Ria Payment Institution, E.P., S.A.U. Privacy Notice
In this privacy notice (the "Privacy Notice") we will explain how we collect and use your personal data that we obtain when you use our services, when you view, browse or use our web pages or mobile apps, and when you interact with us in any other way within the European Economic Area (EEA). We will also explain how we share that information, and the steps that we take to protect it.
1. Who are we and who does this Privacy Notice apply to?
This Privacy Notice applies to RIA PAYMENT INSTITUTION, E.P., S.A.U. (“RIA”, “we”, “our” or “us”), which is a subsidiary of Euronet Worldwide, Inc. (“Euronet”). For more information on Euronet and the member companies of the Euronet Group's global network (“the Euronet Group”) please visit http://www.euronetworldwide.com.
RIA is committed to keeping your Personal Data (as defined in Section 2 below) private and safe. This Privacy Notice explains how we collect and use Personal Data in line with the law and our own ethical standards.
RIA, with registered offices in Alcobendas, Calle Cantabria, No. 2 – Piso 2º, 28108, Madrid, Spain, acts as the “data processor” for any Personal Data received directly from you, whether provided in person, via email, phone or post, or via the following websites: www.riamoneytransfer.es, www.riacurrencyexchange.es and www.riafinancial.com (referred to collectively and separately as “Website”). As a result RIA must determine how to use and process your Personal Data.
You can contact the Euronet Group's Data Protection Officer using the below details:
- By email: firstname.lastname@example.org
- By post: RIA PAYMENT INSTITUTION, E.P., S.A.U.
Calle Cantabria, No. 2 – Piso 2º
FAO: Data Protection Officer
By using or browsing the Website, or purchasing the goods or services that we offer (referred to collectively as the "Services"), you confirm that you have read this Privacy Notice, you understand it and agree to be bound by it. Please do not send us your Personal Data if you do not accept the terms of this Privacy Notice.
We advise you to check the Website on a regular basis in case there have been any changes to this Privacy Notice. We will publish the amended version on the Website. By continuing to interact with us, you confirm that you accept the terms of the Privacy Notice as applicable from time to time.
2. Data Protection Principles
"Personal Data" refers to any information that can be used directly or indirectly to identify you or the recipient of the transfer made through us. This may include your name, email address, postal address, phone number, ID number or any specific physical, physiological, mental, economic, cultural or social details concerning you or the recipient.
We commit to operating in line with the law as concerns data protection, and we will ensure that your Personal Data:
- is used in a legal, fair and transparent manner;
- is only collected for legitimate purposes that we have properly explained, and will not be used for any reasons other than those given;
- is required for the purposes we have mentioned and used only for these purposes;
- is accurate and up-to-date;
- is only kept while needed for the purposes mentioned; and
- is stored securely.
3. What Personal Data do we collect, and how do we collect it?
The Personal Data that you send us. We may collect Personal Data when you send it to us, including when you indicate that you wish to make use of our Services, when you register with us, when you fill in any of our online forms, when you speak with us on the phone or in person, when you contact us in writing and when you visit the Website. The type of Personal Data that we collect depends on the products or services that you require. In all of these cases, the Personal Data that we obtain is needed to make a contract with you and provide you with the Services.
We may collect and process the following Personal Data:
- Data relating to you as a person, such as any information that could be used to identify you. This may include your name, civil status, home and/or work address, email address, phone and/or fax number, and other contact details, date of birth, sex, images, signature, passport and/or visa, and the names and details of recipients of the transfers you make through us.
- Financial data, such as your payment information and the payment information of your recipients, as well as the account number used for bank transfers.
- Additional information required by laws on money laundering, and on funding of terrorism and criminal activity, such as the recipient's relationship to you, the reason for the transfer, and proof of the funds.
Cookies and related technology. When you visit our Website or use our mobile apps, we collect information using cookies and related technology. This includes the user's IP address, the type and version of the browser, the user's time zone, screen resolution settings, names and versions of browser add-ons, and the operating system and platform. We use that information for the purpose of:
- gauging the use of our Website and Services, including the number of visits, the average browsing time on the Website, the pages visited, information on your interaction with the site (such as cursor movements, clicks and mouse movements), etc. to improve our content;
- administering the Website and for internal purposes, including troubleshooting, data analysis, testing, searches, statistical purposes and surveys; and
- working to ensure the security of our Website.
For more information see our Cookies Policy.
- How do we use your Personal Data?
We use the Personal Data and other information that you provide us with exclusively for legal purposes and based on legitimate requirements, as listed below:
- When it is needed to fulfil a contract with you: We can use your Personal Data on the grounds that it is required to fulfil a contract with you, to carry out your transactions or other requests, to respond to or process your queries and requests, and even to contact you when this is necessary to carry out a service for you. As an example, if you use our money transfer service, your data will need to be shared with the payment services provider that will pay the funds to the recipient in their country, and your Personal Data may be shared with our agents and/or contractors in order to reimburse a qualifying payment. Likewise, your Personal Data may be shared with other companies within the Euronet Group in order to provide assistance with the Services outside of normal office hours, and may be used if we believe it is necessary to contact you as part of our contractual relationship.
