PassTo's Privacy Policy

Privacy Policy

1. About our Privacy Policy

BlaBla Connect Limited (‘BlaBla’) is committed to protecting and respecting your privacy. This Privacy Policy together with our Terms and Conditions apply to your use of our PassTo application and the services accessible through our app and website.

It is important to us that you can trust us with your information when you use our services. Note that our services are not intended for children. Please take a few minutes to read this Privacy Policy to understand what information we collect, what we do with it and why.

We have layered this privacy policy so that you can find the details you need as quickly and easily as possible.

Our privacy policy gets updated from time to time. Whenever we make a change, we will post an update and inform you if there is a material change.

2. Who we are and our contact information

We are BlaBla Connect Limited, with registered office at 60 Cannon Street, London, England, EC4N 6NP. We offer online payment and remittance services, commonly known as ‘eWallet services’ to our customers, which has features such as, payments (whereby you can make payments directly from our app), remittance (you can transfer money to anyone in the world) and peer to peer transfers.

In this privacy policy, ‘we/us’ means BlaBla, entity responsible for processing your personal information and ‘third party’ means someone who is not you or us.

Your opinion matters to us – if you have any questions about compliance, this privacy policy or your rights, please submit your query to our Privacy Team at dataprivacy@passto.co.uk and a member of the team will respond to you.

If you have any other general questions about our services or products, please submit your query to our Customer Services Team at support@passto.co.uk and a member of the team will respond to you.

3. Personal information we collect about you

We will collect information about you and this will vary based on the services you choose to use and subscribe to as well as the amount of funds involved.

When you download our app, information may be accessed from or stored on your device to allow the app to operate and function.

The specific types of information we may have are as follows and we have grouped them in relation to each service type:

  • Your Identification Data

This includes your full name, nationality, date of birth, a picture of you, a copy of a proof of identity related documentation (passport or driving licence or national identity card), your street address, postcode, city and country.

  • Your Beneficiary’s Identification Data

This may include his/her first name, last name, phone number and email address.

  • Account Data

This includes your phone number and email address.

  • Your Beneficiary’s Account Data

This may include his/her phone number and email address.

  • Financial Data

This may include your bank account numbers, or debit/credit cards linked to your PassTo account when you make bank transfers. Additionally, we may collect your occupation and salary details for the last 3 (three) months, source of funds details and purpose of transactions. It may also include your beneficiary’s bank account details.

  • Technical Data

This includes internet protocol (IP) address, device information, such as device type and serial number, browser type and version, device operating system version, language, browsing patterns and user activity.

  • Usage Data

This includes details about how you use our products and services, your transaction amounts and dates, frequency of transactions, including their status.

  • Marketing and Communications Data

This includes your marketing preferences in receiving marketing from us and your communication preferences.

  • Customer Care Data

This includes your feedback to us, survey related information and chat logs.

Aggregated Data includes data that could be derived from your personal data but is not considered personal data by law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Information generated by automated technologies or interactions includes automatically collected Technical Information about your device, browsing patterns and actions as you interact with the app. We collect this information by using cookies. Please see our Cookie Policy for further details.

Also, when you download our app, it will set out the preferences it requires to operate, some of which you may be able to opt out of in some cases.

Where we need to collect personal data by law and you fail to provide that data when requested, including failing to update your personal data, we may not be able to provide you with the services. We may also have to cancel a service you have with us but we will notify you if this is the case at the time.

4. How and when is your personal information collected

When you download or use the app, the app collects your IP address and standard web information, such as the web browser type.

Before you can access the app and use the services, you must provide additional information that we can use to verify your identity to manage risk, such as your full name, date of birth, a copy of your valid government issued photo identification and your photo. We may also obtain information pertaining to you from third parties such as credit bureaus and ‘Know-Your-Client’ verification services.

When you are using the app, it collects information about your account electronic Usages and may also collect information about your device used to access the app for fraud prevention purposes.

We may also collect additional information in other ways, such as, through your contact with the Customer Support Department, results of surveys and when you interact with us via social media and online customer review websites.

5. How we use your personal information

We will only use your personal data when the law allows us to, most commonly, in the following circumstances:

  • Where we need to perform the terms and conditions we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. We have carried out a legitimate interests assessment to ensure that where we rely on legitimate interests, that those interests are valid.
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a mandatory legal or regulatory obligation.
  • Where you provide your consent to us before processing.

