A. Important Information: How we secure your Personal Data and who controls it.
ii. Data Controller: Means a person who (either alone or jointly with other persons) determines the purposes for and the manner in which any personal data is to be processed. Edfundo is the Data Controller. Edfundo may process your personal data directly, or through authorised agents and service providers of Edfundo, who may be chosen by us for the purposes of furthering the individual and entities’ business of Edfundo. Edfundo is the data controller of your Personal Data. Data protection is important to us and we adhere to all applicable data protection laws and regulations globally, which includes, but is not limited to: the United Kingdom Privacy and Electronic Communications Regulations, the United Kingdom Data Protection Act 2018, as amended, the data protection and privacy requirements Dubai International Financial Center (“DIFC”) and where applicable to individuals in the European Union, the United Kingdom and the member states of the European Free Trade Association (“EFTA”), the General Data Protection Regulation (“GDPR” which had commenced on 25 May 2018) and the California Consumer Privacy Act (CCPA) in the United States. for the purposes mentioned in this policy. We may also process your Personal Data and you consent to the processing thereof, to satisfy all legal obligations, if it is necessary to carry out any obligations arising from any contracts entered into with you or to carry out any services to you, by any Edfundo entity, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of either Edfundo entity, it’s Users, customers, clients, other persons or other entities.
C. Am I still responsible for my child’s use of your Services? Yes.
As a parent or guardian of a child who has signed up to use our Services (“You”):
· You are responsible for Your child’s use of our Services, including any subscription fees incurred and purchases made.
D. What Personal Data do you collect and why?
We may collect Personal Data automatically, when You give it to us directly, or when we receive it from other sources. We do this to operate effectively and provide You with the best experience with our Services.
Personal Data means any information that can be used directly or indirectly to identify You or a member of Your family. We collect it to operate safely, effectively and provide You with the best experience with our Services.
We may collect Personal Data automatically, when You give it to us directly, or when we receive it from other sources such as our partners (as set forth below) or social media accounts You choose to link to our Services.
The Personal Data we collect depends on the context of Your interactions with our Services, and the choices You make and may include the following:
· Contact and identification information such as Your name and Your child’s name, your phone number, email address, postal address, date of birth, identification document numbers, copies of identification documents (for example Emirates ID, passport, driving licence, utility bills, visa), personal description, social handles, photographs and other similar contact information.
· Financial information such as the last four digits and expiry date of Your Prepaid card number, bank account information, bank sort code, IBAN, payment reason, footprint of your credit history, and other similar financial information.
· Transaction information such as date, time, amount, currencies used, exchange rate, beneficiary details, details and location of the merchant or ATMs associated with the transaction, IP address of sender and receiver, senders and receiver’s names and registration information, as well as other similar transaction information.
· Demographic information such as Your or Your child’s age, gender, nationality, country and other similar demographic information.
· Security information such as passwords, password hints, security questions and answers and other similar security information.
· Device and technical information such as IP address, unique device identifiers (such as the IMEI number for phones, the MAC address of the device’s wireless network interface), device functionality (browser type and version, operating system and platform, hardware used, browser plug-in types and versions) and other similar device and technical information.
· Usage information such as the full uniform resource locators (URLs), information about page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), error reports and performance data (ie: details of the software or hardware related to an error, content of files You were using when an error occurred), troubleshooting and help data plus other similar usage information.
· Location information such as Your device location which may include a street name and city or GPS- location, ISP or your mobile carrier, the URL of both the site You came from and the one you go to next and other similar location information. We use GPS technology and Your IP address to determine Your location – this may be used when the application is running in the foreground and the background of Your device. This is used to prevent fraud, for instance if your phone is saying that You are based in the UAE, but your card is being used to enter into an ATM withdrawal or point of sale purchase in UK, we may not allow that transaction to be processed. Please also know that most devices allow You to prevent location information from being sent to us.
· Any other information You directly provide to us when filling out forms, corresponding with us (ie: email, conversations with Member Services by phone or chat sessions), filling out surveys, providing us with feedback and product reviews and other similar information.
