Legal Documents
Privacy Notice
27 February 2025
Introduction
Ensuring processing your personal data in a safe and fair manner is a cornerstone principle of Bilderlings Pay Limited.
This privacy notice displays how we, as a Data Controller, process your personal data. To be precise, the notice is designed to provide information on what personal data we collect and for what purposes as well as to outline your rights concerning your personal data.
Within this notice, Bilderlings Pay Limited (company number: 09908958; 13 Regent Street, London, England, SW1Y 4LR) and its affiliates may be referred to as โBilderlingsโ, โweโ, โusโ, โourโ.
Definitions
Data Controller is an entity (e.g. a person, organisation, agency), which alone or jointly with others, determines the purposes and means of processing personal data.
Data Processor is an entity (e.g. a person, organisation, service provider) which processes personal data on behalf of Bilderlings.
Client or you is any natural person who has used, uses or has expressed an intent to use our services.
Data Subject is any identifiable individual whose personal data is being collected, stored, or processed by an organisation or entity which is a Data Controller.
Applicable Laws includes Data Protection Act 2018 and the UK GDPR (United Kingdom General Data Protection Regulation โ text with EEA relevance).
EU/EEA is the European Union/European Economic Area.
Personal Data is any type of information that could directly or indirectly define a living individual.
Processing is any manipulation (e.g. collecting, storing, modifying, erasing, etc.) with personal data disregarding whether or not executed by automated means.
Services means a wide range of financial products and services provided by Bilderlings to an individual.
General Provisions
Bilderlings ensures the confidentiality of personal data in compliance with the Applicable Laws by having adopted sustainable technical and organisational tools that are designed to establish a high standard of safeguarding personal data against unauthorised access, accidental loss or destruction, unlawful disclosure or processing.
Furthermore, in cases where Bilderlings uses services of Data Processors, we undertake all necessary measures to ensure that Data Processors act in the confines of our written instructions as well as comply with standards laid out by the Applicable Laws and follow required security measures.
We may collect your personal data and this Privacy Notice applies when you:
โข use, have used or have expressed an intention or interest to use our services;
โข visit our website;
โข are indirectly related to our services;
โข act on behalf of/represent a Client (either a natural person or legal entity) or any other – third party which entered into business relationship with Bilderlings;
โข are directly linked to a corporate Client;
โข have provided your personal data as a matter of reasons not listed above.
Our registration number with the Information Commissionerโs Office UK (ICO) is ZA187012. Our registered office is 13 Regent Street, London, United Kingdom, SW1Y 4LR. Company No. 09908958.
Processing of Personal Data
We collect your personal data in order to provide services to you or those you represent. Personal data could be collected directly or indirectly when you either enter or express an intent to enter into a legal relationship with us and, therefore, use our services. Subsequently, your personal data could be collected from other external sources (e.g. private or public databases). Personal data could also be collected by recording calls, images or saving any other type of correspondence maintained with the Client throughout the course of business relations.
Personal data is being collected when you:
โข register to use Bilderlings app;
โข correspond with us;
โข complete our forms;
โข apply for opening/open an account at Bilderlings or use any of our services;
โข use our services;
โข communicate with a member of our social media or customer support either by phone or online chat;
โข contact us for other reasons.
Categories of personal data that may be collected:
Identification data such as name, surname, date of birth, personal identification number, photo in submitted personal identification document, and other personal identification documents provided.
Contact information data such as your email address, phone number, country of residence.
Demographic data such as location, citizenship and other demographic information.
Biographical data such as current professional or work activity, education, professional certificates, information concerning other people (such as joint account holder, your spouse or family member, and other family related data), whether or not the Client is a Politically Exposed Person (PEP).
Financial data such as source of funds, data about transactions, financial liabilities, debts and other information, financial experience in investment/trading in financial instruments, ownership of financial assets and other property; details of your bank account, including the card number, expiration date and Card Verification Code (CVC). We may collect data from third parties (e.g. credit or financial institutions, databases, fraud prevention agencies, partners etc.) in order to verify and check your identity and obtain necessary information with regard to your transactions.
Location and system data (whenever you use our website or Bilderlings app) such as technical information about your internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone settings, operating system and platform, the type of device you use, unique device identifier your mobile operating system and the type of mobile browser you use; information about your visit, including the links you have clicked on, through and from our website or the app (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages.
Data concerning reliability and due diligence such as payment history and behaviour, other data that is critical for execution due diligence measures concerning prevention of money laundering and terrorist financing, compliance with international sanctions, determining the account opening purpose, and data with regard to the clientโs business partners and business activities.
