Effective February 2026
ZEPZ’s Customer Privacy Notice
Introduction
We are committed to protecting and respecting your privacy and handling your information in an open and transparent manner. Keeping your personal information secure is extremely important to us.
This global privacy statement (“Privacy Notice”) applies to the processing of personal information by ZEPZ companies in connection with the provision of WorldRemit and Sendwave products, services, websites, and mobile applications.
This Notice explains, among other things, what we do with your personal information, how we keep it secure, with whom we share your information, your rights in relation to the personal information we hold about you, and who you can contact for more information.
Highlights
ZEPZ companies offer an international payment service that provides money transfer and remittance services in over 130 countries and supports more than 70 currencies.
WorldRemit and Sendwave are part of WorldRemit Group, which includes WorldRemit Belgium SA, WorldRemit Limited, WorldRemit Corp, WorldRemit Inc, among others.
Where appropriate, we share your personal information with the Worldremit Group, its affiliates, partners, and other companies. Upon request or where we are legally obliged, we may share your information with public agencies.
We also collect from you information in relation to other people (for example, details of the recipients of your money transfers). In providing this information, you confirm to us that you have their permission to do so.
We collect facial scan data extracted from your photo or video (known as ‘biometric data’) to authenticate your identity.
We use third-party service providers to process your personal information on our behalf to perform our services for you. Due to the international nature of our business, some of these service providers may be based outside your country of residence.
You have several rights over your personal information, and the manner in which you can exercise those rights, such as your rights, are contained in this Notice.
We will send you direct marketing if permitted to do so. We do this to encourage you to use our services and send you offers or promotions that may be of interest to you. You can request that we stop sending you marketing information at any time. Details of how to unsubscribe will be included in each email that we send you. Alternatively, send us an email to dataprivacy@zepz.io with “URGENT - UNSUBSCRIBE REQUEST” in the subject line and the email address that you wish to be removed from the email.
We also use your personal information to display online adverts and marketing relating to our services on our website, online media channels or by sending you push notifications if you use our mobile app.
We do not intentionally use children’s information (our website and mobile application are not intended for children).
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to the Data Protection Officer at dataprivacy@zepz.io.
General
Who we are
You will know us by our brands: “WorldRemit" and “Sendwave". Our websites and Mobile Apps are operated and provided by ZEPZ companies ("ZEPZ", "we", "us", "our"), which are part of the WorldRemit Group. For a full list of Zepz companies within the WorldRemit Group, CLICK HERE.
If you reside in a country where we provide our services to you and are a user of our website worldremit.com / sendwave.com (“our”, “website”, “our”, “site”) and/or of WorldRemit/Sendwave mobile applications (“Mobile Apps”) we are a data controller for the purpose of Data Protection Legislation (as defined below). Please refer to the country-specific addenda below for details of the data controllers applicable to your jurisdiction.
In this Notice, references to "You" and "Your" are references to a user of our website and/or of our Mobile Apps.
Personal Data We May Collect
We may collect, record and use information about You in physical and electronic form and will hold, use and otherwise process this data in accordance with the Data Protection Legislation and as set out in this Notice.
The personal information we collect and use may include, amongst other things:
Your full name;
Your contact information such as Your email address, postal address and telephone number or any telephone number used to call us;
Your demographic information such as age, education, gender, and interests;
Evidence of Your identity (for example, passport information);
The reason for your transfer request;
Unique identifiers such as Your username, account number and password;
Your payment details and other financial data (for example, Your bank or payment card, payment method provider’s name and Your account number and sort code);
We may hold information about you which includes sensitive or special categories personal data, such as biometric information (for example: facial recognition, or Your image in photo or video form). We may use your biometric information to help identify you when you open account to verify your identity during onboarding as part of our Know-Your-Customer (KYC) checks or to authenticate you as an authorised user to operate an account or to comply with our AML obigations , fraud detection and prevention.
Online activities such as information about Your visit to our website, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
Your profiles and postings on any other social media applications and services that we provide or that You make available to us;
We also collect from You information in relation to other people (for example, details of the recipients of Your money transfers), where You provide us with such information. In providing this information you confirm to us that you have obtained all necessary permissions from them to the reasonable use of their information for the purposes and in the manner described in this Notice, or are otherwise permitted to give us this information on their behalf. Please also ensure that those other people are aware of this notice and that the provisions of this notice are clearly communicated to them.
Collection of your personal information
Information You give to us when You use our services. If You use our services You will need to provide certain information including Your name, address and card number, as well as the name and other details of the recipients of the money transfers that you instruct us to carry out. This information must be complete and accurate, and if not we may have to take additional steps to complete the transaction.
Information you provide when you apply for credit, including details about your income, employment, and financial obligations.
Other information You give to us. This is information about You that You give us by filling in forms on our website (for example, the ‘contact us’ section) or when you communicate with us by phone, e-mail or otherwise. It includes, for example, information You provide when You register on the website for us to contact You, when You inquire about any of our Services, when You sign up to receive notifications, and when You report a problem with our website. The information You give us may include, among other data, Your name and email address. We may also record our telephone conversation with you for training and monitoring purposes.
From other members of the ZEPZ companies. We may collect information about You from Sendwave, our affiliates and other companies in the ZEPZ companies.
Social Media. Depending on Your settings or the privacy policies for social media and messaging services such as Facebook, LinkedIn and Instagram, You might give us permission to access information from those accounts or services.
Other Sources. We may receive information about You from other sources, including publicly available databases and combine this data with information we already have about You. This helps us to update, expand and analyse our records and provide services that may be of interest to You.
