Scallop : Banking. Beyond Borders.

1. Introduction  

This Privacy Policy explains how the Scallop Group collects, uses, stores, shares, and protects personal data when customers access or use the Scallop website, mobile application, and any related platforms or services (collectively, the Platform). In this Privacy Policy, “Scallop”, “we”, “us” and “our” refer to the Scallop Group, acting through the relevant entity involved in the provision, operation, or support of the services. The relevant Scallop Group entity will be the data controller for the personal data processed in connection with the services it provides or supports, unless stated otherwise.
It is important to read this Privacy Policy together with any other notices or policies we may provide from time to time regarding the collection and processing of personal data. This Privacy Policy supplements such notices and policies and does not override them.
The Scallop Group operates as a group of independent entities in multiple jurisdictions. Each entity processes personal data in accordance with applicable data protection laws and regulatory requirements relevant to its activities. Where local law requires specific disclosures or customer rights, those will apply in addition to this Privacy Policy.
Our Legal and Compliance function is responsible for overseeing questions relating to this Privacy Policy. Customers may contact us using the details set out in Section 10.

2. Purpose of this Policy

The purpose of this Privacy Policy is to inform customers how we handle personal data when they use the Platform and related services. This includes personal data collected when customers visit, register, onboard, communicate with us, or use features of the Platform.

The Platform is not intended for use by children, and we do not knowingly collect personal data relating to children.

The purpose of this Privacy Policy is to inform customers how we handle personal data when they use the Platform and related services. This includes personal data collected when customers visit, register, onboard, communicate with us, or use features of the Platform.

The Platform is not intended for use by children, and we do not knowingly collect personal data relating to children.

3. Collection of your personal data

What information do we collect We may collect, use, store, and transfer different kinds of personal data, including:

Identity data -
Information provided for onboarding, verification, and due diligence, including information processed through identity verification and compliance service providers.
Contact data -
Physical address, email address, telephone number, and other contact details.
Financial data -
Payment account information, funding and payout details, and other information required to provide services.
Transaction data -
Details about transactions and activity carried out through the Platform, including amounts, currencies, counterparties, recipient details, bank details, and related metadata.
Technical data -
Internet protocol address, browser type and version, time zone setting, location data where permitted, device identifiers, operating system, platform, and other technology information from devices used to access the Platform.
Profile data -
Preferences, feedback, survey responses, and customer support communications.
Usage data -
Information about how customers use the Platform, including features accessed and interaction patterns.
Aggregated data -
Statistical or demographic data derived from personal data that does not directly or indirectly identify a customer.
How do we collect personal data -
We use different methods to collect data, including:
Direct interactions -
When customers complete forms, provide information during onboarding, communicate with us, or submit support requests.
Automated technologies -
When customers interact with the Platform, we may automatically collect technical and usage data using cookies and similar technologies. Please see our Cookie Policy where available.
Third parties -
We may receive personal data from service providers such as analytics providers, identity verification providers, compliance providers, payment service providers, banking partners, card programme partners, custodians, and other infrastructure providers, subject to applicable law.
Do customers have to provide personal data -
We require certain personal data to provide services, to perform onboarding and verification, and to comply with legal and regulatory obligations. If customers do not provide required information, we may not be able to offer certain services.
How do we use personal data -
We will only use personal data where permitted under applicable law. Common purposes include: Account creation and onboarding
To register customers, create a Platform account, and maintain customer records.
Identity verification and compliance -
To verify identity, perform due diligence, prevent fraud, conduct anti money laundering and counter terrorist financing checks, perform sanctions screening, and conduct ongoing monitoring.
Providing services-
To operate the Platform, process transactions, provide customer support, and deliver requested services.
Communications-

To send service related communications such as confirmations, operational notices, security alerts, and important updates.
Improvement and analytics-
To improve the Platform, develop features, troubleshoot, and perform analytics.
Legal and regulatory obligations -

To comply with applicable laws, respond to lawful requests, and enforce our rights.
Marketing-

Where permitted by applicable law, and where required, based on customer preferences or consent. Data accuracy-

It is important that the personal data we hold is accurate and current. Customers should inform Customer Support of changes to their personal details without undue delay.

