Last updated November 2022
Dahabshiil Transfer Services Ltd. ("Dahabshiil", "we", "us", "our") respects your privacy and is committed to protecting your personal data.
We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information
The data controller and how to contact us
Dahabshiil is the data controller for the data processing activities covered in this Notice. We can be contacted at our registered office address: 118 Cavell Street, London, E1 2JA.
We are registered with the Information Commissioners Office https://ico.org.uk/ registration number Z7235805.
If you have any questions about this Privacy Notice or how we use your personal data, please contact our DPO by using our email address DPO@dahabshiil.co.uk.
What data we collect
We collect personal data from and about you on our website at www.dahabshiil.co.uk ,when you use our online money transfer services (“eDahab”) available through www.dahabonline.co.uk, our app(s) or social network pages or when you provide personal data to our money transfer agents or representatives to input into our global remittance software system (“DMTS”) or otherwise interact with us either over the phone, by email or in person.
Visitors to our website at www.dahabshiil.co.uk
When visiting our website, we collect the following information about you:
- Name and contact details (such as address, email and telephone number) and details of your queries to us including your “TTNO” reference (for money transfer tracking purposes); and
Information about your visit to our website such the internet protocol (IP) address of the device you are using, login data, browser type and version, time zone setting and location, browser plug- in types and versions, operating system and platform and other technology on the devices you use to access our website(s) and clickstream to, through and from our site (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse- overs) and methods used to browse away from the page ("Automatically Collected Information").
Registered users of our money transfer services (eDahab and in stores)
When using our money transfer services, we collect, record and use personal data about you in physical and electronic form. This includes:
- Name and contact details (such as address, email and telephone number);
- User name and password (online only)
- Proof of identity (e.g. Passport/driving licence/biometric card) (online and instore) and proof of address (e.g. utility bill dated in the last 3 months) (online, instore for certain transactions only);
- Proof of Income (e.g. bank statement) (online and in store for certain transactions only);
- Date of birth;
- Bank details (account number, account holder and card number);
- Information about your money transactions with us (e.g. a unique transaction number);
- Information derived from surveys and questionnaires that you complete;
- Information about your preferences in receiving marketing from us and third parties and your communication preferences; and
- Automatically Collected Information (online only)
Where you provide information about other people (e.g. details of the beneficiaries of your money transfers including their ID, mobile number, bank account or e-payment details), you should ensure that such persons are comfortable with us processing their personal data as described in this Notice before providing their details.
Agents or representatives
In order to be able to market and sell our money transfer services, we collect, record and use information about our agents or representatives and their employees who are authorized to access our systems and provide our money transfer services. This includes:
- Name and contact details (such as address, email and telephone number);
- User name and password;
- Compliance information (including criminal history if any, adverse credit, politically exposed persons and sanctions checks, DBS checks (exceptionally)), all to the extent permitted by law;
- Bank details (account number, account holder and card number); and
- Information about interactions with our systems such as DMTS (e.g. user access logs and other Automatically Collected Information)
How we collect your data
We collect most of the above personal data from you directly such as when you contact us in person, instore or via our website, use our online money transfer platforms, or when we engage you to provide services (agents or representatives). We collect contact, ID details, mobile number and payment details for beneficiaries from the person sending the money transfer.
Information – please see our “Cookie Notice” for more information.
With respect to our customers, agents or representatives (and their authorized employees), we receive information from other sources, including publicly and commercially available databases, county court judgements, politically exposed persons and sanction checks, DBS checks (exceptionally for agents’ and representatives' authorized employees only), public authorities, law enforcement, fraud prevention agencies and credit reference agencies.
Your personal data may be combined from these different sources for the purposes outlined below.
