Our UK policy
We are World First UK Limited, registered in the UK under company number 05022388 and registered with the Information Commissioner’s Office Certificate Number Z9826775.
At WorldFirst, we pride ourselves on maintaining the highest levels of security, transparency and integrity in our work, and recognise the importance of protecting and respecting your personal data.
- the information we collect
- how we use that information
- when we share information
- your rights
- how to get in contact
To provide you with our services we need to know things about you. We will only collect information we need to provide you with the services you have requested and will handle your information with the utmost care.
Any information we receive about you will be subject to strict controls to minimise the risk of misuse – including unauthorised access to, or disclosure of, your personal data.
Please read this notice carefully, together with our Terms and Conditions and any other documents referred to within. Here we explain the basis on which any information we collect about you, or that you provide to us, will be processed by us and other parties in providing you with the services you use.
We may amend this policy from time to time. If we make any changes that will affect you, we will be sure to let you know. This will always be published publicly on our website here.
Information you provide to us
To open an account or use WorldFirst services, you will be asked to provide identifying information about yourself (e.g. name, address, and email address), your company and documents to verify the information provided.
In order to make payments, you will be asked to provide the information required to facilitate the payment – e.g. beneficiary information, bank account details and source of funds.
Through the course of our business relationship, we may ask for additional evidence in order for us to comply with our legal obligations, e.g. anti-money laundering regulations. These can include, but are not limited to, documents required to verify any information provided or evidence of source of funds.
Information we collect when you use our website or app
The WorldFirst user community participants will have their sessions recorded to allow us to capture the feedback to improve our services and help with the development of new products. This will always be based on your consent, which you can withdraw at any time.
For the detection and prevention of fraud and cyber-crime, we will collect information, including session, device and IP address to help ascertain the legitimacy of the account login.
For non-registered users, we may contact you using publically available information or information from third parties, which you have consented to being shared, to let you know about products that could be relevant for your business.
Once your account is fully set up and you begin to transact with us we will collect, process and store your WorldFirst financial and transactional information. This information includes the amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details.
Information about you that we receive from third parties
To protect ourselves and our customers against fraud, we verify the information you provide with Anti-Fraud agencies and Electronic Identity Verification Services. In the course of verification, we receive and process information about you from such services.
Information may be collected from credit reference agencies. More information on this can be found here: https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
All calls are recorded and correspondence retained for the purposes of quality control and training, as evidence of transactions and to fulfil regulation requirements. Any information you disclose to us will be held on these recordings.
Individuals who are not registered users of WorldFirst
WorldFirst will collect information about connected parties to a WorldFirst client during the course of the business relationship from the client to comply with our legal obligations, e.g. directors or shareholders of a company. Where customers provide this information, they are required to bring this Privacy Notice to the attention of the individuals concerned.
WorldFirst will collect information required to be able to send a payment to an individual, who may not be a WorldFirst client. This will include name and bank account details that are required by regulations to process the payment.
We will process your personal data:
As necessary to perform our contractual obligations. To ensure we process payments and fulfil our side of the contract we will process transaction information, verification information and phone recordings.
As necessary to comply with our legal obligations. As a financial services company we must collect and process certain information to comply with applicable laws and regulations. These include for:
- Completing due diligence to prevent money laundering and financial crime
- Financial and tax reporting and bookkeeping
- Establishment and defence of legal rights
For activities relating to the prevention, detection and investigation of crime. Information on connected parties and beneficiaries is used for the purpose it is collected to comply with regulations and to make payments on the Client’s behalf. We will not use this information to market to the non-registered individual unless they have specifically consented to receive these communications.
As necessary for our own legitimate interests. WorldFirst’s aim is to provide an excellent service. There is additional information we may collect that will help us:
- To be able to provide our customers with an excellent service, e.g. contact details, hours of availability and languages
- To notify our customers of market changes, products and WorldFirst event information that is relevant to them
- To provide service update notifications of any changes to our products and services that affect our customers
Based on your consent:
- To provide general product and market insight to make the most of your WorldFirst experience
- To perform market research through surveys to help improve our products
- To build a user community to provide feedback in the development and improvement of WorldFirst products
- To provide offers, competitions and incentives
WorldFirst group companies
Within WorldFirst our systems are accessible to all of our group companies to ensure that your accounts are available to be serviced following the sun. Certain group companies with access to the data are based outside of the EEA, including:
- World First Pty Ltd (Australia)
- World First Asia PTE Ltd (Singapore)
- World First Japan K.K (Japan)
- World First Asia Ltd (Hong Kong)
However the way we access, process and transmit your information and our level of security remains consistent across the group.
WorldFirst uses various banking partners around the world to ensure your payment can get to where it needs to go as quickly as possible. When you transact with WorldFirst, we may need to share your information with payment providers or banking partners outside of the EEA, such as intermediary or beneficiary banks, e.g. if you ask us to make a USD payment to China the funds would be cleared through an intermediary bank in the US before reaching China.
For transparency, verification and legal requirements, we are required to include certain information on the payment which could include:
- Your name
- Your date of birth
- Your address
- Beneficiary details
- Your national identity reference (e.g. passport)
If you were introduced to WorldFirst by one of our trusted partners, we may provide them with your information to fulfil our contractual obligations with the partner.
Additionally, we may share your details with a trusted partner for marketing purposes if you have given your consent to do so.
