Global privacy notice

September 2023

This privacy notice (“Privacy Notice”) explains how we process your personal data (“Personal Data”) while you use our services, including when you browse our website or mobile application (“Website /App”), perform a transaction with us, or visit our stores (collectively, “Services”) , whether as a customer, a visitor and/or a user of our Website/App, or however you might otherwise interact with us (collectively, “you”, “your” or “users”). In this Privacy Notice, we also describe whether your Personal Data is shared with other parties and the mechanisms we have in place to protect your data.

We encourage you to regularly review this Privacy Notice and check the Website/App for any updates. Updates to this Privacy Notice will be published on our Website/App, and by continuing to deal with us, you agree to this Privacy Notice and any future modifications.

Where local law requires additional details to be included in this Privacy Notice, such information has been included in the Regional Privacy Notices section below.

Content Regional Notices

What Personal Data is collected and why?
Fraud Prevention
Legitimate Interest
How long does Ria keep Personal Data?
Does Ria disclose Personal Data?
Minors
Data Security
Profiling and automated decision-making
Marketing and Advertising
Description of Personal Data Rights
Privacy Complaints
Our companies by service

Notice to United States Consumers (CCPA)
Notice to European (EEA) residents
Notice to UK residents
Notice to Argentinian residents
Notice to Mexican residents
Notice to Chilean residents
Notice to Malaysian residents
Notice to New Zealand residents
Notice to Australian residents
Notice to Indian residents

Frequently asked questions (FAQs)

How can I contact the company regarding my Data? To make a request or consultation, you may:

Who are we? We are Ria, a part of Euronet Worldwide group of companies.

What type of Personal Data is collected? We collect only the Personal Data necessary to provide you with the Service and to comply with applicable law.

Why does Ria collect Personal Data? We collect Personal Data for specific contractual and legal purposes. With your consent, we also collect data for additional purposes.

How long does Ria keep Personal Data? We keep Personal Data only for as long as necessary or as required by applicable law.

With whom do we share Personal Data? We share Personal Data with other Euronet Group companies, legal authorities, and partners where necessary to meet regulatory requirements or contractual commitments.

Where does Ria store Personal Data? We store Personal Data in secure locations with strict security measures in place. If we need to transfer Personal Data to other locations, we take all necessary measures to comply with legal obligations and ensure a proper level of security.

What are your Personal Data rights? Depending on where you live, you may have rights in relation to your Personal Data under applicable law. A description of common Personal Data rights is set out in section 15 below.

1. What Personal Data is collected and why?

The categories, sources, and reason for collecting Personal Data are listed below. Where the collection of Personal Data is based on your consent, you may withdraw your consent at any time. Ria does not and will not “sell” or “share” Personal Data, as those terms are defined under applicable laws. We retain Personal Data for as long as reasonably necessary to provide the Services and meet our legal obligations.

If you have questions or concerns regarding the processing of your Personal Data, you may contact us any time at dpo@euronetworldwide.com.

Ria collects Personal Data from the following sources

  • Directly from you through direct interactions and forms.
  • Internet websites, through passive collection of information about Your interactions, including page clicks, time spent, or other automatically collected meta-data.
  • Advertising networks, social media services.
  • Internet service providers; Operating systems and platforms.
  • Data analytics providers.
  • Government databases.
  • Service providers.

1.1 Types of Personal Data

a. Identifiers or Identification Data

The Personal Data we collect from you may include name, email, telephone and/or fax numbers, residential and/or business address and other contact data (“Contact details”), title, date of birth, gender, images, videos, or signature.

Where necessary, Identification data is only used for the described purposes.

Purpose for Processing Legal Basis

To perform/supply the Services.

Contractual obligation

To provide customer service and record customers’ instructions, we will monitor and record (via automated means or transcripts) our telephone calls, emails, and chat conversations with you. We will use transcripts of these calls to confirm the instructions provided to us.

Contractual obligation
Legitimate interest

To manage your account(s) (i.e.: registration, administration, maintenance and servicing accounts).

Pre-contractual/Contractual obligation

To provide advertising and marketing.

Consent
Contractual obligation

To measure and evaluate your behavior using automated processing to provide you with a more personalized Service.

Consent

Your participation in events or giveaways: You may wish to take part in events organized by us or in a specific giveaway.

Consent

To meet our legal obligations related to record keeping we keep correspondence including e-mails, faxes, and any kind of electronic communication, together with any records of the customer’s account. We also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers.

Legal Obligation

In very limited circumstances, to perform a credit check in order to verify the identity of the individual as part of KYC activities to provide the Services.

Legal obligation
Consent

b. Financial Details and Professional or Employment-related Information

We collect your personal financial data when you register to use our Services. We collect financial data such as bank account information, financial statements, transfer reason, occupation (professional or employment-related information), or other documentation to demonstrate the source of funds you wish to transfer (similar to salary slips), in order to provide you with our Services.

