PRIVACY POLICY

September 2024

Smart Transfer Ltd. is involved in the sales, marketing and distribution of prepaid Mastercards in Ireland. The cards are issued and operated by EML Money DAC pursuant to a licence by Mastercard International.

The purpose of this privacy policy is to inform users of our Site and Mobile App of the following:

  • The personal data we collect.
  • How we use the collected data.
  • Who has access to the data collected.
  • The rights of Site and Mobile App users.

Information we receive and collect is strictly related to the service we provide. Information is collected from you when you create an account with us via our Mobile App, complete our ID Verification process or when you order a card off our website. The information we collect is clearly set out on the  page on which we collect it.

This information allows us to provide you with our services and keep you up to date on any changes or additions made to the product/service that may interest or affect you.

  • Data collected automatically: When you visit our website or App we collect your IP address and other information such as domain and host from which you access the internet, the browser and browser version, the operating system and type of device. We do so in order to administer our services and optimise our websites and applications for you.
  • Data collected in a non automatic way: We collect the following data when you create an account with us:
    • First and last name
    • Date of birth
    • Email address
    • Phone number
    • Address

If you complete the ID Verification process we collect your photo image, a copy of your ID and facial scan data extracted from your photo. 

We collect and process personal data about users only when we have a legal basis for doing so under Article 6 of the GDPR.

We rely on the following legal bases to collect and process personal data of users :

  • Provide cardholders with the service.
  • Monitor, analyse and improve the service.
  • Prevent money-laundering, fraud & illegal activities, and prosecute offenders.
  • Provide cardholders with information, reminders, and updates in relation to the service, where consent has been given to do so.
  • Comply with legal obligations such as Anti Money Laundering legislation.

Smart Transfer understands ‘consent’ to mean that it has been explicitly and freely given, characterised by a specific, informed, and unequivocal indication of the cardholder’s desires, expressed through a statement or clear affirmative action, signifying agreement to the processing of personal data pertaining to them.

Additionally, Smart Transfer also understands ‘consent’ to mean that the cardholder has been fully informed of the intended processing and has signified their agreement, while in a fit state of mind to do so and without pressure being exerted upon them. Consent obtained under duress or on the grounds of misleading information will not be a valid basis for processing.

Active consent requires direct communication between the parties; consent cannot be inferred from passive responses. It is imperative for us to demonstrate the acquisition of consent for each processing operation.

In the case of sensitive data, explicit consent from cardholder must be obtained, unless an alternative legitimate basis for processing exists.

Cardholders are given the opportunity to opt out of receiving promotional/marketing messages from us when they create an account on the SWIRL Card App. We use clear, plain language that is easy to understand.

We give separate distinct options to opt out separately to different channels. Cardholders can withdraw their consent at any time:

  • Through their online account.
  • By contacting our helpdesk.
  • By using the “Opt Out” function on the respective channels.

Cardholders must be kept up to date on all information relevant to their card. If a cardholder decides to withdraw their consent, we will continue to send them service-related notifications.

Under the GDPR, you have the following rights:

  • Access to the personal information we have about you.
  • Ask us to correct information, which is inaccurate, incomplete, or out of date.
  • To restrict the processing of your personal data or to object to such processing
  • To erase your personal data unless certain conditions apply including that processing is necessary for compliance with a legal obligation
  • To data portability whereby your personal data can be transmitted directly from one controller to another where technically feasible.
a)     Right to be informed

You can find out more about the collection and use of your personal data through the following: 

  • Smart Transfer Privacy statement
  • EML Money DAC Privacy Statement 
  • EML Money DAC Terms & Conditions 

These documents are available to view on the website and on the web order and registration page when you are ordering a card or creating an account.

b)    Right of Access

You can access your personal data through your online account under “Edit my Profile” 24/7. Alternatively, you can request this information by phone or email to our Customer Helpdesk. All other data subjects must request this information by phone directly. Requests will be processed within one month of receipt of the request.  

c)     Right to Rectification  

You can rectify your information through your online account under Edit my Profile 24/7. Alternatively, you can request this information by phone or email to our Customer Helpdesk. All other data subjects must request this information by phone directly. Requests will be processed within one month of receipt of the request. 

d)    Right to Restrict Processing 

This right is managed through our withdrawal of consent process. You can manage your Opt In preferences through your online account or by using the Opt Out function on the respective channels. Other data subjects must make this request verbally or in writing.  

e)     Right to Data Portability 

You can request to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller.  

f)      Right to Erasure 

EML Money DAC and Smart Transfer have a legal obligation to retain your personal data for a period of 7 years after expiry of your card. Requests from all other data subjects can be made verbally or in writing. We will respond to this request within one month of receipt. If we are unable to comply with the request, we will inform you of the reason why and your right to make a complaint.

Employees: We may disclose user data to any member of our organisation who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

Third Parties: We will only share your personal information with third parties to facilitate the delivery of our services. If a processing activity is outsourced to an external processor, we will establish Data Processing Agreements (DPAs) to ensure the external processor complies with GDPR requirements). We do not sell or rent your personal data to any third parties for marketing purposes.

Legal and Governmental bodies: In certain circumstances we may need to disclose information about you if you breach this privacy notice or if you breach the Terms and Conditions. We may also disclose or access your account if required to do so by law or by any Governmental body.

User data will be stored for 7 years. EML Money DAC must comply with several statutory and regulatory requirements in relation to the retention of data. As Smart Transfer processes data on behalf of EML Money DAC we are bound by the same obligations in relation to the retention of your data. When personal data is no longer needed to meet those obligations, it will be deleted or unidentified. You will be notified if your data is kept for longer than this period.

Keeping information about you secure is very important to us and certain sections of the website and our Mobile App may encrypt data using SSL or a comparable standard. We will take appropriate measures to ensure confidentiality of all information, both paper and electronic required for the operation of our business. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Mobile App or our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection, and the relevant Data Protection Agreements (DPAs) are in place.

This Privacy Notice may be amended to maintain compliance with the law and to reflect any changes to our data collection process. We shall indicate on the website and our Mobile App if there have been any changes made to this policy.

We use cookies to analyse how you use our website. Please read our Cookie Policy for more information about cookies.
 

If you have any questions or complaints relating to this Privacy Notice or how we use the personal information we have about you, please contact us at info@swirlcard.com. We will endeavour to respond to you promptly.

If you would like to make a complaint, or exercise  any of these rights under the GDPR please contact us using the following details: 

Smart Transfer Ltd.

PO Box 1008, Naas, Co. Kildare

01 6877 985

Our Products