Scope of this Privacy Notice
Types of Personal Data we may collect
How we collect Personal Data
What are our legal basis for processing personal data
How we use Personal Data
How we share Personal Data
Our information security
Automated decision making / profiling
Your marketing choices
Accessing your personal data
How long we keep information
International data transfers
Your rights to your personal data
Types of personal data we may collect
The exact types of Personal Data we may collect depends on your interaction with us, and may include:
Identity verification data: To verify your identity, we may collect your business or personal name, address, ID numbers, date of birth, tax identification number, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including a copy of your government-issued identification and a selfie photo. We may obtain information from affiliated and non-affiliated third parties, such as credit bureaus, identity verification services, and other screening services to verify that you are eligible to use our Services, and will associate that information with the information we collected from you.
Financial data:In addition to identity verification, Instarails may collect various information regarding your finances and other financial information (including the bank information you provide us) in order to be able to perform, and better perform, the transactions you request on the platform. We also may collect this information to ensure compliance with regulatory requirements (e.g., anti-money laundering laws) and our own internal policies. In order for this to function, we must share certain elements of your Personal Data with these third parties. The information we receive, including information from third parties, may include accounts you hold, balances, transactions, and a risk score.
Account activity data:We collect information about your transactions, payments from or to you, and your other activities on our site or Service and other details of products and services you have purchased from us
Application use data:We may collect data on your interaction and use of our Service. This includes visits to our website or app, sign-up activity, your bank account, credit card, other payment details to enable you to enter into transactions on the Service, along with any additional information you may disclose to our user support team in order to resolve problems you report.
Your device data:We collect and process your internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or any of our software applications.
Marketing data:We collect and process your preferences in receiving marketing from us, your email address, including hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeted advertising, and where you may have seen Instarails advertisements.
Information collected through cookies, pixel tags and other technologies
Demographic information and other information provided by you that does not reveal your specific identity; and
Information that has been aggregated in a manner that it no longer reveals your specific identity. We may merge Personal Data with other information. We will treat this information as Personal Data if we are required to by law.
How we collect personal data
We collect information from and about you when you register with us or use our products, services or apps (our “Services”) or use our website or software applications, or access or use third-party services that use our Application Programming Interface (“API”). We collect Personal Data when you:
Send money or receive a payment, by using the website or mobile app provided by one of our partners, of which you are an end-customer;
Partners that provide information about their company, responsible person creating the account and authorized users of the account during the onboarding and due diligence processes;
Contact our support team for help or for more information about a transaction;
Apply for an employment opportunity with us;
Interact with our sales or network representatives;
Interact with any of our social media accounts;
Contact us via our website contact form;
Visit our website;
Send us Personal Data for any other reasons.
If you provide us with the Personal Data of someone else (e.g. a colleague, shareholder or company director during onboarding), you represent that you have permission to do so. We may also gather Personal Data from public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected), and from other third parties.
What are our legal basis for processing personal data
We rely on the following legal bases (as defined by data protection regulations) to process Personal Data:
The processing is necessary for the fulfillment of our contractual obligations to our partners;
The processing is necessary for the fulfillment of our legal/regulatory requirements and obligations;
The processing is necessary for pursuing our legitimate interests; or
Consent was given for a specific purpose.
We will only use the Personal Data you provide for the purposes for which we collected it, as well as for related purposes. If we need to use the Personal Data you provide for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How we use personal data
We have implemented security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We protect your Personal Data by maintaining physical, electronic, and procedural safeguards, incorporating tested security technologies, in compliance with applicable laws. We may use network safeguards such as firewalls and data encryption, enforce physical access controls, and authorize access to Personal Data only for those people who require access to fulfill their job responsibilities.
In addition, we limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Those with access to your Personal Data are carefully screened, periodically reevaluated, and are required to keep all your Personal Data confidential.
We may use Personal Data and other information for our legitimate and reasonable business purposes, to the extent permitted by applicable law, including but not limited to:
Completing your money transfer or payment request, that you submit to our partners;
Completing a money transfer or payment request receiving a money transfer or payment from our partners
Providing you with the services that you have signed up for;
Conducting due diligence on your company to satisfy our regulatory obligations;
Providing you with support when you need help with our services;
Processing your job application;
Exploring how your company can join our partner network;
Interacting with you on our social media accounts;
Handling your queries and feedback;
Operating and growing our business (e.g., conduct data analysis; audit our activities; develop new products; enhance, improve and modify our services; identify usage trends; determine the effectiveness of our promotional campaigns);
Monitoring and preventing fraud, money laundering, abuse, and other actual and potential prohibited or illegal activities;
Meeting our legal, auditing, regulatory, insurance, security and processing requirements;
Responding to court orders;
Complying with applicable laws, which may include laws outside your country of residence;
Responding to requests from public and government authorities, which may include authorities outside your country of residence;
Cooperating with law enforcement or for other legal reasons;
Enforcing our terms and conditions; and
Other reasonable and legal purposes which you have consented to.
How We Share Personal Data
We share and disclose information with:
We sometimes share your information internally between employees and contractors of the Instarails (including those based in and outside the European Economic Area (“EEA”)), in particular in connection with activities undertaken jointly or in common with such group members and/or provide IT and system administration services and undertake management reporting.