Purpose for Processing Legal Basis

Supply/Performance of Services

Contractual obligation

Anti-Money laundering

Legal obligation

Anti-Terrorist Financing and Criminal activity

Legal obligation

To manage the customer’s account(s)

Contractual obligation

In very limited circumstances, to perform a credit check in order to provide the Services

Legitimate interest

To verify the customer’s identity (i.e., KYC: for additional information click here)

Legal obligation

Ria will never ask you to provide your payment information (i.e., credit/debit card details) directly to an employee or agent. Where payment information is required, Ria will ask the customer to enter the information directly into the payment processing system.

If you have any questions about Ria’s processing of your financial information, you may contact us here.

c. Behavioral and Technical Information

IP address, internet or other similar network, browsing, or search activity, behavioral information (to understand the way you behave while using our products and services), browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system, and platform.

Our Cookie Policy is available here

Purpose for Processing Legal Basis

To perform analytics to measure the use of our website and Services, including number of visits, average time spent on the Website/App, pages viewed, page interaction data (such as scrolling, clicks, and mouse-hovers), etc., and to improve the content we offer to you.

Legitimate Interest

To undertake activities to verify or maintain the quality of the Service, and to improve, upgrade, or enhance the Service, including to administer the Website/App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

Consent
Legitimate Interest

To help ensure the safety and security of our Website/App.

Consent
Legitimate Interest

To provide advertising and marketing, including measuring the impact of our emails.

Consent

To provide the Services, including to process the transaction.

Contractual obligation

d. Location Information or Geolocation Data

We may collect information about your location when you use our Services.

Purpose for Processing Legal Basis

To provide the Services to our customers with a tailored experience on the App related to their location, such as displaying the local currency in the relevant location.

Consent
Legal obligation

To provide the Service, including using device Location to identify nearby locations for pick-up and drop-off

Consent

e. Audio and Video surveillance

Image, video, and audio/voice recording.

Purpose for Processing Legal Basis

To maintain the safety of our Services, we may use CCTV to ensure customer safety in our stores or offices.

Legitimate interest

f. Transactional Data

We collect personal data like the beneficiary details, bank account information, contact information, the destination where you are sending money and bank preferences. Depending on the local regulation, we collect details such as occupation (professional or employment-related information), relationship with the beneficiary, transfer reason and additional documentation to demonstrate the source of funds.

Purpose for Processing Legal Basis

To provide the Services, including to complete a transaction.

Contractual obligation

For compliance purposes related to a transaction.

Legal obligation

g. Sensitive Personal Data

When strictly necessary, we may collect sensitive or special categories of Personal Data (“Sensitive Personal Data”) to provide the Services and meet our legal obligations. We may collect the following categories of Sensitive Personal Data: unique identifying biometric information or identifiers (i.e., face scan geometry and derived information); government identifiers (i.e., driver’s license, state identification card, or passport number); health information. Where required by applicable law, we will obtain your consent or present you with an opportunity to opt out before processing your Sensitive Personal Data. We do not “sell” or “share” Sensitive Personal Data, as those terms are defined under applicable law. We only use and disclose Sensitive Personal Data for purposes permitted by applicable law. We retain Sensitive Personal Data for as long as reasonably necessary to provide the Services and meet our legal obligations.

Purpose for Processing Sensitive Personal Data Legal Basis

To fulfill legal obligations, including for KYC purposes.

Legal obligation
Public interest

For security and fraud prevention purposes to verify your identification while you use our Services.

For additional data information, click here.

Legal obligation for jurisdictions such as the European Union.

Consent for jurisdictions where consent is required.

The Personal Data collected from you may vary depending on the country our Services are being offered. Not all the categories of data described above may apply to you. If you have any questions about the processing of your Personal Data, you may contact us at dpo@euronetworldwide.com

h. Non-Identifiable Data

Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“non-identifiable data”). This non-identifiable data may be used to improve our internal processes or delivery of services, without further notice to you.

We may use aggregate data for a variety of purposes, including to analyze, evaluate and improve our Services.

i. Device features

When using the app and to enhance the use, functionalities and your experience while you use our App we might need access to certain extra information and functions of your device, like your contact list. Before accessing such information, we will ask for your permission. Any data obtained by utilizing these device features will be stored only on your device, never on our server or elsewhere.

You can choose to add your contacts' information by connecting your contacts from your device or social networking accounts to our App. If you choose to share your contacts with us, we will, in accordance with your instructions, access and store your contacts' information in our App in order to make it easier to send money to your loved ones. Learn more about how we collect information about your contacts, how we use that information, and the controls available to you.

j) Contact list

When you allow the App to access your device’s address book, the App will upload their names and phones numbers to your contact list within the App. This way, once you are selecting a beneficiary, you will be able to select someone from your contact list without the need of having to include all their information digit by digit.

As mentioned above, we will only access your device’s contact list as long as you give us express consent. You may give us access during the registration process or at any point after your account has been created in the settings option.

If after allowing the App to access your contact list, you change your opinion, you will always be able to remove your contact list from the App. Remember that the imported list of your contact details will never leave your phone and we will never store a copy of that data in our servers.

