Customer Privacy Notice
This Privacy notice (“notice”) explains the types of personal data we collect and how we use and share it. It also tells you about your rights and the choices you can make about how we process your personal data.
SAVO offers card, money transfer services, a SAVO account and, in some regions, Assets services (our “services”).
This notice applies to all services provided by the SAVO group of companies to our customers globally.
1. Data controller
In this notice, “we”, “our” or “us” refers to the SAVO group company providing you with a product or service and responsible for the handling of your personal data (known as the “data controller”). When you are acting on behalf of a business (e.g. you are a founder of a company, or administering a SAVO account), we refer to you as a “Representative”
2. Data we collect about you
For individuals:
Personal data, or personal information, means any information about an identified or identifiable individual. It can include data that you provide to us (such as your name, address or contact details) and data that we collect about you during your interaction with our services (such as device information, IP address, etc.).
For business client:
Data protection laws primarily apply to individuals. While these laws generally do not extend to legal entities themselves (such as limited liability companies), they do apply to the individuals associated with those entities.
When providing SAVO Business account, we process personal data related to individuals authorized to set up and manage the account, the Representatives and this notice describes that processing.
Personal data, or personal information, means any information about an identified or identifiable individual. It can include data that you provide to us (such as your name, address or contact details) and data that we collect about you during your interaction with our services (such as device information, IP address, etc.). It does not include anonymous data, which cannot be linked back to an individual.
2.1. Information you provide us
Information we hold about you will often be information you provided to us directly. For example, when you sign up for a SAVO service or take part in online discussions or promotions, you provide certain data that’s necessary to your experience. This includes:
Contact details: your name, email address, postal address, and phone number;
Personal details: date of birth, passport number, tax residency, tax reference number, proof of address, and proof of residency;
Shareholder and Director details: information related to shareholders, including beneficial owners, and directors, which may include a copy of their personal details.
Financial information: your bank account number, credit or debit card numbers, and financial history;
Your image in photo or video form: We will also collect facial scan data extracted from your photo or video (known as ’biometric data’).
The content of your communications with us: emails, telephone call recordings and online chat messages;
Information about your personal circumstances: information that could make you susceptible to harm or in need of extra care to meet our regulatory obligations to support vulnerable customers;
Source of Funds: information regarding the source of funds or source of wealth, which may include a copy of your bank account statements.
If you fail to provide any information which we tell you is needed to meet legal requirements, it might affect our ability to provide our services to you.
You can ensure that your contact details are current, complete and accurate by logging into your account and updating them at any time in account settings.
2.2. Information we collect about you from your use of our services:
This includes:
Transaction data: details of the transactions you carry out when using our services (for example, payments into and out of your account including beneficiary details and the geographic location from which the transaction originates);
Information about your devices: details of the internet protocol (IP) address used to connect your device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the type of device you use, whether your device uses a virtual private network (VPN), mobile network information, your mobile operating system, and the type of mobile browser you use;
Information about how you are using our Websites or App: details of the products you viewed or searched for, page interaction information, and, if you’ve installed the app, installed applications on your mobile device that have remote access permissions;
Behavioural biometrics: details of the way you login and interact with our website or app such as typing cadence, keystroke, touch and mouse behavior to support the detection of fraudulent and suspicious attempts to access to your SAVO Account;
Information stored on your device: including your contact list if you give us access to your phone book.
2.3. Information we receive from other sources
This includes:
Information from financial institutions: we may receive personal information from other banks and financial institutions. For example, when you ask us to, we may collect information about bank accounts that you choose to connect to your SAVO account (for example when you’re setting up a payment method such as SWIFT, or a direct debit method such as ACH in the US);
Information from connected persons: if youa re a “connected person” for a SAVO customer, then that SAVO customer may provide your personal data to us. For instance, if you’re a payment beneficiary, data could include name, account details, email, and additional verification information if necessary for fulfilling our legal obligations or requested by the recipient bank;
Advertising networks, analytics providers, and search information providers: may provide us with information about you, including confirmation of how you found our website;
Information from fraud prevention agencies and government or private databases: In some jurisdictions, we may check the information you have provided to us with government or private identity record databases, fraud prevention agencies, other private entities, or with credit reference agencies to confirm your identity and to combat fraud.
Information from publicly available sources: We may collect information from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, and KYC purposes.
2.4. Children’s data
Our services are designed for adults and are not directed toward children (definition of children means age below 18). If we discover we have inadvertently collected data from a child, we will take immediate steps to delete that information.
