Related content
Privacy Policy
At WorldFirst, we pride ourselves on maintaining the highest levels of security, transparency and integrity in our work, and recognise the importance of protecting and respecting your personal information.
To provide you with our services we need to know things about you. We will only collect information we need to provide you with the services you have requested and will handle your information with the utmost care.
Any information we receive about you will be subject to strict controls to minimise the risk of misuse – including unauthorised access to, or disclosure of, your personal information. This Privacy Policy applies to information that WorldFirst may collect about visitors to its website (even if you do not become a customer), companies and individuals who register for its services, and continue using its services, and any other person who contacts WorldFirst over the telephone or in writing.
Please read this Privacy Policy carefully, together with the WorldFirst Terms and Conditions and any other documents referred to within. For the purposes of this Privacy Policy, the term “personal information” means any data that can identify you as an individual for example name, address and contact information.
We are World First UK Limited (referred to in this Notice as “WorldFirst”, “we”, “us” or “our”) with our company address: 2nd Floor, International House, 1 St Katharine’s Way, London, E1W 1UN.
WorldFirst acts as the “controller” of your personal information for the activities described in this Privacy Policy. That means WorldFirst is the legal entity deciding why and how your personal information is collected and used.
If you would like to know more about any of the terms of this Privacy Policy, please contact us (please see Section 12 below) so that we can help you with any questions or concerns.
Information you provide to us
To open an account or use WorldFirst services, you will be asked to provide identifying information about yourself (e.g. name, address, date of birth, and email address) and your company (together, “Account Information”), together with documents to verify the information provided – such as, a copy or record of your identity cards, passport or other travel document information, your proof of address, occupation, nationality, country of birth, source of funding, source of wealth and/or other information from checks, credit cards, bank statements, address proofs or money orders (together, “Identification Information”). You will also be asked to provide “Profile Information” including your username and password.
In order to make payments, you will be asked to provide the information required to facilitate the payment – e.g. Beneficiary Information (see below) and certain Transaction Information (see below) – in particular, bank account details and source of funds.
Through the course of our business relationship, we may ask for additional evidence in order for us to comply with our legal obligations – e.g. anti-money laundering regulations. These can include, but are not limited to, documents required to verify any information provided or evidence of source of funds (“KYC/ AML Information”).
Information we collect when you use our website or app
Our website uses cookies to provide you with a better experience on our website, for fraud prevention and to provide internet-based advertisements such as banner advertisements on the website or app. For detailed information on the cookies we use and the purposes for which we use them, please see our full Cookie policy.
The WorldFirst user community participants will have their sessions recorded to allow us to capture the feedback to improve our services and help with the development of new products..
For the detection and prevention of fraud and cyber-crime, we will collect information, including session, device and IP address (“Device Information”) to help ascertain the legitimacy of the account login. We will also collect information about your activities on and use of our website or app including, for example, browser history, product engagement, IP address or other unique identifiers, and other information regarding your interaction with our website or app and our advertisements (“Usage Information”).
Public information
For non-registered users, we may contact you using publicly available information or information from third parties (i.e., name and contact details), which you have consented to being shared, to let you know about products that could be relevant for your business. Such third party sources include, for example, social media platforms, company registration lists, and telephone and other publicly available directories.
Transactional information
Once your account is fully set up and you begin to transact with us we will collect, process and store your WorldFirst financial and transactional information. This information includes the amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details (together, “Transaction Information”).
Information about you that we receive from third parties
To protect ourselves and our customers against fraud, we verify the information you provide (e.g., the KYC/ AML Information) with anti-fraud agencies and electronic identity verification services. In the course of verification, we receive and process information about you from such services. It may include the collection of biometric information (via facial recognition technologies) used for real identity verification and authentication purposes.
Information may also be collected from credit reference agencies.
Communications
All calls are recorded and correspondence retained for the purposes of quality control and training, as evidence of transactions and to fulfill regulation requirements. Any information you disclose to us will be held on these recordings in compliance with applicable law (“Call Recording Information”).
Individuals who are not registered users of WorldFirst
Connected parties
WorldFirst will collect information about connected parties to a WorldFirst client during the course of the business relationship from the client to comply with our legal obligations – e.g. directors or shareholders of a company (“Connected Party Information”). Where customers provide this information, they are responsible for bringing this Privacy Policy to the attention of the individuals concerned.
Beneficiaries
WorldFirst will collect information required to be able to send a payment to an individual, who may not be a WorldFirst client. This will include name and bank account details that are required by regulations to process the payment (“Beneficiary Information”).
