Our relationship with you
In this notice, “we,” “our” or “us” refers to the Verto group entity providing you with a product or service and that is responsible for the handling of your personal data. This entity is typically referred to as a "data controller". You can find out which Verto entity you are a customer of by checking our Terms of Service. “You” or “your” refers to the individuals who represent their business, such as in the capacity of an Authorised User of a Verto Platform Account (“Account”), director, shareholder, founder, or ultimate beneficial owner. When we refer to “business” we mean the entity that holds the Account (our “Customer”).
Navigating this privacy notice
What personal data we obtain
Why we use personal data
Who we share it with
What your rights are and how to exercise them
How to contact us
Personal data we collect about you
Personal data, or personal information, means any information about an identified or identifiable individual. Privacy and data protection laws primarily apply to individuals. While these laws generally do not extend to legal entities themselves (such as limited liability companies), they do apply to the individuals associated with those entities. This notice describes the processing of the personal data related to those individuals.
We will collect and process personal data about you in the following ways:
Information you give us
Categories | Types of personal data |
Contact details | Full name, work email address, phone number. |
Shareholder and Director details | Information related to shareholders, including beneficial owners, and directors, which may include a copy of an identity document and residential address for Know-Your-Business purposes. |
Biometric data | Typically a scan of your face taken from a photo or video selfie to compare with the photograph of you on the copy of your identity document that you submit. |
Correspondence data | Correspondence between you and Verto including call recordings, call / chat transcripts, emails, feedback and survey responses. |
Information collected automatically, through your use of our services
Categories | Types of personal data |
Technical data | Details of the internet protocol (IP) address used to connect your device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the type of device you use, whether your device uses a virtual private network (VPN), a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, and the type of mobile browser you use. |
Usage data | Information about your visit and use of our services including what you viewed and what you clicked on and the date and time of your actions, what you viewed and searched for, page and app performance including response times, whether there were errors or issues, length of time of your visit and use, your interactions with a page including scrolls and clicks and, how you navigated away from a page. |
Cookies and similar technologies | Please see our separate Cookie Policy on our website. |
Location data | Information that identifies your location in a reasonably specific way based on an IP address or GSM, GPS and/or WiFi. We will request and obtain your permission through your device settings where required to do so. |
Information we receive from other sources
Categories | Types of personal data |
Information from financial institutions | We may receive personal information from other banks and financial institutions. For example, when you ask us to, we may collect information about bank accounts that you choose to connect to your Verto account (for example through Open Banking in the UK or EEA, or when you’re setting a direct debit method such as ACH in the US, or EFT in Canada). |
Advertising networks, analytics providers, and search information provider, external data providers | May provide us with information about you, including confirmation of how you found our website. |
Information from fraud prevention agencies and government or private databases | In some jurisdictions, we may check the information you have provided to us with government or private identity record databases or company registers, fraud prevention agencies, other private entities, or with credit reference agencies to confirm your identity and to combat fraud. |
Information from publicly available sources | We may collect information from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, and Know Your Business (“KYB”) purposes. |
Information from our Customer | Where an individual makes a payment to our Customer, we may collect information such as the full name, date of birth and/or nationality of this individual, in order to conduct any compliance checks that may be required by applicable laws or regulations. |
Sensitive personal data
We may be required to collect personal data that is considered sensitive or is classified as “special category” personal data. Sensitive personal data usually requires added protections under local law. We will only process sensitive personal data for limited purposes and when permitted by local law.
We may process the following categories of sensitive or “special categories” of personal data:
Biometric data (see the section “Biometric data” below)
Personal data concerning criminal convictions and offences
Where we obtain sensitive personal data about you for carrying out KYB and anti-money laundering (“AML”) screening, we typically do so because it is necessary to comply with our legal obligations under relevant regional and local AML and anti-financial crime laws.
Biometric data
We need to verify the identity of our Customers’ shareholders, directors and/or ultimate beneficial owners before an account can be opened with Verto. To verify your identity, we will ask you to take a photo or video selfie which we’ll compare with the photo on your chosen identity document (e.g., your passport or national ID book or card) to see if they match. The information collected from your selfie includes biometric data, which we process to comply with strict KYB and AML screening requirements.
