1. Purpose
Utransfer US LLC (“Utransfer US” or "Company") created this Policy to ensure there is a policy and process in place which will govern how the Company will manage and resolve the Privacy Notice.
2. Privacy Requirements
Utransfer at this time will not be allowing transactions in or out of the UK therefore the risk for GDPR is low and will not be addressed within this policy and the notice. Instead, the California Consumer Privacy Act or CCPA will be included on the website for the users to refer to as well as the registration process for all of those users who may live in California. Please note though that the CCPA will likely not apply to Utransfer for at least a few years’ time as UTransfer is not likely to meet the thresholds required for CCPA.
3. Privacy Complaints
Utransfer will handle all complaints (including privacy) through the ticketing system through the Utransfer portal and/or mobile application. The complaint log will be updated manually following the complaint policy. When (if) the CCPA or other states enact other privacy law, Utransfer may decide to specialize privacy complaints in another area due to the sensitivity of the reply timeline, however that will not be needed currently.
4. Privacy Notice
The CCO will be responsible for updating the notice every year or when a material change has occurred that may impact privacy complaint/dispute resolutions and or business practices conducted by Utransfer. Any change will be communicated to the bank for any feedback prior to the privacy notice going “live.” Utransfer will treat the Privacy Notice like that of the Marketing material, bank’s approval is required prior to any public facing disclosing. The privacy notice will be available on both the webpage and the mobile application for users to review. Registration will require that the user review the privacy notice and accept the conditions. If conditions are not accepted, the user will not be able to log on and use the software until the provisions are accepted.
5. Country Privacy Risks
Utransfer will make the bank partner aware of any new countries it plans to go into. Please note that this will be part of the risk assessment that is provided to AML. Any significant privacy law will be listed within the risk assessment as well as how the company plans to mitigate and/or avoid the risk.
6. Policy Administration
This Policy will be reviewed and, if applicable, updated at least annually.
Privacy Notice
Utransfer US or “the company,” at times must collect personal data from you. Utransfer US is required to follow United States laws which includes the Patriot Act. The Patriot Act requires certain minimum personal information which will be used to identify you. Utransfer US utilizes a bank partner, Global Innovations Bank to service your account. As a bank, Global Innovations Bank (GIB) is required to follow the Gramm Leach Bliley Act (GLBA). The GLBA requires Financial Institutions to provide their information sharing practices. You may review our bank partner’s privacy policy and notice “Here”.
Why does Utransfer US need to potentially share my data? Financial companies like Utransfer US are required by federal law to share certain data with regulators, federal agencies, and in some cases bank partners.
What Information do you Collect? The types of information that we collect, and share are for regulatory requirements so that we may comply with federal and state laws. This may include the following sensitive PII: Social security number, personal income, date of birth, full name, physical address, and other documentation as required by customer due diligence regulation. Your information is kept on file five years after closure to comply with BSA regulations.
How do you use my Information? We use personal identifying information for everyday purposes such as sanction screening, fraud prevention, and identification. This may include sharing of your information with vendors that we utilize that are able to verify identities, monitor fraud, and/or provide reporting services.
Utransfer US takes strides to protect your information by implementing safeguards such as intrusion detection and intrusion prevention tools. Utransfer complies with ISO 27001 standards which includes guidance that helps deter and detect data breaches.
Utransfer complies with all state laws which includes breach laws. In the case a breach occurs, Utransfer will follow the requirements issued by state law for any notification requirements. Any personal sensitive PII that may have been stolen will be communicated to you pending investigation completion. For further information on state specific breach laws, you may visit your state’s consumer department website.
For Nevada Residents Only. Nevada Revised Statutes Chapter 603A governs the collection of personally identifiable information for consumers. Utransfer is a financial institution subject to the Gramm-Leach Bliley Act therefore the Nevada privacy law does not apply.
California. Under California law, we will not share information we collect about you with companies outside of Utransfer US, unless the law allows. We may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our companies to the extent required by California law.
Vermont. Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows it. We may share information with your consent, to service your accounts or provide information to our partner institutions to help detect/deter fraud. We may share information about our transactions or experiences with you within our corporate family without your consent.
Any questions regarding this notice may be sent to; support_us@utransfer.com or a ticket may be submitted through the website or mobile application.