At MoneyGram (“we,” “us” and “our” will refer to the specific company with which you interact, and “MoneyGram” will refer to the MoneyGram group of companies), we respect your privacy and are committed to handling your personal data responsibly and in accordance with applicable laws.
This Notice applies to “you” when you interact with us as our customer, when you use our money transfers, other financial services worldwide including non-custodial wallet via our mobile app, or any other services we provide, e.g., the rewards loyalty program, either directly, e.g., through digital platforms, mobile applications, websites, or through retail locations and our agents or other partners (“Services”), or when you contact us via our call center or online, or interact with us on social media, or subscribe to our marketing communications, or apply to become our agent.
This Notice explains how we use your personal data: what information we collect about you, why we collect it, what we do with it, and what your rights are related to the use of your data. Below you will find information on:
1. Who is the data controller
2. Who is the data protection officer
3. What categories of your personal data we process
4. Why we collect, use, and store your personal data
5. How we share your personal data
6. How we transfer your personal data to third countries
7. How long we retain your personal data
8. What are our information security standards
9. What are your choices and rights
10. How you can submit a complaint to a supervisory authority
11. Do we make automated decisions
12. How we notify you about changes to this Notice
13. How to contact us, and
14. Local supplements.
MoneyGram's processing of personal data is in all cases subject to the requirements of applicable local law and, to the extent this Notice conflicts with laws in your country, local law prevails. We may include local supplements in this Notice that cover specific local issues.
We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
We do not provide Services directly to children or collect their personal data.
The MoneyGram website may contain links to third-party websites. When clicking on a third-party advertising banner or other links on the MoneyGram website, you will be redirected to that third-party website. We are not responsible for the privacy practices of other websites or services.
MoneyGram conducts its business primarily through the wholly-owned subsidiary MoneyGram Payment Systems Inc., a U.S. entity located at 1550 Utica Avenue South, Suite #100, Minneapolis, MN 55416 ("MPSI”). MPSI is often the data controller in relation to the use of Services. The data controller for non-custodial wallet is MoneyGram Software Services, Inc Registration Address: 1550 Utica Ave S Ste 100 Minneapolis MN 55416. However, depending on your location and the way you interact with MoneyGram, a different MoneyGram company may be the data controller. For example, if you use Services in the European Economic Area (“EEA”), you will be interacting with MoneyGram International SA, a Belgium entity with its registered address at Rue Joseph Stevens BE-1000 Brussels (“MIS”), who is the data controller.
Please click here for a list of the companies that are data controllers, depending on your location and the way you interact with them.
Some of MoneyGram companies have appointed a data protection officer or equivalent (“DPO”) to oversee the processing of personal data. Click here to check which company has appointed a DPO, and if so, how to contact the DPO.
The categories of personal data we process will vary based on your relationship or interaction with us. This may include the following:
• Personal identification information, such as your name, residential and/or business address, e-mail address, telephone number, date of birth, gender, images, marital status, country of citizenship, and identification numbers (e.g., national identification number(s) and /or national ID details);
• Transaction and financial details, such as money transfer data relating to the sender and the receiver, bill paying details, as well as bank and credit information;
• Business-related information that helps us provide Services to you, such as membership in our loyalty programs, how you Services, employer information, communication preferences, or your marketing choices;
• Technological information, such as IP address, browser, device information, including device identifiers and device’s advertising ID, mobile application usage data, information collected through cookies, pixel tags, browser analysis tools, server logs, web beacons, SDK and other similar technologies (collectively, cookies), your current location from your mobile device, demographic information and closed-circuit television ("CCTV”) data. Some of the information is collected via cookies. For details on how we use cookies, please see our Cookie Notice; and
• Compliance information, such as may be requested by law enforcement or pursuant to our compliance procedures to comply with legal obligations and internal policies such as concerning fraud prevention, anti-money laundering and sanctions. We collect personal data directly from you, for example, when you contact our call center, complete online forms, register for our loyalty programs, apply to become an agent, or use the Services. In some situations, we also collect your personal data from other people or organizations such as: money transfer senders, our third-party vendors, public record sources (federal, state or local government sources), MoneyGram affiliates and subsidiaries, social media platforms, MoneyGram partners or agents, depending on our relationship with them.
