Last updated: 9 April 2020
Airwallex and its related entities operate globally through offices around the world and may share personal data with each other. A list of our offices can be found here. Each Airwallex office is required to share personal data in accordance with our internal data protection and data retention policies and procedures. These policies and procedures have been developed with due consideration to applicable laws and international best practices. In particular, we have implemented a ‘least basis principle’ in relation to data access, which means that our personnel will only have access to personal data to the extent their role requires this.
Airwallex will also share your personal data with overseas entities when we facilitate cross-border payments (for example, to the beneficiary bank and the overseas payee). In some cases, we may not have a direct relationship with the businesses in these overseas jurisdictions.
Third parties whom we may disclose personal data to are described in section 10. Some of these third parties are located outside of Australia, in locations such as the United States, Hong Kong and the United Kingdom.
You may request to access, correct or delete your personal data by contacting us at the details set out in section 16 for further assistance. Before making a request, please note that:
We collect personal data from you, your authorised representatives or third parties, when:
We may also collect personal data from third parties such as regulatory authorities or other organisations with whom you have dealings, government agencies, credit reporting agencies, information or service providers, publicly available records and the third parties described in section 10.
The types of personal data we collect depends on the nature of our relationship and our dealings with you. The following table describes activities which usually take place between us and our customers, and the types of personal data which we will collect in connection with these activities.
|Activity||Types of personal data which we will collect|
|Visits to our websites||Details of the visit, including internet protocol (‘IP’) address, location of the device connecting to our websites and other identifiers about the device and the nature of the visit and the resources accessed.|
|Onboarding (including signing up for an account)||Current and historical personal data including your name (including name prefix or title), gender, contact details (such as your postal address, email address and phone number(s)), nationality, residency, verifying information (such as your passport, driver’s licence, bank statements and utility bills), billing and financial information (such as billing address, bank account and payment information) and specimen signatures.|
|Use of our services||Information relating to specific transactions and activities performed using our platform, including date, time, amount, currencies used, exchange rate, IP address of sender and receiver, payment reference, payment rationale, associated account information with a transaction and information disclosed to us by third party service providers involved in the provision of our services. Additional types of personal data may be collected depending on the type of service your business has signed up for. Please refer to the applicable service-specific terms and conditions for more information.|
|Dealings between you and our customers||Information relating to your dealings with our customers, including your name, contact details (such as your postal address, email address and phone number(s)), nature of the relationship between you and our customers, purpose of transactions and billing and financial information (such as billing address, bank account and payment information).|
|Marketing (for example, when we meet you at events)||Current and historical personal data including your name (including name prefix or title), gender, contact details (such as your postal address, email address and phone number(s)), information relating to your business, industry, customers and interests and information about the type of news, updates and events you would like to receive.|
|Interactions on social media||Personal data (for example, name, profile photo, date of birth and contact details) and opinions publicly shared on social media networks or made known to us. We may also collect your IP address, location of your device and other identifiers about your device when you click on our advertisements.|
We may also collect personal data by ‘creation’ (that is, information created with reference to, or generated from, other information we have access to).
If you do not provide us with the necessary personal data, we may not be able to provide you with our services. For example, if you do not provide us with personal data under our “know your customer” procedures, we may not be able to comply with anti-money laundering and counter terrorist financing laws and will not be able to onboard you as a customer or action a request made by you to execute an international payment
We process your personal data to:
We may also process your personal data if you have provided your consent to such use or the organisation that you work for has obtained your consent. In some cases, the specific purposes for which we may process your personal data will be set out in the terms and conditions that apply to particular services. Your acceptance of these terms and conditions will constitute consent (whether on your own behalf or on behalf of your personnel or customers).
We will use your personal data to offer you products or services provided by us or third parties, including special offers that may be of interest to you or for which you may be eligible. Marketing messages may be sent to you via email, SMS, telephone calls or other mobile messaging services. You can unsubscribe from these communications at any time by following the instructions at the end of all marketing emails and texts, or contacting us at the details set out in section 16.
We may disclose your personal data to third parties, including:
If we use data analytics to generate insights on our customers, we will take reasonable steps to de-identify any personal data that is relied on for the generation of these insights prior to disclosing such insights to third parties.
We will only retain your personal data for as long as is reasonably necessary in the circumstances or as required by law. Airwallex determines its retention period based on a number of factors including:
When a relevant retention period has passed, Airwallex will destroy the relevant personal data or, where applicable, sufficiently anonymise the personal data.
We employ technical and operational measures to ensure the confidentiality of personal data that is processed in the course of our business. Our safeguards are reviewed regularly and include training personnel regarding confidentiality and privacy issues, encrypting information (including personal data and payment transactions) and restricting access to your personal data to those employees of Airwallex who have a business reason for accessing such personal data.
Whilst we take all reasonable steps to protect your personal data from misuse, interference and loss, as well as unauthorised access, modification or disclosure, no data transmission over the internet can be guaranteed to be 100% secure. As a result, any information that you provide to Airwallex is provided at your own risk.
Our websites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third party websites and are not responsible for their use of information about you.
Level 7/15 William St,
We may require you to provide evidence to verify your identity when you contact us.
We will respond to all enquiries within 30 days. If we anticipate it will take longer than this, we will notify you and provide the reasons for any delay.
If you remain dissatisfied, you may make a complaint about the way we process your personal data to the Office of the Australian Information Commissioner.