Privacy Policy

1. Introduction

Welcome to Velocity Transfers UK Limited (“we,” “our,” “us,” or the “Company”). We are an International Money Transfer Operator (IMTO) based in the United Kingdom, committed to protecting your personal data and respecting your privacy rights.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our international money transfer services, website, mobile application, and other related services (collectively, the “Services”).

This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Payment Services Regulations 2017, and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Important Information:

• Company Name: Velocity Transfers UK Limited
• Company Registration Number: 10675956
• Registered Office: 306 (Third Floor), City Gate House, 246-250 Romford Road, London, E7 9HZ, UK FCA Reference Number: 797342

2. Data Controller and Data Protection Officer

Data Controller:

Velocity Transfers UK Limited is the data controller responsible for your personal data. This means we determine how and why your personal information is processed.

Data Protection Inquiries :

Address: Info@velocitytransfers.co.uk

You can contact our Data Protection Officer for any questions, concerns, or requests regarding your personal data and this Privacy Policy.

3. What Personal Information Do We Collect?

As an International Money Transfer Operator, we are required by law to collect certain information to verify your identity, prevent fraud, combat money laundering, and comply with financial regulations. We collect the following categories of personal data:

3.1 Information You Provide Directly

Account Registration Information:

• Full legal name (as it appears on official documents)
• Date of birth
• Gender
• Nationality and country of residence
• Email address
• Telephone number (mobile and/or landline)
• Residential address and proof of address
• Password and security credentials

Identity Verification Documents:

• Government-issued photo identification (passport, driving license, national identity card)
• Proof of address (utility bills, bank statements)
• Biometric data (facial recognition for identity verification)
• Signature
• Photograph

Transaction Information:

• Source of funds and purpose of transfer
• Beneficiary details (name, address, bank account details, relationship to sender)
• Amount being transferred and currency
• Payment method details (bank account)
• Country of origin and destination

Financial Information:

• Bank account details (account number, sort code, IBAN, SWIFT/BIC codes)
• Income information and employment details
• Source of wealth documentation

Enhanced Due Diligence Information (for high-value or high-risk transactions):

• Employment details and employer information
• Business activities and company information (for business accounts)
• Expected transaction volumes and patterns
• Politically Exposed Person (PEP) status
• Sanctions screening results
• Adverse media screening results

Customer Service and Communications:

• Records of your communications with us (emails, phone calls, chat logs)
• Feedback, complaints, and survey responses
• Customer support tickets and case notes

3.2 Information We Collect Automatically

Technical and Usage Data:

• IP address and geolocation data
• Device information (device type, operating system, browser type)
• Login times and access logs
• Pages visited and features used
• Clickstream data and navigation patterns
• Cookie data (see Section 6 for details)
• Application performance data

Transaction Monitoring Data:

• Transaction velocity and frequency patterns
• Behavioral analytics
• Fraud risk scores and assessments

3.3 Information We Receive from Third Parties

Identity Verification Services:

• Electronic identity verification results
• Credit reference agency information
• Anti-fraud database checks
• Anti-money laundering (AML) and sanctions screening results

Payment Processors and Banking Partners:

• Payment confirmation and settlement information
• Account validation results
• Returned payment notifications

Other Third-Party Sources:

• Publicly available information (company registers, electoral roll)
• Social media profile information (only if you connect your account)
• Referral information (if you were referred by another customer)
  
  

4. How Do We Use Your Personal Information?

We process your personal data for the following purposes, based on the legal grounds specified under UK GDPR:

4.1 To Provide Our Services (Contract Performance)

Legal Basis: Performance of our contract with you

• Creating and managing your account
• Processing your money transfer requests
• Executing payment transactions
• Providing customer support
• Communicating about your transactions and account
• Updating you on the status of your transfers

4.2 Legal and Regulatory Compliance (Legal Obligation)

Legal Basis: Compliance with legal obligations

We are required by law to verify your identity and monitor transactions to comply with:

• Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
• Payment Services Regulations 2017
• Proceeds of Crime Act 2002
• Terrorism Act 2000
• Financial sanctions and export controls
• Tax reporting requirements (Common Reporting Standard, FATCA)

Specific compliance activities include:

• Know Your Customer (KYC) verification
• Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
• Ongoing transaction monitoring
• Suspicious Activity Report (SAR) filing with the National Crime Agency (NCA)
• Sanctions and PEP screening
• Maintaining transaction records for regulatory inspections
• Responding to lawful requests from law enforcement and regulators

4.3 Fraud Prevention and Security (Legitimate Interests)

Legal Basis: Our legitimate interests (and yours) in preventing fraud and maintaining security

