1. What information we collect
1.1 Information we may collect from you
You may provide us with information by filling in forms on our website, our partners’ websites or by talking with us by over the phone or corresponding with us via email or otherwise.
This includes information you provide when you browse our website, request a quote, register for an account, enter into a contract for the supply of money transfer services, enter a competition, promotion or survey and when you contact us for other reasons.
1.1.1 Initial information
To use Cornerstone Payment Solutions Ltd (Cornerstone), you must provide your name, address, phone number and email address – and we may ask you to provide identity document number(s) and copies of identification documents, for example your driving license or passport, or a utility bill.
1.1.2 Additional verification information:
We may ask you to send us additional information if:
- we cannot verify the information that you provide; or
- a query is raised by background checks (see below); or
- if you send or receive certain high-value transactions or high overall payment volumes through Cornerstone; or
- as is otherwise required in order for us to comply with our obligations under money laundering regulations.
The additional information may include a copy of your driving licence, passport, and/or a recent utility bill, or other information verifying your identity and address, or to answer additional questions to help verify your information.
We may also ask for evidence of source of funds or wealth, for example bank statement, investment statement, business transaction summary, proof of property sale or probate documents.
1.1.3 When we communicate
When you communicate with us for customer service or other purposes, including by phone, email or using other methods, we retain that information and our responses to you.
We record calls on our telephone lines for quality control purposes, as evidence of transactions and to fulfil regulatory requirements.
1.1.4 Transaction information
When you use Cornerstone to purchase currency or send currency to someone else, we ask you to provide information related to that transaction. This information includes the amount, currency and type of the transaction, source of funds, exchange rate, recipient name and bank details (account number, sort code, IBAN, SWIFT, ABA or routing number), recipient address for some jurisdictions and, optionally, the recipient’s email address and phone number.
1.2 Information we collect when you use our website
When you arrive at or leave the Cornerstone website, whether connected by a fixed line or wirelessly, we receive the web address of the site that you came from or are going to.
While you are using our site we collect information on the services you search for or view, page response times and length of visits to specific pages, how you interacted with each page (including scrolling, clicks and mouse-overs), and methods used to browse away from the page.
We collect information about the device you are using, such as the type of device, operating system and platform, the type and version of browser, browser plug-in types and versions, the times you access our website/app and the time zone setting, mobile network information and unique device identifier, which may include your Device’s IMEI number and/or MAC address, or the mobile phone number used by the Device. We do not capture GPS information about you.
1.3 Information about you that we receive from third parties
1.3.1 Identity verification using Electronic Verification Providers
To protect ourselves and our customers against fraud, we verify the information you provide with Electronic Identity Verification Services. In the course of verification, we receive information about you from such services.
1.3.2 Background checks
We conduct a background check on all our customers (and for business customers, also on the business’s directors, shareholders and partners). During this process we will obtain information about you and/or your business, its directors, shareholders and partners, from an identity verification provider.
1.4 Information about you from other sources
We may also collect information about you from other sources, including other companies (subject to their privacy policies and applicable law).
We are working closely with third parties (including, for example, business partners and affiliates, customers who participate in our refer-a-client programme, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with the information you provide to us.
We will use information we receive from business partners for marketing purposes only if you have provided your consent to do so, either to the third party which collected the information, or to us.
1.5 Sensitive data
Data privacy regulations prohibit the processing of ‘special categories of personal data’, also called ‘sensitive data’ unless you have given your consent.
Sensitive data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life or sexual orientation. There are also restrictions on processing of criminal convictions and offences.
To avoid infringing these restrictions, it is Cornerstone’s policy that we do not ask for or collect any of the above data from you or any other party, so we therefore ask that you please do not reveal any sensitive data about yourself or others in any communication with us.
If you do reveal sensitive data, for example by phone or in an email, you will be giving express consent for us to process that information by storing the recording of the telephone call, or the email or other communication.
2. How we use your information?
By submitting your information to Cornerstone you agree that we may use your information for the following purposes:
2.1 Fulfilling your requests
We will use your information to:
- provide you with the information, products and services that you request from us, including providing you with money transfer services and quotes;
- complete any transaction you are undertaking with us; and
2.2 Compliance and risk management
As an authorised financial institution, we are obliged to carry out background checks on individuals, companies and connected parties, and to monitor ongoing transactions. This is to prevent fraud and money laundering, including to help protect your accounts from fraudulent activity.
2.3 Communication and customer service
We communicate with our users on a regular basis via email and phone to provide requested services and help you manage your account. These activities include:
- responding to requests for customer service;
- confirming information concerning a user’s identity, business or account activity;
- resolving customer complaints;
- carrying out collection activities; and
- conducting customer surveys;
We use your email address to:
- confirm your opening of a Cornerstone account;
- send you notice of money transfers that you send or receive through Cornerstone;
- send you information about important changes to our products and services, including notice of any times that our services may not be available; and
send notices and other disclosures required by law.
Users cannot opt out of these communications, as we are obligated to send these communications to current customers, but they will be primarily service-oriented rather than promotional.
We also use your email address to send you other types of communications that you can control, including newsletters and special promotions. These communications are to:
- provide you with information about services we offer that are similar to those that you have already enquired about or purchased;
- provide news about currency market movements, marketing and advertising messages, updates on the services we offer, and promotional offers based on your activities when using Cornerstone Services;
- make suggestions and recommendations to you and other users of our website(s) about services that may interest you or them, which may be based on your activity on our website(s);
- keep you informed about currency market events and news; and
- tell you about new products and features we are developing that you may find useful.
You can choose whether to receive some, all or none of these communications.