Data deriving from usage of Bilderlings services such as what kind of services you use in Bilderlings; your assets stored at Bilderlings account/s; your obligations to Bilderlings; your account and card number issued by Bilderlings; correspondence with Bilderlings; internet banking system data; data that is reflected in your concluded contract/s with Bilderlings; information on transactions and your use of Bilderlings products (e.g. incoming/outgoing payments on Bilderlings account), including date and time, amount, currency, exchange rate, beneficiary details, details of a merchant, receiverโs name and registration information, messages sent or received or any other communications between you and Bilderlings, details of device used to arrange the payment and the payment method. If you provide us personal data of another person (e.g. joint account holder, your spouse or family member), or you ask us to share their personal data with third parties, you confirm that you have brought this notice to their attention beforehand.
Video and audio data such as records of phone calls or other Internet based remote communication means chosen by you or us to interact.
Other data could be publicly available information about you from selected social media websites, online registers, directories, or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (e.g. to fulfil requirements of anti-money laundering or sanctions screening obligations and KYC purposes).
Special category data is biometrical data (e.g. physical or behavioural features) deriving from a specific technical processing executed within the confines of a remote identification in order to confirm the identity of a person. Bilderlings could also process special category personal data upon the necessity to exercise a legal claim.
Our services use cookies that are considered to be personal data when used in order to distinguish you from other users. This helps us to provide you with a valuable experience of our services as well as to allow us to improve our services.
Sources of personal data collection:
Directly from you:
โข Online forms on the website or mobile applications;
โข Communication via email, phone, or in-person interactions;
โข Submission of ID documents for compliance purposes.
From third parties:
โข Payment service providers, payment systems, payment service initiators, including financial institutions with which Bilderlings may or may bot have direct contractual relations;
โข Data obtained through AML/KYC and risk management service providers;
โข Information shared by authorised business partners or contractors.
Automatically:
โข Cookies and tracking technologies on our website (subject to the Cookies Policy);
โข IP addresses, device information, and geolocation data during interactions with Bilderlings’ digital platforms.
Legal basis for processing
Concluding and keeping our contracts and agreements with you (contractual necessity) – we need to collect your personal data in order to be able to provide you with our services to a full extent. Please note that you could refuse or withdraw your consent for data processing where we have asked you to provide one. In circumstances, where you are not willing to consent or have withdrawn your consent, we will provide you with an alternative.
Legal obligation – upon particular circumstances we are bound by the Applicable Laws to collect, store and retain your personal information (e.g. check and verify Clientโs identity, detect, prevent and report money laundering, terrorism financing, proliferation financing, breaching/avoiding sanctions regime; investigate suspicious transactions, detect market abuse, manage incidents and other conditions).
Consent – your freely given consent to your personal data processing in circumstances where we have asked you to provide one. Consent can always be managed and withdrawn.
Legitimate interest – in some cases Bilderlings processes your personal data based on the legitimate interest as legal ground for processing. It includes constantly examining, developing and improving our services to strengthen Clientโs satisfaction and loyalty; advertising of Bilderlings services (e.g. advertising our services of a general nature and is not personalised based on the profiling of your personal data).
Upon the necessity, your personal data could also be processed in order to fulfil legal obligations outlined within the UK GDPR Article 6 (d), (e) (to protect the vital interests of you or another person or for the performance of a task carried out in the public interest)
Personal data sharing
We do not disclose your personal data to the public and treat it confidentially. However, we sometimes need to disclose your personal data to third parties:
We may disclose your personal data to third parties:
โข due to any legal obligation
โข to protect the rights, property, or safety of Bilderlings, our customers, or others; This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
โข to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
โข to develop customer relationships, services and systems;
โข to our suppliers assisting us in the provision of our service who need to know your personal data (e.g. card manufacturing, personalisation and delivery undertakings, to create and deliver your personalised credit card; to our banking and financial services partners and payment networks, such as Mastercard; to analytics providers and search information providers in order to help us in improving our website or app; to communications services providers for the purpose to distribute commercial offers and marketing materials and proving multi-factor authorisation and signature; to professional advisors and partners providing AML KYC and risk management systems, for maintaining compliance with the law and the regulatory requirements; and to suppliers who provide us IT, outsource and other services in order to help us to provide the services to you).
The list of third parties and disclosure purposes may vary from time to time.