When do we disclose personal data-
We may share personal data within the Scallop Group and with trusted third party service providers where necessary to provide services and operate the Platform. We take steps to ensure that personal data is processed in accordance with applicable data protection laws.

Personal data may be shared with:

Platform and technology providers-

Hosting providers, cloud services, software and infrastructure providers, analytics providers, and security service providers.
Verification and compliance providers -

Identity verification providers, sanctions screening providers, fraud prevention providers, and related compliance service providers.
Payments and financial partners -

Banks, payment service providers, card issuers or programme partners, processors, and settlement partners.
Professional advisers -

Legal, audit, compliance, and other professional advisers where necessary.
Authorities -
Regulators, supervisory authorities, law enforcement, courts, and government bodies where required by applicable law or where necessary to protect legal rights.
Corporate transactions -

If the Scallop Group engages in a merger, acquisition, reorganisation, financing, or sale of assets, personal data may be shared for due diligence and transaction completion, subject to confidentiality and applicable law.
International transfers -
The Scallop Group may operate and use service providers in multiple jurisdictions. Where personal data is transferred internationally, we take appropriate measuresrequired by applicable law to protect personal data. This may include contractual protections and additional safeguards where required. How long we store personal data -
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including legal, regulatory, accounting, and reporting requirements. Retention periods depend on the nature of the data and applicable legal obligations. Where required, we may retain data for longer periods to establish, exercise, or defend legal claims, or as required by law

What information do we collect We may collect, use, store, and transfer different kinds of personal data, including:

Identity data -
Information provided for onboarding, verification, and due diligence, including information processed through identity verification and compliance service providers.
Contact data -
Physical address, email address, telephone number, and other contact details.
Financial data -
Payment account information, funding and payout details, and other information required to provide services.
Transaction data -
Details about transactions and activity carried out through the Platform, including amounts, currencies, counterparties, recipient details, bank details, and related metadata.
Technical data -
Internet protocol address, browser type and version, time zone setting, location data where permitted, device identifiers, operating system, platform, and other technology information from devices used to access the Platform.
Profile data -
Preferences, feedback, survey responses, and customer support communications.
Usage data -
Information about how customers use the Platform, including features accessed and interaction patterns.
Aggregated data -
Statistical or demographic data derived from personal data that does not directly or indirectly identify a customer.
How do we collect personal data -
We use different methods to collect data, including:
Direct interactions -
When customers complete forms, provide information during onboarding, communicate with us, or submit support requests.
Automated technologies -
When customers interact with the Platform, we may automatically collect technical and usage data using cookies and similar technologies. Please see our Cookie Policy where available.
Third parties -
We may receive personal data from service providers such as analytics providers, identity verification providers, compliance providers, payment service providers, banking partners, card programme partners, custodians, and other infrastructure providers, subject to applicable law.
Do customers have to provide personal data -
We require certain personal data to provide services, to perform onboarding and verification, and to comply with legal and regulatory obligations. If customers do not provide required information, we may not be able to offer certain services.
How do we use personal data -
We will only use personal data where permitted under applicable law. Common purposes include: Account creation and onboarding
To register customers, create a Platform account, and maintain customer records.
Identity verification and compliance -
To verify identity, perform due diligence, prevent fraud, conduct anti money laundering and counter terrorist financing checks, perform sanctions screening, and conduct ongoing monitoring.
Providing services-
To operate the Platform, process transactions, provide customer support, and deliver requested services.
Communications-

To send service related communications such as confirmations, operational notices, security alerts, and important updates.
Improvement and analytics-
To improve the Platform, develop features, troubleshoot, and perform analytics.
Legal and regulatory obligations -

To comply with applicable laws, respond to lawful requests, and enforce our rights.
Marketing-

Where permitted by applicable law, and where required, based on customer preferences or consent. Data accuracy-

It is important that the personal data we hold is accurate and current. Customers should inform Customer Support of changes to their personal details without undue delay.

