Terms & Policies
GlobalGlobal Privacy Policy
Last updated: 26 February 2026
For California residents, go here.
Thank you for using Airwallex!
Airwallex is a global payments and financial platform company for modern businesses. We provide a broad range of financial services including payments, treasury, spend management and embedded finance to global businesses of all sizes. It is important that you are well informed as to how we process your personal information. This Privacy Policy (the “Policy”) describes the personal data (sometimes also referred to as personal information) we collect as a data controller from you and how that information is used and shared by us. It also includes details about the choices we offer you in relation to your information. Please review it carefully.
Here is a summary of the information contained in this Policy (although it is not a substitute for reading the full Policy). We have included hyperlinks to help you jump to the relevant sections with more detail.
What does this Policy apply to? | This Policy applies to any user of products, services, technologies or functionalities offered by us anywhere in the world (and, when such user is a business entity, to any individual who is the owner of, or who acts on behalf of, such user), and to any visitor to our website, mobile app, or other channel whose personal data we process. Personal data is any information that is related to an identified or identifiable natural person. The definition under applicable laws is broad, and can include information that could be used indirectly and/or with other information to identify an individual – such as device identifiers or IP address. Examples of personal data include your name, email address, ID document information, bank account number, credit card details, telephone number, transaction information or home address. | |
Who is the data controller? | “We” or “us” in this Policy refers to Airwallex. The data controller of your personal information varies by your location: Australia Airwallex Pty Ltd, Airwallex SVF Pty Ltd, and/or Airwallex Capital Pty Ltd (depending on the Services provided) Brazil Airwallex (Brasil) Ltda. Canada Airwallex (Canada) International Payments Limited EEA/Switzerland Airwallex (Netherlands) B.V., or Airwallex Capital (Netherlands) B.V., or Airwallex Digital (NL) B.V., or Airwallex Lithuania UAB (depending on the Services provided) Indonesia PT Skype Sab Indonesia Israel Airwallex (Israel) Ltd Malaysia Airwallex (Malaysia) Sdn Bhd Mexico MexPago Transacciones, S.A.P.I. de C.V., Institución de Fondos de Pago Electrónico New Zealand Airwallex (New Zealand) Limited Singapore Airwallex (Singapore) Pte Ltd, Airwallex Capital (Singapore) Pte Ltd, or Airwallex Digital (SG) Pte. Ltd. (depending on the Services provided) United Arab Emirates Airwallex Middle East Innovation In Financial Solutions - L.L.C - O.P.C UK Airwallex (UK) Limited; Airwallex Capital (UK) Limited (depending on the Services provided) United States Airwallex US, LLC, Airwallex Digital (US) LLC; Airwallex Capital US, T0 Finance LLC (depending on the services provided) Vietnam Payment Telecom Informatics Post A Member Of Company Limited. | |
What types of information do we collect and why? | When you set up an account to use our Services, we require information (such as your name, address, government-issued ID, tax identifier, business information) to set this up. We also process certain identity information when we undertake our KYC/AML process. We will process information in connection with transactions (including payment information and the beneficiary of payment). Our Services also process network, device and usage information in order to maintain the integrity of our systems. You can read more about what personal information we process and why below. | |
How is your information shared? | Our affiliates and select third parties support the operation of the Services and will necessarily receive and/or transfer personal information in order to facilitate the Services and services provided by third parties at your request and/or with your consent where legally required. If a third party is engaged to support the Services, this is solely for the purpose of the Services and we require that the third party comply with appropriate safeguards to protect personal information. Services supported and/or provided by third parties may include support services, effecting transactions, account information services, payment initiation services, cloud services, analytics, market research, fraud detection, Business Customers’ services and other functions in connection with the Services. We also have affiliates around the world who help us deliver the Services and we may be required by a court or legal obligation to disclose certain information in some circumstances. You can read more about how we share your personal information below. | |
Where do we store your information? | Where we store your information depends on your location and associated applicable laws. We primarily host personal information in Singapore, Belgium, the Netherlands, Japan, Australia, Malaysia, and the United States. As a global business, we may also transfer or process personal information in countries outside your country of incorporation, business operations, or residence, to where our affiliates, select third parties, Ecosystem and Financial Partners and service providers are located. Any cross-border data transfers or processing is done in compliance with applicable law, as described in Section 5 below. | |
How long do we retain information for? | We retain personal information for so long as it is required to fulfil the purpose for which it was collected, unless we are subject to legal or regulatory obligations to retain such information. | |
What rights do I have regarding the processing of my information by Airwallex? | Depending on where you are located, you may have certain rights with respect to your personal information, such as rights of access, to receive a copy of your information, or to delete your information or restrict or object to our processing of your information. You can read more about your rights below. | |
How can I contact Airwallex? | If you have questions or concerns about this Policy or a specific request related to your personal information, please contact us at [email protected]. | |
How will we notify you of changes to this Policy? | We reserve the right to make changes to this Policy at any time by posting a revised version to our Site and updating the “Last Updated” date at the top of this Policy. | |
Are there specific terms that apply to certain countries? | Yes. You can read more about the specific processing activities for certain jurisdictions in the Jurisdiction-Specific Addenda below. |
1. SCOPE OF POLICY
This Policy applies to you when you use or interact with our Services anywhere in the world, or our website, mobile app, or other channel (collectively, “Sites”) when we act as a data controller. “Services” means any products, services, technologies or functionalities offered by Airwallex. The Services we offer may vary by region.
Depending on the context, “you” may mean any of the End User, Business Customer, Representative or Visitor.
End User: an end user (individual) who uses our Service or receives the benefits of our Services, regardless of whether the End User uses or receives our Services for personal use or otherwise. We may also collect an End User’s personal information when provided by the Business Customer.
Representative: individual who is the owner (including the ultimate beneficial owner) of, or who acts on behalf of a Business Customer (e.g. employee, director or officer of Business Customer who has authority for managing Business Customer’s account with us).
Visitor: a visitor (individual) to our Sites or who otherwise communicates with us (e.g. if you send us a query on our Support Page) without being logged into an Airwallex account.
Business Customer: a business entity who we provide Services to, whether directly or indirectly, or do business with and such Business Customer will provide us with an End User’s personal information in connection with Business Customer and that End User’s respective activities. When you (as an End User or Representative) interact with a Business Customer, your personal information will be collected, retained, shared and/or stored by the Business Customer in accordance with their own privacy policies and not this Policy. Where Airwallex acts as the Business Customer’s processor, the Business Customer’s privacy policy applies to end user personal information in that processor context and not this Policy.
2. DATA CONTROLLER
As used in this Policy, “we,” “us” “our” and “Airwallex” refers to the Airwallex group company that acts as the data controller with respect to your information. The data controller responsible for your information under this Policy varies depending on your country of residence and/or the entity used to enter into an agreement with Airwallex to provide services to you.
Controller and Processor Roles
Airwallex acts in different roles depending on the context of the Services. When we provide and improve our Services, administer the Airwallex Platform, protect the security and integrity of our systems, communicate with you, manage risk and fraud, meet tax, reporting, and other regulatory obligations, or otherwise comply with Applicable Law, we act as an independent data controller of your personal information. Please see our Global Privacy Centre for more information.
