Group Privacy Notice

Please select below your preferred language for the privacy notice

1. Introduction

Welcome to the Ebury Group’s Privacy Notice. This Privacy Notice explains how companies within Ebury Group (“we”, “us” or “our”) are committed to protecting and respecting your privacy.

As part of our normal business operations, we collect certain personal data from our clients.  This Privacy Notice sets out the legal basis for processing any such personal data or personal information that we collect or that you provide to us. Please read this notice carefully to understand our practices regarding your personal data or personal information. This Privacy Notice must be considered in conjunction with the Terms and Conditions applicable to each operating jurisdiction. By visiting ebury.com, ebury.nl
, ebury.pt, ebury.es, ebury.cz, ebury.pl, ebury.fr, ebury.au, ebury.ca,
fr.ebury.ca, es.ebury.ca, ebury.ae, ebury.lu, nl.ebury.be, ebury.be, fr.ebury.ch, ebury.ch, ebury.de, ebury.it, ebury.gr, ebury.ro, ebury.se, ebury.bg, epm.ebury.com, ebury.cl, ebury.za.com, ebury.mx, ebury.co.nz, online.ebury.com, bos-auth.eburypartners.com, partnerportal.ebury.com and our ebury mobile application ("our sites") you are accepting the practices described in this notice.

2. Who are we?

Ebury Group is made up of a mix of companies set up in the different jurisdictions in which we operate. You will be told which company you have a relationship with when you purchase a product or service from us. This company is known as the “Data Controller” of your personal data. You can click here to find the legal name of our companies, as per the operating jurisdiction.

3. Which are the applicable Data Protection Laws?

The applicable Data Protection Laws are:

  • the EU General Data Protection Regulation, and
  • any other applicable Data Protection Law in effect in your country of residence. You can find the applicable Data Protection Laws here.

These shall be hereinafter referred to as the (“Regulations”).

4. Which type of data do you collect from me?

Depending on your country of residence, we may collect, use, store, process and transfer the following personal data about you. Personal data or personal information means any information from which an individual can be identified. It does not include data with the identity removed (anonymous data) or any data on a legal entity.

Identity data

Title, first name, surname, father’s name, date of birth, nationality, tax identification number, city and country of birth, ID document

Contact Data

Residential address, email address and phone number

Financial Data

Financial and credit information

Profile Data

Username, products used by you, occupation, occupation address, feedback and survey responses

Marketing Data

Preferences for receiving marketing communications from us or from our third parties

Transaction Data

Payment details

Technical Data

The internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

Usage Data

Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call our client service number

5. How do you collect my personal data?

Direct Interactions

Information you give us through the use of our sites or our services.

  • You may give us information about you by filling in forms on our sites or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our sites, subscribe to our services, place an order or engage in any transaction via our sites, or report a problem with our sites.

  • You may give us information relating to beneficiaries, shareholders, trustees and directors so we can deliver our services. The information you give us may include their name, address, email address and phone number, financial and credit information.
  • You may give us information relating to other accounts held by other financial institutions so we can deliver our services. The information you give us may include the bank code, the bank country, the type of account, the name of the bank and the account number.

This may be through filling in forms on our sites or by corresponding with us by phone, email or otherwise. You must obtain appropriate consent before disclosing such information to us.

Third Parties or Publicly Available Information

  • We may receive information about you if you use any other websites we operate or other services we provide. This data may be shared internally and combined with data collected on this site.
  • We may receive personal data while working with third parties (including but not limited to, for example, introducers, business partners, sub-contractors working for technical, payment and delivery service providers, advertising networks, analytics providers, search information providers, screening providers, identity verification service providers, A.I providers, credit reference agencies) and may receive additional information about you from them.
  • We may receive personal data from public sources such as social media websites, news websites and company registers worldwide.

We ensure full compliance with the Regulations irrespective of how we obtain any information.

6. How do you use my personal data?

We will only use the information you give to us when the applicable law allows and as described below:

1. To enter into or perform a contract with you.


2. To comply with a legal or regulatory obligation as a Data Controller and regulated business:

  1. For the detention and prevention of crime.
  2. For compliance with anti-money laundering regulations and counter-terrorism financing regulations.
  3. For compliance with requests for information from law enforcement, courts or regulators.


