Rewire Privacy Policy
Rewire Privacy Policy
Introduction
Welcome to Rewire, a platform for users to send money/remit funds abroad for various purposes, such as cross- border remittances, money transfers and other financial services (the “Service”).
This Privacy Policy (“Policy”) explains how information about you is collected and used by the Service, which is developed and operated by Rewire (O.S.G) Research and Development Ltd., a company incorporated under the laws of the State of Israel (“Rewire Ltd.”) and Rewire EU B.V. (“Rewire EU”), a Dutch company and a wholly owned subsidiary of Rewire Ltd. (together referred to as “Rewire”, the “Company” or “we”, “us”, “our”), available as web service on our website – https://www.rewire.to/il if you are located in Israel or https://hello.rewire.to if you are located in Europe, and as an application on App Store and Play Store.
We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR).
The Service is not directed to users under the age of 18. We do not knowingly collect information or data from children under the age of 18 or knowingly allow minors under the age of 18 to use the Service.
This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
Contact us
If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at as follows:
- For general requests and privacy matters – [email protected], [email protected], [email protected]
- For complaints – [email protected].
What we collect and why
| Scenario | Purposes | Categories of information processed |
| When you register to our Service or go through our KYC | Providing you with the functionality of the Service, contacting you regarding administrative issues related to the Services, this Policy, our Terms of Service, support and maintenance | Mobile phone number, email address, user’s address, full name, gender, user profile photo, date of birth, financial or payment information and location data (user-entered). If you will also want to transfer funds back to your own home, we may request to collect additional information, such as your ID, Passport, Driving License, address and additional information as may be required by Rewire. We refer to this as “Registration Information”. Registering to the Service is mandatory, but you do not have a legal obligation to do so. |
| When you provide us with access to your device components | We use your device components for the following purposes: · Telephone – for creating contacts · GPS – for accurate address input · Camera – for KYC purposes (scan identification documents) | Telephone, GPS, Camera, Contact list or address book, SMS or MMS, Unique device ID (UDID) or UUID, User photos or videos on device storage. |
| · Contact list or address book – for allowing users to import their contacts into the Service and create recipients out of them · SMS or MMS – for autofilling 2FA codes · Unique device ID (UDID) or UUID – for tracking porpuses as required by law or for the provision of the Service · User photos or videos on device storage – for storing screenshots of barcode info | ||
| Subscribing to our newsletters or for receiving marketing communications | Providing you with the newsletter and marketing communications about our services, including updates about new services that we believe may be suitable to you, subject to your consent. | Registration Information (as defined above) |
| When you transfer funds on our Service | Providing you with the functionality of the Service you requested, such as the transfer of funds or finding the nearest deposit point for our Service. | Information regarding any transactions and money transfers you make, including their amounts, their recipients, date and time and other transactional information. Optionally – geolocation |
| When you choose to save your fingerprint to access the service and when you request to send funds home (involving facial recognition) | Providing you with the functionality of the Service you requested, such as accessing the service via your fingerprint or sending funds home via facial recognition verification | Fingerprints, facial recognition data. We refer to this as “Biometric Information”. |
| Contacting us with an inquiry through our email, WhatsApp bot, Facebook Messenger, or via a phone call | Responding to your inquiry, our business development | Your mobile phone number, full name, ID number / other unique identifier, the subject of your inquiry and the text of your message. We refer to this as “Inquiry Information”. |
| When you provide us with your feedback and reviews | Responding to your feedback and reviews, our business development | Mobile phone number, full name, ID number / other unique identifier and the feedback or review. |
| Use of cookies and internal analytics tools on the Service | Facilitate a Service feature that the user specifically requested, analyze the Service usage to evaluate and improve its performance, improve user experience on the Service, inform and serve personalized ads more relevant to user interests | IP address from which you access the Service, time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service. |
You do not have a legal obligation to provide us with the abovementioned information; however, if you choose to not share this information with us, we may not be able to handle or respond to your inquiry, fulfill your request to register or to use our Service functionalities, or to send you our newsletter and marketing communications with information about our business and offers.
You may ‘opt-out’ of using your Information for marketing communications and newsletters by sending an email to: [email protected], or as otherwise provided in our marketing communications or newsletters. By doing so,
Rewire will only delete the Information which is required to contact you for marketing communications, while the rest of the Information you submitted to us which is necessary to provide you with the Service will continue to be processed and used.
Methods and sources for collecting your personal information
We collect the personal information from several sources:
- Directly from you when you register to our Service or when provided to us through our email, WhatsApp Bot, Facebook Messenger or via a phone call.