When we process personal information strictly on documented instructions from a Business Customer in connection with that customer’s use of our Services, we act as that Business Customer’s processor. In those processor contexts, the Business Customer’s privacy policy—not this Policy—governs the collection and use of end‑user personal information, and the Business Customer is responsible for providing appropriate privacy notices and obtaining any required consents. This Policy continues to apply to Airwallex’s own controller‑level processing, including for service administration, security, compliance, and platform operations.
Country of Residence | Data Controller(s) | Address |
Australia | Airwallex Pty Ltd (for payment and other financial services); Airwallex SVF Pty Ltd (for stored value services); and Airwallex Capital Pty Ltd (for investment management services) | Level 7, 15 William Street, Melbourne, VIC 3000, Australia |
Brazil | Airwallex (Brasil) Ltda | Avenida Brigadeiro Luís Antônio, 300, 100 andar, conjunto 104, parte, Bela Vista, Brazil |
United States | Airwallex US, LLC Airwallex Digital (US) LLC Airwallex Capital US (for investment services) T0 Finance LLC | 188 Spear Street, 9th Floor, San Francisco, CA 94105, USA |
UK | Airwallex (UK) Limited
Airwallex Capital (UK) Limited (for investment services) | Wells and More, 45 Mortimer St, London, United Kingdom, W1W 8HJ |
EEA or Switzerland | Airwallex (Netherlands) B.V. Airwallex Capital (Netherlands) B.V. (for investment services) Airwallex Lithuania UAB | Rivvia, Keizersgracht 127, 1015 CJ Amsterdam, Netherlands Konstitucijos ave. 21B, Vilnius, the Republic of Lithuania |
Malaysia | Airwallex (Malaysia) Sdn Bhd | WeWork Mercu 2, Level 40, No.3 Jalan Bangsar, KL Eco City 59200, Kuala Lumpur, Malaysia |
New Zealand | Airwallex (New Zealand) Limited | c/- CSNZ, Level 5, 79 Queen Street, Auckland 1010, New Zealand |
Singapore | Airwallex (Singapore) Pte Ltd Airwallex Capital (Singapore) Pte Ltd (discretionary portfolio management service) | #20-01, Guoco Tower, 1 Wallich Street, Singapore 078881 36 Robinson Road, #20-01, City House, Singapore 068877 |
Canada | Airwallex (Canada) International Payments Limited | Suite 2600, Three Bentall Centre, 595 Burrard Street, Vancouver, BC Canada, V7X 1L3. |
Israel | Airwallex (Israel) Ltd | Derech Menachem Begin 132, Tel Aviv-Yafo, Israel 6701101 |
Indonesia | PT Skype Sab Indonesia | PT Skye Sab Indonesia, 73A Mampang Prapatan Raya Street, Tegal Parang, Mampang Prapatan, South Jakarta 12790 |
Mexico | MexPago Transacciones, S.A.P.I. de C.V., Institución de Fondos de Pago Electrónico | Bosque de Duraznos 65, 602B, Bosques de las Lomas, Miguel Hidalgo, Ciudad de Mexico, 117000 |
UAE | Airwallex Middle East Innovation In Financial Solutions - L.L.C - O.P.C | Silver Castle Building, Mussafah, M33, Plot 67, Office 5, Abu Dhabi, United Arab Emirates) |
Vietnam | Payment Telecom Informatics Post A Member Of Company Limited | No. 04-117, Lim Tower 3, 29A Nguyen Dinh Chieu, Sai Gon Ward, Ho Chi Minh City, Vietnam |
3. THE TYPES OF PERSONAL INFORMATION WE USE
“Personal information” or “personal data” means any information that identifies you (whether directly or indirectly), such as your name, address, telephone number, email address, date of birth, payment card information, bank account information and any other data that is associated with your identity. The specific categories of personal information which we process are listed in the section “How We Use Your Personal Information” below. This section describes the different types of personal information we collect from you and how we process it.
A. INFORMATION YOU PROVIDE DIRECTLY TO US
Account and Profile Information, Events participation, Newsletter or Content subscription: To use our Services or attend an event or receive content we publish, you must provide certain personal information to us, including contact details and other information required to establish an account profile, identity verification information, financial information and information regarding beneficiaries of payments. This information is necessary for us to perform the contracted services and also to allow us to comply with our legal obligations. If you are not able or willing to provide this information, we may not be able to provide you with all the requested Services.
Survey, feedback, and promotions: Some information you provide to us is voluntarily provided by you and not mandatory for using our Services. Examples of such information include your opting to respond to our surveys, provide feedback to us about our products and Services, participate in promotions or contests or otherwise communicate with us. This information allows us to provide incentives or additional features to you, evaluate our performance and to create a better user experience for you when using the Airwallex platform. This additional information will be processed based on our reasonable discretion or when applicable, your consent.
B. INFORMATION AUTOMATICALLY COLLECTED FROM YOUR USE OF SERVICES
We automatically collect certain data from you when you use the Services or visit any of our Sites (such as to prevent fraud or misuse, or to understand your use of and improve our Services). This includes:
transaction data, beneficiary information, card related information;
usage data;
information about the devices you use to access the Services;
call recordings;
log data; and
location information.
C. INFORMATION COLLECTED FROM THIRD PARTIES
We may also obtain information about you from external sources, including information obtained from our ecosystem and financial partners, payment service providers, service providers, credit bureaus, credit reference agencies or other providers of credit information, financial institutions, debt collection agencies, companies and other official registers and databases, fraud prevention agencies and partners, community forums used to post ratings or reviews, Airwallex business partners or Business Customers through which you access our Services, or other sources of public records. The collection and sharing of such personal information with Airwallex is also explained in such third parties’ own respective privacy policies. We may combine information collected from third parties with information we collect from you directly through the Airwallex platform.
Regardless of the method of collection, the information we obtain from or about you is subject, at all times, to the privacy choices or rights exercised by you.
D. COOKIES
We use cookies and similar technologies (i.e. web beacons, pixels, ad tags and device identifiers) to recognize you and to customize your online experience. To learn more about cookies and the other tracking technologies we may utilize, please refer to our Cookie Policy, which includes a comprehensive overview of cookies and provides further details about how we use cookies and how to control our use of cookies.
4. HOW WE USE YOUR PERSONAL INFORMATION
This section provides more detail on the types of personal information we collect from you, and why. For users who are resident in the United Kingdom, the European Economic Area or Switzerland (each a “Relevant Jurisdiction”), it also identifies the legal basis under which we process your personal information.
