Please read this Policy carefully, as it becomes legally binding when you use our Services. For the full definition of the capitalised words here, check our Customer Agreement. We take privacy and protection of your data very seriously and are committed to handling the personal information of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.
1. Data Controller
The Data Controller for the collection, processing and use of personal data is Wise Payments Malaysia Sdn. Bhd. with company registration number 201701025297, (“Wise”, “us”, “we”, “our'') with its address at WeWork Mercu 2, Level 40, No.3, Jalan Bangsar, Kampung Haji Abdullah Hukum, 59200 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur. If you have any questions about how we protect or use your data, please email us at firstname.lastname@example.org.
2. Data we collect about you
Personal data, or personal information, means any information about an identified or identifiable individual. It does not include anonymous data, which cannot be linked back to the individual. We will collect and process personal data about you as follows:
- 2.1 Information you give us.
- You may give us information about yourself when you sign up to use our Services, e.g. when you provide us with personal details including your name and email address. This also includes information you provide through your continued use of our Services, your participation in discussion boards or other social media functions on our Website or App, through entering a competition, promotion or survey, and by reporting problems with our Services. Additional information you give us for security, identification and verification purposes may include your address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security number, personal description and photograph.
- The content of your communications with us, which we collect via telephone call recordings, online chat, emails, direct messaging and other means.
- In some cases, including when you send or receive high value or high volume transactions, or where we need to comply with anti-money laundering regulations, we may also request more identification or commercial information from you, including a copy of latest audited accounts or bank account statement.
- In providing the personal data of any individuals other than yourself, including payment beneficiaries or if you are recommending a friend, or providing information on directors or owners of a company, or giving us access to your contacts list, you confirm that you have obtained consent from such individuals to disclose their personal data to us or are otherwise entitled to provide this information to us. You also confirm that you have their consent to our collection, use and disclosure of such personal data, for the purposes set out in this Policy.
- If you enable your discoverability feature for some of our Services we will generate a link and a nickname on your behalf to be shared. Such a link may include your name, business name, account details, nickname and, at your option, your avatar or photograph.
- Please ensure that your personal data is current, complete and accurate by logging onto your account and updating it whenever necessary.
- 2.2 Information we collect about you.
With regard to your use of our Services, we may automatically collect the following information:
- details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;
- technical information, including the internet protocol (IP) address used to connect your device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (including scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our Customer Support service; and
- Information about your marketing and communication preferences.
- 2.3 Information we receive from other sources.
We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them. These may include:
- the banks you use to transfer money to us will provide us with your basic personal information, including your name and address, financial information and bank account details;
- business partners may provide us with your name and address, as well as financial information, including card payment information;
- advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, including confirming how you found our website;
- we may validate with credit reference agencies with the information you have provided to us to confirm your identity; and
- fraud prevention agencies may provide information that helps us to combat fraud.
- 2.5 Sensitive data. As part of our identity verification process we collect, use and store biometric data, namely face scan information extracted from photos [and videos] to compare pictures of you on identity documents with each other and with a selfie that you provide to verify your identity and for anti-fraud checks, and to improve these processes. We ask for you to specifically consent to the collection, use and storage of your biometric data during the verification process. If you do not consent, we offer alternate methods to verify your identity which may take longer. We will not disclose or disseminate any biometric data to anyone other than our identity verification providers, or when required by applicable laws and regulations, or pursuant to a valid order from a court. In any case, we do not sell, lease, trade or otherwise benefit from your biometric data. We will retain biometric data for the period necessary to complete the identity verification process, and in any case no longer than 1 year after collection, unless required by law or legal process to keep it longer. See section 3 for more information on how we protect this data. We also monitor the way you login and interact with our website or app in order to validate your identity and support the detection of fraudulent or suspicious attempts to access your Wise Account.
- 2.6 Children’s data. Our products and services are directed at adults aged 18 years and over, and not intended for children. We do not knowingly collect data from this age group. Any data collected from a child before their age is determined will be deleted.
