Send Credit Privacy & Cookies Policy

Table of Contents

    We care about your privacy

    As a business, we are subject to certain regulations (among which, the European General Data Protection Regulation) that require us to comply with a number of obligations regarding your data.

    In this document, you can learn everything about how we use your data: that we collect it from you and your actions, that we process only what we need in order to perform what you have asked or consented to (or what the law requires us to…), that we protect with appropriate technology and that we will not share it with anyone, including law enforcement, unless we are forced to by laws and regulations.

    The right to privacy is a basic human right. We will fight for yours.

    1. Introduction

    The ”Send Credit Group”, comprising the entities mentioned below as well as their parent companies, subsidiaries and affiliates, is committed to protecting the privacy of our Customers.

    This privacy policy is issued on behalf of AIRFILL PREPAID AB, a limited company incorporated under the laws of United Kingdom and registration no. 559001-6035 (“Airfill”). Airfill is a data controller of the personal data collected through our websites www.sendcredit.com and www.airfill.com (“Websites”), or through our mobile application Send Credit, available on Apple and Android app stores (“App”).

    When creating an account, or before acquiring a Product, we will ask you to review this Policy and accept its contents before proceeding. You should read this policy in full before proceeding.

    If you don’t want us to collect, use or share your personal information as outlined in this Privacy Policy, or if you are under 18 years old and unsupervised by parents or legal guardians, please stop using our Websites or App.

    2. What personal data do we collect?

    We can collect your data directly (e.g. when you give it to us), indirectly (e.g. when someone else gives it to us) or through automated technologies (e.g. cookies).

    Please find below an outline of the types of data that we may collect and how we collect it.

    Data directly provided by you
    Type of data
    Description
    Basic identification data
    Email Address, Phone number
    Preferences data
    Preferred products, settings and preferences selected in Websites and/or App.
    Transaction data
    Data about the transactions made on our Websites and App, such as the amount, currency preferences, payment method, date, and/or timestamp, products purchased.
    Customer Support data
    Data provided by you during customer support exchanges, or in response to customer surveys.
    Data indirectly obtained about you
    Type of data
    Description
    Basic information data, KYC customer data, Business and professional data, Financial data, Wallet data, Transaction data, Customer Support data
    Described above. During your interactions with our affiliates, partners or service providers, you may provide them with data that may be transmitted to us for the purposes outlined below on “Why do we process your personal data”. We may also receive data about you from a person who has submitted it for our referral program.
    Publicly available data
    May include all types of data described above, if they are publicly available, as well as blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses unrelated to your transactions with us, as well as media reports about you). We collect and process publicly available data about you, as necessary for the purposes outlined below on “Why do we process your personal data”.
    Advertising data
    We receive data from our advertising partners on your interactions with marketing and advertising content (clicks, actions, time spent, etc.).
    Analytics data
    We receive data from our analytic providers about your usage of the Websites and App (page clicks, actions, time spent, etc.), your age group and geographic region, as well as survey responses.
    Counterparty data
    We may receive data from counterparties with whom you have interacted in relation to a Product or service provided by us, about how you have interacted with them.
    Transaction data
    We may also receive transaction data from third-parties with whom we offer products to you, such as Send Credit Card. In this case, Send Credit will receive data on your card usage, with the sole purpose of enabling you to see that data on your account.
    Data automatically obtained about you
    Type of data
    Description
    Device, browser and app data
    Our systems collect information about your device, its operating system, and browser, along with additional features or identifiers such as plugins and the network you connect to, as well as your IP address.
    Usage data
    Our plugins and cookies collect information about your activities, such as what you view or click on our Sites and Apps, your usage of our Services, as well as diagnostic and troubleshooting data, which includes service-related performance details, timestamps, crash data, website performance logs, and any error messages or reports.
    See below our Cookies Policy for more information.

    We do not collect any special categories of personal data about you (e.g. race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic data) other than, as described above.

    The nature of some services requires you to give us personal data (e.g., your phone number or e-mail to deliver a top-up or gift card). In those cases, we will only be able to provide the service if you provide us with that information, and we retain the ability to terminate your account if we no longer have the ability to process the personal data necessary to provide you with our Products.

    2. Why do we process your personal data?

    Purpose/Activity
    Type of data
    Lawful basis for processing including basis of legitimate interest
    To open and maintain your account.
    1. Basic information data
    2. Professional data
    3. Biometric data
    1. Performance of a contract with you
    2. Necessary to comply with a legal obligation
    3. Necessary for our legitimate interests (to start an ongoing customer relationship).
    4. You expressly consent to this when you create an account.
    To sell you the Products and provide you with services
    1. Basic information data
    2. Preferences data
    3. Transaction data
    1. Performance of a contract with you
    2. Necessary to comply with a legal obligation
    3. Necessary for our legitimate interests (to conduct our business).
    4. You expressly consent to this when you create an account.
    To manage the Send Credit store
    1. Preferences data
    2. Transaction data
    3. Customer support data
    1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise);
    2. Necessary to comply with a legal obligation.
    3. You expressly consent to this when you create an account.
    For advertisement, data analytics and to provide recommendations
    1. Analytics data
    2. Advertising data
    3. Device, browser and app data
    4. Usage data
    5. Counterparty data
    1. Necessary for our legitimate interests (to study how users use our services and website, to develop them, to grow our business and to inform our marketing strategy). This data is not shared/sold to third parties for any purpose whatsoever.
    2. You expressly consent to this when you create an account.
    To comply with internal and external policies, guidelines, rules and legislation (for example, to respond to law enforcement requests)
    1. Basic information data
    2. Professional data
    3. Transaction data
    4. Publicly available data
    5. Counterparty data
    6. Device, browser and app data
    1. Necessary to comply with a legal obligation
    2. Necessary for our legitimate interests (ensure that we run a safe and credible platform)

