Dandelion Global Privacy Notice | December 2021

Global Privacy Notice

December 2021

This Data Privacy Notice explains how we treat the personal data that we collect when you use our services as a customer, visit and/or use our websites or mobile applications, or otherwise interact with us. In this Privacy Notice, we also specify how your information could be potentially shared with third parties and the privacy policies we have in place to protect personal data.

Who are we?

We are Euronet, a global brand, part of Euronet group.

You can find all our contact details here.

What type of data is collected?

We collect only the data we need to by law and local regulation. This includes:

  • Identification data
  • Financial data
  • Behavioral data

We will never collect more data than is necessary.

Why do we collect data?

We collect data for specific contractual and legal purposes. The personal data also serves to enhance the user experience in our platforms.

How long does Euronet collect data for?

We will keep personal data for as long as needed, as required by law and/or local regulation. Occasionally, legal requirements may translate into a longer retention period, but will be deleted once the requirements are fulfilled.

Who do we share customer data with?

We share customer personal data with other Ria Companies, legal authorities, and partners to meet our regulatory and contractual commitments.

Where does Euronet keep your personal data?

We store customer data in secure locations with strict security measures in place.

If we need to transfer customer data to other countries, we will take all necessary measures to comply with legal obligations and ensure a proper level of security.

What are your rights?

Our customers are the owners of their personal data and have a legal right to exercise control over it. A customer may request the following at any time by sending an email to dpo@euronetworwilde.com:

  • Access to their data
  • Modification of their data
  • Deletion
  • Limitation of the of processing purposes.

1. What Personal Data we collect, how we collect it and why?

Identification data

This may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, gender, images, signature, passport/visa details, voice recording, official credentials, and its image capture.

The reason to process your data

Legal basis for using your personal data

Supply of Services

• Contractual obligation

Newsletter and marketing purposes

• Consent

Market research & consumer feedback: Any information that our customers voluntarily share with us about their experience of using our products and services

• Consent

• Legitimate interest

Customer service: We may monitor and record (via automated means or transcripts) our telephone calls, email and chat conversations with our customers. We may use transcripts of these calls to confirm instructions you provide us.

• Contractual obligation

• Legitimate interest

Managing our customers’ accounts (registration and administration)

• Pre-contractual/Contractual obligation

Requesting access to tools and information: Our customers may wish to have access to certain tools and information made available on the App, before or after deciding that they would like to register to use our services, including our foreign exchange and payment service

• Pre-contractual/Contractual obligation

Profiling: We use all our customer data to measure and evaluate personal habits based solely on automated processing in order to provide customers with a more personalized service

• Consent

Photographs or videos that our customers may have recorded and shared with us

• Consent

Participation in events and giveaway: Our customers may wish to take part in events organized by us or in a specific giveaway

• Consent

• Contractual obligation

Financial details

We collect your personal financial data when onboard you as a customer. We may collect financial data such as bank accounts, financial statements, transfer reason, occupation, or other documentation to demonstrate the source of funds you wish to transfer (this is similar to salary receipts), in order to provide you with our services, when required.

Supply of Services

• Contractual obligation

Money laundering

• Legal obligation

Terrorist Financing and Criminal activity

• Legal obligation

Managing your account

• Contractual obligation

Legal profiling for credit reports

• Legitimate interest

Behavioral and technical information

IP address of visitors, behavioral information, browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system, and platform.

Visit our cookie policy here

• To measure the use of our website and services, including number of visits, average time spent on a website, App, pages viewed, page interaction data (such as scrolling, clicks, and mouse-hovers), etc., and to improve the content we offer to our customers

• Legitimate Interest

• To administer the website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

• Consent

• As part of our efforts to keep the website safe and secure

• Consent

• Legitimate Interest

• To measure the impact of our emails

• Consent

• Anonymized Profiling: We may combine collected data to enhance the customer experience for better use of our services

• Legitimate interest

Location:

We may collect information about your location when customers use our services

To provide our customers with a tailored experience on the App related to their location, such as displaying the local currency in the relevant location.

• Consent

• Legal obligation

Video surveillance.

Image, video, and voice recording

We may use CCTV to ensure customer safety in our stores or offices.

• Public interest

• Legitimate interest

Biometric data.