Other information we collect about You. Like most websites, we use "cookies" and "SDKs" to help us make our site – and the way You use it – better. Cookies mean that a website will remember You. They are small text files that websites transfer to Your computer (or phone / tablet). They improve website use and speed – for example by automatically filling Your name and address in text fields. Please see Cookies and Similar Technology section for further information.
Log Files. In addition, with regard to each of Your visits to our site, we will automatically collect certain information (for example, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data). We may combine this automatically- collected log information with other information we collect about You.
Social Media Widgets. Our website includes Social Media Widgets or Features, such as the Facebook Like button and X (formerly Twitter) button which are interactive mini-programs that run on our site to provide specific services from another company (e.g. displaying the news, opinions, music, etc). Personal information, such as Your email address, may be collected through the Widget. Cookies may also be set by the Widget to enable it to function properly. Information collected by this Widget is governed by the privacy Notice of the company that created it.
Mobile App. When You download our Mobile App, in addition to the information mentioned above we:
automatically collect information on the type of device You use, operating system version, and system and performance information. We may send You push notifications from time-to-time in order to update You about events or promotions that we may be running. If You no longer wish to receive these types of communications, You may turn them off at the device level. To ensure You receive proper notifications, we will need to collect certain information about Your device such as operating system and user identification information; and
may use mobile analytics software to allow us to better understand the functionality of our Mobile Software on Your device. This software may record information such as how often You use the Mobile App, the events that occur within it, aggregated usage, performance data, and where the Mobile App was downloaded from. We do not link the information we store within the analytics software to any personal information You submit within the Mobile App.
Use of Your Personal Information
Our primary purpose in collecting user information is to provide You with a safe, smooth, efficient, and customised experience and to provide the services You have requested from us. We may also use the information that You have provided to ensure that the content on our site is presented in the most effective manner for You and Your computer or device.
We use Your information for the following specific purposes:
to carry out our obligations arising from any contracts entered into between You and us or from applicable law such as anti-money laundering laws, and to provide You with the Services in accordance with our terms and conditions and with this Notice;
to register You with a WorldRemit or Sendwave account;
to fulfil Your Transaction / (Airtime Top Up) Request;
to send You confirmations or other notifications;
to notify You about temporary or permanent changes to our services or other service-related messages;
to assist you where online applications are not completed;
with your permission, we may use your information to conduct credit checks if you apply for our credit products;
to prevent fraud, money laundering, and any other illegal activity;
to ensure that content from our site is presented in the most effective manner for You and for Your computer;
to promote our business;
to send You Marketing communications, where You have shown interest; or purchased Our services and in the course of doing so You provided your contact details and You have not opted out from receiving marketing communications.
to administer our site and for internal operations, including troubleshooting, data analysis, profiling and segmentation analysis, testing, research, statistical and survey purposes;
as part of our efforts to keep our site, Mobile App and our services safe and secure;
to measure or understand the effectiveness of advertising we serve to You and others, and to deliver relevant advertising to You;
to make suggestions and recommendations to You and other users of our site about services that may interest You or them;
to train, monitor and assess the effectiveness of the manner in which we provide the Services to You;
to consider and investigate any concerns or complaints you may have; and
to display personal testimonials of satisfied customers on our website in addition to other endorsements, where You have agreed with a third-party review site that we may do so. If You wish to update or delete Your testimonial, contact us at dataprivacy@zepz.io.
Processing of Biometric Information
Purposes, Disclosure and Retention
We utilise facial recognition technology to authenticate your identity. This involves analysing facial features from the images and videos you submit to verify they match your identification documents (“biometric information”). We also utilise this data to perform "liveness checks," ensuring the physical presence of a genuine user and detecting document tampering.
This biometric processing is essential for onboarding users in certain jurisdictions and maintaining account security (e.g., during account recovery or device pairing). As a digital service provider, the data processing is necessary for our verification services, requiring your explicit consent. The biometric data is processed either directly by us (stored on our secure infrastructure) or by authorised third-party verification agents. By consenting to such processing you acknowledge that if a third party is used, you have reviewed and accepted the relevant policies of our partners.
Disclosure
Zepz companies strictly prohibits the sale, leasing, or trading of biometric data. We do not disclose this information to external parties except where mandated by law, subpoena, or valid warrant.
Retention
We retain biometric data only for the duration required to fulfill the collection purpose or to comply with statutory retention periods.
Your Rights
You have the right to withdraw your consent for the processing of your biometric information at any time. You may also request access, correction, or deletion of your Biometric Information by contacting us at dataprivacy@zepz.io. Please note that withdrawing consent may affect your ability to use or access certain features of your WorldRemit or Sendwave account.
Consent Acknowledgment
By providing your selfie, video recording, or government-issued identification, you confirm that you have read and understood the relevant sections of this Privacy Notice and you voluntarily consent to the collection, use, processing, and storage of your Biometric Information as described.
Legal basis for processing your personal information
We only use your personal information for a specific purpose, and before we do so, we must have a legal reason. For example, when it is necessary for us to perform a contract with you for our services, for our legitimate interest, or where you have given us your consent, or to fulfil our legal obligations. These are all known as the “legal basis for processing”.
