Privacy Policy - Rapyd Products
Updated: December 2023
Who We Are
The Rapyd group of companies, which includes Rapyd Financial Network (2016) Ltd. ,Rapyd Payments Limited, Neat Limited, Rapyd Holdings Pte Ltd, CashDash UK Limited, and Rapyd Europe hf. (together with certain other Rapyd group companies – “Rapyd”, “we”, “our” or “us”) provides a fintech-as-a-service platform (“Platform”) and operates the world’s largest local payment network. The Platform allows for the integration of local payments methods into digital applications from one single API, the effective performance of cross-jurisdictional transactions, company registration and incorporation, card issuing, consumer credit issuing, and other financial-related services (together with the Platform and Portals, the “Services”).
Our financial services are operated through the Rapyd API and business portals (the “Portals”), available at: at https://dashboard.rapyd.net/, https://api.rapyd.net/, and others.
Application of this Privacy Policy
The Privacy Policy applies to any individual using our Services, and it describes our practices with respect to the collection and processing of Personal Data. For the purpose of this Privacy Policy, “Personal Data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or linked, directly or indirectly, to an individual.
If you are a website visitor, a member of our Rapyd Developer Community, or a participant in our events and challenges, please refer to this privacy policy.
Our local Rapyd entities enable our global operation, and the identity of the Rapyd entity who is your Data Controller, is based on the Client’s location. For more information, please see below:
Client’s Location | Data Controller | Registered Address |
European Economic Area | Rapyd Europe hf. | Dalshraun 3, 220 Hafnarfjörður, Iceland |
Singapore | Rapyd Holdings Pte Ltd. | 7 Teo Hong Road, Singapore 088324 |
Hong Kong | Neat Limited/Neat Asia Limited | 20/F, Spaces, LKF Tower, 33 Wyndham Street, Central, Hong Kong |
UK | Rapyd Payments Limited /
CashDash UK Limited |
Rapyd suite 26, Weston business Centre, Parsonage Road, Takeley, Essex, CM22 6PU, England |
Rest of World | Please contact our DPO for more details. |
We are strongly committed to making our practices regarding our use and processing of your Personal Data transparent and fair, and we respect your privacy as:
- Rapyd’s Clients: Rapyd has two types of Clients:
- Merchants: you are a Merchant if you are an individual or business that collects from, disburses to or otherwise facilitates payments for your End-Users with the use of the Services.
- Platforms: you are a Platform if you integrate Rapyd payments solutions into your own environment in order to facilitate payments for your End-Users or Merchants.
In this Privacy Policy, the term “Clients” refers to Merchants and Platforms, and includes their employees, directors, shareholders and ultimate beneficial owners (whenever applicable).
- End-Users: individuals transacting with or through a Client with the use of the Services, individuals who are issued payment cards by our banking partners or individuals who are provided consumer loans.
- Beneficiaries: individuals who receive payments, such as disbursements from End Users or Clients but are not End Users themselves. In this Privacy Policy, Beneficiaries and End Users are collectively referred to as “Users”.
This Privacy Policy describes our practices regarding:
- Data Collection
- Data Uses
- Data Location and Retention
- Data Sharing
- Cookies and Tracking Technologies
- Communications
- Data Security
- Data Subject Rights
- Automated Decision Making
- Additional Notices
- Additional Terms for California Residents
Please read this Privacy Policy carefully and make sure that you fully understand and agree to it. If you do not agree to this Privacy Policy, please discontinue and avoid using our Services.
You are not legally required to provide us with any Personal Data, but without it we will not be able to provide you with the full range of Services or with the best user experience when using our Services.
1. Data Collection
This section sets the categories of Personal Data we collect. Depending on how you integrated with our Services, we may receive your Personal Data directly from you, from the Client, of from our Service Provider (as defined below):
(i) End-User Data: we collect the following Personal Data relating to End-Users:
- Contact information: such as first and last name, email address, home address, date of birth, phone number, and in some instances a photo and national identity number (such as a social security number).
