At WorldFirst, we pride ourselves on maintaining the highest levels of security, transparency and integrity in our work, and recognize the importance of protecting and respecting your personal information.
To provide you with our services we need to know things about you. We will only collect information we need to provide you with the services you have requested and will handle your information with the utmost care.
Who we are
We are World First UK Limited (referred to in this Notice as “WorldFirst”, “we”, “us” or “our”) with our company address: Millbank Tower, 21-24 Millbank, London, UK, SW1P 4QP.
Information you provide to us
To open an account or use WorldFirst services, you will be asked to provide identifying information about yourself (e.g. name, address, date of birth, and email address) and your company (together, “Account Information”), together with documents to verify the information provided – such as, a copy or record of your identity cards, passport or other travel document information, your proof of address, occupation, nationality, country of birth, source of funding, source of wealth and/or other information from checks, credit cards, bank statements, address proofs or money orders (together, “Identification Information”). You will also be asked to provide “Profile Information” including your username and password.
In order to make payments, you will be asked to provide the information required to facilitate the payment – e.g. Beneficiary Information (see below) and certain Transaction Information (see below) - in particular, bank account details and source of funds.
Through the course of our business relationship, we may ask for additional evidence in order for us to comply with our legal obligations – e.g. anti-money laundering regulations. These can include, but are not limited to, documents required to verify any information provided or evidence of source of funds (“KYC/ AML Information”).
Information we collect when you use our website or app
The WorldFirst user community participants will have their sessions recorded to allow us to capture the feedback to improve our services and help with the development of new products..
For the detection and prevention of fraud and cyber-crime, we will collect information, including session, device and IP address (“Device Information”) to help ascertain the legitimacy of the account login. We will also collect information about your activities on and use of our website or app including, for example, browser history, product engagement, IP address or other unique identifiers, and other information regarding your interaction with our website or app and our advertisements (“Usage Information”).
For non-registered users, we may contact you using publicly available information or information from third parties (i.e., name and contact details), which you have consented to being shared, to let you know about products that could be relevant for your business. Such third party sources include, for example, social media platforms, company registration lists, and telephone and other publicly available directories.
Once your account is fully set up and you begin to transact with us we will collect, process and store your WorldFirst financial and transactional information. This information includes the amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details (together, “Transaction Information”).
Information about you that we receive from third parties
To protect ourselves and our customers against fraud, we verify the information you provide (e.g., the KYC/ AML Information) with anti-fraud agencies and electronic identity verification services. In the course of verification, we receive and process information about you from such services. It may include the collection of biometric information (via facial recognition technologies) used for real identity verification and authentication purposes.
Information may also be collected from credit reference agencies.
All calls are recorded and correspondence retained for the purposes of quality control and training, as evidence of transactions and to fulfill regulation requirements. Any information you disclose to us will be held on these recordings in compliance with applicable law (“Call Recording Information”).
Individuals who are not registered users of WorldFirst
WorldFirst will collect information required to be able to send a payment to an individual, who may not be a WorldFirst client. This will include name and bank account details that are required by regulations to process the payment (“Beneficiary Information”).
The purposes and legal bases upon which we process your personal information include:
Category of Personal Information
Purpose of Processing
Lawful Basis for Processing
All personal information in Section 3 above other than Usage Information, Beneficiary Information and Device Information
Registration and Administration: We use your personal information to enable you to register with us. Once you have an account with us we will use your personal information to contact you and to reply to any queries or requests. We will use your personal information in the administration of your account, which includes us contacting you in order to update your account details (this assists with keeping our records up to date) or in order to notify you of changes or improvements to our products or services that may affect our service to you – you cannot opt-out of the receipt of these service messages.
To perform a contract (Art. 6(1)(b) GDPR)
To comply with a legal obligation e.g., financial tax reporting and bookkeeping laws (Art. 6(1)(c) GDPR)
All personal information in Section 3 above other than Usage Information and Device Information
To perform a contract (Art. 6(1)(b) GDPR)
To comply with a legal obligation (see below) (Art. 6(1)(c) GDPR)
To pursue our legitimate interests to operate and improve our business and minimise any unintended disruption, risk or fraud to the services that we offer to you, to transfer your personal information within the WorldFirst Group for internal administrative purposes, and to make your experience of our products and services efficient and effective (Art. 6(1)(f) GDPR)
Usage Information, Device Information
Improve our Products and Services: To understand our customers’ actions, behaviours, preferences, transactions, expectations, and feedback in order to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services by us
To pursue our legitimate interests to make your experience of our products and services efficient and effective and to improve the same (Art. 6(1)(f) GDPR)
Account Information, Profile Information, Identification Information, KYC/AML Information, Beneficiary Information, Transaction Information
Prevention and Detection of Crime: We are subject to strict anti-money laundering and counter-terrorist financing regulations which requires us to undertake due diligence on our customers and their beneficiaries. This may include the conduct of soft searches through an identity-referencing agency and through other sources of information and the use of scoring methods to identify risk and to verify identity. These activities may involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. It may also include the sharing of personal information with police, law enforcement, tax authorities or other government and fraud prevention agencies
To comply with a legal obligation e.g., laws relating to anti-money laundering and financial crime (Art. 6(1)(c) and Article 9(2)(g) GDPR)
To pursue our legitimate interests to cooperate and assist law enforcement in the fight against financial crime (Art. 6(1)(f) GDPR)
Name and contact details
Direct Marketing: We may use your information to keep you up to date concerning WorldFirst Group Companies’ products and services, tell you about new products/services or to ask about your experience with us . You can opt-out from the receipt of these communications at any time
To pursue our legitimate interests to send you marketing communications (Art. 6(1)(f) GDPR)
Where required under applicable law, we will ask for and rely on your consent (Art. 6(1)(a) GDPR)
Call Recording Information
Monitoring: We record all our telephone calls for security and training purposes e.g., to assess the quality of our customer services and to provide staff training
To pursue our legitimate interests to assess the quality of our customer services (Art. 6(1)(f) GDPR).
