Country or region

Country or region

Privacy Policy

Last updated: 9 April 2020

Privacy Policy

1. Introduction

Airwallex Pty Ltd (ABN 609 653 312) (‘Airwallex’, ‘us’ or ‘we’) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use and disclose personal data. By visiting our websites or continuing to use our services, you accept and consent to the practices described in this Privacy Policy.

This Privacy Policy does not apply to how we collect and use personal data of current and former Airwallex employees or candidates. For information in this regard, please contact us at the details set out in section 16.

In this Privacy Policy, ‘personal data’ includes ‘personal information’ and ‘sensitive information’ as defined in the Australian Privacy Act 1988 (Cth) and ‘you’ includes ‘the organisation you work for’ (unless the context otherwise requires).

2. Sharing personal data with other Airwallex offices and overseas recipients

Airwallex and its related entities operate globally through offices around the world and may share personal data with each other. A list of our offices can be found here. Each Airwallex office is required to share personal data in accordance with our internal data protection and data retention policies and procedures. These policies and procedures have been developed with due consideration to applicable laws and international best practices. In particular, we have implemented a ‘least basis principle’ in relation to data access, which means that our personnel will only have access to personal data to the extent their role requires this.

Airwallex will also share your personal data with overseas entities when we facilitate cross-border payments (for example, to the beneficiary bank and the overseas payee). In some cases, we may not have a direct relationship with the businesses in these overseas jurisdictions.

Third parties whom we may disclose personal data to are described in section 10. Some of these third parties are located outside of Australia, in locations such as the United States, Hong Kong and the United Kingdom.

3. Your rights

You may request to access, correct or delete your personal data by contacting us at the details set out in section 16 for further assistance. Before making a request, please note that:

  • we may not always be able to comply with your request of erasure (for example, if we are legally required to retain your personal data); and
  • for your security, we may require you to prove your identity or provide evidence of any information changes before we comply with your request.

4. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time. The current version may be accessed via our website.

5. How we collect personal data

We collect personal data from you, your authorised representatives or third parties, when:

  • you provide it directly to us (for example, by signing up for an account on our website, filling in forms on our platform or corresponding with us by phone, email or other communication channels);
  • someone provides it to us on your behalf (for example, if a customer provides us with your personal data so they can make a payment to you through our platform or if a customer provides us with your personal data as part of the onboarding process because you are a stakeholder);
  • a third party provides it to us (for example, business partners, subcontractors, banks, credit bureaus or organisations who provide us with verification information); and
  • you visit our websites and platform (for example, through ‘cookies’ and analytics software used on our websites).

We may also collect personal data from third parties such as regulatory authorities or other organisations with whom you have dealings, government agencies, credit reporting agencies, information or service providers, publicly available records and the third parties described in section 10.

6. What types of personal data we collect

The types of personal data we collect depends on the nature of our relationship and our dealings with you. The following table describes activities which usually take place between us and our customers, and the types of personal data which we will collect in connection with these activities.

ActivityTypes of personal data which we will collect
Visits to our websitesDetails of the visit, including internet protocol (‘IP’) address, location of the device connecting to our websites and other identifiers about the device and the nature of the visit and the resources accessed.
Onboarding (including signing up for an account)Current and historical personal data including your name (including name prefix or title), gender, contact details (such as your postal address, email address and phone number(s)), nationality, residency, verifying information (such as your passport, driver’s licence, bank statements and utility bills), billing and financial information (such as billing address, bank account and payment information) and specimen signatures.
Use of our servicesInformation relating to specific transactions and activities performed using our platform, including date, time, amount, currencies used, exchange rate, IP address of sender and receiver, payment reference, payment rationale, associated account information with a transaction and information disclosed to us by third party service providers involved in the provision of our services. Additional types of personal data may be collected depending on the type of service your business has signed up for. Please refer to the applicable service-specific terms and conditions for more information.
Dealings between you and our customersInformation relating to your dealings with our customers, including your name, contact details (such as your postal address, email address and phone number(s)), nature of the relationship between you and our customers, purpose of transactions and billing and financial information (such as billing address, bank account and payment information).
Marketing (for example, when we meet you at events)Current and historical personal data including your name (including name prefix or title), gender, contact details (such as your postal address, email address and phone number(s)), information relating to your business, industry, customers and interests and information about the type of news, updates and events you would like to receive.
When you contact us, including handling complaints and requestsPersonal opinions made known to us and personal data such as your name, contact details (for example, email address and phone number) and information about your business or interests which you submit via our websites or provide to us in person. In some cases, we may be able to collect your first and last name through the use of cookies and analytics software on our websites.
Interactions on social mediaPersonal data (for example, name, profile photo, date of birth and contact details) and opinions publicly shared on social media networks or made known to us. We may also collect your IP address, location of your device and other identifiers about your device when you click on our advertisements.

We may also collect personal data by ‘creation’ (that is, information created with reference to, or generated from, other information we have access to).