3. How we protect your personal information
- 3.1 We take the safeguarding of your information very seriously. The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data during transmission, and any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to ensure it stays secure, including:**
- Communication over the Internet between you and Wise servers is encrypted using strong asymmetric encryption. This makes it unreadable to anyone who might be listening in;
- We update and patch our servers in a timely manner;
- We run a Responsible Disclosure and bug bounty program to identify any security issues in Wise services;
- Our technical security team proactively monitors for abnormal and malicious activity in our servers and services;
- We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards (including obligations to protect any information and applying appropriate measures for the use and transfer of information); and
- When information you’ve given us is not in active use, it is encrypted at rest. This means it’s unreadable without the decryption key.
You can find out more from our security page.
3.2 We are regularly audited to confirm we remain compliant with our security certifications, including SOC 2 and PCI-DSS. As part of these audits, our security is validated by external auditors.
3.3 We restrict access to your personal information to those employees of Wise who have a business reason for knowing such information and third party service providers’ processing data on our behalf. All Wise employees who have access to your personal data are required to adhere to this Policy and all third-party service providers are requested by Wise to ensure appropriate safeguards are in place. In addition, contracts are in place with such third-party service providers acting as data processors for Wise that have access to your personal data, to ensure that the level of security required in your jurisdiction is in place, and that your personal data is processed only as instructed by Wise.
3.4 We continuously educate and train our employees about the importance of confidentiality and privacy of customer personal information. We maintain physical, technical and organisational safeguards that comply with applicable laws and regulations to protect your personal information from unauthorised access.
4. Ways we use your information
- 4.1 Purposes for which we will use your personal data: the ways we plan to use your personal data are described below.
- Where you have given us your consent to process your data;
- to carry out our obligations relating to your contract with us for the provision of Services;
- to provide you with information, products and services;
- to comply with any applicable legal and regulatory requirements, including to respond to requests from public and government authorities in your country of residence and other countries upon demonstration of lawful authority;
- to prevent and detect crimes, including fraud and financial crime;
- to notify you about changes to our Services and send you other administrative information;
- as part of our efforts to keep our Services safe and secure;
- to administer our Services and for internal operational, planning, audit, troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to undertake system or product development, improve our Services and to ensure that they are presented in the most effective manner;
- to allow other Wise customers to request or send money to you through our services when providing information that matches your phone number or email address;
- to measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;
- to allow you to participate in interactive features of our Services, when you choose to do so;
- to provide you with information about other similar goods and services we offer, with your consent;
- to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you, with your consent;
- to take steps to recover amounts owed to us and to allow us to pursue available remedies or limit damages that we may sustain;
- to enforce our Customer Agreement with you; and
- on rare occasions, to help safeguard our customers, employees or other individuals by notifying the emergency services.
5. Disclosure of your personal data
5.1 We may share your personal data with third parties including:
- affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter into with them or you and to help them improve the services they provide to us;
- advertisers and advertising networks to select and serve relevant adverts to you and others with your consent;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- our group entities and subsidiaries; and
- limited information is sent to payment beneficiaries when you initiate a payment transaction.
5.2 We may disclose your personal information to third parties:
- including affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter into with them or you;
- in the event that we sell any of our business or assets or combine with another organisation, in which case we may disclose your personal data to the prospective buyer of such business or assets or prospective organisation with which our business or assets may be combined;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Customer Agreement and other applicable agreements; or to protect the rights, property, or safety of Wise, our customers, our employees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- to assist us in conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
- to prevent and detect fraud or crime;
- in response to a subpoena, warrant, court order, properly constituted police request or as otherwise required by law;
- to assess financial and insurance risks;
- to recover debt or in relation to your insolvency, or to allow a party sending money or a financial institution that sent money to recover money received by you in error; and
- to develop customer relationships, services and systems;
- if you consent, to share your details when using our Services.
