Privacy Policy
AS "Money Express", registration number 40103317582 (hereinafter – the Controller) privacy policy (hereinafter – the Policy) aims to provide an individual - data subject, with information about the purpose, scope and protection of personal data processing, as well as other information when processing the data subject's personal data. The Controller, when processing personal data, complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the Regulation.
Controller's contact information: legal address: Lāčplēša iela 88, Rīga, LV-1003, Phone +371 80808080, e-mail: info#64;moneyexpress.lv.
The Controller's data protection officer Uldis Sīpols can be contacted on data protection issues by calling +371 26658265. We inform you that the mentioned means of communication with the Controller's data protection officer are not intended for message requests when exercising your rights as a data subject
We inform you that the Controller may change this Policy, so please check it to ensure that you are informed and familiar with its changes.
We respect your privacy, therefore the security of your personal data is our priority. We use appropriate organizational and technical means to ensure the ongoing security of your personal data and compliance of data processing with the requirements of data protection regulations, as well as our internal rules.
We comply with the requirements of personal data protection regulations and in each data processing process we ensure that we collect only the information necessary to achieve the purposes set out in this Policy.
Personal Data Processing Procedures
1. For activating a user account
| Required data | |
|---|---|
| Data types | First name, last name, e-mail, phone, residential address. |
| Purpose of personal data processing | Registration on the website https://gold.moneyexpress.lv/ |
| Legal basis for data processing | Article 6(1)(a) of the Regulation |
2. For advertising new services and products
| Required data | |
|---|---|
| Data types | Contact information |
| Purpose of personal data processing | Sending the Controller's advertising offers, their promotion |
| Legal basis for data processing | Article 6(1)(a) of the Regulation |
3. For preparation, conclusion and performance of a contract
| Required data | |
|---|---|
| Data types | First name, last name, contact information (phone, e-mail address), data related to income and obligations, data related to compliance with the "know your customer" principle, data related to the transaction. |
| Purpose of personal data processing | Purchase processing, gold sale. |
| Legal basis for data processing | Article 6(1)(b) of the Regulation |
4. Prevention of money laundering, terrorism and proliferation financing and application of sanctions
| Required data | |
|---|---|
| Data types | First name, last name, personal identification number, residential address, identity document data, contact information, data related to income and obligations, data related to compliance with the "know your customer" principle, data related to the transaction. |
| Purpose of personal data processing | To fulfill a legal obligation applicable to the Controller by conducting customer due diligence on the Controller's customer. |
| Legal basis for data processing | Article 6(1)(c) of the Regulation |
5. Consideration of objections, claims, complaints, suggestions
| Required data | |
|---|---|
| Data types | First name, last name, contact information, information contained in correspondence |
| Purpose of personal data processing | Consideration of objections, claims, complaints, suggestions, notifications and other applications, their processing. |
| Legal basis for data processing | Article 6(1)(f) of the Regulation |
6. Providing consultations
| Required data | |
|---|---|
| Data types | First name, contact information |
| Purpose of personal data processing | Providing consultations by answering customer questions. |
| Legal basis for data processing | Article 6(1)(a) of the Regulation |
7. Debt recovery
Within the framework of service provision, the personal data we have obtained may be transferred to debt recovery service providers. Please note that only the data necessary for debt recovery may be transferred.
| Required data | |
|---|---|
| Data categories | First name, last name, personal identification number and date of birth, contact information (residential address, declared address, phone number, e-mail address), information about the basis for the debt and its amount. |
| Purpose of personal data processing | Debt recovery |
| Legal basis for data processing | Article 6(1)(f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party) |
8. Video surveillance
In order to take care of security, video surveillance is carried out in the Controller's premises and service locations.
| Required data | |
|---|---|
| Data categories | Visual image of a natural person. |
| Purpose of personal data processing | To ensure property protection against unlawful actions, preventing violations of property rights, theft and other threats to property rights. |
| Legal basis for data processing | Article 6(1)(f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party) |
9. Recording of telephone conversations
| Required data | |
|---|---|
| Data categories | First name, last name, personal identification number, description of the situation |
| Purpose of personal data processing | For customer service quality purposes |
| Legal basis for data processing | Article 6(1)(f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party) |
10. Payment administration
| Required data | |
|---|---|
| Data categories | First name, last name, personal identification number/ID number, address, work experience, information about services provided, bank account number, other provided information related to payment administration |
| Purpose of personal data processing | Settlements with customers for received/provided services. |
| Legal basis for data processing | Article 6(1)(b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract); Article 6(1)(c) of the Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject); |
11. For customer identification
| Required data | |
|---|---|
| Data categories | First name, last name, personal identification number (in customer service centers identification is carried out by identity document), biometric data when using the ATM system, by giving consent to personal data processing. |
| Purpose of personal data processing | for customer identification, including when using the ATM system for identity authentication, real-time facial biometrics is used. If you do not wish to provide your biometric data when using the ATM system (currency exchange ATM), you have the option to visit the nearest Money Express customer service center and receive the desired service. |
| Legal basis for data processing | Article 6(1)(b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract); Article 6(1)(c) of the Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject); Article 9(2)(a) of the Regulation (the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except). |
The list of data processing purposes contained in this Policy is not exhaustive; personal data of individuals may also be processed for purposes not mentioned in this Policy.
Personal Data Recipients
The Controller may use personal data processors for personal data processing. In such cases, the Controller takes the necessary measures to ensure that such personal data processors process personal data in accordance with the Controller's instructions and in compliance with applicable regulations and requires appropriate security measures to be taken.
Your personal data may be provided to other data recipients only if there is a justification established by regulations.
We process your personal data in the territory of the European Union. Your personal data may be transferred outside the European Union or the European Economic Area only in accordance with regulations.
Personal Data Storage Period
The Controller stores personal data in accordance with the defined purposes of personal data processing and the legal bases for personal data processing, as long as at least one of these criteria exists:
- there is a legal obligation to store the data;
- it is necessary to implement its legitimate interests;
- it is necessary to fulfill undertaken contractual obligations;
- The data subject's consent to the relevant personal data processing is in force.
Access to Your Personal Data and Other Data Subject Rights
- To receive information about the personal data that the Controller processes about the data subject, the data subject has the right to contact the Controller in the manner established by regulations and obtain information.
- The data subject has the right to request restriction of personal data processing, object to personal data processing, request correction of personal data, as well as in certain cases their deletion, in accordance with the provisions of the Regulation.
- The Controller communicates with the data subject: in person, having previously identified the data subject; by mail, sending mailings to the person's specified residential address as registered mail; by communicating via e-mail, responding to the e-mail that the data subject indicated in the application signed with a secure electronic signature; by writing to the Controller's official electronic address or e-address.
- In cases where personal data protection violations are detected or there are suspicions of a possible violation, we encourage you to contact the Controller. Complaints about personal data protection violations can also be submitted to the personal data supervisory authority – the State Data Inspectorate (legal address: Elijas iela 17, Rīga, LV-1050).
Consent to Data Processing and the Right to Withdraw It
The data subject has the right to withdraw consent to data processing at any time in the same way as it was given, and in such case further data processing based on previously given consent for a specific purpose will not be carried out in the future. Withdrawal of consent cannot interrupt data processing carried out on the basis of other legal grounds
Profiling
Profiling is any form of automated personal data processing to analyze or predict you. The Controller does not do this.
THIS POLICY WAS LAST UPDATED ON NOVEMBER 11, 2025