2.5 Service improvements and account management
We will use your information to deliver and improve Cornerstone Services and manage your account, including:
- verifying your identity, including during account creation;
- performing credit and solvency checks, validating the accuracy of information, and verifying it with third parties;
- resolving disputes, collecting fees and troubleshooting problems;
- allowing us to manage risk and to detect, prevent, and/or remediate fraud or other illegal or prohibited activities;
- detecting, preventing or remediating violations of our policies, Terms and Conditions or other user agreements;
- providing you with customer support services including notifying you of changes to our service, including any outages, and to send you service emails relating to your account and transactions on your account;
- improving our existing, and developing new, products, services, websites, and capabilities; and
- as part of our efforts to keep our site safe and secure, including managing and protecting our information technology infrastructure.
2.6 Third party information
We will combine third party information with information you give to us and that we collect about you. We will use all of this information:
- to help us better understand your financial circumstances and behaviour so that we may make decisions about how we manage your Account;
- to process applications for products and services available through us including making decisions about whether to agree to approve any applications;
4. Sharing Information with third parties
4.1 To support our business and provide services to you
Just like most financial service providers, Cornerstone works with third-party service providers who support our business operations, such as fraud prevention, customer service and technology services. We need to disclose user data to them from time to time so that the services can be performed. Our contracts dictate that these business partners only use your information in connection with the services they perform for us and not for their own benefit.
When you ask us to process a currency or payment transaction, we will provide your information to the business partners who are contracted to Cornerstone to complete this transaction, for example passing bank details to correspondent bank(s) or payment provider(s) involved in the transaction.
4.3 Anti-fraud, anti-money laundering, sanctions and risk management
To carry out the checks described above, we will provide your information to our third-party business partners who carry out these checks.
4.4 Reporting to regulators
As a regulated financial institution, we are required to report transactions to the relevant financial regulator. We will provide your information to the regulators to meet these legal obligations.
4.5 Where required by law
We may disclose necessary information to the police and other law enforcement agencies, security forces, competent governmental, intergovernmental or supranational bodies, competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations, and other third parties, including Cornerstone Group companies, where we are legally compelled and/or permitted to do so.
5. Transferring data overseas
Cornerstone is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EEA.
6. Data Retention Policy
We are obliged by financial markets laws to retain account data for 5 years after the closure of an account. In some circumstances, such as an enquiry from a law enforcement agency, we may have to hold it longer. We may also retain information if required to protect our interests, for example in case of litigation. When data falls outside those retention periods we will take steps to delete it from our system. Where you have asked us not to contact you, we will retain that information on a ‘do not contact’ list to reduce the risk of us contacting you in the future.
7. Systems Security Policy
To ensure data privacy, confidentiality and integrity, all information disclosed, shared, stored or used and any transactions performed by you through our website are encrypted.
To provide a secure environment for our website, we hold your data in secure data centres with high levels of physical and technical security, including using firewall systems, data encryption and anti- virus protection. We use security surveillance systems to detect and prevent illegitimate access to and activities on our systems
8. Customers rights
You have the following rights:
To ask us to correct any information we hold about you if it is incorrect.
Whilst we endeavour at all times to keep your information accurate, we welcome your corrections. You can call your account manager to make any changes. We may ask you for additional verification information if you are changing certain details such as your name or your address.
To ask us to erase your information if we no longer have any reason to hold it, also known as the ‘right to be forgotten’.
Our Data Retention Policy explains the circumstances when we can or are obliged to retain information, however outside of those periods we will delete your information in line with our data retention policy and on request. We will maintain a record that you made an erasure request to reduce the likelihood of us contacting you in the future but we will use that information for no other purpose.
To ask us to return to you information you provided to us, also known as ‘data portability’.
You can ask us to send you in electronic format the information you provided to us under our Terms and Conditions or under consent.
To ask us not to process your information where you previously gave consent or where we are exercising our legitimate interest.
If you make a request for us to stop processing your information, we will investigate to see if there is a compelling reason for processing to continue and will discuss the conclusion of the investigation with you.
You cannot object to processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party. If you previously gave consent and we processed your data on the basis of that consent, you cannot object to that past processing, however you can ask us to stop processing it in the future.
To ask not to be subjected to automated decision making and profiling.
At Cornerstone there are no circumstances when profiling or other automated decision making will have a legal impact on you without a person reviewing and making a decision on the result. If you feel you may have been unfairly impacted by profiling, our team can manually assess whether the decision is fair and discuss the situation with you.
To ask for a copy of the information we hold about you.
We will endeavour to respond to your request within 30 days, however at time of high demand we may need 90 days to compile a full response.
To ask us not to process your information for marketing purposes.
You can do this by checking or unchecking certain boxes on the forms we use to collect your information, by clicking on the ‘unsubscribe’ link(s) at the foot of every marketing or promotional email.
You may exercise any of the above rights by contacting us at firstname.lastname@example.org or by calling your account manager.
9. Contacting us
9.1 Data Controller
The Data Controller is Cornerstone Payment Solutions Ltd, Registered office at 1 Elmfield Avenue, Warrenpoint, Newry, County Down, Northern Ireland, BT34 3HQ, Company number NI602461.
Cornerstone Payment Solutions Ltd is registered with the Information Commissioners Office, with registration number: ZA128178.
9.2 Contacting us with questions or requests
9.3 Complaints to the Data Protection Officer
If you believe that we have breached a privacy law with which we should comply, please send an email to email@example.com. We aim to respond in a reasonable time, normally within 30 days. Our Compliance team and Data Protection Officer will look after your complaint and will give you additional information about how it will be managed.
You have the right to complain to the UK Information Commissioner’s Office if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website.