Looking for Something?

WEX Group Privacy Policy

Introduction

WEX is committed to protecting your personal information and privacy when you use our websites, apps and services (“Services“).

This WEX Group Privacy Policy (the “Privacy Policy“) explains how we do this and how and why we collect and use any personal information that you provide to us, or which we collect from or about you, when you use our Services.

If you do not agree to the use of your personal information as set out in this Privacy Policy, please do not use any of our Services.

About the WEX Group

In this Privacy Policy, when we refer to “WEX“, “us“, “we” or “our“, we mean the relevant WEX group company or companies which provide you with the relevant Service. The following WEX companies collect, process, transfer and store your personal information in accordance with this Privacy Policy.

The relevant WEX company involved will depend on the Services you are using, but include the following:

  • WEX Europe Limited (Company number 05927983), a company organised and existing under the laws of England, registered at 4th Floor, East Building, 1 London Bridge, SE1 9BG, United Kingdom
  • WEX Europe UK Limited (Company number 10485907 and FCA reference number 900747), an authorised electronic money issuer, registered at 4th Floor, East Building, 1 London Bridge, SE1 9BG, United Kingdom

Please note that following an internal re-organisation, as of 30 October 2017 certain Services previously provided by WEX Europe Limited are now provided by WEX Europe UK Limited, and various contractual arrangements with WEX Europe Limited and other third parties have been transferred to WEX Europe UK Limited. Accordingly, WEX Europe UK Limited is now a data controller over any personal data collected pursuant to the Services it now provides and will continue to collect and process such personal data in accordance with this Privacy Policy.

WEX previously used R. Raphael & Sons plc (“Raphaels“) to provide certain e-payment solution services in relation to certain Services. Following the re-organisation referenced above, these services are now provided by WEX Europe UK Limited, and various contractual arrangements with Raphael’s have been transferred to WEX Europe UK Limited. Accordingly, WEX Europe UK Limited is now a data controller over any personal data collected pursuant to the services previously provided by Raphaels and the Services it now provides, and will continue to collect and process such personal data in accordance with this Privacy Policy.

Corporate Use

Other than the general use of the WEX websites, the Services are provided by WEX to its corporate customers on a business to business basis. As part of the Services WEX may collect certain personal information about you, such as when you register for, access, and use the Services on behalf of such corporate customer. This may include information that relates to the customer or information relating to you in your capacity as an employee or agent of such customer (and not in a personal or private or consumer context).

To the extent WEX does collect and use your personal information as a data controller as part of the Services, it does so in accordance with this Privacy Policy.

In relation to your use and our provision of the Services, this is governed by our agreement with our customer which sets out the terms on which we provide the Services and our rights, obligations and protections in relation to the Services. Our liability in relation to the Services is subject to the terms of this agreement with our customer. If you have any questions in relation to the Services or our agreement with the customer, you should raise these enquires with your employer or the party that instructs you to use the Services).

Application of this Privacy Policy

This Privacy Policy applies to our collection and use of your personal information only in our capacity as a data controller.

If you applied for a prepaid card from one of our partners, they may also process data on their own behalf, on behalf of the card issuing firm, or on our behalf. The partner will be the data controller of the personal data it collects for marketing purposes. If anyone other than WEX is the data controller, this will be made clear when you provide your personal information.

The firm that issues your prepaid card is the data controller of personal information collected which concerns the use of your prepaid card. WEX operates your prepaid card and processes your personal data as a data processor on the issuing firm’s behalf, such as information about any transactions you undertake.

When you give us personal information about another person, you confirm that they have appointed you to act for them and that they are aware of how we may use their personal information as set out in this Privacy Policy.

WEX Cookie Policy
Our websites, apps and platforms use cookies to distinguish you from other users of websites and to collect other information to help us to provide you with a better experience when you browse our websites and to allow us to monitor and improve our Services. Our Cookie Policy (the “Cookie Policy”) explains what cookies we use on our websites, what information we may use or store through our cookies and how you can disable cookies.

Services covered by this Privacy Policy

The Services covered by this Privacy Policy include those provided on www.wexvirtualpayments.com/eu, the WEX Prepaid Card Services Portal (also known as PLog, www.prepaycardservices.com), and any other websites, apps, online portals and services that provide a link to (or other reference to) this Privacy Policy.

When visiting pages hosted on other third-party websites, or using services provided by third parties, you should refer to their privacy policies and terms of use for more information about how they handle your information.

Data Collected

In this Privacy Policy, “personal information” is information from which you can be personally identified, including for example, your name, email address, postal address, phone number, and payment card information. In the European Union, personal information also includes other information that identifies you, including your internet protocol (IP) address. We may combine the personal information we receive from you with information we receive about you from other sources, such as other WEX companies, public databases and other third parties.

