A R I A

Privacy Policy

Aria Remit LTD

Untitled Document

1. Introduction & Purpose
Aria Remit Ltd (“we”, “us”, “our”) takes data privacy seriously. We are committed to protecting the personal data of our clients, prospective clients, employees, contractors, service providers, and other stakeholders (“you”, “your”) in line with the UK GDPR and other applicable laws, including the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data.
2. Data Controller
Aria Remit Ltd is the data controller for the personal data we collect and process in our business operations. You can contact us at:

  • Email: info@ariaremit.co.uk
  • Address: 609 Romford Road, E12 5AD, London, UK
  • Telephone: +44 20 4618 8658

3. What Data We Collect
We may collect and process the following categories of personal data:

  • Identity data: name, date of birth, nationality, photo ID, unique identifiers (e.g., national ID, passport)
  • Contact data: address, telephone number, email address
  • Transactional data: payment details, transaction history, account number, bank details
  • Due diligence data: source of funds, occupation, employment, economic activity
  • Sensitive data (where relevant): data required under enhanced due diligence (e.g., politically exposed persons) or due to regulatory requirements (e.g., criminal conviction data to the extent permitted by law)
  • Technical / website data: IP address, cookies, analytics data

4. Legal Basis & Lawful Processing
We process your personal data on the following lawful bases:

  • Legal obligation: To comply with UK law, including but not limited to MLR 2017, where we are required to conduct customer due diligence, customer verification, and record-keeping. Under Regulation 41 of the MLR 2017, personal data collected for anti-money laundering (AML) purposes may only be processed for preventing money laundering, terrorist financing, or proliferation financing. Legislation.gov.uk+1
  • Contractual necessity: To perform our services (e.g., to provide money transfer services) and manage our contractual relationship with you.
  • Legitimate interests: Where appropriate (and after weighing your rights), for example for fraud prevention, improving our services, communication, and business relationship management.
  • Consent: Where required (e.g., for marketing, or processing special categories of data), we will ask for and rely on your explicit consent.

5. Purpose Limitation & Use of Data

  • We will only use your personal data for the explicit and legitimate purposes for which it was obtained. Further processing will be compatible with these original purposes, or otherwise permitted by law (e.g., as required by anti-money laundering legislation).
  • For AML purposes, we will process data only to prevent money laundering, terrorist financing, or proliferation financing, in accordance with MLR 2017. Legislation.gov.uk
  • We will not use your data for purposes incompatible with AML requirements unless you have given your consent or there is a legal basis under another statutory provision.

6. Data Minimisation
We collect only the personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which we process it, in line with UK GDPR principles. ICO+1
7. Accuracy & Data Integrity
We take reasonable steps to ensure that your personal data is accurate, up to date, and complete for processing purposes. You have a responsibility to inform us of any changes to your personal data so that we can keep our records correct.
8. Retention (Storage Limitation)

  • We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law, regulation, contract, or internal policy.
  • For AML data, we retain records in accordance with statutory retention periods dictated by MLR 2017 and any other relevant legal obligations.

9. Security (Integrity & Confidentiality)

  • We implement appropriate technical and organisational measures to ensure the security of your personal data — protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  • Access to personal data is restricted to staff and third parties who need it to perform their functions, on a “need to know” basis.

10. Transfer of Data (International)

  • We may transfer your personal data outside the UK (or EEA) where necessary (for example, to partner organisations, service providers), but only if adequate safeguards are in place (e.g., standard contractual clauses, data transfer agreements) to ensure a level of protection equivalent to UK GDPR.
  • Where required, we assess and document the level of protection in the receiving country or entity before transferring data.

11. Your Rights
Under UK GDPR, you have the following rights (subject to certain exemptions):

  • The right to be informed about how we process your personal data (this privacy policy). GOV.UK
  • The right to access your personal data (subject access request).
  • The right to correct or update your data if it is inaccurate or incomplete.
  • The right to erasure (in certain circumstances) – i.e., have your data deleted.
  • The right to restrict or object to processing (where lawful basis applies).
  • The right to data portability (where applicable).
  • Where processing is based on consent, the right to withdraw consent at any time.
  • The right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO) if you believe your rights have been violated.