We do not sell, trade or otherwise transfer your Personal Data to third parties other than third parties who assist us in operating our Service, third parties who assist us in facilitating certain programs and other business arrangements for which you have expressly agreed to participate, management and reporting, maintaining compliance with relevant laws (including compliance with relevant anti-corruption, anti‐bribery, anti‐terrorism, and anti‐money laundering laws), conducting our business or supporting our users, or providing you with applications or services integrated via our API. We require that those third parties agree to keep this information confidential and secure on the same conditions and protection levels we provide to you as a user, in accordance with relevant privacy laws, including the GDPR (to the extent applicable).
We may also release your information to certified and authorized law enforcement officials when we believe release is appropriate to comply with the law, enforce our terms or policies, or protect the rights, property, or safety of Instarails, our users, or others. We have a set of guidelines for how we engage with law enforcement officials that are available to the public here.
In the event of the sale or transfer of ownership, your data would be shared with the new owners.
Our partners in our network, so that they can complete your money transfer/payment requests, provide our service to you, and to meet their own legal and regulatory obligations;
Our subsidiaries and affiliated entities. Like most international businesses, we have centralized certain aspects of our data processing in order to allow us to better manage our business and share the Personal Data you provide accordingly if required and needed in this context. We may also share the Personal Data you provide with recipients in other Instarails entities if this is necessary to provide our service;
Our vendors that provide us with services related to information technology, such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, and email delivery;
Our vendors that provide us with services related to our marketing communications and campaigns, consistent with your choices, including any applicable choices we provide for you to opt into such sharing;
Your social media connections, other website users and your social media account providers;
Other third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of our business, assets or stock, or in any bankruptcy or similar proceedings; and
Others as required by law. We reserve the right to disclose any Personal Data you have provided if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain Personal Data to comply with any specific record retention laws that apply.
Instarails is headquartered in the United States. Many of our affiliates and third-party service providers are based outside the US, so processing of your Personal Data may involve a transfer of your Personal Data outside the US and may be maintained or accessed in servers or files located in countries outside the US. By voluntarily providing your Personal Data on or via this website or app, you consent to its transfer, processing and storage in the United States or other countries outside the US. Whenever we transfer any Personal Data outside the US, we will put in place an adequate level of protection to ensure that any such transfers comply, and are consistent with applicable India, EU and/or UK data protection laws, including with respect to transfers among Instarails affiliates.
Please contact us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring Personal Data outside of the US.
Our Information Security
Instarails implements reasonable organizational, technical and administrative measures to protect Personal Data and other information. These measures are aligned with industry best practices, as well as with guidance from data protection authorities like the ICO, CNIL and PDPC. Our security measures include:
the pseudonymization and encryption of personal data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
a process for embedding security when designing and developing systems;
an education program that regularly trains employees and maintains awareness of security;
the implementation of technical controls to detect and prevent unauthorized access, including firewalls, intrusion detection and anti-virus software.
the implementation of technical and operational access controls that determine the information that each user can access, including role based access, strong passwords and multi-factor authentication;
the ability to continuously monitor and log our systems and networks, as well as to regularly review security logs;
a patch management program that regularly monitors and updates our systems with the latest updates.
Please know, however, that no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at email@example.com.
Automated Decision Making/Profiling
We do not take decisions which have a significant impact on you based only on using automated means. There is always human intervention into decisions based on automated processing.
Your Marketing Choices
You can opt out from receiving marketing communications from us by:
Clicking on the “unsubscribe” link at the bottom of a Instarails marketing email; or
Contacting us at: firstname.lastname@example.org
We will respond to your request as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you transactional or administrative messages.
Accessing Your Personal Information
You can request to review, correct, update, suppress, restrict or delete personal information that you have given to us, or receive an electronic copy of your personal information to transmit it to another company (to the extent provided to you by applicable law), by contacting us at: email@example.com.
We will respond to your request as soon as reasonably practicable. For your protection, we may need to verify your identity before implementing your request.
How Long We Keep Information
We keep information if necessary, for the purpose it was collected, or for a longer retention period as required or permitted by law. Once information is no longer needed for its initial purpose, unless required to retain it under applicable law, it is deleted in accordance with our policies and procedures.
Please note that we may need to keep certain information for recordkeeping purposes or for regulatory compliance purposes. There may also be residual information that will remain within our databases and other records, which cannot be reasonably removed.
International Data Transfers
Due to the nature of our service, your Personal Data will be transferred internationally. Instarails will secure international data transfers using the appropriate safeguards required by the relevant data protection regulations.
Your Rights to Your Personal Data
Applicable data protection laws may allow you certain rights regarding your Personal Data that Instarails handles. These rights include:
Right to access: you have the right to demand access to your personal data processed by us and to request a copy of your Personal Data being processed by us.
Right to rectification: you have the right to have incorrect or incomplete personal data corrected.
Right to erasure: where legally envisaged you have the right to have your Personal Data deleted under certain circumstances.
Right to restriction of the processing: under certain conditions, you have the right to demand a restriction of the processing of your Personal Data
Right to data portability: under certain circumstances, you have the right to obtain the personal data that was provided to us in a readable format.
Right to object: where your Personal Data is processed on the legal basis of our legitimate interest, you can object processing on grounds relating to their particular situation.
Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint regarding our privacy practices, to the relevant data protection/supervisory authority.
Right to withdraw consent: you have the right to revoke your consent at any time, without affecting the lawfulness of processing based on your consent before the withdrawal.
You may exercise your rights by emailing us at firstname.lastname@example.org. We will respond to your request as soon as reasonably practicable. For your protection, we may need to verify your identity before implementing your request.
If you have any questions about this Privacy Notice, our privacy practices, the data we hold on you, or you would like to exercise any of your rights to your Personal Data, please do not hesitate to email us at email@example.com.