1 General provisions
a. Hirett Limited (“Hirett”) aims to protect its clients’ personal data. Any information and data you provide to us are managed in accordance with the applicable laws, especially Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).
b. Hirett, located at Kemp House, 160 City Road – London – United Kingdom, EC1V 2NX is the data controller registered with the Companies House.
c. This Privacy and Personal Data Management Policy (hereinafter – the “Policy”) applies to your use of our website at www.thehbank.com (hereinafter – the “Website”), Hirett Mobile Application (hereinafter – the “App”), the Prepaid Card, and merchant tools.
d. Our compliance officer monitors compliance with the applicable data protection laws, responds to our customers’ complaints regarding processing and management of their personal data, and is the main point of contact when it comes to cooperation with supervisory authorities.
e. Hirett takes all the necessary measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. This includes legal, organizational, technical, and physical security measures.
f. By using this Website and any of the Hirett services you confirm you have read, understood and agree with this Policy. Hirett reserves the right to make changes to this Policy. An up-to-date version of the Policy is posted on the Website.
2 Personal data management principles
a. Hirett undertakes to ensure your personal data is:
• processed lawfully, fairly, and in a transparent manner in relation to you;
• collected for specified, explicit and legitimate purposes (conducting know your customer (KYC) checks, ongoing monitoring, etc), and not further processed in a manner that is incompatible with those purposes;
• adequate, relevant and limited to what is necessary for relation to the purposes for with they are processed;
• accurate and, where necessary, kept up to date; kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;
• processed in a manner that ensures appropriate security of your personal data.
b. Your personal data will be processed if:
• you have given consent to the processing of your personal data for one or more specific purposes;
• processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
• processing is necessary for compliance with a legal obligation to which we are subject;
• processing is necessary in order to protect your or another natural person’s vital interests;
• processing is necessary for the purposes of the legitimate interests pursued by us or the third party.
If you gave your consent to the processing of your personal data, you have the right to withdraw it at any time. It will not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by sending us an email with a request at data@thehbank.com (or if the consent was given to direct marketing – in the profile settings on the Website).
Hirett does not subject its customers to decisions based solely on automated processing, including profiling.
3 Personal data and purposes for which it is being collected
a. Identity establishment and verification, anti-money laundering and terrorist financing measures, provision of payment services (account opening, transfers of funds, payment collection, etc), execution of contractual and other legal obligations.
• Information we collect: your name, surname, nationality, personal number, date of birth, number of your ID document, a copy of your ID document, a photo, email address, phone number, payment account number, IP address, occupation and other information necessary to apply antimoney laundering and terrorist financing.
• We collect this data directly from you and/or from third parties including but not limited to the Centre of Registers, credit institutions, identity verification and financial sanctions databases, etc.
• We will store your data for 8 years since the termination of a transaction or a business relationship. This time limit may be additionally extended for up to 2 years upon a reasoned instruction of a competent authority.
• We can provide this data to supervising institutions, credit, financial, payment and (or) electronic money institutions, courts, law enforcement institutions, State Tax Inspectorate, payment receivers, lawyers, auditors, other subjects with a legal access to this information and subjects with whom Hirett has a contract but only if you give your consent.
• This data may be provided to third countries only if your payment transfer is carried out to a third country, or a partner (correspondent) from a third country is engaged in the payment execution.
• Storage and processing of this data are required by the laws of the United Kingdom and our Terms and Conditions. If you refuse to provide this information Hirett retains the right not to enter or terminate a contract with you and to refuse to provide services.
b. Debt management (management and collection of debts, submission of claims, demands, lawsuits and other documents, provision of document for debt collection, etc).
• Information we collect: your name, surname, personal number, address, date of birth, data from your ID document, email address, phone number, payment account number, IP address, payment account statements.
• We collect this data from you and / or from third parties including but not limited to the Centre of Registers, credit institutions, companies processing consolidated debtor files, etc.
• The due date for the debt is 10 years from the day the debt is incurred. After the opening of the legal proceedings, the time limit is extended until the debt is repaid and for 24 months after the repayment. This data retention period is based on the limitation periods for proceedings set out in the Civil Code of the United Kingdom.
• We can provide this data to companies processing consolidated debtor files, credit, financial, payment and / or electronic money institutions, lawyers, courts, law enforcement institutions, State Tax Inspectorate and other subjects with a legal access to this information.
• We will only provide this information to third countries if circumstances of the debt are related to them.
• Storage and processing of this data is required by the laws of the United Kingdom and our Terms and Conditions. If you refuse to provide us this information Hirett retains the right not to enter or terminate a contract with you and to refuse to provide services.
c. Prepaid card order, issuance and verification
• Information we collect: your name, surname, date of birth, email address, phone number, address, copy of your ID document, proof of address, linked card currency, linked card number, linked card validity period, linked card CVV/CVV2 number.
• We collect this data directly from you.
• We will store this data for 8 years from the date of termination of a transaction or a business relationship. This time limit may be additionally extended for up to 2 years upon a reasoned instruction of a competent authority.