The purposes and legal bases upon which we process your personal information include:
Category of Personal Information | Purpose of Processing | Lawful Basis for Processing |
All personal information in Section 3 above other than Usage Information, Beneficiary Information and Device Information | Registration and Administration: We use your personal information to enable you to register with us. Once you have an account with us we will use your personal information to contact you and to reply to any queries or requests. We will use your personal information in the administration of your account, which includes us contacting you in order to update your account details (this assists with keeping our records up to date) or in order to notify you of changes or improvements to our products or services that may affect our service to you – you cannot opt-out of the receipt of these service messages. | To perform a contract (Art. 6(1)(b) GDPR) To comply with a legal obligation e.g., financial tax reporting and bookkeeping laws (Art. 6(1)(c) GDPR) |
All personal information in Section 3 above other than Usage Information and Device Information | Provide our Products and Services: We use your personal information in order to supply our products and services to you (including, enabling transactions and facilitating payments) and to meet our contractual obligations to you (including under our Terms of Use). This will include the sharing of your personal information with Banking Partners (see Section 4 below). | To perform a contract (Art. 6(1)(b) GDPR) To comply with a legal obligation (see below) (Art. 6(1)(c) GDPR) To pursue our legitimate interests to operate and improve our business and minimise any unintended disruption, risk or fraud to the services that we offer to you, to transfer your personal information within the WorldFirst Group for internal administrative purposes, and to make your experience of our products and services efficient and effective (Art. 6(1)(f) GDPR) |
Usage Information, Device Information | Improve our Products and Services: To understand our customers’ actions, behaviours, preferences, transactions, expectations, and feedback in order to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services by us | To pursue our legitimate interests to make your experience of our products and services efficient and effective and to improve the same (Art. 6(1)(f) GDPR) |
Account Information, Profile Information, Identification Information, KYC/AML Information, Beneficiary Information, Transaction Information | Prevention and Detection of Crime: We are subject to strict anti-money laundering and counter-terrorist financing regulations which requires us to undertake due diligence on our customers and their beneficiaries. This may include the conduct of soft searches through an identity-referencing agency and through other sources of information and the use of scoring methods to identify risk and to verify identity. These activities may involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. It may also include the sharing of personal information with police, law enforcement, tax authorities or other government and fraud prevention agencies | To comply with a legal obligation e.g., laws relating to anti-money laundering and financial crime (Art. 6(1)(c) and Article 9(2)(g) GDPR) To pursue our legitimate interests to cooperate and assist law enforcement in the fight against financial crime (Art. 6(1)(f) GDPR) |
Name and contact details | Direct Marketing: We may use your information to keep you up to date concerning WorldFirst Group Companies’ products and services, tell you about new products/services or to ask about your experience with us . You can opt-out from the receipt of these communications at any time | To pursue our legitimate interests to send you marketing communications (Art. 6(1)(f) GDPR) Where required under applicable law, we will ask for and rely on your consent (Art. 6(1)(a) GDPR) |
Call Recording Information | Monitoring: We record all our telephone calls for security and training purposes e.g., to assess the quality of our customer services and to provide staff training | To pursue our legitimate interests to assess the quality of our customer services (Art. 6(1)(f) GDPR). |
All personal information in Section 3 above | To defend and enforce our rights including, against legal claims that involve us or other WorldFirst Group companies, and to manage regulatory matters, investigations, data breaches, and/or data subject requests | To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) GDPR) To pursue our legitimate interests to defend and enforce our rights (Art. 6(1)(f) GDPR) |
All personal information in Section 3 above | To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us or any WorldFirst Group company | To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR) |
You have a right to object to the processing of your personal information (including profiling) where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.
Where we need to collect the abovementioned categories of personal information by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this personal information when requested, we may not be able to comply with our legal obligations, provide you with a service or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you.
Where we ask for your consent to use your personal information (e.g. to send you direct marketing), you have the right to withdraw your consent at any time by:
- emailing [email protected]; or
- managing your preference through the WFO trading platform, if you are a registered user; or
- clicking the link at the bottom of any email that you receive.
You will not miss any service we provide by not choosing to receive marketing from us and you can change your mind whenever you like and as often as you like. However please note that your withdrawal of consent does not affect the lawfulness of our processing of your personal information based on consent before such withdrawal.