- Financial Information: such as bank and billing account details, bank statements, payment card information, consumer credit report and credit history.
- Know your Customer (“KYC”) or Know your Business (“KYB”) Information: in certain circumstances, Rapyd may process a copy of an End User’s current ID (such as a national ID or passport), driver’s license, a frontal facial picture, nationality, credit history, tax information and/or a recent utility bill.
- Transaction Information: information regarding the End-User’s transaction through the Services, and additional financial information which may be required to process or support transactions, such as credit card details, debit card details, amount of transaction, and date and time of the transaction.
- Digital Wallet Information: such as digital wallet number and information regarding digital wallet transactions.
- Usage Information: such as connectivity, technical and aggregated usage data and activity logs, log-in and log-out time, IP addresses, device and mobile app data (such as type, OS, device ID, app version, browser version, locale, time-zone and language settings used), session recordings and analytics, and the cookies and pixels installed or utilized on the device.
(ii) Client Data: we collect the following information regarding Clients who are individuals, or information regarding the directors, shareholders and ultimate beneficial owners if the Client is a corporate entity:
- Contact information: such as first and last name, email address, home address, date of birth, phone number and in some instances national identity number (such as a social security number).
- Know your Customer (“KYC”) or Know your Business (“KYB”) Information: in certain circumstances, Rapyd may process a copy of a Client’s current ID (such as a national ID or passport), driver’s license, a frontal facial picture, nationality, credit history, tax information and/or a recent utility bill.
- Account Data: such as company name and position, account login credentials (usernames and hashed passwords), employment status, employer’s name and other relevant employment information, as well as any other data you choose to provide when you use our Services, create a user account or contact us.
- Financial Information: such as bank and billing account details and payment card information.
- Transaction Information: information regarding the Client’s transaction with an End-User such as your digital wallet number and wallet transactions, bank and billing account details, bank statements, payment card information and any additional information which may be required to process transactions.
- Usage Information: such as connectivity, technical and aggregated usage data and activity logs, log-in and log-out time, IP addresses, device and mobile app data (such as type, OS, device ID, app version, browser version, locale, time-zone and language settings used), session recordings and analytics, and the cookies and pixels installed or utilized on the device.
(iii) Beneficiary Data: we collect the following Personal Data about Beneficiaries:
- Contact information: such as first and last name, email address, home address, date of birth, phone number and in some instances national identity number (such as a social security number).
- Financial Information: such as bank account details.
Transaction Information: information regarding the transaction made to the beneficiary through the Services.
2. Data Uses
We use Personal Data as necessary for the performance of our Services and in reliance on the following legal bases:
Purpose | Legal basis for processing |
To facilitate, operate, and provide our Service. |
|
To authenticate the identity of Clients and End Users and to allow them access to our Services. |
|
To provide our Clients and Users with assistance and support. |
|
To evaluate and develop new features, technologies, and improvements to the Service. | Legitimate Interest |
To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. |
|
To contact our Clients with general or personalized messages and communications, as further described under Section 6 below. |
|
To protect against fraud or unauthorized transactions and prevent and monitor fraud across the Services. | Legitimate Interest |
To comply with applicable laws and regulations, including by performing KYC/KYB inquiries and compliance checks, and to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities. | Compliance with a legal obligation |
To comply with rules imposed by payment network rules (e.g. network rules for card schemes) and to enforce our contractual rights. | Legitimate Interest |
To support and enhance our data security measures, including for the purposes of preventing and mitigating malicious or fraudulent activity and security incidents or any illegal or prohibited activity. |
|
If you reside or are using the Services (i) in a territory governed by privacy laws which determine that “consent” is the only or most appropriate legal basis for processing Personal Data (in general, or specifically with respect to the types of Personal Data you choose to share via the Service), your acceptance of our terms and conditions and of this Privacy Policy will be deemed as your consent to the processing of your Personal Data for all purposes detailed in this Privacy Policy. We may also obtain express consent from you separately (e.g. for the purpose of sending direct marketing), in which case we will proceed to process your Personal Data on the basis of such express consent. If you wish to revoke such consent, please contact us by email at [email protected].