1.1 Biometric Data and e-KYC

We are legally obligated to check your identity via a process known as e-KYC (electronic Know Your Customer) to exclusively identify you and prevent money laundering, terrorism financing, and fraud schemes as required by anti-money laundering legislation. We will ask you to provide a valid photo identity document, a video recording and/or a selfie during the onboarding process when you register for Ria online services on the Ria mobile application or web application. You will be asked to provide these directly in our service providers’ platforms.

This process and information help us identify suspicious activities. It will also allow us to provide you with a better Service.

The selfie, video recording (if requested) and the derived data such as the face scan template may be considered biometric data or biometric information by the local legislation in the jurisdiction in which we operate. Depending on the country you live in, we may ask you to consent to providing us with your biometric data. If you refuse to consent to the collection of your biometric information please reach our customer care team so they can support the identity verification process via an alternative method. You will find the contact information here.

We share the biometric information with our service providers under contractual obligations. Neither Ria nor our service providers sell, lease, or trade your biometric information. All providers with access to this data are contractually bound to maintain security standards to ensure your Biometric information is safe and that the service provider will not use the data for any other purpose. This includes preventing unauthorized parties from accessing such data.

Subject to the applicable privacy legislation, your data privacy rights relating to your personal data also extend to biometric data, including the right to access the data. Please see section “What are my rights” in this Privacy Notice for a listing of your data privacy rights.

If You have any questions regarding our e-KYC process and the usage of your Biometrics do not hesitate to reach us at dpo@euronetworldwide.com.

If you are using our Services in any of our shops, the KYC process will be different and the agent or any of our staff will make sure the ID you provide matches your identity.

When using our signature pads at our shops or at any agent's location, we will only collect the image of your signature as reflected on the signature pad, and no biometric data will be collected from you.

1.3 Personal Data of a Beneficiary

If you are a beneficiary, we collect your Personal Data from our customers as you are essential for the performance of a contract between Ria and our customer. You are the subject that will benefit from the payment transaction originated by our customer.

The types of Personal Data we may obtain about you are as follows:

  • Identification Personal Data (In accordance with section 1)
  • Transactional Data (In accordance with section 1)
  • Financial Data (In accordance with section 1)

The legal basis for processing the Personal Data of a beneficiary is our legitimate interest in fulfilling our obligations related to the contractual relationship we have with our customer.

The Personal Data of a beneficiary is only processed to ensure the correct remittance service is identified and is not used for any other purposes. The same security measures are implemented to protect the Personal Data of both beneficiaries and customers.

If you have any questions about the processing of your Personal Data as a beneficiary, you may contact us at dpo@euronetworldwide.com.

1.4 Personal Data Collected from Other Parties

We may obtain your Personal Data from other sources, such as public record sources (federal, state or local government organizations) in order to comply with local regulation and to ensure our KYC mechanism is accurate and that we can provide you the safest service.

Personal Data collected from third parties is only processed for specific purposes, such as:

  • Identification purposes: We may check the Personal Data you have provided us with our third parties to make sure your identity matches the information you have provided us. The legal basis for this processing is our legal obligation and legitimate interest.

If we process any additional data obtained from a third party, we will inform you as soon as possible, and obtain your consent where required by applicable law.

1.5 Accuracy of Personal Data

We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data. From time to time, we may send you an email asking you to confirm and/or update your Personal Data. This communication is based on our legitimate interest and legal obligation to maintain accurate and up to date information.

If you notice that your Personal Data is not accurate, you may request a correction or update your information by sending an email to dpo@euronetworldwide.com.

1.6 Machine Learning

One of the primary purposes of machine learning usage within Ria is to support the digital e-KYC verification process required by anti-money laundering legislation.

The biometric information uploaded by you is analyzed to provide a recommendation on whether the individual wishing to register for Ria Services is the same individual shown in the identification documentation. The technology scans the images, translates them into computer language, i.e.: templates, and compares them against each other and against a database of other images. The technology approves or rejects the images as being of the same person.

2. Fraud Preention

Ria has also developed its own machine learning models to support its overall regulatory compliance efforts such as identifying instances of transactional fraud. This analysis is to ensure we can provide you with the solicited Services and to comply with our legal requirements, in order to prevent money laundering and terrorism financing.

The process includes analyzing transactional data and assigning values to specific information. These values are then aggregated and passed to the machine learning model to infer whether the transaction is likely to be fraud.

All the information obtained through our machine learning process will only be used for the purposes described herein and will never be used for any other purposes nor will it affect your rights and freedoms.

For more information on Euronet’s use of machine learning technology please contact Euronet DPO at dpo@euronetworldwide.com.

3. Legitimate Interest

When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. Upon request, customers may request information on any processing based on legitimate interest.

4. How long does Ria keep Personal Data?

Personal Data is kept for as long as it is necessary to provide the Services requested and to comply with applicable legal, accounting, or reporting obligations. The retention period is determined based on the applicable requirements and obligations, which may include:

  • Legal and Regulatory Requirements: Your Personal Data is kept as long as necessary to comply with all our legal obligations including without limitation, commercial, tax and anti-money laundering laws and regulations. While we store your Personal Data only for the purposes of complying with legal obligations, your Personal Data will be restricted such that it cannot be used for any other purposes. While restricted, only when necessary will your Personal Data be accessed. Whenever we receive a request for deletion, we will also maintain your Personal Data further to our legal obligations.
  • Customer Service and Contractual relationship (administration of customer relationship, complaint handling, etc.): We will keep your Personal Data as long as you remain our customer. Once we consider our contractual relationship to be over, we will proceed to restrict your data to make it available only to comply with legal obligations as expressed above.
  • Marketing: We will process your Personal Data for marketing purposes as long as you haven’t asked us to opt-out, according to section 11 of this Privacy Notice or until we become aware that you are no longer interested or that your data is not accurate.