Processing activity | Description |
|---|---|
Processing is necessary for the performance of a contract, or to take steps prior to entering into a contract with us.
| Deliver our products and provide you with our services such as conducting money transfers, payment services, and mobile phone top-ups. This may include “know your client” checks and verifying your identity may include facial scan data extracted from any photo or video you submit (known as ‘biometric information” and confirming your financial details. Notifying you with any changes to our Services, Apps or our site or changes to our terms or Notice. Enable third parties to perform technical, logistical or other functions for us. Respond and resolve any complaints you may have. |
Processing is necessary for our legitimate interests (to the extent that such legitimate interests are not overridden by your interests).
| To fulfil our regulatory and compliance obligations; providing our Sites, our Apps, or our services to you; Establishing, exercising, protecting or defending our legal rights and business interests; Contacting you to facilitate or progress your use of our Services including any problems you may have in completing your transaction, subject always to compliance with applicable law; Managing and operating the financial and commercial affairs of our business; To promote and conduct our business; To personalise your experience of our Services; Conducting surveys, satisfaction reports and market research; To develop new services and products, and inform you of any new products and services that may interest you: When you register on our site and our App, we use the contact details that you provide on registration to send you Marketing on email, SMS and push notifications on our App EXCEPT YOU OPT OUT; To contact you with targeted Marketing about our Services on third-party online platforms or websites, including adverts we send or display to you on Google, Facebook etc; and Analyse the effectiveness of our Marketing campaigns. Managing and maintaining our communications and IT systems; Detecting and protecting against: fraud; money laundering, criminal activity; illicit use of our Services; breaches of our policies and applicable laws; Recruitment activities and handling job applications; Security: physical security of our premises (including records of visits to our premises); CCTV recordings; and electronic security (including login records and access details). |
The processing is necessary for compliance with a legal or compliance obligation.
| Health and safety: health and safety assessments and record keeping; providing a safe and secure environment at our premises; and compliance with related legal obligations. Maintenance of records to comply with legal, audit, regulatory and tax requirements; To investigate fraud, money laundering, terrorist financing and any other illegal activity; To comply with legal and regulatory duties related to anti-money laundering terrorist financing; detection, prevention and prosecution of fraud (in some cases this may include collecting biometric data, for example, if you change the phone number linked to your account or to recover access to your account) and theft and preventing illicit use of our Services or any other illegal or wrongful activity. To comply with Data Protection legislation and any other applicable law; To comply with court orders, disclosures to law enforcement or tax agencies; requests from the Data Protection Authorities, the Financial Conduct Authority or other governmental or regulatory agency with supervisory authority over us. |
We have obtained your prior consent to the processing. | Where we are required to collect consent by law we will seek Your conset to use image recognition software to verify your identity and documentation when opening or operating an account. This process may also include using that technology to scan and copy information from the documents you provide. With your consent, we may send Marketing and promotional communications by email, SMS and push notifications (depending on your choice of contact. For more information, please see the Direct Marketing section of this Notice. We may send targeted Marketing about our services on third-party online services such as Google, Instagram and Facebook and other if we believe that you are likely to be interested in using our services based on your profile. Your consent to receive targeted adverts would have been obtained by these third parties on our behalf. Surveys: engaging with you for the purposes of obtaining your views on our Sites, our Apps, or our services. |
Sharing Your Personal Information
Your personal information is very important to us. However, there are circumstances where it is necessary for us to share your information for legitimate business purposes (including operating our site and our Mobile App, and providing services to you), in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and professional secrecy. In addition, we may disclose your personal information to:
Our affiliates - we share your information with our affiliates and other companies within the WorldRemit group of companies;
for our internal business, operational, management and service needs;
for compliance, regulatory and audit activity and in connection with legal, regulatory and tax claims and investigations;
to understand and support our customers and other individuals who use our services, apps and visit our sites; and to send Marketing communications.
Third-party processors, which include organisations or individuals with whom we do business or who provide services to us. We may disclose your personal information to respond to legal requirements (for example, as part of our “Know Your Customer” and due diligence obligations), enforce our policies, liaise with judicial or regulatory authorities where required under applicable law, understand the nature of the transaction You have made, provide our services, and to protect our rights and property. If we engage a third-party processor to process your information, the Processor will be subject to binding contractual obligations to: only use the personal information in accordance with our prior written instructions; and use measures to protect the confidentiality and security of the personal information, together with any additional requirements. Processors may include:
Credit reference agencies or other service providers to verify Your identity or the identity of recipients of the money transferred through our services, to run credit checks if you apply (or tell us you want to apply) for a credit product through ZEPZ, or for any other purpose related to providing our services;
Professional advisers, such as our auditors and lawyers;
Companies that capture or analyse information to help us understand how our services, sites and Mobile Apps are used and perform or to tailor our services and promotions, including for the purpose of allowing us to improve the services we provide;
Companies that provide us with marketing assistance, including: the management of email marketing operations, SMS and other services that deploy marketing on the internet or social media platforms (such as Facebook and Google); the running of surveys and other feedback activity; and analysis of the effectiveness of any marketing or customer engagement we do.
Banks, payment card processors and other service providers that process bank transfers, credit and debit card payments or otherwise provide financial infrastructure services to enable us to provide our services;
Our service providers, including those who provide data hosting services, fraud prevention services, technology services, and technology tools that allow us to monitor, test and improve our services, sites and Mobile Apps;
Companies that we have instructed to provide services to or for us for those purposes that may be reasonably ascertained from the circumstances in which the information was submitted;
Other business entities should we plan to merge with, or be acquired by, or be invested in by that business entity, or if we undergo a corporate reorganisation; and
Any successor in business to us.