Image, video record, fingerprints, and face scan

To verify your identification during the registration process in our App and website, or at anytime during the use of our services

• Consent

Transactional Data

We may collect personal data like the beneficiary details, bank account information, contact information, the destination where you are sending money and bank preferences. Depending on the local regulation, we may collect details such as occupation, relationship with the beneficiary, transfer reason and additional documentation to demonstrate the source of funds.

To place a transaction

• Contractual obligation

To provide compliance information when placing a transaction

• Legal obligation

Non identifiable data

Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than personal data. This non-identifiable data may be used to improve our internal processes or delivery of services, without further notice to you.

We may use aggregate data for a variety of purposes, including but not limited to evaluate and improve the services and analyze traffic to our services.

2. Legitimate interest

When we use customer Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your personal data will only be used as permitted by relevant law, or when it will not affect negatively on your rights. We will always provide customers with access to any legitimate interest assessment upon request. Customers can reach out to us via email, as stated in section 1 above.

3. How long does Euronet keep Personal Data for?

Personal data is used for a variety of purposes and is governed by a variety of rules and regulations. It is kept for as long as it is necessary to provide customers with the services they have requested to comply with applicable legal, accounting, or reporting obligations and to ensure that they can easily access it.

The appropriate retention period for Personal Data is based on legal obligations and the specific necessities of business to provide a better service, and your consent when applicable. For example:

  • Legal and Regulatory Requirements
  • Customer Service (administration of customer relationship, complaint handling, etc.): We may continue to process and store a customer Personal Data if we maintain a business relationship with them.
  • Marketing: We will keep on processing your Personal Data for marketing purposes as long as you haven’t asked us to opt-out, according to section 8 of this privacy notice.
  • Contractual obligation: We will keep Personal Data for the duration of the contractual agreement. Customers can contact our Euronet Group Data Protection Officer to obtain a copy of our Retention Policy, which may vary according to the applicable law, and the specific business necessity depending on the country.

4. Does Euronet share my personal data with third parties?

Euronet Companies

• We may share customer personal data with other Euronet-Group Companies so that we can provide them with any of the services they have requested

• Legitimate interest

Euronet Group

• We may share customer’s personal data with Euronet and Euronet Group affiliates for compliance with group obligations.

• As a result of a sale, acquisition, merger, or reorganization involving Euronet, a company within the Euronet Group, or any of their respective assets, we may transfer customer Personal Data to a third party. In doing so, we will take reasonable steps to ensure that their information is adequately protected.

• Legal obligation

Third party service providers

• We may share personal data with third-party service providers to manage, enable or facilitate certain aspects of the services

• Legal Obligation

• Compliance verification and fraud prevention service providers

• Communications, infrastructure, and fulfillment providers including services and systems to enable the processing of the transaction

• Contractual obligation

• Services (maintenance, security, and support) to maintain the required level of performance

• Data Analysis for marketing, operational improvement and enhancement of our compliance and antifraud systems

• Legitimate interest

• Legal obligation

• To promote our services

• Consent

• To personalize the placed advertisement in digital services and adapt to consumer preferences

Legal and regulatory

• We may need to disclose your personal data to the authorities when required to do so. We may also disclose Personal Data to the authorities when disclosure is necessary to identify, contact, or bring legal action against someone who may be causing injury or interfering with the rights or property of Ria, the service, or to any of our customers.

• Legal obligation

5. Does Euronet save correspondence that the customer sends?

Yes. We may keep any correspondence customers send us, including e-mails and faxes, together with any records of their account. We may also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers. These records will be kept in accordance with our Retention Policy.

6. Data Security

We are committed to protecting customer Personal Data and have put in place safeguards to prevent any loss, abuse, and alteration of the information you have entrusted us. At Euronet, we will always strive to ensure your Personal Data is well protected. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal information.

To safeguard our systems from illegal access we use secure, sophisticated, and cutting-edge physical and organizational security measures. which are continually enhanced to ensure the highest level of security. All personal data is kept in a secure location protected by firewalls and other sophisticated security mechanisms, with limited administrative access.

All our personnel who have access (or are linked to), to the processing of your personal data is contractually bound to keep customer data private and adhere to the privacy rules we have implemented in our organization.

While we aim to achieve the highest standard of data protection by adopting industry-standard measures to protect your privacy, no security system is completely flawless or impenetrable. As a result, we cannot (and do not) guarantee that personal data is completely secure.

