personal data based on your consent) by contacting us using the details in Section 12 below. Please note that withdrawing your consent may prevent us from further providing all or part of our services to you but does not affect the lawfulness of our processing of your personal data based on such consent before the withdrawal.
To object to the processing of personal data by WorldFirst
If you object to the processing of your personal data (including, profiling) which we carry out in reliance on our legitimate interests, we will investigate to see if there is compelling reason for processing to continue.
You can not object to the processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party.
Also, you can object to marketing communications at any time. Please see Section 4 above.
To ask not to be subject to solely automated decision making (including, profiling)
WorldFirst puts people first. There will not be any scenarios in which profiling or automated decision making will have a legal or similarly significant impact on you without a person reviewing or making a decision on the result.
9. Security of personal data
We store all data electronically and physically in a manner aimed at securing and protecting the data’s confidentiality, integrity and availability. Data is stored on servers which are protected by actively maintained firewalls. We make use of up-to-date anti-virus software and our servers have restricted access.
If you provide paper-based documentation for the purpose of identity verification these will be stored electronically and the original will be destroyed securely or returned to you.
Transmission of data on the internet can never be completely secure. We do not and cannot guarantee the security of information collected or transmitted electronically however, we take reasonable care to safeguard your personal data.
If you suspect any unauthorised use of or access to your account or information, please contact us immediately.
10. What if I am unhappy?
If at any time you are not happy with how we handle your personal data, you can make a complaint to us. For further information, please see our complaints policy.
We would really like the opportunity to set things right with you but you also have the right to raise any data protection concerns with a data protection authority directly if you are unhappy with the way we are handling your personal data, including the Information Commissioner’s Office.
11. External links
Our website may contain links to other third-party websites, which may have privacy policies/statements that differ from our own. We are not responsible for the activities and practices that take place on these websites.
Accordingly, we recommend that you review the privacy policies/statements posted on any website that you may access through our website.
12. Contact us
If you would like to get in contact with us, please contact our Privacy Office by sending an email to privacy@worldfirst.com or by writing to us at World First UK Ltd, Millbank Tower, 21-24 Millbank, London, SW1P 4QP
Changes to our privacy policy
We may change, amend or revise this Privacy Policy from time to time including, for example, in response to changing legal, technical or business developments. We will take appropriate measures to notify you of any substantive or material changes. You can view the latest version of this Privacy Policy on our website at any time and you are encouraged and responsible for consulting the latest version of this Privacy Policy before making use of the services referenced in this Privacy Policy.
Once posted on our website the new Privacy Policy will become immediately effective.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.