Personal information does not include data collected as part of the Services from which we cannot identify you, or information which would not enable us to identify you as an individual (such as by removing certain information which would mean that we are not enable to identify you personally).

We and our service providers may collect non-personal information that does not reveal your specific identity or does not directly relate to an individual. Because this information does not personally identify you, we may use and disclose it for any lawful purpose. If we are required to treat such non-personal information as personal information under applicable law, then we may use and disclose it for all the purposes for which we use and disclose personal information under this Privacy Policy. We may combine the non-personal information we collect from and about you with personal information, but if we do, we will treat the combined information as personal information for as long as it is combined.

WEX collects the details provided by you on registration to use our Services, or when our corporate customer provides us with registration details to enable us to provide the Services (even if you do not actually submit your request or registration). When you apply for Services from us (or from one of our partners) you will be asked to provide personal information so that we can process your registration to use the Services. The personal information you give us may include your name, address, email address, phone number and financial information.

We also collect personal information and non-personal information we learn about you from your use of the Services. We may also collect IP addresses, browser types, internet service providers (ISP), referring/exit pages, operating systems used, date/time stamps, and click stream data. To make sure we follow your instructions correctly and to improve the Services through training of our staff, we may also monitor or record telephone calls.

We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers, credit reference agencies) and we may receive personal information about you from them in order to provide and manage the Services and our business operations.

Data Usage

The personal information that you provide will only be used for the purposes described at the time of your application, as outlined in the terms and conditions that apply to the relevant Service and as set out in this Privacy Policy.

We may use your personal information to:

  • manage your account(s)
  • provide you with customer service, technical support and account maintenance
  • inform you of any changes made to the Services or send other administrative information to you
  • personalise aspects of our Service to you
  • inform you of products, services, promotions and offers which you may find interesting
  • for assessment and analysis including identity verification, behaviour scoring, and market and product analysis
  • develop and improve our products and services
  • for internal business purposes such as audits, fraud monitoring and prevention, monitoring the effectiveness of promotional campaigns and operating and expanding our business activities

As part of our checks to prevent fraud and money laundering, personal information that you provide may be disclosed to a credit reference or fraud prevention agency, who may keep a record of that information. This check is performed to confirm your identity only, a credit check is not performed and your credit rating will be unaffected.

If you do not complete a registration process we may use any personal information that you have already provided to us to contact you to make sure that you do not wish to proceed with registration.

Third Parties

We may share your personal information with third parties in relation to the data usage purposes set out above, including:

  • for such purposes that you have given us consent to do so (including but not limited to marketing by WEX group companies or partners whose brand is on your card where you have provided consent for us to do so)
  • to our suppliers or service providers that process information on our behalf and/or which provide products and services to us to assist us in providing our Services to you or our corporate customer
  • to the institution which issued your prepaid card (and which is a member of the relevant card scheme), as relevant to the Services
  • to card scheme operators, as relevant to the Services
  • to persons acting as our agents (and our partners who sell and/or market our prepaid cards from time to time) under a strict obligations of confidentiality
  • to partners with whom we run loyalty and/or currency card programmes. If this applies to you, such disclosure will be under a strict obligations of confidentiality and will be limited to information which confirms (a) whether a card which carries that partner’s brand has been issued to you; and (b) whether such card has been activated and/or loaded
  • to our corporate customer (likely your employer or the organisation otherwise instructing you to use our Services), where the card has been provided to you for use in the course of your employment
  • to fraud prevention agencies, regulatory bodies and other organisations who may use the information to prevent fraud and money laundering
  • if such disclosure is necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions (including our agreement with our corporate customer); (e) to protect our operations or those of any of the WEX group of companies; (f) to protect our rights, privacy, safety or property, and/or that of the WEX group of companies, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain
  • to anyone to whom we transfer or may transfer our rights and duties under our prepaid card terms and conditions or other agreement with you or our corporate customer
  • to other entities within the WEX group of companies

We may also use and disclose anonymous information (so that no individual customers are identified) for marketing and strategic development purposes.

If you do not want to receive marketing information about our products and services, please update your preferences via our websites or contact us using the contact details at the end of this Privacy Policy. You will however still receive operational and administrative messages related to the Service you use and any enhancements or changes to these Services.

Data Protection Principles

Where we are acting as a data controller in the United Kingdom we comply with the principles of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and will always follow these principles. We are registered with the Information Commissioner’s Office (who regulates compliance with the Data Protection Act in the United Kingdom).

The eight principles relating to the processing of personal information with which we comply are:

  • Fairly and lawfully processed
  • Processed for a limited purpose
  • Adequate, relevant & not excessive
  • Accurate and up to date
  • Not kept longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to countries without adequate protection

Where we are acting as a data controller in another jurisdiction, we will comply with applicable data protection laws in that jurisdiction as they apply to us in relation to the Services we provide.

Your Rights to access, change, or delete the information you have provided to us

Under applicable data protection laws, you may have a right to access the personal information that we hold about you. To request a copy of the personal information we hold about you (to the extent required by applicable data protection laws), please write to us using the contact details at the end of this Privacy Policy. We may be entitled to charge you a fee for processing such request.

You have a right to ask us to correct any inaccuracies in your personal information (free of charge). Please write to us using the contact details at the end of this Privacy Policy if you want to make such request. You may also contact us at any time to request that we delete any personal information which we are holding about you or restrict the way that we process your personal information, and we will deal with such requests in accordance with applicable data protection laws.

If you request that we delete any personal information which we are holding about you, we will try to do so within a reasonable time after your request and we will take reasonable steps to ensure that your personal information is no longer used (except as may be required or permitted by applicable law) by us. Please note that, where required or permitted by law, we may need to retain certain information for recordkeeping purposes, legal reasons, and/or to complete any transactions that you began prior to requesting deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

If you have any questions, complaints, or comments regarding this Privacy Policy, please contact us using the contact details at the end of this Privacy Policy. For complaints, you can also contact the Information Commissioner’s Office or relevant data protection regulator in your jurisdiction.

Third Party Websites

Our Services may contain links to other websites which are not operated by WEX. Additionally, there may be unauthorised third party websites that may be providing links from their sites to our Services without our knowledge or control. This Privacy Policy does not apply to such linked or linking websites and we have no responsibility for the privacy standards, cookie usage, content or any goods or services that may be provided on those other websites. You are solely responsible for ensuring that you familiarise yourself with the privacy policies and practices and any terms and conditions that may be applicable to your use of any such website and we encourage you to review the policies of all such sites carefully.

Data Security – Your Username, Passwords and/or Passcodes

We take the security of your personal data very seriously. On registering an account with us, you will be provided a username, password and/or passcode (“Access Credentials”) which must be used in order to access our Services including certain restricted parts of our websites. Your Access Credentials are used by us to identify you and so are very important.

You are responsible for all services accessed by anyone using your Access Credentials. As soon as you become aware of or suspect that someone else is using your Access Credentials you should notify us immediately using the contact details at the end of this Privacy Policy.

What you should do:

  • Never reveal your passcode or password to anyone
  • Do not use a passcode or password that could be easily guessed by someone else
  • Change your passcode and password immediately if you suspect someone else could know it
  • Log off any website and close your web browser when you have completed your transaction
  • Keep your PC updated with current anti-virus software and the latest browser versions
  • Do not send us any confidential account information via email
  • Treat emails you receive with caution. Remember we will never ask you to disclose your personal or account information to us by email. In particular we will never ask you to disclose your card PIN to us

We recommend that you regularly visit the http://www.financialfraudaction.org.uk website to keep up to date with tips to protect yourself from the latest scams.

Website Security

Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our systems operate on 128-bit secure encryption. Look for the yellow padlock symbol in your browser status bar. All forms and online account pages, i.e. those pages that show your information, use 128-bit encryption. Encryption makes your information unreadable to anyone who might intercept it. The latest web browsers support 128-bit encryption. Browsers older than this support lower levels of encryption (40-bit or 56-bit) but they still remain extremely secure.

A team of independent security experts regularly test our websites and security processes. Your session will time out after a period of inactivity and your account will be locked out after six failed access attempts for a period of time. Further repeated failed attempts in this period will lock out your account permanently. If this happens you will need to contact us to reset your account.

We will verify your identity before disclosing confidential information over the telephone or re-setting your passcode. You should note that ordinary email is not secure. Please do not send us any confidential information via email. We will only use email to send you account information such as your account balance and limited transaction information or special offers if you have given your consent for us to do so. We will not use email to send other confidential personal information to you.

Data transfers

All information you provide to us is stored on our secure servers. We may store or transfer your personal information to a destination outside the European Economic Area (“EEA”). Your personal information may be processed by persons located outside the EEA who work for us, or for one of our group of companies or for our suppliers. By submitting your personal information you acknowledge that it may be subject to such transfer, storage or processing outside of the EEA. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

Where we transfer personal information of individuals located in the EEA to third parties outside of the EEA we will take steps to ensure that such transfers comply with applicable privacy laws (such as by putting in place adequate measures, for example transfer provisions on terms prescribed by applicable law) and we will take all reasonable precautions to ensure that your personal information is treated securely and in accordance with this Privacy Policy.