3. Ways we use your information
3.1. Legal basis: We will only use your personal data when the law allows us to. In most cases, our legal basis will be one of the following:
Contract necessity: where processing personal data is necessary to carry out or enter into our agreement with you (for example, if the processing is needed to make and receive payments);
Legal obligation: where we have a legal obligation to process your personal data to comply with laws and regulations (such as collecting identification documents to comply with anti-money laundering laws);
Legitimate interests: where we have a legitimate reason to process your personal data that is reasonable when balanced against your rights and interests (for example, to understand how our services are used and to improve them);
Consent: where you ahve fiven us your consent to process your data;
Substantial public interest: where we process sensitive or special category data (revealing or relating to someone’s health, ethnicity, political views, religious beliefs, sexual orientation, or other protected characteristics) and that processing is in the substantial public interest (for example, to support vulnerable customers).
3.2. Purposes for which we will use your personal data: the ways we plan to use your personal data, along with the corresponding legal bases, are described below.
| What we use your data for | Legal basis for doing so |
|---|---|
| To determine if you are eligible to use our services We carry our checks to verify your identity during onboarding in order to comply with Know Your Customer “KYC” obligations under anti-money laundering laws. As part of our KYC processes, we extract face scan information (known as “biometric data”) from a selfie or video that you provide to compare with the picture of you on identity documents | Legal obligations Consent |
| To provide our products and services to you We will process personal data as necessary to: Provide you with the money transfer and SAVO account services you’ve requested; where available, to provide you with our Assets product if you chose to use it. | Contract necessity Legal obligation |
| Provide you with customer support services, and to monitor or record any communications between you and us, including phone calls, for training and quality purposes; | It is our legitimate interests to monitor service quality |
| Provide features which make it easier for you to find, be found, and connect with other SAVO customers. See section 4 for more details. | It is our legitimate interests to help SAVO customers find each other and transfer money easily. See section 4 for more details. |
| To ensure account safety, including protecting you from fraud We process personal data: To prevent, detect, or protect against actual or suspected fraud, unauthorised transactions, claims, liability, and financial or other crimes. In some cases this may include collecting biometric data. For example, if you change the phone number linked to your account or to recover access to your account. To keep our anti-fraud measures effective, we can’t always share all the details about how we precent fraud; As part of our efforts to keep our services safe and secure. | Legal obligation Contract necessity Legitimate interests to detect, prevent, and investigate fraud, money laundering and other crimes to protect our business and our customers. |
| Compliance with legal and regulatory obligations protecting our business and enforcing our rights We may process your personal data: To comply with legal and/or regulatory requirements, including to respond to requests from public and government authorities, possibly outside your country of residence, upon demonstration of lawful authority; If you use our Assets product, to comply with our obligations to determine your tax status and compliance with associated tax regulations; To prevent, detect, or protect against actual or suspected fraud, unauthorised transactions, claims, liability, and financial or other crimes, including conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so; To take steps to recover amounts owed to us, including via insurance claims, and to allow us to recover or limit damages that we may sustain; To allow a third party or a financial institution that incorrectly sent money to recover money received by you in error or due to fraud; To verify information you provide to us, and to enforce our User Agreement with you; To investigate, manage, and resolve complaints; To prevent and manage incidents of abusive or aggressive behaviour towards our employees. | Legal obligations It is in our legitimate interests to protect our business, customers, and employees from harm |
| Marketing and analytics To personalise the marketing messages you receive about products and services we offer so they are more relevant and interesting; To measure or understand the effectiveness of our advertising and to deliver relevant advertising to you; To provide you with information about other similar products and services we offer which we feel may interest you. | It is in our legitimate interests to let our customers know about our products and services which may interest them, to personalise marketing communications and to understand the effectiveness of our advertising. |
| Maintaining and improving our services We may process your personal data: To administer our services and for internal operational, planning, audit, troubleshooting, data analysis, testing, research, statistical, and survey purposes; To undertake system or product development, including helping third party suppliers improve the services they provide to us; To improve our services and to ensure that they are presented in the most effective manner. | It is in our legitimate interests to maintain, develop and improve our services. |
4. How we share your personal data
We may share your personal data with the following third parties:
4.1. Other SAVO companies may assist in providing our services to you, improving our operations, and supporting business functions such as customer support, technology, marketing, fraud prevention and compliance.