How we use your information
We will only use your personal data when the law allows us to. In most cases, our legal basis will be one of the following:
Contractual necessity | Where processing personal data is necessary to carry out or enter into our agreement with you (for example, if the processing is needed to make and receive payments). |
Legal obligation | Where we have a legal obligation to process your personal data to comply with laws and regulations (such as collecting identification documents to comply with anti-money laundering laws). |
Legitimate interests | Where we have a legitimate reason to process your personal data that is reasonable when balanced against your rights and interests (for example, to understand how our services are used and to improve them). |
Consent | Where you have given us your consent to process your personal data. |
Substantial public interest | Where processing of personal data is necessary for reasons of substantial public interest, such as the prevention or detection of unlawful acts or preventing fraud. |
What we use your personal data for
Legal obligation | To determine is you are eligible to use our services We carry out checks to comply with KYB obligations under anti-money laundering laws. In some countries, as part of our KYB processes we extract face scan information (known as “biometric data”) from a selfie or video that you provide to compare with the picture of you on identity documents |
Contractual necessity Legal obligation Legitimate interests | To provide our products and services to you Provide services to you as requested, provide customer support services, and to monitor or record any communications between you and us, including phone calls for training and quality purposes. |
Contractual necessity Legal obligation Legitimate interests Substantial public interest | To ensure account safety, including protecting you from fraud To prevent, detect, or protect against actual or suspected fraud, unauthorised transactions, claims, liability, and financial or other crimes. To keep our anti-fraud measures effective, we can’t always share all the details about how we prevent fraud. To confirm that you are eligible to use our services and as part of our efforts to keep our services safe and secure. |
Legal obligations Legitimate interests | Compliance with legal and regulatory obligations protecting our business from enforcing your rights We may process your personal data: To comply with legal and/or regulatory requirements, including to respond to requests from public and government authorities, possibly outside your country of residence, upon demonstration of lawful authority; To prevent, detect, or protect against actual or suspected fraud, unauthorised transactions, claims, liability, and financial or other crimes, including conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so; To allow a third party or a financial institution that incorrectly sent money to recover money received by you in error or due to fraud; To verify information you provide to us; To investigate, manage, and resolve complaints. |
Legitimate interest | Marketing and analytics We may process your personal data: To personalise the marketing messages you receive about products and services we offer so they are more relevant and interesting; To measure or understand the effectiveness of our advertising and to deliver relevant advertising to you; To provide you with information about other similar products and services we offer which we feel may interest you. |
Legitimate interest | Maintaining and improving our services We may process your personal data: To administer our services and for internal operational, planning, audit, troubleshooting, data analysis, testing, research, statistical, and survey purposes; To undertake system or product development, including helping third party suppliers improve the services they provide to us; To improve our services and to ensure that they are presented in the most effective manner; We may use Artificial Intelligence (“AI”), including machine learning models and generative AI large language models (LLMs) to improve the efficiency and effectiveness of our services and our financial crime and fraud prevention processes. |
How we share your personal data
We may share your personal data with the following third parties:
Verto group entities | Other Verto entities may assist in providing our services to you, improving our operations, and supporting business functions such as customer support, technology, marketing, fraud prevention and compliance. |
Identity verification, KYB, sanctions screening and transaction monitoring services | We use service providers who support our identity verification, sanctions screening, transaction monitoring and general KYB processes and help us to comply with legal and regulatory requirements.
The following providers assist us in verifying your identity when your business applies for an account: Smile Identity AiPrise Inc. Au10tix |
Service providers acting on our behalf and other partners | We may share your data with trusted third-party service providers and partners, such as: Banks and other financial institutions we work with to provide our services (such as supporting the execution of payments, or the provision of the Account). Analytics and search engine providers that assist us in the improvement and optimisation of our site; Cloud storage providers and other technology service providers, that provide hosting, IT services, maintenance, and technical support to ensure our platform and services function smoothly.
These service providers and partners are required to process your data securely and only for the purposes specified in our agreement with them. |
Regulators, law enforcement agencies, and public authorities, including judicial and administrative courts | If we are under a duty to disclose or share your personal data in response to a subpoena, warrant, court order, properly constituted police request or as otherwise required by law, or in order to enforce or apply our Terms of Service and other applicable agreements, or to protect the rights, property, or safety of Verto, our customers, our employees, or others |
Fraud prevention agencies and providers of fraud prevention services | To prevent, detect, or protect against actual or suspected fraud, unauthorised transactions, claims, liability, and financial or other crimes, including conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so, or where required by law; |
Market research providers | To conduct market research on Verto’s products and services |
International Data Transfers
As a global provider of money transfer services and multi-currency accounts it is sometimes necessary to transfer your personal data to countries other than your country of residence.
When transferring personal data to other countries we take measures to comply with data protection laws applicable to those transfers. In particular where a transfer is to a country with data protection regulations that do not offer an equivalent level of data protection as your country, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice.
When a data transfer mechanism is mandated by applicable law we:
Transfer to countries or recipients that are recognised as having an adequate level of protection for personal data under applicable law;
Enter into EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office with the data importer; and
Employ other lawful methods available to us under applicable law.
More information about the third parties to whom we may transfer personal data, their locations, and the contractual arrangements in place to comply with applicable data protection laws can be provided to you if you send a request to dpo@verto.co.