Data Location and Retention
Data Location. Given the global nature of our Services, your Personal Data may be maintained, processed and stored by our Service Providers (as defined below) in the United States of America (U.S.), the State of Israel, Singapore, the European Economic Area (“EEA”), Iceland, the UK, Hong Kong, Dubai, and other jurisdictions, as necessary for the proper delivery of our Services, or as may be required by law. For data transfers from the EEA or the UK to countries which are not considered by the European Commission and the UK Secretary of State to be offering an adequate level of data protection, we and the relevant data importers have entered into Standard Contractual Clauses as approved by the European Commission and UK Information Commissioner’s Office (ICO).
Data Retention. We will retain your Personal Data for as long as we deem it as reasonably necessary for the purposes listed above, in order to maintain and expand our relationship and provide you with our Services, in order to comply with our legal and contractual obligations, or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), in accordance with our data retention policy.
Rapyd Subsidiaries: we may share Personal Data internally within Rapyd for the purposes described in this Privacy Policy. Such sharing is made subject to our internal Data Processing Agreements.
Service Providers: we may engage selected third party companies and individuals to perform services complementary to our own, namely – hosting, data analytics, consulting, support, marketing and advertising, data and cyber security, user engagement, instant messaging, company registration and incorporation; as well as our gateways and our business, financial, compliance and legal advisors (collectively, “Service Providers”). These Service Providers may have access to your Personal Data, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.
Sharing Personal Data with a Client: if you interact with our Clients (e.g. send them funds), we may share your Personal Data with such Clients who are involved in your transactions.
Legal Compliance: we may disclose or allow government and law enforcement officials access to your Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that we are legally compelled to do so, or that it is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
Protecting Rights and Safety: we may share your Personal Data with others if we believe in good faith that this will help protect the rights, property or personal safety of Rapyd and its partners, any of our Clients, Users, or any members of the general public.
Mergers and Acquisitions: should Rapyd undergo any change in control or ownership, including by means of merger, acquisition or purchase of all or part of its assets, your Personal Data may be shared with the parties involved in such event.
For the avoidance of doubt, Rapyd may share your Personal Data in additional manners, such as pursuant to your explicit approval, if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may transfer, share or otherwise use non-personal data at our sole discretion and without the need for further approval.
Our Services and some of our Service Providers utilize “cookies”, anonymous identifiers and other tracking technologies which help us provide, secure and improve our Services, personalize your experience and monitor the performance of our activities and campaigns.
A cookie is a small text file that is placed, for example, to collect data about activity on our Site. Some cookies and other similar technologies serve to recall Personal Data, such as an IP address, that was previously indicated by you.
While we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser and recommend the use of cookies for an optimal user experience of our Services, most browsers allow you to control cookies, including whether to accept them or to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. You can read the complete Rapyd Cookie Policy here.
We also use analytics tools such as Google Analytics. These tools help us understand your behavior on our Services, including by tracking page content, and click/touch, movements, scrolls and keystroke activities. Further information about the privacy practices of our google analytics is available at: www.google.com/policies/privacy/partners/.
Further information about your option to opt-out of google analytics services is available at: https://tools.google.com/dlpage/gaoptout.
Please note that if you get a new computer or device, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt-out, so an additional opt-out will be necessary to prevent additional tracking.
6. Marketing Communications
We may contact you with promotional messages (such as newsletters, special offers and sales, new product announcements, inviting you to events, etc.) or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone or email), through the Services, or through our marketing campaigns on any other sites.
If you do not wish to receive such promotional communications, you may notify us at any time by sending an email to [email protected], changing your communications preferences in your account, or by following the “unsubscribe”, “stop”, “opt-out” or “change email preferences” instructions contained in the promotional communications you receive.
