WEX is committed to protecting your personal information and privacy when you use our websites, apps and services (“Services“).
About the WEX Group
The relevant WEX company involved will depend on the Services you are using, but include the following:
- WEX Europe Limited (Company number 05927983), a company organised and existing under the laws of England, registered at 4th Floor, East Building, 1 London Bridge, London, SE1 9BG, United Kingdom
- WEX Europe UK Limited (Company number 10485907 and FCA reference number 900747), an authorised electronic money issuer, registered at 4th Floor, East Building, 1 London Bridge, London, SE1 9BG, United Kingdom
Other than the general use of the WEX websites, the Services are provided by WEX to its corporate customers on a business to business basis. As part of the Services WEX may collect certain personal information about you, such as when you register for, access, and use the Services on behalf of such corporate customer. This may include information that relates to the customer or information relating to you in your capacity as an employee or agent of such customer (and not in a personal or private or consumer context).
In relation to your use and our provision of the Services, this is governed by our agreement with our customer which sets out the terms on which we provide the Services and our rights, obligations and protections in relation to the Services. Our liability in relation to the Services is subject to the terms of this agreement with our customer. If you have any questions in relation to the Services or our agreement with the customer, you should raise these enquires with your employer or the party that instructs you to use the Services).
If you applied for a prepaid card from one of our partners, they may also process data on their own behalf, on behalf of the card issuing firm, or on our behalf. The partner will be the data controller of the personal data it collects for marketing purposes. If anyone other than WEX is the data controller, this will be made clear when you provide your personal information.
The firm that issues your prepaid card is the data controller of personal information collected which concerns the use of your prepaid card. WEX operates your prepaid card and processes your personal data as a data processor on the issuing firm’s behalf, such as information about any transactions you undertake.
Personal information does not include data collected as part of the Services from which we cannot identify you, or information which would not enable us to identify you as an individual (such as by removing certain information which would mean that we are not enable to identify you personally).
WEX collects the details provided by you on registration to use our Services, or when our corporate customer provides us with registration details to enable us to provide the Services (even if you do not actually submit your request or registration). When you apply for Services from us (or from one of our partners) you will be asked to provide personal information so that we can process your registration to use the Services. The personal information you give us may include your name, address, email address, phone number and financial information.
We also collect personal information and non-personal information we learn about you from your use of the Services. We may also collect IP addresses, browser types, internet service providers (ISP), referring/exit pages, operating systems used, date/time stamps, and click stream data. To make sure we follow your instructions correctly and to improve the Services through training of our staff, we may also monitor or record telephone calls.
We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers, credit reference agencies) and we may receive personal information about you from them in order to provide and manage the Services and our business operations.
We may use your personal information to:
- manage your account(s)
- provide you with customer service, technical support and account maintenance
- inform you of any changes made to the Services or send other administrative information to you
- personalise aspects of our Service to you
- inform you of products, services, promotions and offers which you may find interesting
- for assessment and analysis including identity verification, behaviour scoring, and market and product analysis
- develop and improve our products and services
- for internal business purposes such as audits, fraud monitoring and prevention, monitoring the effectiveness of promotional campaigns and operating and expanding our business activities
As part of our checks to prevent fraud and money laundering, personal information that you provide may be disclosed to a credit reference or fraud prevention agency, who may keep a record of that information. This check is performed to confirm your identity only, a credit check is not performed and your credit rating will be unaffected.
If you do not complete a registration process we may use any personal information that you have already provided to us to contact you to make sure that you do not wish to proceed with registration.
We may share your personal information with third parties in relation to the data usage purposes set out above, including:
- • for such purposes that you have given us consent to do so (including but not limited to marketing by WEX group companies or partners whose brand is on your card where you have provided consent for us to do so)
- to our suppliers or service providers that process information on our behalf and/or which provide products and services to us to assist us in providing our Services to you or our corporate customer
- to the institution which issued your prepaid card (and which is a member of the relevant card scheme), as relevant to the Services
- to card scheme operators, as relevant to the Services
- to persons acting as our agents (and our partners who sell and/or market our prepaid cards from time to time) under a strict obligations of confidentiality
- to partners with whom we run loyalty and/or currency card programmes. If this applies to you, such disclosure will be under a strict obligations of confidentiality and will be limited to information which confirms (a) whether a card which carries that partner’s brand has been issued to you; and (b) whether such card has been activated and/or loaded
- to our corporate customer (likely your employer or the organisation otherwise instructing you to use our Services), where the card has been provided to you for use in the course of your employment
- to fraud prevention agencies, regulatory bodies and other organisations who may use the information to prevent fraud and money laundering
- if such disclosure is necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions (including our agreement with our corporate customer); (e) to protect our operations or those of any of the WEX group of companies; (f) to protect our rights, privacy, safety or property, and/or that of the WEX group of companies, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain
- to anyone to whom we transfer or may transfer our rights and duties under our prepaid card terms and conditions or other agreement with you or our corporate customer
- to other entities within the WEX group of companies
We may also use and disclose anonymous information (so that no individual customers are identified) for marketing and strategic development purposes.
Data Protection Principles
Where we are acting as a data controller in the United Kingdom we comply with the principles of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and will always follow these principles. We are registered with the Information Commissioner’s Office (who regulates compliance with the Data Protection Act in the United Kingdom).
The eight principles relating to the processing of personal information with which we comply are:
- • Fairly and lawfully processed
- Processed for a limited purpose
- Adequate, relevant & not excessive
- Accurate and up to date
- Not kept longer than is necessary
- Processed in line with your rights
- Not transferred to countries without adequate protection
Where we are acting as a data controller in another jurisdiction, we will comply with applicable data protection laws in that jurisdiction as they apply to us in relation to the Services we provide.
Your Rights to access, change, or delete the information you have provided to us
If you request that we delete any personal information which we are holding about you, we will try to do so within a reasonable time after your request and we will take reasonable steps to ensure that your personal information is no longer used (except as may be required or permitted by applicable law) by us. Please note that, where required or permitted by law, we may need to retain certain information for recordkeeping purposes, legal reasons, and/or to complete any transactions that you began prior to requesting deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
Third Party Websites
Data Security – Your Username, Passwords and/or Passcodes
We take the security of your personal data very seriously. On registering an account with us, you will be provided a username, password and/or passcode (“Access Credentials”) which must be used in order to access our Services including certain restricted parts of our websites. Your Access Credentials are used by us to identify you and so are very important.
What you should do:
- Never reveal your passcode or password to anyone
- Do not use a passcode or password that could be easily guessed by someone else
- Change your passcode and password immediately if you suspect someone else could know it
- Log off any website and close your web browser when you have completed your transaction
- Keep your PC updated with current anti-virus software and the latest browser versions
- Do not send us any confidential account information via email
- Treat emails you receive with caution. Remember we will never ask you to disclose your personal or account information to us by email. In particular we will never ask you to disclose your card PIN to us
We recommend that you regularly visit the http://www.financialfraudaction.org.uk website to keep up to date with tips to protect yourself from the latest scams.
Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our systems operate on 128-bit secure encryption. Look for the yellow padlock symbol in your browser status bar. All forms and online account pages, i.e. those pages that show your information, use 128-bit encryption. Encryption makes your information unreadable to anyone who might intercept it. The latest web browsers support 128-bit encryption. Browsers older than this support lower levels of encryption (40-bit or 56-bit) but they still remain extremely secure.
A team of independent security experts regularly test our websites and security processes. Your session will time out after a period of inactivity and your account will be locked out after six failed access attempts for a period of time. Further repeated failed attempts in this period will lock out your account permanently. If this happens you will need to contact us to reset your account.
We will verify your identity before disclosing confidential information over the telephone or re-setting your passcode. You should note that ordinary email is not secure. Please do not send us any confidential information via email. We will only use email to send you account information such as your account balance and limited transaction information or special offers if you have given your consent for us to do so. We will not use email to send other confidential personal information to you.
Emails which are not from us or the institution which issued your card may be “phishing” emails. Some helpful information on phishing and what to look out for can be found on the Action Fraud site: http://www.actionfraud.police.uk/fraud-az-phishing as well as on the Financial Fraud Action site http://www.financialfraudaction.org.uk/Consumer-fraud-prevention-advice-remote-banking.asp
Notification of changes
General information about data protection may be found at the UK Information Commissioner’s website: http://www.ico.gov.uk
What are cookies?
Cookies are small pieces of data sent to and retrieved from your browser. Cookies are used to store information about you or your device (computer, mobile or tablet). Cookies enable us to present you with a more personalised enhanced browsing experience.
WEX uses 4 types of cookies:
- Session cookies – these are temporary and only exist when you visit our websites until you close your browser which is when they will be deleted. These cookies help us to remember what you chose on a previous page to avoid you having to re-enter information. They also help keep our websites secure.
- Personalisation/Marketing cookies – these cookies make our websites relevant to you by ensuring they carry the correct branding for your product and the correct currency offer for you. These cookies may be stored for a maximum period of 1 year.
- Advertising and Analytics cookies – these allow us to track data about your usage of our websites, delivering content relevant to your interest and enabling us to improve the experience you have using our websites. These cookies may be stored for 30 minutes to 2 years.
- ShareThis cookies – we use this service to make it easier for our users to share pages with friends and acquaintances on social media sites. For more information on privacy, visit www.sharethis.com/privacy
How can I control and delete cookies?
You can restrict or block the cookies set by us by editing your browser settings. The “Help” function within your browser should tell you how to do so. We strongly recommend that you do not restrict or block all cookies, as this may affect the full functionality of the our websites when you use them.
If you are visiting our websites from a tablet or mobile device, please refer to your tablet or handset manual to find out more about how to delete cookies.
We may display interest-based advertising using information you make available to us when you interact with our websites, content, or Services. Interest-based ads, which may sometimes be referred to as personalised or targeted ads, are displayed to you based on information from activities that you undertake on our websites, such as purchasing, use of devices, apps or software, visiting sites that contain our content or ads or interacting with our tools.