Personal Information | Use | Legal Basis (only relevant if you are located in a Relevant Jurisdiction or in other jurisdictions which require us to identify the legal basis for each processing) | |
Account and Profile Information (End User, and/or Representative only) | Personal identifiers such as your name, residential address, email address, phone number, date of birth, social security number, driver’s license number, passport number, tax identification number, username in combination with your password to access your online account, or other similar identifiers. | To provide the Services, e.g. to create a User Profile and associated permissions and authorisations to that User Profile; to process instructions from you payments and the use of our products; to provide customer support; to enable you to access and use the Airwallex products and platform; and to evaluate your application to use the Services. To prevent fraud, misuse or breaches of the Acceptable Use Policy, e.g. to verify your identity or authenticate your right to access an account or other information; to manage risk, fraud and abuse of the Services and Sites; and to conduct manual or system monitoring to protect against fraud and other harmful activity. To communicate with you, e.g. to respond to your inquiries and support requests; to help you explore and learn about our features, capabilities and products; to send you service updates and notices, security alerts and other administrative messages; to provide information related to your transactions including confirmations, receipts and tracking notices; and send you our newsletter or other content, or to send you marketing and promotional messages and offers. | Necessary to perform our contract with you to provide the Services and to send you communications related to your use of the Services. Consent to send you promotional or marketing communications (depending on your jurisdiction and our existing relationship with you). It is our legal obligation and in our legitimate interests to prevent fraud misuse, or breaches of the Acceptable Use Policy. |
Demographic Data (End User and/or Representative only) | We may also collect demographic data about you including your employment history, education, income and other similar information. | To develop new products or enhance existing products and Services. To monitor and analyze trends, usage and other user activities on our Sites to optimize user experience. | It is in our legitimate interests to use this information to improve our Services and Sites. |
Identity Verification Data (End User and/or Representative only) | To comply with laws and regulations, we may collect copies of your government-issued identification document. Name, date of birth, identification document (including passport, driver’s licence or national ID card), address proof, tax residency information or other authentication information, all of which may include photographs of you. To validate your identity, we may also conduct a liveness check (for example by making a selfie). To the extent required or permitted by applicable law, we may obtain reports about you from public records. In order to obtain such reports, we may use information or personal information you provide to us. | To fulfil our legal obligations. To provide the Services, e.g.: to create your account for the Services in accordance with your request; and to verify your identity or authenticate your right to access an account or other information. To prevent fraud, or misuse or breaches of the Acceptable Use Policy, e.g. to verify your identity or authenticate your right to access an account or other information; to manage risk, fraud and abuse of our Services and Sites; and to conduct manual or system monitoring to protect against fraud and other harmful activity. | Necessary to satisfy our legal obligations under applicable law to provide our Services. It is our legal obligation and in our legitimate interests to prevent fraud, misuse or breaches of the Acceptable Use Policy. |
Transaction Data (End User and/or Representative only) | We may collect financial information such as bank account details (account number, routing number), credit or debit card numbers, billing address, shipping address, payment method information, merchant, location, transaction amount, date of transaction or tax information. | To provide the Services, including to process payments from and to the Business Customer’s account or the End User account, to process payment transactions from buyers or the users of any Airwallex card products. To fulfil our legal and regulatory reporting obligations. | Necessary to perform our contract with you to provide the Services. Necessary to satisfy our legal and regulatory reporting obligations under applicable law. |
Beneficiary Information (End User and/or Representative only) | We may collect information about the parties to the transaction, the designated recipient (including the recipient’s bank account information), the source of the funds, the reason for the transaction, the devices and payment methods used to complete transactions. | To provide the Services, e.g. to process payments from and to the Business Customer or End User account. To prevent fraud, misuse or breaches of the Acceptable Use Policy, e.g. to verify your identity or authenticate your right to access an account or other information; to manage risk, fraud and abuse of the Services and Sites; and to conduct manual or system monitoring to protect against fraud and other harmful activity. | Necessary to perform our contract with you to provide the Services. It is our legal obligation and in our legitimate interests to prevent fraud, misuse or breaches of the Acceptable Use Policy. |
Card Related Information (End User only) | Card numbers and details | To provide the Services, e.g. to process payments made by the card; to issue cards and process their transactions as part of the Services; to validate the authenticity of the transaction; and to prevent fraud. | Necessary to perform our contract with you to provide the Services and to fulfil our legal obligations. |
Log Data (End User and/or Representative only) | When you access the Services, we collect server logs which may include information such as access times and dates, pages viewed and other system activity, including the third-party site you were using before accessing our Services. | To provide the Services. To prevent fraud, misuse or breaches of the Acceptable Use Policy and improve our Services. To understand your use of and improve the Services. | Necessary to perform our contract with you to provide the Services. It is our legal obligation and in our legitimate interests to prevent fraud, misuse or breaches of the Acceptable Use Policy and improve the Services. |
Device Information (End User and/or Representative only) | We may obtain information about the devices you use to access the Services including: the device type, operating systems and versions, the device manufacturer and model, preferred languages, and plugins. | To provide the Services. To prevent fraud, or misuse or breaches of the Acceptable Use Policy and improve the Services. To understand your use of and improve the Services. | Necessary to perform our contract with you to provide the Services, and it is our legal obligation and in our legitimate interests to prevent fraud, misuse or breaches of the Acceptable Use Policy and improve the Services. |
Usage Information | We collect information about how you interact or engage with the Sites and how you use the Services including your user preferences and other settings selected by you. This information may be collected if you visit our Sites and regardless of whether or not you establish an account with us or conduct a transaction. In some cases, we do this by utilizing cookies, pixel tags and similar technologies. Please see further details about cookies and other tracking technologies in our Cookie Policy. | To provide the Services. To evaluate your satisfaction with our Services, platform and features. To develop new products or enhance existing products and services. To monitor and analyse trends, usage and other user activities on our Sites to optimize user experience and to improve the Services. | Necessary to perform our contract with you to provide the Services. It is in our legitimate interests to protect the integrity of the Services and improve our operations. |
Location Information (End User and/or Representative only) | When you use certain features of the Services, we may collect information about your precise or approximate location as determined by data such as your IP address or mobile device GPS. Most mobile devices allow you to control or disable the use of geolocation services for applications by changing preferences on your mobile device. | To provide the Services. To enable you to access and use the Airwallex platform. To manage risk, fraud and abuse of our Services and Sites or breaches of the Acceptable Use Policy. To conduct manual or system monitoring to protect against fraud and other harmful activity. | Necessary to perform our contract with you to provide the Services. It is our legal obligation and in our legitimate interests to prevent fraud, misuse or breaches of the Acceptable Use Policy. |
Communications Data | Information related to your interactions and communications with us, which may include email messages, chat sessions, text messages, and phone calls that we exchange with you. | To respond to your inquiries and customer support requests. To send you technical notices, updates, security alerts and other administrative messages. To provide information related to your transactions including confirmations, receipts and tracking notices. | Necessary to perform our contract with you to provide the Services. |
Call Recordings | Voice recordings of you captured when you contact us or if we contact you, including interactions with our customer service or sales teams. | To respond to your inquiries and customer support requests. | Necessary to perform our contract with you to provide the Services. |
Various other Information | Any information you may provide us when you respond to surveys. | To run the survey and analyse the results for our internal business purposes. | We collect this information with your consent. |
Any information you may provide us when you participate in contests. | To facilitate promotional contests that you choose to participate in. | We collect this information with your consent. | |
Any information you may provide us when you participate in promotions or request to receive promotional information. | To deliver promotional offers, incentives, and targeted marketing in accordance with your preferences (as permitted by applicable law). To provide invitations and information about events or events held by our partners. | We collect this information with your consent. |
5. TRANSFERS AND STORAGE
Where we store your data depends on where you are located – e.g. your country of incorporation, business operations or residence. We primarily host personal information in Singapore, Belgium, the Netherlands, Japan, Australia, Malaysia, and the United States, depending on your location. As a global business we may also transfer or process personal information in countries outside your country of incorporation, business operations or residence, and where our affiliates, third parties, Ecosystem and Financial Partners and service providers are located. These countries may have data protection rules that are different from your country, but the privacy requirements of your jurisdiction remain in effect regardless of cross-border data transfers. In certain situations, we may be required to disclose your personal information pursuant to lawful requests from local law enforcement or government authorities. Airwallex implements appropriate measures and safeguards to protect your personal information to meet applicable data protection and national security requirements, as well as the standards described in this Policy, including the use of mandated Standard Contractual Clauses (for the European Union) and International Data Transfer Agreement (for the United Kingdom) or any equivalent standard contracts issued by relevant authorities into its agreements (where applicable) and/or adopting alternative measures required for the lawful transfer of personal information in accordance with applicable data protection law.
