Seapoint Privacy Policy

1. Introduction

We are Seapoint Finance Ltd, a financial technology platform based in Dublin, operating seapoint.co. This Privacy Policy applies to the following entities:

Seapoint Finance Limited, a company registered in Ireland with company number 767570, and registered address 6 Mount Street Upper, Dublin 2, D02 VF44, Ireland. This entity is the primary data controller for users in the European Economic Area (EEA).

Seapoint Finance UK Limited, a company registered in England and Wales with company number 16138873, and registered address 1st Floor 8 Bridle Close, Kingston Upon Thames, London, United Kingdom, KT1 2JW. This entity is the primary data controller for users in the United Kingdom (UK) and it’s data controller registration number is ZB874525.

Seapoint Finance Limited and Seapoint Finance UK Limited operate under the following regulatory arrangements:

Seapoint Finance UK Ltd is an appointed representative of Modulr FS Limited, authorised and regulated by the Financial Conduct Authority (FRN: 900573).

Seapoint Finance Ltd is an appointed representative of Modulr Finance BV, authorised and regulated by De Nederlandsche Bank N.V. (R182870).

Seapoint Finance UK Ltd is also a PSD Agent of Yapily Connect Ltd (FRN: 827001).

This Privacy Policy explains how we collect, use, and process your personal data when you use our Website (https://seapoint.co) and our App. It details the personal data we collect, how we protect it, when we may share it, and your rights regarding your data. In short: We collect your name, contact details, and financial data to provide our services, meet legal obligations, and improve our platform. You retain the rights to your personal data, and you can access, update, or delete your data and more by contacting us at dpo@seapoint.co.

Please read this Policy carefully—it becomes legally binding when you use our Services. We are committed to handling your personal data responsibly and in compliance with the laws of the countries where we operate, including the General Data Protection Regulation (GDPR) for the EEA and the UK GDPR for the UK. If you have questions about your personal data, email us at dpo@seapoint.co.

2. Definitions

Agreement: Seapoint Finance’s Terms of Service and its Schedules, as amended and available in the App and Website.

App: Our web application through which we provide Services.

Data Controller: A person or entity determining the purposes and means of processing personal data.

Data Processor: A person or entity processing personal data on behalf of the controller.

Data Processing: Activities like collection, storage, use, or deletion of personal data.

EEA: European Economic Area.

GDPR: Regulation (EU) 2016/679 (General Data Protection Regulation).

UK GDPR: Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419).

Seapoint, we, us, our: Seapoint Finance Limited and/or Seapoint Finance UK Limited, as applicable.

Services: Services provided under the Agreement.

KYC: "Know Your Customer," a regulatory requirement to identify and verify customers.

Personal Data: Information relating to an identifiable person (e.g., name, ID number, location data).

Policy: This Privacy Policy, as amended and available in the App and Website.

Website: https://seapoint.co.

3. What Data We Collect About You

The personal data we collect depends on how you interact with Seapoint Finance. As a financial technology platform, we provide Services to companies, and their representatives. When you use our Services, you may be:

An Account Representative: A representative, director, or employee responsible for applying for, managing, or giving instructions on a Seapoint Finance account.

An Authorised User: Any person authorised by the Account Representative to use/access the Services on behalf of the Customer.

A Beneficial Owner or Director: A person with significant control (PSC) or ownership in a company that holds a Seapoint Finance account, as required for Know Your Business (KYB) checks.

A Customer of a Seapoint Finance Account Holder: If you transact with a company using our Services, that company controls your data, and we process it on their behalf.

For Account Owners, Authorised Users, and Beneficial Owners/Directors, Seapoint Finance Limited (EEA) or Seapoint Finance UK Limited (UK) is the data controller, depending on your location. For Authorised Cardholders, the company holding the account is typically the primary controller, though we may also act as a controller (e.g., for fraud checks or marketing). Contact the account-holding company for their data practices.

Below are the types of personal data we collect and their sources:

Information You Provide

We collect data when you:

Apply for or manage a Seapoint Finance account.

Complete forms, surveys, or KYB/KYC processes.

Link other financial accounts (e.g., via Open Banking).

