DATA PRIVACY POLICY OF ABROAD FINANCIAL TECHNOLOGIES LTD
Effective Date: February 1, 2025
Last Updated: July 31, 2025
This Privacy Policy explains how Abroad Financial Technologies Ltd (“Abroad”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information. By accessing or using our services, you acknowledge that you have read and understood this policy and consent to the processing of your data as described
herein.
1.Who We Are
Abroad Financial Technologies Ltd is a private limited company incorporated in England and Wales under registration number 15943580. Abroad provides infrastructure services to digital wallets and other financial service providers, enabling them to operate with blockchain and traditional finance rails in a secure and compliant way.
2. General aspects
This privacy policy is committed to protecting and respecting the customers and users privacy. This Privacy Policy explains how we collect, use, and safeguard personal data in compliance with the General Data Protection Regulation (GDPR) overall.
By using our services, you consent to the collection and use of your personal data in in accordance with this Privacy Policy.
Abroad provides payment infrastructure services to digital wallets and other services providers, enabling the secure processing and dispersion of payments through blockchain technology. This Privacy Policy outlines how we handle personal data in the context of our role as a payment infrastructure provider, in compliance with the
General Data Protection Regulation (GDPR) and UK Data Protection Laws. Since we do not collect or process personal data directly from end-users (such as consumers), but rather provide a service that enables payment processing on behalf of our clients, this policy primarily concerns the data practices related to our clients and the interactions between our platform and its users.
3. Data Controller
Abroad acts as the data processor for our clients (digital wallets and other payment service providers) with the technology that we process.
Our clients are the data controllers who determine the purposes and means of processing personal data.If you are a user of a digital wallet or payment service provided by one of our clients, please refer to their privacy policy for details on how they collect, use, and store your personal data.
4. Information We Collect
As a payment infrastructure provider, we do not collect personal data directly from end-users (such as consumers). However, we collect the following types of information from our clients:
- Client and Service Provider Information: Business name, contact details, account information, and other administrative data related to our relationship with the client
- Payment Information: Transaction details, including payment amounts, timestamps, and blockchain-related data required to facilitate payments.
- Technical Data: Information related to the interactions between our platform and the client’s system, such as IP addresses, device identifiers, and blockchain transaction identifiers.
- Financial and transactional data (wallet addresses, transaction history, risk indicators.
- Behavioral and risk profiling (source of funds, transactional patterns, KYT alerts)
5. How We Use Your Data
We use the information we collect solely for the following purposes:
- To provide payment infrastructure services to our clients, enabling the execution and distribution of payments via blockchain technology.
- To ensure the secure operation and functionality of our payment platform, including transaction processing and troubleshooting.
- To communicate with our clients about service updates, improvements, and support-related matters.
- We process personal data strictly for legitimate and clearly defined purposes, including: Verifying identity and assessing risk profiles (KYC, AML, and KYT procedures), Monitoring and understanding user transaction behavior, Enabling client compliance with regulatory obligations, Detecting, preventing, and responding to fraud or illicit activities, Enhancing, maintaining, and improving our platform and services, Providing technical support and client communications.
Since we do not process personal data directly from end-users, any personal data required for the execution of payments is processed and managed by our clients.
6. Legal Basis for Processing Your Data
Under the GDPR, we process personal data based on the following legal basis:
- Contractual Necessity: The processing of data is necessary for the performance of our contract with our clients, who are responsible for determining how personal data is used.
- Legal Obligation: We may need to process certain data to comply with legal obligations, such as anti-money laundering (AML) regulations, fraud prevention, or regulatory reporting requirements.
- Legitimate Interests: We may process certain data for purposes of ensuring the security and proper functioning of our services, in alignment with the legitimate interests of both our clients and us, for instance: service performance, fraud prevention, and risk monitoring
7. Data Retention
We retain transaction-related data for as long as necessary to fulfill the purposes for which it was collected, including meeting legal, regulatory, or contractual obligations. Once data is no longer necessary for these purposes, it is securely deleted or anonymized in accordance with our data retention policies.
8. Data Sharing
We do not share personal data with third parties except in the following circumstances:
- With Our Clients: We share transaction data with our clients (digital wallets, payment service providers) to facilitate payments and provide the requested services.
- With Service Providers: We may engage third-party service providers to support our infrastructure, such as cloud hosting or IT security services. These providers will only process data in accordance with our instructions and are required to maintain confidentiality and security.
- For Legal and Regulatory Compliance: We may share data when required by law, regulation, or legal process, such as responding to subpoenas, court orders, or other legal requests.
- With Our Clients: We share transaction data with our clients (digital wallets, payment service providers) to facilitate payments and provide the requested services.
- With Service Providers: We may engage third-party service providers to support our infrastructure, such as cloud hosting or IT security services. These providers will only process data in accordance with our instructions and are required to maintain confidentiality and security.
- For Legal and Regulatory Compliance: We may share data when required by law, regulation, or legal process, such as responding to subpoenas, court orders, or other legal requests.
9. International Transfers
As part of providing our services, personal data may be transferred outside of the European Economic Area (EEA) or the United Kingdom. If data is transferred internationally, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) or other legal mechanisms required by the GDPR or UK GDPR and Data Protection Act 2018 to protect your data.
10. Your Data Protection Rights
As our role is limited to processing data on behalf of our clients, individuals seeking to exercise their rights under the GDPR should contact the data controller (our client) directly.
However, if you are a customer of Abroad, and you believe we have data on you, you may contact us directly to make a request related to your rights under data protection laws. These rights include:
- Right of Access: You have the right to request a copy of your personal data.
- Right to Rectification: You can request correction of inaccurate or incomplete data.
- Right to Erasure: You can request the deletion of personal data under certain circumstances.
- Right to Restriction of Processing: You can request a restriction on the processing of your data.
- Right to Data Portability: You may request to receive your data in a structured, commonly used format.
- Right to Object: You may object to the processing of your personal data.
For more information, or to exercise any of these rights, please contact your digital wallet provider or payment service provider directly.
11. Security
We implement appropriate technical and organizational measures to ensure the security of the personal data processed on our platform, including data encryption, secure servers, and access controls. However, as a service provider, we rely on our clients to ensure that personal data is processed securely on their end.
12. Cookies
We use cookies and similar technologies to provide and improve our services, analyze usage, and ensure the security of our platform. You may manage cookie preferences through your browser settings and check our Cookies Policy.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any updates will be posted on this page with the effective date. We encourage you to review this policy regularly to stay informed about how we are protecting your data.
14. Contact Us
If you have any questions or concerns about this Data Privacy Policy, please contact us at: legal@abroad.finance
15. Final Notes
By using our services (directly or via a client platform), you consent to the processing, transmission, and analysis of your personal data by Abroad and our verified service providers, in accordance with this policy.
16. Validity
This data privacy policy is effective as of July 31, 2025 and applies to all Services performed from the date of their publication and thereafter.
This data privacy policy may be modified from time to time by ABROAD and such modifications shall be deemed applicable to the Services performed after the corresponding modification.
Disclaimer: Applicable Jurisdiction for Users in Colombia
If you reside in Colombia or access our services from within Colombian territory, please note that the processing of your personal data is governed both by this Privacy Policy and by the Personal Data Processing Policy issued by Traguatan S.A.S., in accordance with Colombian data protection regulations, including Law 1581 of 2012, Decree 1377 of 2013, and any other applicable provisions.
.svg)
