Group Privacy Notice

1. Introduction

Welcome to the Ebury Group’s Privacy Notice. This Privacy Notice explains how companies within Ebury Group (“we”, “us” or “our”) are committed to protecting and respecting your privacy.

As part of our normal business operations, we collect certain personal data from our clients.  This Privacy Notice sets out the legal basis for processing any such personal data or personal information that we collect or that you provide to us. Please read this notice carefully to understand our practices regarding your personal data or personal information. This Privacy Notice must be considered in conjunction with the Terms and Conditions applicable to each operating jurisdiction. By visiting ebury.com, ebury.nl,  ebury.ie, ebury.pt, ebury.es, ebury.cz, ebury.pl, ebury.fr, ebury.au, ebury.ca, fr.ebury.ca, es.ebury.ca, ebury.ae, ebury.lu,  nl.ebury.be, ebury.be, fr.ebury.ch, ebury.ch, ebury.de, ebury.it, ebury.gr, ebury.ro, ebury.se, ebury.bg, epm.ebury.com, ebury.cl, ebury.za.com, ebury.mx, ebury.co.nz, online.ebury.com, bos-auth.eburypartners.com, partnerportal.ebury.com and our ebury mobile application ("our sites") you are accepting the practices described in this notice.

2. Who are we?

Ebury Group is made up of a mix of companies set up in the different jurisdictions in which we operate. You will be told which company you have a relationship with when you purchase a product or service from us. This company is known as the “Data Controller” of your personal data. You can click here to find the legal name of our companies, as per the operating jurisdiction.

3. Which are the applicable Data Protection Laws?

The applicable Data Protection Laws are:

  • the EU General Data Protection Regulation, and
  • any other applicable Data Protection Law in effect in your country of residence. You can find the applicable Data Protection Laws here.

These shall be hereinafter referred to as the (“Regulations”).

4. Which type of data do you collect from me?

Depending on your country of residence, we may collect, use, store, process and transfer the following personal data about you. Personal data or personal information means any information from which an individual can be identified. It does not include data with the identity removed (anonymous data) or any data on a legal entity.

Identity data
Title, first name, surname, father’s name, date of birth, nationality, tax identification number, city and country of birth, ID document
Contact Data
Residential address, email address and phone number
Financial Data
Financial and credit information
Profile Data
Username, products used by you, occupation, occupation address, feedback and survey responses
Marketing Data
Preferences for receiving marketing communications from us or from our third parties
Transaction Data
Payment details
Technical Data
The internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
Usage Data
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call our client service number
5. How do you collect my personal data?
Direct Interactions

Information you give us through the use of our sites or our services.

  • You may give us information about you by filling in forms on our sites or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our sites, subscribe to our services, place an order or engage in any transaction via our sites, or report a problem with our sites.

  • You may give us information relating to beneficiaries, shareholders, trustees and directors so we can deliver our services. The information you give us may include their name, address, email address and phone number, financial and credit information.

  • You may give us information relating to other accounts held by other financial institutions so we can deliver our services. The information you give us may include the bank code, the bank country, the type of account, the name of the bank and the account number.


This may be through filling in forms on our sites or by corresponding with us by phone, email or otherwise. You must obtain appropriate consent before disclosing such information to us.

Third Parties or Publicly
Available Information
  • We may receive information about you if you use any other websites we operate or other services we provide. This data may be shared internally and combined with data collected on this site.

  • We may receive personal data while working with third parties (including but not limited to, for example, introducers, business partners, sub-contractors working for technical, payment and delivery service providers, advertising networks, analytics providers, search information providers, screening providers, identity verification service providers, A.I providers, credit reference agencies) and may receive additional information about you from them.

  • We may receive personal data from public sources such as social media websites, news websites and company registers worldwide.


We ensure full compliance with the Regulations irrespective of how we obtain any information.

6. How do you use my personal data?

We will only use the information you give to us when the applicable law allows and as described below:

1. To enter into or perform a contract with you.

2. To comply with a legal or regulatory obligation as a Data Controller and regulated business:


    a. For the detention and prevention of crime.
    b. For compliance with anti-money laundering regulations and counter-terrorism financing regulations.
    c. For compliance with requests for information from law enforcement, courts or regulators.


