← Back to Documents

Privacy Notice

Privacy Notice

ExePay Limited is a private limited company registered in the United Kingdom under company number 12866788. We are authorised and regulated by the Financial Conduct Authority (FCA) as an electronic money institution, under Firm Reference Number 997541. Your privacy is a priority for us, and we are fully committed to protecting your personal data.

As a regulated electronic money institution, we collect and process various types of personal data in accordance with strict data protection laws. This Privacy Notice outlines how we collect, use, manage, and share your personal information. It is important that you read and understand this notice, as it explains your rights and our obligations regarding your data.

If you have any questions or concerns, please don’t hesitate to contact us — we’re here to help.

This Privacy Notice forms part of our ongoing commitment to data privacy and security. In some instances, you may receive additional privacy statements relating to specific data collection or processing activities. These statements are intended to supplement this notice and provide further transparency, not to replace it.

Scope of the Privacy Notice

This Privacy Notice describes how ExePay Limited collects, uses, and manages personal information. It applies to all individuals who interact with our services, including visitors to our website and users of our products or services.

By accessing our website or using any of our services, you acknowledge and agree to the data practices described in this notice. We are committed to transparency and may update this notice from time to time. Any changes will be communicated through updates on our website and mobile application.

We encourage you to review this notice regularly, particularly before submitting personal information or completing transactions, to stay informed about how your data is handled. If you do not agree with the terms outlined in this notice or any future updates, you may discontinue your relationship with us by closing your account. Account closure requests can be submitted through our online portal.

Privacy Practices for Site Visitors (Excluding Service Users)

When you visit our website without engaging with our services, we may collect certain information using cookies and similar tracking technologies. The nature and purpose of this data collection are fully outlined in our Cookies Policy.

Sharing of Personal Information

We share your information in the following circumstances:

  • We share your information with our other group companies for internal reasons, primarily for business and operational purposes in line with this Notice.
  • We share your information where we engage the services of trusted third-party suppliers to provide technical support, and to maintain your account with us, such as analytics and search engine providers that assist us in the improvement and optimisation of our site. We share your information with trusted third-party suppliers of information verification services (including credit reference agencies) for the purposes of validating the information you provide to us in the course of interacting with us or entering into a contract with us.
  • We share your information if we are under a duty to do so, in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation; or in order to enforce our terms of use and any other agreement; or to protect the rights, property, safety, or security of ExePay Limited, third parties, visitors to our website or the public.
  • As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your information will be disclosed to such entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such it is possible they will be transferred to third parties.

We take steps to ensure that our arrangements with third-party suppliers (including online vendors) protect your privacy. We do not sell, rent or exchange your information with any third party for commercial reasons.

We may share your personal information with the following parties:

  • ExePay Limited Staff: Access to your data is granted only to authorized personnel and solely for legitimate purposes such as fulfilling official duties, conducting research, or providing customer support. Your information is not used for any unrelated or unauthorized purposes.
  • Website Hosting Providers: We work with trusted third-party service providers to support the maintenance, hosting, and operation of our website. These providers are contractually obligated to han
Retention of Personal Information

Information that we collect will be retained only for as long as is necessary to fulfil the purposes outlined above in this Notice (this will generally be for the duration of time where you utilise our services) or to comply with our legal obligations. We may retain your information further for a period of time specifically required by applicable regulations or laws, such as retaining the information for tax and accounting and financial services regulations record keeping obligations.

When determining the relevant retention periods for your information, we will take into account factors including:

  • our contractual obligations and rights in relation to the information involved;
  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • our legitimate interests where we have carried out balancing tests ;
  • statute of limitations under applicable law(s);
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

Privacy Practices for Service Users

When you apply to use our services, ExePay Limited collects specific personal information to ensure compliance with legal and regulatory requirements, maintain security, and deliver our services effectively. The information we collect includes:

Account Information

To create an account and carry out transactions, you will be asked to provide:

  • Your email address and a secure password
  • Personal details such as your full name, residential address, date of birth, and phone number
  • A valid government-issued ID (e.g., passport, driver’s licence, or UK identity card)
  • Proof of address (e.g., utility bill or bank statement)
  • Employment information, including your occupation and employer
  • Proof of funds to support the legitimacy of transactions
Transaction Information

When you initiate a transaction, we collect details including:

  • Recipient’s full name, address, phone number, and financial institution details
  • Nature and purpose of the transaction
  • Your relationship with the recipient
  • Supporting documentation where required
Enhanced Due Diligence (EDD)

For transactions exceeding specific thresholds, we are legally obligated to perform Enhanced Due Diligence. This may require:

  • Information on previous transactions
  • Payment methods and frequency of transactions
  • Nature of your relationship with the recipient
  • Detailed explanation of the transaction’s purpose
Additional Information Collected

We also collect:

  • Transaction logs and system-generated unique identifiers
  • Records of customer support interactions
  • Data from trusted third-party sources, such as identity verification providers
  • Technical data, including device type, browser information, IP address, and usage patterns
  • Cookies and similar tracking technologies, as explained in our Cookies Policy
Use of Your Information and Legal Basis

ExePay Limited processes your personal data in accordance with applicable data protection laws. The purposes and legal bases for processing your information include:

Legal and Regulatory Compliance

We process your data to meet legal obligations, particularly in relation to anti-money laundering (AML), counter-terrorist financing, and the prevention of financial crime.

