Legal
Globus Payments Ltd - Privacy Policy
Effective December 2025
Last updated 28 November 2025
At Globus, we are committed to protecting and respecting your privacy.
1. OUR APPROACH TO PRIVACY
This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information") when you use our website(s), application(s) and any of our other services ("Services"), enter into a commercial relationship with us or otherwise interact with us.
2. ABOUT US
Globus is the trading name of Globus Payments Ltd (company number 14016755) ("Globus", "we", "our", or "us"). Globus is the data controller of the personal information we hold about you.
Our registered and postal address is 69 Old Broad Street, London, England, United Kingdom, EC2M 1QS.
We are registered as a data controller with the Information Commissioner's Office under data protection registration number ZB375250.
3. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT
The table at the Annex sets out the categories of personal information we collect about you and how we use that information. The table also lists the legal basis which we rely on to process the personal information.
More generally, we:
- collect personal information that you voluntarily submit to us, such as your name and contact details, when you register with us, use our Services, or otherwise interact with us during our business activities.
- collect personal information that you are required to provide us as part of our client onboarding procedures and for us to comply with our regulatory responsibilities (such as Know Your Client and anti-money laundering requirements);
- collect and obtain personal information about you from third parties, such as our service providers, background checking service providers, social networks, our advertising and marketing partners, research agencies (or their respective partners) (e.g. to test the Services or for market research purposes) and our other partners where we carry out joint business activities.
- obtain and process transaction data (as further detailed in the Annex) generated by your use of the Services and provided by counterparties and their payment services providers.
- collect personal information that you voluntarily submit to us and/or generate as part of our business activities; and
- may also collect certain personal information automatically, including in relation to how you access and use our Services, and technical information regarding your use of our Services. We may also record telephone calls when you contact our customer services team by phone.
We use the information we collect about you to correspond with you, perform our agreements with you, comply with our regulatory responsibilities (such as Know Your Client and anti-money laundering requirements), carry out marketing activities and our day-to-day business activities and operations.
We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.
You may also provide us with personal information, such as your contact details, when interacting with Globus generally by email, over the phone, at online and physical events or during your and/or business activities.
We will indicate to you where the provision of certain personal information is required for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested.
4. ANONYMOUS DATA
We may anonymise and aggregate any of the personal information we collect about you (so that it does not directly identify you). For example, we may combine such aggregated data with the aggregated data relating to our other customer. We may use anonymised information for purposes that include testing our systems, research, data analysis (including analysis of our Services), improving our Services (including their performance and functionality) and developing new products, features, updates, upgrades, modifications or derivative works. We may also share such anonymised information with third parties.
5. DATA RETENTION
We will store the personal information we collect about you for no longer than necessary for the purposes set out in the Annex in accordance with our legal obligations and legitimate business interests.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, as well as applicable legal, regulatory, tax, accounting or other requirements.
As a general guideline, we retain customer ID information (for KYC and AML purposes), transaction data, compliance and complaints records for 5-6 years after the end of the relationship or relevant transaction, in line with applicable financial and anti‑money laundering regulatory requirements and statutory limitation periods and for such longer periods as may be required in accordance with the above criteria.
6. RECIPIENTS OF PERSONAL INFORMATION
We may share your personal information with the following categories of recipients (as required in accordance with the uses set out in the Annex):
- Globus affiliates: Affiliate entities within the Globus corporate group, for example, where they provide services on our behalf or where such sharing is otherwise necessary in accordance with the uses set out in the Annex
- Payment counterparties: we will need to share relevant transaction data and financial account details with payment counterparties, their banks and payment service providers and intermediary institutions as needed to provide the Services.
- Service providers: we may share your personal information with third party providers that perform services for us or on our behalf, which may include providing mailing, marketing, advertising, fraud prevention, support, security, IT, web and/or cloud hosting, payment services or analytics, social media or search services. Certain back-office administration and operational support functions are performed by a business process outsourcing (BPO) provider.
- KYC/AML provider: we share your personal information with our provider(s) as needed to carry out "Know Your Client", anti-money laundering, compliance (including sanctions and PEP) and other background checks.
- Professional advisors: we may share your personal information with our lawyers, accountants, insurers and other professional advisors to the extent we need to (for example, to defend ourselves against legal claims).
- Fraud prevention agencies: the personal information we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraudulent or other unlawful activity is detected, you could be refused certain, or all, of our Services.
- Business partners: we may share your personal information (such as contact details) with our business partners where this is necessary in the normal course of our business.
- Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
- Research agencies (or their respective partners): if you have agreed to participate in a research group, user testing, collaboration exercise, questionnaire regarding the service, focus group or similar-type project in respect of the service, we may share certain information of yours with the research agency or our business partner (and/or their respective partner as appropriate) that requires your information as part of that project.
- Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement or regulatory bodies (such as the Financial Conduct Authority); (ii) detect and investigate illegal activities, unlawful activity and / or breaches of agreements, codes of conduct or similar; and / or (iii) exercise or protect the rights, property, or personal safety of Globus, its customers or others.
7. MARKETING AND ADVERTISING
From time to time, we may contact you with information about our Services. We may also send you information regarding our other products and services we may offer, updates, exclusive offers, discounts and similar marketing (including related products and services of our partners) which we believe you may be interested in.
Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
We will only send you marketing messages if you have given us your consent to do so, unless consent is not required under applicable law. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of our processing based on consent before its withdrawal. In any case, you have the right to opt out of receiving electronic marketing communications from us by clicking on the 'unsubscribe' link at the bottom of our marketing communications [or changing your preferences within your account].
We may also participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your online browsing history and your interests. To do this, we or our advertising partners may collect information about how you use or connect to our Services, social media services, or content and ads that you (or others using your device) visit so that we or our advertising partners may play or display ads on websites or apps you may use, and on other devices you may use.
To learn about interest-based advertising and how you may be able to opt-out of some of this advertising and to limit some third-party advertising cookies, you may wish to visit:
- Your Online Choices (http://www.youronlinechoices.com/)
- Network Advertising Initiative (http://www.networkadvertising.org/)
- Digital Advertising Alliance (http://www.aboutads.info/consumers)
8. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration or damage. All personal information we collect will be stored on our secure servers using reputable cloud infrastructure providers, with strong access controls, encryption in transit and at rest, and role-based access for authorised personnel only.
International Transfers of your Personal Information. Customer and transaction data is primarily stored in secure data centres within the UK and/or European Economic Area ("EEA"). However, we may from time to time need to transfer and store personal information in countries outside of the UK and European Economic Area where our group affiliates are based and our third-party service providers have operations. These international transfers of your personal information will be made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the UK government or European Commission as applicable. If you wish to enquire further about the safeguards used, please contact us using the details set out at the end of this privacy policy.
9. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
- Right of access. You have the right to obtain access to your personal information.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another data controller.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if, for example, the continued processing of that personal information is not lawful.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
- Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent, but without affecting the lawfulness of our processing based on consent before its withdrawal.
You also have a right to object to any processing based on our legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the "unsubscribe" link set out in any marketing communication you receive.
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
If you wish to exercise one of these rights, please contact us using the contact details at the end of this privacy policy.
You also have the right to lodge a complaint to your national data protection authority. If you are in the UK, information on how to contact the Information Commissioner is available at www.ico.org.uk. We would of course prefer that you contact us first if you have any complaints or concerns regarding how we have used your personal information.
10. COOKIES AND SIMILAR TECHNOLOGIES
Our website uses cookies and similar technologies to distinguish you from other users of our website. Please refer to our Cookies Policy for more information as to the way in which we use such technologies on our website.
11. LINKS TO THIRD PARTY SITES
Our Services, terms and policies may, from time to time, contain links to and from third party sites, including those of our business partners and advertisers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to the relevant data controller.
12. CHANGES TO THIS POLICY
We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the "last modified" date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.
13. CONTACTING US
If you have any questions, comments and requests regarding this privacy policy, you can contact us using one of the following methods:
By post:
FAO Privacy Officer
69 Old Broad Street, London, England, United Kingdom, EC2M 1QS
By email: legal@globus-payments.com
This privacy policy was last modified on the 28 November 2025.