7. Profiling and automated decisions-making

With expressly authorized approval, we provide you with tailored information and advice regarding our products and our service. We undertake data analysis using third parties, in order to target appropriate communications and advertisements to you, including invitations to exclusive client events that we think you may be interested in as well as recommending products and services that we think might be suitable for you.

We may in some cases use automated decision-making and profiling, if it is authorized by legislation, and necessary for the performance of a contract. For example, the automated authorization for remittance services. The legal basis to proceed with the profiling and the automated decision-making is legitimate interest.

8. Marketing and Advertising

Third-party advertisers provide advertisements that display on our website, our App, or elsewhere in our services. Third-party advertisers don't have access to any of the information our customers have given us directly unless you have expressly agreed to share said Personal Data.

The advertising that is delivered may be tailored to our customers if they have given their consent by accepting "Targeting Cookies" through the cookie consent manager or by enabling "Targeting" and "Location" on the App.

If you have provided your consent by accepting Targeting Cookies on the Website or enabled Targeting on the App, we may use third parties to do so (remarketing and Similar Audience features). You can modify your cookies settings here.

To understand the privacy policy of the third parties, you should visit their website. You can find all the third parties that, if you have agreed to, may use Cookies for targeting in our Cookie Policy. [Link to cookie policy]

If you have given us your express consent we may contact you from time to time (by email, SMS text, letter, or phone as necessary and according to your specific instructions) to provide targeted marketing about our services. You can withdraw your consent at any time by sending an email to dpo@euronetworlwide.com or following the instructions in the marketing email we have sent you.

9. Use of Pixels in Marketing Emails

We may use pixels in our marketing emails to tell us whether, and how many times, our emails are opened and to verify any clicks through to links or advertisements within the email. Uses of this information may include:

  • Learning which of our email’s users found more interesting.
  • Determining users’ activity and engagement with our products and services.
  • Informing our advertisers (in aggregate) how many users have clicked on the adverts.
  • Which region our audience is located in.

10. What are my rights?

Customers may seek to access, update, modify or erase their Personal Data. Depending on your country, you might have different rights, however, regardless your country you, may exercise at any time the following:

  • Request access to any Personal Data (“Subject Access Request”). While exercising your access right, you can ask us about all the Personal Data we hold bout you, the processing activities we carry on with your Personal Data, the recipients of your Personal Data, the different categories of Personal Data, how long we process your Personal Data, and the existence of any automated decision regarding your Personal Data.
  • Request correction of any inaccurate Personal Data we might hold about you. If you have changed your email address, or you see there is a misspelling error on any of your Personal Data, you can exercise your right of modification.
  • Request to delete any Personal Data we hold about you. If you no longer want to receive any news from us, or you do not want to keep using any of our services, you can ask us to delete any Personal Data we hold about you. Please note, we might hold on to your Personal Data to fulfill any of our legal obligations. However, your Personal Data will not be used for any other purposes.

Customers also have the right to file a complaint with a competent data protection Authority or the courts if you feel we have failed to comply with our duties under this Privacy Notice or the applicable law. We encourage customers to notify us of any complaints that they may have, even if it is not required, and we will respond in accordance with our Complaints Procedure.

We will respond to you request as soon as possible and always within the timeframe stated in the applicable law.

For applicable rights, and to determine the exact amount of time we must respond to your request, please refer to the specific residents section below.

To exercise any of your rights, you must send an email to dpo@euronetworlwide.com. To help protect your privacy and maintain security we will take steps to verify your identity and/or may ask you to provide other details before granting you access or modifying any Personal Data. Unfortunately, if we don’t a have a copy of your ID or any legal valid document that prove your identity, we will not be able to answer your request.

11. Privacy complaints procedure

Customers have the right to file a complaint with a data protection Authority or the courts if they believe we have failed to comply with our obligations under this Privacy Notice or the applicable law:

Euronet reserves the right to amend this Privacy Notice at any time and will place notice of such amendments on Euronet’s website or via any other mode Euronet views suitable.

12. Notice to California residents

Customers who live in California may have additional rights about our use of your Personal Data under California law. Visit the CCPA Privacy Notice.

California consumers have the right to request access to the Personal Data we have collected about them in the last 12 months. You may make this request up to two times in a 12-month period.