3. When we have your consent:


    a. When you are an existing client, we will only contact you with information about services similar to those which were the subject of a previous sale or negotiations of a        sale to you.
    b. When you are a new private customer, we will only contact you if you have consented to such.


You may withdraw this consent at any time by using the links provided at the bottom of marketing emails from us, or by contacting our DPO. This will only affect the way we use personal information when the basis for doing so is your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. If this is the case, we will notify you.


4. To fulfil our legitimate interest or that of a third party, and any such interests are not overridden by your interests or rights in the protection of your personal data.


Please refer to the table below for the legal basis for processing your personal data (depending on your country of residence):

Purpose of the processing
Legal basis for processing
Purpose of the processing
To register you as a new customer and to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us
Legal basis for processing
Performance of a contract with you; comply with a legal obligation; and/or necessary
for our legitimate interest
Purpose of the processing
To carry out our obligations arising from any contracts entered into between us and third parties relating to the services provided to you
Legal basis for processing
Necessary for our legitimate interest
Purpose of the processing
To provide you with information about other products and services we offer
Legal basis for processing
Performance of a contract with you; comply with a legal obligation; and/or necessary
for our legitimate interest
Purpose of the processing
To respond to any enquiry you have made through our sites, or via phone, email or otherwise
Legal basis for processing
Performance of a contract with you; comply with a legal obligation; and/or necessary
for our legitimate interest
Purpose of the processing
To comply with legal obligations we are subject to as a Data Controller and regulated business
Legal basis for processing
Comply with a legal obligation
Purpose of the processing
To help you provide services to your customers (beneficiaries)
Legal basis for processing
Performance of a contract with you; comply with a legal obligation; and/or necessary
for our legitimate interest
Purpose of the processing
To administer and protect our business and our website (including troubleshooting, data analysis system maintenance, testing, support, reporting and data hosting)
Legal basis for processing
Necessary for our legitimate interest
Necessary to comply with a legal or regulatory obligation
Purpose of the processing
To promote new products and services offered by other parties which we think may be of interest to you
Legal basis for processing
Legitimate interest
Purpose of the processing
To improve our products and services
Legal basis for processing
Performance of a contract with you; comply with a legal obligation; and/or necessary
for our legitimate interest
Purpose of the processing
Where required, to protect your vital interests or those of another natural person
Legal basis for processing
Performance of a contract with you; comply with a legal obligation; and/or necessary
for our legitimate interest
7. With whom do you share my personal data?
Internal Third Parties
We may share your personal information with any member of our group, which means our branches, our representative offices, our subsidiaries, our ultimate holding company and its subsidiaries. Any such sharing will be done in full compliance with the Regulation.
External Third Parties
  • Business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you.

  • Analytics and search engine providers that assist us in the improvement and optimisation of our sites and services.

  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you:
  • If you are a resident of the United Kingdom, your personal information we have collected from you will be shared with CIFAS tο prevent fraud and money laundering and to verify your identity.

  • Depending on your country of residence and where you provide consent, identity verification services for the purpose of confirming your identity through online applications:
  • Police and law enforcement agencies, where required to do so by law.

  • Depending on your country of residence, we are a participant in Amazon's payment service provider ("PSPs") program which is designed to enhance its ability to detect, prevent and take action against parties operating in poor faith so Amazon and participating PSPs can continue to protect customers and sellers from fraud and abuse. As a PSP, if your Ebury account is registered with Amazon, we would share with Amazon certain data collected during the onboarding process with us and as you use our Services. This may include data collected by us in the framework of an anti-money laundering obligation, such as identification data, contact information and details regarding your accounts with Ebury and your bank account. If Amazon deactivates or terminates your account with them due to (i) abuse, fraud, illegal activity, (ii) a breach of their terms and conditions or (iii) Amazon has initiated litigation or enforcement action against you, we may share additional information, including transaction-related information on your account with us.
  • We may disclose your personal information to third parties:
  • If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
  • If Ebury Partners UK Limited or substantially all of its assets are acquired by a third party, in which case personal information held by it about its clients will be one of the transferred assets.
8. Where do you store my data and do you transfer my data internationally?