You have choices about the Personal Data we collect. So, when You are asked to provide us with Your Personal Data, you always have the right not to do so. Please note however that if You choose not to provide us with Your Personal Data when prompted, You may not be able to use our Services.
It is always possible to block/opt out of cookies via your browser’s cookie settings that allows You to refuse the setting of all or some cookies. Please note however that if You do this You will not be able to use our Services properly. For example, you may need to enter information repeatedly, or You might not get personalised content that is meaningful to You as many of our functions are dependent on cookies.
ii) What are cookies?
When You visit our website, our website server sends and stores a unique identifier (called the cookie) on Your device and uses this unique identifier to recognise You when You return to the website or browse from page to page. Cookies allow us to distinguish You from other users of our website and allow us to tailor our content to You. The cookies we use do not hold any Personal Data about You.
iii) How can I block cookies?
It is possible to block/opt out of cookies via Your browser’s cookie settings. This allows You to refuse the setting of all or some cookies. You can find more information on: https:// www.allaboutcookies.org/manage-cookies/ . Please note however that if You do this You will not be able to use our Services properly. For example, You may need to enter information repeatedly, or You might not get personalised content that is meaningful to You as many of our functions are dependent on cookies.
iv) What happens if I don’t block cookies?
If You continue using our website without changing your settings, we will assume that You are happy to receive all cookies on our website.
v) Do you use other technology similar to cookies? Yes.
We sometimes use third-party service providers to collect Your interaction with our Services in order to support our marketing, both on our website and elsewhere on the Internet. This information regarding Your interaction is collected in an anonymous format using what is called a pixel tag, which is industry standard technology. None of Your Personal Data will be collected or used during this process. We simply discover the preferences and choices of our customers, so that we can make decisions about where and how to let people know about edfundo. While the pixel tags we use may change from time to time as we improve and update our Services, they generally fall into the below categories of use:
Adwords, AffectV, Bing, Doubleclick, Facebook Pixel, Twitter Pixel, All Response Media Pixel, Google Ads, Linkedin, Twitter,
Hotjar, Google Analytics, Google Tag Manager
vi) Does your website include widgets? No.
While this may change as we update our Services, our website currently does not include widgets.
vii) Do you respond to Do Not Track signals? No.
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites You visit, indicating You do not want to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, we do not currently respond to browser DNT signals.
F. How do you use my Personal Data?
We use Your Personal Data to provide You with safer and more reliable Services.
The Personal Data we collect from You is used for the following purposes:
i. To provide You with our Services: We use Your data to process Your account application and authorize Your access to our Services, process Your payments and provide You with any other Services you request from us;
ii. To communicate with You: We use Your data to share important news relating to our Services. We offer regular emails including newsletters to let You know about our Services. From time to time we may also contact You to ask Your views on our Services, to fill out a survey, to send You marketing communications such as special offers and updates that we think will be of interest to You. We may contact You through email, notices posted on our website or app, text messages or push notifications. You may always change your communication preferences in your preference settings at any time and choose to hear a bit less or a bit more from us.
iii. To conduct research: we use Your data to conduct research for the further development and improvement of our Services. We also want to reassure You that should we sell Your data for research purposes, we will only do so if Your data is in aggregate format, and we have a strong confidentiality agreement in place with the research entity (such as a university) that would allow us to have continuous oversight and approval of the use of Your aggregated data.
· To produce marketing material and deliver relevant advertising to You;
· To help You: we use Your data to investigate and resolve complaints and services issues.
· To improve the Services offered on our website and make them more secure: we use Your data so we can provide You with the most user-friendly navigation experience we can, and if we think it’s necessary, for security purposes or to investigate possible fraud.
· To better understand our business: we use aggregate data to generate statistics about our users or the demographic distribution of visitors to our website. Note that aggregate is data combined from several measurements and doesn’t identify You.