3. When we have your consent:

  1. When you are an existing client, we will only contact you with information about services similar to those which were the subject of a previous sale or negotiations of a sale to you.
  2. When you are a new private customer, we will only contact you if you have consented to such.


You may withdraw this consent at any time by using the links provided at the bottom of marketing emails from us, or by contacting our DPO. This will only affect the way we use personal information when the basis for doing so is your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. If this is the case, we will notify you.

4. To fulfil our legitimate interest or that of a third party, and any such interests are not overridden by your interests or rights in the protection of your personal data.

Please refer to the table below for the legal basis for processing your personal data (depending on your country of residence):

PURPOSE OF THE PROCESSING

LEGAL BASIS FOR PROCESSING

To register you as a new customer and to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

To carry out our obligations arising from any contracts entered into between us and third parties relating to the services provided to you

Performance of a contract with you; and comply with a legal obligation

To provide you with information about other products and services we offer

Necessary for our legitimate interest

To notify you about changes to our service

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

To respond to any enquiry you have made through our sites, or via phone, email or otherwise.

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

To comply with legal obligations we are subject to as a Data Controller and regulated business.

Comply with a legal obligation

To help you provide services to your customers (beneficiaries)

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

To administer and protect our business and our website (including troubleshooting, data analysis system maintenance, testing, support, reporting and data hosting)

Necessary for our legitimate interest
Necessary to comply with a legal or regulatory obligation

To promote new products and services offered by other parties which we think may be of interest to you

Legitimate interest

To improve our products and services

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

Where required, to protect your vital interests or those of another natural person

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

PURPOSE OF THE PROCESSING

To register you as a new customer and to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

PURPOSE OF THE PROCESSING

To carry out our obligations arising from any contracts entered into between us and third parties relating to the services provided to you

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; and comply with a legal obligation

PURPOSE OF THE PROCESSING

To provide you with information about other products and services we offer

LEGAL BASIS FOR PROCESSING

Necessary for our legitimate interest

PURPOSE OF THE PROCESSING

To notify you about changes to our service

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

PURPOSE OF THE PROCESSING

To respond to any enquiry you have made through our sites, or via phone, email or otherwise.

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

PURPOSE OF THE PROCESSING

To comply with legal obligations we are subject to as a Data Controller and regulated business.

LEGAL BASIS FOR PROCESSING

Comply with a legal obligation

PURPOSE OF THE PROCESSING

To help you provide services to your customers (beneficiaries)

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

PURPOSE OF THE PROCESSING

To administer and protect our business and our website (including troubleshooting, data analysis system maintenance, testing, support, reporting and data hosting)

LEGAL BASIS FOR PROCESSING

Necessary for our legitimate interest
Necessary to comply with a legal or regulatory obligation

PURPOSE OF THE PROCESSING

To promote new products and services offered by other parties which we think may be of interest to you

LEGAL BASIS FOR PROCESSING

Legitimate interest

PURPOSE OF THE PROCESSING

To improve our products and services

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

PURPOSE OF THE PROCESSING

Where required, to protect your vital interests or those of another natural person

LEGAL BASIS FOR PROCESSING

Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

7. With whom do you share my personal data?

Internal Third Parties

We may share your personal information with any member of our group, which means our branches, our representative offices, our subsidiaries, our ultimate holding company and its subsidiaries. Any such sharing will be done in full compliance with the Regulation.

External Third Parties

  • Business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you.

  • Analytics and search engine providers that assist us in the improvement and optimisation of our sites and services.

  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you:

  • If you are a resident of the United Kingdom, your personal information we have collected from you will be shared with CIFAS tο prevent fraud and money laundering and to verify your identity.

  • Depending on your country of residence and where you provide consent, identity verification services for the purpose of confirming your identity through online applications:

  • Police and law enforcement agencies, where required to do so by law.

  • Depending on your country of residence, we are a participant in Amazon's payment service provider ("PSPs") program which is designed to enhance its ability to detect, prevent and take action against parties operating in poor faith so Amazon and participating PSPs can continue to protect customers and sellers from fraud and abuse. As a PSP, if your Ebury account is registered with Amazon, we would share with Amazon certain data collected during the onboarding process with us and as you use our Services. This may include data collected by us in the framework of an anti-money laundering obligation, such as identification data, contact information and details regarding your accounts with Ebury and your bank account. If Amazon deactivates or terminates your account with them due to (i) abuse, fraud, illegal activity, (ii) a breach of their terms and conditions or (iii) Amazon has initiated litigation or enforcement action against you, we may share additional information, including transaction-related information on your account with us.
  • We may disclose your personal information to third parties:

    • If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.

