Last updated: 21/05/2019
Trust and security are a big part of what makes Rhemito the best way to send money internationally.
Your privacy is very important to us, so we’d like to tell you what we do to keep your data safe and secure.
In this policy, we explain how Rhemito collects, manages, uses and protects your data.
What is Rhemito?
Rhemito is an online money transfer service with the mission to make life easier for everyone transferring money around the world.
Rhemito is a trademark owned by Funtech Global Communications Ltd. A registered payment institution in the UK with registration details FRN: 609261 MLR NO: 12803115. Rhemito is powered by Funtech’s Universal Remittance Portal (FURP), which is built to manage cross border payments and aggregate multiple payment partners worldwide.
The term “Service” refers to money transfers enabled from our website.
In the language of data protection regulation, Rhemito is the “data controller” of your personal data and you, our customer, are the “data subject”. This means that Rhemito determines the purposes and means of processing your personal data, while respecting rights concerning your privacy.
What data do we collect?
Like most companies, we collect various types of data about our customers. Some of it may be considered personal data, which means data that make you identifiable as an individual.
As a regulated financial institution, we are bound by the legal requirement to collect, verify and record certain data about you or recipients of your transactions. All types of data we gather may be used to prevent or detect crime.
We may collect and use the following data:
Basic personal data, such as (but not limited to):
This data is necessary for Rhemito to provide the Service to you. We will request this data when you sign up, before the Service is provided.
Data for ‘Know Your Customer’ (KYC) regulations, such as (but not limited to):
This data will sometimes be needed to conduct Know Your Customer (KYC), Customer Due Diligence (CDD) and security checks, as required by local and international regulations. This helps us keep your money safe, and we will only request these details when necessary.
Data about your recipient, such as (but not limited to):
Data from other third-party sources, such as (but not limited to):
Rhemito collects this data only when you provide the relevant permission to social media sites.
Technical data, such as (but not limited to):
This data is used to help us to understand how you use our Service, so that we can improve it.
Why do we collect your data?
We collect your data to personalise and improve our service for you. The specific purposes for which we collect your data include:
We need to collect data in order to process your transactions. Without data such as you and your beneficiaries bank account details or full name and address, we would be unable to transfer money for you.
As regulated financial institutions, both Rhemito and our partners are required to conduct Know Your Customer (KYC) and Customer Due Diligence (CDD) checks to comply with our legal and regulatory requirements.
These include our requirements under Anti Money Laundering (AML) and Counter Terrorist Financing (CTF) legislation. All of this helps us keep our Service safe and secure.
We may process your personal data to provide you with certain types of marketing communication that we believe will be relevant and of interest to you. This helps us provide you with a more personalised service. This kind of activity is permitted by our ‘legitimate interest’ (for more information on legitimate interest, please see Section 8 of this Policy). We will always endeavour to make these communications relevant and un-intrusive, and you are able to object to marketing communication from us at any time.
Analytical purposes We may collect and analyse data such as website or app visit logs to improve the quality of our service.
You do not have to disclose any of the above data to us. However, if you choose to withhold certain data, we may not be able to provide you with our Service.
How do we keep your data safe and secure?
All the data that you provide to us is encrypted on our secure servers. We restrict access to your data to specific employees of Rhemito who have an important business-related reason for handling it. Our communications are encrypted using encryption technologies which are based on standard algorithms such as DES, RSA and IDEA. These algorithms represent the actual cipher used for an approved application. For example, Secure Socket Layer (SSL) uses RSA encryption.
An algorithm is a procedure or formula for solving a problem. A computer program can be viewed as an elaborate algorithm.
A cipher is any method of encrypting data (concealing its readability and meaning).
Data is defined as any information within the organisation’s purview, including customer record data, personnel data, financial data (budget and payroll), departmental administrative data, legal files, research data, proprietary data, and all other data that pertains to, or supports the administration of the organisation.
Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key.
Electronic Information Resources include data, networks, computers, and other devices that store, or display data, communications devices, and software used on such devices.
International Data Encryption Algorithm (IDEA) is an encryption algorithm developed at ETH in Zurich, Switzerland. It uses a block cipher with a 128-bit key and is generally considered to be very secure. It is considered among the best publicly known algorithms.
Rivest-Shamir-Adleman (RSA) is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers.
How long do we keep your data?
Depending on what purpose your data is used for, the length of time we keep it may vary. Either way, we will only hold your data if necessary to serve the purpose it is used for.