    3. When do we share your information?

    3.1. General

    Send Credit works with multiple partners, providers and other third parties to enable the Products and provide Customers with the Send Credit service. For that end, Send Credit shares certain information with third parties, as explained below.

    Title
    Description
    Our group and our team

    Your data may be shared, with other entities of the Send Credit Group if you wish to acquire Products that are sold by other entities of the group. Your data may also be accessed by our employees and people who we may hire as contractors or freelancers.
    • Send Credit, when acquiring Products that are sold by this entity (Basic information data, Financial Data, Transaction Data)
    Our third-parties

    Your data may be received from, or shared with (to the extent necessary), the following entities that provide services to/with Send Credit, among others that Send Credit from time to time engages to provide services.
    • Google, for analytics, e-mail and storage (all data minus biometric data)
    • Airship for analytics (Basic information data, wallet data, transaction data, usage data, device, browser and app data)
    • Freshdesk for customer support (Basic information data, customer support data, transaction data)
    • Airship for e-mail marketing (basic identity information)
    • Meta, TikTok, Snapchat, Reddit, Quora or Twitter/X for social media advertising (advertising data, analytics data)
    • Sentry for performance monitoring (basic identification data, transaction data, usage data, device, browser and app data)
    Your third parties
    Your data may be shared with your third parties, as instructed or needed by you, in order to complete the services to you. This may include your wallet providers, your e-mail provider or others you may require us to engage with.
    Public authorities and regulators, professional advisors and other industry partners
    Your data may be shared with regulators and law enforcement authorities as per 3.2 below, in response to legitimate requests made in the course of their activity.
    Your data may also be shared, from time to time, with professional advisors such as lawyers, cybersecurity or compliance consultants, to fulfil our compliance obligations, assist us in defining adequate courses of action, and detect, investigate or prevent illicit activity in our platform.
    Corporate events
    Your data may be shared in the context of a corporate event such as a purchase or sale of assets or of a company, a merger or spin-off, an acquisition or reorganisation, a liquidation or a simple change of control

    3.2. Specifically: Cooperation with law enforcement

    Your personal data will only be disclosed to law enforcement authorities, or other government bodies, to the extent required by laws and regulations.

    Send Credit will not ordinarily share Customer personal data unless required to do so by an appropriate legal instrument (e.g. a subpoena, a warrant, or the legal equivalent in the issuing country).

    Exceptional circumstances (such as a very urgent request that may save a human life, or avoid great harm) may determine a different reaction from our side, but only to the extent permitted by law.

    4. How do we protect your personal data?

    We are committed to protecting the privacy and confidentiality of your personal data. Access to your data is limited only to authorized Send Credit officers, employees, contractors or others who may require access to it in order to perform the services requested by you.

    More specifically, we have implemented the following security measures:

    • Staff dedicated to cyber and physical security, that designs, implements and provides oversight to our information security program;
    • The use of specialized technology such as host-based security tools, network defence monitors, and intrusion detection systems;
    • Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
    • Internal and external reviews of our Internet website and services;
    • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
    • Implementing controls to identify, authenticate and authorize access to various systems or sites;
    • Protecting information during transmission through various means including, where appropriate, encryption; and
    • Providing Send Credit personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

    4.1. Specifically: your password

    Customers are responsible for ensuring that their password is not shared or accessed by any other person, as well as for keeping their devices safe.

    Send Credit highly recommends its customers to use the 2FA (two-factor authentication) feature made available to them.

    We have in place the following security measures for your password:

    To ensure the safety of your password, we have implemented a series of security measures.

    Our password strength validator checks for a minimum length, as well as the presence of uppercase and lowercase letters, numbers, and special characters. By hashing passwords, we ensure that even if a potential breach occurs, actual passwords will remain undisclosed.

    To further protect your account, we confirm the password reset token before allowing a password change. Finally, we notify users whenever their password is changed to ensure they are aware of any unauthorized modifications.

    5. How can you exercise your data subject rights?

    Under certain circumstances, you have the following rights under the data protection laws in relation to your personal data:

    • Right to access, correct or erase your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it, correct any inaccuracies or request (to the extent permitted by law) the deletion of your data.
    • Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
    • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
      • If you want us to establish the data’s accuracy.
      • Where our use of the data is unlawful but you do not want us to erase it.
      • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
      • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
    • Request the transfer of your personal data to you or to a third party.
    • Withdraw consent at any time where we are relying on consent to process your personal data.