You may also request additional details about our practices including the categories of personal data we have collected about you, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share and sell your Personal Data, the categories of Personal Data we have disclosed about you in the preceding 12 months, and the categories of third parties to whom we sold Personal Data in the preceding 12 months.

If you are a California consumer, you also have the right to request deletion of your Personal Data (subject to certain exceptions), to opt-out of sales of personal information and to receive equal service and price and not be discriminated against even if you exercise any of your CCPA rights (unless permitted by applicable law, such as if the differences are reasonably related to your information).

We do not sell your Personal Data to any third party. If required to, we will ask for your specific consent.

From the day we receive your request, we will respond you in a maximum time of 45 days.

13. Notice for Argentinian residents

In accordance with the Law Ley de Protección de Datos Personales 25.326, you have the right to Access, Rectification, Update and Erasure. To exercise your Rights or your right to revoke or to make any doubt or complaint regarding the processing of your Personal Data you can contact us at dpo@euronetworlwide.com following the instruction set in section 11.

You are hereby informed that there are options available for you to limit the way we use or disclose your personal information for specific treatment.

From the day we receive your request, we will respond you within a maximum time of 5 days.

14. Notice to Mexican residents

In accordance with the Law, you have the rights of Access, Rectification, Cancellation and Opposition to the Treatment (the "ARCO Rights"); likewise, with the right to revoke at any time the consent granted for the processing of your Personal Data to the extent that the Law allows it. To exercise your ARCO Rights or your right to revoke or to make any doubt or complaint regarding the processing of your Personal Data you can contact us at dpo@euronetworlwide.com following the instruction set in section 11.

You are hereby informed that there are options available for you to limit the way we use or disclose your personal information for specific treatment.

From the day we receive your request, we will respond you within a maximum time of 20 days.

In addition and when necessary, in order to comply with article 4 Bis de las Disposiciones de carácter general a que se refiere el artículo 95 bis de la Ley General de Organizaciones y Actividades Auxiliares del Crédito aplicables a los transmisores de dinero a que se refiere el artículo 81.A bis del mismo ordenamiento, we are legally bounded to obtain you localization, video and voice records in order to proceed with remote customer identification. We may also ask for additional personal data in the specific form, as long as they are necessary to fulfill our legal obligation according to the above-mentioned law. The legal basis for the processing of such personal data will your consent.

15. Notice to Chilean residents

In accordance with the Law, you have the rights of Access, Rectification, Cancellation and Opposition to the Treatment (the "ARCO Rights"); likewise, with the right to revoke at any time the consent granted for the processing of your Personal Data to the extent that the Law allows it. To exercise your ARCO Rights or your right to revoke or to make any doubt or complaint regarding the processing of your Personal Data you can contact us at dpo@euronetworlwide.com following the instruction set in section 11.

You are hereby informed that there are options available for you to limit the way we use or disclose your personal information for specific treatment.

From the day we receive your request, we will respond you within a maximum time of 2 days.

16. Notice to European (EEA) residents

In accordance with the General data protection Regulation (GDPR), all resident of the Economic European Area (EEA) may exercise the following rights:

  • The Right to Information
  • The Right of Access
  • The Right to Rectification
  • The Right to Erasure
  • The Right to Restriction of Processing
  • The Right to Data Portability
  • The Right to Object
  • The Right to Avoid Automated Decision-Making

To exercise any of the rights listed above, you shall comply with the obligations set in section 11 of this Privacy Notice.

From the day we receive your request, we will respond to you within a maximum time of 30 days.

17. Notice to Malaysian residents

In accordance with the Personal Data Protection Act 2010, customers may provide us with their Personal Data for any of the purposes establish in section 2 of this Privacy Notice. If we were to process your Personal Data for any additional purpose we will previously inform you or ask for your express consent.

At any time, you may exercise the rights set in section 10. You may also withdraw your consent unless the processing activity is necessary to fulfil any legal obligation or to provide you with any of our services. You may also object to processing if you consider such processing activity may cause any damage or distress to yourself.

From the day we receive your request, we will respond to you within in a maximum time of 21 days.

In accordance with the terms of the PDPA, Euronet has the right to charge a fee for the processing of any data access request

18. Notice to New Zealand residents

To all resident in New Zealand, the rights you may exercise regarding the processing of your Personal Data, are the rights listed in section 11. Please note that for the exercise of any of your rights, you need to follow the instruction set in the above mentioned section 11.

