Group Privacy Policy

If you wish to view the Acceptable Use Policy, please click here.

This Privacy policy together with our terms of use sets out the way in which Kabayan Remit will use and protect your personal information. By visiting and using our website www.kabayanremit.com, you are consenting to the practices described in this policy.

About Kabayan Capital Group

Kabayan Capital Ltd t/as Kabayan Remit, a UK entity (“Kabayan UK”), is the parent company of a group providing money remittance services to the Filipino community in the UK, mainland Europe and North America. The Kabayan Remit Group has offices in the UK, Canada, the US, and the EU and a contact centre based in Manila, Philippines (“Group”, “us” or “we”).

Kabayan is a recognised brand in the Filipino community and the company uses direct marketing, attendance at cultural events and barrio fiestas etc. as well as digital marketing campaigns in order to promote the online remittance services. External agents are not used for any sales and payments are taken via online banking or by debit card only, no cash is accepted.

Purpose

The purpose of this policy (“Policy”) is to ensure that the Group complies with the obligations set out in each jurisdiction’s legislation and regulatory guidelines as well as the requirements of the Group’s business partners regarding the collection, storage and use of personal data. This includes ensuring that the Company has adequate systems and controls in place to mitigate against risks posed to the Group, its business partners, and its Remitters in relation to the collection, storage and use of personal data. This Policy will assist Remitters and prospective customers to:

• Understand what the Group does with the data it collects;
• Understand the steps the Group takes to protect that data; and
• Understand other steps the Group may take with the data it has collected.

Scope

The Policy applies whenever a Remitter uses any services provided by the Group or a person uses or visits the Group’s website or application and what happens to any personal data collected.

Policy Statement

The Group takes the privacy of its’ Remitters or prospective customers and protection of their data seriously. The Group is committed to collecting, storing, processing, and disclosing the data it collects in a manner which is responsible, ethical, and compliant with the applicable laws and regulations.

1. Basis for Lawful Processing of Data

The Group collects and processes the Remitter or prospective customer’s personal data under various bases depending on the type of data, the activity and the stage in the registration process. These bases are the legitimate interest basis, consent and, once a prospective customer becomes a customer, the contractual basis. The Group has carried out a thorough Assessment to ensure that the Group has weighed the Remitter or prospective client’s interests and any risk posed to the latter and the Group’s own interests, ensuring that they are proportionate and appropriate.

2. Data Collected

The Group collects some or all of the following from our Remitters:

• Name;
• Date of Birth;
• Gender;
• Occupation;
• Source of Income;
• Address;
• Mobile Number;
• Social Security Number and/or Individual Tax Identification Number (for US Remitters);
• Email address;
• Details of transactions;
• Payment account details;
• Details of intended Receivers;
• Details derived from government issued identification documents; and
• Such other data as may be required for the Group to provide the necessary service to its Remitters.

3. Excluded Data - Minors

The Group caters its services only to persons who are at least eighteen (18) years old and who have their personal bank accounts in the country in which the customer is registered. The services provided by the Group are not intended to be used by minors; as such the Group will never knowingly collect information of persons under the age of eighteen (18).

4. Method of Collection

The data listed in Clause 2 can be collected:
• Directly from the Remitter or prospective customers when completing registration forms available during events/trade shows and/or on our website, mobile application, or by contacting us through email, text message, telephone, or letter;
• Directly from the Remitter when instructing the Group to execute a transaction;
• Directly from the Remitter when contacting them to request further information or documentation during the enhanced due diligence (EDD) and know-your-client (KYC) process or when more information is required to process a Remitter Application Form;
• Directly from the Remitter to answer a request for any further information;
• From credit reference agencies, fraud prevention agencies, and law enforcement agencies, as well as third party providers of services who may assist the Group in verifying the Remitter during the KYC and EDD process; and
• Through the use of electronic cookies.

5. How We Use Your Data

The Group may use a Remitter or prospective customer’s data in some or all of the following ways:
• To deliver the Group’s products and services;
• To contact a Remitter or prospective customer;
• To maintain and improve the services provided by the Group, including, but not limited to, troubleshooting and testing;
• To understand how the Group’s advertising and marketing programme(s) are being received and the effectiveness of such programme(s);
• To ensure all relevant policies and procedures are adhered to;
• To update the Remitter or prospective customer on the Group’s services and promotions;
• To comply with any legal, regulatory, or court requirements, locally or abroad, which the Group is required to observe (including, but not limited to, GDPR and PIPEDA);
• To combine, compare, and contrast the data with data provided by third parties to satisfy legal or regulatory requirements.

Marketing

When a Remitter or a prospective customer accomplishes the Group’s registration form, whether online or printed, they are asked if they agree that the Group may use their personal data in contacting them by email, text message, or telephone call to provide them promotional offers and information about similar products.

Should a Remitter or prospective customer at any time not wish to receive marketing information, they may opt-out of receiving these communications from the Group (even if they have previously opted in) by following the instructions at the end of the email or text message which the Group sends to them or by contacting the Group.

Cookies

When a Remitter or a prospective customer visit the Group’s website, small files known as “cookies” are used to distinguish a visitor from other users and to analyse how the website is used and how to optimise the experience of the website. More information on how cookies are used can be provided by the Group upon the Remitter or prospective customer’s request.