Fraud Prevention Agencies - Where we have a good reason to suspect fraud, money laundering, counter terrorist financing or any other illegal activity, we can, upon request or where legally obliged, share your personal information with crime prevention agencies and other third parties for the purpose of detecting, preventing or reporting crime or for actual or suspected breach of any applicable law or regulation. These third parties may include business partners and companies that provide services to us, law enforcement bodies, regulatory and supervisory authorities,and providers of fraud prevention and detection services.
Please note that we may suspend activity on your account or any transaction, refuse access to your account, or cancel any transaction you wish to make if we believe there is a risk of illegal activity.
Public Agencies - We release accounts or other personal information when we consider it appropriate to comply with the law, to enforce our Terms and Conditions and any other agreement, to protect the rights, property, or safety of ZEPZ, our employees, customers, our business partners and the public. In these circumstances, we will only provide them with the information they require to perform their function.
Facebook Ireland - We may share with Facebook actions that you take on our websit,e such as your visits to our website, your interactions on our website, use of Facebook Connect and information collected from cookies or similar technologies, including Facebook Pixel. This allows us to measure the effectiveness of our advertising, improve our marketing practices, and help us deliver more relevant advertising to you and people like you (including on social media such as Facebook). ZEPZ is a Joint Data Controller with Facebook Ireland for this processing. This arrangement means that ZEPZ has to provide you with this notice, but you should contact Facebook if you wish to exercise your data protection rights. Further information, including how Facebook enables you to exercise your data protection rights, and subsequently processes your information as an independent data controller, can be found in Facebook Data Policy. If you would like to know more, please contact us using the details below.
Google- We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Sites and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online services. You can learn about Google’s practices by going to google.com/policies/privacy/partners, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.
Research companies - We may share personal information in a secure way to allow research companies and feedback providers to contact you directly on our behalf to get your opinions on or refuse to take part in the research or surveys.
Links to Other Sites
Our sites may contain links to other websites, including via our social media buttons. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites and a link does not constitute an endorsement of that website. Once You link to another website from our site You are subject to the terms and conditions of that website, including, but not limited to, its internet privacy policy and practices. Please check these policies before You submit any data to these websites.
International Transfer of Your Personal Information
Due to the international nature of our business, we may transfer the personal information we collect to countries outside your jurisdiction which do not provide the same level of data protection as the country in which you reside. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information.
Security of Your Personal Information
We have implemented appropriate technical and organisational security measures designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.
Unfortunately, the transmission of information via the internet (including by email) is not completely secure. Although we will do our best to protect Your personal information, we cannot guarantee the security of Your data transmitted to our site; and any transmission is at Your own risk. Once we have received Your information, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting your own information
It is important to keep your password secure to prevent fraudulent use of your account. Do not disclose your password to anyone else and especially anyone who requests it from you by telephone or email. ZEPZ will never ask you to provide your password or personal information via email. Please be aware of the following:
Change your password regularly and avoid using the same password on other websites to prevent hackers from access to your account;
Avoid simple passwords that can easily be guessed;
Be aware that public WiFi networks are risky and hackers may capture your online transactions and personal information. Only connect to a network you can trust;
If you use a shared computer, make sure you log out immediately after you have finished using the website; and
Beware of ‘phishing’, where criminals may attempt to steal your information by sending you bogus emails.
Retention of Personal Information
We take every reasonable step to ensure that your personal information is only retained for as long as it is required for the purposes set out in this Notice. Therefore, we will only keep the information we collect about You for as long as required for the purposes set out above, or as required to comply with any legal or regulatory obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.
In addition, after you have ceased to be a Customer, we may take steps to delete your personal information or hold it in a form which no longer identifies you (for example, we may still use your data in an anonymised format for research and other business purposes).
The period for which we will retain information about You will vary depending on the type of information and the purposes that we use it for. In general, unless applicable law requires a longer retention period, we will keep our records for as long as you are our Customer and for 6 years after the end of your relationship with us.
For more details of the retention periods we apply to your personal information, please contact dataprivacy@zepz.io.
Direct Marketing
We may use the contact details You provided to send you marketing communications by email, telephone, direct mail or other communication formats about similar products or services where permitted by applicable law (unless you have opted out).
Opting Out of Direct Marketing
If you have a WorldRemit or Sendwave account, you can opt out of receiving marketing communications by modifying your email or SMS subscriptions by clicking on the unsubscribe link or following the opt-out message included in the communication.
Alternatively, simply send an email to dataprivacy@zepz.io with “URGENT - UNSUBSCRIBE REQUEST” in the subject line and the email address that you wish to be removed within the email. Please note that if you request we stop sending you marketing messages or unsubscribe, we may continue to send you service and administrative communications, such as transfer updates and other important information related to your transaction.
Cookies and Similar Technologies
When you visit our website or use a Mobile App, we may place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We may use your personal information through Cookies and similar technologies, in accordance with our Cookie Notice Sendwave and Cookie Notice WorldRemit.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, except if: (i) the automated decision-making is required or authorised by law; (ii) it is necessary for entering into or performing the contract; or (iii) is based on your individual explicit written consent. We use an automated decision-making process, powered by an AI solution, to safeguard you and our business from financial crime. This automated system guarantees security and compliance, allowing us to respond quickly to potential risks while fulfilling our legal and regulatory obligations.
How We Use Automated Decision-Making:
Anti-Money Laundering & Sanctions Checks: We screen transactions and customer information to comply with legal obligations and prevent financial crime.
Identity & Address Verification: This process confirms your identity and address to prevent fraud and ensure account security.
Fraud Prevention & Account Monitoring: Our system continuously monitors your account for unusual activity to protect you from becoming a victim of fraud.