· To comply with legal and/or regulatory requirements: We use your Emirates ID Information provided and the data available on your Emirates Chip to verify your identity in your submitted form of identification during the onboarding and User registration or User Account creation process. This technology collects information from your biometric data, and it shares this information with us. We use that information to verify your identity. We will store your biometric data for as long as is necessary to perform the services, and as long as the User account exists and will comply with applicable law relating hereto. By using Edfundo Tech ltd and/or services you agree that Edfundo Tech ltd may collect your biometric data to perform identity verification.
G. Where do you store my Personal Data?
In UAE, but if we do transfer it outside of UAE, we will make sure it is treated safely and securely.
i. User Data is stored and transferred in compliance with the applicable legislation or Regulations of every applicable jurisdiction.
ii. We store and process your personal data in data centres located within the Country in which Edfundo operates, wherever we have our premises, wherefrom we provide services or where Edfundo service providers are located.
iii. We may share your Personal Data within the Edfundo group of associated companies which are based in various locations globally.
iv. If you are based in the United Kingdom, Europe or the European Economic Area (EEA), this will involve storing and transferring your data outside the with adherence to relevant legal requirements – where applicable.
a) Subject to the Regulations of DIFC, this may involve storing and transferring your data outside of the DIFC, with adherence to relevant legal requirements – where applicable.
b) If you are based in the United Arab Emirates (“UAE”), this may involve storing and transferring your data outside of the United Arab Emirates, with adherence to relevant legal requirements – where applicable.
c) If you are based anywhere else globally, this may involve storing and transferring your data globally, with adherence to relevant legal requirements, wherever and however applicable.
d) In addition, hereto, many of our external third parties are also based outside of the aforementioned geographical regions and globally, so, their processing of your personal data will involve the transfer and storage of data outside the aforementioned territories. We reiterate that you, as the User, accepts that through the application for the creation of a User account, the terms of their individual privacy policies, cookies policies, as well as terms and conditions, as third-party service providers to Edfundo.
e) Some of the countries to which your personal data may be transferred do not benefit from an appropriate protection regulation. For such international countries, we shall have specific data-protection clauses in our agreements and arrangements with them.
f) Whenever we transfer your personal data outside of the EEA, the UAE or any other territory, we will ensure that a suitable degree of protection is afforded to it by ensuring that at least one (1) of the below listed safeguards is implemented:
· We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
· In respect of GDPR compliance (if applicable): we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
· In respect of GDPR compliance (if applicable): In respect of transfers to entities in the United States of America (US), we may transfer Personal Data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
· In respect of the DIFC Data Protection Regulations relating to the transfer of personal data, Transfers will be conducted in accordance with the relevant Regulations.
H. How long will You retain my Personal data?
Your Personal Data is yours, and it will not be retained by us for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed.
If You choose to close Your account, Your Personal Data will generally stop being visible on our Services within 24h. Your Personal Data may continue to be displayed in the services of others until they refresh their cache.
We retain Your Personal Data after You have closed Your account for the purposes for which it was originally collected, or for which it was further processed. If You want us to delete Your Personal Data completely, you can ask us to do so by writing us on [email protected]
We will then strive to delete Your Personal Data as soon as reasonably possible. Please note however that we may be required, as a company providing financial services, to retain some of Your Personal Data for up to five years to comply with our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (SI 2017/692). For example, we are legally obliged to retain Your Personal Data to resolve future disputes, maintain security, or prevent fraud and abuse. Also, under the E-Money Regulation (SI 2011/99) You have the right to redeem Your e-money up to six years after termination of Your account. We therefore use this retention requirement as a benchmark for all Personal Data that we receive from You. In order to not hold Your Personal Data for longer than is strictly necessary we will not hold any of Your Personal Data for more than six years after the termination of our business relationship.