We may share your information with trusted companies providing services to us under confidentiality agreements or to companies that assist us in meeting our obligations to you and our regulators, e.g. the processing of card transactions or the verification of documentation. These companies do not have any rights to market other services with you.
These trusted companies may be outside of the EEA. WorldFirst will ensure that the company is based in a country with adequate data protections under their law, or that we impose contractual obligations or require them to be certified with a framework of protection deemed suitable by WorldFirst. WorldFirst performs due diligence to ensure third parties are compliant with applicable legal and contractual requirements.
If you are a seller on an e-commerce platform, we may share information with those e-commerce platforms to help detect and prevent fraud, money laundering, dealing in counterfeit goods and other criminal or abusive behaviour. We provide information to allow such platforms to identify WorldFirst accounts used by their sellers, and then, for these specific accounts, provide information about the account holder and its associated persons, payments out of the account, other accounts linked to that account, and indications of suspicious activity on the account.
Also, we may share your information with any person acting on your behalf provided that you have given us the permission to do so.
Regulators and law enforcement
We may need to pass necessary information on to Governmental departments, regulatory bodies, the police/law enforcement agencies or other third parties where we are legally compelled to do so, e.g. if we have reason to believe an individual is acting fraudulently and using our services for an illegal purpose.
We will never sell any personal data that we hold about you.
WorldFirst will only retain your information for as long as is necessary for providing our service to you and will not hold or process your information for any longer than we are legally required to. The criteria used to determine the appropriate retention includes:
- Regulatory requirements WorldFirst is subject to
- Whether a legal claim could be brought against WorldFirst
- Necessity of information to provide our service to our customers
- The legal basis for processing, e.g. consent
Information about connected parties and beneficiaries, which may not belong to a WorldFirst client, are stored for a period to comply with applicable legal requirements.
We communicate with you on a regular basis via email and phone to provide excellent customer service and fulfil requests.
Additionally, we use your email address, phone number and postal address to:
- Provide notification as part of the on-boarding and trading lifecycle
- Send you important changes to our products and services
- Send notices and disclosures required by law
Due to the service-orientated nature of these communications, you cannot opt out to receiving these.
WorldFirst would like to keep you up to date concerning our products and services.
Once you are a client of WorldFirst, we may use your information to provide product information, and rate and market updates that are relevant to you and/or your company.
We may also use your information (whether you are a registered WorldFirst user or a visitor to our website) to keep you up to date on general products, market updates or rate movements provided you have given your consent to do so.
If you change your mind on which communications you would like to receive or how you would like to receive them or you decide that you do not wish to receive these types of communications, you can remove your consent at any time by:
- Emailing email@example.com
- Managing your preferences through the WFO trading platform, if you are a registered user
- By clicking the link at the bottom of any email that you receive
You will not miss out on any service we provide by not choosing to receive marketing from us and you can change your mind whenever you like, as often as you like.
We recognise and support the rights outlined below that you have in relation to your personal information under Data Protection Laws. If you would like to exercise any of the below rights then please contact the Data Protection Team (firstname.lastname@example.org) and we will respond to your query within 1 month.
We will require you to provide proof of your identity and to provide sufficient information to allow us to locate your information.
Non-registered users (e.g. website users, connected parties and beneficiaries of payments) have the same rights as any registered user and can contact WorldFirst to request these.
For more information about your rights please visit the ICO website.
To ask for information that WorldFirst holds about you to be corrected
If you notice any of the information on your account is incorrect, you can contact us and we will make any necessary changes, subject to verification of the information.
To ask us to erase your information if we no longer have a reason to hold it
WorldFirst will retain your information only for as long as necessary based on our obligations and business needs. This will be in line with our data retention policy. For more information, please see the How long do you hold my information for? section of this Policy. Additionally, you can request for your data to be deleted, subject to our legal and contractual obligations.
We will retain a record of your erasure request but we will not use this information for any other purpose.
To ask for a copy of the information WorldFirst holds about you
You have the right to request details of the information we hold about you, a description of that data, the purposes for which it is being used and any parties with which we share your information. Where we are legally permitted to, we may decline your request or part of your request, but we will provide an explanation with the response.
To ask WorldFirst not to further process your information
If you make a request for us to stop processing information, we will investigate to see if there is compelling reason for processing to continue and will discuss the conclusion of the investigation with you.
You cannot object to the processing, which is a legal obligation, or where we must process your information to satisfy a contract to which you are a party.
Also, you can object to marketing communications at any time. Please see the marketing section for more details.
To ask not to be subject to automated decision making and profiling
WorldFirst puts people first. There will not be any scenarios in which profiling or automated decision making will have a legal impact on you without a person reviewing or making a decision on the result. If you feel you may have been unfairly impacted, please contact us to discuss this further.
We store all data electronically in a secure manner to protect its confidentiality, integrity and availability. Data is stored on servers which are protected by actively maintained firewalls. We make use of up-to-date anti-virus software and our servers have restricted access. We use world-leading cloud providers to store all data within the European Union.
If you provide paper-based documentation for the purpose of identity verification, these will be stored electronically and the original will be destroyed securely or returned to you.
Transmission of data on the internet can never be completely secure. We do not and cannot guarantee the security of information collected or transmitted electronically however, we take reasonable care to safeguard your personal information.