All personal information in Section 3 above
To defend and enforce our rights including, against legal claims that involve us or other WorldFirst Group companies, and to manage regulatory matters, investigations, data breaches, and/or data subject requests
To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) GDPR)
To pursue our legitimate interests to defend and enforce our rights (Art. 6(1)(f) GDPR)
All personal information in Section 3 above
To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us or any WorldFirst Group company
To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR)
You have a right to object to the processing of your personal information (including profiling) where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.
Where we need to collect the abovementioned categories of personal information by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this personal information when requested, we may not be able to comply with our legal obligations, provide you with a service or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you.
Where we ask for your consent to use your personal information (e.g. to send you direct marketing), you have the right to withdraw your consent at any time by:
- emailing email@example.com; or
- managing your preference through the WFO trading platform, if you are a registered user; or
- clicking the link at the bottom of any email that you receive.
You will not miss any service we provide by not choosing to receive marketing from us and you can change your mind whenever you like and as often as you like. However please note that your withdrawal of consent does not affect the lawfulness of our processing of your personal information based on consent before such withdrawal.
WorldFirst Group Companies
WorldFirst Group Companies refers to the companies owned (whether partially or wholly) by Ant Group, including but not limited to the companies listed below:
- WorldFirst Netherlands B.V. (EU)
- WorldFirst Pty Ltd (Australia)
- WorldFirst Asia PTE Ltd (Singapore)
- WorldFirst Japan K.K (Japan)
- WorldFirst Asia Ltd (China - Hong Kong)
These WorldFirst Group Companies will access and process your personal information categories included in Section 3 to assist in the provision of services to you including, for back-up purposes, to assist with compliance and anti-money laundering activities and for internal audit purposes. However, the way information is accessed, processed and transmitted and our level of security remains consistent across WorldFirst Group Companies.
WorldFirst uses various banking partners around the world to ensure your payment can get to where it needs to go as quickly as possible. When you transact with WorldFirst, we will need to share your personal information with payment providers or banking partners including, those located outside of the UK, such as intermediary or beneficiary banks – e.g. if you ask us to make a USD payment to China - Hong Kong the funds may be cleared through an intermediary bank in the US before reaching China - Hong Kong.
For transparency, verification and legal requirements, we are required to include certain information on the payment which could include: Account Information, Beneficiary Information and your Identification Information.
In addition, where you use the services of a banking partner of ours, and/or a banking partner requests us to provide certain data about you according to your authorization, we may share your data with such banking partner to provide the relevant banking services to you.
If one of our trusted partners introduced you to WorldFirst, we may provide them with your personal information that are necessary to fulfil our contractual obligations with the partner.
We may also cooperate with trusted partners to provide financial services to you. In order to provide such financial services that are suitable for you, we may share and personal information that are necessary with trusted partners to determine whether you are suitable for such services and accordingly credit worthiness and your credit. This may include the conduct of soft searches and the use of scoring methods to identify risk and verify identity. These activities may also involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. We require trusted partners to undertake a strict confidentiality obligation and not to use your data that we share with them for any other purposes. We would also require trusted partners to adopt sufficient technical security measures to protect your data.
Additionally, we may share your contact details with a trusted partner for marketing purposes if you have given your consent to do so.
Contractors, Professional Advisors and Service Providers
We may share any personal information identified in Section 3 above with our contractors, professional advisers and third party service providers who provide administrative, customer support, telecommunication, computing, remittance or other services to us in connection with the operation or maintenance of our products and services. These companies do not have any rights to market other services to you.
If you are a seller on an e-commerce platform, we may share your personal information with those e-commerce platforms that are necessary to help detect and prevent fraud, money laundering, dealing in counterfeit goods and other criminal or abusive behaviour. We provide such information to allow such platforms to identify WorldFirst accounts used by their sellers, and then, for these specific accounts, provide information about the account holder and its associated persons, payments out of the account, other accounts linked to that account, and indications of suspicious activity on the account.
We may share your personal information with actual or proposed entities involved in any merger, acquisition, corporate reorganisation or financing, or similar transaction with us, including in the event of the sale of all or part of our assets: All personal information categories included in Section 3 may be disclosed on a need-to-know basis depending on our business needs.