When do we disclose personal data-
We may share personal data within the Scallop Group and with trusted third party service providers where necessary to provide services and operate the Platform. We take steps to ensure that personal data is processed in accordance with applicable data protection laws.

Personal data may be shared with:

Platform and technology providers-

Hosting providers, cloud services, software and infrastructure providers, analytics providers, and security service providers.
Verification and compliance providers -

Identity verification providers, sanctions screening providers, fraud prevention providers, and related compliance service providers.
Payments and financial partners -

Banks, payment service providers, card issuers or programme partners, processors, and settlement partners.
Professional advisers -

Legal, audit, compliance, and other professional advisers where necessary.
Authorities -
Regulators, supervisory authorities, law enforcement, courts, and government bodies where required by applicable law or where necessary to protect legal rights.
Corporate transactions -

If the Scallop Group engages in a merger, acquisition, reorganisation, financing, or sale of assets, personal data may be shared for due diligence and transaction completion, subject to confidentiality and applicable law.
International transfers -
The Scallop Group may operate and use service providers in multiple jurisdictions. Where personal data is transferred internationally, we take appropriate measuresrequired by applicable law to protect personal data. This may include contractual protections and additional safeguards where required. How long we store personal data -
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including legal, regulatory, accounting, and reporting requirements. Retention periods depend on the nature of the data and applicable legal obligations. Where required, we may retain data for longer periods to establish, exercise, or defend legal claims, or as required by law

4. Data security

We implement appropriate technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. Access to personal data is limited to personnel and service providers who have a business need to know and who are subject to confidentiality obligations.

5. Data retention

We retain personal data for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, and reporting requirements. We consider the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal requirements.

6. Your legal rights

Depending on the customer’s location and applicable law, customers may have rights such as:

Access - Request a copy of personal data and information about how it is processed.
Correction - Request correction of inaccurate or incomplete personal data.
Erasure - Request deletion of personal data where permitted, subject to legal and contractual obligations.
Objection - Object to processing where we rely on legitimate interests, subject to applicable law.
Restriction - Request restriction of processing in certain circumstances.
Portability - Request transfer of personal data in a structured, commonly used, machine readable format where applicable.
Withdraw consent - Where processing is based on consent, customers may withdraw consent at any time. This does not affect processing carried out before withdrawal. To exercise rights, customers should contact us using the details in Section 10. We may need to verify identity before responding.

Depending on the customer’s location and applicable law, customers may have rights such as:

Access - Request a copy of personal data and information about how it is processed.
Correction - Request correction of inaccurate or incomplete personal data.
Erasure - Request deletion of personal data where permitted, subject to legal and contractual obligations.
Objection - Object to processing where we rely on legitimate interests, subject to applicable law.
Restriction - Request restriction of processing in certain circumstances.
Portability - Request transfer of personal data in a structured, commonly used, machine readable format where applicable.
Withdraw consent - Where processing is based on consent, customers may withdraw consent at any time. This does not affect processing carried out before withdrawal. To exercise rights, customers should contact us using the details in Section 10. We may need to verify identity before responding.

7. Third party links

The Platform may include links to third party websites, plug ins, and applications. We do not control third party sites and are not responsible for their privacy practices. Customers should review the privacy notices of any third party sites they visit.

8. Complaints

Customers may contact us with questions or complaints about this Privacy Policy or our handling of personal data using the details in Section 10.
Where applicable under local law, customers may also have the right to lodge a complaint with a relevant data protection authority or supervisory body in their jurisdiction.

9. Changes to the Policy

We may update this Privacy Policy from time to time, for example to reflect changes to services, legal requirements, or operational practices. Any changes will take effect immediately upon publication on the Platform. Where required by applicable law, we may provide additional notice of material changes.

10. Contact details

If customers have questions about this Privacy Policy or wish to exercise legal rights, they may contact us:
Email: support@scallopx.com