Preloader Close

Privacy Policy

Contact us Contact us

1. Introduction
Hamayon Exchange Ltd (“Hamayon Exchange”, “we”, “our”, “us”) is a United Kingdom–registered Money Service Business (MSB). We provide money remittance, and related financial services.

We are regulated by:

  • Financial Conduct Authority (FCA).
  • HM Revenue & Customs (HMRC) for AML/CTF compliance.
  • National Crime Agency (NCA) for Suspicious Activity Reporting (SAR) under the Proceeds of Crime Act 2002 (POCA).

We are committed to protecting the privacy, integrity, and confidentiality of all personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR);
  • Data Protection Act 2018;
  • FCA Handbook (PRIN, SYSC, CONC);
  • Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended;
  • Guidance from the NCA, HMRC, and ICO;
  • FATF / ATF recommendations on customer due diligence, recordkeeping, and reporting.

2. Scope
This Policy applies to all personal data processed by Hamayon Exchange Ltd, including:

  • Clients, prospective clients, and client representatives (agents, beneficial owners);
  • Employees, job applicants, contractors, and consultants;
  • Suppliers, service providers, and business partners.

It applies to all forms of data collection and processing, including online (website, apps) and offline (branch, telephone, postal).

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable person (e.g., name, address, date of birth, ID number, contact or financial details).
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, transfer, or deletion).
  • Data Subject: An individual whose personal data is processed.
  • Controller: Hamayon Exchange Ltd, determining how and why personal data is processed.
  • Special Category Data: Sensitive personal data revealing racial or ethnic origin, political opinions, religious beliefs, health, or biometric data.
  • AML / CTF: Anti-Money Laundering and Counter-Terrorist Financing obligations.

4. Lawful Bases for Processing
We process personal data based on one or more lawful bases under the UK GDPR:

  1. Legal obligation – to comply with HMRC, FCA, or NCA regulations (e.g., KYC, CDD, recordkeeping, SAR reporting).
  2. Contract performance – to provide financial services requested by clients.
  3. Legitimate interests – for risk management, fraud prevention, and operational administration.
  4. Consent – where voluntarily provided for specific purposes (e.g., marketing).
  5. Public interest / crime prevention – to detect or prevent criminal activity and comply with POCA obligations.

5. Purpose of Processing
We process personal data for purposes including:

  • Identity verification and Know Your Customer (KYC) checks;
  • Compliance with AML/CTF regulations, financial sanctions, and FATF customer due diligence standards;
  • Execution of money transfer and currency exchange transactions;
  • Maintenance of client records, accounts, and transaction histories;
  • Suspicious Activity Reporting (SAR) to the NCA, as required by law;
  • Employment, HR, and contractor management;
  • Audit, tax, and regulatory reporting;
  • Prevention of fraud, financial crime, and misuse of services;
  • Security, system integrity, and operational risk management.

Note: SARs are confidential; subjects are not notified.

6. Data Protection Principles
We follow the UK GDPR principles:

  1. Lawfulness, fairness, transparency – processing is legal and clear to data subjects.
  2. Purpose limitation – data is collected for explicit, lawful purposes.
  3. Data minimisation – only necessary data is collected.
  4. Accuracy – data is accurate and kept up to date.
  5. Storage limitation – data is retained only as required by law or business purpose.
  6. Integrity and confidentiality – data is secure from unauthorised access or loss.
  7. Accountability – we can demonstrate compliance at all times.

7. Data Security
We implement appropriate technical and organisational measures:

  • Encrypted storage, secure servers, and firewalls;
  • Restricted access on a need-to-know basis;
  • Multi-factor authentication and intrusion detection;
  • Staff training on data protection, AML, and fraud prevention;

Suspected breaches are investigated promptly and, if required, reported to the ICO within 72 hours.

8. Data Retention
We retain data only as necessary for the purposes or legal obligations:

  • Customer/transaction records: minimum 5 years post-business relationship (AML/CTF requirement);
  • Employment/HR data: statutory retention periods;
  • Marketing data: until consent withdrawal;
  • SAR-related data: per NCA guidance (minimum 5 years).

After retention periods, data is securely deleted or anonymised.

9. Sharing and Disclosure
We share personal data only when legally required or permitted:

  • Regulatory authorities (FCA, HMRC) for compliance;
  • Law enforcement agencies (NCA) under SAR/POCA obligations;
  • Professional advisers (auditors, legal counsel, compliance consultants);
  • Technology and service providers under contractual data protection obligations.

We do not sell, rent, or trade personal data.

10. International Transfers
Where data is transferred outside the UK or EEA:

  • Transfers are only to countries with adequacy decisions;
  • Or under UK-approved Standard Contractual Clauses (SCCs);
  • Or with explicit consent from the data subject.

11. Data Subject Rights
Under UK GDPR, individuals can:

  • Access their personal data.
  • Rectify inaccuracies.
  • Request erasure (“right to be forgotten”) where permitted.
  • Restrict processing.
  • Object to processing for legitimate interests or marketing.
  • Data portability – receive data in structured, machine-readable form.
  • Withdraw consent at any time.

Requests should be sent to: info@hamayonexchange.co.uk. Proof of identity may be required.

12. Cookies and Website Tracking
We use cookies to improve website functionality and analyse traffic (e.g., _ga, _gid, _gat for Google Analytics).
Non-essential cookies require active consent, in line with PECR. You can manage cookies via your browser or visit: Google Analytics Opt-out.

13. Governance and Responsibilities

  • Hamayon Exchange team oversees compliance with GDPR and data protection legislation;
  • Senior management ensures FCA, HMRC, and NCA obligations are met;
  • Employees, agents, and contractors must handle personal data in compliance with this Policy;
  • Violations may result in disciplinary, contractual, or criminal consequences.

14. Complaints and Dispute Resolution
If you have concerns:

  • Contact us first at info@hamayonexchange.co.uk;
  • Escalate to ICO: www.ico.org.uk;
  • AML / suspicious activity issues may be reported to the NCA under SAR obligations.

15. Changes to this Policy
We may update this Policy to reflect regulatory changes or business practice updates.
Revised versions will be published on our website with the updated effective date.

Contact:
Hamayon Exchange Ltd
Registered in England and Wales
Email: info@hamayonexchange.co.uk
Website: https://hamayonexchange.co.uk