Phishing emails

From time to time we may send you emails relating to your card or, if you have opted into our marketing communications, then you may also receive marketing emails from us. However our emails will never ask you to provide us with your log in details or passcode but we may direct you to our top up and/or login page – you should never enter your log in details on a website link which is emailed to you if you are not certain that the email is from us. If you have any doubts about an email you receive then please contact our customer services team using the contact details at the end of this Privacy Policy who will be able to assist.

Emails which are not from us or the institution which issued your card may be “phishing” emails. Some helpful information on phishing and what to look out for can be found on the Action Fraud site: http://www.actionfraud.police.uk/fraud-az-phishing as well as on the Financial Fraud Action site http://www.financialfraudaction.org.uk/Consumer-fraud-prevention-advice-remote-banking.asp

Notification of changes

From time to time, we may make changes to the Privacy Policy. Such changes may be in relation to changes in the law, best practice or changes in our Services or business policies and/or processes.

Any changes that we make will be updated on this Privacy Policy page and, if appropriate, we may draw your attention to the changes by marking them on this page. If we make any material changes in the way we collect, use, or share your personal information, we will notify you, which may be by prominently posting a notice of the changes on WEX Europe’s home page www.wexvirtualpayments.com/eu, or by email or an in-service message.

You can determine when the policy was last revised by referring to the “last updated” legend at the bottom of this Privacy Policy. Your continued use of the Services following our making available any revised version of this Privacy Policy will mean that you accept that revised version.

If you do not agree to any changes made to this Privacy Policy, you may not access or use the Services.

Contact

If you have any questions, comments or concerns about any aspect of this Privacy Policy or how WEX handles your personal information please contact us at customer.services@wexeurope.com, or through our Customer Services Team’s contact page. We will get back to you as soon as possible.

General information about data protection may be found at the UK Information Commissioner’s website: http://www.ico.gov.uk

Last updated

This Privacy Policy was last updated on 30 October 2017.

COOKIE POLICY

What are cookies?

Cookies are small pieces of data sent to and retrieved from your browser. Cookies are used to store information about you or your device (computer, mobile or tablet). Cookies enable us to present you with a more personalised enhanced browsing experience.

How does WEX use cookies?

WEX uses 4 types of cookies:

  • Session cookies – these are temporary and only exist when you visit our websites until you close your browser which is when they will be deleted. These cookies help us to remember what you chose on a previous page to avoid you having to re-enter information. They also help keep our websites secure.
  • Personalisation/Marketing cookies – these cookies make our websites relevant to you by ensuring they carry the correct branding for your product and the correct currency offer for you. These cookies may be stored for a maximum period of 1 year.
  • Advertising and Analytics cookies – these allow us to track data about your usage of our websites, delivering content relevant to your interest and enabling us to improve the experience you have using our websites. These cookies may be stored for 30 minutes to 2 years.
  • ShareThis cookies – we use this service to make it easier for our users to share pages with friends and acquaintances on social media sites. For more information on privacy, visit www.sharethis.com/privacy

How can I control and delete cookies?

You can restrict or block the cookies set by us by editing your browser settings. The “Help” function within your browser should tell you how to do so. We strongly recommend that you do not restrict or block all cookies, as this may affect the full functionality of the our websites when you use them.

If you are visiting our websites from a tablet or mobile device, please refer to your tablet or handset manual to find out more about how to delete cookies.

Internet advertising

We may display interest-based advertising using information you make available to us when you interact with our websites, content, or Services. Interest-based ads, which may sometimes be referred to as personalised or targeted ads, are displayed to you based on information from activities that you undertake on our websites, such as purchasing, use of devices, apps or software, visiting sites that contain our content or ads or interacting with our tools.

Cookies enable us to learn about the ads you view, which ads you click, and other actions you take on our websites and as well as other sites. This allows us to provide you with more useful and relevant ads. For example, if we know what ads you have already been shown then we can try to avoid showing you the same ones repeatedly. Any interest based ads shown to you on our websites or any other website are based on information from your interaction and will not be associated with your identity. By using our websites you agree that we may use cookies and capture the information that you provide to us to use in internet advertising. We will never share personally identifiable information collected by cookies with third parties but please read our Privacy Policy to understand the situations in which we may share personally identifiable information with our suppliers and partners and other third parties in order to assist us in providing our Services to you and managing our business operations.