Privacy Policy

1. Who We Are

Cambridge Currencies is an international money transfer company that specialises in helping individuals and businesses transfer funds across borders. We assist clients with large international transfers including property purchases abroad, business payments, and significant personal transactions.

For the purposes of UK and EU data protection law, Cambridge Currencies acts as the data controller in respect of personal information collected through our website, services, and client interactions.

If you have any questions about how we handle your personal data, please refer to the contact details in Section 13 of this policy.

2. Information We Collect

We collect personal information in a number of ways depending on how you interact with us.

Information you provide directly

• Your name, email address, telephone number, and postal address
• Financial information necessary to process transfers, including bank account details
• Identity verification documents such as a passport, driving licence, or utility bill
• Information about the purpose and destination of a transfer
• Business details where you are transferring on behalf of a company
• Any correspondence or enquiries you send to us

Information collected automatically

• Your IP address and general location data
• Browser type, device type, and operating system
• Pages visited on our website and time spent on each page
• Referral source (how you arrived at our website)
• Cookie data (see Section 9 for more detail)

Information from third parties

We may receive information about you from third parties where this is necessary to comply with our regulatory obligations, such as identity verification services, fraud prevention agencies, and credit reference agencies.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• To provide our currency exchange and international money transfer services
• To verify your identity and comply with our anti-money laundering (AML) and Know Your Customer (KYC) obligations
• To process and complete your transfers accurately and securely
• To communicate with you about your account, transfers, and exchange rates
• To send you market updates, rate alerts, or educational content where you have consented to receive these
• To improve our website and services based on how they are used
• To detect and prevent fraud, financial crime, and misuse of our services
• To comply with applicable legal and regulatory requirements
• To respond to enquiries, complaints, or requests you make to us

4. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are required to have a valid legal basis for processing your personal data. We rely on the following legal bases:

Contract performance

Where processing your data is necessary for us to carry out a transfer or service you have requested, we process that data to fulfil our contractual obligations to you.

Legal obligation

As a regulated financial services business, we are required by law to collect, verify, and retain certain information about our clients. This includes obligations under the Money Laundering Regulations, the Proceeds of Crime Act 2002, and other applicable legislation.

Legitimate interests

We may process certain data where it is in our legitimate interests to do so, provided that your interests and rights are not overridden. This includes fraud prevention, improving our services, and internal business administration.

Consent

Where we rely on your consent — for example, to send you marketing communications or rate alerts — you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Sharing Your Information

We do not sell your personal data to third parties. We may share your information in the following limited circumstances:

Service providers

We work with carefully selected third parties who support our operations, including payment processors, banking partners, identity verification providers, and IT service providers. These parties process data only on our instruction and are bound by appropriate data protection agreements.

Regulatory and legal requirements

We may be required to share information with regulatory bodies, law enforcement agencies, or government authorities where required or permitted by law. This includes reporting obligations under anti-money laundering legislation.

Fraud prevention

We may share information with fraud prevention agencies and financial intelligence services to protect against financial crime and to meet our compliance obligations.

Business transfers

In the event of a merger, acquisition, or sale of part of our business, personal data may be transferred to the relevant third party, subject to appropriate protections remaining in place.

6. International Data Transfers

Where we transfer personal data outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place. This may include transfers to countries recognised by the UK government as providing an adequate level of data protection, or transfers made under standard contractual clauses or other approved transfer mechanisms.

By using our services, you acknowledge that your data may be transferred, stored, or processed in countries outside of the UK or EEA where our banking partners or service providers operate.

7. How Long We Keep Your Data

We retain personal data for as long as is necessary to fulfil the purposes for which it was collected, and to comply with our legal and regulatory obligations.

As a regulated financial services business, we are required to retain records of transactions and client identity information for a minimum of five years following the end of a business relationship. In some circumstances, this period may be extended where required by law or where data is relevant to ongoing legal proceedings.

Where data is no longer required, we securely delete or anonymise it in accordance with our data retention procedures.

8. Your Rights

Under UK data protection law, you have the following rights in relation to your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate or incomplete data
• Right to erasure — in certain circumstances, you can request that we delete your data
• Right to restrict processing — you can ask us to limit how we use your data in certain situations
• Right to data portability — where processing is based on consent or contract, you may request your data in a structured, machine-readable format
• Right to object — you can object to processing based on legitimate interests or for direct marketing purposes
• Rights related to automated decision-making — you have the right not to be subject to decisions made solely by automated means that have a significant effect on you

If you are unhappy with how we have handled your data, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.

9. Cookies

Our website uses cookies to help it function correctly and to understand how visitors use it. Cookies are small text files stored on your device when you visit a website.

Types of cookies we use

• Essential cookies — necessary for the website to operate and cannot be switched off
• Analytics cookies — help us understand how visitors interact with our website so we can improve it (for example, Google Analytics)
• Preference cookies — remember your settings and choices to improve your experience

When you first visit our website, you will be asked to consent to non-essential cookies. You can change your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

10. Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, loss, alteration, or disclosure. These measures include encryption, secure access controls, and regular reviews of our data handling practices.

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is entirely secure. If you have reason to believe that your interaction with us has been compromised, please contact us immediately.

11. Children’s Privacy

Our services are intended for adults only. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes, we will update the date at the top of this page and, where appropriate, notify clients directly.

We encourage you to review this policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions about this Privacy Policy, how we handle your personal data, or if you wish to exercise any of your rights, please get in touch with us.