12. Specific AML / MLR 2017 Disclosures

  • Before establishing a business relationship (or carrying out an occasional transaction), we will provide you with a statement in accordance with Regulation 41(4) MLR 2017, informing you that your personal data will be processed only for the purposes of preventing money laundering or terrorist financing (or as otherwise permitted by law). Legislation.gov.uk
  • We will not use the data obtained under AML requirements for any other purpose, unless we have your explicit consent or there is another legal basis. Legislation.gov.uk
  • Where special category data or criminal conviction data is processed (e.g., for enhanced due diligence), this will be handled in compliance with the UK GDPR (including Article 9 where applicable) and relevant national data protection legislation.

13. Accountability, Governance & Oversight

  • We maintain a record of our processing activities (as required under Article 30 UK GDPR). UK GDPR
  • We conduct periodic reviews and audits to ensure compliance with this policy and applicable law.
  • Our Data Protection Officer (or other designated individual) is responsible for overseeing this policy, ensuring training, and dealing with data protection inquiries.

14. Data Breaches

  • In the event of a personal data breach, we will follow our internal procedures to assess risk and, where required, notify the ICO (and affected individuals) in accordance with UK GDPR requirements.

15. Cookies & Website Analytics

  • We use cookies (e.g., via Google Analytics) to understand how visitors use our website and to improve our online services.
  • You can opt out of being tracked by Google Analytics by visiting Google’s opt-out tool or by adjusting your browser settings.

16. Changes to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices, legal, regulatory, or business requirements.
  • When we make material changes, we will inform data subjects in a timely manner (e.g., via our website, or email where appropriate).

17. Contact & Complaints

  • If you have any questions, concerns or complaints about how we handle your personal data, or you wish to exercise your rights, you can contact us at info@ariaremit.co.uk or by post at our registered address above.
  • If you remain unhappy after contacting us, you have the right to lodge a complaint with the ICO.

Commentary: Key Changes & Legal Rationale

  1. Alignment with UK GDPR Principles
    • I explicitly restated the UK GDPR data protection principles (lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, security, accountability) in more structured, modern language. ICO+1
    • I included a “rights” section covering subject rights under UK GDPR. GOV.UK+1
    • I added breach procedures reflecting controller obligations. AAT Comment
  2. MLR 2017 / AML-Specific Provisions
    • Under Regulation 41 of MLR 2017, data collected for AML “may only be processed for the purposes of preventing money laundering or terrorist financing.” Legislation.gov.uk
    • Also under Reg 41(4), you must inform new customers before establishing a business relationship that their data will only be used for those AML purposes (or other permitted by law). Legislation.gov.uk+1
    • The policy now explicitly prohibits other, non-permitted uses of AML data unless consent or another legal basis applies.
    • For special category / criminal convictions data (if applicable), I clarified it must be processed in compliance with GDPR (Art 9) and national law.
  3. Data Retention
    • I added a retention policy that acknowledges both GDPR storage limitation principle and AML statutory retention under MLR, to ensure clarity about how long data is kept.
  4. International Transfers
    • Given you potentially transfer data outside the UK / EEA, I included safeguards and mention of data transfer mechanisms (SCCs or equivalent).
  5. Accountability
    • I added explicit mention of maintaining records of processing activities (required under Article 30 UK GDPR). UK GDPR
    • I also mention periodic reviews/audits and a designated data protection officer or responsible person.

Aria Remit LTD is money transfer company in UK provide money transfer services around the world

Company

Service

Contact

Our address:

609 Romford Road, E12 5AD

02046188658

info@ariaremit.co.uk

Copyright © 2025 Aria Remit LTD.