• Detecting and preventing fraudulent transactions
• Identifying and blocking suspicious activities
• Protecting against security threats and unauthorized access
• Conducting security audits and investigations
• Sharing information with fraud prevention agencies
• Implementing risk-based authentication

4.4 Service Improvement and Business Operations (Legitimate Interests)

Legal Basis: Our legitimate interests in improving services and operating efficiently

• Analyzing usage patterns to improve our platform
• Developing new features and services
• Conducting market research and customer surveys
• Training our staff and quality monitoring
• Managing our business operations and infrastructure
• Resolving disputes and enforcing our terms

4.5 Marketing and Communications (Consent or Legitimate Interests)

Legal Basis: Your consent (for electronic marketing) or our legitimate interests (for service-related communications)

• Sending you promotional offers and marketing communications (with your consent)
• Providing information about new services and features
• Sending service announcements and updates
• Notifying you of changes to our terms or policies

You can opt out of marketing communications at any time by:

• Clicking “unsubscribe” in any marketing email
• Adjusting your preferences in your account settings

Contacting our Data Protection Officer

5. Legal Bases for Processing Under UK GDPR

We only process your personal data where we have a lawful basis to do so:

Legal Basis	Description	Examples
Contract	Processing necessary to perform our contract with you	Account creation, processing transfers, customer support
Legal Obligation	Processing required to comply with legal requirements	KYC/AML compliance, sanctions screening, regulatory reporting, tax compliance
Legitimate Interests	Processing necessary for our legitimate business interests (balanced against your rights)	Fraud prevention, security, service improvement, direct marketing (where applicable)
Consent	Processing based on your explicit consent	Electronic marketing communications, optional features, cookies (non-essential)
Vital Interests	Processing necessary to protect life	Emergency situations requiring disclosure
Public Interest	Processing necessary for public interest tasks	Assisting law enforcement investigations

 

6. Do We Use Cookies and Other Tracking Technologies?

Yes, we use cookies and similar tracking technologies to enhance your experience, secure our services, and analyze usage patterns.

6.1 What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit. We use both first-party cookies (set by us) and third-party cookies (set by our service providers).

6.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Purpose: Essential for the website to function properly
• Legal Basis: Legitimate interests (no consent required)
• Examples: Session authentication, security tokens, load balancing
• Retention: Session-based or short-term

Performance and Analytics Cookies:

• Purpose: Help us understand how visitors use our website
• Legal Basis: Consent
• Examples: Google Analytics, internal analytics
• Retention to 24 months
• Data Collected: Page views, click patterns, session duration, bounce rates

Functional Cookies:

• Purpose: Enable enhanced functionality and personalization
• Legal Basis: Consent
• Examples: Language preferences, remembered settings
• Retention to 12 months

Marketing and Advertising Cookies:

• Purpose: Deliver relevant advertisements and measure campaign effectiveness
• Legal Basis: Consent
• Examples: Google Ads, LinkedIn Insight Tag
• Retention to 24 months

6.3 Managing Cookie Preferences

You can manage your cookie preferences at any time:

• Use our Cookie Consent Manager(accessible via the banner or footer)
• Adjust your browser settings block or delete cookies
• Use browser plugins like privacy extensions
• opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on

Please note: Blocking strictly necessary cookies may prevent you from using certain features of our Services.

6.4 Other Tracking Technologies

Device Fingerprinting:
We may collect device characteristics (screen resolution, browser version, installed fonts) to identify devices for security and fraud prevention purposes.

Local Storage:
HTML5 local storage to save user preferences and session data.

7. How Do We Share Your Personal Information?

We do not sell your personal data to third parties. However, we may share your information with trusted service providers and partners as necessary to provide our Services and comply with legal obligations:

7.1 Service Providers and Business Partners

Payment Processors and Banking Partners:

• To execute payment transactions and settlements

Identity Verification and KYC/AML Service Providers:

• To verify your identity and conduct compliance checks

Technology and Infrastructure Providers:

• To host our platform and provide technical services

Customer Support and Communication Tools:

• To provide customer service and support

Marketing and Analytics Providers:

• To deliver marketing campaigns and analyze website performance

7.2 Regulatory and Law Enforcement Authorities

We are legally required to share information with:

• Financial Conduct Authority (FCA)– Our regulatory supervisor
• HM Revenue & Customs (HMRC)– For MSB compliance and tax reporting
• National Crime Agency (NCA)– For suspicious activity reporting
• UK Financial Intelligence Unit– For AML/CFT compliance
• Law enforcement agencies– In response to lawful requests, court orders, or legal process
• Other regulatory bodies– As required by applicable laws

7.3 Fraud Prevention Agencies

We share information with fraud prevention agencies (e.g., National Fraud Database) to:

• Prevent and detect fraud and money laundering
• Verify your identity
• Manage risk

These agencies may keep a record of information and share it with other organizations to prevent fraud.

