Privacy Notice

At First Rate, we’re committed to protecting and respecting your privacy

 

This Notice explains when and why we collect personal information about people who visit our website and/or when you use our website to buy foreign currency online or a Travel Money Card. This Notice also explains how we use your personal information, our legal basis for doing so and the conditions under which we may disclose your personal information to others and how we keep it secure.

We may change this Notice from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by the terms of this Notice.

Any questions regarding this Notice and our privacy practices should be sent by email to [email protected] or by writing to us at First Rate Exchange Services Limited, Great West House, Great West Road, Brentford, London, TW8 9DF.

Who We Are

We are First Rate Exchange Services Limited. We are jointly owned by the Post Office Limited and the Bank of Ireland Group plc. Our registered address is Great West House, Great West Road, Brentford, London, TW8 9DF. We provide foreign exchange services to consumers and businesses in the UK.

First Rate Exchange Services Limited is registered with the Information Commissioner’s Office (the ‘ICO’) as a data controller with registration reference Z6622513

If you have any enquiries, concerns or complaints about our data processing activities, please contact us either by:

  • telephone on 03458 50 30 50 between 9am – 5pm Monday – Friday; or,
  • email at [email protected]; or,
  • post to Great West House, Great West Road, Brentford, London, TW8 9DF

Alternatively, the ICO also provides a helpline and complaints service. The ICO is the United Kingdom’s independent regulatory authority in relation to data protection matters and information rights and can be contacted at: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or at www.ico.org.uk or by telephone on 0303 1231113.

Links from Other Websites

First Rate provides a range of currency services to customers referred to us by major UK retailers such as Post Office Limited. You may be using our service after clicking on a link from a website owned by one of these companies. We may share your information with these website owners as set out below.

If you linked to our website from a retailer’s site, we cannot be responsible for the retailer’s privacy policies and practices. We recommend that you check the privacy notice provided at the retailer’s site.

How do we collect information from you?

We obtain information about you when you visit our website or when you use our website to purchase foreign currency online, or to purchase a Travel Money Card or when you contact us about our products and services.

What type of information is collected from you?

The personal information we collect might include (depending upon the service you use) your name, date of birth, postal address, email address, your bank and identity details (such as, passport or driving licence information), your IP address, information about your computer, and information regarding which of our site pages you have accessed during your visit to our website and when it occurred.

If you apply for and/or purchase a Travel Money Card through us your personal information will be collected and shared with credit reference agencies for the purposes of carrying out an electronic ‘Know Your Customer’ check under the name of First Rate Exchange Services Limited. This procedure is carried out in order to verify your identity as we are required to do by law (see also the ‘Tackling Fraud’ and ‘Our Legal Obligations’ sections below). We may also share that information with Post Office Limited.

How is your information used?

We may use your information to:

  • process the online currency orders that you have submitted to us; and/or,
  • process the Travel Money Card order that you have applied for; and,
  • carry out our obligations arising from any contracts entered into between you and us;
  • carry out our legal obligations such as compliance with UK anti-money laundering and finance regulations;
  • send you communications about your orders;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested; and,
  • send you communications that may be of interest to you.

Our lawful grounds for processing your information

The obligations imposed on us by UK data protection law mean that we can only use your personal data if we have a lawful reason to do so. This section explains the lawful reasons we have for using your personal information:

Our contract with you

We may use and process your personal information because it is necessary for the purposes of: (i) the formation, performance or termination of our agreement with you in relation to the sale, supply and support services (including claims) of our products and services in accordance with our terms and conditions of business [Travel Money Terms and Conditions and Travel Money Card Terms and Conditions] or, (ii) because we have asked you or you have asked us to take specific steps before entering into such an agreement.

Our legal obligations

We may use and process your personal information because it is necessary to fulfil our legal obligations that we are required to comply with including (without limitation) adhering to the ‘know your customer’ requirements imposed by UK anti-money laundering legislation and, our obligations for the prevention and detection of fraud. This may include responding to a request from the courts or the police and includes processing your personal information where it is necessary for the establishment or defence of legal claims or whenever courts are acting in their judicial capacity. We also required to comply with the regulatory requirements of the Financial Conduct Authority and the legal obligations imposed by the Data Protection Act 2018, UK GDPR and PECR 2003.

Our legitimate interests

We may use and process your personal information where it is necessary for our own legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your individual rights and interests.

In summary, processing your personal information is necessary for our following legitimate interests:

  • Website management, including administering your online enquiry and related administrative tasks;
  • Recording and monitoring telephone calls and emails for training purposes and to improve the quality of our services;
  • Improving customer facing services, including managing complaints, solving issues via live chat support, messages, notifications, telephone, or email and asking you for a review of our products or services;
  • Producing management information;
  • Preventing crime and detecting fraud (see also and in addition to ‘our legal obligations’ above);
  • Defending claims and for our own insurance purposes;
  • Our direct marketing activities, including determining whether our marketing activities are effective;

Your consent

We may use and process your personal information because you have given us your consent when you access or visit our Website or when you search our Website for our products and services. The type of personal information we may collect from you when you access, visit or search our Website, may include information about your computer via analytics software such as Google Analytics or other similar technologies. The information we collect includes details of your visits to our Website, traffic data, location data, your IP address, operating system and browser type (see also the section Website Recording below). If you do not agree to us collecting your personal information in this way, then you should not use our website.

Who has access to your information

If you have reached this website from a Website owned by another company First Rate will pass your personal data to the Website Owner. However, they will require your explicit permission to contact you for marketing purposes. When you are using our website we may ask for your permission to allow the Website Owner or other parties to contact you.

First Rate will share some of your personal data with Post Office Limited and collects marketing permissions for Post Office Limited on their behalf.

We will not sell or rent your information to any other third parties.