ANNEX – PERSONAL INFORMATION WE COLLECT
| Category of personal information | Purpose of Processing | Lawful basis for processing |
|---|---|---|
| Contact details (including first name, last name, email address, phone number, and business address, country of operation), account preferences (including marketing and communication preferences). | To send you marketing and promotional content and to respect opt-outs and marketing preferences. To send you information regarding changes to our policies, other terms and other administrative information such as reminders, technical notices, updates and security alerts. To contact you to help us with market research. |
Unless consent is required under applicable law, it is in our legitimate interests to market relevant products and services to promote and grow our business. It is in our legitimate interests to ensure that any changes to our policies, terms and other such technical updates are communicated to you. It is in our legitimate interests to request your feedback or invite you to participate in a research (or similar) project to improve our Services, better understand the needs of our customers, enhance the user experience and grow our brand. |
| Business and financial profile (including estimated volumes, currencies, sectors, and counterparties) to the extent it constitutes personal data. | To assess risk, determine eligibility, set transactional limits and pricing, and comply with regulatory and scheme rules. | Compliance with legal and regulatory requirements. Otherwise, such processing is necessary for our legitimate interests to assess risk, determine eligibility, set transactional limits and determine pricing. |
| Contact details and communication data (including emails, chat transcripts, call notes and query or complaint details). | To provide you with information and materials that you request from us. To respond to your queries and / or address any complaints. When you submit a contact or enquiry form, request a demo, apply for an account or otherwise communicate with us to enter into a business relationship. To communicate with you as needed in relation to our Services to you and to maintain our business relationship with you. |
It is in our legitimate interests to respond to your queries and provide any information and materials requested to generate and develop business. Such processing may be necessary for the performance of our contract with you or to take steps at your request prior to entering a contract. Otherwise, it is in our legitimate interests to communicate with you as needed in relation to our Services to you. |
| Account details (including login credentials, security questions and two-factor authentication details), contact details and communication data. | To facilitate the creation and managing of your (and your business') Globus online account, authenticate logins and prevent unauthorised access and fraud. | Such processing is necessary for the performance of our contract with you or to take steps at your request prior to entering a contract. Otherwise, it is in our legitimate interests to create, manage and keep secure your user account. |
| Contact details and ID information (including date of birth, nationality, ID documents (e.g. passport), proof of address and beneficial ownership details). | To carry out "Know Your Client", anti-money laundering, compliance (including sanctions and PEP) and other background checks (together with any refreshes and on-going monitoring) as needed and, where necessary, share this with other financial institutions and regulatory bodies to comply with relevant laws. | Compliance with legal and regulatory requirements. Otherwise, such processing is necessary for our legitimate interests to verify your identity, perform appropriate checks, comply with regulatory requirements and monitor on-going risk. |
| Financial account details | To provide our Services, including administering and processing of transactions. | Such processing is necessary for the performance of our contract with you. Otherwise, it is in our legitimate interests to provide our Services. |
| Transaction data (including payment instructions, payments to and from counterparties, balances, counterparty details, amounts, currencies, timestamps, references and account identifiers), contact details, account details, communication data, financial account details, and technical information. | To execute and record transactions, provide statements and account history, and detect, investigate and prevent fraud and financial crime. | Such processing is necessary for the performance of our contract with you. Otherwise, it is in our legitimate interests to provide our Services. In certain circumstances, we may need to process transaction data to comply with our legal and regulatory requirements. |
| Transaction data, contact details, financial account details, and technical information. | To monitor transactions for unexpected transfers. To investigate source of funds and / or suspicious activity as necessary. | Compliance with a legal obligation. Otherwise, it is in our and your legitimate interests that we carry out fraud, anti-money laundering and similar checks (for suspicious activity or otherwise) to prevent you and us being defrauded and for the prevention of unlawful activity. |
| Technical information (including IP address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location); and usage data (including clickstream to, through and from the Services, referral source, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, and navigation and search terms used). |
To administer our Services including resolving technical issues, troubleshooting, data analysis, testing, research, statistical and survey purposes. To improve our Services to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access our Services. To help create and maintain a trusted and safe environment on our Services. To ensure that you are provided with marketing and advertising that is in line with your preferences. |
Consent (to the extent required under applicable laws). Where consent is not required, such processing will be carried out based on our legitimate interests to improve our Services, provide a safe and secure environment for our customers, resolve issues for customers and develop and grow our brand. |
| Contact details, transaction data, account preferences, technical information and usage data, and any other data as required for the project. | If you have agreed to participate in a research group, user testing, collaboration exercise, questionnaire regarding our Services, focus group or similar-type project in respect of our Services, we may use certain information of yours and where relevant share it with the research agency or our business partner (and/or their respective partner as appropriate) for the purposes of that project. Such purposes may include (but are not limited to): • analysis of data (e.g. output or feedback) for the purposes of the project • determining whether you have participated in accordance with our rules or terms (or the rules or terms of the relevant third party) |
It is in our legitimate interests (and the legitimate interests of the third party conducting the research) to ensure the project is conducted appropriately and successfully and, ultimately, to improve our Services, better understand the needs of our customers, enhance the customer experience, inform our marketing strategy, gather feedback and/or develop and grow our brand. |
| Contact details (including name and phone number), telephone recordings | To record your calls with our customer services team to comply with applicable laws. | Compliance with a legal obligation. Otherwise, it is in our legitimate interests to establish the existence of facts relevant to the business (e.g. to keep a record of instructions given over the phone) and to monitor that our training and quality standards are being maintained. |
| Any and all personal information mentioned above. | Compliance with any legal and / or regulatory requirements. To exercise or protect the rights, property, or personal safety of Globus, its customers, staff or others |
Compliance with a legal obligation. To pursue our legitimate interests in protecting the rights, property, or personal safety of Globus, its customers, staff or others (including for the purpose of establishing, exercising or defending our legal rights). |