Why we process your data and our lawful basis for doing so
We process your personal data for the following purposes:
Where needed to perform a contract we are about to enter into or have entered into with you. This includes to:
- verify your identity and address and the identity of your beneficiaries;
- process transactions and provide our money transfer services and send service related communications;
- provide customer support including responding to your queries and investigating any complaints about the site, our agents or representatives, and our products and services and resolving disputes about billing or transactions; and
- establish and administer our relationship with our Dahabshiil agents or representatives and their authorized
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes:
- to administer our sites and services, validate and authenticate identity (and other background information you provide) and other fraud detection activities;
- to carry out compliance checks on our agents or representatives and their respective authorized employees (including adverse credit checks) to meet applicable legal, regulatory and compliance requirements;
- to monitor, maintain, develop and improve the performance of our sites, products and services and customer relationships;
- to analyze trends, usage and activities in connection with our products and services;
- to carry out marketing activities (which do not require consent under applicable laws), optimize our marketing efforts and measure the effectiveness of our advertising campaigns and to grow our marketing strategy;
- to ask your opinion and to participate in market research;
- for our own internal functions such as keeping our services safe and secure, (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), management and corporate reporting, internal research and analytics and to improve business efficacies;
- to plan, prepare or put in place any restructuring of our company or our business, including any asset sale or corporate merger, acquisition or take-over;
- to train and maintain training records in respect of our Dahabshiil agents or representatives and their authorized employees;
- to improve and personalize your experience with us and our sites, products and services and to tailor content, communications, advertisements and offers to you;
- to monitor, track and analyse your transactions to prevent, investigate and/or report suspicious transactions, fraud, terrorism, misrepresentation, security incidents or crime in accordance with applicable law;
- to enforce compliance with our terms and other policies or otherwise in connection with legal claims, compliance, regulatory, auditing, investigatory and disciplinary purposes as necessary (including disclosure of such information in connection with a legal process or litigation) or to prevent or detect (or to allow others to prevent or detect) crime;
- to create aggregate and statistical data (which cannot be used to identify you). For example, aggregate data may include data that describes the general demographics, usage or other characteristics of a site's users. We reserve the right to transfer and/or sell aggregate or group data about our users for lawful purposes; and
- to monitor, record, store and use any telephone call, email or other electronic communications with you for training purposes so that we can check any instructions given to us and to improve the quality of our customer
We have carried out the balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details below.
Where we need to comply with a legal or regulatory obligation. This includes:
- to comply with legal and regulatory duties related to anti-tax evasion facilitation, anti- money laundering and counter-terrorist financing; detection, prevention and prosecution of fraud and theft; and
- in response to requests by government, law enforcement authorities or other regulators conducting an
When you have expressly consented to us processing your personal data. This includes:
- where you ask us to send marketing information via a medium where we need your consent under applicable law (for example email or SMS marketing in some countries);
- where you give us consent to place Cookies; and
- on other occasions where we ask for your consent, for the purpose we explain at the
- We rely on the following conditions (under Articles 9 and 10 of the EU/UK GDPR and in the UK Data Protection Act 2018) to process your special category/criminal offence data:
Where you have manifestly made the personal data public.
- Where the processing is necessary for reasons of substantial public interest as defined in the UK Data Protection Act This includes
- Processing of special categories of data/criminal offence data where this is necessary to comply with regulatory requirements which involve taking steps to establish whether another person has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper
If at any time we intend to further process your personal data for a reason not originally communicated, we shall provide you, prior to that processing taking place, any further relevant information on the additional processing.
How long will the data be stored for?
Where possible, we will take steps to erase any personal data that is no longer necessary for the purposes for which it is collected or otherwise processed, or if you have withdrawn consent for its processing and retention. As a general rule, if you currently have a contract or intend to enter into a contract with us, we will store the data for a period of six years after the contract ends, for compliance with our general legal obligations and for the exercise or defence of any legal claims.
Details of retention periods for different aspects of your personal data are available by contacting us using the details below.
