Privacy Statement for iroom.ai Financial Services
In addition to the Privacy Statement for iroom.ai Business Partners, the iroom.ai Financial Services (IAFS) privacy statement applies in connection with IAFS' payment services for accommodation partners.
Introduction
First things first – your privacy is important to us. You place your trust in us by using our services and we value that trust. That means we’re committed to protecting and safeguarding any personal data you give us. This privacy statement describes how we use and process your personal data. It also tells you what rights you can exercise in relation to your personal data and how you can contact us.
This is the privacy statement for iroom.ai Financial Services (‘IAFS’). As you know, IAFS offers payment and financial services to business partners of iroom.ai B.V. (‘iroom.ai’) and we may collect information relating to them and other persons in connection with our services.
This privacy statement will apply in addition to the iroom.ai Privacy Statements for customers and for business partners. If you are looking for the iroom.ai Privacy Statement and you are a business partner, click here. If you are a booker, click here.
We are a controller of your personal data. This means we determine why and how we use information about you. In some circumstances, we will do so jointly with iroom.ai and we agreed with them that they will be the contact point for you in relation to that arrangement. Please see the iroom.ai Privacy Statements above for more information.
This privacy statement applies to our collection and use of personal data. This includes any personal data you may provide as part of any contract you enter into with us and any personal data you provide or we collect (or is available to us) through your use of our services or otherwise. We may provide other notices on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This statement supplements those and is not intended to override them.
We might amend this privacy statement from time to time, so we recommend you check this privacy statement occasionally to stay informed of how we use your data.
Terms we use in this Privacy Statement
'IAFS’, ‘us’, ‘our’ or ‘we’ means iroom.ai Financial Services. There’s more about who we are below.
‘Our services’ means the Payments by iroom.ai Service we provide to business partners of iroom.ai.
'Personal data’ means any information about an identifiable living individual. This may include your name, title, date of birth, gender, postal address, email address, telephone number, bank account details or information about you in your identification documents.
‘You’ means an individual using our or iroom.ai's services or any other individual whose personal data we may collect through their interactions with us, from our group companies, third parties or by other means.
Who we are
The following entities make up IAFS:
- iroom.ai Financial Services International Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
- iroom.ai Financial Services UK Limited, 280 Bishopsgate, London, EC2M 4RB, United Kingdom.
This privacy statement applies to the processing of personal data by any of the entities making up IAFS.
All of the entities that make up IAFS are wholly owned subsidiaries of iroom.ai Inc. For more information about iroom.ai Inc. and our wider group of companies, please visit the iroom.ai website.
Keeping your information accurate and up to date
It is important that the personal data we hold about you is accurate and current. If the information we hold about you is incorrect or if your personal data changes, please update your information in the iroom.ai online portal, website or mobile application.
What kind of personal data do we collect?
We collect personal data about business partners when they register and apply for our services. This includes personal data about business partners’ representatives, directors, owners, authorised signatories and bank account holders. We also collect personal data about business partners as they use our services and in order to process payments.
As a regulated payment services provider, we (and our service providers, on our behalf) carry out identity verification and screening checks designed to ensure that our payment services are not being used for unlawful, fraudulent or dishonest purposes.
We may obtain information about you from iroom.ai, authorised third party data providers and credit reference agencies in order to carry out these checks.
We may also collect personal data about bookers (guests who have booked accommodation on the iroom.ai website) to provide our services or to comply with our legal or regulatory obligations. This data may be collected directly by us, from iroom.ai or from other third parties we use to provide our services.
Further information about the personal data we process is here:
| Category | Examples | Source |
|---|---|---|
| Identity Data | First name, Surname, Maiden name (if applicable), Title, Date of birth, Country of residence / citizenship, Personal identification numbers (e.g. national insurance/social security number) as permitted under applicable law, Passport details, photograph, Unique tax reference numbers | You / Your representative |
| Biometric Data | A unique identifier collected by a scan of your photograph using facial recognition technology | You |
| Contact Data | Residential and/or business address, Email address, Telephone number | You, iroom.ai |
| Contractual and Customer Service Data | Details of your interactions with IAFS including call recordings, Information about your use of the products and services we have contracted to provide you or your organisation | You, iroom.ai |
| Financial Data | Bank account details, Payment details, including details of payment cards, Transaction data | You, iroom.ai, Payment processors |
| Background Data | Credit references, Financial standing, Employment positions | Credit reference agencies |
| Screening Data | Details of transactions, Fraud alerts, Anti-money laundering alerts, Relevant information in the public domain about you (including information about insolvency filings, director disqualifications, inclusion on sanctions lists or actual or alleged financial or related crimes), Family/associate/affiliation information in the public domain (e.g. if you are connected to a politically exposed person), Source of wealth and source of funds, where relevant and required by law, Employment position / educational details, where relevant | You, Your bank, Payment processors, Payment screening providers, Third party data providers |
If we ask you to provide us with your personal data to enable us to comply with our legal or contractual obligations, or to enter into a contract with you and you fail to do so, we may not be able to enter into a contract with you and provide you with our services.