- When it is necessary to meet a legal or regulatory requirement: We may use your Personal Data to meet the requirements set out in laws and/or regulations that apply to our business. For example, when you transfer money with us, we are required to carry out a certain amount of due diligence as set out in law and/or as needed based on our risk assessment. This may involve sending your Personal Data to legal and/or regulatory authorities, and/or requiring you to provide additional information to help us carry out our risk assessment and/or meet our compliance obligations.
- When we get your consent to process the data: If you have consented and have not withdrawn your consent, we may contact you to send you promotional material and messages about our Services and the products and services of other companies within the Euronet Group (see Section 10 on Direct Marketing below).
- When it is needed for RIA's legitimate interests: If you provide us with information or carry out operations with us virtually or online, we may use your Personal Data to improve the content of our Website and Services in order to improve your experience. We may use your Personal Data, such as IP addresses and anonymous demographic data, to change how you experience our Services and to allow us to send you content that we believe may interest you and display this content to you, depending on your preferences. We may use data we collect for a variety of reasons, including analysing user behaviour and user details in order to gauge interest in (and use of) parts of our Services. We may also use the data collected to assess and improve the quality of our Services, and analyse the traffic they garner.
If we decide to use your Personal Data to achieve a legitimate interest in the future, we will endeavour to ensure that it is also in your interest, so that your data will only ever be used for the purpose that you have agreed to, or that is at least legally permitted.
In some cases, we may anonymise your Personal Data so that it can no longer identify you. In this case, we may use the data without notifying you.
- Is the data shared with third parties?
RIA shares your Personal Data with Euronet and its subsidiaries (some of which may be based outside of the EEA) exclusively for achieving or facilitating the purposes listed in Section 4 of this Privacy Notice. This may include the need to share your Personal Data with the Euronet Group in order to comply with legal or regulatory obligations.
External service providers
We may share your Personal Data with external service providers both within and outside of the EEA — including in countries that the European Commission does not assess as having an "adequate" level of security in handling Personal Data — in order to manage, provide and facilitate some aspects of the Services that we provide, such as server maintenance, processing and completing payment orders to fulfil transfer or Service requests, and assistance in carrying out due diligence. In such cases, we may share your Personal Data with our agents, processors or contractors to carry out your transfers, facilitate other Services that you have requested and to obtain and check information that you have provided pursuant to law. We will ensure that we have sufficient guarantees from the service providers with whom we share information, binding them to protect your Personal Data, such as contractual obligations relating to the use of Personal Data. If you would like a copy of the guarantees mentioned above, please contact the Euronet Group's Data Protection Officer using the details provided in Section 1 of this Privacy Notice.
We may transmit your Personal Data to a third party as a result of a sale, acquisition, merger or restructuring involving Euronet, a member of the Euronet Group or any of its shareholders. In these cases, we will take the all necessary measures to ensure that your Personal Data is sufficiently protected.
Legal and regulatory
We may also disclose your Personal Data in exceptional legal cases. This would include when we are obliged to do so by the law, a legal order, the police or another government body or when we have a good faith understanding that disclosing this information is necessary or advisable in order to identify, contact or take legal action against parties that are harming or obstructing the property rights of RIA, the Services, other users or other individuals who may be harmed by these activities (such as identity theft or fraud).
- How long is the Personal Data retained for?
The Personal Data is used for a variety of purposes and is subject to a range of standards and rules. As a rule, Personal Data is retained for as long as necessary to provide the Services that you have requested, to meet legal, accounting or reporting obligations, and to ensure that you have access to your Personal Data.
Here is some information on how long various types of Personal Data are retained:
- Legal and regulatory obligations. RIA will retain Personal Data and information arising from various operations for as long as required to meet the retention and reporting requirements set out in law including, but not limited to, laws on trade, tax and money laundering. As a rule, data is retained for a maximum of 10 years from the date you make the transaction in question or the date when our commercial relationship with you ends.
- Customer service (customer relations management, complaint handling, etc.). RIA may process and retain your Personal Data for as long as it has a commercial relationship with you. Once this ends (for example when the Services have been fully supplied and paid for, or when you exercise your right to end the contract), we will delete or anonymise your Personal Data, unless there are legal requirements to retain it.
- The Personal Data that you have given us for marketing purposes may be retained until you have indicated that you no longer wish to continue receiving promotional messages or until RIA becomes aware that your data is not accurate.
We consider the quantity, type and sensitivity of the Personal Data, the potential risk of unauthorised use or disclosure of the Personal Data, the purposes for which we are processing the Personal Data, and whether we can achieve these purposes through other means, as well as any applicable legal requirements when determining how long Personal Data should be retained for.
You may request a copy of our Data Retention Policy at any time by contacting the Euronet Group's Data Protection Officer.
- Do we retain the correspondence you send us?
Yes, we may retain correspondence that you send us, such as emails and faxes, together with your account data or user information. We may also retain correspondence exchanged with customer services and other correspondence relating to you, to us, or to any member of the Euronet Group, our partners or suppliers. We retain these records in line with our Data Retention Policy.