Please note that even if you unsubscribe from our marketing-mailing list, we can continue to send you service-related updates and notifications.
7. Data Security
In order to protect your Personal Data, we use industry-standard physical, procedural and electronic security measures. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described in Section 4 above.
8. Data Subject Rights
Depending on the jurisdiction in which you reside, you may have certain rights under relevant applicable laws regarding the collection and processing of your Personal Data. To the extent these rights apply and concern you, you can contact us and ask to exercise the following rights:
8.1. Right of access:
You may have the right to receive confirmation as to whether or not Personal Data concerning you is being processed and access your stored Personal Data.
8.2. Right of data portability:
you have the right to request us to move, copy and transfer your Personal Data easily from one IT environment to another, in a safe and secure way, without affecting its usability.
8.3. Right of rectification:
You have the right to request rectification of your Personal Data in our control in the event that you believe the Personal Data held by Rapyd is inaccurate, incomplete or outdated.
8.4. Right to deletion/erasure:
You have the right to request that Rapyd erase or delete Personal Data held about you at any time.
8.5. Right to restriction or objection to processing:
You have the right to request that Rapyd restrict or cease to conduct certain Personal Data processes at any time.
8.6. Right to withdraw your consent:
To the extent we process Personal Data on the basis of your consent, you have the right to withdraw your given consent at any time.
8.7. Right to limit use and disclosure of your sensitive Personal Data:
You have the right to request to limit the collection of your sensitive Personal Data, to that use which is necessary to perform our Services.
8.8. Right not to be subject to automated decision making:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly effects to you.
8.9. Right to opt-out of the sale or share of Personal Data:
In the event that we sell or share your Personal Data for behavioral advertising purposes, you have the right to submit a request to opt-out of the sale or share of your Personal Data. After you opt-out, we may continue disclosing some Personal Data with our partners to help us perform business-related functions such as, but not limited to, providing the Services, ensuring that the Services is working correctly and securely, providing aggregate statistics and analytics and preventing fraud.
8.10. Right to non-discrimination:
you have the right to be free from any discrimination for exercising your rights, such as offering you different pricing or products, or by providing you with a different level or quality of services, based solely upon your request.
Please note that these rights are not absolute, and may be subject to applicable laws, our own legitimate interests and regulatory requirements or technical readability. Please also note that the rights mentioned above may have different application, title or legal definition depending on your jurisdiction.
If you wish to exercise your rights, you can submit your request via Rapyd Privacy Request Webform or contact us at the following email address: [email protected]. We will consider any requests, complaints or queries and provide you with a reply in a timely manner. We take our obligations seriously and we ask that any concerns are first brought to our attention, so that we can try to resolve them. To the extent you feel unsatisfied with our response to your request to exercise your rights, you may choose to send us a request to appeal our decision. If you are unsatisfied with our response, you can lodge a complaint with the applicable data protection supervisory authority.
Please note that we may require additional information and documents, including certain Personal Data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with Section 2 above. If you use an authorized representative, we may request a copy of the representative’s signed permission to act, verify your identity directly, and ask that you confirm the representative’s authority.
9. Automated Decision Making
According to privacy laws such as the EU & UK GDPR, Automated Decision-Making relates to a decision that has a legal impact on an individual, and that is based solely on automated means, without any meaningful human intervention.
Rapyd is required by laws to carry out KYC/KYB checks on Clients and – in some instances – End-Users when they apply to use the Services and during the performance of our agreement, to act in compliance with applicable laws and regulations and to prevent fraud, money laundering and financing terrorism. We may use third party identification, screening and verification services (including credit reporting agencies) in order to assist us to verify identity and the documents provided.
Rapyd’s verification solution allows Rapyd to carry out these checks. The solution collects Personal Data , analyzes it for authenticity and checks it against publicly available sources or against our Service Providers’ databases (such as company registration information). If everything checks out, the application will be automatically approved by the system. If the system determines that KYC/KYB checks are unsuccessful, it will reject the application and a notice will be delivered to the Client/End-User. If the application is neither fully approved nor fully denied, it will be sent for human review by Rapyd’s expert compliance team, who will make a final determination regarding the application.