Under the Office of the Commissioner of Data Protection of the DIFC, responsible for administering the Data Protection Law, each Data Subject (in so far as these laws have application) broadly has the following rights:
“The data protection legislation gives certain rights to Data Subjects concerning their Personal Data and Sensitive Personal Data. Generally, a Data Subject has the right to access any Personal Data that is kept about them. If the Personal Data Processed by the Data Controller is inaccurate, then the Data Subject can request the Data Controller to act to rectify, block or destroy the inaccurate data. However, there are certain circumstances, or exemptions, where it is legal for a Data Controller not to have to notify a Data Subject that Personal Data is being Processed. For example, where Personal Data is being released to a legitimate authority to comply with anti-money laundering obligations. A Data Subject can object on reasonable grounds to the Processing of their Personal Data, and request their Personal Data not be disclosed to third parties. This may include circumstances where an individual request a Data Controller to cease Processing Personal Data for the purposes of direct marketing. If the Data Controller objects to the request, the Data Subject may file a complaint with the Commissioner of Data Protection at DIFC who may refer the matter to mediation.”
I. How do you protect my Personal Data?
Your security matters, this is why we have advanced security systems in place.
We know that security is a major concern for You and Your family. To give you peace of mind we have advanced security systems in place. Please know however that although we do our best to protect Your Personal Data, we cannot guarantee the security of Your data during transmission of information via the internet, as any such transmission is at Your own risk. Once we have received Your Personal Data, we will use strict procedures and security features to do our best to prevent unauthorised access to Your data.
To protect Your and your family’s Personal Data we:
· Use secure server software to store Your Personal Data.
· Encrypt Your payment transactions.
· Implement security safeguards designed to protect Your data such as HTTPS.
· Use full login and security question controls on our systems.
· Restrict access of Your Personal Data to those of our employees who need to know Your Personal Data to do their job and ensure that all our employees sign a confidentiality and data security clause as part of their terms of employment.
· Follow tight security procedure, such as maintaining physical, electronic, and procedural safeguards to protect Your Personal Data from unauthorised access as required under the European data protection laws.
· Continuously educate and train our employees about the importance of confidentiality and privacy of customer information.
· Continuously monitor our systems for possible vulnerabilities and attacks; and
· Regularly review and update our privacy controls and policy.
J. Can I also do something to protect my Personal Data?
Yes of course. Follow our quick tips below to keep Your information as secure as possible:
1. Protect Your password:
· Choose a password that is strong and that Your child is unlikely to guess. The password should include a mix of letters, numbers, and symbols.
· Never reveal Your password to anyone else.
· Avoid using the same password for several internet sites.
· Reset Your password every couple of months.
· Sign out of Your account anytime You leave a shared or public computer
2. Protect Your email:
· Include Your personal contact information only in the designated fields of Your Edfundo profile.
3. Protect Yourself from fraudulent messages, scams and phishing:
· Don’t share Your personal information, such as government issued ID numbers, birth date, credit and debit card or bank numbers with people You don’t know.
· Use caution when clicking on links contained within messages.
4. Protect Your devices:
· Ensure that Your devices incorporate some form of malware protection.
5. Explain the importance of online privacy to Your children:
· To help, we’ve drafted a short document explaining data privacy in a way that children may find more digestible. Refer to our EDFUNDO Terms and Conditions – Point 11.2
K. Will you share my Personal Data?
Yes, we may share Your Personal Data with Your consent or as necessary to provide You with the Services You have requested.
First of all, rest assured that we do not pass Your or Your family’s Personal Data to third parties for marketing purposes without Your permission.
We may however access and disclose Your Personal Data in the following circumstances:
1. When the disclosure is requested by You.
2. When working with our business partners (e.g., banking partners, card processor, issuing bank, investment services providers, payment services provider, risk, and security system providers); our suppliers (e.g., maintenance, analysis, audit, payments, fraud detection, marketing, and development); and/or our sub-contractors for the performance of any contract we enter into with them or You. For example, companies we have hired to assist in protecting and securing our system and services may need access to Personal Data to provide those functions. Note that such business partners, suppliers, and subcontractors will only have access to Your Personal Data as reasonably necessary to perform these tasks on our behalf and will be obligated to not disclose or use it for other purposes.
