Confetti Payments

Legal

Privacy Policy

How Confetti Payments Limited collects, uses, shares and protects your personal data.

Section 01

Introduction

Confetti Payments Limited ("Confetti Payments", "we", "us" or "our") is committed to protecting your personal data and respecting your privacy. This policy explains what information we collect, how we use it, who we share it with and the rights you have over it.

We act as a data controller for the personal data we collect through this website, our onboarding process and the day-to-day delivery of our services. Where our regulated payment partners process your data to deliver regulated payment, e-money or safeguarding services, they act as separate data controllers.

Section 02

Information we collect

We collect personal data that you provide directly to us, and information generated through your use of our services:

  • Identification data: name, date of birth, nationality, copies of identification documents and proof of address required for know-your-customer (KYC) checks.
  • Contact data: email address, phone number, business address and job title.
  • Business data: company name, registration details, ownership structure, industry, trading purpose and counterparty information.
  • Transaction data: details of payments and currency conversions initiated through our services.
  • Technical data: IP address, device and browser information, and cookie data collected through this website.
  • Communications data: records of correspondence, call recordings and meeting notes.

Section 03

How we use your information

We use your personal data to:

  • respond to enquiries, quotes and account opening requests;
  • facilitate the onboarding of clients with our regulated payment partners;
  • deliver, operate and improve our services;
  • meet our legal, regulatory and risk obligations, including anti-money-laundering, counter-terrorism financing and sanctions checks;
  • communicate updates about your account, payments and the markets where you have asked us to;
  • monitor service quality, including by recording calls; and
  • protect our business and clients from fraud and other unlawful activity.

Section 04

Lawful basis for processing

We process personal data on one or more of the following bases:

  • Contract: to take steps at your request before entering into a contract and to perform a contract with you or your organisation.
  • Legal obligation: to comply with applicable laws and regulations, including financial crime and recordkeeping requirements.
  • Legitimate interests: to run, secure and improve our business, provided your interests and rights do not override those interests.
  • Consent: where you have given consent, for example to receive marketing communications. You can withdraw consent at any time.

Section 05

Who we share your data with

We share personal data only where necessary and with appropriate safeguards in place. Recipients may include:

  • our regulated payment and e-money partners, including Sciopay Ltd, Currencycloud, Ebury, Equals Money and GC Partners, who deliver underlying payment and e-money services;
  • banking, screening, identity verification and fraud-prevention providers;
  • professional advisers, auditors and IT service providers operating under appropriate contracts;
  • regulators, law enforcement and other authorities where required by law.

We do not sell your personal data to third parties.

Section 06

International transfers

Where personal data is transferred outside the UK or the European Economic Area, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, Standard Contractual Clauses or recognised adequacy decisions to protect your information.

Section 07

How long we keep your data

We keep personal data only for as long as is necessary for the purposes for which it was collected, including to meet legal, regulatory, tax, accounting and reporting requirements. Records relating to clients, transactions and financial crime checks are typically retained for at least six years after the end of our relationship.

Section 08

Keeping your data secure

We use technical and organisational measures to protect personal data against loss, misuse and unauthorised access. These include encryption in transit and at rest, access controls, multi-factor authentication and ongoing staff training. Where our regulated partners process your data, they apply their own controls in line with their regulatory obligations.

Section 09

Your rights

Under UK data protection law you have rights to:

  • access the personal data we hold about you;
  • have inaccurate or incomplete data corrected;
  • request erasure of personal data in certain circumstances;
  • restrict or object to processing of your data;
  • request a copy of your data in a portable format;
  • withdraw consent at any time, where processing is based on consent;
  • complain to the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, contact us at hello@confettipayments.com.

Section 10

Cookies

This website uses essential cookies to operate, and optional analytics cookies to help us understand site usage. For details, see our Cookie Policy.

Section 11

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be brought to your attention.

Section 12

Contact us

If you have any questions about this policy or how we handle your personal data, please contact us at hello@confettipayments.com or by post to Confetti Payments Limited, Floor 25, One Canada Square, Canary Wharf Estate, London E14 5AA.

Have a question we haven't answered?

Our team is on hand to walk you through anything related to our policies, partners or services.

Get a Rate

Request a live quote

Tell us about your transfer and a specialist will respond with an indicative rate.

By submitting this form you agree to be contacted by our team. We respect your privacy.