If you wish to view the Acceptable Use Policy, please click here.
Kabayan Capital Ltd t/as Kabayan Remit, a UK entity (“Kabayan UK”), is the parent company of a group providing money remittance services to the Filipino community in the UK, mainland Europe and North America. The Kabayan Remit Group has offices in the UK, Canada, the US, and the EU and a contact centre based in Manila, Philippines (“Group”, “us” or “we”).
Kabayan is a recognised brand in the Filipino community and the company uses direct marketing, attendance at cultural events and barrio fiestas etc. as well as digital marketing campaigns in order to promote the online remittance services. External agents are not used for any sales and payments are taken via online banking or by debit card only, no cash is accepted.
The purpose of this policy (“Policy”) is to ensure that the Group complies with the obligations set out in each jurisdiction’s legislation and regulatory guidelines as well as the requirements of the Group’s business partners regarding the collection, storage and use of personal data. This includes ensuring that the Company has adequate systems and controls in place to mitigate against risks posed to the Group, its business partners, and its Remitters in relation to the collection, storage and use of personal data. This Policy will assist Remitters and prospective customers to:
• Understand what the Group does with the data it collects;
• Understand the steps the Group takes to protect that data; and
• Understand other steps the Group may take with the data it has collected.
The Policy applies whenever a Remitter uses any services provided by the Group or a person uses or visits the Group’s website or application and what happens to any personal data collected.
The Group takes the privacy of its’ Remitters or prospective customers and protection of their data seriously. The Group is committed to collecting, storing, processing, and disclosing the data it collects in a manner which is responsible, ethical, and compliant with the applicable laws and regulations.
The Group collects and processes the Remitter or prospective customer’s personal data under various bases depending on the type of data, the activity and the stage in the registration process. These bases are the legitimate interest basis, consent and, once a prospective customer becomes a customer, the contractual basis. The Group has carried out a thorough Assessment to ensure that the Group has weighed the Remitter or prospective client’s interests and any risk posed to the latter and the Group’s own interests, ensuring that they are proportionate and appropriate.
The Group collects some or all of the following from our Remitters:
• Date of Birth;
• Source of Income;
• Mobile Number;
• Social Security Number and/or Individual Tax Identification Number (for US Remitters);
• Email address;
• Details of transactions;
• Payment account details;
• Details of intended Receivers;
• Details derived from government issued identification documents; and
• Such other data as may be required for the Group to provide the necessary service to its Remitters.
The Group caters it services only to persons who are at least eighteen (18) years old and who have their personal bank accounts in the country in which the customer is registered. The services provided by the Group are not intended to be used by minors; as such the Group will never knowingly collect information of persons under the age of eighteen (18).
The data listed in Clause 2 can be collected:
• Directly from the Remitter or prospective customers when completing registration forms available during events/trade shows and/or on our website, mobile application, or by contacting us through email, text message, telephone, or letter;
• Directly from the Remitter when instructing the Group to execute a transaction;
• Directly from the Remitter when contacting them to request further information or documentation during the enhanced due diligence (EDD) and know-your-client (KYC) process or when more information is required to process a Remitter Application Form;
• Directly from the Remitter to answer a request for any further information;
• From credit reference agencies, fraud prevention agencies, and law enforcement agencies, as well as third party providers of services who may assist the Group in verifying the Remitter during the KYC and EDD process; and
• Through the use of electronic cookies.
The Group may use a Remitter or prospective customer’s data in some or all of the following ways:
• To deliver the Group’s products and services;
• To contact a Remitter or prospective customer;
• To maintain and improve the services provided by the Group, including, but not limited to, troubleshooting and testing;
• To understand how the Group’s advertising and marketing programme(s) are being received and the effectiveness of such programme(s);
• To ensure all relevant policies and procedures are adhered to;
• To update the Remitter or prospective customer on the Group’s services and promotions;
• To comply with any legal, regulatory, or court requirements, locally or abroad, which the Group is required to observe (including, but not limited to, GDPR and PIPEDA);
• To combine, compare, and contrast the data with data provided by third parties to satisfy legal or regulatory requirements.
When a Remitter or a prospective customer accomplishes the Group’s registration form, whether online or printed, they are asked if they agree that the Group may use their personal data in contacting them by email, text message, or telephone call to provide them promotional offers and information about similar products.
Should a Remitter or prospective customer at any time not wish to receive marketing information, they may opt-out of receiving these communications from the Group (even if they have previously opted in) by following the instructions at the end of the email or text message which the Group sends to them or by contacting the Group.