Determining credit eligibility: If you apply, we assess your eligibility for a credit product, check your affordability, set credit limits and accept your credit application.
Account Management: We use this process to determine if an account is dormant for internal account management purposes.
The legal basis we rely on to process the data is one or more of the following:
Managing your contracts and agreements;
Legal obligations;
Legitimate interests of the data controller to prevent financial crime and meet our legal obligations;
Your consent (where required by law to collect your consent).
Your Rights Regarding Automated Decision Making
You have the right to request a review of any automated decision if you believe it was made in error.
You may ask us not to make decisions about you that are based solely on automated processing. If you do this, you may not be offered some products or services that we might otherwise have offered to you.
For more details about your rights and how we manage your data, please see the “Your Rights” section of this Privacy Notice.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including:
the right not to provide your personal information to us (however, please note that we may be unable to provide you with the full benefit of our site, our Mobile App, or our services, if you do not provide us with your personal information);
the right to request access to your personal information, together with information regarding the nature, Processing and disclosure of those personal information;
the right to request for the correction of any inaccuracies in your personal information;
the right to request for the erasure of your personal information. This is also known as the right to be forgotten. We will keep a note of your name if you ask for your personal information to be erased;
the right that we restrict our use of your personal information;
the right to object to our use of your personal information. Wherever we use legitimate interest as the ground for processing your personal information you can object to our use of it;
the right to have certain personal information transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
where we use your personal information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal information in reliance upon any other available legal basis); and
the right to lodge complaints with a Data Protection Authority regarding the use of your personal information by us or on our behalf.
We may require proof of your identity before we can give effect to these rights. You should also be aware that some of these rights are qualified and not absolute; therefore exemptions or limitations may apply. For example, we can refuse to provide information if fulfilling your request would reveal the personal information about another person, or if you request that we delete information which we are required to retain by law, have compelling legitimate interests to keep, or need access to fulfil our legal obligations.
The quickest and easiest way to make a data subject request is to contact us directly to exercise your rights by emailing dataprivacy@zepz.io. We will endeavour to respond within a reasonable period and in any event within one month (three months for complex or numerous requests), in compliance with Data Protection Legislation.
We reserve the right to charge a reasonable fee (reflecting the costs of providing the information) or to refuse to respond where requests are manifestly unfounded or excessive: in this case, we will explain the situation to You and we will inform You about Your rights.
Identity Verification
We will only process your data subject rights request where we are satisfied that we have successfully verified your identity, and you are the one asking for your personal data to be processed. We will not process personal data where we are in doubt of the identity of the requester. You may be asked to prove your identity when making a data subject request.
Requests made by third parties
In line with our privacy practices and to protect your rights and freedoms, we are unable to process a data subject rights request made by a third party (such as Rightly) where; there is doubt that the third party has the appropriate authority to act on your behalf; and where we are not satisfied adequate evidence has been provided in support of identity verification. We would always aim to ensure that a third party has the appropriate consent or authority to act on your behalf, and most significantly that you are fully aware that the third party has made contact specifically with us, regarding exercising your data subject rights.
Before we can process a data subject rights request made by a third party on your behalf, we require as a minimum from the third party:
a copy of an identity document for you;
evidence of your address; and
a physically signed authority by you; or a verbal authority provided directly to us from you and noted on your account; and if provided electronically the authority is to come directly from your email address that matches our records.
We will not access or process your personal data without being confident we are acting on your specific instructions.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to dataprivacy@zepz.io or you can send it by post addressed to: the Data Protection Officer, WorldRemit Ltd, 51 Eastcheap, London, EC3M 1DT, United Kingdom.
You can also find contact information specific to your region by clicking on the addendum relevant to your jurisdiction.
You may also use these contact details if You wish to make a complaint to us relating to Your privacy. We will investigate your complaint and generally respond to you in writing within 30 days of receipt.
Changes
We may update this Privacy Notice periodically, and any revised statements will be posted on the relevant sites and applications. We encourage you to review this Privacy Notice whenever you visit to ensure you have the most current information.
Definitions
To help clarify our meaning, we have used certain capitalised terms in this Notice. These terms and their meaning are:
Term | Definition |
|---|---|
“Data Protection Legislation” | depending on your country of residence, means the United Kingdom General Data Protection Regulations as tailored by the Data Protection Act 2018, the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (the “Belgian Data Protection Law”), Canada Personal Information Protection and Electronic Documents Act 2000, US Gramm-Leach-Bliley Act of 1999, the CAN-SPAM Act of 2003, and such applicable legislation relating to consumer privacy as may exist in your State or Territory of residence such as the California Privacy Rights Act 2020 and other applicable legislation relating to privacy or data protection applicable in country of your residence. |
“Marketing” | means any action or advertisement or promotion or marketing material, like surveys, vouchers, research and events. This list is not exhaustive. |
“Services” | Means WorldRemit Money Transfer Service, WorldRemit Digital Money Account, Airtime Top Up, Borderless Cards, Sendwave Universal Wallet; and such other services or products that we may introduce from time to time. |
Jurisdictions
United Kingdom
Who we are
In the United Kingdom we operate as WorldRemit UK Limited part of the WorldRemit Group. You may know us by our brands WorldRemit and Sendwave.
Data Protection Laws
We are bound by the UK General Data Protection Regulations as tailored by the Data Protection Act 2018 (the “Act”), the Data (Use and Access) Act 2025 (DUAA), Privacy and Electronic Communications Regulations, and all other applicable legislation relating to privacy or data protection which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are a resident of the United Kingdom, this notice applies to you and supplements the main Privacy Notice.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to dataprivacy@zepz.io or you can send it by post addressed to: the Data Protection Officer, WorldRemit Ltd, 51 Eastcheap, London, EC3M 1DT, United Kingdom.