If you provide any of the above personal data about another person, it is your responsibility to ensure that they have had an opportunity to read this privacy statement. By providing their personal data, you acknowledge and confirm that they are aware of and have agreed to submitting their information.
Why do we collect and use your personal data?
We use personal data relating to business partners’ directors, authorised signatories and owners to provide our services.
We also use personal data relating to business partners or their representatives to promote and develop our services and operate our business. In addition, we use personal data to fulfil our legal obligations and exercise our legal rights.
We collect and use personal data relating to bookers to provide our services or to comply with our legal or regulatory obligations (e.g. carrying out an investigation in order to comply with anti-money laundering regulations).
We must identify a lawful ground to use personal data. Our lawful ground for using personal data to provide our services is that using the personal data is necessary for the performance of a contract we have with you, or to take steps at your request prior to entering a contract with you.
We also rely on other lawful grounds when promoting and developing our services, or when meeting our legal obligations or exercising our legal rights. For example, we will process your personal data to meet our legal and regulatory obligations as a payment and financial services provider. We will also use your personal data for the purposes of any legitimate interest we identify and communicate to you in advance or as set out below.
We will only use your personal data for the purposes of a legitimate interest when there is no unfair impact on you. Finally, we may ask you for your consent in order to process your personal data for a particular purpose. In such a case, you always have the right to withdraw such consent at any time.
Further information on our lawful grounds for collecting and processing personal data is here:
| Purpose / activity | Category | Lawful ground |
|---|---|---|
| Assessing applications for our services | Identity Data, Contact Data, Background Data | Taking steps at your request prior to entering a contract with you |
| Verifying your identity | Biometric Data | Your explicit consent |
| Providing our services to you or your organisation (including customer support) | Identity Data, Contact Data, Contractual Data, Financial Data, Customer Service Data | Performance of our contract with you, Our legitimate interest to provide our services to your organisation |
| Processing payments from you | Contact Data, Financial Data | Performance of our contract with you |
| Sending you messages about your use of our services | Contact Data, Contractual Data | Performance of our contract with you |
| Compliance with laws and regulations, including anti-money laundering and financial services regulations and guidelines, managing financial crime risks (including monitoring transactions) | Identity Data, Contact Data, Contractual Data, Financial Data, Screening Data | Our legal obligations and legitimate interests in detecting, preventing and investigating unlawful or fraudulent acts or dishonesty |
| Developing and improving our services | Contractual Data, Customer Service Data | Our legitimate interest to enhance the services we provide, protect our interests and improve the performance of our business |
| Carrying out marketing and research | Identity Data, Contact Data | Our legitimate interests to carry out marketing and research in order to promote and develop our services |
Where we rely on our legitimate interests, we have carried out a balancing test to ensure that your rights are not unfairly impacted. For further information on our legitimate interests, please contact us using the contact details below.
Who do we share your personal data with?
To provide our services, we need to share your personal data with a number of third parties. This includes:
- iroom.ai, our parent company
- third party service providers (such as payment processors, providers of identity verification services, and providers of IT services)
- financial institutions and credit reference agencies
- regulators and government agencies
- legal, financial and other professional advisers
We require third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where do we store your personal data?
We may transfer your personal data to, or store it in, countries outside of the European Economic Area (‘EEA’). When we transfer your personal data outside the EEA, we ensure it is protected by taking steps to ensure that such transfers comply with applicable data protection laws, such as entering into the European Commission’s Standard Contractual Clauses.
If you would like to receive a copy of the Standard Contractual Clauses, please contact us using the contact details below.
How long do we keep your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we