5. Does Ria disclose Personal Data?

Ria’s disclosure of Personal Data for business purposes or to meet legal obligations are outlined below:

5.1 Euronet Group

Types of Personal Data Purpose Legal Basis

Identification Data
Video surveillance
Transactional Data
Financial Details
Behavioral and technical Data

We disclose your Personal Data with Euronet and Euronet Group affiliates for our affiliates’ everyday business purposes and compliance with group obligations.

As a result of a sale, acquisition, merger, or reorganization involving Euronet, a company within the Euronet Group, or any of their respective assets, we may transfer customer Personal Data to a third party. In doing so, we will take reasonable steps to ensure that their information is adequately protected.

Legal obligation
Contractual obligation

5.2 Third-Party Service Providers*

Types of Personal Data Purpose Legal Basis

Identification Data
Biometric Data
Financial details

To data analytics and ID verification providers to perform compliance verification (e-KYC) and fraud prevention services.

Legal Obligation
Consent

Contact Details
Transactional data

To our agents and correspondents to provide the Services.

Legitimate interest
Legal obligation
Consent

Contact details
Behavioral and technical Data

To advertisers or advertising networks and social media companies to place personalize placed advertisements in digital services and to adapt to consumer preferences.

Consent
Contractual
Obligation

*The legal meaning and list of “third-party service providers” may vary depending on the country you are based. For additional information regarding which providers have access and why they have access to your Personal Data you may reach us at dpo@euronetworldwide.com.

5.3 Legal and Regulatory Authorities

Types of Personal Data Purpose Legal Basis

Identification Data
Video surveillance
Transactional Data
Financial Details

We may need to disclose your Personal Data (including Sensitive Personal Data, as described above) if requested by a legal authority. We may share your Personal Data with legal authorities to enforce or apply our Terms and Conditions or any other agreement or understanding we may have with you.

Legal obligation
Contractual obligation

5.4 Strategic Partners

Types of Personal Data Purpose Legal Basis

Identification Data
Transactional Data
Financial Details

We will share your Personal Data when necessary with strategic partners in order to provide you with our Services.

Legal obligation

5.5 Professional Partners

Types of Personal Data Purpose Legal Basis

Identification Data
Video surveillance
Transactional Data
Financial Details

We will share your Personal Data with advisers, lawyers, consultants, auditors, or accountants in order to comply with our legal obligations and to provide our Services and our contractual obligations and best practices.

Legitimate interest

6. Minors

We do not provide Services directly to children under 18 or proactively collect their personal information. If you are under 18, please do not use the Website/App or Offerings or share Personal Data with us. If you learn that anyone younger than 18 has unlawfully provided us Personal Data, please contact us at dpo@euronetworldwide.com.

7. Data Security

We are committed to protecting your Personal Data and have put in place commercially reasonable and appropRiate safeguards to prevent any loss, abuse, and alteration of the information you have entrusted us. At Ria, we will always strive to ensure your Personal Data is well protected, in accordance with international best practices. We maintain this commitment to data security by implementing appropRiate physical, electronic and manageRial measures to safeguard and secure your personal information.

To safeguard our systems from illegal access we use secure, cutting-edge physical and organizational security measures which are continuously enhanced to ensure the highest level of security in accordance with international best practices and cost efficiency. All Personal Data is kept in a secure location protected by firewalls and other sophisticated security mechanisms with limited administrative access.

Personnel who have access to your Personal Data as well as the processing activities surrounding your Personal Data are contractually bound to keep your data private and adhere to the Privacy Policy we have implemented in our organization.

We aim to achieve the highest standard of data protection by adopting industry-standard measures to protect your privacy.

8. Profiling and automated decision-making

When expressly agreed, we provide you with tailored information regarding our products and Services. We undertake data analysis in order to target appropRiate communications and advertisements to you including invitations to exclusive client events that we think you may be interested in as well as recommending products and services that we think might be suitable for you.

In some cases, we use automated decision-making and profiling if it is authorized by legislation and necessary for the performance of a contract. For example, the automated authorization for remittance services. The legal basis to proceed with the profiling and the automated decision-making is legitimate interest.

We also make automated decisions in processes such as transaction monitoring in order to counter fraud in compliance with the legal requirements related to prevention of money laundering terrorist financing and financial services. Depending on your residence, you may have a right to request not to be subject to a fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects you. This right may not apply if the decision-making is necessary in order to enter into or to fulfil an agreement with you if the decision-making is permitted under applicable data protection laws or we have received your explicit consent.