We restrict transfers of personal data to certain jurisdictions in accordance with applicable law.
6. INFORMATION SHARING AND DISCLOSURE
Only where necessary will we share your personal information with third parties or corporate affiliates. Situations where this occurs are:
Third Party | Purpose |
Third party service providers | We engage a variety of service providers (who in general act as data processors (where we are data controller) or sub-processors (where we are a processor) to enable us to provide our Services to Business Customers, and, indirectly, to you. For example, service providers may be used to: facilitate payment processing, support technology or infrastructure, cloud storage, conduct market research, marketing analytics, detect fraud, verify identity and perform audits or other functions. We will share your personal information with such service providers only to the extent necessary to allow the performance of their intended engagement. All service providers and business partners that receive your personal information are contractually bound to protect and use your information only in accordance with this Policy. |
Our corporate affiliates | To facilitate or support us in providing the Services to you, we may share your personal information within the Airwallex group of companies. All Airwallex group companies may only use your personal information in accordance with the relevant Intra-Group contracts governing such processing and for the purposes set out in this Policy. |
Financial and Ecosystem Partners | The Services may be offered to you (as an End User, Business Customer or Representative) in conjunction with or facilitated by other financial institutions, other payment institutions or other ecosystem partners (such as a provider of accounting or treasury management services or a marketplace payment service provider programmes). In respect of Financial or other payment institutions, such transfers and disclosures are necessary in order to provide the Airwallex services to you. In respect of Ecosystem Partners, such disclosures and transfers will be made in the manner you authorised or requested, or described to you (to enable use by you of such Ecosystem and Financial partners’ products and services) at the time you authorised or requested such disclosures. When you allow or authorise such third party provider, plugins, widgets, and/or website to access your Airwallex Account or to receive your personal information, this will constitute a request and/ or authorisation. |
In respect of Connected Account holders, the Platform (or any Platform partners) | For the Airwallex for Platforms solution, personal information relating to the Connected Account will be transferred to the Platform (or the Platform partners) [to allow the Connected Account to consume the Airwallex services via the Platforms’ (or Platforms’ partner’s) website or mobile app.] The Platform (and/or Platform partner) is an independent data controller of the personal information it processes in relation to the Connected Account holder. |
Commercial Partners | We may also refer you to services provided by our Commercial Partners (as an End User, Business Customer or Representative). Such Commercial Partners provide services under their own licences or authorisations, will have direct contracts with you and may be independent data controllers of the data you provide to them or data generated from your use of their services. Airwallex has no responsibility for any Commercial Partner services. Any data that may need to be transferred to such Commercial Partners from us will be done with your consent or as requested by you. |
Regulatory Authorities: regulators, judicial authorities and law enforcement agencies, tax authorities, and other third parties for safety, security, or compliance with the law. | There are circumstances in which we are legally required to disclose information about you to authorities (e.g. regulators, judicial authorities, courts, law enforcement agencies, tax authorities, and other public / government authorities both domestic and international), such as to comply with a legal obligation or processes, enforce our terms, address issues relating to security or fraud, or to protect our users. These disclosures may be made with or without your consent, and with or without notice, subject to and in compliance with the terms of valid legal process, including but not limited to regulatory queries or requests, subpoenas, court orders, or search warrants. We are usually prohibited from notifying you of any such disclosures by the terms of the legal process. We may also disclose your information to: enforce our Master Services Agreement entered into with the Business Customer or End User, or our online terms and conditions accepted by the Business Customer or End User or other applicable agreements or policies, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; protect our rights, property, privacy, or security, or that of others, as permitted by law; or comply with relevant law, legal process or governmental requests or orders. |
Social Media Platforms | Social media networks such as Facebook, Twitter, Pinterest, and Instagram that offer functionalities, plugins, widgets, or tools in connection with our corporate website or mobile application. If you as a Visitor choose to use these functionalities, plugins, widgets, or tools, certain information may be shared with or collected by those social media companies — for more information about what information is shared or collected, and how it is used, see the applicable social media company's privacy policy. |
Potential Acquirers of our Business | If we are the subject of or are involved in any corporate merger, acquisition, consolidation, reorganization, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with bankruptcy or similar proceedings), we may share data with third parties during negotiations. In the event your personal information becomes subject to a different privacy policy, we will make reasonable efforts to notify you beforehand. We also may need to disclose information to a third party in connection with a commercial transaction where we or any of our affiliates are seeking financing, investment or funding. |
Other Authorized Parties | If you request (as part of the Services provided to you) or provide your consent, we may share your information including your personal information with a third party not defined in this Policy. |
A list of Airwallex’s third party processors and sub-processors can be found here.
7. DATA RETENTION
We will retain your personal information for the period of time required to comply with applicable law, for fulfilling any ongoing obligations to you or, where necessary and consistent with applicable law, for our internal business purposes.
We may retain your personal information even after you close your Airwallex account or request deletion of your personal information. Examples of such cases include:
To process any transactions booked prior to closure or deactivation of an account.
To comply with anti-money laundering regulations or other laws and rules.
To detect or prevent fraud and other loss prevention activities.
To comply with legal process orders or law enforcement requests.
To collect any fees or other outstanding amount owed and payable to us by you.
To comply with our tax, accounting, and financial and regulatory reporting obligations.
Where required by our contractual commitments to our ecosystem or financial partners.
To resolve any disputes or enforce our User Agreement or other applicable agreements or policies.
To take any other action or exercise any other right in accordance with applicable law.
When a relevant retention period has passed, Airwallex will destroy personal information or, where applicable, sufficiently anonymize the personal information.
8. YOUR RIGHTS AND CHOICES
You have certain rights relating to your personal information. The ability and extent to which you may exercise these rights vary depending on your location. Only an individual may raise data subject rights to us, and only information about that individual (and not other individuals or businesses) will be provided in response in accordance with applicable law.
The following rights (described in detail below) apply to users in a Relevant Jurisdiction (United Kingdom, European Economic Area and Switzerland).
If you are located outside of a Relevant Jurisdiction, please review the section on Jurisdiction- Specific Rights for more information about the privacy rights afforded to you in your country or state of residence. To exercise any of your rights, please contact us at [email protected].
A. ACCESS, CORRECTION, ERASURE
You may access, correct or erase information you provided to us at any time by logging into your Airwallex account and taking required actions (where possible) or you can reach out to us for access, correction or deletion of your personal data There may be circumstances which preclude us from providing access to some or all of your information, for example where the information contains references to personal information about an individual other than you or the information is subject to legal or proprietary protections. Please also note that as a financial institution, we are subject to statutory retention periods. Therefore we cannot always erase (all of) your personal data upon request.