4. When working with advertising and analytics providers: If we decide to engage advertisers to promote our Services, the advertisers and their advertising networks may require anonymised Personal Data to serve relevant adverts to You and others. We will not disclose identifiable information about You to advertisers, but we may provide them with aggregate information about our users. We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant for a subsection of our users. In some instances, we may use Your Personal Data we have collected to enable our advertising partners to display their advertisement to their target audience.
5. When required by law, regulated authorities, government agencies, subpoenas, court orders, or other legal process.
6. When we have a good faith belief that such disclosure is reasonably necessary to:
· Investigate, prevent, or act regarding suspected or actual illegal activities.
· Enforce our agreement with You.
· Investigate and defend ourselves against any third-party claims or allegations.
· Maintain the security and integrity of our Services.
· Protect the rights and security of Edfundo user’s, personnel, or others.
7. When we are under a legal duty to disclose or share Your Personal Data in order to comply with any legal or regulatory obligation or request such as subpoenas and court orders. We will use our best efforts to notify You about such legal demands when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.
L. What are my rights regarding my Personal Data?
Your Personal Data is Yours and You can always access it, edit or delete it. Just contact us to request this.
1. You can ask us to view, rectify or delete Your Personal Data
If You wish to exercise any of Your rights, as listed below, please contact us on via [email protected]. We will be happy to help (unless we are prohibited by law from doing so). No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature. Here are Your rights:
· View Your Personal Data
· Object to the processing of Your Personal Data
· Object to automated decision making and profiling
· Restrict the processing of Your Personal Data
· Rectify Your Personal Data
· Erase Your Personal Data
Upon successful verification of Your identity, you are entitled to obtain the following information about Your own Personal Data:
· The purpose of the collection, processing, use and storage of Your Personal Data
· The categories of Personal Data stored about You
· The recipients or categories of recipients to whom Your Personal Data has been or may be transmitted, along with the location of those recipients
· The envisaged period of storage for Your Personal Data or the rationale for determining the storage period
· The use of any automated decision-making and/or profiling
2. You can close Your account
You can always choose to close Your account by writing us on [email protected].
If You choose to close Your account with us, Your Personal data will generally stop being visible on our Services within 24h. Your Personal Data may continue to be displayed in the services of others until refresh their cache.
We retain Your Personal Data after You have closed Your account for the purposes for which it was originally collected, or for which it was further processed. If You want us to delete Your Personal Data completely, you can ask us to do by writing us via [email protected].
We will then strive to delete Your Personal Data as soon as reasonably possible. Please note however that we may be required, as a company providing financial services, to retain some of Your Personal Data for up to five years to comply with our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (SI 2017/692). For example, we are legally obliged to retain Your Personal Data to resolve future disputes, maintain security, or prevent fraud and abuse. Also, under the E-Money Regulation SI2011/99) You have the right to redeem Your e-money up to six years after termination of Your account. We therefore use this retention requirement as a benchmark for all Personal Data that we receive from You. In order to not hold Your Personal Data for longer than is strictly necessary we will not hold any of Your Personal Data for more than six years after the termination of our business relationship. iii) You can ask us to stop sending You promotional communications
3. You can ask us to stop sending You promotional communications
We usually like to send our customers special promotional communications such as newsletters, offers and updates that we think will be of interest to them.
When You sign-up You will have the choice to choose to receive promotional communications from us by clicking the opt-in button. That opt-in covers both you and the children that you add to your edfundo account. In line with the General Data Protection Regulations (GDPR) we store that consent for you and your children separately. Until your child reaches the age of 13, you can update his or her preferences. Once your child turns 13, he or she can also update their own preferences.
You (or your child if they are over 13) can always update Your preferences later by either logging into Your account. Please remember that we will always continue to send important Service information to You.
M. What happens if my Personal Data is compromised?
We always strive to be transparent with You. So, if we notice that Your Personal Data is compromised, we will take the following responsive action:
· Notify You via email within 7 business days
· Notify the users via in-site notification within 7 business days
Take a look at our document explaining Data Privacy to children.
We believe that children should also understand the importance of online safety and privacy, so we will ensure a child friendly version is accessible. Refer to our EDFUNDO Terms and Conditions – Point 11.2