Privacy Notice

Introduction

1. This is a notice to inform you of our policy relating to all the information that we record about you. It sets out the
conditions under which we may process any information that we collect from you, or that you provide to us. It
covers information that could identify you (“personal information”) and information that could not. In the context
of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.

2. We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website
and users of our money transfer services are entitled to know that their personal data will not be used for any
purpose unintended by them, and will not accidentally fall into the hands of a third party. We undertake to
preserve the confidentiality of all information which you provide to us.

3. This policy complies with the EU Data Protection Directive (95/46/EC), implemented as the General Data
Protection Regulation (GDPR), which came into force from May 2018. In the UK, the legal provisions of the GDPR
are incorporated in the Data Protection Act 2017, making it applicable after the UK leaves the European Union.

4. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our
website.

The bases on which we process information about you

The law requires us to determine under which of six defined bases we process different categories of your personal
information, and to notify you of the basis for each category. These are notified under Sections 1 to 3 of this Notice.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop
processing your data.

If the basis changes, then if required by law we shall notify you of the change and of any new basis under which
we have determined that we can continue to process your information.

1. Information we process because we have a contractual obligation with you
When you create an account on our website or otherwise agree to our Framework Terms and Conditions in order
to use our money transfer service, a contract is formed between you and us.
In order to carry out our obligations under that contract, we must process the information you give us. Some of
this information may be personal information.

We may use it in order to:

1.1. verify your identity for security purposes

1.2. provide you with our services
1.3. provide you with advice about our products, advice on how to use our services and to obtain the most
from using our website

We process this information on the basis that there is a contract between us, or that you have requested we use
the information before we enter into a legal contract.

Additionally, we may aggregate this information in a general way and use it to provide class information, for
example to monitor our performance in providing our payment services. If we use it for this purpose, you as an
individual will not be personally identifiable.

If you continue to use our services once you have agreed our Framework Terms & Conditions, we do not have to
seek your consent to use data about you because our contractual relationship is the legal basis for doing so. We
shall continue to process this information until the contract between us ends or is terminated by either party
under the terms of the contract.

2. Information we process with your consent

Through certain actions, when there is no contractual relationship between us (such as when you browse our
website or ask us to provide you with more information about our business, including our products and services),
you provide your consent to us to process information which may be personal information.
Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you
to agree to our use of cookies.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you
would reasonably expect us to reply.
Except where you have consented to our use of your information for a specific purpose, we do not use your
information in any way that would identify you personally. We may aggregate it in a general way and use it to
provide class information, for example to monitor performance in providing our services.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably
assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us at b2b@1mm.eu However, if you do so, you may not
be able to use our website or our services further.

3. Information we process because we have a legal obligation

As a financial institution we are subject to strict regulations governing the keeping of records, which require us to
maintain a record of you and your transactions. We are also subject to the general law, and sometimes we must
process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the
proper authorisation such as a search warrant or court order. This may include your personal information.

4. Information relating to your method of payment

We prefer that you pay in to your B2B account by bank transfer. If you do so by debit card, information about your
card is stored by our payment service provider SagePay; it is never transferred to us. Complete information about
your card is never taken by us or stored on our database.
The reason we do not keep all your payment information is so that we can protect it by:
4.1. preventing the possibility of our duplicating a transaction without a new instruction from you;
4.2. preventing any other third party from carrying out a transaction without your consent
If we ask you questions about your payment information, we only show the last four digits of the debit card
number, so that you can identify the means of payment to which we refer.

5. Your rights under data protection law

The law requires us to tell you about your rights and our obligations to you in regards to the processing and control
of your personal data. We briefly set out these rights here, but we would ask that you also read the information
provided at www.knowyourprivacyrights.org.
You have the right to request the erasure of your personal data unless we have reasonable grounds to refuse the
request. You have the right to request the correction of data inaccuracies; to make an access request for the
personal information we hold about you; to be provided with a copy of it electronically in a commonly used format;
and/or to request its transfer to another data controller.
You have the right to object to how your personal data is used, as described elsewhere in this Notice. You also have
the right to restrict the processing of your information, which you may wish to do (instead of your data being
erased) if, for example, it is no longer necessary for us to use it, or if you tell us that the data is incorrect. You have
the right not to be subject to a decision based solely on automated processing, including profiling, which
significantly affects you, unless we carry out such decision-making and profiling for legitimate and lawful reasons.
You also have the right to complain to the Information Commissioner’s Office (the ‘supervisory authority’ in the
UK for data protection law) about how your personal information is used.

Access to and removal of your own information

6. Access to your personal information

6.1. At any time you may review or update personally identifiable information that we hold about you, by
signing in to your account on our website.
6.2. To obtain a copy of any information that is not provided on our website, you may send us an access request
at b2b@1mm.eu
6.3. After receiving the request, we will tell you when we expect to provide you with the information, which
will normally be within one month from your request (or up to two month in the case of a complex
request). We will also tell you whether we require any fee for providing it to you.

7. Removal of your information

If you wish us to remove personally identifiable information from our website, you may contact us at
b2b@1mm.eu. This may limit the service we can provide to you.
We may refuse such a request if we have reason to believe it conflicts with our obligations under anti-money
laundering legislation or is otherwise made to frustrate law enforcement.

