Privacy Policy

Spendix Technology Limited ("Spendix", "we", "us", "our") is a company registered in England and Wales under Company Number 16953318, with its registered office at 86–90 Paul Street, London EC2A 4NE. Spendix operates as an Electronic Money Institution (EMI) partner model — we are not a bank. All payment, exchange, and remittance services are conducted in partnership with FCA-authorised banks and licensed fintech institutions. For data protection purposes, Spendix Technology Limited is the data controller of your personal information.

We collect and process the following categories of personal data: Identity Data: First name, last name, date of birth, nationality, government-issued ID documents (passport, driving licence). Contact Data: Email address, phone number, postal address. Financial Data: Bank account details, payment card information, transaction history, source of funds declarations. KYC/AML Data: Proof of identity, proof of address, politically exposed person (PEP) status, sanctions screening results. Technical Data: IP address, browser type and version, device identifiers, cookies, login data, time zone settings. Usage Data: Information about how you use our website, products, and services. Communications Data: Your preferences in receiving marketing from us and your communication preferences.

We use your personal data for the following purposes: • To register you as a customer and verify your identity (KYC/AML compliance) • To process and execute payment transactions, currency exchanges, and remittances • To manage our relationship with you, including notifying you of changes to our terms or policies • To comply with legal and regulatory obligations under the Electronic Money Regulations 2011, the Payment Services Regulations 2017, and the Money Laundering Regulations 2017 • To detect, prevent, and investigate fraud, money laundering, and other financial crime • To improve our website, products, and services • To send you marketing communications where you have consented or where we have a legitimate interest Legal bases for processing: contract performance, legal obligation, legitimate interests, and consent (where applicable).

We may share your personal data with: Banking & Payment Partners: FCA-authorised banks and licensed payment institutions we partner with to deliver our services. KYC/AML Providers: Identity verification and fraud prevention services (e.g., Onfido, Jumio, or equivalent). Regulatory Authorities: The Financial Conduct Authority (FCA), HMRC, law enforcement agencies, and other regulators where required by law. IT & Cloud Service Providers: Hosting, data storage, and software providers operating under strict data processing agreements. Professional Advisers: Lawyers, auditors, and consultants under confidentiality obligations. We do not sell your personal data to third parties for marketing purposes.

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Under the Money Laundering Regulations 2017, we are required to retain KYC and transaction records for a minimum of 5 years from the end of the business relationship or the date of the transaction. After the applicable retention period, your data will be securely deleted or anonymised.

Under UK GDPR and the Data Protection Act 2018, you have the following rights: • Right of Access: Request a copy of the personal data we hold about you. • Right to Rectification: Request correction of inaccurate or incomplete data. • Right to Erasure: Request deletion of your data where there is no compelling reason for its continued processing. • Right to Restriction: Request that we restrict processing of your data in certain circumstances. • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format. • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes. • Rights in Relation to Automated Decision-Making: Not be subject to solely automated decisions that significantly affect you. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies we use include: Strictly Necessary Cookies: Required for the website to function and cannot be switched off. Performance Cookies: Help us understand how visitors interact with our website by collecting anonymous information. Functional Cookies: Enable enhanced functionality and personalisation. Targeting Cookies: Used to deliver relevant advertisements and track campaign effectiveness. You can control cookie settings through your browser. Disabling certain cookies may affect the functionality of our services.

We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication, role-based access controls, regular security audits, and staff training on data protection. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by posting a prominent notice on our website. The date at the top of this policy indicates when it was last updated. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us: Data Controller: Spendix Technology Limited Email: [email protected] Phone: Call us: 1325 630604 | International: +44 1325 630604 Address: 86–90 Paul Street, London EC2A 4NE, United Kingdom For data protection enquiries, please mark your correspondence "Data Protection" in the subject line.