Third Party Service Providers working on our behalf

We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service you have requested and we will have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. The only circumstance in which we will otherwise transfer your information will be when we are legally required to do so for instance, in response to a court order, or for the purposes of prevention of fraud or other crime. If you purchase foreign currency from us the transaction will be processed by one or more third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.

If you apply for a Travel Money Card your details will be passed on to and verified by credit reference agencies who will complete an electronic ‘know your customer’ check under the name of First Rate Exchange Services. Electronic checks are undertaken by Equifax and/or Experian and their privacy policies can be viewed on the websites below:

https://www.equifax.co.uk/Aboutus/Privacy_policy.html  https://www.experian.co.uk/consumer/privacy.html

If you have any questions regarding secure transactions, please contact us.

We may transfer your personal information to a third party as part of a sale or transfer of some or all of our business and assets to a third party, or if we’re under a duty to disclose or share your personal information in order to comply with any legal obligation or to enforce or protect our contractual rights. In any of these circumstances we will ensure that your privacy rights continue to be protected.

Your choices

The Data Protection Act 2018 and the UK GDPR, gives you a number of important Information Rights which in most cases you can exercise free of charge. However, your ability to exercise your Information Rights depends on various factors, and in some cases it will not be possible for us to agree to your request e.g. where legal exemptions apply, or where the specific right you seek does not apply to the type of information we hold.

In summary, your Information Rights are:

  • The right to obtain confirmation from us as to whether or not we are processing your personal data and if we are, the right to be provided with certain supplementary information about our processing activities; however, please note that this Privacy Policy is already designed to provide you with that supplementary information;
  • The right to ask us to correct any mistakes contained in the information we hold about you;
  • The right to require us to erase your personal data in certain situations;
  • The right to data portability, which means the right to receive (or for a third party you have chosen to receive) an electronic copy of the personal data you have given to us;
  • The absolute right to object at any time to processing your personal data where we only use it for direct marketing;
  • The right to object to decisions being taken about you based solely on automated means which produce legal effects concerning you or are similarly significant in how they affect you;
  • The right to object in certain other situations to our continued processing of your personal information;
  • The right to otherwise restrict our processing of your personal information in certain circumstances.

 

For further information on each of these Information Rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, the link is here https://ico.org.uk/yourdatamatters/yourrighttogetcopiesofyourdata/

If    you    would    like    to    exercise any         of       the     rights above, please      email     us        at

[email protected]  or write to us at Data Protection, First Rate Exchange Services Limited, of Great West House, Great West Road, Brentford, London, TW8 9DF.  Let us have enough information to identify you and let us know the information to which your request relates.

We want to make sure that your personal information is accurate and up to date. Therefore, if you think any information we hold about you is incorrect or incomplete, please email or write to us at the addresses given above as soon as possible so we can update our records.

You have a choice about whether or not you wish to receive information from Post Office. If you do not want to receive direct marketing communications from Post Office about the various products and services, then you can select your choices by ticking the relevant boxes situated on the online forms from which we collect your information.

Post Office will not contact you for marketing purposes by post, email, phone or text message unless you have given your prior consent.

You can change your marketing preferences at any time by contacting us by [email protected].

How you can access and update your information

The accuracy of your information is important to us. If you change your email address, or if any of the other personal information we hold about you is inaccurate or out of date, please email us at: [email protected], or write to us at: First Rate Exchange Services Limited, Great West House, Great West Road, Brentford, London, TW8 9DF.

You have the right to ask for a copy of the information First Rate hold about you. In most circumstances we will provide this information in a timely manner on request.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. We use appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites or apps, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Retention Periods

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our legal obligations. We will hold your personal information on our systems for as long as is necessary to fulfil the purposes for which the personal information was collected for, and to meet with our legal obligations or as long as is set out in any relevant contract you hold with us.

Tackling Fraud

We may also use your personal information to detect and reduce bank card fraud. We are legally obliged to verify your identity and we use specialist third party providers in order to do this (see also above sections: ‘Our Legal Obligations’ and ‘Third Party Services Providers’). The checks we make  will not affect your credit status. Providing false identity information to us is in itself a crime and may lead to your prosecution.

Use of ‘cookies’

Like many other websites, First Rate websites use cookies. A cookie is a small text file that is downloaded onto ‘terminal equipment’ (e.g. a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

For more information on how to switch off cookies, visit our full cookies policy Cookie Policy

Transferring your information outside of the UK

All of our call centres and principal data processing sites are located in the UK. However, as part of the services offered to you through our web site, the information which you provide to us may be transferred to countries outside the UK and the European Union (“EU”). These countries may not have similar data protection laws to the UK. By submitting your personal information to us, you are agreeing to this transfer, storing or processing. If we transfer your information outside of the UK and the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Notice.

However, we may be legally required to disclose your personal information as a result of our legal obligations for example because border controls require us to do so or because a court or the police or other law enforcement agency has asked us for it; please also see the section above ‘Our legal obligations’.

If you use our services while you are outside the UK and the EU, your information may be transferred outside the UK and the EU in order to provide you with those services.

If you do not agree to us sharing or transferring your personal information in this way, then we may not be able to provide our services to non-UK and non-EU destinations.

Website recording

Our web site may also use a web site recording service that record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Data collected in this way is for First Rate’s internal use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.

Further information or complaints

If you require further information or wish to raise an issue or a complaint with us, please contact our Customer Service Team on 0330 123 3396. Alternatively you can write to us at Customer Services, First Rate, Great West House, Brentford, TW8 9DF.

If you are not happy with our response you may wish to raise the issue with the Information Commissioner’s Office please see Make a complaint | ICO for further details.

Review of this Notice

We keep this Notice under regular review. This Notice was last updated in October, 2024