You may also use these contact details if You wish to make a complaint to us relating to Your privacy.
If You have any concerns about our use of Your information, You also have the right to make a complaint to:
The Information Commissioner's Office, which regulates and supervises the use of personal data in the United Kingdom, via their helpline on 0303 123 1113.
European Union & EEA
Who we are
In the European Union and EEA, we operate as WorldRemit Belgium SA and Sendwave SA, part of the WorldRemit Group. You will know us by our brands, WorldRemit and Sendwave.
Data Protection Laws
We are bound by the General Data Protection Regulations (the “GDPR”) and the ePrivacy Directive (Privacy and Electronic Communications Directive 2002/58/EC) and all other applicable legislation relating to privacy or data protection which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are a resident of the European Union or the EEA, this notice applies to you and supplements the main Privacy Notice.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to dataprivacy@zepz.io or you can send it by post addressed to: the Data Protection Officer, WorldRemit Belgium SA, 8 Place Marcel Broodthaers, 1060 Saint-Gilles, Belgium.
You may also use these contact details if You wish to make a complaint to us relating to Your privacy.
If You have any concerns about our use of Your information, You also have the right to make a complaint to:
the Belgian Data Protection Authority, which regulates and supervises the use of personal data in Belgium, via their helpline on +32 (0)2 274 48 00 or by e-mail to contact@apd-gba.be or
if you are based in a different EU or EFTA country, the national data protection supervisory authority in such country (a list can be found at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).
United States
U.S. Customer Privacy Notice - Financial Institution
Facts | WHAT DOES ZEPZ DO WITH YOUR PERSONAL INFORMATION? |
|---|---|
Why? | Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
What? | The types of personal information we collect and share depend on the product or service you have with us. This information can include: - Social Security number and income; - account balances and payment history; - credit history and credit scores. |
How? | All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons ZEPZ chooses to share; and whether you can limit this sharing. |
Reasons we can share your personal information | Does ZEPZ share? | Can you limit this sharing? |
|---|---|---|
For our everyday business purposes— such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or reports to credit bureaus | Yes | No |
For our marketing purposes, we offer our products and services to you | Yes | Yes |
For joint marketing with other financial companies | Yes | No |
For our affiliates’ everyday business purposes—information about your transactions and experiences | Yes | No |
For our affiliates’ everyday business purposes—information about your creditworthiness | Yes | Yes |
For our affiliates to market to you | Yes | Yes |
For nonaffiliates to market to you | Yes | Yes |
To limit our sharing | Call: 1-855-383-7579 Email: dataprivacy@zepz.io Please note: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing. |
Questions? | Call 1-855-383-7579 or go to www.worldremit.com or sendwave.com |
Who is providing this notice? | WorldRemit Corp; 600 17th Street, Suite 200S, Denver CO, 80202 |
What we do | |
|---|---|
How does ZEPZ protect my personal information? | To protect your personal information from unauthorised access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. |
How does ZEPZ collect my personal information? | We collect your personal information, for example: When you open an account send or receive money Register with us or submit information to us, our Agents or other third parties on applications, forms, and by other means Give us your contact information Show your government-issued ID or driver’s license Use or visit our or other online sites or mobile applications Enter a promotion, register for email alerts or marketing communications, or join a loyalty program We also collect your personal information from companies, government agencies, and consumer reporting agencies. |
Why can’t I limit all sharing? | Federal law gives you the right to limit only: Sharing for affiliates’ everyday business purposes — information about your creditworthiness using your information to market to you Sharing for non-affiliates to market to you State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law. |
What happens when I limit sharing for an account I hold jointly with someone else? | ZEPZ does not provide individual or joint accounts. |
Definitions | |
|---|---|
Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies. |
Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies. |
Joint marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you. |
Other important information | See below for more on your rights under state law. |
Who we are
In the United States, we operate as WorldRemit Corp., part of the WorldRemit Group, and you know us by our brands WorldRemit and Sendwave.
Data Protection Laws
We are bound in the USA by the Gramm-Leach-Bliley Act of 1999 and the CAN-SPAM Act of 2003. Consumers residing in California have some additional rights with respect to their personal information under the California Consumer Privacy Act 2018, as amended by the California Privacy Rights Act 2020 (“CCPA”). The Consumer Data Protection Act (“CDPA”), the Colorado Privacy Act (CPA), and the Texas Data Privacy and Security Act (TDPSA) provide consumers residing in these States with additional privacy rights, as outlined below.
Notice of Collection
If you are a resident of the United States, this notice applies to you and supplements the main Privacy Notice.
Categories of Personal Information Collected
In the preceding 12 months, we have collected the categories of personal information listed below. For more details about the data points we collect, please see the “The personal information we collect about you” section in our main privacy Notice.
Identifiers - For example, name, postal address, email address, unique personal identifier, Internet Protocol addresses, social security number, driver’s licence number, passport number or other similar identifiers.
Personal information categories from Cal. Civ. Code § 1798.80(e) - For example: a name, social security number, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number or other financial information.
Commercial Information - For example, records of your transactions, or other money transfer or remittance histories.
Internet or other similar network activity - For example, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Data - For example, inferences drawn from personal information can be used to create a profile about a consumer that reflects the consumer’s preferences and characteristics.
Sensitive Personal Information.