For more information about how our verification solution works, please visit this page. If you think that a decision to reject your application was made in error you can contact Rapyd support at [email protected].
10. Additional Notices
Updates and Amendments: we may update and amend this Privacy Policy from time to time by posting an amended version on our websites and Services. The amended version will be effective as of the date it is so published. We will provide a 10-day prior notice if we believe any substantial changes are involved via any of the communication means available to us or via the Services. After such notice period, all amendments shall be deemed accepted by you.
External Links: while our Services may contain links to other websites or services, we are not responsible for their privacy practices, and encourage you to pay attention when you leave our Services for the website or application of such third parties and to read the privacy policies of each and every website or service you visit. This Privacy Policy applies only to our Services.
Our Services are not designed to attract children under the age of majority (as determined under the applicable laws where the individual resides; “Age of Majority”). Our Services are not intended for, and we do not knowingly collect Personal Data from individuals under the Age of Majority and do not wish to do so. If we learn that a person under the Age of Majority is using the Services, we will prohibit and block such use and will make all efforts to promptly delete any Personal Data stored with us with regard to such individuals. If you believe that we might have any such data, please contact us by email at [email protected].
DPO, Questions, Concerns or Complaints: if you have any comments or questions about this Privacy Policy or if you have any concerns regarding your Personal Data, please contact Rapyd’s DPO by email by sending a message to [email protected].
If you reside in the EU, you may contact our EU representative:
Rapyd Europe hf.
Dalshraun 3,
220 Hafnarfjörður,
Iceland
[email protected]
If you reside in the UK, you may contact our UK representative:
Rapyd Payments Limited
Rapyd suite 26
Weston business Centre
Parsonage Road
Takeley
Essex
CM22 6PU.
England
[email protected]
Additional Terms for California Residents
This part of this Privacy Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, “CCPA“).
The categories of Personal Information we process:
In the preceding 12 months, we have collected and disclosed the following categories of Personal Information (as this term is defined under the CCPA):
Category of Personal Information Collected | Personal Information Collected | To whom the data may be disclosed |
A. Identifiers | A real name, online identifier, Internet Protocol address, email address, and account names. |
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, telephone number, address, signature, social security number, passport number, driver’s license or state identification card number, bank account number, credit card number or any other financial information. |
|
D. Commercial Information | Transaction data |
|
F. Internet or other electronic network activity data | Browsing history, search history, and information on interactions with our websites or advertisements. |
|
G. Geolocation data | Approximate location derived from IP address. |
|
H. Sensory data | Photos |
|
Sensitive Personal Information (as defined under the CCPA) | Social security, driver’s license, state identification card or passport number, account log-in, financial account. |
|
Sources of Personal Information:
In the preceding 12 months, we have collected Personal Information from the following categories of sources:
(a) Consumer directly.
(b) Our Clients or End Users.
(c) Our Service Providers.
Sharing and Selling Personal Information
We do not “sell” Personal Information as most people would typically understand that term. However, we share Personal Information with third parties for the purpose of cross-context behavioral advertising, via the cookies we place on your browser when you visit our website. In order to see the full list of cookies we use, including those used for cross-context behavioral advertising and understand how to opt-out of such usage, please visit Rapyd’s Cookie Policy here.
In the preceding 12 months we “sell” or “share” the following categories of Personal Information for a business purpose:
Category (corresponding with the table above) | Category recipient | Purpose of sale of share |
Category A Category F Category G |
Ad-network and advertising partners. | Cross-context behavioral advertising. |
Your rights
You can exercise your rights, as detailed in the Data Subjects Rights section, by submitting a verifiable consumer request to the contact details listed above.
The request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Authorized Agent
You can designate an authorized agent to make a request under the CCPA on your behalf if:
- The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
- You sign a written declaration that you authorize the authorized agent to act on your behalf.
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.