7.4 Business Transfers

If we undergo a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity as part of the transaction.

7.5 International Transfers

As an International Money Transfer Operator, we transfer funds globally and may need to share your information with:

• Recipient banks and financial institution sin destination countries
• Correspondent bank sin intermediary countries
• International payment networks(SWIFT, etc.)

Some countries outside the UK have been recognized by the UK government as providing an adequate level of data protection.

For transfers to other countries that do not have such adequacy decisions, we will ensure that appropriate safeguards are in place to protect your personal information in accordance with the UK GDPR.

8. How Long Do We Keep Your Personal Information?

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal, regulatory, and contractual obligations.

8.1 Retention Periods

Account and Transaction Data:

• Active accounts: For the duration of your relationship with us
• Closed accounts:5-7 years after account closure (or longer if required by law)
• Transaction records: Minimum 5 years from the date of the transaction (as required by Money Laundering Regulations)

Identity Verification Documents:

• Minimum 5 years after the end of the business relationship (as required by Money Laundering Regulations)
• May be retained longer if required by ongoing legal proceedings or investigations

Communications and Customer Service Records:

• Up to 6 years to handle disputes and legal claims

Marketing Data:

• Until you withdraw consent or request deletion

CCTV Footage (if applicable at physical locations):

• 30-90 days unless required for security incidents or investigations

Fraud and Security Incident Records:

• Up to 6-10 years depending on the nature and severity of the incident

8.2 Legal and Regulatory Requirements

We are required by UK law to retain certain records for specific periods:

• Money Laundering Regulations 2017:Minimum 5 years from end of business relationship
• Payment Services Regulations 2017:6 years for payment transactions
• Tax Records:6 years for HMRC compliance
• Legal Claims: Up to 6 years under the Limitation Act 1980

8.3 Secure Deletion

When personal data is no longer required, we securely delete or anonymize it in accordance with our data retention and destruction policies. Deleted data cannot be recovered.

9. Your Data Protection Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

9.1 Right of Access (Subject Access Request)

You have the right to request:

• Confirmation of whether we process your personal data
• A copy of your personal data
• Information about how we use your data

How to exercise: Submit a Subject Access Request to our DPO
Response time: Within 1 month (may be extended to 3 months for complex requests)
Cost: Free (unless requests are manifestly unfounded or excessive)

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

How to exercise: Contact our DPO with the correct information
Response time: Within 1 month
Note: We may need to verify the accuracy of new information

9.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data in certain circumstances:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required to comply with a legal obligation

Important limitations: We cannot delete your data if:

• We are required by law to retain it (e.g., Money Laundering Regulations require 5+ years retention)
• We need it to establish, exercise, or defend legal claims
• It is necessary for compliance with legal obligations

How to exercise: Submit a request to our DPO
Response time: Within 1 month

9.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations:

• You contest the accuracy of the data
• The processing is unlawful but you don’t want erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification of legitimate grounds

How to exercise: Contact our DPO
Response time: Within 1 month

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where:

• Processing is based on consent or contract performance
• Processing is carried out by automated means

How to exercise: Request a data export from our DPO
Response time: Within 1 month
Format: JSON, CSV, or PDF

9.6 Right to Object

You have the right to object to:

• Processing based on legitimate interests(including profiling) – we must stop unless we demonstrate compelling legitimate grounds
• Direct marketing(including profiling for marketing) – we must always stop
• Processing for research/statistics purposes– unless the processing is necessary for public interest reasons

How to exercise:

• Click “unsubscribe” in marketing emails
• Adjust preferences in your account settings

9.7 Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects, unless:

• It is necessary for contract performance
• Authorized by law
• Based on your explicit consent

Our use of automated decision-making: We use automated systems for:

• Fraud detection and risk scoring– to protect you and comply with regulations
• Transaction monitoring– for AML/CFT compliance
• Identity verification– to meet legal requirements

9.8 How to Exercise Your Rights

To exercise any of your rights, please:

1. Email our Data Protection Officer:Info@velocitytransfers.co.uk
2. Write to us at:Info@velocitytransfers.co.uk

We will need to verify your identity before processing your request, which may require:

• Government-issued photo ID
• Proof of address
• Account verification details

Response time: We aim to respond within 1 month of receiving a valid request. For complex requests, we may extend this by up to 2 additional months and will inform you of the delay and reasons.

Free of charge: Exercising your rights is generally free, unless requests are manifestly unfounded or excessive.

10. Security of Your Personal Information

We take the security of your personal data very seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, destruction, or alteration.