9. Marketing and Advertising

Third-party advertisers provide advertisements that display on our website, our App, or elsewhere in our services. Third-party advertisers don’t have access to any of the information our customers have given us directly. Typically, advertisers rely on cookies or some other web/app-based mechanism to assess which advertisements may be interesting to you. We do not place “Targeting Cookies” or enable “Targeting” and “Location” on your system without your consent.

If you have provided your consent by accepting Targeting Cookies on the Website or enabled Targeting on the App, we may use third parties to do so (remarketing and Similar Audience features). You can opt-out of advertising by modifying your cookies settings here.

Third parties are not bound by our Privacy Notice. To understand the privacy policy of their notices, you should visit the third party website. You can find all the third parties that may use Cookies for targeting in our Cookie Policy.

We may contact you from time to time (by email, SMS text, letter, or phone as necessary and according to your specific instructions) and when you have provided us with your consent to provide targeted marketing about our Services and/or our products.

9.1 Why would you receive electronic communications?

Depending on the country you are based in, you will receive marketing communications if you have authorized us to process your Personal Data for those purposes. That means you have opted-in during the registration process or at any time in the settings section of your profile.

We may also send you electronic communications for marketing purposes when you have a contractual obligation with us, meaning when you are currently using our Services or when you haven’t expressly requested to not receive said marketing communications.

You will always be informed and we will make sure that during the usage of our Services or even during the registration process, you have all the necessary information in order for you to be aware that your Personal Data may be used for that specific purpose and you will, during the registration process or during the usage of our Services be given the opportunity to expressly say that you are not interested in receiving such marketing communications. In these instances, we will remove you from our list and you will not receive any updates that may be of your interest regarding our Services and products. You will be able to opt-back in at any time.

9.2 How can you opt-out?

You will be able to withdraw your consent at any time by using one of the following mechanisms:

  • Go to your profile and update your marketing preferences.
  • Use the opt-out link you will receive in any of our communications.
  • By sending an email at dpo@euronetworldwide.com.

If you have any additional questions regarding the usage of your Personal Data for marketing purposes and/or wish to start receiving marketing communications, you can also send an email to dpo@euronetworldwide.com.

9.3 Ria Rewards Program

If you have decided to enroll in our Ria Rewards Program (where available) we will process your personal information according to the following:

a. Identification Data

This may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, gender, images, signature, passport/visa details, voice recording and official credentials.

We will only use strictly necessary Identification Data for the purposes described below.

The reason to process your Personal Data Legal basis for using your Personal Data

Supply of Services.

Contractual obligation

Customer service: We will monitor and record (via automated means or transcripts) our telephone calls, emails, and chat conversations with our customers. We will use transcripts of these calls to confirm instructions you provide us.

Contractual obligation
Legitimate interest

Managing our customers’ accounts (registration and administration).

Pre-contractual/Contractual obligation

Requesting access to tools and information: Our customers may wish to have access to certain tools and information made available on the App, before or after deciding that they would like to register to use our services, including our foreign exchange and payment service.

Pre-contractual/ Contractual obligation

Correspondence including e-mails, faxes, and any kind of electronic communication, together with any records of their account. We also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers.

Legitimate interest
Contractual obligation

b. Transactional Data

We collect Personal Data such as the amount of money you have sent and the location where you have sent money in order to provide you with your corresponding points for the Ria Rewards Program.

The reason to process your Personal Data Legal basis for using your Personal Data

To provide you with the corresponding points

Contractual obligation

You may contact Ria Rewards Program to withdraw from the Rewards Program, to report suspicious or unauthorized account activity, or to change or correct your personal choice.

You may contact Ria Rewards Program by calling our Toll-free number 1800 882 077 during regular business hours or by email at riarewards@riamoneytransfer.com. Calls are free of charge from fixed and landline phones. However, charges when calling from a mobile phone may apply depending on your mobile phone operator.

We will keep you updated the moment Ria Rewards is available in your country.

10. Description of Personal Data Rights

Depending on where you live, your Personal Data Rights under applicable law may include:

  1. Right to Know: the right to know what Personal Data is being collected, sold or shared and to whom.
  2. Right to Access: the right to request access to a copy of your Personal Data.
  3. Right to Correct Inaccuracies: the right to request correction of inaccuracies in your Personal Data.
  4. Right to Deletion: the right to request deletion of your Personal Data where certain conditions apply.
  5. Opt-Out Rights:
    1. The right to opt-out of the processing of Personal Data for the purposes of targeted advertising.
    2. The right to opt-out of the processing of Sensitive Personal Data.
    3. The right to opt out of the processing of personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the Data Subject.
  6. The right to limit sensitive personal data use and disclosures to specifically permitted purposes.
  7. Right to Restrict Processing: the right to restrict processing where certain conditions apply.
  8. Right to Data Portability: the right to receive Personal Data in a structured, commonly used and machine-readable format and have the right to transmit the Personal Data to another controller under certain conditions.
  9. Right to Object: the right to object to the processing of Personal Data (i.e., for direct marketing purposes).
  10. Rights related to Automated Individual Decision-Making: the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on the individual.
  11. Right of No Retaliation: a business shall not discriminate against an individual for exercising their Personal Data rights.