We must have a lawful basis for processing your data. We explain this in the table below. We also explain the purposes for which we use your data.
Lawful ground | Processing purposes |
Contractual performance - we have obligations under our contract with you. To fulfil these obligations, we have to use your data. |
|
Compliance with a legal obligation - as an organization, we have obligations to comply with legal, regulatory and other requirements under applicable laws. In certain cases, we will have to use your data to meet these obligations. |
|
Legitimate business purposes (so-called legitimate interest) - we can process your data when this is necessary for us to achieve a business purpose, or where this is needed for someone else to achieve their purpose. We explain in the right-hand column what interests we, or others, are trying to achieve when we process your data. Where we process personal data on the basis of legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what impact the processing will have on individuals, and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details in Section 13 “How to contact us.” |
|
Your consent - in certain cases, we ask for your consent to use your data. Whenever we ask for your consent, we will explain the situations where we use your data and for what purposes. |
|
Failure to provide your personal data when requested for contract performance, business purposes or compliance with legal obligations may prevent us from being able to carry out our tasks under the contract or our business purposes and/or comply with our legal obligations, therefore we may need to terminate the contract with you.
When we rely on your consent, the fact that you do not provide this personal data to us, or if you withdraw your consent, will have no negative consequences for you. This is because any processing based on consent is strictly optional and voluntary.
We share your personal data with:
- Other companies in MoneyGram, in particular: MoneyGram International, Inc. (Texas, USA), MPSI, MIS and MoneyGram Poland Sp. z o.o. (Warsaw, Poland), for the performance of Services, internal administration and regular reporting in the context of a business re-organization or group restructuring, for system maintenance support, and for data hosting.
- Our third-party providers, the majority of whom process personal data on our behalf and in line with our instructions. These include IT service providers, providers of auditing and control services, legal services, recovery, printing, disposal of documents, postal and courier services, companies and organizations that provide fraud protection services, and our agents and third-party providers we use to market Services or provide you with personalized ads or interest-based ads.
- Social media platforms; for details on how we share data with them, see here.
- Buyers or other successors in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
- Law enforcement bodies, courts and court enforcement authorities if we have to comply with any court order, law or legal process, including responding to any government or regulatory request.
MoneyGram operates globally and, therefore, personal data may need to be transferred to countries outside of where it was originally collected.
MoneyGram’s global headquarters is based in the United States, and several material functions and systems are operated from the US, which means that some personal data must be transferred to the US. We may transfer your personal data to MoneyGram’s data centers and call centers in the US, for processing and storage. MoneyGram has concluded an Intragroup Data Sharing and Processing Agreement to regulate intracompany data flows and data transfer clauses within data processing or data sharing agreements with third-party vendors.
All our personal data transfers are compliant with applicable data protection laws. The agreements we have in place within MoneyGram and with our third-party vendors include appropriate safeguards to ensure that the data flows are safe and that individuals can exercise their data protection rights. These include standard contractual clauses or other arrangements, as applicable in specific countries, and other safeguards as may be appropriate. We may also transfer data to countries with an adequate level of personal data protection based on the decisions adopted by competent authorities, such as the adequacy decisions adopted by the European Commission or the United Kingdom.
To learn more about our data transfers or to receive a copy of the appropriate safeguards we have adopted, please reach out to us using the contact details in the Section “How to contact us.”
We will retain your personal data for as long as necessary to provide you with Services, or as required under the applicable laws, and, where permitted, for as long as it serves our business purposes. For example, to comply with our legal and regulatory requirements, we retain personal data for the periods required under the applicable laws, including, without limitation, commercial, tax and anti-money laundering laws.