We may collect:
Your personal identification number, which includes your social security number, driving license, passport or state identification card; and
Your geolocation data.
Your image in photo or video form: we collect facial scan data extracted from your photo or video (known as ‘biometric data’). For more information please see Processing Biometric Data secition under the main Privacy Notice.
We use this information for purposes that are reasonably necessary to provide our Services as expected by an average consumer; helping to ensure security and integrity; to perform services on behalf of Our business, which includes Our maintenance or servicing of Your account, providing customer service, processing orders and fulfilling transactions, verifying customer information, processing payments, providing financing, analytic services, storage, or similar services on behalf of the business; and undertaking activities to verify or maintain or improve the quality of our service. Under the CCPA, you are unable to restrict our use and sharing of your sensitive personal information.
Categories of Third Parties
In the 12 months prior to the effective date of the Privacy Statement, ZEPZ may have shared your Personal Information with the following Categories of Third Parties listed below. For more details on our data sharing, please see the “Sharing your personal information” section in our main privacy Notice:
Government entities: government entities, including law enforcement agencies;
Professional services organisations: professional services organisations, such as law firms and independent auditors;
Advertising and social networks: advertising and social networks (who may combine your personal information with their own records, and records available from other sources, for their own marketing purposes);
Internet service providers;
Payment processors and payout partners;
Help desk service providers;
Financial, accounting and Legal services providers;
Data analytics providers and other aggregators;
Operating systems and platforms; and
Our affiliates, subsidiaries and members of the WorldRemit Group.
Business or Commercial purposes for using your personal information
All the categories of personal information we collect about you (as detailed above) are used for the following purposes below. For more details on our use of your personal information, please see the “How we use your personal information” section in our main privacy Notice:
Providing our services (money transfers, account servicing and maintenance, customer services, advertising and marketing, analytics and communication about our services).
For our operational purposes, and the operational purposes of our service providers and integration partners.
Improving our existing services and developing new services.
Prevention, detection, protection and prosecution of security incidents, illicit or fraud-related activity.
Bug prevention, error reporting, and activities to maintain the quality or safety of our services.
Auditing consumer interactions on our site.
Short-term use, such as customising the content of our website.
Our legitimate interests in promoting our business.
To send you marketing information about products and services from WorldRemit and Sendwave.
Any other use that we will inform you about.
Notice of Financial Incentives
We may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive, price or service difference related to the collection and use of personal information is based upon our reasonable, good-faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realised by rewarding brand loyalty. We calculate the value of the offer and financial incentive by using the expenses related to the offer.
Examples of our programs may include
Surveys;
Limited-Time Promotions; and
One-Time Promotions.
Participation in our promotional programs is always optional, and you can terminate program participation at any time, as explained in the applicable program terms.
Sale and sharing of your personal information
Some sharing of personal information (like your name, email address, etc.) may be considered a "sale" under the CCPA and CDPA. We don’t sell your personal information for money, although we may allow certain third parties to use that information for purposes that may not directly benefit ZEPZ. We will not share information we collect about you with companies outside of our corporate family except as permitted by law.
In California, ZEPZ engages in cross-context behavioural advertising through cookies, SDKs and similar technologies, as a result, we may share your personal information with third parties (subject always to obtaining your consent through our Preference and Consent Management banner). For more information on how to opt out or restrict this sharing, please see Cookies and Similar Technologies in the section above.
In Virginia, we may engage in "targeted advertising", as these terms are defined under Virginia law. You have the right to opt out of sales or targeted advertising as described in the CDPA.
Your Rights
California Residents
As a California resident, and subject to exceptions, you may also exercise any of the following rights:
Access to your personal information, together with information regarding the nature, processing and disclosure of personal information. However, we may withhold some information where the risk to you, your personal information, a third party, or our business is too great to disclose the information.
Correction of your personal information that we hold.
Deletion of your personal information. This is also known as the right to be forgotten. You should also be aware that this right is qualified and not absolute. Therefore in some cases, we may refuse to delete your personal information. For example, if we need it to comply with a legal obligation, for internal purposes, to defend or establish a legal claim, and to complete the transaction for which we collected your personal information, to name a few.
Restriction of our use of your personal information.
Transfer of your personal information to another party.
Right not to receive any discriminatory treatment from the ZEPZ Group for exercising any of your privacy rights. Please note this is a passive right so you cannot exercise it.
Virginia Residents
Residents of Virginia, subject to exceptions, may also exercise the same rights described above. For example, the rights of access and deletion.
How to exercise your privacy rights
To exercise your rights, please submit a verifiable consumer request to us by sending an email to dataprivacy@zepz.io, or you can call us at 1-855-383-7579. You may make a verifiable consumer request for access, deletion and portability twice within a 12-month period. We will only process your request where we are satisfied that we have successfully verified your identity. We will deal with your request within 45 days. We can extend this period by an additional 45 days if reasonably necessary. We shall notify you if we extend this period.
Contact us
WorldRemit Corp; 600 17th Street, Suite 200S, Denver CO, 80202
Questions, comments and requests regarding your personal information and our Privacy Notice are welcome and should be sent to dataprivacy@zepz.io or you can call us at 1-855-383-7579.
You may also use these contact details if you wish to make a complaint to us relating to your privacy. If you have any concerns about our use of Your information, You can make a complaint to the Attorney General of your State or Territory of residence, or to our regulator in your State or Territory of residence. You can find a list of regulators and their contact information and instructions here: https://www.worldremit.com/en/faq/file-a-complaint-us.