We will respond to your request as soon as possible and within the timeframe stated in the applicable law.

For applicable rights please refer to the Regional Privacy Notice section below.

To exercise any of your rights, you must send an email to dpo@euronetworldwide.com. To help protect your privacy and maintain security we will take necessary steps to verify your identity and may ask you to provide other details before granting you access to your Personal Data or initiating a modification of any Personal Data. When required, if we don’t have a copy of your ID or any legal valid document that proves your identity, we will not be able to answer your request.

Be aware that some rights may not be enforceable due to business necessities or legal obligations while providing you with the Service. Your rights may be limited in order to comply with other legal obligations such as anti-money laundering, contractual and compliance obligations. Notwithstanding that you will always be responded to when exercising any of the rights stated above and/or any additional right you may have depending on your jurisdiction. If your right can’t be enforced, you will always receive a proper explanation.

11. Privacy Complaints

If you have a complaint regarding our processing of your Personal Data, you may contact us at dpo@euronetworldwide.com.

Depending on the applicable privacy law, you may have the right to make a complaint to a Data Protection Authority or other regulatory body if you believe we have failed to comply with our obligations under this Privacy Notice or the applicable law:

12. Regional Privacy Notices

12.1 Notice to United States Consumers

This Notice is provided to United States consumers and customers (including former customers) to meet the requirements of the federal Gramm-Leach-Bliley Act (“GLBA”), where applicable, related to the collection, disclosure, and protection of “nonpublic personal information” (“NPI”) as defined by the GLBA. For the purposes of this Notice, NPI means personally identifiable information about an individual that is collected by Ria as a financial institution under the GLBA in connection with Ria providing a financial product or service, unless the information is lawfully made publicly available. NPI collected by Ria may include any:

  • information an individual gives Ria to get a financial product or service.
  • information Ria gets about an individual from a transaction involving Ria’s financial products or services (i.e., the fact that the individual is a customer/consumer of Ria, account numbers, payment history, etc.); or
  • information Ria gets about an individual in connection with providing a financial product or service (i.e., information from a consumer report or court record).

The categories of NPI that may be collected by Ria are listed in section 1 of this Privacy Notice.

The categories of NPI that may be disclosed by Ria are listed in section 9 of this Privacy Notice.

The categories of affiliates and nonaffiliated third parties to whom NPI is disclosed or may be disclosed in the future are listed in section 9 of this Privacy Notice. Where Ria discloses NPI to nonaffiliated third parties pursuant to the exceptions under the GLBA, all such disclosures are made as permitted by law. A “nonaffiliated third party” is any person except a financial institution’s affiliate or a person employed jointly by a financial institution and a company that is not the institution’s affiliate.

The categories of information disclosed and to whom under joint marketing/service provider exception of the Privacy Rule are listed in section 9 of this Privacy Notice.

If NPI may be disclosed to nonaffiliated third parties, and that disclosure does not fall within any of the exceptions of the Privacy Rule under the GLBA, consumers’ and customers’ have the right to opt out of these disclosures and an opt-out mechanism will be provided to the consumer or customer.

Notice of Ria’s information sharing among Euronet Group and its affiliates is provided in section 9 of this Privacy Notice in accordance with the Fair Credit Reporting Act.

Ria’s policies and practices with respect to protecting the confidentiality and security of NPI are set out in section 11 of this Privacy Notice.

California Consumers

In accordance with the California Consumer Privacy Act, residents of California may exercise the following rights:

  • 1 (Right to Know)
  • 2 (Right to Access)
  • 3 (Right to Correct Inaccuracies)
  • 4 (Right to Deletion)
  • 5 (Right to Opt Out of Sale or Sharing of Personal Data for cross-contextual behavioural advertising purposes)
  • 6 (Right to limit sensitive personal data use and disclosures to specifically permitted purposes)
  • 11 (Right of No Retaliation Following Opt Out or Exercise of Other Rights)

12.2 Notice to European (EEA) residents

In accordance with the General data protection Regulation (GDPR) and in addition to the rights state in section 15 above, all resident of the Economic European Area (EEA) may exercise the following rights:

  • (Right to Access)
  • (Right to Correct Inaccuracies)
  • (Right to Deletion)
  • (Right to Restrict Processing)
  • (Right to Data Portability)
  • (Right to Object)
  • (Rights related to Automated Individual Decision-Making)

To exercise any of the rights listed above, you shall comply with the obligations set in section 15 of this Privacy Notice.

From the day we receive your request, we will respond to you within a maximum time of 30 days, unless an extension is requested.

While processing your Personal Data, we need to share your Personal Data according to the following:

Types of data Purpose Legal basis Recipient

Identification data
Financial data
Transactional data

To provide the Service on the Ria App

Legal obligation

Bank of Lithuania (Centrolink)

Identification data
Financial data
Transactional data

To provide the Service on the Ria App

Legal obligation

PLAIS

Identification data
Financial data
Transactional data

To provide the Service on the Ria App

Legal obligation

SERC

12.3 Notice for UK residents

In accordance with the UK General data protection Regulation (UK GDPR) and the Data Protection Act 2018, all resident of the UK may exercise the following rights:

  • (Right to Access)
  • (Right to Correct Inaccuracies)
  • (Right to Deletion)
  • (Right to Restrict Processing)
  • (Right to Data Portability)
  • (Right to Object)
  • (Rights related to Automated Individual Decision-Making)

To exercise any of the rights listed above, you shall comply with the obligations set in section 15 of this Privacy Notice.