Sharing of data with other Data Controllers/Processors
We will share your personal data with the third-parties listed below for the purposes that are described in this PrivacyNotice or otherwise with your consent:
- Our group companies and our agents, representatives or business partners who facilitate the money transfer transaction or specific service you have requested on our behalf;
- Service providers, payments providers, eMoney providers, electronic wallet providers, banking partners and data processors contracted to provide business and customer services including marketing, advertising and customer satisfaction research on our behalf;
- Service providers and data processors contracted to help us validate the accuracy of the information provided by you, and to authenticate identity and address information and manage risks related to security, fraud and identity including background check providers, card authorisation services, politically exposed persons and sanction checks, credit reference and fraud prevention
- Third parties that you have authorized to access your account and/or your account information in order to perform services for you, such as account information service providers and payment initiation service
- As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, including in bankruptcy, your personal data may be part of the transferred You will be notified via email and/or a prominent notice on our websites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
- We also disclose your personal information globally, as required or permitted by applicable laws and regulations, to regulatory and financial authorities, law enforcement bodies, courts, governments or government agencies, to meet compliance and legal obligations, to prevent or detect crime or to assert or defend the rights and interests of Dahabshiil or
Transfers of your Data outside of the UK and EEA
The data that we collect from you may be transferred to, and stored at, a destination outside of the UK and European Economic Area (EEA) by our group companies and our agents, representatives and business partners including Somalia and the United Arab Emirates. It may also be processed by staff operating outside the UK and EEA who work for our vendors and who are engaged in the provision of support services.
These transfers are either necessary to perform our agreement with you or to conclude or perform contracts concluded in your interest between us and another party or we have taken steps to ensure that there is adequate protection for your personal data in these circumstances through suitable safeguards, such as by entering into EU Commission or UK approved standard contractual clauses, or relying upon a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism is available on request using the contact details below.
Your Rights and Choices
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). We do not take any decisions based solely on automated processing which may give rise to legal effects or otherwise significantly affect you.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the EU/UK GDPR and in the UK Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
We will inform you when your information is required to provide the services you request, or is required by law. In certain cases, such as performing money transfer services, we may be unable to provide you with our services unless you provide certain personal information but we will notify you if this is the case at the time.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us – or our Data Protection Officer –by emailing DPO@dahabshiil.co.uk.
If you have unresolved concerns, you have the right to complain to an EU or UK data protection authority where you live, work or where you believe a breach may have occurred. This likely to be the Information Commissioner’s Office (“ICO”) in the UK. You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.
Withdrawing Consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by emailing DPO@dahabshiil.co.uk.
Changes to the Notice
This Notice may be updated periodically. We will update the date at the top of this Notice accordingly and encourage you to check for changes to this Notice, which will be available at www.dahabshiil.co.uk. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Notice, as required by applicable law.
Strictly necessary Cookies
We use these Cookies to enable core website functionality such as security, network management and accessibility.
We use these Cookies to provide enhanced functionality to our website e.g. to remember choices you make such as your preferred language or the region you are in but these are not used to track user activities.
We use these Cookies to allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular.
Information we collect from Cookies
We also use the information we receive from these Cookies to create aggregated and statistical data (which cannot be used to directly identify you). For example, aggregated data may include data that describes the general demographics, usage or other characteristics of a site's users. We reserve the right to transfer and/or sell aggregate or group data about our users for lawful purposes.
How long cookies last
The length of time a Cookie will stay on your browsing device depends on whether it is a “persistent” or “session” Cookie. Session cookies will only stay on your device until you stop browsing (eg performance cookies). Persistent Cookies stay on your browsing device after you have finished browsing until they expire or are deleted (eg our functional cookies to remember your preferences).
When you visit our website (where required by applicable law), you have the option to accept, reject or adjust some of the Cookies we use. You can modify these settings or withdraw your consent at any time by using our cookie consent mechanism or by emailing DPO@dahabshiil.co.uk.
Alternatively, you may also set your browser to block all Cookies or to indicate when a Cookie is being set. For more information, please refer to your browser settings. Note that by disabling certain categories of Cookies, you may be prevented from accessing some features of our websites or certain content or functionality may not be available. Certain browsers allow you to navigate websites in an incognito or private mode. Once the browser session is closed, typically all Cookies collected during the session are automatically destroyed. For further information, visit www.allaboutcookies.org