When a Remitter or a prospective customer visit the Group’s website, small files known as “cookies” are used to distinguish a visitor from other users and to analyse how the website is used and how to optimise the experience of the website. More information on how cookies are used can be provided by the Group upon the Remitter or prospective customer’s request.
The Group takes the following steps in protecting the Remitter or prospective customer’s data:
• The usage of a secure server to store all information;
• The protection of all transaction data using Transport Layer Security (“TLS”);
• The training of all relevant employees of the Group on the importance of dealing with data and personal information in a confidential and lawful manner;
• The Group’s usage of any and all appropriate electronic safeguards as it deems necessary;
• The Group’s usage of any and all appropriate physical safeguards as it deems necessary; and
• The Group’s usage of any and all appropriate procedural safeguards as it deems necessary.
While every precaution is taken by the Group it deems appropriate to protect the data it collects, the transmission over the internet and the storage of data are never 100% safe, as such, the Group does not guarantee that information transmitted over the internet is 100% secure and similarly, despite having strict and robust security measures in place, the Group cannot guarantee the data will not be subject to unauthorised access.
The data that the Group collects may be transferred to, and stored at, locations outside the Group’s registered country of business. It may also be accessed by the Group’s employees working in different jurisdictions as well as third party suppliers with whom the information is shared.
The Remitter agrees to this transfer and storage. The Group will take all reasonable steps to ensure the integrity of the data in such circumstances.
The Group does not share or disclose any personal information of the Remitter or prospective customer without their consent, other than for purposes specified in this Policy or where there is a legal duty for the Group to do so.
The personal data collected may be shared with some or all of the following entities:
• Other companies within the Group;
• Third parties in order to:
• Carry out the Group’s business;
• Comply with laws and regulations;
• Provide the Group’s services; and
• Comply with contractual obligations.
• Third parties that are engaged to assist the Group improve and optimise its website and mobile application.
The personal data collected may be disclosed in some or all of the following circumstances:
• To protect the property and interests of the Group, including, but not limited to, fraud prevention and mitigation;
• To allow the Group to undertake and/or cooperate with investigations of any financial or other crimes;
• To implement or execute a subpoena, warrant, court order, or other similar writs served on the Group, or where otherwise required by law;
• To permit the Group to limit any damage it may sustain; and
• To enable the Group to explore in the sale or purchase of a business as part of the due diligence requirements of that purchase or sale.
The Remitter or prospective customer, as the case may be, has the following rights with regard to their personal information insofar as they are required by the local privacy legislation in the relevant country:
• The right to be informed about the category, collection, use, and retention of their personal data;
• The right to access personal data that the Group processes;
• The right to rectify inaccurate personal data, or completed if it is incomplete;
• The right to object to the processing of personal data, subject to the relevant data protection laws;
• The right to erasure or to restrict the processing of personal data in accordance with the relevant data protection laws; and
• The right to data portability, allowing the Remitter or prospective client to obtain and reuse their personal data for their own purposes, subject to the relevant data protection laws.
Should a request to exercise any of the above-mentioned rights be received by the Group from the Remitter or prospective customer, the Group may ask the former to verify their identity before acting on the request to ensure security of the personal data.
The Group reserves the right to amend or otherwise revoke any of the rights previously afforded to an extent permitted by local regulations if the exercise of the same becomes too onerous and/or unconscionable.
When a Remitter undergoes and completes the Group’s registration process, they confirm that all information provided by them are accurate and complete. By providing their personal data, the Remitter consents that the Group may use the same to carry out an identity verification assessment including checking records held by Credit Reference Agencies (CRA).
Should the Group believe that any of the information provided by the Remitter is false or inaccurate, or that their Remitter Application Form involves fraud, details will be submitted to the relevant fraud prevention agencies. Concerned law enforcement agencies may access and utilise the information provided in order to prevent fraud, money laundering, and/or other criminal offences.
All requests and/or complaints arising from this Policy can be sent via email to [email protected].
Any and all data collected will be stored in accordance with applicable law and regulation.
The Group reserves the right to revise, update, or otherwise modify this Policy without prior notice to the Remitter or prospective customer.
The review of this Policy will take place on an annual basis or at such time interval as may be required pursuant to changes in legislation, regulations, industry practice, or the manner in which the Group collects, stores, or discloses data collected. The Group’s Head of Compliance is responsible for the reviews.