12.4 Notice for Argentinian residents

In accordance with the Law Ley de Protección de Datos Personales 25.326, you have the following rights, according to the definitions stated above in section 15:

  • 2 (Right to Access)
  • 3 (Right to Correct Inaccuracies)
  • 4 (Right to Deletion)

To exercise your Rights or your right to revoke or to make any doubt or complaint regarding the processing of your Personal Data you can contact us at dpo@euronetworlwide.com following the instruction set in Section 15.

You are hereby informed that there are options available for you to limit the way we use or disclose your personal information for specific treatment.

From the day we receive your request, we will respond to you within a maximum time of 5 days (for requests related to deleting and updating your Personal Data) or within a maximum time of 10 days (for the request relating to accessing your Personal Data).

12.5 Notice to Mexican residents

Ria México, with domicile to hear and receive notifications for privacy and Personal Data protection purposes indicated in Section 27, and in compliance with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (the "Mexican Law"), its Regulations, and Guidelines, makes available to its users or potential users in their capacity as data subjects, the present Privacy Notice, prior to the collection of Personal Data, in strict compliance with the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility required by the Mexican Law.

For the purpose of providing the services in its capacity as money transmitter in terms of Article 81-A Bis of Ley General de Organizaciones y Actividades Auxiliares del Crédito, Ria México will collect Personal Data, if applicable, in accordance with the legal bases mentioned in Section 1, and in connection with the following purposes:

  1. Verify that the Personal Data contained in the voting credential submitted to Ria México matches those contained in the registry of the Instituto Nacional Electoral.
  2. Verify that the CURP data provided to Ria México matches with the data registered in the Registro Nacional de Población.

Additionally, and when necessary, in order to comply with articles 4 and 4 Bis of the General Provisions referred to in article 95 bis of the Ley General de Organizaciones y Actividades Auxiliares del Crédito applicable to money transmitters referred to in article 81-A Bis of the same law (the "Provisions"), Ria México is legally obliged to obtain information about your geolocation as well as recordings of your voice and facial image in order to identify its users or potential users in a non face-to-face manner, and to obtain other relevant data that will be explained in detail in the specific form available in the application required by the Provisions. We will always process such information based on your consent.

You have following rights (the "ARCO Rights"):

  • 2 (Right to Access)
  • 3 (Right to Correct Inaccuracies)
  • 4 (Right to Deletion)
  • 9 (Right to Object)

Similarly, you also have the right to limit or revoke at any time the consent granted for the processing of your Personal Data, to the extent permitted by law. To exercise any of your ARCO Rights, to revoke your consent, or to submit any questions or complaints about the processing of your Personal Data, you may contact us at: dpo@euronetworlwide.com following the instructions in section 15.

We will respond to you no later than 20 days from the date we receive your request, and it will be effective no later than 15 business days after we notify you our response.

12.6 Notice to Chilean residents

In accordance with the Law, you have the following rights (the "ARCO Rights"):

  • 2 (Right to Access)
  • 3 (Right to Correct Inaccuracies)
  • 4 (Right to Deletion)
  • 9 (Right to Object)

Likewise, you have the right to revoke at any time the consent granted for the processing of your Personal Data to the extent that the Law allows it. To exercise your ARCO Rights or your right to revoke or to ask any question or complaint regarding the processing of your Personal Data you can contact us at po@euronetworlwide.com following the instruction set in Section 15.

You are hereby informed that there are options available for you to limit the way we use or disclose your Personal Information for specific treatment.

From the day we receive your request, we will respond you within a maximum time of 2 days.

12.7 Notice to Malaysian residents

In accordance with the Personal Data Protection Act 2010 (the “PDPA”), customers may provide us with their Personal Data for any of the purposes establish in Section 1 of this Privacy Notice. If we were to process your Personal Data for any additional purpose, we will previously inform you or ask for your express consent.

At any time, you may exercise the rights set forth in Section 15. You may also withdraw your consent unless the processing activity is necessary to fulfil any legal obligation or to provide you with any of our Services. You may also object to processing if you consider such processing activity may cause any damage or distress to yourself.

From the day we receive your request, we will respond to you within in a maximum time of 21 days.

In accordance with the terms of the PDPA, Ria has the right to charge a fee for the processing of any data access request.

12.8 Notice to New Zealand residents

To all resident in New Zealand, the rights you may exercise regarding the processing of your Personal Data are the following:

  • 1 (Right to Know)
  • 2 (Right to Access)
  • 3 (Right to Correct Inaccuracies)
  • 4 (Right to Deletion)
  • 7 (Right to Restrict Processing)

To exercise any of the rights listed above, you shall comply with the obligations set in section 15 of this Privacy Notice.

From the day we receive your request, we will respond you in a maximum time of 20 days.