5.3 If your discoverability feature is enabled, Wise customers can search for you via the email address or phone number registered to your Wise account. You can manage this discoverability feature under your account settings. You can also generate a link to share with any users to make it easier to send and receive money.
5.4 We do not have a list of all third parties we share your data with, as this would be dependent on your specific use of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to email@example.com.
6. Sharing and storing your personal data
- 6.1 We may transfer your data to and and store it in countries outside Malaysia for the performance of our Services. This includes processing by. staff or third-party service providers who may be engaged in activities that include the fulfilment of your payment order, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. We will also ensure that appropriate safeguards are in place.
7. Profiling and Automated Decision Making
- 7.1 We may use some elements of your data to customise our Services and the information we provide to you, and to address your needs, including your country of residence and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected and we use pseudonymised data wherever possible. This activity has no legal effect on you.
- 7.2 We use automated processes to check your application for an account at Wise meets our required standard, including verifying your identity, and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to login to your Wise account, or to close your account. If this happens, you will be notified and offered the opportunity to provide further information and challenge the decision through an appeal mechanism, which includes a manual review.
9. Data Retention
- 9.1 We will retain your personal data only for as long as is necessary to fulfil the purposes for which we collected it. As a regulated financial institution, Wise is required by law to store some of your personal and transactional data beyond the closure of your account with us. We only access your data internally on a need to know basis, and we’ll only access or process it if absolutely necessary.
- 9.2 We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate. We do this automatically, so you don’t need to contact us to ask us to delete your data.
- 9.3 Learn more about the retention periods for your data
10. Your rights
10.1 Subject to applicable laws, you may have certain rights regarding the information we hold about you. Your rights can be exercised in accordance with the relevant data protection legislation. If you have any questions in relation to our use of your personal information, contact us. You may have the right to:
Request a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. We may need to verify the accuracy of the new data you provide to us.
Ask us to delete personal information where there is no good reason for us to continue to process it. We may not always be able to comply with your deletion request for specific legal reasons which will be notified to you, if applicable, in our response to your request, including financial regulations that may require us to hold your personal data for a period after the closure of your account.
Withdraw your consent for us to process data, where our lawful basis for processing is based on that consent. Note that withdrawal of consent does not affect the lawfulness of processing which may have taken place prior to withdrawal of consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
Request us to cease direct marketing to you, by contacting us or adjusting your notification preferences in the settings section of your account.
Ask us to suspend the processing of your personal data in the following situations: (i) if you want us to determine the data's accuracy; (ii) where our processing of the data is unlawful but you do not want us to delete it at this time; (iii) where you wish us to retain the data even if we no longer require it because you need it to establish, exercise or defend legal claims; or (iv) you have objected to us using your data but we need to confirm whether or not we have over-riding legitimate grounds to continue using it.
Request the transfer of your personal data to a third party or yourself. We will provide you or your chosen third party with the personal data you provided to us in a structured, commonly used, machine-readable format. This right applies only to information where we used the information to perform a contract with you or where you initially consented for us to use it.
Should you have any queries or concerns on inaccurate, unlawfully obtained or unauthorised use of your personal data, you may raise such matters with the Personal Data Protection Commissioner.
10.2 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (including the prevention or detection of crime) and our interests (including the maintenance of legal privilege). If you exercise any of these rights we will respond in most cases within 21 days.
10.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
10.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
11. Third-party links
- 11.1 Our Services may, from time to time, contain links to the websites of our partner networks, advertisers and affiliates. Please note that these websites have their own privacy policies and that we do not accept any responsibility for them, so if you follow a link, check these policies before you submit any personal data to these websites.
- 12.1 To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this Policy at any time without notice by posting a revised version on this website. To stay up to date on any changes, check back periodically.
- 13.2 If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws. In Malaysia, it will be the Personal Data Protection Commissioner at (https://www.pdp.gov.my/jpdpv2/).