    • If Ebury Partners UK Limited or substantially all of its assets are acquired by a third party, in which case personal information held by it about its clients will be one of the transferred assets.

8. Where do you store my data and do you transfer my data internationally?

We store your data in the European Economic Area (EAA) and in the United Kingdom (UK). However, some of our external third parties or our staff are based outside the European Economic Area (EAA), so their processing of your personal data may involve a transfer of your data outside the EAA. Whenever we transfer your data outside of the EAA, we ensure a similar level of protection is afforded to it by ensuring one of the following safeguards is implemented:


  • We will transfer your data to countries that have been deemed to provide an adequate level of protection (Adequacy Decision) for personal data by the European Commission.

  • Where we use certain service providers or our staff is operating outside of your country of residence, this is done so under relevant data protection laws, supported by specific contracts and/or clause wording approved by the European Commission (Standard Contractual Clauses) which gives your personal data the same protection it has in Europe.

9. For how long do you retain my data?

The period for which we will retain your data is dependent upon any statutory retention periods we are required to adhere to as a regulated organisation in the jurisdictions where we operate. After the expiration of that period, personal data shall be securely deleted, as long as it is no longer required for the fulfilment of any contract, initiation of a contract or in relation to other legal proceedings.

10. What rights do I have and how may I exercise them?

Right to be Informed

You have the right to be informed about the collection and use of your personal data.

Right of Access

You have the right to access your personal data. This is commonly referred to as Data Subject Access Request.

Right to Data Portability

You have the right to request that we transfer a copy of your Personal Data to another company. Note that the portability right does not extend to personal data which is inferred or derived by the Data Controller.

Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data. Note that this is not an absolute right and only applies in certain circumstances.

Right to Rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances. You have the absolute right to stop your data from being used for direct marketing.

Right to Erasure

You have the right to request that any Personal Data that we hold about you is erased once it is no longer required for the purposes for which it was collected. The right to erasure is also known as ‘the right to be forgotten’.

Rights related to Automated
Decision-Making including Profiling

If a fully automated decision is made on your account, you have the right to request that this decision be reviewed by a person and present any evidence that you believe may make your situation unique.

You can use this link to fill out a Privacy Request associated with the exercise of your Rights.

11. How do we secure your personal data?

At Ebury, safeguarding your personal data is paramount. We employ a comprehensive range of security measures to ensure the confidentiality, integrity and availability of your information. As part of our commitment to robust data protection practices, Ebury holds ISO 27001 certification, an internationally recognised standard for Information Security Management Systems. This certification validates our adherence to rigorous security protocols and demonstrates our dedication to maintaining the highest standards in securing your personal data. Additionally, our expert team continuously monitors and updates our security measures to adapt to evolving threats, providing you with a safe and secure environment for your personal data.

12. Do you use cookies?

We follow the “Express Consent” basis for processing cookies. The first time you visit our sites we will inform you of the cookies we use and you will be given the option to consent for us to use cookies. Some cookies are strictly necessary for the operation of our sites. Our third parties may also receive data about you if you visit other websites using our cookies, over which we have no control. These websites have their own privacy notices and we do not accept any responsibility or liability for these notices.

Please refer to our Cookies Notice for further information, by clicking on the cookie control icon at the bottom right of the page.

13. How can I contact you?

If you have any questions regarding this Privacy Notice, including any requests to exercise your legal rights, you can do so by using the details below:

  • by using this link to fill out a Privacy Request or to submit a complaint.

  • by email: [email protected] to the attention of our Data Protection Officer.

  • by writing to us at our registered office in the jurisdictions that apply to you; click here to find the relevant contact details.


We will respond to you within 30 days from the receipt of your request.

14. How may I lodge a complaint?

You have the right to lodge a complaint with the Supervisory Authority in your country of residence. For the purpose of our processing, the lead Supervisory Authority for each jurisdiction can be found here.

15. Changes to our Privacy Notice

This Notice was last updated on 28/10/2024. Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, communicated to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.