Contract Fulfilment

Your information is used to deliver our services, manage your account, and take steps necessary to enter into or perform a contract with you.

Legitimate Interests

We may process your data to support our legitimate business interests, provided that these do not override your rights. These interests include:

  • Ensuring the quality and security of our services
  • Preventing fraud and financial crime
  • Promoting products and services that may be relevant to you
Consent

In certain situations, we rely on your explicit consent to process your data—for example, for specific marketing communications or optional data collection during promotions or surveys. You may withdraw your consent at any time

Automated Decision-Making and Profiling

We use automated decision-making processes, including profiling, to ensure efficiency, compliance, and a tailored user experience. These include:

  • Profile Creation : Based on factors such as your age, residency status, financial profile, and results from anti-money laundering checks
  • Fraud Prevention : Detecting and mitigating potential fraud or suspicious activity
  • Service Personalisation : Assessing the suitability of specific products or services for your needs

Where automated decisions significantly affect you, we provide options for human review and intervention. We also implement robust safeguards to ensure fairness, accuracy, and data protection—this includes techniques such as pseudonymisation , where feasible, to enhance privacy.

Sharing of Information and International Transfers

ExePay Limited may transfer your personal data to countries outside the United Kingdom, in accordance with applicable laws and regulations. These transfers may occur in the following circumstances:

Regulatory and Legal Obligations

We may share your data with regulatory authorities, law enforcement, and government agencies when required or permitted by law. If you send or receive money across borders, we are also required to share certain personal information with institutions in the relevant country as part of our legal and compliance obligations.

Business and Service Partners

We may disclose your personal information to trusted third parties to facilitate and support our services, including:

  • Business partners who help process and fulfil money transfer requests or other services you have requested
  • Vendors, payment processors, and banking partners engaged to provide core business operations and customer service functions
  • Marketing and customer service providers , where applicable and based on your consent, to carry out advertising, customer satisfaction surveys, and market research on our behalf
  • Identity verification and risk management providers that assist in validating the accuracy of information you provide, authenticating your identity, and managing fraud and security risks
Corporate Transactions

In the event of a sale, merger, acquisition, or other corporate transaction involving all or part of ExePay Limited, your personal data may be transferred as part of the business assets.

Group Companies and Legal Entities

We may share your personal information globally with other entities within the ExePay Limited group, and with financial authorities, credit reporting agencies, courts, or law enforcement bodies to comply with legal obligations or to protect our rights, interests, and those of others.

International Data Transfers

Some of the recipients of your data may be located in jurisdictions outside the UK that do not benefit from an adequacy decision by the UK Government. In such cases, ExePay Limited ensures that appropriate safeguards are in place by:

  • Entering into standard contractual clauses (SCCs) or international data transfer agreements (IDTAs) approved by the UK Government or other relevant authorities
  • Conducting rigorous due diligence to assess the recipient’s data protection practices and ensure an adequate level of security for your personal information We are committed to ensuring that all data transfers are lawful, secure, and protective of your rights under applicable data protection legislation. Further Information While we do not maintain a comprehensive list of all third parties with whom your data may be shared (as it depends on your specific interactions with our services), you may request a personalized list. To do so, please contact us at dpo@exepay.co.uk.
Retention Periods

At ExePay Limited, we retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including meeting legal, regulatory, accounting, or reporting requirements. When determining appropriate retention periods, we consider the following factors:

  • Legal and regulatory obligations, including specific timeframes mandated by law or supervisory authorities
  • The nature, sensitivity, and volume of the personal data we hold
  • The potential risks associated with unauthorized access, use, or disclosure of the data
  • The reasons for collecting and processing the data, and whether those objectives can be achieved through alternative means
Standard Retention Periods
  • 5 years after your last transaction with us or the termination of our relationship , whichever occurs later
  • 10 years from the date of each transaction conducted during the course of your business engagement with us

These retention periods ensure that we meet our obligations while protecting your privacy. Once your data is no longer needed for these purposes, it will be securely deleted or anonymized in accordance with our data disposal protocols.

Minors

ExePay Limited’s services are not intended for, nor directed at, individuals under the age of 18. We do not knowingly collect, process, or store personal data from minors, and we do not seek to engage with children in any capacity through our services.