6. Protecting Your Information

The Group takes the following steps in protecting the Remitter or prospective customer’s data:
• The usage of a secure server to store all information;
• The protection of all transaction data using Transport Layer Security (“TLS”);
• The training of all relevant employees of the Group on the importance of dealing with data and personal information in a confidential and lawful manner;
• The Group’s usage of any and all appropriate electronic safeguards as it deems necessary;
• The Group’s usage of any and all appropriate physical safeguards as it deems necessary; and
• The Group’s usage of any and all appropriate procedural safeguards as it deems necessary.

Transmission and Storage Risk

While every precaution is taken by the Group it deems appropriate to protect the data it collects, the transmission over the internet and the storage of data are never 100% safe, as such, the Group does not guarantee that information transmitted over the internet is 100% secure and similarly, despite having strict and robust security measures in place, the Group cannot guarantee the data will not be subject to unauthorised access.

7. Storing of Data

The data that the Group collects may be transferred to, and stored at, locations outside the Group’s registered country of business. It may also be accessed by the Group’s employees working in different jurisdictions as well as third party suppliers with whom the information is shared.

The Remitter agrees to this transfer and storage. The Group will take all reasonable steps to ensure the integrity of the data in such circumstances.

8. Sharing and Disclosing of Data

The Group does not share or disclose any personal information of the Remitter or prospective customer without their consent, other than for purposes specified in this Policy or where there is a legal duty for the Group to do so.

Sharing

The personal data collected may be shared with some or all of the following entities:

• Other companies within the Group;
• Third parties in order to:
– Carry out the Group’s business;
– Comply with laws and regulations;
– Provide the Group’s services; and
– Comply with contractual obligations.
• Third parties that are engaged to assist the Group improve and optimise its website and mobile application.

Disclosing

The personal data collected may be disclosed in some or all of the following circumstances:
• To protect the property and interests of the Group, including, but not limited to, fraud prevention and mitigation;
• To allow the Group to undertake and/or cooperate with investigations of any financial or other crimes;
• To implement or execute a subpoena, warrant, court order, or other similar writs served on the Group, or where otherwise required by law;
• To permit the Group to limit any damage it may sustain; and
• To enable the Group to explore in the sale or purchase of a business as part of the due diligence requirements of that purchase or sale.

9. Third Party Websites

Electronic communications from the Group and/or the Group website or mobile application may occasionally contain links to and from websites hosted by third parties. The Group accepts no responsibility or liability for the content of such third-party websites or the consequences of visiting them and use of such websites will be governed by the third party’s privacy policy.

10. Rights of the Data Subject

The Remitter or prospective customer, as the case may be, has the following rights with regard to their personal information insofar as they are required by the local privacy legislation in the relevant country:
• The right to be informed about the category, collection, use, and retention of their personal data;
• The right to access personal data that the Group processes;
• The right to rectify inaccurate personal data, or completed if it is incomplete;
• The right to object to the processing of personal data, subject to the relevant data protection laws;
• The right to erasure or to restrict the processing of personal data in accordance with the relevant data protection laws; and
• The right to data portability, allowing the Remitter or prospective client to obtain and reuse their personal data for their own purposes, subject to the relevant data protection laws.

Individuals can request an assertion of any of the rights above (including deletion of data) by sending an email to [email protected]. All such requests, unless otherwise required by any applicable law, will be treated confidentially. Any such request will be dealt with appropriately and in line with the legal requirements applicable (including those pertaining to response times etc.). The applicant will be notified when such a request has been complied with.

Should a request to exercise any of the above-mentioned rights be received by the Group from the Remitter or prospective customer, the Group may ask the former to verify their identity before acting on the request to ensure security of the personal data.

The Group reserves the right to amend or otherwise revoke any of the rights previously afforded to an extent permitted by local regulations if the exercise of the same becomes too onerous and/or unconscionable.

11. Consent

When a Remitter undergoes and completes the Group’s registration process, they confirm that all information provided by them are accurate and complete. By providing their personal data, the Remitter consents that the Group may use the same to carry out an identity verification assessment including checking records held by Credit Reference Agencies (CRA).

Should the Group believe that any of the information provided by the Remitter is false or inaccurate, or that their Remitter Application Form involves fraud, details will be submitted to the relevant fraud prevention agencies. Concerned law enforcement agencies may access and utilise the information provided in order to prevent fraud, money laundering, and/or other criminal offences.

12. Requests and Complaints

All requests and/or complaints arising from this Policy can be sent via email to [email protected].

13. Data Retention

Any and all data collected will be stored in accordance with applicable law and regulation.

14. Variation

The Group reserves the right to revise, update, or otherwise modify this Policy without prior notice to the Remitter or prospective customer.

15. Policy Review

The review of this Policy will take place on an annual basis or at such time interval as may be required pursuant to changes in legislation, regulations, industry practice, or the manner in which the Group collects, stores, or discloses data collected. The Group’s Head of Compliance is responsible for the reviews.

For more information on how we collect, share, and protect the personal information of our Remitters, please click here.

Requests Pursuant to the Privacy Policy

Should an individual wish to make a request in relation to personal data held by Kabayan Remit (including, but not limited to, the deletion of data held about the applicant by Kabayan Remit), then such requests can be made by sending an email to [email protected]. All such requests, unless otherwise required by any applicable law, will be treated confidentially. Any such request will be dealt with appropriately and in line with the legal requirements applicable (including those pertaining to response times etc.). The applicant will be notified when such a request has been complied with. Should a request to exercise any data rights (including deletion of data held) be received by Kabayan Remit from a customer, the Group may ask the former to verify their identity before acting on the request to ensure security of the personal data. If the applicant is not a customer, Kabayan Remit may take any such other reasonable steps as are required to ensure the applicant is who they claim to be.