4.2. Service providers acting on our behalf and other partners. We may share your data with trusted third-party service providers and partners, such as:
Banks and other financial institutions we work with to provide you our services. These third parties act as independent, separate data controllers who determine why and how they will process your data;
4.3. Beneficiaries: that receive limited information when you initiate a payment transaction;
4.4. Regulators, law enforcement agencies, and public authorities, including judicial and administrative courts, if we are under a duty to disclose or share your personal data in response to a subpoena, warrant, court order, properly constituted police request or as otherwise required by law, or in order to enforce to apply our User Agreement and other applicable agreements, or to protect the rights, property, or safety of SAVO, our customers, our employees, or others;
4.5. Third parties or a financial institution to recover debit or in relation to your insolvency or to allow them to recover money received by you in error or due to fraud;
4.6. Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be trasnferred to the relevant parties involved in the transaction, subject to confidentiality agreements and applicable data protection law;
4.7. Other SAVO Customers:
As a SAVO customer, you will be provided with a unique ID number. Other SAVO users can search for you in the app using your ID number to send or request money.
Our discoverability features also allow other SAVO customers to find you using your name, SAVO tag, nick name you set while onboard, email or phone number linked to your SAVO account without the need for bank details. You can change them anytime in the app.
5. International data transfers
5.1. As a global provider of money transfer services and multi-currency accounts it is sometimes necessary to transfer your personal data to countries other than your country of residence or to use services supported by out staff (including those of outsourced partners) in other jurisdictions.
5.2. When transferring personal data to other countries we take measures to comply with data protection laws applicable to those transfers. In particular where a transfer is to a country with data protection regulations that do not offer an equivalent level of data protection to your country, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice.
5.3. When a data transfer mechanism is mandated by applicable law we:
(i) Transfer to countries or recipients that are recognised as having an adequate level of protection for Personal Data under applicable law;
(ii) Employ other lawful methods available to us under applicable law.
6. Profiling and automated decision making
6.1. We may use some elements of your data, such as your country of residence and transaction history, to customise our services and the information we provide to you, and to address your needs. For example, if you frequently send funds from one particular currency to another, we may use this data to inform you of new product updates or features that may be useful for you. If you do not want us to process your personal data to personalise electronic marketing communications, you can opt out of receiving electronic marketing communications at any time.
6.2. We use automated processes to check that your application to access SAVO services and your use of SAVO services meet our required standard, including verifying your identity, and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to log into your SAVO account, or to close your account. If this happens, you will be notified and offered the opportunity to request further information about how the decision was reached and request a manual review. In any case, if you feel that an automated process may have impacted you, please contact SAVO customer support through the in-app portal.
6.3. If we, or other third parties providing fraud prevention services determine that a fraud or money laundering risk is posed, we may refuse to provide the services requested or we may stop providing existing products and services to you. A record of any fraud or money laundering risk will be retained by SAVO or these other third parties, and may result in others refusing to provide services, financing or employment to you.
7. Cookies
7.1. Our website and app use small files known as cookies, along with similar technologies like pixel tags and web beacons. These help us distinguish you from other users, see how you use our site and products while providing you with the best experience. They also enable us to improve our services and make sure that the ads you see online are more relevant to you and your interests.
7.2. We also use pixels or web beacons in some of our emails to help us understand whether our email was delivered and opened, and whether links within the email were clicked. We use this information to measure the performance of our email campaigns, and to help us improve our future email communications.
8. Data retention
8.1. We will retain your personal data only for as long as is necessary to fulfill the purposes for which we collected it. As a regulated financial institution, SAVO is required by law to store some of your personal and transactional data beyond the closure of your account with us. Typically we are required to retain that personal data for between five to seven years following account closure, depending on applicable laws.
8.2. We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate. We do this automatically, so you don’t need to contact us to ask us to delete your data. Deletion methods include shredding, destruction and secure disposal of hardware and hard-copy records, and deletion or over-writing of digital data.
9. How we protect your personal information
9.1. We take the safeguarding of your information very seriously. The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data during transmission. Any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to ensure it stays secure, including:
9.2. We continuously educate and train our employees about the importance of confidentiality and privacy of customers’ personal information. We maintain physical, technical and organisational safeguards that comply with applicable laws and regulations to protect your personal information from unauthorised access.
10. Your rights
You may have certain rights in relation to the processing of your personal data. Whether or not your local law requires it, SAVO will always respond to requests for information about personal data processing, requests for a copy of the personal data we hold about a customer, requests to delete personal data and requests to opt out from receiving direct marketing communications.
11. Changes to our Privacy Notice
To keep up with changing legislation, best practice, and changes in how we process personal information, we may revise this notice at any time. In the case of significant or material changes to this notice, you may always check the notice on any updates.