WorldFirst and Ant Group Companies
WorldFirst Group Companies refers to the companies owned (whether partially or wholly) by Ant Group, including but not limited to the companies listed below further information on Ant Group companies can be found here https://www.antgroup.com/en:
- WorldFirst Netherlands B.V. (EU)
- WorldFirst Pty Ltd (Australia)
- WorldFirst Asia PTE Ltd (Singapore)
- WorldFirst Japan K.K (Japan)
- WorldFirst Asia Ltd (China – Hong Kong)
These WorldFirst and Ant Group Companies will access and process your personal information categories included in What information do we collect? And how do we collect it? section to assist in the provision of services to you including, for back-up purposes, to assist with compliance and anti-money laundering activities, customer services and for internal audit purposes. However, the way information is accessed, processed and transmitted and our level of security remains consistent across WorldFirst and Ant Group Companies.
Banking Partners
WorldFirst uses various banking partners around the world to ensure your payment can get to where it needs to go as quickly as possible. When you transact with WorldFirst, we will need to share your personal information with payment providers or banking partners including, those located outside of the UK, such as intermediary or beneficiary banks – e.g. if you ask us to make a USD payment to China – Hong Kong the funds may be cleared through an intermediary bank in the US before reaching China – Hong Kong.
For transparency, verification and legal requirements, we are required to include certain information on the payment which could include: Account Information, Beneficiary Information and your Identification Information.
Trusted Partners
If one of our trusted partners introduced you to WorldFirst, we may provide them with your personal information that are necessary to fulfil our contractual obligations with the partner. Again, this could include transaction information or proof of source of funds such as invoices or statements from marketplaces (that may contain personal data).
We may also cooperate with trusted partners to provide financial services to you. In order to provide such financial services that are suitable for you, we may share personal information that is necessary, such as account information or identification informationwith trusted partners to determine whether you are suitable for such services and accordingly credit worthiness and your credit. This may include the conduct of soft searches and the use of scoring methods to identify risk and verify identity. These activities may also involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. We require trusted partners to undertake a strict confidentiality obligation and not to use your data that we share with them for any other purposes. We would also require trusted partners to adopt sufficient technical security measures to protect your data.
Additionally, we may share your contact details with a trusted partner for marketing purposes if you have given your consent to do so.
Contractors, Professional Advisors and Service Providers
We may share any personal information identified in Section 3 above with our contractors, professional advisers and third party service providers who provide administrative, customer support, telecommunication, computing, remittance or other services to us in connection with the operation or maintenance of our products and services. These companies do not have any rights to market other services to you.
Other Parties
If you are a seller on an e-commerce platform, we may share your personal information with those e-commerce platforms that are necessary to help detect and prevent fraud, money laundering, dealing in counterfeit goods and other criminal or abusive behaviour. We provide such information to allow such platforms to identify WorldFirst accounts used by their sellers, and then, for these specific accounts, provide information about the account holder and its associated persons, payments out of the account, other accounts linked to that account, and indications of suspicious activity on the account.
We may share your personal information with actual or proposed entities involved in any merger, acquisition, corporate reorganisation or financing, or similar transaction with us, including in the event of the sale of all or part of our assets: All personal information categories included in Section 3 may be disclosed on a need-to-know basis depending on our business needs.
Also, we may share your information with any person acting on your behalf provided that you have given us the permission to do so.
Regulators and Law enforcement
We may need to pass necessary information to Governmental departments, regulatory bodies, law enforcement/tax/customs agencies, courts of law or other third parties including, where we are asked to do so. This may include all personal information identified in Section 3 above
Like many global companies, our operations are supported by a network of computers, servers and other infrastructure and information technology.
The personal data described in Section 3 above is shared with the recipients, and for the purposes, described in Section 5 above Some of the recipients of that personal data are located in countries outside of the UK, namely: Australia, China, the European Economic Area (EEA), Hong Kong, Japan, Singapore, Turkey and the United States.
We store your personal data in the EEA. Any internal group transfers are primarily carried out via limited remote access. For instance, our customer service employees based in China and Singapore have remote access to the information they need to respond to your queries about the use of our services. We share relevant personal data directly and/or remotely with the third parties as described in Section 5 below, and put arrangements in place so there are appropriate security measures to protect it.
We take steps to protect your personal data when it is transferred internationally. We rely on the following safeguards for those transfers:
- Where available, we rely on adequacy decisions by the UK government. These decisions confirm that the level of data protection offered by the country the recipient is located in is adequate. The list of countries with adequacy decisions may be found here. At the date of this notice, adequacy decisions cover our transfers to the EEA, and some of our transfers to Japan and the United States (where the recipient is in scope of the adequacy decision).
- Where adequacy decisions are not available, we ordinarily use agreements called standard contractual clauses (“SCCs”). These are contracts that were initially approved by the EU Commission, and have now been approved by the UK government or the UK privacy regulator. A copy of the UK addendum for applying the SCCs to transfers from the UK may be found here.