12.9 Notice to Australian residents

To all residents in Australia, the rights you may exercise regarding the processing of your Personal Data are the following:

  • 1 (Right to Know)
  • 2 (Right to Access)
  • 3 (Right to Correct Inaccuracies)
  • 4 (Right to Deletion)
  • 7 (Right to Restrict Processing)

You may also ask us to explain our data policies and practices according to the applicable law.

From the day we receive your request, we will respond to you within a maximum time of 30 days.

While processing your Personal Data, we need to share your Personal Data according to the following:

Types of data Purpose Legal basis Recipient

Identification data

To provide identity matching Services that help verify and protect your identity

Consent

Australian Government - Department of Home Affairs

12.10 Notice to Indian residents

To all residents in India, the rights you may exercise regarding the processing of your Personal Data are the rights listed in Section 15. Please note that for the exercise of any of your rights you need to follow the instructions set out in Section 15.

You may exercise your right to data portability and the right to not be subjected to automated decision-making producing legal effects such as profiling, if such profiling is not necessary to provide you with any of our Services.

From the day we receive your request, we will respond to you within a maximum time of 30 days.

13. Our companies by service

The controller is Ria represented by the companies below, depending on country and service:

13.1 Money Transfer Services

Country Company to contact (controller) Contact details

United Kingdom

Euronet Payment Services Ltd.

Part 7th Floor, North Block, 55 Baker Street, London, United Kingdom, W1U 7EU

Europe (Digital and mobile)

Ria Lithuania UA

Ukmergės g. 126, LT-08100, Vilnius, Lithuania

Europe Agents

Ria Payment Institution EP SAU

Calle CantabRia 2, Planta 2 Alcobendas 28120 Madrid España

Poland

Euronet Polska Sp. zo.o

Ul. Inflancka 4c, Warsaw, Poland 00-189

Switzerland

Ria Financial Services GmbH

Langstrasse 192, Zurich, Switzerland 8005

United States

Dandelion Payments, Inc.

7000 Village Dr. Ste 200, Buena Park, CA 90621, USA

Puerto Rico

Ria Financial Services Puerto Rico, Inc.

c/o Fast Solutions, LLC, Citi Tower 252 Ponce de Leon Avenue, Floor 20 SAN JUAN, PR 00918

Canada

Ria Telecommunications of Canada Inc

MZ400-1000 RUE De la Gauchetière O Montreal Québec H3B0A2 Canada

Mexico

Ria México Payment Solutions, S. de R.L. de C.V.

Av. Anillo Vial Fray Junipero Serra 21260, PAD-7 Piso 1, Querétaro, Querétaro México C.P. 76147

Chile

Ria Chile Servicios Financieros SPA

Av. Libertador Bernardo O' Higgins 1449, Torre 4 Oficina No. 1502 Santiago, Chile

Argentina

EURONET PAYMENT SERVICES LIMITED
Sucursal de sociedad extranjera

Place de Cornavin 14 – 16, Geneva - 1201

Turkey

Ria Turkey Ödeme Kuruluşu A.Ş.

Şirket Merkezi: Büyükdere Cad. No: 193 Plaza 193 Kat:2 34394 Levent Şişli/İSTANBUL MERSİS No: 0735085750500016

Malaysia

IME M SDN BHD

Unit 38-02 Level 38, Q Sentral 2A, Jalan Stesen Sentral 2, Kuala Lumpur Sentral, 50470, Kuala Lumpur, Malaysia

Singapore

Ria Financial Services Singapore PTE. LTD.

152 Beach Road #19-01/02, Gateway East, Singapore 189721

Philippines

Ria Money Transfer, INC.

38th Floor, Philamlife Tower, 8767 Paseo De Roxas, Makati City, Philippines

Australia

Ria Money Transfer, INC.

Level 1, 75 Castlereagh St. Sydney, NSW. 2000

New Zealand

Ria Money Transfer, INC.

Level 4, 32 Mahuhu Crescent, Auckland, 1010, New Zealand

13.2 Ria Stores and Currency Exchange Services.

Country Company to contact (controller) Contact details

Italy

Ria Italia S.r.l. unipersonale

Via Francesco Benaglia, n. 13 – Roma, 00153

Switzerland

Ria Financial Services GmbH

Place de Cornavin 14 – 16, Geneva - 1201 *** The registered company address is Langstrasse 192, 8005 Zürich

France

Ria France S.A.S

Rue Joseph II, 36-38 - 1000 Bruxelles

Belgium

Ria Envia Belgium SPRL

ul. Inflancka 4c, 00-189 Warszawa

Germany

Ria Deutschland GmbH

Friedrichstr. 200 10117 Berlin

Sweden

Ria Financial Services Sweden AB

Armégatan 40, 5 tr 171 71 Solna

Norway

Ria Financial Services Norway AS

Skippergata 33, 0186 Oslo

Denmark

Ria Financial Services Denmark ApS

Nørre Voldgade 21, 1358 København K

You can always submit a request to our Data Protection Officer, by sending an email to the following address: dpo@euronetworldwide.com.

How can I contact the company regarding my Data? To make a request or consultation, you may: