Published 15 June, 2024
BlaBla Connect Limited (‘BlaBla’) is committed to protecting and respecting your privacy. This Privacy Policy together with our Terms and Conditions apply to your use of our PassTo application and the services accessible through our app and website.
It is important to us that you can trust us with your information when you use our services. Note that our services are not intended for children. Please take a few minutes to read this Privacy Policy to understand what information we collect, what we do with it and why.
We have layered this privacy policy so that you can find the details you need as quickly and easily as possible.
Our privacy policy gets updated from time to time. Whenever we make a change, we will post an update and inform you if there is a material change.
We are BlaBla Connect Limited, with a registered office at 60 Cannon Street, London, England, EC4N 6NP. We offer online payment and remittance services, commonly known as ‘eWallet services’ to our customers, which have features such as, payments (whereby you can make payments directly from our app), remittance (you can transfer money to anyone in the world) and peer to peer transfers.
In this privacy policy, ‘we/us’ means BlaBla, the entity responsible for processing your personal information and ‘third party’ means someone who is not you or us.
Your opinion matters to us – if you have any questions about compliance, this privacy policy or your rights, please submit your query to our Privacy Team at dataprivacy@passto.co.uk and a member of the team will respond to you.
If you have any other general questions about our services or products, please submit your query to our Customer Services Team at support@passto.co.uk and a member of the team will respond to you.
We will collect information about you and this will vary based on the services you choose to use and subscribe to as well as the amount of funds involved.
When you download our app, information may be accessed from or stored on your device to allow the app to operate and function.
The specific types of information we may have are as follows and we have grouped them in relation to each service type:
This includes your full name, nationality, date of birth, a picture of you, a copy of a proof of identity related documentation (passport or driving license or national identity card), your street address, postcode, city and country.
This includes your beneficiary’s first name, last name, phone number and email address.
This includes your phone number and email address.
This may include his/her phone number and email address.
This may include your bank account numbers, or debit/credit cards linked to your PassTo account when you make bank transfers. Additionally, we may collect your occupation and salary details for the last 3 (three) months, source of funds details and purpose of transactions. It may also include your beneficiary’s bank account details.
This includes internet protocol (IP) address, device information, such as device type and serial number, browser type and version, device operating system version, language, browsing patterns and user activity.
This includes details about how you use our products and services, your transaction amounts and dates, frequency of transactions, including their status.
This includes your marketing preferences in receiving marketing from us and your communication preferences.
This includes your feedback to us, survey related information, call and chat logs.
This includes your facial biometrics, which may include a “selfie” taken on your mobile or other device holding a copy of your identification documents.
This includes data that could be derived from your personal data but is not considered personal data by law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Information generated by automated technologies or interactions includes automatically collected Technical Information about your device, browsing patterns and actions as you interact with the app. We collect this information by using cookies. Please see our Cookie Policy for further details.
Also, when you download our app, it will set out the preferences it requires to operate, some of which you may be able to opt out of in some cases.
Where we need to collect personal data by law and you fail to provide that data when requested, including failing to update your personal data, we may not be able to provide you with the services. We may also have to cancel a service you have with us but we will notify you if this is the case at the time.
Save for Biometric Data, we do not collect any special categories of personal data (Special Categories of Personal Data) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic data).
We use different methods to collect data from and about you including through:
We will only use your personal data when the law allows us to, most commonly, in the following circumstances:
We have set out below, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Where applicable, we may have to share information about you with:
• Another BlaBla affiliated entity under common control which provides ancillary technical services including digital wallet platform management and customer care support;
• Third parties which provide data centre services to us;
• Regulators which require the reporting of fraudulent and criminal activities;
• Third parties whom we have engaged to facilitate the processing of your transactions in the destination countries and payment gateways;
• Third parties which provide physical cards issuing services;
• A third party which enable customer support messaging;
• Our financial institution whom we bank with to manage our customer accounts;
If we are reorganized or sold to another organization, we will provide your information to that organization.
Where applicable, we require all external third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our services are not intended for anyone under the age of 18. We do not knowingly collect personal information via our services from anyone under 18.
The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway: they are considered to have equivalent laws when it comes to data protection and privacy while non-EEA countries (except for those deemed adequate by the European Commission) do not provide appropriate safeguards for data protection.
The company affiliated to BlaBla is based outside the EEA in Cairo and Egypt, so their processing of your personal data will involve a transfer of data outside the EEA. Additionally, the main establishment of our company is located in the UK which, in the event of Brexit, will be outside the EEA.
The categories of receivers in Cairo are the customer support and technical support departments. Our customer support department assists with customer complaints while our technical support is responsible for maintaining the backend servers and resolving faults and issues.
Our management team is located in Cairo and in the UK, we have our compliance team.
We ensure that processing of personal data is based on a need-to-know basis only and only relevant departments and functions will have access to personal data.
Additionally, some of the third parties we use for providing us with services are located in the USA and UK.
We take measures to ensure that your information is properly protected.
Where we intend to engage with our affiliated companies and third parties based in the non-EEA countries, we will either enter into legal agreements that reflect high data protection standards approved by EEA authorities and the European Commission, such as Standard Contractual Clauses, or we will engage with those third parties which adhere to the EU – US Privacy Shield certification requirements.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal requirements.
Details of retention periods for different aspects of your personal data are set in our Data Protection Policy.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case, we may use this information indefinitely without further notice to you.
We have a dedicated function (Head of Information Security) who constantly reviews and improves our measures to protect your personal information.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All the measures are documented in a single document known as the IT Security Policy which includes BlaBla’s practices on acceptable encryption, information security review and audit, network security, data retention, archiving and destruction.
Our app uses industry approved protection tools (encryption, passwords) to protect your personal information against unauthorized access or disclosure.
In addition, we limit access to your personal data to those staff members or other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a strict duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and relevant supervisory authority of a breach where we are legally required to do so.
Under certain circumstances and where applicable , you can exercise your rights under data protection laws in relation to your personal data which are as follows:
• Right to have access to your personal data – This enables you to make a request for a copy of the personal data that we hold about you and to check that we are lawfully processing it. You can contact us at dataprivacy@passto.co.uk.
• Right to correct your personal data – This enables you to have information corrected if it is not accurate. You can do so by contacting us at support@passto.co.ukfor this purpose.
• Right to data portability – This enables you to take with you the personal data you provided to us or port it to a third party. You can contact us at dataprivacy@passto.co.uk
Note, however, that this right only applies to automated information which you initially provided under your consent for us to use or where we used the information to perform a contract with you.
• Right to object to the processing of your personal data – This enables you to object to the BlaBla processing your personal information, for example where we rely on legitimate interest for direct marketing. Please contact us at dataprivacy@passto.co.uk for this purpose.
• Right to restrict the processing of your personal data – This enables you to ask us to suspend the processing of your personal data in certain circumstances. Please contact us at dataprivacy@passto.co.uk for this purpose.
• Right to delete your personal data – This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Please contact us at dataprivacy@passto.co.uk for this purpose.
• Right to withdraw your consent – If you no longer want to receive marketing messages from BlaBla, you can choose to opt out of all marketing communications or choose only selected methods (for example, email, text and push notifications through the app).
You can opt out by doing the following:
o Contacting our Customer Services team at support@passto.co.uk
o Clicking ‘Unsubscribe’ at the end of a marketing email or text
o Disabling push notification messages, including marketing messages at any time in the app by changing the notification settings in the preference centre.
Note that withdrawing your consent does not mean that you won’t receive any service-related messages. You will still continue to receive those (unless we have indicated otherwise).
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the relevant data protection supervisory authority.
We would, however, appreciate the chance to deal with your concerns first before you approach the supervisory authority, so please do contact us in the first instance.