Policy Statement

Saaf Remit (hereinafter referred to as the “Company”) and its employees are committed to protecting the privacy and security of personal data. We comply with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are dedicated to being transparent about what data we collect, how we use it, and the rights individuals have over their data.

We are committed to protecting the privacy and confidentiality of our customers, employees, and partners. This Privacy Policy outlines how we collect, use, store, and disclose personal data in compliance with applicable data protection laws. We handle all personal information in a secure, fair, and transparent manner.

All controls and procedures are approved by a senior management, kept in writing and be communicated throughout our organisation to staff, and service providers in and outside the UK.

Purpose

The purpose of this Privacy Policy is to:

• Ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
• Explain how and why we collect and process personal data.
• Inform individuals of their data protection rights.
• Establish internal standards for safeguarding personal data and maintaining trust.

This policy sets out:

• How we collect, use, store, share, and protect personal data
• Our obligations under data protection law
• The rights of our customers, staff, and third parties
• How we comply with the FCA, ICO, and other relevant regulatory standards

It applies to:

• Customers who use our payment and money transfer services
• Website users
• Employees and job applicants
• Business partners and service providers

Legal and Regulatory Guidelines

This policy is governed by:

• UK GDPR (post-Brexit data protection framework- as retained under the Data Protection Act 2018)
• FCA SYSC Rules relating to systems and controls
• FCA Consumer Duty, particularly the “Customer Understanding” and “Customer Support” outcomes
• Money Laundering Regulations 2017, which require identity and transaction verification while ensuring proportionality and privacy.

We are registered with the Information Commissioner's Office (ICO) as a data controller.
ICO Registration Number: [ZB822897]

Scope

This policy applies to:

• All personal data collected or processed by the firm.
• All staff and contractors handling personal data.
• Customer and employee data across all platforms, including web, API, software systems and physical records.

Lawful Basis for Processing

We process personal data based on the following lawful grounds under UK GDPR:

• Contract – to provide our services
• Legal obligation – to meet regulatory requirements (e.g. AML)
• Legitimate interest – for internal administrative purposes
• Consent – for marketing or where required explicitly
• Vital interest – in emergencies where data is needed to protect life. (If required)

What Data We Collect

We may collect the following data:
a. Customer Data

• Full name
• Date of birth
• Address and contact details
• Identification documents (passport, driving licence)
• Transaction history
• Recipient information (name, country, account or pay-out partner)

b. Employee and Job Applicant Data

• Contact details
• CVs and application forms
• Criminal record and right-to-work checks (if required)
• Payroll and tax information

c. Website/User Data

• IP addresses
• Cookies and usage analytics (via consent banners)
• Contact form submissions

We collect the following categories of personal information from customers, agents, and website users:

Category	Examples
Identity Data	Full name, date of birth, nationality, photo ID (passport, driver’s licence)
Contact Data	Email address, phone number, address
Transaction Data	Amount sent, recipient info, purpose of transfer, bank details
KYC/AML Data	Source of funds, risk rating, PEP/sanctions screening results

Why We Collect Personal Data

We use personal data to:

• To provide and Process Money Transfer Services- We collect personal data such as the customer’s name, address, recipient details, transaction amount, and payment method to:
• Facilitate the sending of money to beneficiaries
• Accurately record, execute, and trace the transaction through our
• Generate payment receipts and transaction confirmations
• Ensure the funds reach the correct recipient in a timely and secure manner

Without collecting this data, we would be unable to perform the core financial service requested by the customer.

• To Verify Identities (KYC/AML Compliance) - As a regulated financial service provider, we are required under Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) laws to perform due diligence on customers.

We collect identity documents (e.g. passport, driving licence), proof of address, and date of birth to:

• Verify the identity of individuals and businesses
• Assess risk based on jurisdiction or transaction pattern
• Monitor ongoing transactions for suspicious activity
• Report suspicious transactions to the National Crime Agency (NCA) when required

This data processing ensures compliance with FCA, Money Laundering Regulations (MLR 2017), and Proceeds of Crime Act 2002.

• To Prevent Fraud and Financial Crime- Fraud prevention and customer protection are central to our operational priorities. We use personal data to:
• Detect and block unusual or unauthorised activity
• Conduct checks using fraud detection systems or databases
• Authenticate users during logins or phone verifications
• Report attempted or actual fraud to relevant agencies (e.g. Action Fraud, FCA)

 

This processing protects both the customer and our business from loss, misuse, or criminal exploitation.

• To Communicate with Customers and respond to Enquiries -We use personal data like email addresses, phone numbers, and previous transaction history to:
• Send service-related communications (e.g., transaction updates, payment delays)
• Respond to customer enquiries and complaints in a timely manner
• Offer tailored assistance or guidance based on a customer’s transaction pattern
• Send satisfaction surveys or service updates (with consent)

 

This allows us to provide a high-quality, responsive, and customer-focused experience.

• To Comply with Legal Obligations- We are required by law and regulation to retain and share certain personal data with authorities such as:
• HMRC for tax-related obligations
• FCA for conduct and compliance reviews
• ICO in response to data protection queries or complaints

 

• We also use data to:
• Maintain financial records for audits
• Fulfil subject access requests (SARs) under UK GDPR
• Respond to court orders, law enforcement requests, or regulatory investigations

This is necessary to remain in good standing with UK regulatory bodies and uphold the integrity of the financial system.

• To Improve Our Services- We use anonymised or aggregated personal data (or consent-based data) to:
• Analyse customer feedback and transaction trends
• Identify areas for operational or digital improvement
• Train our staff using real (non-identifiable) scenarios
• Design better user experiences on our website or apps

 

This helps us deliver faster, safer, and more user-friendly services that meet customer needs and expectations.

How We Use Personal Data

We use data to:

• Verify customer identity and meet AML obligations
• Process and deliver money transfers
• Prevent and detect financial crime
• Provide customer support
• Maintain transaction records
• Comply with FCA and HMRC reporting duties
• Send service messages (not marketing) related to rates or service updates

Sharing Personal Data

We may share data with:

• Regulatory bodies (e.g., FCA, HMRC, NCA)
• Law enforcement (when legally required)
• Payment service providers
• Software providers under data processing agreements
• ID verification and screening tools (e.g., KYC/AML services)

Note: We do not sell personal data to third parties.

Data Retention

We retain personal data for as long as necessary to:

• Comply with legal and regulatory obligations (usually 5 years post-relationship)
• Fulfil contract obligations
• Resolve disputes and enforce agreements

International Data Transfers

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

• UK Adequacy Regulations
• Standard Contractual Clauses (SCCs)
• Processor agreements with our software partners

Data Subject Rights

Under UK GDPR, individuals have rights to:

• Access their data
• Correct inaccurate data
• Request erasure ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made to our Data Protection Officer (DPO):
📧 info@saafremit.co.uk
📞 020 7266 6541

Security Measures

We implement appropriate technical and organizational measures:

• End-to-end encryption of transaction data
• Access controls and staff training
• Regular data audits
• GDPR-compliant agreements with third-party processors
• Secure cloud hosting and two-factor authentication (2FA)

Individual Rights

Individuals have the following rights:

• Access – request a copy of their personal data
• Rectification – correcting inaccurate or incomplete data
• Erasure – request deletion of your data (in certain cases)
• Restriction – limit how we use your data
• Objection – object to certain uses (e.g., marketing)
• Portability – request their data in a transferable format

Cookies

We may use cookies to improve user experience. Customer can manage cookie preferences in their browser settings. We do not use cookies for advertising or profiling.

Changes to This Policy

This policy will be reviewed annually or as required by changes in law or business processes. Latest update: April 2025