Profiling and automated decision making
We use automated processes to check that your application to access Verto’s services and your use of Verto’s services meet our required standard, including verifying your identity, your business information and to help prevent fraud or other illegal activities. These processes may make an automated decision to reject your application or a proposed transaction, to block a suspicious attempt to log into your Verto account, or to close your account. If this happens, you will be notified and offered the opportunity to request further information about how the decision was reached and request a manual review. In any case, if you feel that an automated process may have impacted you, please contact support@verto.co.
Cookies
Our website and app use small files known as cookies, along with similar technologies like pixel tags and web beacons. These help us distinguish you from other users, see how you use our site and products while providing you with the best experience. They also enable us to improve our services and make sure that the ads you see online are more relevant to you and your interests. For more information about the cookies and technologies we use, as well as their purposes, see our Cookie Policy.
We also use pixels or web beacons in some of our emails to help us understand whether our email was delivered and opened, and whether links within the email were clicked. We use this information to measure the performance of our email campaigns, and to help us improve our future email communications.
Data Retention
We will retain your personal data only for as long as is necessary to fulfil the purposes for which we collected it. As a regulated financial institution, Verto is required by law to store some of your personal and transactional data beyond the closure of the Account with us. Typically we are required to retain that personal data for between five and ten years following account closure, depending on applicable laws.
We will always delete personal data that is no longer required by a relevant law. We do this automatically, so you don’t need to contact us to ask us to delete your data.
How we protect your personal information
We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. We use a variety of organisational and technical measures to:
Maintain the confidentiality, availability and integrity of your personal data; and
Make sure your personal data is not improperly used or disclosed
We have detailed information security and data protection policies which our employees are required to follow when they handle your personal data. Our employees receive data protection and information security training. Electronic data and databases are stored on secure computer systems with access controls in place to limit physical, system and information access to only authorised employees.
Verto has strict policies in place that control how we share your personal data with other companies. Before sharing personal data with any company, we thoroughly:
Vet the company in advance; and
Assess the security controls the company has in place to protect your personal data.
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to our app, website or other services we may provide.
You are responsible for keeping the Account secure by keeping your passwords, PINs, and one-time passcodes private. Do not share this information with anyone, as it may allow them access to the Account and personal data. Verto will never ask you for these details through phone calls, emails, or texts.
How we use your personal data for marketing
We may send you information about our products, services, news and promotions, or other Verto communication with you, by email, push or in-app notifications, text message or other means for marketing purposes. When we communicate with you for marketing purposes we will do so only in accordance with applicable laws.
You may opt out of receiving email marketing communications at any time by clicking on the “Unsubscribe” option included in every email marketing communication sent to you. Please note that unsubscribing from marketing content will not stop you from receiving important communications in relation to the security or operation of the Account (for example when we need to inform you of upcoming maintenance, changes to our Terms of Service, in the event of a security incident, etc.).
Your rights
Depending on the applicable law and the reason for the processing, you may be entitled to exercise the following rights:
Ask us to give you access to personal data | This right entitles you to receive confirmation that we process personal data relating to you and you may sometimes also be able to request a copy of the personal data. |
Ask to have personal data erased | This right entitles you to ask us to delete or remove personal data concerning you. Please note that we may not be able to comply with your request either in whole or in part because of certain legal reasons. To the extent that we can’t comply with your request we will get in touch with you to give you the reasons for our decision. |
Object to our processing of personal data | Where we process personal data based on our legitimate interests but you believe there are circumstances that mean we shouldn’t, you may submit an objection; however there may be times when we can demonstrate legitimate grounds that override your objection. If we believe we have legitimate grounds to override your objection we will be in touch with you to give you the reasons for our decision. You may also object to our processing for the purpose of sending you direct marketing communications. |
Ask for processing to be restricted | If you are unsure about the accuracy of the personal data we are processing relating to you or you think we shouldn’t be processing it or our reason for processing is unclear, you may ask us to restrict the processing. |
Ask for personal data to be corrected or updated | You may ask us to update any inaccurate or out of date record. |
Ask us to transfer (or “port”) personal data to you or to a third party | In limited circumstances, you may ask us to transmit to you or to another company personal data that you have provided to us in a structured, commonly used and machine readable format. |
Make a complaint to a supervisory authority | You may have the right under local law to complain to the local supervisory authority in your country. |
Verto will honour these rights to the extent required by law. You may exercise your rights by submitting a request by emailing us at dpo@verto.co.
Changes to our Privacy Policy
To keep up with changing legislation, best practice, and changes in how we process personal information, we may revise this notice at any time. In the case of significant or material changes to this notice, we will let you know.
How to contact us
For any general questions about your account or our services, please contact our Customer Success team at support@verto.co. Should you have a query in relation to this notice or about how we handle personal data, please send an email to dpo@verto.co.