8. Verification of your information

When we receive any request to access, edit or delete personal identifiable information, we shall first take
reasonable steps to verify your identity before granting you access or otherwise taking any action. This is
important to safeguard your information.

9. Sending a message to our support team

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given
to us in order to reply with the information you need. We record your request and our reply in order to increase
the efficiency of our business.
We do not keep any personally identifiable information associated with your message, such as your name or email
address, unless we already have a contractual relationship with you as our customer.

10. Complaints

When we receive a complaint, we record all the information you have given to us. We use that information to
resolve your complaint.
We may also compile statistics showing information obtained from this source to assess the level of service we
provide, but not in a way that could identify you or any other person.

Use of information we collect through automated systems when you visit our website

11. Cookies
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any
website. They allow information gathered on one web page to be stored until it is needed for use on another,
allowing a website to provide you with a personalised experience and the website owner with statistics about how
you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last
indefinitely. Your web browser should allow you to delete any you choose. It also should allow you to prevent or
limit their use.
Our website uses cookies. They are placed by software that operates on our servers, and by software operated by
third parties whose services we use.

We ask for your consent to use cookies. If you choose not to use cookies or you prevent their use through your
browser settings, you will not be able to use all the functionality of our website.
We use cookies in the following ways:
11.1. to track how you use our website
11.2. to record whether you have seen specific messages we display on our website
11.3. to keep you signed in our site
11.4. to record your answers to surveys and questionnaires on our site while you complete them
We provide more information about the cookies we use in our cookie policy.

12. Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address,
length of visit and number of pages viewed. We also record information about the software you are using to browse
our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website, how we perform in
providing content to you, and to improve our website’s usability. We may also use it to detect fraud.
If combined with other information we know about you from previous visits, the data possibly could be used to
identify you personally, even if you are not signed in to our website.

13. Automated decision making and profiling

You have the right not to be subject to an automated decision, without
human intervention, based solely on the automated processing of your
personal data, including profiling, which produces legal effects concerning
you or similarly significantly affects you. Although such decisions are permitted
by data protection legislation if they are authorised by EU or national law which
applies to us (such as anti-money laundering laws), and if they are necessary for
entry into or performance of a contract, our decisions about you, including
profiling decisions, are not taken without human involvement. They
are always taken in compliance with legal requirements.

14. Disclosure of your information

We will not provide your personal information to any third parties (except a wholly owned subsidiary of One
Money Mail Ltd) for the purposes of direct marketing without your explicit permission. We may send you by email
or text message information which we may think will be of interest to you. We will only do this if you have explicitly
consented.
We do not have third party advertisers on our own websites, who use technology that automatically collects data
about you when advertisements are displayed (and over which we have no control). Accordingly, this Privacy

Notice governs One Money Mail Ltd trading as Sami Swoi Premium and its website only. We accept no liability for
the privacy policy of any other website to which ours may be linked, or the information practices of third parties.
In addition to the disclosure reasonably necessary for the purposes explained in this Notice, we may disclose
information about you:
14.1. to the extent that we are required to do so by law;
14.2. in connection with any current or prospective legal proceedings;
14.3. in order to establish, exercise or defend our legal rights or obligations (including the provision of
information to assist in the prevention of fraud and money laundering or the reduction of credit risk);
14.4. to give effect to, administer or enforce a money transfer requested by you.

15. Credit reference

To assist in combating fraud, we may collect and store information about you from third party sources such as
government agencies, credit rating agencies and other providers of public information, in order to verify your
identity and the information you supply to us.

16. Data may be processed outside the European Union

Our website is hosted in Poland.
We may also use outsourced services in countries outside the European Union from time to time in other aspects
of our business.
Accordingly data obtained within the UK or any other country could be processed outside the European Union.
For example, some of the software our website uses may have been developed in the United States of America. For
this reason we ensure that our contracts with data processors include transfer clauses in line with the data
protection requirements of the GDPR.
Other matters

17. Use of site by children

We do not provide our services to children, nor do we market to children. You may use our money transfer services
only if you are 18 or over.

18. Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt all the
information which you provide to us.
Whenever information is transferred between us, you can check that it is done using SSL by looking for a closed
padlock symbol or other trust mark in your browser’s URL bar or toolbar.

We take all reasonable precautions to prevent the misuse, loss, destruction or alteration of your personal
information, or the unlawful processing of it. You should ensure that you keep secret the security information
which we provide to you, and take all reasonable precautions to prevent its unauthorised or fraudulent use.

19. How you can complain

19.1. If you are not happy with our privacy policy or if you have any complaint then you should tell us by
email. Our address is b2b@1mm.eu.
19.2 If you are in any way dissatisfied about how we process your personal information, you have a right to
lodge a complaint with the Information Commissioner’s Office. This can be done at
https://ico.org.uk/concerns/

20. Retention period for personal data

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as
required by us:
20.1. to provide you with the services you have requested;
20.2. to comply with other law, including the retention period required by the Payment Services Regulations
2017 and by the UK tax authorities;
20.3. to support a claim or defence in court.

21. Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted
here on our website on the day you use our website. We advise you to print a copy for your records.
If you have any question regarding our privacy policy, please contact us.