We use a variety of robust physical, technical, organizational, and administrative safeguards to protect your personal data from unauthorized access, loss or alteration. You also play an important role in protecting your personal data. Please safeguard your login information, including account username and password, and do not share these with others. You should notify us immediately of any suspected unauthorized use of your account.
Depending on and subject to the applicable laws, you have certain rights regarding the personal data that we hold about you. These rights may include the following:
- access to and obtaining a copy of your personal data,
- rectification of your personal data if it is inaccurate or incomplete,
- restriction of the processing or erasure of your personal data (the right to be forgotten),
- data portability, if the processing, done using automated means is based on your consent or to perform a contract,
- objection to the processing of your personal data based on legitimate interests,
- withdrawal of your consent at any time; such withdrawal does not affect the lawfulness of processing of your personal data which was carried out prior to withdrawal.
If the applicable laws in your country offer different data protection rights, you are entitled to exercise such rights as well in line with those laws. We will endeavor to respond to your request within 30 days, but our response time may vary depending on the applicable laws. In some circumstances, we may be entitled to extend this period after notifying you. In order to respond to your request, we may need to confirm your identity. For that, we may ask you for some specific information or authenticate you in another way.
To exercise those rights, use the contact details in the Section “How to contact us.”
You can express your marketing choices in other ways:
- You can opt out of receiving marketing communications from us at any time by:
- updating your choices on your MoneyGram profile or in the mobile application,
- clicking on the “unsubscribe” link at the bottom of a MoneyGram marketing email,
- replying “STOP” to an SMS.
- You can reset your device’s advertising ID by using the “settings” menu on your mobile device.
Data protection laws vary across the jurisdictions. In most countries, you are entitled to lodge a complaint with a relevant authority in your country (where you live, work or where the suspected privacy issue occurred), if you are concerned about processing of your personal data or if your rights have not been complied with.
However, we would like to encourage you to reach out to us first to share your questions or concerns or to exercise your rights. For that, you may use the contact details in the Section “How to contact us.”
We do not make any decision based solely on automated processing, including profiling, which produces legal or similar effects concerning you.
We reserve the right to update this Notice at any time. The updated Notice will be available on the website. We will notify you of substantial updates that affect you.
If you have any questions about this Notice or our privacy practices or would like to exercise any of your data protection rights, please:
- email us at PrivacyProgramOffice@MoneyGram.com
- submit your query via a dedicated intake form,
and we will be more than pleased to assist you.
You may also contact us at our registered address, as provided here. However, we encourage you to contact us first using one of the options above.
The notices below supplement this Notice in line with the applicable data protection laws in those countries / regions and apply to individuals in those countries / regions.
A. Turkey
1. Who is the data controller
Please click here to see details of the data controller in Turkey, for the purposes of the data protection laws applicable in Türkiye, including the Law on Protection of Personal Data No. 6698 of 7 April 2016 (the "Law”).
2. Why we collect, use and store your personal data
We collect and process your personal data by automated, semi-automated and non-automated means to the extent that such processing is part of a filing system.
3. What are your choices and rights
In addition to the information in the Notice, you have the following rights, and we will respond to your applications under the Law within 30 days:
- the right to request that notification of transactions related to deletion/correction be sent to third persons, to w your personal data is transmitted;
- the right to erasure of your personal data if any of the conditions listed in art. 7 of the Law are met;
- the right to object to the occurrence of a circumstance which is against your interest that has come into existence as a result of analysis of your personal data solely by automatic systems;
- the right to demand compensation for the damage suffered as a result of unlawful processing of your personal data.
4. Application and Interpretation of the Global Privacy Notice
Under the “Why we collect, use and store your personal data” section above,
- the “Legitimate business purposes (so-called legitimate interest)” legal basis is interpreted as our (data controller’s) legitimate interest, and not that of others.