Geography of personal data processing
In general, your personal data is processed within the United Kingdom and EU/EEA, however, there might occur circumstances where your personal data could be transmitted and processed outside the aforementioned boundaries. To be precise, your personal data might be transferred and processed outside the UK/EU/EEA in situations where it is necessary for the conclusion of the contract or execution of contractual obligations. For instance, this may occur when a payment is carried out to a third party or through a third party partner (correspondent). Subsequently, if a Client engages in commercial activity using an online platform as a registered user, the payment service providers of registered users may be subject to specific customer information requirements that necessitate the transfer of personal data. Furthermore, data transfers may occur when the Client has given their consent. Nevertheless, in all cases, we ensure the appropriate technical and organisational measures are implemented. Such measures are designed to safeguard the security and confidentiality of personal data regardless of the location. Should be underscored that when personal data is transmitted outside the UK/EU/EEA, we adhere to relevant data protection laws and regulations, as well as we critically assess and undertake all necessary steps to ensure an adequate level of protection for personal data transmission is adopted.
Profiling and automated decision making
Profiling is a form of automated processing of personal data and could be aimed to evaluate personal aspects of a natural person, and thus propose relevant marketing offers to an individual or it could also be applied in the context of risk assessment and analysis to detect and prevent fraudulent activity (e.g. as part of transaction monitoring process). Subsequently, Bilderlings conduct profiling in order to comply with the applicable legal obligations in the scope of risk management and to ensure the continuous and periodic monitoring of transactions.
Automated decision making is a form of decision making without human involvement. In other words, the decision is solely adopted by technical means. We base our automated decision making based on your provided personal data (e.g. when you apply for account opening at Bilderlings or initiate your transactions). We take measures to safeguard your interests and ensure fair treatment, providing you with the right to request human intervention, express your perspective, and challenge the decision.
Data retention
Your personal data is being retained exclusively for as long as it is necessary to fulfil the purposes it was collected for and to comply with the time confines reflected within the respective legislation (e.g. laws regulating anti-money laundering obligations). In general, the retention period of personal data is six years after our business relationship terminates or in case of a one-off transaction if business relationships were not established. Your personal data will always be deleted once we are no longer obliged to retain it under UK law.
Data Subject rights
Bilderlings is fully committed to ensure that your (as data subject) personal data is processed in a fair and transparent manner along with protection of your personal data protection rights. Your rights derive from the Applicable Laws and are the following:
โข Right of access (Article 15 of the UK GDPR). You have the right access to your personal data that we process about you. Within one month we will provide you with a copy of your personal data being processed. One month could be prolonged if we have a lawful basis to do so. Please note that we will not be able to share personal data about other people, data that is directly/indirectly linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. Also, we cannot disclose any communication we have had with our legal advisors.
โข Right to rectification (Article 16 of the UK GDPR). You are entitled to submit a request to rectify inaccurate or incomplete data Bilderlings processes about you.
โข Right to erasure or the โright to be forgottenโ (Article 17 of the UK GDPR). You have the right to apply for your personal data removal. Such a request could be fulfilled in circumstances when personal data collected is no longer needed for the initial purpose; there are no legal conditions for further processing; or the data has to be removed in compliance with the legal obligation; the processing of your personal data is unlawful; you object to processing for marketing purposes; you withdraw your consent, and thus there is no other overriding legitimate grounds for processing.
โข Right to restriction of processing (Article 18 of the UK GDPR). You have the right to request restriction of further personal data processing in cases where you contest the accuracy of your personal data; processing of your personal data to be unlawful and instead of erasure you request a restriction; you have objected to processing your personal data pursuant to Article 21 (1).
โข Right to data portability (Article 20 of the UK GDPR). You have the right to receive your personal data in a structured, commonly used, and machine readable format, and to have it transferred to another Data Controller, where technically feasible. Technical feasibility will be evaluated on an ad hoc basis. This right is applicable to personal data that Bilderlings processes about you based on your consent, as part of contractual obligations or processes automatically.
โข Right to object (Article 21 of the UK GDPR). You are entitled to object to processing of your personal data based on legitimate interest as legal ground. If you object to direct marketing and profiling to such marketing then your personal data shall no longer be processed for such purposes.
โข Right to withdraw a consent (Article 7 (3) of the UK GDPR). You could withdraw your previously given consent at any time without any impact on the lawfulness of processing before consent withdrawal.
โข You have a right to lodge a complaint with the Commissioner (available at:
https://ico.org.uk/make-a-complaint/data-protection-complaints/), if you consider Bilderlings processing your personal data infringes your rights and interest reflected within the Applicable Laws.
Contact details
In case you have any outstanding questions with regard to the aforementioned notice or any other question concerning the processing of your personal data or your rights, we encourage you to contact us through your personal account, by contacting your manager or via e-mail at [email protected].
We aim to respond to all complaints, including those associated with personal data, within 5 business days of receipt.
Bilderlings Pay Limited
Registered address: 13 Regent Street, London, United Kingdom, SW1Y 4LR
Registration No. 09908958
Phone: +442039368203
E-mail: [email protected]
The Information Commissionerโs Office (ICO):
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