This includes:

Personal Details: Full name, date of birth, place of birth, nationality.

Contact Information: Email address, phone number, business and/or residential address (with proof like utility bills or bank statements).

Identity Data: Copies of ID documents (e.g., passport, driver’s license), selfies or videos for verification, biometric data (e.g., facial scan from photos/videos for KYB/KYC).

Business Role Data: Job title, employment status, or authority to act on behalf of a company.

Company-Related Data: Details of shareholders, directors, beneficial owners (e.g., name, date of birth, ownership percentage), tax residency, tax ID number, source of funds/wealth.

Financial Data: Bank account details, payment card info (e.g., number, expiry, CVC), details of linked accounts.

If you provide data about others (e.g., company directors), you must ensure they’re informed of this Policy.

Information from Your Company or Employer

If a company nominates you as an Account Owner, Authorised User, or Cardholder, they may provide:

Your name, business contact details, and role.

Employment details (e.g., salary, tax info) if they use our payroll features.

Information from Your Use of Our Services

We collect data when you use our App, Website, or Services, including:

Transaction Data: Details of payments, deposits, withdrawals (e.g., date, amount, currency, recipient/sender details, merchant info, IP address of transaction parties).

Usage Data: How you use our Services (e.g., frequency, features accessed, account activity).

Card Data: Transactions or requests linked to Seapoint Finance cards.

Information from Your Device

To ensure security and improve Services, we collect:

Technical Data: IP address, device ID, browser type/version, operating system, time zone, language settings, mobile network info.

Behavioral Data: Page visits, clicks, response times, errors in the App/Website.

Location Data: If enabled, to prevent fraud or tailor Services.

Information from Third Parties

We may collect data from:

Regulatory Sources: Credit reference agencies (e.g., for identity verification), fraud prevention agencies, public records (e.g., Companies House, Electoral Register).

Financial Partners: Banks, payment providers, or Open Banking services you link.

Public Sources: Media, online directories, or social media (e.g., for KYB/AML checks).

Notes

Not all data is collected for every user—collection varies by role and Service usage.

For prospective customers (e.g., those exploring our Services), we may collect limited data (e.g., email) under a separate notice.

See Annex 1 for a detailed breakdown of data, purposes, sources, and legal bases.

4. Why We Use Your Data

We process your data to:

Fulfill our obligations under the Agreement and provide Services.

Comply with legal and regulatory requirements (e.g., KYC, anti-money laundering).

Notify you of Service changes.

Ensure Service safety and security.

Administer and improve our Services.

Measure advertising effectiveness and deliver relevant ads.

Analyze and categorize customers for business development.

Combine your data with information from other sources for these purposes.

If you decline to provide requested data, we may be unable to offer Services.

5. Legal Basis for Using Your Data

We rely on:

Consent: E.g., for marketing materials (you can withdraw consent anytime).

Performance of a Contract: E.g., to provide Services or handle customer support.

Legal Obligations: E.g., for anti-money laundering compliance.

Legitimate Interest: E.g., for fraud prevention, IT security, or business development. We assess our interests to ensure they don’t override your rights.

See Annex 1 for specific examples.

6. Sharing Data

We minimize sharing your personal data and anonymize it where possible. We may share data with:

Public Authorities: When legally required (e.g., by financial regulators or tax authorities), who act as independent controllers.

Service Providers: To:
- Facilitate financial market participation (e.g., trade execution partners).
- Deliver data (e.g., market information).
- Maintain IT infrastructure (e.g., servers).
- Meet regulatory obligations (e.g., KYC monitoring). These providers act as processors under our instructions.

We may transfer data outside the EEA or UK if necessary (see Annex 1). For EEA-UK transfers, we rely on the EU-UK adequacy decision. For other regions (e.g., the US), we use Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO, or other safeguards. Request details at dpo@seapoint.co.

We may also share anonymized, aggregated data (e.g., demographics) with partners to improve Services or marketing, ensuring you cannot be identified.

7. Where We Store Your Data

Your data is stored in databases in Ireland, hosted by us or our service providers. We use encryption, access controls, and regular security audits to protect it. For transfers outside the EEA/UK, see Section 6.