7. Failure to provide personal data

If you do not provide us with the necessary personal data, we may not be able to provide you with our services. For example, if you do not provide us with personal data under our “know your customer” procedures, we may not be able to comply with anti-money laundering and counter terrorist financing laws and will not be able to onboard you as a customer or action a request made by you to execute an international payment

8. Purposes for processing personal data

We process your personal data to:

  • onboard your business as a customer;
  • verify your identity and conduct screenings, due diligence checks and ongoing transaction monitoring in accordance with our internal compliance procedures and as required by law;
  • develop, improve and provide our services (whether made available by us or through us);
  • obtain insights from information obtained about you which we receive from third party sources (in which case, we may use your personal data, information received from third parties, and the combination of these sets of information for the purposes set out in this Privacy Policy);
  • offer you products or services, including measuring the effectiveness of advertising and marketing campaigns (see section 9 below);
  • investigate and respond to feedback, queries or complaints;
  • audit and monitor use of our services;
  • manage our infrastructure and business operations and comply with internal policies and procedures, including in relation to accounting, reporting, and risk-management obligations;
  • obtain insights and carry out research, planning and statistical or other data analysis, including analytics for the purposes of developing or improving our services, security, service quality, and advertising and marketing strategies;
  • manage our exposure to risk, including to prevent and detect fraud or crime;
  • communicate with you, including providing you with support services, updates on services and our terms and conditions and handling any enquiries about your account;
  • seek professional advice (including legal advice) and protect, establish, exercise or defend legal rights; and
  • fulfil our contractual, legal or regulatory obligations.

We may also process your personal data if you have provided your consent to such use or the organisation that you work for has obtained your consent. In some cases, the specific purposes for which we may process your personal data will be set out in the terms and conditions that apply to particular services. Your acceptance of these terms and conditions will constitute consent (whether on your own behalf or on behalf of your personnel or customers).

9. Marketing communications and opting out

We will use your personal data to offer you products or services provided by us or third parties, including special offers that may be of interest to you or for which you may be eligible. Marketing messages may be sent to you via email, SMS, telephone calls or other mobile messaging services. You can unsubscribe from these communications at any time by following the instructions at the end of all marketing emails and texts, or contacting us at the details set out in section 16.

10. Disclosure of personal data

We may disclose your personal data to third parties, including:

  • any person you make a transaction to using our services;
  • any person you have consented to us disclosing your personal data to (for example, when you request that we transfer your account information to a third party application);
  • your professional advisers or our professional advisers, including legal advisers, auditors and insurers;
  • third parties with whom we have promotional arrangements, such as an affiliate or referral program;
  • our partners who are involved in the provision of our services, such as banks, data storage providers, information technology service providers, compliance solutions providers, payment service providers, liquidity providers, researchers, data analytics providers, and marketing and security service providers;
  • third parties to whom we may sell or transfer parts of our business or assets or whose business or assets we may wish to acquire, and any financial institutions or investors providing finance to us;
  • any person we consider we need to disclose your personal data to in order to protect our rights under our agreement with you or to protect our interests or those of our customers, including for the purposes of minimising the risk of fraud, money laundering or terrorism financing; or
  • any person to whom we are required or requested to make disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body.

If we use data analytics to generate insights on our customers, we will take reasonable steps to de-identify any personal data that is relied on for the generation of these insights prior to disclosing such insights to third parties.

11. Retention of personal data

We will only retain your personal data for as long as is reasonably necessary in the circumstances or as required by law. Airwallex determines its retention period based on a number of factors including:

  • the type of personal data;
  • the purpose for its collection;
  • our legal and regulatory obligations; and
  • industry best practice and regulatory guidelines.

When a relevant retention period has passed, Airwallex will destroy the relevant personal data or, where applicable, sufficiently anonymise the personal data.

12. Security

We employ technical and operational measures to ensure the confidentiality of personal data that is processed in the course of our business. Our safeguards are reviewed regularly and include training personnel regarding confidentiality and privacy issues, encrypting information (including personal data and payment transactions) and restricting access to your personal data to those employees of Airwallex who have a business reason for accessing such personal data.

Whilst we take all reasonable steps to protect your personal data from misuse, interference and loss, as well as unauthorised access, modification or disclosure, no data transmission over the internet can be guaranteed to be 100% secure. As a result, any information that you provide to Airwallex is provided at your own risk.

13. Cookies

We use cookies on our websites. Please see our Cookie Policy for details.

14. Third party sites

Our websites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third party websites and are not responsible for their use of information about you.

15. Language

This Privacy Policy may be translated into languages other than English. In the event of any inconsistency between this Privacy Policy and a translation, the English version shall prevail.

16. Contact us

If you have any questions or complaints relating to this Privacy Policy or about the use of your personal data, please contact us at [email protected] Alternatively, you may contact us at the following address:

Airwallex,

Level 7/15 William St,

Melbourne,

VIC 3000,

Australia

We may require you to provide evidence to verify your identity when you contact us.

We will respond to all enquiries within 30 days. If we anticipate it will take longer than this, we will notify you and provide the reasons for any delay.

If you remain dissatisfied, you may make a complaint about the way we process your personal data to the Office of the Australian Information Commissioner.

Cookies on the Airwallex website

We use cookies to give you a better experience on our website. If you continue without changing your settings, we’ll assume that you are happy to receive cookies. However, if you would like to, you can change your cookie settings at any time here

Find out more