- In limited cases, we rely on an exemption from requiring an adequacy decision or SCCs – this would be the case if we have your explicit consent, the information is from a public register, or it’s necessary to make the transfer to perform our contract with you (or a contract with another party that benefits you), for important reasons of public interest, to establish, make or defend a legal claim, to protect someone’s vital interests where they can’t give their consent, or as a one-off where necessary for our compelling legitimate interests.
If you would like further information or a copy of the relevant contractual safeguards, you can contact us using the details set out in Section 12 below.
WorldFirst will only retain your personal information for as long as is necessary to provide our services to you and will not hold or process your personal information for any longer than we are legally permitted to. The criteria used to determine the appropriate retention period includes:
- Regulatory requirements WorldFirst is subject to
- Whether a legal claim could be brought against WorldFirst
- Necessity of information to provide our service to our customers
- The types of personal information being processed
- The legal basis for processing your information – e.g. consent
Information about connected parties and beneficiaries, which may not belong to a WorldFirst client, are stored for a period to comply with applicable legal requirements.
You have certain rights in respect of your personal information as outlined below. If you would like to exercise any of the below rights then please contact Privacy Office ([email protected]) and we will respond to your request. However, please note that the below rights are not absolute and may be subject to limitations.
As necessary we will request you to provide proof of identity and to provide sufficient information to enable us to locate relevant information and verify that the person making the request is entitled to do so.
To ask for information that WorldFirst holds about you to be corrected
Where the personal information that we hold about you are incorrect, you have the right to request amendments to be made.
To ask us to erase your information if we no longer have a reason to hold it
You have a right to request for the deletion of your personal information that we hold.
To ask us to restrict the processing of your personal information
You have a right to ask that we restrict or suppress the processing of your personal information which means that whilst we are permitted to store the personal information we cannot otherwise process it.
To ask for a copy of the information WorldFirst holds about you
You have a right to receive a copy of your personal information. You also have the right to ask for a copy of your personal information to be provided to a third party in certain circumstances.
To withdraw your consent
You have a rights to withdraw your consent to the processing of your personal information at any time (where WorldFirst is processing your personal information based on your consent) by contacting us using the details in Section 12 below. Please note that withdrawing your consent may prevent us from further providing all or part of our services to you but does not affect the lawfulness of our processing of your personal information based on such consent before the withdrawal.
To object to the processing of personal information by WorldFirst
If you object to the processing of your personal information (including, profiling) which we carry out in reliance on our legitimate interests, we will investigate to see if there is compelling reason for processing to continue.
You can not object to the processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party.
Also, you can object to marketing communications at any time. Please see Section 4 above.
To ask not to be subject to solely automated decision making (including, profiling)
WorldFirst puts people first. There will not be any scenarios in which profiling or automated decision making will have a legal or similarly significant impact on you without a person reviewing or making a decision on the result.
We store all data electronically and physically in a manner aimed at securing and protecting the data’s confidentiality, integrity and availability. Data is stored on servers which are protected by actively maintained firewalls. We make use of up-to-date anti-virus software and our servers have restricted access.
If you provide paper-based documentation for the purpose of identity verification these will be stored electronically and the original will be destroyed securely or returned to you.
Transmission of data on the internet can never be completely secure. We do not and cannot guarantee the security of information collected or transmitted electronically however, we take reasonable care to safeguard your personal information.
If at any time you are not happy with how we handle your personal information, you can make a complaint to us. For further information, please see our complaints policy.
We would really like the opportunity to set things right with you but you also have the right to raise any data protection concerns with a data protection authority directly if you are unhappy with the way we are handling your personal information.
Our website may contain links to other third-party websites, which may have privacy policies/statements that differ from our own. We are not responsible for the activities and practices that take place on these websites.
Accordingly, we recommend that you review the privacy policies/statements posted on any website that you may access through our website.
If you would like to get in contact with us, please contact our Privacy Office by sending an email to [email protected] or by writing to us at World First UK Ltd, 2nd Floor, International House, 1 St Katharine’s Way, London, E1W 1UN
Changes to our privacy policy
We may change, amend or revise this Privacy Policy from time to time including, for example, in response to changing legal, technical or business developments. We will take appropriate measures to notify you of any substantive or material changes. You can view the latest version of this Privacy Policy on our website at any time and you are encouraged and responsible for consulting the latest version of this Privacy Policy before making use of the services referenced in this Privacy Policy.
Once posted on our website the new Privacy Policy will become immediately effective.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