Canada
Who we are
In Canada, we operate as WorldRemit Inc, WorldRemit Central Inc., Sendwave Canada Inc, part of the WorldRemit Group and you know us by our brands WorldRemit and Sendwave.
Data Protection Laws
We are bound iby the Personal Information Protection and Electronic Documents Act 2000 (the 'Act') which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are a Canadian resident, this notice applies to you and supplements the main Privacy Notice.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including the right to lodge complaints with the Office of the Privacy Commissioner of Canada regarding the use of your personal information by us or on our behalf. Writing to: The Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec, K1A 1H3 Canada. Telephone: 1-800-282-1376 (Toll-free).
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to Email:dataprivacy@zepz.io or you can send it by post addressed to: the Privacy Officer, WorldRemit Inc. 2 Bloor Street, W Suite 700, Toronto, ON, M4W 3E2, Canada. Telephone: +1 833 596 0890.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
Australia
Who we are
In Australia we operate as WorldRemit Pty Ltd. part of the WorldRemit Group. You will know us by our brands, WorldRemit and Sendwave.
Data Protection Laws
We are bound by the Privacy Act 1998 (the 'Act') and the Spam Act 2007 which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are an Australian resident, this notice applies to you and supplements the main Privacy Notice.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including the right to lodge complaints with the Office of the Australian Information Commissioner regarding the use of your personal information by us or on our behalf. Writing to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001. Telephone: 1300 363 992.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to Email:dataprivacy@zepz.io or you can send it by post addressed to: the Privacy Officer, WorldRemit Pty Ltd, Level 9, 64 York Street, Sydney NSW 2000. Telephone: +61 (02) 6145 161.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
New Zealand
Who we are
In New Zealand we operate as as WorldRemit (New Zealand) Limited, part of the WorldRemit Group. You will know us by our brands, WorldRemit and Sendwave.
Data Protection Laws
We are bound by the Privacy Act 1998 (the 'Act'), which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are New Zealand resident, this notice applies to you and supplements the main Privacy Notice.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including the right to lodge complaints with the Office of the Privacy Commissioner regarding the use of your personal information by us or on our behalf. Writing to: PO Box 10 094, The Terrace, Wellington 6143. Telephone: 0800 803 909.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to Email: dataprivacy@zepz.io or you can send it by post addressed to: the Privacy Officer, WorldRemit (New Zealand) Limited, BDO, Level 4, 4 Graham Street, Auckland 1140, New Zealand. Telephone: +64 800 995 011.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
Japan
Who we are
In Japan we operate as WorldRemit Limited, part of the WorldRemit Group. You will know us by our brands WorldRemit and Sendwave.
Data Protection Laws
We are bound by the Personal Information Protection Law of 2021 (“the Privacy Law"),which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are a Japanese resident, this notice applies to you and supplements the main Privacy Notice.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including the right to lodge complaints with the Personal Information Protection Commission regarding the use of your personal information by us or on our behalf. Writing to: Kasumigaseki Common Gate West Tower, 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-Ku, Tokyo, 100-10013, Japan. Telephone: +81-(0)3-6457-9680.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to Email: dataprivacy@zepz.io or you can send it by post addressed to: Data Protection Officer, 12th Floor, Ark Mori Building, 12-32, Akasaka 1-chome, Minatoku, Tokyo.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
Malaysia
Who we are
In Malaysia we operate as WorldRemit (Malaysia) Sdn. Bhd, part of the WorldRemit Group. You will know us by our brands WorldRemit and Sendwave.
Data Protection Laws
We are bound by the Personal Data Protection Act 2010 (the 'Act'), as amended by the Personal Data Protection (Amendment) Act 2024 ( the PDP Act), which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are Malaysian resident, this notice applies to you and supplements the main Privacy Notice.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including the right to lodge complaints.
Contact us
Questions, comments and requests regarding your personal information and our Notice are welcome and should be sent to dataprivacy@zepz.io or you can send it by post addressed to:
WorldRemit (Malaysia) Sdn. Bhd, L-2-1 Avenue Business Centre, Block L, Plaza Damas, No. 60, Jalan Sri Hartamas 1, 50480, Kuala Lumpur, Malaysia.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
South Africa
Who we are
In South Africa we oprate as WorldRemit South Africa (Pty) Ltd, part of the WorldRemit Group. You will know us by our brands, WorldRemit and Sendwave.
Data Protection Laws
We are bound by the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA'), Commencement of Section 1, Part A of Chapter 5 and Sections 112 and 113 of POPIA (April 2014), and Regulations Relating to the Protection of Personal Information (2018) ('the Regulations') which requires us to protect your information and inform you about how we handle your personal information.
Notice of Collection
If you are a South African resident, this notice applies to you and supplements the main Privacy Notice.
Your Right
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including the right to lodge complaints with the Information Regulator regarding the use of your personal information by us or on our behalf, by writing to: P.O. Box 31533, Braamfontein, Johannesburg 2017.
Email: POPIAComplaints.IR@justice.gov.za
Contact us
Questions, comments and requests regarding your personal information and our Policy are welcome and should be sent to dataprivacy@zepz.io, or you can send them by post addressed to the following: the Information Officer, WorldRemit South Africa (Pty) Ltd 35 Fricker Road, Illovo, Sandton, Gauteng, 2196.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
Costa Rica
Een snelle en veilige manier om onderweg geld te verzenden
Download gratis onze app om binnen enkele minuten online geld te verzenden naar meer dan 130 andere landen. Volg uw betalingen en bekijk uw transactiegeschiedenis vanaf elke locatie.