Also, we may share your information with any person acting on your behalf provided that you have given us the permission to do so.
Regulators and Law enforcement
We may need to pass necessary information to Governmental departments, regulatory bodies, law enforcement/tax/customs agencies, courts of law or other third parties including, where we are asked to do so. This may include all personal information identified in Section 3 above.
Our operations are supported by a network of computers, servers and other infrastructure and information technology, including third party service providers – as identified in Section 5 above. Some of these are established in countries outside of the European Economic Area (“EEA”) or the UK. Your personal information identified in Section 3 above, are transferred outside of the EEA/UK as permitted by applicable data protection and privacy laws and regulations, including but not limited to the following countries: Australia, Hong Kong, Japan, the United States, China, Singapore.
WorldFirst has entered into standard contractual clauses (“SCCs”) for intra-group transfers of personal information including, without limitation to the WorldFirst Group Companies identified in Section 5 above that are located outside of the UK and/or the EEA in countries which do not offer an adequate level of data protection. The categories of personal information processed by the data importers are set out in Section 3 above. The data importers may also (onward) transfer personal information to third party recipients who may be located outside the EEA/UK for the purposes set out in Sections 4 and 5 above. The data importers will only make such (onward) transfers to recipients ensuring appropriate safeguards are in place where required, or where otherwise permitted by the SCCs and which may include entry into SCCs.
Where WorldFirst transfers personal information to other recipients located outside of the EEA/UK, WorldFirst will always ensure that the recipient is based in a country with adequate data protection laws (e.g., Japan), that appropriate contractual obligations (e.g., SCCs) are implemented, that they otherwise adhere to Binding Corporate Rules, or that an appropriate derogation to legitimise the transfer can be relied on.
If you would like further information or a copy of the relevant contractual safeguards, you can contact us using the details set out in Section 12 below.
WorldFirst will only retain your personal information for as long as is necessary to provide our services to you and will not hold or process your personal information for any longer than we are legally permitted to. The criteria used to determine the appropriate retention period includes:
- Regulatory requirements WorldFirst is subject to
- Whether a legal claim could be brought against WorldFirst
- Necessity of information to provide our service to our customers
- The types of personal information being processed
- The legal basis for processing your information – e.g. consent
Information about connected parties and beneficiaries, which may not belong to a WorldFirst client, are stored for a period to comply with applicable legal requirements.
You have certain rights in respect of your personal information as outlined below. If you would like to exercise any of the below rights then please contact Privacy Office (firstname.lastname@example.org) and we will respond to your request. However, please note that the below rights are not absolute and may be subject to limitations.
As necessary we will request you to provide proof of identity and to provide sufficient information to enable us to locate relevant information and verify that the person making the request is entitled to do so.
To ask for information that WorldFirst holds about you to be corrected
Where the personal information that we hold about you are incorrect, you have the right to request amendments to be made.
To ask us to erase your information if we no longer have a reason to hold it
You have a right to request for the deletion of your personal information that we hold.
To ask us to restrict the processing of your personal information
You have a right to ask that we restrict or suppress the processing of your personal information which means that whilst we are permitted to store the personal information we cannot otherwise process it.
To ask for a copy of the information WorldFirst holds about you
You have a right to receive a copy of your personal information. You also have the right to ask for a copy of your personal information to be provided to a third party in certain circumstances.
To withdraw your consent
You have a rights to withdraw your consent to the processing of your personal information at any time (where WorldFirst is processing your personal information based on your consent) by contacting us using the details in Section 12 below. Please note that withdrawing your consent may prevent us from further providing all or part of our services to you but does not affect the lawfulness of our processing of your personal information based on such consent before the withdrawal.
To object to the processing of personal information by WorldFirst
If you object to the processing of your personal information (including, profiling) which we carry out in reliance on our legitimate interests, we will investigate to see if there is compelling reason for processing to continue.
You can not object to the processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party.
Also, you can object to marketing communications at any time. Please see Section 4 above.
To ask not to be subject to solely automated decision making (including, profiling)
WorldFirst puts people first. There will not be any scenarios in which profiling or automated decision making will have a legal or similarly significant impact on you without a person reviewing or making a decision on the result.
We store all data electronically and physically in a manner aimed at securing and protecting the data’s confidentiality, integrity and availability. Data is stored on servers which are protected by actively maintained firewalls. We make use of up-to-date anti-virus software and our servers have restricted access.
If you provide paper-based documentation for the purpose of identity verification these will be stored electronically and the original will be destroyed securely or returned to you.
Transmission of data on the internet can never be completely secure. We do not and cannot guarantee the security of information collected or transmitted electronically however, we take reasonable care to safeguard your personal information.
If at any time you are not happy with how we handle your personal information, you can make a complaint to us. For further information, please see our complaints policy.
We would really like the opportunity to set things right with you but you also have the right to raise any data protection concerns with a data protection authority directly if you are unhappy with the way we are handling your personal information.
Our website may contain links to other third-party websites, which may have privacy policies/statements that differ from our own. We are not responsible for the activities and practices that take place on these websites.
Accordingly, we recommend that you review the privacy policies/statements posted on any website that you may access through our website.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.