• We may provide this data to the provider of the prepaid cards.
• We will not provide this data to third countries. Storage and processing of this data is required by the law of the United Kingdom and our Terms and Services. If you refuse to provide this information Hirett retains the right not to enter or terminate a prepaid card contract with you and to refuse to provide services.
d. Maintenance and administration of a business relationship with the client, correspondence with the client, assessment of the client’s needs, consultation.
• Information we collect: your name, surname, address, date of birth, email address, phone number and other information you provide us with.
• We will store this information for 5 years from the date of termination of our business relationship. This time limit may be additionally extended for up to 2 years upon a reasoned instruction of a competent authority.
• We may provide this data to institutions having a legitimate interest in it.
• Storage and processing of this data is required by our Terms and Conditions. If you refuse to provide this information Hirett retains the right not to enter or terminate a contract with you and to refuse to provide services.
e. Informing the client about services.
• We will require your email address that is directly provided by you. We will retain your email address for this purpose for 2 years from the date of termination of our business relationship. We will not provide your email address to other subjects for this purpose. Storage and processing of your email address for this purpose is required by our Terms and Conditions.
f. Protection of our lawful interests, dispute prevention, collection of evidence.
• Information we collect: your IP address, payment account statements, phone call recordings, written correspondence with the client, information about court and other administrative proceedings where the client is present, debts and other client’s obligations to third parties, information listed above.
• We collect this data from you and / or from third parties including but not limited to law enforcement authorities, courts, credit institutions, companies processing consolidated debtor files, etc.
• We will store your data for 5 years from the date of termination of our business relationship.
• We can provide this data to supervising institutions, companies processing consolidated debtor files, lawyers, courts, law enforcement institutions, other subjects with a legal access to this information and subjects with whom Hirett has a contract but only if you give your consent.
• Storage and processing of this data is required by the laws of the United Kingdom and our Terms and Conditions. If you decline to provide us with this information Hirett retains the right not to enter or terminate a contract with you and to refuse to provide services.
g. Direct marketing.
• We may use your email address for this purpose. It will be stored and processed for 2 years from the date of termination of our business relationship.
• Direct marketing requires your consent. You have the right not to consent to direct marketing and withdraw your consent at any time. You can do this in your profile settings on the Website.
• If you would like details of the third parties with which we share information about you please fill in the Data Request Form on the Website.
4 Cookies
a. We use cookies for the operation of our Website, traffic analysis, performance assessment, referral programme and direct marketing. By continuing to browse our Website, you agree to our use of cookies.
b. We bear no responsibility over the cookies used by third parties.
c. You may block cookies by activating the setting on your browser. Please note that if you block all cookies (especially those required for the efficient operation of the Website) you may not be able to access all or parts of our Website.
5 Your rights regarding the processing of your personal data
You have certain legal rights in relation to the processing of your personal data, including:
• the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing; the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;
• the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in Article 17 of the GDPR applies; the right to obtain from us restriction of processing where one of the grounds set out in Article 18 of the GDPR applies;
• the right to data portability in accordance with Article 20 of the GDPR; the right to object at any time to processing of your personal data in accordance with Article 21 of the GDPR; the right not to be subject to automated individual decision-making, including profiling in accordance with Article 22 of the GDPR.
This Policy does not deprive you of any other legal rights you may enforce under the applicable law.
Should you wish to enforce any of your rights regarding the processing of your personal data, please fill in the Data Request Form that you can find in your profile on the Website. Should you have additional questions please email us at: data@thehbank.com
6 Your responsibilities
a. You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data at the Website, you will enter only correct data. Hirett will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
b. You are responsible for maintaining adequate security and control of every identification number, password, and / or any other code that you use to access the Website, Account and
/ or the Prepaid Card. If you have not complied with this obligation and / or could, but have not prevented it and / or performed it on purpose or due to own negligence, you assume the loses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.
c. In the event of loss of any password by yourself or if the password(s) are disclosed not due to your or Hirett’s fault, or in case of a real threat that has occurred or may occur to your account, you undertake to change the password(s) immediately or, if you do not have a possibility to do that, not later than within 1 calendar day notify Hirett by email at support@thehbank.com or using the ‘Contact Us’ facility on the Website. Hirett shall not be liable for consequences that have originated due to the notification failure.
d. After Hirett receives the notification from you as indicated above, Hirett shall immediately suspend access to your account and provision of Hirett services until a new password is provided / created for you.
e. Hirett draws your attention to the fact that email address and any other contact information you have chosen to link to your Hirett account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend to memorize your passwords and not to write them down or enter anywhere where they may be seen by other persons.
7 Final provisions
a. This Policy shall be viewed and applied in accordance with the laws of the United Kingdom.
b. All complaints regarding this Policy shall be primarily addressed to Hirett and managed in accordance with its complaints management procedure. If you are unsatisfied with the response we have provided to your complaint, you have the right to lodge a complaint with a State Data Protection Inspectorate.