B. PORTABILITY
You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transfer it to another party (e.g. a third party service provider or an ecosystem or financial partner), with certain exceptions. .This comprises any personal information we process on the basis of your consent (e.g., survey information) or pursuant to our contract with you (e.g., transaction data). We will provide further information to you about this if you make such a request.
C. RESTRICTION OF PROCESSING
You may have a right to require us to stop processing the personal information we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or for another’s protection). When we agree to stop processing the personal information, we will try to tell any third party to whom we have disclosed the relevant personal information so that they can stop processing it too.
D. OBJECTION
To the extent provided by applicable laws and regulations, you may object to certain processing activities where we rely on the legal grounds of legitimate interest or the performance of a task carried out in the public interest.
DEVICE & MARKETING
Device Permissions
Most mobile devices allow you to disable the use of location services, or revoke consent to applications to access your camera and photo library or send you push notifications information. Please refer to your device settings to restrict collection of certain information.
Notifications
We may from time to time send you notifications when we consider it necessary to do so (for example, when we temporarily suspend access to the Services for maintenance, or security, privacy or administrative-related communications). You may not opt-out of these service-related notifications, which are not promotional in nature.
Marketing Opt-Out
As described in section 4, we only send you promotional communications with your consent. You can opt out of receiving such promotional communications from us by following the instructions included in those messages or by logging into your Airwallex account and changing your preferences. Please note that if you opt out of marketing-related emails from us, we will continue to send you non-promotional messages that are required to provide our Services, such as transactional receipts and messages about your account or our relationship with you.
9. ADVERTISING AND ANALYTICS
We may partner with third parties to display advertisements to you on websites you visit. These third-party partners use cookies and other technologies to gather information about your activities on our Sites as well as other sites you visit in order to serve you advertising based upon your browsing history and interests. To learn more about behavioral advertising and online tracking, visit the Network Advertising Initiative. This website also provides information about how to opt out of interest-based online advertising delivered by member companies. You can learn more about Google’s practices here. For more information about the cookies that may be served through use of our services, please refer to our Cookie Policy.
10. SECURITY
We implement and update technical and physical security measures to safeguard your personal information against loss, misuse or unauthorized access, use of disclosure on an ongoing basis. Safeguards used to protect your information include firewalls, data encryption, and access controls. Please keep in mind that the transmission of information over the Internet is never 100% secure and no data storage system can be guaranteed safe. Although we will do our best to protect your personal information, we cannot warrant the security of data transmitted to our Sites; any transmission is at your own risk. We encourage you to understand the integral role you play in keeping your own personal information secure and confidential. Please select passwords that are sufficiently complex and always keep our log-in details secure. If you suspect any unauthorized use or access to your account or information, please contact [email protected] immediately.
11. CHILDREN’S PRIVACY
The Sites and Services are not intended for or directed at children. By children we mean users under the age of 16 or in the case of a country where the minimum age for processing personal information differs, such different age.
We do not knowingly collect any information from children. If we obtain actual knowledge that we have collected personal information from a child, we will immediately delete it (unless we are legally obligated to retain such information). Please contact us if you believe that we inadvertently collected information from any child.
12. THIRD PARTY LINKS AND SERVICES
The Sites may include links to third party websites or services, such as third-party integrations, co-branded services, or third-party branded services (“Third-Party Sites”). Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not own or control these third-party websites and when you engage with these Third-Party Sites, you may be providing information directly to the Third-Party Site, Airwallex, or both. Third-Party Sites will have their own policies about the collection, use and disclosure of your personal information. Please review those policies for more information.
13. USE OF ARTIFICIAL INTELLIGENCE AND AUTOMATED TECHNOLOGIES
We continuously explore ways to make our Services more efficient, secure, and reliable, and to meet our legal and regulatory obligations globally. This includes the responsible use of artificial intelligence (“AI”) and machine learning (“ML”) technologies, which may process your personal data. We may also process personal data to develop or improve our AI or ML technologies as described in section 4 of this Policy in accordance with applicable law and internal standards.
Before deploying AI or ML technologies, we assess whether their use is necessary and appropriate for the intended purpose, and whether it aligns with applicable laws, regulatory expectations and our internal standards. We also consider ethical, security, and reliability aspects to ensure that the use of such technologies is responsible and proportionate.
We may use AI or ML technologies to support operational efficiency, risk management, fraud prevention, compliance processes, customer support, and product improvement. For example, AI-enabled applications may be used to assist with summarising customer interactions, improving internal workflows, or streamlining risk assessments. We may also make AI tools available for use by you on our Platform, in accordance with applicable terms.
We do not use AI systems to make solely automated decisions that produce legal or similarly significant effects on individuals unless permitted by applicable laws, your consent (where required), and supported by appropriate safeguards.
14. UPDATES TO THIS POLICY
We reserve the right to make changes to this Policy at any time by posting an updated version to our Site and updating the “Last Updated” date at the top of this Policy. To the extent permitted by applicable law, your continued use of our services after such notice or posting constitutes your consent to our revisions of this Policy. If you disagree with any of our changes, you may deactivate your account with us at any time.
15. CONTACT
If you want to reach out to our Data Protection Officer, please contact [email protected].
If you have questions or concerns about this Policy or wish to make an inquiry regarding how we process your personal information, please contact us at [email protected] and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection authority in the country in which you live or work where you think we have infringed data protection laws.
You have the right to lodge a complaint with the competent supervisory authority in your country or your EU Member State of residence, place of work, or where the alleged infringement occurred.
16. LANGUAGE
Except as otherwise set out by law, in the event of any inconsistency between the English version and local language version of this Policy (where applicable), the English version shall prevail.
JURISDICTION-SPECIFIC RIGHTS
Some jurisdictions’ laws contain additional terms for users of the Services. If you are a customer of an Airwallex entity located in one of the jurisdictions below, the terms below under the name of your jurisdiction shall apply in addition to the terms set out in our this Policy.
For customers of Airwallex Australia
Access and Correction: Please refer to Section 7 of this Policy.
Transacting Anonymously
Where possible we will give you the option of not identifying yourself when using the Service. You acknowledge that if you do not provide us with your personal information, we may be unable to provide you with access to certain features or sections of the Services.
Your Rights
If you are dissatisfied with our response to your request for access to, or correction of, your personal information or your privacy complaint in respect of your personal information, you may contact the Office of the Australian Information Commissioner (Telephone: +61 1300 363 992 or email: [email protected]).
Data Transfers
While we take reasonable steps to ensure that third party recipients of your personal information comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients and so cannot guarantee that they will comply with those privacy laws.
Overseas Recipients
You consent to the transfer of personal data to third parties outside Australia, and acknowledge that while we take reasonable steps to ensure that such third parties handle your personal data in accordance with Australian privacy laws, we will not be liable for the acts and omissions of these overseas third party recipients.
For customers of Airwallex United States
Depending on where you reside or how you use our Services, certain federal or state laws may apply to you and afford you certain additional rights.
For U.S. Residents Generally
If you are an End User that uses our Services for personal, family, or household purposes, you can also review our U.S. Financial Privacy Notice for a summary of our practices with respect to the nonpublic personal information we collect about you. The U.S. Financial Privacy Notice is provided as an alternative way to read about our practices and does not supplement or supersede the Privacy above in any way.
