privacy policy

Glossary

AML (Anti-Money Laundering): Checks to prevent financial crime.
Automated Decision-Making: Decisions made without human involvement, often using algorithms.
Consent: Your permission to process data for a specific reason.
Data Controller: The organisation responsible for processing personal data.
Data Processor: A third party that handles personal data on our behalf.
Data Subject: The person to whom the data relates.
EMI (Electronic Money Institution): A firm authorised by the FCA to issue electronic money and provide payment services.
FCA (Financial Conduct Authority): The UK regulator responsible for supervising financial services firms.
ICO (Information Commissioner’s Office): UK data protection regulator.
KYC (Know Your Customer): Identity verification process.
Lawful Basis: Legal reason for processing your data.
Legitimate Interests: Processing necessary for business purposes.
PECR: UK rules on electronic communications and cookies.
Personal Data: Information that identifies a living person.
Privacy Policy: Explains how we handle your data.
SAR (Subject Access Request): A request to access your data.
UK GDPR (General Data Protection Regulation): UK law governing personal data use.

Qu Money is a trading name of UKFX Holdings Limited and has its registered Office at 1st Floor, Jebsen House, Ruislip, Middlesex, HA4 7BD. Qu money is authorised with the Financial Conduct Authority (FCA) to carry on electronic money activities under the Electronic Money Regulations 2011 (EMRs).no 901082.

We recognise the importance of safeguarding your personal information. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our services, in compliance with UK GDPR, Data Protection Act 2018, PECR, and FCA regulatory requirements.

Data Protection Contact

If you have any questions about this Privacy Policy or how we handle your personal data, contact our Data Protection Lead:

Email: [email protected]

We take data protection seriously and will respond to enquiries promptly, normally within 30 calendar days.

Information We Collect

Information You Provide Directly, but not limited to

  • Full name, date of birth, nationality, residential address
  • Contact details (phone number, email)
  • Proof of identity and address (passport, driving licence, utility bill)
  • Transaction information (amounts, dates, bank details, currency details)
  • Travel-related or due diligence information, if required
  • IP address, device data, and website usage information

If you do not provide the information required by law or regulation, we may be unable to provide our services.

If you do not provide the information we require to process a transaction, we may not be able to proceed with your transaction.

Information From Third Parties

We may receive personal data from:

  • Identity verification / KYC providers
  • Fraud prevention agencies
  • Sanctions screening databases
  • Law enforcement or regulatory bodies
  • Publicly available sources

Information About Other Individuals

If you provide data about another person (e.g., a payment beneficiary), you confirm you have their explicit consent to do so.

Why We Collect Your Data

As an Electronic Money Institution (EMI), we are subject to legal and regulatory requirements under the Financial Services and Markets Act 2000, the Electronic Money Regulations 2011, the Money Laundering Regulations 2017, and FCA rules.

  • Verify customer identity (Know Your Customer – KYC)
  • Conduct anti-money laundering (AML), counter-terrorist financing (CTF), and fraud screening checks
  • Monitor and process electronic money issuance and payment transactions
  • Comply with regulatory reporting obligations (e.g. to the FCA, law enforcement)
  • Ensure service integrity, account security, and risk management
  • Communicate with you regarding your account and services

Our Lawful Bases for Processing

  • Legal Obligation: Compliance with AML, EMR, sanctions, and record-keeping requirements.
  • Legitimate Interests: Fraud prevention, system security, operational integrity, and responding to customer queries.
  • Consent: For optional marketing communications (e.g., market updates). Consent can be withdrawn at any time.

We balance legitimate interests against your rights to ensure processing is fair.

How We Use and Share Your Information

Your personal data may be used internally by UKFX Holdings Ltd or shared with trusted third-party providers who support the delivery and security of our services. These may include:

  • Identity verification and KYC providers
  • Transaction processing partners and acquiring banks
  • Fraud and sanctions screening services
  • Cloud hosting, infrastructure, and IT support providers (e.g. Google, Smartsupp.com)
  • Regulators, law enforcement, or supervisory authorities where required by law

All third-party service providers are contractually obligated to handle your data securely and only for specified purposes in line with our instructions.

We do not sell your personal data or share it with third parties for unrelated marketing purposes.

Automated Decision-Making

We use automated systems as part of KYC, AML, and fraud checks. These systems may:

  • Assess verification of identity
  • Flag unusual or high-risk transactions
  • Require additional documentation

If an automated decision significantly affects you, you have the right to:

  • Request human intervention
  • Provide your point of view
  • Contest the decision

International Transfers

Some service providers may process data outside the UK. We ensure adequate safeguards, such as:

  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)
  • Technical and organisational protections

You may request details of specific countries and safeguards.

Data Security

We implement technical and organisational measures to protect personal data, including:

  • Encryption
  • Secure servers
  • Access controls
  • Monitoring and testing
  • Staff training

While no system is completely secure, we take all reasonable steps to protect your information. You are responsible for safeguarding your account credentials.

Where applicable, you are responsible for maintaining the confidentiality of your login credentials (such as username and password) and must notify us of any suspected unauthorised access.

Children’s Data

Our services are not intended for individuals under the age of 18. We do not knowingly collect or retain data of persons under that age. If you become aware that we have inadvertently processed such data, please contact us immediately.

Links to Other Websites

Our websites may link to third-party sites. We are not responsible for their privacy practices. Please review their policies.

Marketing Communications

If you sign up to receive our daily market report email, we will use your personal data for this purpose. You can unsubscribe at any time using the link in each email. This marketing communication is entirely separate from the data we use to provide transactional services.

Data Retention

We retain personal data only as long as necessary:

  • AML and transaction records: minimum 5 years after the end of the business relationship, per EMRs and FCA rules
  • Other data: as needed for operational or legal purposes

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccuracies
  • Request deletion (where applicable)
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent (where used)
  • Human intervention for automated decisions

You may also complain to the ICO if you are dissatisfied with our response.

Complaints

Contact us first:

Email: [email protected]

We aim to respond promptly, normally within 30 calendar days.

ICO contact:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
www.ico.org.uk

Cookies and Tracking Technologies

Our websites use cookies and similar technologies to enhance your experience, enable key site features, and help us understand how our services are used.

What are cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to remember your actions and preferences (such as login details or language) over a period of time.

Types of cookies we use include
  • Essential cookies – Required for the site to function, such as allowing you to navigate the site or access secure areas.
  • Preference cookies – Remember your preferences and settings to improve your experience.
  • Analytics cookies – Help us understand how visitors interact with our site, so we can improve it (e.g. Google Analytics).
  • Live chat cookies – Enable our customer support chat features (e.g. Smartsupp).
  • Security cookies – Support security features and help detect misuse of the site.

We may also use marketing cookies, including tools such as Google Ads Remarketing, to show relevant ads to users who have visited our site before. These cookies do not identify you personally but track browsing behaviour across our site to display targeted content.

Changes to This Policy

We may update this Privacy Policy occasionally. Updated versions will be published on our website with the effective date.

Last updated 15th December 2025 - Version 20251512

vector