- From our service providers helping us to operate the
- Through the device you use to access our Service, including through third party cookies and analytics tools, such as Internal analytics services, Facebook Ads, Google Analytics, Woopra, Heap, Appsflyer, Vimeo and Big For further information regarding cookies and how we use them, please refer to our Cookie Policy.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
| Scenario | Purposes | Third parties involved |
| We will share your information with our service providers who assist us with the internal operations of the Service. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes | Operating the Service and our business | Examples include GCP, Onfido and Salv Subject to the following additional Policies: GCP – https://policies.google.com/privacy Onfido – https://onfido.com/privacy/ Salv – https://salv.com/privacy-policy/ Additional Service Providers who we may share your information with: Newxel |
| If you abused your rights to use the Service or violated any applicable law while doing</strong business with us. | Responding to, handling, and mitigating suspected violations of law in connection with our business. | Competent authorities, legal counsels, and advisors |
| If a judicial, governmental, or regulatory authority requires us to disclose your information. | Complying with a binding request from a competent authority. | Competent authorities. |
| If the operation of the Service or our business is organized within a different framework, or throughanother legal structure or entity. | Enabling a structural change in the operation of the Service and our business. | The target entity of the merger or acquisition, legal counsels, and advisors. |
Use of third-party platforms
Our Service enables you to interact with third party platforms, such as Facebook, Viber, WhatsApp or your email account provider. This feature of the Service is used to integrate a Facebook “Like” button within our Service, to invite your friends and contacts to use the Service and for various other purposes. Your use of such third-party platforms and the platforms’ use of your Information and the content you post, share or email through them, are governed by their respective terms of use and privacy policy, not this Policy.
Data retention and security
We retain your information for as long as needed to operate the Service, and thereafter as needed for record- keeping matters.
We will retain your information for as long as needed to operate the Service. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.
We implement measures to secure your information.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks. The measures we implement include:
- Data Encryption At-Rest: Stored data is encrypted using strong encryption algorithms. In-Transit: SSL/TLS is used to secure the data when it’s being transferred over a network.
- Authentication & Authorization Multi-Factor Authentication (MFA) Role-Based Access Control (RBAC)
- Firewalls & Intrusion Detection Systems Stateful inspection
- Regular Security Audits & Penetration Testing Vulnerability assessments
- Data Backups Regular backups of critical
- Security Policies & Training Employee training and awareness programs Incident Response Plans (IRP)
- Secure Software Development Lifecycle (SDLC) Security is considered at each phase of software
- Data Masking & Anonymization Sensitive data is masked or anonymized before use in non-production
- Network Segmentation Sensitive data and services are isolated in secure network
- Monitoring and Logging Continuous monitoring of the systems for suspicious
- Contractual obligations with our third party service providers, as required under the applicable law, such as
(1) keeping personal information secure at all times; (2) informing Rewire if the thid party service provider discovers that any unauthorized use or acsses that has been made of the personal information; (3) In relation to personal information, comply with the provisions of the Israeli Protection of privacy regulations (data security) 5777-2017, including the appointment of an information security officer, formulation and implementation of an information security procedure, personnel management, management of access privileges, Identification and verification, control and documentation of access, documentation of information security events, restriction of connection of mobile devices, outsourcing communication security, conducting periodic audits and saving security data.
Additional information for individuals in the EEA or UK
Controller, GDPR representativeRewire Ltd. And Rewire EU are joint controllers of your Information collected via the Service.
| Name | Address | EU GDPR Representative |
| Rewire Ltd. | 1 Walter Moses, Tel Aviv. 6789903, Israel | Rewire EU B.V., Nieuwezijds Voorburgwal 296, 1012RT, Amsterdam, the Neatherlands |
International data transfers
To facilitate processing your information through the Service and by our service providers, we may transfer your information to countries outside the EEA or the UK. If we do so, it will be under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office. Similar safeguards are applied by our third party service providers, fraud prevention agencies and other parties where they have had access to your data in accordance with this privacy policy, where they transfer your personal data outside of the EEA.
Legal basis for processing your personal data
| Purpose or Scenario | Legal Basis |
| Registering to our Service | The performance of a contract for the provision of the Service. |
| Acssesing to your device components | · The performance of the contract for the provision of the Service. · Our legitimate interests in improving our Service, when we collect your crash logs to improve the Service. |
| Subscribing to our newsletters or marketing communications | Consent |
| When you transfer funds on our Service | · The performance of a contract for the provision of the Service. · Geolocation data – Consent |
| When you choose to save your fingerprint to access the service and when you request to send funds home (involving facial recognition) | · Fingerprints – Our legitimate interests in providing you with the Service you specifically requested. · Facial Recognition Data – the necessity of the processing for reasons of substantial public interest – preventing fraud and money laundering, on the basis of Union and Dutch law. |
| Responding to your inquiry | Responding to your inquiry, our business development |
| When you provide us with your feedback and reviews | Our legitimate interest in developing and enhancing our business and the Service, responding to your feedback or reviews |
| Use of cookies that facilitate a Service feature you specifically requested | Our legitimate interests in providing you with the Service you specifically requested |
| Use of cookies and internal analytics tools on the Service for performance, marketing, analytics etc. | Consent |
| Responding to, handling, and mitigating suspected violations of law in connection with our business | Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business |
| Complying with a binding request from a competent authority | Legitimate interests in complying with mandatory legal requirements imposed on us |
| Enabling a structural change in the operation of the Service and our business | Legitimate interests in our business continuity |
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behavior to be consistent with money laundering or known fraudulent conduct, or is inconsistent with other data held, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making and if you want to know more please contact us using the details below.
If we, our third-party service providers or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
Data subject rights
If you are in the EU or the UK, you have the following rights under the GDPR:
Right to Access and receive a copy of your personal information that we process.
Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal
Right to easily and at any time withdraw your consent to the use of non-essential cookies on our Service. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here