For Residents of Certain U.S. States
If you are a resident of a state that has enacted a comprehensive consumer privacy law, (such as California, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Iowa, Delaware, Nebraska, New Hampshire, New Jersey, Maryland, Tennessee, or Minnesota), you have certain rights afforded to you by the comprehensive consumer privacy law of your state (each a “State Privacy Law”) with respect to your personal information. However, the State Privacy Laws generally do not apply to what is referred to as nonpublic personal information collected by financial institutions (like Airwallex), as that information is subject instead to the other U.S. financial privacy laws. As a result, the State Privacy Laws do not apply to the majority of information Airwallex collects about you.
This section applies only to the limited personal information that is subject to the State Privacy Laws. Please note that not all of the information described in this section is subject to each State Privacy Law. For instance, there are certain exclusions (like personal information collected in a commercial or employment context) that are relevant in many but not all states.
Collection and Disclosure of Personal Information
Over the past 12 months, we have collected and disclosed the following categories of personal information (defined consistently with personal data as used in this Policy) from or about you or your device:
Identifiers, such as your name, email address, residential address, date of birth, social security number, driver’s license number, passport number, tax identification number or other similar identifiers, government issued identification information, bank account details, credit card or debit card numbers and IP address. This information is collected directly from you and your device. We disclosed identifiers with third party service providers, our corporate affiliates, ecosystem and financial partners, regulatory authorities, and other authorised parties.
Internet or other electronic network activity information, such as your information regarding your use of the Services, including your user preferences and other settings selected by you, server logs, and other device information as described in the main Policy. This information is collected directly from you and your device. This may be disclosed to third party service providers, our corporate affiliates, ecosystem and financial partners, regulatory authorities, social media platforms and other authorised parties.
Commercial information about any transactions within the Services such transaction information when you collect or make payments. This information is collected directly from you and your device. This may be disclosed to third party service providers, our corporate affiliates, ecosystem and financial partners, regulatory authorities, and other authorised parties.
Location data such as your IP address or mobile device GPS. This information is collected directly from you. This may be disclosed to third party service providers, our corporate affiliates, ecosystem and financial partners, regulatory authorities, social media platforms and other authorised parties.
Professional or employment-related information such as your profession if you choose to provide it in a survey. This information is collected directly from you. This may be disclosed to our corporate affiliates.
Other information including information about your gender, nationality, or age. This information is collected directly from you in the context of being our consumer. This may be disclosed to third party service providers, our corporate affiliates and ecosystem and financial partners.
Over the past 12 months, we have collected and disclosed the following categories of personal information from or about you or your device that State Privacy Laws may deem “sensitive”:
Account Login: such as your username in combination with your password to access your online account.
Government-issued Identifiers: such as your social security number, driver’s license number, passport number, tax identification number or other similar identifiers, government issued identification information. This information is collected directly from you.
Financial information: such as your bank account details, credit card or debit card numbers. This information is collected directly from you or from third party financial institutions who you may hold an account with.
Precise location data such as your mobile device GPS: this information is collected directly from you.
We do not use or disclose sensitive personal information for purposes other than those that are reasonably necessary to provide our services or as otherwise permitted by law. We do not use sensitive personal information for targeted advertising, profiling, or other secondary uses. Because we do not process sensitive personal information in a manner that triggers a right to limit or opt out, we do not offer a separate opt-out for such processing.
We collect your personal information, including sensitive personal information, for the following business and commercial purposes:
To provide you with the Services, maintain your account, provide customer service and process payments.
To improve our services, including the functionality of the Services and Sites.
For security and verification purposes, including to prevent and detect fraudulent activity.
To address and remediate technical issues and bugs.
To communicate with you.
To market and promote our Services.
For additional information about what each type of personal information is used for, see this table in this Policy. For information regarding how long we retain personal information, see section 6 of this Policy.
Sharing/selling personal information:
We do not sell personal information in the traditional sense of exchanging data for money. However, some of our use of third-party analytics and advertising partners may be considered a “sale” or “sharing” of Personal Information, or “targeted advertising,” under certain U.S. state privacy laws, including the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), and similar laws.
You may opt out of online targeted advertising and processing that may be considered a “sale” or “sharing” of Personal Information by adjusting your cookie preferences through our cookie banner or cookie settings tool. You may also request to opt out of offline targeted advertising by contacting us at [email protected].
We do not have actual knowledge that we “sell,” “share,” or engage in targeted advertising using the Personal Information of consumers under 16 years of age.
Privacy Rights:
If this section applies to you, you may have the right to:
Request access to the following information covering the 12 months preceding your request:
the categories of personal information about you that we collected, sold, or shared;
the categories of sources from which the personal information was collected;
the business or commercial purpose for collecting, selling, and sharing personal information about you;
the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the business or commercial purpose for disclosing the personal information about you; and
the specific pieces of personal information we collected about you;
Request that we correct inaccurate personal information that we maintain about you. Once we receive and confirm a verifiable rights request, we will correct your personal information maintained in our records, unless an exemption applies;
Request that we not sell or share your personal information. To exercise this right, please contact [email protected];
Request that we delete personal information we collected from you, unless an exception applies; and
Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or denying goods or services to you when you exercise your privacy rights.
We aim to fulfil all verified requests within 45 days pursuant to the State Privacy Laws. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay. Where permitted by State Privacy Laws, any disclosures will cover only the 12-month period preceding the verifiable rights request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
How to Exercise Your Rights
First, you may wish to log into your account and manage your data from there. To exercise any of the rights described in this section, please submit your request by contacting us at [email protected]. Your request must provide sufficient information (including pieces of identification) that allows us to reasonably verify you are the person about whom we collected personal information. Where required by State Privacy Laws, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Depending on where you reside, you may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we may require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
Appeals
If we deny your request, you may appeal our decision by contacting us at [email protected]. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
For Residents of Texas
If you are resident in Texas and have a complaint about our services, first contact Airwallex customer support at 855-932-3331.
If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking at 2601 North Lamar Blvd, Austin, TX 78705, 1-877-276-5554 (toll-free), www.dob.texas.gov. 33.51(d)(1)(B)
For customers of Airwallex Canada
Consent
By providing (or authorizing another person or organization to provide) your personal information to us, you consent to our collection, use, disclosure, and retention of your personal information as described in this Policy and as otherwise permitted by applicable law. We might also obtain your additional consent in certain circumstances, including when required by law, to collect, use, disclose, or retain your personal information for other specific purposes. You may withdraw your consent at any time, subject to legal or contractual restrictions and on reasonable notice to us, but when you might not be able to proceed with your intended interactions or transactions with us or otherwise receive the full benefit of our products and services. Please refer to the section titled “Withdrawing Consent” below to learn about withdrawing your consent. In addition, where permitted by applicable law, we may collect, use, disclose, and retain your personal information without your consent.
Withdrawing Consent
In addition to the choices you have about the way we handle your personal information described elsewhere in this Policy (including section 8 of this Policy), you may withdraw your consent to our collection, use, and disclosure of your personal information as explained in this Policy at any time on reasonable written notice to us, subject to legal or contractual restrictions. To withdraw your consent, you may contact us at privacy@airwallex.com.
If you withdraw your consent to our collection, use, and disclosure of your personal information for purposes that are integral to our relationship and dealings with you or your access to or use of the Services, then you might be required to terminate your use of the Services or you otherwise might not be able to proceed with your intended dealings with us.