We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

6. With whom we may share your personal information

Where applicable, we may have to share information about you with:

• Another BlaBla affiliated entity under common control which provides ancillary technical services including digital wallet platform management and customer care support;

• Third parties which provide data centre services to us;

  • A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement;

• Regulators which require the reporting of fraudulent and criminal activities;

  • Third party service provider which provides compliance services such as ‘Know Your Customer’ services;

• Third parties whom we have engaged to facilitate the processing of your transactions in the destination countries and payment gateways;

• Third parties which provide physical cards issuing services;

• A third party which enable customer support messaging;

• Our financial institution whom we bank with to manage our customer accounts;

  • Your beneficiaries;
  • Third parties where you have consented for us to do so. For example, if you have consented to receive marketing materials from them or monitor your browsing activity.

If we are reorganised or sold to another organisation, we will provide your information to that organisation.

Where applicable, we require all external third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. Information from children

Our services are not intended for anyone under the age of 18. We do not knowingly collect personal information via our services from anyone under 18.

8. International data transfers

The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway: they are considered to have equivalent laws when it comes to data protection and privacy while non-EEA countries (except for those deemed adequate by the European Commission) do not provide appropriate safeguards for data protection.

The company affiliated to BlaBla is based outside the EEA in Cairo and Egypt, so their processing of your personal data will involve a transfer of data outside the EEA. Additionally, the main establishment of our company is located in the UK which, in the event of Brexit, will be outside the EEA.

The categories of receivers in Cairo are the customer support and technical support departments. Our customer support department assists with customer complaints while our technical support is responsible for maintaining the backend servers and resolving faults and issues.

Our management team is located in Cairo and in the UK, we have our compliance team.

We ensure that processing of personal data is based on a need-to-know basis only and only relevant departments and functions will have access to personal data.

Additionally, some of third parties we use for providing us with services are located in the USA and UK.

We take measures to ensure that your information is properly protected.

Where we intend to engage with our affiliated companies and third parties based in the non-EEA countries, we will either enter into legal agreements that reflect high data protection standards approved by EEA authorities and the European Commission, such as Standard Contractual Clauses, or we will engage with those third parties which adhere to the EU – US Privacy Shield certification requirements.

9. How long we keep your information for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal requirements.

Details of retention periods for different aspects of your personal data are set in our Data Protection Policy.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case, we may use this information indefinitely without further notice to you.

10. Keeping your information secure

We have a dedicated function (Head of Information Security) who constantly reviews and improves our measures to protect your personal information.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All the measures are documented in a single document known as the IT Security Policy which includes BlaBla’s practices on acceptable encryption, information security review and audit, network security, data retention, archiving and destruction.

Our app uses industry approved protection tools (encryption, passwords) to protect your personal information against unauthorized access or disclosure.

In addition, we limit access to your personal data to those staff members or other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a strict duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and relevant supervisory authority of a breach where we are legally required to do so.

11. Your rights, including your rights to withdraw consent

Under certain circumstances and where applicable , you can exercise your rights under data protection laws in relation to your personal data which are as follows:

Right to have access to your personal data – This enables you to make a request for a copy of the personal data that we hold about you and to check that we are lawfully processing it. You can contact us at dataprivacy@passto.co.uk.

Right to correct your personal data – This enables you to have information corrected if it is not accurate. You can do so by contacting us at support@passto.co.uk for this purpose.

Right to data portability – This enables you to take with you the personal data you provided to us or port it to a third party. You can contact us at dataprivacy@passto.co.uk

Note, however, that this right only applies to automated information which you initially provided under your consent for us to use or where we used the information to perform a contract with you.

Right to object to the processing of your personal data – This enables you to object to the BlaBla processing your personal information, for example where we rely on legitimate interest for direct marketing. Please contact us at dataprivacy@passto.co.uk for this purpose.

Right to restrict the processing your personal data – This enables you to ask us to suspend the processing of your personal data in certain circumstances. Please contact us at dataprivacy@passto.co.uk for this purpose.

Right to delete your personal data – This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Please contact us at dataprivacy@passto.co.uk for this purpose.

Right to withdraw your consent – If you no longer want to receive marketing messages from BlaBla, you can choose to opt out of all marketing communications or choose only selected methods (for example, email, text and push notifications through the app).

You can opt out by doing the following:

o Contacting our Customer Services team at support@passto.co.uk

o Clicking ‘Unsubscribe’ at the end of a marketing email or text

o Disabling push notification messages, including marketing messages at any time in the app by changing the notification settings in the preference centre.

Note that withdrawing your consent does not mean that you won’t receive any service-related messages. You will still continue to receive those (unless we have indicated otherwise).

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. Contacting the Supervisory Authority

You have the right to make a complaint at any time to the relevant data protection supervisory authority.

We would, however, appreciate the chance to deal with your concerns first before you approach the supervisory authority, so please do contact us in the first instance.

This policy is being updated on the 15th of June 2024, and will be replaced by this policy.