    If you wish to exercise any of the rights set out above, please contact us in writing to support@sendcredit.com.

    Please note that when applicable exceptions apply, some or all of these rights may not be enforceable. This will be the case, for example, if we have reason to suspect you may have been using our platform for unlawful purposes.

    In these cases, we can either refuse to, for example, erase your personal data and transactions record, or agree to do it within a certain reasonable time period that would allow us to confirm or waive our suspicions.

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unreasonable, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

    We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

    6. How long do we keep your personal data?

    We will keep your personal data for the time needed to fulfil the purpose for which it was collected, be it selling you Products, complying with legal obligations, or protecting ours, yours or other’s interests.

    If you have an account with us, we will keep your data collected in relation to your account activity for as long as the account exists.

    We will keep information that is collected and processed for compliance purposes (namely information connected with ongoing investigations, or processed in the context of our anti-money laundering policy), for a minimum of 5 years, in accordance with applicable legislation and our internal money laundering process.

    This includes basic information data, KYC customer data, financial data, transaction data, and certain device, browser and app data. We keep this information regardless of your request to delete it, if you have purchased Products that require KYC or if you have exhibit suspicious behaviour in your dealings with Send Credit.

    We will keep information that is relevant for tax purposes for a minimum of 7 years.

    We will keep information about your application for a job at Send Credit until the moment we fill out the position, and unless you authorize us to keep that information further for consideration for new job openings, we will delete it and you will need to resubmit it again if you want to reapply.

    If you request us to delete your personal data, we will comply with that request to the extent possible. In certain circumstances, we may be forced by tax, anti-money laundering or other compliance regulations and policies, to keep your data despite of your request. We will inform you of that circumstance.

    7. Minors

    Our website and services are not intended for children under 16 years of age.

    We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information to us without parental consent. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.

    8. International transfers

    To enable our platform and services, we may need to transfer and process your personal data in countries outside the EEA, where Send Credit is based. Although we strive to ensure that your personal data remains within the EEA whenever possible, certain third-party providers are located abroad and therefore in certain circumstances transferring your personal data internationally is unavoidable.

    When that happens, we rely on adequacy decisions from the European Commission, whenever possible, and on the European Commission’s Standard Contractual Clauses to enable the transfer of data to third countries.

    We also rely on exemptions provided by the GDPR (article 49), for example in order to share personal information when requested by law enforcement authorities, or to connect with our suppliers in order to fulfil your order.

    9. Miscellaneous

    1. If you have questions about this Privacy Policy and how we handle your data, please send an email to support@sendcredit.com with your question.
    2. As our platform evolves, we may need to modify our Privacy Policy from time to time. Those changes will be made in this page, and when significant, we will inform you.

    If you wish to contact us for any matter related with the Send Credit Global Privacy Policy or with how we process your personal data, please contact us at support@sendcredit.com.

    10. Cookies Policy

    This policy relates to the website www.sendcredit.com, owned by AIRFILL PREPAID AB, a limited company incorporated under the laws of United Kingdom and registration no. 559001-6035 (“Send Credit”), and explains how it deploys cookies and what options do you have to control them (the “Cookie Policy”).

    10.1. What are “cookies”?

    Cookies are very small pieces of data, stored in text files on your computer or other device when websites are loaded in a browser.

    They are used mainly to “remember” you and your preferences. In many sites, they ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in.

    Cookies can be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).

    Websites may also contain other similar technologies such as “web beacons” or “pixels.”

    These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way.

    As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted. For the purposes of this policy, we will use “cookies” as also including “web beacons” or “pixels”.

    10.2. What cookies does this website use?

    The website uses third-party performance cookies. Through these cookies, we do not collect nor process any of your data: we just enable the collection and processing of such data by third-parties.

    Performance cookies collect information on how users interact with our website, including number of visitors, time spent, as well as other analytical data. We use these details to improve how our website function and to understand how users interact with it, and also to improve our advertising strategies. We may use the following cookies:

    AMP_TOKEN
    Google Universal Analytics
    This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service
    _ga
    This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
    __cfduid
    CloudFlare
    Cookie assoiated with sites using CloudFlare, used to speed up page load times. According to CloudFlare it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information.
    __fdp
    Facebook
    Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

    Also, following the consent you provide for the use of the abovementioned cookies, we deploy a single cookie for the single purpose of remembering such consent.

    10.3. How can you control the use of cookies in this website?

    A “cookie notice” appeared when you accessed our website, requesting your consent for the use of cookies. Your consent should be free, explicit, unambiguous and properly informed by this Cookie Policy.

    When you consent in this manner, we place advertising cookies on your browser. If you do not provide consent, we will not deploy any cookies in your browser.

    If you do provide consent, you can opt-out at any time by clicking here. By doing so, you won’t share information with our analytics tool about events or actions that happen after the opt-out.

    10.4. Contact Us

    If you have any questions about our use of cookies or other related questions, please refer to our Privacy Policy. For any further questions, please contact us at support@sendcredit.com.

    Last Updated: March 03, 2024