If you withdraw your consent to our collection, use, and disclosure of your personal information for purposes that are not integral to our relationship and dealings with you or your access to or use of our products and services, then withdrawing your consent for those purposes will not affect your access to or use of the Services.
If you withdraw your consent to our collection, use, and disclosure of your personal information, we may retain and use your personal information to comply with applicable law, to establish, enforce and exercise our rights and remedies, and for other purposes permitted by applicable law.
Your Rights
You may reasonably request access and correction to your personal information under our legal control (see section 7 of this Policy) and information about our use, disclosure, and retention of your personal information by submitting a written request to our Privacy Officer using the contact information in Section 14 of this Policy. You might be required to pay a reasonable fee for access to your personal information. We may decline to process an access request that is unreasonably repetitive, frivolous, vexatious, or impracticable, or if we reasonably believe the requested access would infringe or jeopardize the privacy of other persons, violate any applicable law or legal requirement, or for other reasons permitted by applicable law.
Depending on the jurisdiction where you reside, you may also be entitled to request the rectification, deletion or data portability of your personal information under our legal control or information about Airwallex’s use of automated decision-making with respect to your personal information under our legal control.
If you reside in the Province of Québec, you may also be entitled to make a request to obtain certain other information related to your personal information, including the information that was provided to you at the time of collection of your personal information, categories of persons who have access to your personal information within Airwallex, the length of the period for which Airwallex will retain your personal information and, if the personal information was not collected directly from you, the source from which Airwallex collected the personal information.
Contacting Us
If you have questions or concerns about this Policy or a specific request related to your personal information, in addition to the contact information set out in section 14, you may also contact our Privacy Officer by mail at the address listed in section of this Policy.
For customers of Airwallex Malaysia
Rights of Data Subjects
Right of access and correction: See section 7 of this Policy. YWe reserve the right to impose a fee for providing access to your personal data in the amounts permitted by law. When handling a data access request, we are permitted to request certain information in order to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data access request.
Right to limit processing of your personal information: You may request limiting the processing of your personal data by using the contact details provided above. However this may affect our provision of the Services to you.
Contact
If you would like to make any inquiries or complaints, or to exercise your rights above, please contact us at+61 13 32 99 or by email at [email protected].
For customers of Airwallex New Zealand
Access and Correction
Please refer to section 7 of this Policy.
Overseas Recipients
While we take reasonable steps to ensure that third parties outside New Zealand handle your personal information in accordance with New Zealand privacy laws, you acknowledge that we do not control, or accept liability for, the acts and omissions of these overseas third party recipients.
Complaints
If you would like to make a privacy complaint in respect of your personal information, you may contact the Office of the New Zealand Privacy Commissioner (www.privacy.org.nz).
For customers of Airwallex Singapore
Access and Correction
Please refer to section 7 of this Policy.
Our privacy team for the purposes of compliance with the Personal Information Protection Act 2012 can be contacted at [email protected].
For customers of Airwallex Israel
Consent
You are not required under law to provide us with personal information, and you agree that personal information which you provide or is provided on your behalf, is provided of your own free will. However, if you do not provide us with your personal information, we may not be able to offer some or all of the Services to you and you may not be able to use some or all of the functionalities or content offered by the Sites.
Access, Correction and Deletion
Please refer to section 7 of this Policy.
DPO You can contact our Data Protection Officer at [email protected].
For customers of Airwallex Indonesia
If you wish to exercise your rights under Law Number 27 of 2022 on Personal Data Protection (“PDP Law”), or if you have any queries or complaints regarding how we process your personal information, please contact us at [email protected]. To verify whether you are entitled to exercise your rights under the PDP Law, we might require you to provide your government-issued documents, to the extent permitted by law.
We will notify any material changes to this Policy to you before the effective date of such changes.
Right to Withdraw Consent
You may withdraw your consent for the purposes that you have provided your valid and explicit consent to at any time. However, in doing so, you might not be able to enjoy certain Services that we offer, and utilise specific features provided in the Sites. We are not compelled to delete any related personal information should we have legitimate purposes to retain and process such personal information, pursuant to another legal basis under the PDP Law.
Right to Access
You have the right to access and obtain copies of your personal information about you that we process, including a record trail of how we process your personal information. We are compelled to reject you if such request:
Endangers your or others’ safety, physical health, or mental health;
Discloses the personal information of others; and/or
Contradicts with national defence and security interests.
We may charge your request to access and obtain copies of your personal information, including but not limited to where you request us to provide and send such copies in physical form.
Right to Terminate Processing, Delete, and Destroy
You have the right to request the termination of processing, deletion, or destruction of your personal data. We may reject your request to terminate the processing, delete, or destroy of your personal data subject to certain exemptions, including but not limited to our legitimate interest or contractual or legal obligations to process and/or retain your personal data. Where we have successfully deleted or destroyed your personal data, we will notify you in writing as required under applicable law.
Right to Sue and Compensation
You are entitled to sue and request compensation from us in the event of violations in our processing of your personal information. We are not compelled to compensate you prior to a definitive and binding decision, judgement, or resolution being issued by a competent court or alternative dispute resolution body.
For customers of Airwallex Mexico
Types of personal data processed
Please note that we do not process personal data that could be considered sensitive (e.g. ethnic origin, health condition, genetic information, philosophical or moral beliefs, sexual orientation, et cetera).
Secondary purposes and how to oppose to them
The purposes established under section 4 “HOW WE USE YOUR PERSONAL INFORMATION” are considered necessary purposes; except for the following purposes that could be considered secondary under local law:
Send you our newsletter or other content, or to send you marketing and promotional messages and offers.
To evaluate your satisfaction with our Services, platform and features.
To facilitate promotional contests that you choose to participate in.
To deliver promotional offers, incentives, and targeted marketing in accordance with your preferences (as permitted by applicable law).
To provide invitations and information about events held by our partners.
You can oppose these secondary purposes by contacting us at [email protected].
Data Transfers
In addition to the data transfers that explicitly require your consent, as stated in the 6. 'INFORMATION SHARING AND DISCLOSURE' section, we will also need your consent to transfer your data to Potential Acquirers of our Business and Connected Account holders, the Platform (or any Platform Partners).
Please note that by using or interacting with our Services or Sites, you consent to the data transfers that require your consent. If you wish to object to these data transfers, you can learn about the mechanisms and procedures by contacting us at [email protected].
Data protection rights
You can exercise the data protection rights established in section 7 of this Policy, except for the “Portability” right, as well as the following additional rights:
For all the data protection rights, you can know the mechanisms and procedures by contacting us at [email protected]
Consent
By providing us with your personal data and using our Services or our Sites, you give your explicit consent to this Policy, including the data transfers that require your consent.
For customers of Airwallex Vietnam
Consent to material revisions to this Policy.
We will notify and gather your consent for any material revisions to this Policy.
Your rights
Under Vietnam’s applicable laws and regulations related to data protection, you may have the following rights to your personal information:
Right to be informed: You have the right to be informed about the processing activities, unless otherwise regulated by applicable laws.
Right to give consent: You have the right to give consent or non-consent to the processing activities, saved for exemptions for consents regulated by applicable laws.