We store your data in the European Economic Area (EAA) and in the United Kingdom (UK). However, some of our external third parties or our staff are based outside the European Economic Area (EAA), so their processing of your personal data may involve a transfer of your data outside the EAA. Whenever we transfer your data outside of the EAA, we ensure a similar level of protection is afforded to it by ensuring one of the following safeguards is implemented:

  • We will transfer your data to countries that have been deemed to provide an adequate level of protection (Adequacy Decision) for personal data by the European Commission.

  • Where we use certain service providers or our staff is operating outside of your country of residence, this is done so under relevant data protection laws, supported by specific contracts and/or clause wording approved by the European Commission (Standard Contractual Clauses) which gives your personal data the same protection it has in Europe.
9. For how long do you retain my data?

The period for which we will retain your data is dependent upon any statutory retention periods we are required to adhere to as a regulated organisation in the jurisdictions where we operate. After the expiration of that period, personal data shall be securely deleted, as long as it is no longer required for the fulfilment of any contract, initiation of a contract or in relation to other legal proceedings.

10. What rights do I have and how may I exercise them?
Right to be Informed
You have the right to be informed about the collection and use of your personal data
Right of Access
You have the right to access your personal data. This is commonly referred to as Data Subject Access Request
Right to Data Portability
You have the right to request that we transfer a copy of your Personal Data to another company. Note that the portability right does not extend to personal data which is inferred or derived by the Data Controller
Right to Restrict Processing
You have the right to request the restriction or suppression of your personal data. Note that this is not an absolute right and only applies in certain circumstances
Right to Object
You have the right to object to the processing of your personal data in certain circumstances. You have the absolute right to stop your data from being used for direct marketing
Right to Erasure
You have the right to request that any Personal Data that we hold about you is erased once it is no longer required for the purposes for which it was collected. The right to erasure is also known as ‘the right to be forgotten’
Right to be Informed
You have the right to be informed about the collection and use of your personal data
Rights related to AutomatedDecision-Making including Profiling
If a fully automated decision is made on your account, you have the right to request that this decision be reviewed by a person and present any evidence that you believe may make your situation unique

You can use this link to fill out a Privacy Request associated with the exercise of your Rights.

11. How do we secure your personal data?

At Ebury, safeguarding your personal data is paramount. We employ a comprehensive range of security measures to ensure the confidentiality, integrity and availability of your information. As part of our commitment to robust data protection practices, Ebury holds ISO 27001 certification, an internationally recognised standard for Information Security Management Systems. This certification validates our adherence to rigorous security protocols and demonstrates our dedication to maintaining the highest standards in securing your personal data. Additionally, our expert team continuously monitors and updates our security measures to adapt to evolving threats, providing you with a safe and secure environment for your personal data.

12. Do you use cookies?

We follow the “Express Consent” basis for processing cookies. The first time you visit our sites we will inform you of the cookies we use and you will be given the option to consent for us to use cookies. Some cookies are strictly necessary for the operation of our sites. Our third parties may also receive data about you if you visit other websites using our cookies, over which we have no control. These websites have their own privacy notices and we do not accept any responsibility or liability for these notices.

Please refer to our Cookies Notice for further information, by clicking on the cookie control icon  at the bottom right of the page.

13. How can I contact you?

If you have any questions regarding this Privacy Notice, including any requests to exercise your legal rights, you can do so by using the details below:

  • by using this link to fill out a Privacy Request or to submit a complaint.

  • by email: dpo@ebury.com to the attention of our Data Protection Officer.

  • by writing to us at our registered office in the jurisdictions that apply to you; click here to find the relevant contact details.



We will respond to you within 30 days from the receipt of your request.

14. How may I lodge a complaint?

You have the right to lodge a complaint with the Supervisory Authority in your country of residence. For the purpose of our processing, the lead Supervisory Authority for each jurisdiction can be found here.

15. Changes to our Privacy Notice

This Notice was last updated on 28/10/2024. Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, communicated to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.