- The “Your consent” purposes are as follows: to personalize content and ads, if required; to send you marketing communications (via email, SMS or push notification) including offers, promotions, coupons or incentives we believe may be of interest to you; to allow you to participate in sweepstakes, contests and similar promotions, and to administer these activities; to display or deliver interest-based ads; to synchronize your contact list with your account; and to connect your account to a third-party platform.
We will notify you in the event of a new purpose in line with the Law.
B. Mainland China
1. What are the categories of your sensitive personal data which we process
Sensitive personal data refers to personal data that, if leaked or used illegally, may easily lead to an infringement upon the human dignity of a natural person or the endangerment of the safety of his/her body or property. Sensitive personal data are as follows:
- your national identification number(s) and national ID details,
- your facial image,
- your social security or other taxpayer identification number(s),
- your banking details,
2. What are your choices and rights
Under the Personal Information Protection Law (“PIPL”), in addition to the rights in the Notice above, you may request that personal data be transferred to a data controller designated by you, and you may ask us to explain the personal data processing rules.
We will respond to a request in which you exercise your data protection rights within 20 days.
In addition to the rights listed in the Notice, you have the right to restrict the use of your personal data for direct marketing purposes.
C. Hong Kong
1. What are your choices and rights
Under the Personal Data (Privacy) Ordinance (Cap. 486), you are entitled only to the rights to request access to, and to request correction of your personal data.
D. CCPA and VCDPA
The California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations (collectively, the “CCPA”); certain terms used in this supplement have the meanings given to them in the CCPA.
Information included in this supplement and this Notice will be updated at least once every twelve (12) months to reflect changes in our business, legal or regulatory obligations, so please check this Notice periodically for changes.
1. What are the categories of personal information that we process
We may collect the following categories of personal information:
- Identifiers: identifiers, such as a real name, alias, postal address, unique personal identifier (e.g., device identifier, unique pseudonym, or user alias/ID), telephone number, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, date of birth, and other similar identifiers.
- Additional Data subject to Cal. Civ. Code § 1798.80: signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, and other financial information, medical information, and health insurance information.
- Protected Classifications: characteristics of protected classifications under California or federal law, such as race, color, age, sex, gender, gender identity, marital status, disability, and military and veteran status.
- Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites or applications.
- Sensory Information: audio, electronic, visual, and similar information.
2. Why we collect, use and store your personal information
In addition to the information in the Notice, we process your personal information for the following “business purposes” as they are described in the CCPA:
- Auditing, including auditing compliance.
- Certain short-term, transient uses.
- Helping to ensure security and integrity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of services or devices that are owned, manufactured, manufactured for or controlled by us, and to improve, upgrade, or enhance these.
We do not collect or process sensitive personal information with the purpose of inferring characteristics about individuals.
To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.
3. How we share your personal information
In addition to the information in the Notice, we may have disclosed the following categories of your personal information for a business purpose to the following categories of third parties:
Category of Personal Information |
Categories of Third Parties |
Identifiers |
|
Additional Data Subject to |
|
Protected Classifications |
|
Biometric Information |
|
Online Activity |
|
Employment Information |
|
Inferences |
|
We do not sell or share for cross-context behavioral advertising purposes personal information of our individuals.
4. How to contact us
To submit a request as an authorized agent on behalf of an individual, please use the contact details in the Section “How to contact us” in the Notice above.
Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request.
We may verify your identity by requiring you to sign into your MoneyGram company account. If you do not have a MoneyGram company account and you request access to, correction of or deletion of your personal information, we may require you to authenticate your email address and/or provide information about your employment dates with MoneyGram, prior payments from MoneyGram, prior correspondence with MoneyGram, or other details about your work for or relationship to MoneyGram.
In addition, if you do not have a MoneyGram company account and you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration, under penalty of perjury, that you are the individual whose personal information is the subject of the request.
Additional Information. If you choose to exercise any of your rights under the CCPA, you have the right not to receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.