From the day we receive your request, we will respond you in a maximum time of 20 days.

19. Notice to Australian residents

To all residents in Australia, the rights you may exercise regarding the processing of your Personal Data, are the rights listed in section 11. Please note that for the exercise of any of your rights, you need to follow the instruction set in the above mentioned section 11.

You can also ask us to explain our data policies and practices according to the applicable law.

From the day we receive your request, we will respond to you within a maximum time of 30 days

20. Notice to Indian residents

To all residents in India, the rights you may exercise regarding the processing of your Personal Data, are the rights listed in section 11. Please note that for the exercise of any of your rights, you need to follow the instruction set in the above mentioned section 11.

In addition, you may exercise your right to data portability and the right to not be subjected to automated decision-making producing legal effects such as profiling, if such profiling is not necessary to provide you with any of our Services.

From the day we receive your request, we will respond to you within a maximum time of 30 days.

21. Our companies by service

The controller is Euronet represented by the companies below, depending on country and service:

Money Transfer

Country

Company to contact

(controller)

Contact details

UK

Euronet Payment Services Ltd.

Part 7th Floor, North Block, 55 Baker Street, London, United Kingdom, W1U 7EU

Europe

(Digital and mobile)

Ria Lithuania UAB

Upes g.22, Vilnius LT.08120

Europe Agents

Ria Payment Institution EP SAU

Calle Cantabria 2, Planta 2 Alcobendas 28120 Madrid España

Switzerland

Ria Financial Services GmbH

Place de Cornavin 14 – 16, Geneva - 1201

USA

Continental Exchange Solutions, Inc.

6565 Knott Ave, Buena Park, CA 90620, USA

Puerto Rico

Ria Financial Services Puerto Rico, Inc.

c/o Fast Solutions, LLC, Citi Tower 252 Ponce de Leon Avenue, Floor 20 SAN JUAN, PR 00918

Canada

Ria Telecommunications of Canada Inc

1000, rue De La Gauchetière O (#2500)
Montréal (Québec) H3B 0A2

Mexico

Ria Mexico Payment Solutions, S. de R.L. de C.V.

Av. Insurgentes Sur, 686-B Despacho 1003, Colonia del Valle, Alcaldía Benito Juárez, C.P. 03100, Ciudad de México, México

Chile

Ria Chile Servicios Financieros SPA

Región Metropolitana de Santiago, Santiago, Catedral 1401

Argentina

EURONET PAYMENT SERVICES LIMITED
Sucursal de sociedad extranjera

República Argentina: Santa Fe 1752, 1° piso, departamento A, Ciudad Autónoma de Buenos Aires.

Malaysia

IME M SDN BHD

Unit 38-02, Level 38, Q Sentral 2A, Jalan Stesen Sentral 2, 50470, Kuala Lumpur

Singapore

Ria Financial Services Singapore PTE. LTD.

152, Beach Road, #19-01/02, Gateway East, Singapore 189721

Philippines

Ria Money Transfer, INC.

27th Floor, Unit E Tower One & Exchange Plaza Ayala Triangle, Ayala Avenue, Makati City

Ria Stores and Currency Exchange Services.

Country

Company to contact

(controller)

Contact details

Italy

Ria Italia S.r.l. unipersonale

Via Francesco Benaglia, n. 13 – Roma, 00153

Switzerland

Ria Financial Services GmbH

Place de Cornavin 14 – 16, Geneva - 1201 *** The registered company address is Langstrasse 192, 8005 Zürich

France

Ria France S.A.S

1 Rue du 19 Mars 1962, 92230 Gennevilliers, France

Belgium

Ria Envia Belgium SPRL

Rue Joseph II, 36-38 - 1000 Bruxelles

Germany

Ria Deutschland GmbH

Friedrichstr. 200 10117 Berlin

Sweden

Ria Financial Services Sweden AB

Armégatan 40, 5 tr 171 71 Solna

Norway

Ria Financial Services Norway AS

Skippergata 33, 0186 Oslo

Denmark

Ria Financial Services Denmark ApS

Nørre Voldgade 21, 1358 København K

You can always submit a request to our Data Protection Officer, by sending an email to the following address: dpo@euronetworlwide.com.