- Security of Personal Data
We work hard to keep your Personal Data secure, and we have a range of measures to protect it against loss, unlawful use or alteration.
We have modern and secure technology protecting our IT systems against hacking, and we continually keep our security up to date as more innovative tools become available.
Our data centres and those used by our partners have latest-generation security measures to prevent unauthorised physical access. Similarly, all Personal Data is stored in a secure location, protected by firewalls and other sophisticated security systems with limited administrative access (granted strictly on a need-to-know basis)
All RIA employees with access rights to process Personal Data or who are involved in processing the data are contractually required to respect data confidentiality and the privacy standards we have put in place.
Please bear in mind that no security measures can ever be perfect. As such, even though we use standardised practices to protect your privacy, we cannot and do not guarantee that your Personal Data is 100% secure.
- Does this Privacy Notice apply to other web sites?
No. Our Website may contain links to other sites. Clicking on adverts from other companies or on certain links will redirect you to their sites.
We accept no responsibility for the privacy policies used by these sites or services. We recommend that you carefully read other companies' privacy policies and ask their administrator or webmaster any questions you have before supplying them with your Personal Data.
- Direct marketing
If you have given us your consent, RIA may contact you (by email, text message, post or phone) to send promotional messages and special offers relating to our Services or other services offered by members of the Euronet Group. You will only receive these marketing messages if you consented when registering for our Services and you have not withdrawn this consent, or if there is another legitimate reason for sending you these messages.
All marketing emails that you receive from us include detailed instructions on how to cancel your subscription at any time.
You may also cancel your subscription to our promotional messages by contacting us as per the instructions in Section 13 of this Privacy Notice.
You should keep in mind that RIA is opposed to spam. RIA is not involved in sending any spam, nor will it give external companies access to its customers' data for this purpose.
- What rights do I have when it comes to data protection?
So long as you can prove your identity, you have the right to request access to your Personal Data, and to update or amend it. You can also exercise any of the rights granted to your by data protection legislation. Please use the contact details provided in Section 13 of this Privacy Notice.
You have the right to:
- request access to all Personal Data that we have stored relating to you, as well as related information such as the purposes for processing the Personal Data, the recipients or types of recipients with whom the Personal data has been shared, the retention period for the Personal Data where available, the source of the Personal Data and whether any automated decisions have been taken on the basis of the data;
- immediately have any error in your Personal Data held by us rectified;
- request that your Personal Data be deleted, provided that RIA or the Eurnoet Group do not need it to comply with any legal obligation in force, or in order to draw up, make or defend against a legal right/complaint;
- prevent or restrict the processing of your Personal Data in some cases, unless it needs to be processed for drawing up, making or defending against a legal complaint; and
- request that the Personal Data be directly transmitted to a third party in certain cases when this is technically feasible.
Similarly, if you believe that RIA has failed to comply with the obligations set out in this Privacy Notice or in the law, you have the right to submit a complaint to the competent Data Protection Authority or court. You are not obliged to do so, but we would appreciate it if you could let us know about any complaints you have, so that we can handle them in line with our Complaints Procedure (see Section 12 of this Privacy Notice).
- Privacy complaints procedure
If you believe that RIA has failed to comply with the obligations set out in this Privacy Notice or in the law, you have the right to submit a complaint to the Spanish Data Protection Agency (www.agpd.es) or to the court.
You are not obliged to do so, but we would appreciate it if you could let us know about any complaints you have, so that we can handle them in line with our Complaints Procedure.
Any complaints or queries concerning privacy should be sent to our privacy team:
RIA PAYMENT INSTITUTION, E.P., S.A.U.
Calle Cantabria, nº. 2 – Piso 2º
FAO: Data Protection Officer
Euronet employees are required to forward any complaint or question relating to privacy to our privacy team.
RIA will aim to confirm receipt of a complaint or question within 10 days of receipt.
RIA will carry out an investigation in compliance with relevant laws, and will aim to provide a response within 28 days of receiving the complaint/question.
If more time is needed to look into your complaint/question, RIA will contact you in writing within 28 days of receiving the complaint/question to let you know about the time frame for resolving the investigation, which will never be more than two additional months.
If your complaint is rejected, RIA will provide a written explanation for why this is.
If your complaint/question is being handled, RIA will take all necessary measures to resolve it in a satisfactory manner.
If you are not happy with the response or outcome, or are unhappy with how your complaint was handled, you have the right to submit a complaint to the court or the competent Data Protection Authority.
For any questions relating to our Services that do not concern Personal Data or privacy, please contact our Customer Services department on +34 917 613 760.
13. Get in touch
If you have any questions about this Privacy Notice or how RIA handles personal data, please contact our privacy team:
RIA PAYMENT INSTITUTION, E.P., S.A.U.
Calle Cantabria, nº. 2 – Piso 2º
All complaints will be handled in line with the Complaints Procedure mentioned in Section 12 of this Privacy Notice.