If we become aware that a person under the age of 18 has registered for or is using our services, we will take immediate steps to:

  • Restrict and block access to our services for that individual
  • Promptly and securely delete any personal data collected from or about the minor If you believe that we may have inadvertently collected information relating to a child, please notify us immediately at dpo@exepay.co.uk, and we will take appropriate action to investigate and resolve the matter.
Your Rights

Under data protection legislation, you have specific rights in relation to the personal data we hold about you. While these rights are not absolute and may be subject to limitations or exemptions under applicable law, they include the following:

Right of Access

You have the right to request access to the personal data we hold about you (commonly referred to as a "data subject access request"). This allows you to confirm that your data is being processed lawfully and to obtain a copy of your personal information.

Right to Rectification

You may request the correction of inaccurate or incomplete personal data we hold about you. We may need to verify the accuracy of the new information you provide before making any changes.

Right to Erasure ("Right to Be Forgotten")

You can ask us to delete your personal data where there is no valid reason for us to continue processing it. This right also applies if:

  • You have withdrawn consent (where applicable)
  • You have successfully objected to the processing
  • We have processed your data unlawfully
  • Local law requires us to erase your data Note: We may not always be able to comply with your request for specific legal or regulatory reasons, which will be communicated to you where relevant.
Right to Object

You can object to the processing of your personal data where:

  • We rely on legitimate interests (ours or a third party's) and your situation gives you grounds to object due to an impact on your rights and freedoms
  • We process your data for direct marketing purposes In some cases, we may demonstrate compelling legitimate grounds to continue processing your data, despite your objection.
Right to Restrict Processing

You may request that we suspend processing your personal data in the following circumstances:

  • You contest the accuracy of the data
  • The processing is unlawful, but you do not want it erased
  • We no longer need the data, but you require it to establish, exercise, or defend legal claims
  • You have objected to the processing, and we are considering whether we have overriding legitimate grounds
Right to Data Portability

You have the right to request the transfer of your personal data to you or a third party. We will provide it in a structured, commonly used, machine-readable format. This right only applies to data:

  • That you provided to us
  • Processed by automated means
  • Based on your consent or where necessary for the performance of a contract
Right to Withdraw Consent

Where we rely on your consent to process your data, you can withdraw it at any time. This will not affect the lawfulness of processing carried out prior to the withdrawal. However, if you withdraw consent, we may no longer be able to provide certain services. We will inform you of any such impact at the time you make the request. If you wish to exercise any of your rights, please contact us at dpo@exepay.co.uk. We may need to verify your identity before processing your request to protect your privacy and security.

Fees and Response Time
No Fee Required

You will not be charged a fee to access your personal data or to exercise any of your data protection rights. However, we reserve the right to charge a reasonable fee if a request is clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with the request, in line with applicable data protection laws.

Identity Verification

To protect your data and prevent unauthorized access, we may request specific information from you to verify your identity before we respond to your request. This helps ensure that personal data is not disclosed to anyone who is not entitled to receive it. We may also contact you for further details to help clarify or expedite your request.

Response Timeline

We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have submitted multiple requests, we may need additional time. Should this occur, we will inform you of the delay and keep you updated on the progress of your request.

Safeguarding Your Personal Data

At ExePay Limited, we are committed to protecting the personal information you entrust to us. We follow widely recognized industry standards and have implemented appropriate organizational and technical measures designed to prevent accidental loss, unauthorized access, alteration, or disclosure of your personal data.

Access to your personal information is strictly limited to employees who require it for legitimate business purposes. These employees are bound by confidentiality obligations and are required to handle your data in accordance with our policies and legal requirements.

While we strive to ensure the security of your data, it is important to understand that no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security, and any data transmission is undertaken at your own risk.

If you have any questions or concerns about our data security practices, please contact us at dpo@exepay.co.uk.

In the event of a suspected data breach, we have established procedures to respond swiftly and effectively. Where required by law, we will promptly notify you and any relevant regulatory authorities of the breach.

Interaction with External Websites and Services

Our website may contain links to external websites, each of which operates under its own privacy practices that may differ from those of ExePay Limited. When you provide personal information to these third-party websites or services, your data will be subject to their respective privacy policies. ExePay Limited is not responsible for, and disclaims any liability related to, the privacy practices or data handling of these external sites.

We strongly recommend that you review the privacy policies of any third-party websites, applications, or services you visit or use.

Additionally, this Privacy Notice does not cover the data practices of third-party entities you may interact with while using our services, such as mobile network operators or other users. We encourage you to contact these third parties directly to understand their privacy policies before sharing any personal information.

Changes to This Privacy Policy

To keep up with changing legislation, best practice, and changes in how we process personal information, we may revise this notice at any time. In the case of significant or material changes to this notice, we will let you know.