Right to withdraw consent: Please refer to section 7 of this Policy. Your consent withdrawal shall not affect the lawfulness of data processing for which consent was previously granted and shall not interfere with the legality of data processing if such activities fall under cases where your consent is not required according to applicable laws.
Right to object to processing for advertising and marketing purposes: You have the right to object to the processing of your personal data in order to prevent or restrict the disclosure of personal data or the use of personal data for advertising and marketing purposes, unless otherwise provided for by law.
Right to file complaints, denunciations and lawsuits: You have the right to file complaints, denunciations and lawsuits in compliance with the law, if you find the data processing activities violate the relevant laws.
Right to claim damages: You have the right to request compensation for damages in accordance with the law when there is a violation of the regulations on the protection of your personal information, unless otherwise agreed by the parties or specified by applicable laws.
Right to self-defence: You have the right to self-defence in accordance with applicable laws.
Right to access, right to delete data, right to restrict data processing, right to request data provision: Please refer to section 7 of this Policy.
Legal basis for processing of your personal information
Your consent is necessary for our collection and processing of your personal information, unless it falls under exceptions where consent is not required.
These exceptions include (i) emergencies where immediate processing is necessary to protect the life and health of the data subjects or others; (ii) disclosures required by law; (iii) emergencies threatening national defence, national security, social order and safety, major disasters, or dangerous epidemics; (iv) the performance of your contractual obligations with relevant entities, and (v) support for the specialized activities of state agencies, (vi) protection of one’s own legitimate rights or interests, those of others, or those of the State agencies, authorities, or organisations when necessary to prevent harms to their rights or interests.
Personal data processing of a data subject declared dead, missing, having lost or having been restricted in civil act capacity, or having cognitive or behavioural control difficulties
If you are declared by a competent court of Vietnam to be dead, missing, having lost or having been restricted in civil act capacity, or having cognitive or behavioural control difficulties, and such information becomes known to us, we will keep your personal data “as is” and no further personal data processing will be carried out unless otherwise required by the laws of Vietnam or otherwise allowed under certain exceptions in accordance with Vietnamese law.
Personal data processing in cases of video or audio recordings
If your personal data is collected by us through video or audio recordings, we will obtain a specific consent from you before the recording takes place unless a consent is not mandated under certain exceptions in accordance with Vietnamese law.
For customers of Airwallex UAE
Data controller (UAE) and DPO contact
For UAE customers, your data controller is Airwallex Middle East Innovation In Financial Solutions – L.L.C – O.P.C, with its registered address at Silver Castle Building, Mussafah, M33, Plot 67, Office 5, Abu Dhabi, United Arab Emirates.
Data Protection Officer: [email protected].
Cross-border transfers from the UAE
For personal data originating in the UAE, cross-border transfers occur only as permitted under the Federal Decree-Law No. 45/2021 On the Protection of Personal Data Protection Law (PDPL), including:
To jurisdictions recognized as providing an adequate level of protection; or
Subject to PDPL-permitted safeguards or other legal mechanisms; or
Under PDPL exemptions (for example, your explicit consent, contractual necessity, legal claims, or public interest), provided the transfer does not conflict with the UAE’s public and security interests.
You may request a copy or description of the safeguards used for UAE cross-border transfers.
It is sometimes necessary for us to transfer your personal data to countries outside the UAE. In those cases, we will comply with the PDPL and adopt the steps the law dictates to ensure the privacy of your personal data.
Where we transfer your personal data outside the UAE, we do so on the basis that it is a country deemed to provide an adequate level of protection or, in reliance of another legally-approved transfer mechanism. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UAE unless we can do so on the basis of an alternative mechanism or in reliance on another exception available under the law.
Data Subject Rights
If you are located in the UAE, you will have the benefit of certain rights set out in section 7 this Policy. For the avoidance of doubt, those rights are:
The right to be informed;
The right to data portability;
The right to correction or erasure; and
The right to restrict or stop processing.
Legal basis clarification (UAE)
Where PDPL applies, we rely on PDPL lawful bases (including consent, contract, legal obligation, vital/public interest, legal claims, or where information has been made public by you). We do not rely on “legitimate interests” as a standalone legal basis under PDPL.
Regulatory authority
In addition to contacting us, you may lodge complaints with the UAE Data Office (competent supervisory authority). Contact details for the UAE Data Office are not yet publicly available - we will update this Policy accordingly when this becomes available.
Free zone note
If your Airwallex contracting entity is established in a UAE financial free zone (e.g., DIFC or ADGM), the applicable free zone data protection regime may apply instead of this UAE PDPL addendum.
For customers of Airwallex Brazil
Transfers and Storage
As mentioned in section 5 of this Policy, personal data may be transferred to other countries due to Airwallex’s global structure and shared governance systems.
The duration of processing outside Brazil will depend on the term of the contracts with such third parties and/or the necessity of their support to achieve the intended purposes, always in accordance with the retention and disposal rules outlined in this Policy.
Even when personal data is processed outside Brazil, Airwallex Brazil ensures compliance with applicable data protection and privacy laws by implementing the security measures described in this Policy.
Airwallex Brazil also requires its business partners and entities within its corporate group (when applicable) to adopt legal and technical safeguards that ensure a level of protection that is at least equivalent to that required by Brazilian Data Protection Law (“LGPD”) and this Privacy Policy.
Your rights and choices
In accordance with the LGPD, you have the following rights:
Right to confirmation of the existence of the processing: Data subjects have the right to inquire whether their personal data is processed by Airwallex Brazil.
Right to withdraw consent: The data subject has the right to withdraw the consent they have granted. They may also request the deletion of data Airwallex Brazil processes based on their consent.
Right to Restriction, Objection, or Deletion: If there is any processing in non-compliance with the LGPD, the data subject may: (i) request the blocking of its personal data, temporarily suspending our ability to process them, (ii) object to the processing of its personal data, and/or (iii) request the deletion or anonymization of its data, in which case Airwallex Brazil must delete or anonymize all its data irreversibly, except as required by law. Airwallex Brazil may retain your personal data if necessary to (i) comply with applicable law; or (ii) fulfill a contract or to exercise our rights in judicial, administrative, or arbitration proceedings.
Right to access, right to correction and updating, right to portability: Please refer to section 7 of this Policy.
The rights above are not absolute and must be evaluated considering the legal prerogatives or obligations of Airwallex Brazil that may prevent their fulfilment. Additionally, Airwallex Brazil must verify the identity of the requester to ensure he/she is the data subject to which the data belongs to or a third party with power to represent a data subject.
Right to complain to the ANPD: you can file complaints with the Brazilian Data Protection Authority (“ANPD”) about personal data processing carried out by Airwallex Brazil. You can contact the ANPD through the means indicated on the authority's website: ANPD — Português (Brasil) (www.gov.br)
Children or Adolescents’ Privacy
The Sites and Services are not intended for or directed at children or adolescents. In accordance with Brazilian law, children are individuals under the age of 12, and adolescents are individuals between the ages of 12 and 18.
If Airwallex Brazil becomes aware that the personal data processed are from children or adolescents without the appropriate legal basis, in accordance with the best interests of the children and adolescents, Airwallex Brazil will take immediate steps to delete such personal data.
Contact
The Data Protection Officer (“DPO”) in Brazil is: the Airwallex Data Protection Office, and can be contacted via email at [email protected]