10.1 Security Measures

Technical Security:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2+ (Transport Layer Security)
• Data-at-rest encryption: Sensitive personal data and payment information stored in our databases are encrypted using AES-256 encryption
• Secure payment processing: Payment card data is processed by PCI-DSS Level 1 certified payment processors; we do not store full card details
• Firewalls and intrusion detection: Multi-layered network security with 24/7 monitoring
• Regular security testing: Penetration testing, vulnerability assessments, and security audits
• Secure development practices: Code reviews, security testing in development lifecycle
• Access controls: Role-based access controls (RBAC) with least privilege principle
• Multi-factor authentication (MFA):Required for employee access to systems containing personal data

Organizational Security:

• Staff training: Regular data protection and security awareness training for all employees
• Background checks: Vetting of employees with access to personal data
• Confidentiality agreements: All staff and contractors sign confidentiality and data protection clauses
• Incident response plan: Documented procedures for detecting, responding to, and reporting security incidents
• Business continuity planning: Backup and disaster recovery procedures
• Third-party management: Due diligence and contractual obligations for all service providers handling personal data
• Data Protection Impact Assessments (DPIAs):Conducted for high-risk processing activities

Physical Security (for office locations):

• Restricted access to premises with key card/biometric systems
• CCTV monitoring of sensitive areas
• Secure destruction of physical documents containing personal data
• Clean desk and screen lock policies

10.2 Your Security Responsibilities

You also play an important role in protecting your personal information:

• Keep your password secure and do not share it with anyone
• Use strong, unique passwords(minimum 12 characters with mix of letters, numbers, symbols)
• Enable two-factor authentication when available
• Log out after using our Services on shared devices
• Keep your contact information up to date so we can reach you about security matters
• Be vigilant against phishing– we will never ask for your password or full card details via email
• Report suspicious activity immediately to our customer support team
• Use secure networks– avoid using public Wi-Fi for financial transactions

If you suspect unauthorized access to your account, contact us immediately at Info@velocitytransfers.co.uk

11. Third-Party Links and Services

Our website and Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services.

Please note:

• We are not responsible for the privacy practices of third parties
• We encourage you to review the privacy policies of any third-party services you visit
• Clicking on third-party links is at your own risk

Third-party services we integrate with may include:

• Social media platforms (Facebook, Twitter, LinkedIn)
• Payment gateways and processors
• Identity verification providers
• Customer review platforms

When you interact with these third parties, they may collect information about you in accordance with their own privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs.

How we notify you of changes:

• Material changes: We will notify you by email and/or prominent notice on our website at least 30 days before the changes take effect
• Non-material changes: We will update the “Last Updated” date at the top of this policy

Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy.

13. How Can You Contact Us About This Policy?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

General Customer Support:
Email: Info@velocitytransfers.co.uk
Address: 306 (Third Floor), City Gate House, 246-250 Romford Road, London, E7 9HZ, UK

Response times:

• We aim to respond to all privacy-related inquiries within 5 business days
• For Subject Access Requests and other rights requests, we respond within 1 month(may be extended to 2 months for complex requests)

14. Glossary of Terms

UK GDPR: The UK General Data Protection Regulation, which governs data protection in the United Kingdom.

Personal Data: Any information relating to an identified or identifiable natural person.

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: An entity that processes personal data on behalf of a data controller.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Legitimate Interests: A legal basis for processing when necessary for our legitimate business interests, balanced against your rights.

Consent: Freely given, specific, informed, and unambiguous indication of your agreement to processing.

Data Subject: An individual whose personal data is processed (i.e., you).

IMTO: International Money Transfer Operator – a business that provides cross-border money transfer services.

KYC: Know Your Customer – identity verification procedures required by law.

AML/CFT: Anti-Money Laundering / Combating the Financing of Terrorism – regulatory requirements to prevent financial crime.

PEP: Politically Exposed Person – an individual who holds or has held a prominent public position.

SAR: Suspicious Activity Report – a report filed with the National Crime Agency when suspicious transactions are detected.

PCI-DSS: Payment Card Industry Data Security Standard – security standards for handling payment card information.

ICO: Information Commissioner’s Office – the UK’s independent authority for data protection and information rights.

FCA: Financial Conduct Authority – the regulatory body for financial services in the UK.

15. Your Acknowledgment

By using our Services, you acknowledge that:

• You have read and understood this Privacy Policy
• You agree to the collection, use, and sharing of your personal information as described
• You understand that we are required by law to process certain data for regulatory compliance
• You consent to the transfer of your information to other countries as necessary to provide our Services (where such consent is required)

For electronic marketing communications specifically, we will obtain your separate opt-in consent.

This Privacy Policy is effective as of September 2025 and applies to all users of Velocity Transfers UK Limited.

© [2025] Velocity Transfers UK Limited. All rights reserved.