We are legally required to keep the data obtained for Know Your Customer (KYC), Customer Due Diligence (CDD) and security purposes (including transaction records and our communications with you) for at least five years after the most recent transaction.
When the five years’ retention period and/or legitimate interest no longer apply, we will remove your data from our system. For more information on legitimate interest, please see Section 8 of this Policy.
In situations where you give us specific consent to process certain kinds of data, you can withdraw that consent at any time. We will then stop processing your data and, if the five years’ retention period and/or legitimate interest retention period does not apply, we will also erase your data from our system.
We may retain any data mentioned above for a longer period, if required to protect the rights, property or safety of Rhemito or of the Service provided by us or our partners.
Who do we share your data with?
We share your personal data with third parties only when it is necessary for the fulfilment of the Service or to comply with applicable laws.
We will never sell your personal data to other organisations.
We work with partners who help us to complete your transactions. If they are based outside the EEA, we will share your personal data with them only when they apply essential safeguards, or if it has been established by EU institutions that the relevant country has an appropriate data protection regime in place, or when we otherwise ensure that the appropriate level of protection is applied for data processing.
The following are some purposes for which we may share your data with third parties:
To fulfil the contract between you and Rhemito
We may share your data with third parties, such as our partners and intermediaries, when they are necessary for the fulfilment of the Service.
When required by law
We may share your data when required by law, for example for the purposes of security, taxation and criminal investigations.
For marketing and communication
We may share your data with third parties such as providers of customer service tools, marketing campaign tools, email communication tools, analytics software (for marketing purposes) and data visualisation tools (for analytical purposes).
If we sell or buy any business or assets, we may be obliged to share your personal data with the prospective seller or buyer.
What are your rights?
The law gives you several important rights in relation to your personal data, which are listed below.
There are certain exceptions where these rights may be superseded by laws and other requirements applicable to regulated authorised payment institutions like Rhemito. An example of this would be the obligatory retention period (seen Section 5), which supersedes the right to data erasure.
Your rights are:
If you would like to read more about your rights in relation to your personal data, please refer to the Information Commissioner’s Office website.
Legitimate interest is a specific legal justification for the collection and processing of your personal data. It applies when we have reasonable grounds to collect and/or process your personal data to improve our Service, as long as this does not infringe on your rights.
Our legitimate interest may justify some examples of automated decision-making. One of those is our estimated transaction timing, which we use to determine the time in which the transfer will reach your beneficiary.
We believe that if you are an active customer of Rhemito, it is in your interest to receive occasional information about our Service. We may therefore send you communications about offers or promotions that we believe are relevant for you based on your previous use of the Service. If we notice that you are having problems using our service, we may on our own initiative decide to contact you, in some cases by phone, to offer help.
We may also process your data to help develop new product features that we believe will improve the Service. We may contact you occasionally to assess your satisfaction with the service. We may also use your data to determine the effectiveness of marketing or promotional campaigns. We may also contact you with information about any changes in the service, and/ or other important updates.
We will only share anonymised or encrypted data with the third parties. We may also provide our partners with anonymous aggregated data about our customers for marketing and analytical purposes, to help optimise our marketing communications.
You can object to data processing based on our legitimate interest at any time by contacting us at firstname.lastname@example.org or by changing the settings on your Rhemito account.
Cookies are small text files which are stored on your device when you access Rhemito. They allow us to recognise you and store data about your past activity and your preferences so that we can personalise and improve the service for you.
Cookies and other similar technologies may collect data such as language preference, country and previously viewed pages.
We use the following cookies:
By using our Service, you agree to place the cookies described above on your device. You have the right to withdraw your consent at any time. If you would like to delete our cookies, you can do so by changing the settings of your browser.
Blocking or deleting cookies may mean that some features of the Service may not be available to you
Logging in to Rhemito with your Facebook account
You can log in to Rhemito using your Facebook profile. This allows us to authenticate your identity by obtaining access to:
By using your Facebook login credentials, your personal data may be processed by Facebook marketing tools. An example of this is the Facebook tool called ‘Lookalike Audiences’. This helps us to identify people who have similar interests or behaviours to those of our customers. We may use similar tools provided by Facebook in the future.
You can contact Rhemito:
Rhemito has a Data Protection Officer who is responsible for matters related to privacy, data protection and data security. Our Data Protection Officer can be contacted at email@example.com.