8. How Long We Keep Your Data

We retain data only as long as necessary:

General Retention: At least 5 years after our business relationship ends, per EU AML Directive 2015/849 and UK Money Laundering Regulations 2017.

Exceptions: Longer if required by law, due to legal proceedings or an investigation, or due to legitimate interest (e.g., partner requirements), or shorter for non-regulatory data (e.g., marketing data is deleted upon consent withdrawal).

We delete unneeded data in compliance with applicable laws.

9. Your Data Protection Rights

Under GDPR and UK GDPR, you have:

Right to Access: Request what data we hold (subject to regulatory limits).

Right to Rectification: Update inaccurate data.

Right to Erasure/Restriction: Ask us to delete or limit use of your data (we may retain some for legal reasons, e.g., AML retention).

Right to Data Portability: Receive your data in a machine-readable format or have it sent to another controller (for data provided by consent or contract).

Right to Object: Object to processing based on legitimate interest (e.g., profiling for marketing).

Right to Withdraw Consent: Stop consent-based processing (e.g., marketing) anytime via email or unsubscribe links. This may limit Services.

Contact dpo@seapoint.co to exercise these rights.

10. Requesting Deletion of Data

Email dpo@seapoint.co to request deletion, restriction, or details of your data. We’ll respond within one month, starting on the day your request is received. If regulatory requirements (e.g., AML laws) prevent deletion, we’ll explain why. Deletion may restrict Services.

11. Complaints

Raise concerns at complaints@seapoint.co. If unresolved, contact:

UK: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK. Helpline: 0303 123 1113. Website: https://ico.org.uk/make-a-complaint/.

EEA: Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. Website: https://www.dataprotection.ie/. You may also contact your local EEA data protection authority.

You may also seek judicial remedy.

12. Applicable Law and Jurisdiction

For Seapoint Finance Limited, this Policy is governed by Irish law, with disputes subject to Irish courts. For Seapoint Finance UK Limited, UK law applies, with disputes subject to UK courts. This does not affect your rights to refer complaints to supervisory authorities.

13. Changes to This Policy

We may update this Policy, posting changes here and notifying you of significant updates via email. Review it periodically.

Annex 1: Personal Data Processing Details

Personal Data	Purpose	Source	Legal Basis
Name, phone number, date of birth, ID number, age	Meet regulatory obligations; identify Agreement parties	You, public databases (for verification)	Legal obligations (Art. 6(1)(c)); Contract (Art. 6(1)(b))
Email, address, IP, supporting docs (e.g., utility bills)	Contact you; regulatory purposes	You	Contract (Art. 6(1)(b)); Legal obligations (Art. 6(1)(c))
Bank details, tax info, citizenship, employment, source of wealth, ID data	Understand clients; Meet regulatory obligations of Seapoint or our financial partners.	You	Legitimate interest (Art. 6(1)(f)); Legal obligations (Art. 6(1)(c))
Usage data (e.g., frequency, features used)	Improve Services and marketing; Meet regulatory obligations of Seapoint or our financial partners.	You	Legitimate interest (Art. 6(1)(f)); Legal obligations (Art. 6(1)(c))
Marketing data (e.g., email, citizenship)	Send marketing materials; Meet regulatory obligations of Seapoint or our financial partners.	You	Consent (Art. 6(1)(a)); Legal obligations (Art. 6(1)(c))
Financial data (e.g., payment info, investments)	Provide Services; improve platform	You, service providers	Contract (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Service info (e.g., onboarding state)	Provide Services and educational content; Meet regulatory obligations of Seapoint or our financial partners.	You	Legitimate interest (Art. 6(1)(f)); Legal obligations (Art. 6(1)(c))
Company rep contact info	Introduce Services; Meet regulatory obligations of Seapoint or our financial partners.	Public data	Legitimate interest (Art. 6(1)(f)); Legal obligations (Art. 6(1)(c))
Customer support comms	Provide Services	You	Contract (Art. 6(1)(b))
Security data (e.g., access logs)	Ensure Service security	You, public databases	Legitimate interest (Art. 6(1)(f))

Note:

Our Services are not intended for individuals under 18.