Request a transfer

Data protection

We take privacy and protection of data seriously and are committed to handling the personal information of customers responsibly and in a way that meets all the legal requirements of the countries in which we operate.

In order to make a request for disclosure, please contact us by submitting the DSAR form by clicking here

Privacy Policy

Updated 29th April 2022

1. General Information

This privacy policy is issued by CSI-Club Südamerika International GmbH, registered office in Kaiserstrasse 79, 60329 Frankfurt/Germany (the “Company”, “Controller”, “we” or “us”), as data controller of its customers’ (“Customer” or “you”) personal data, according to GDPR 2016/679.

The Company, as data controller of the processing of Customer personal data, safeguards the acquisition of your personal data provided to inquire about and complete transactions, and further maintains the confidentiality of such personal data to afford you the necessary protection from any event that could put you at risk of unlawful disclosure, in accordance with current legislation.

In connection with the foregoing, we have adopted the following Privacy Policy and corresponding practices concerning the collection and the use of your personal data, as well as the procedure for you to exercise your rights as recognized by applicable legislation. We will update this Privacy Policy and the corresponding practices adopted for the protection of personal data whenever necessary, and, in any case, in the event of regulatory and organizational changes that may affect the processing of personal data.

2. Scope of the Privacy Policy

This Privacy Policy describes the use and protection of personal data and applies anytime you interact with the Company, for example, by using our services in person, requesting a transfer through our website (including through any mobile application), contacting our customer service center or otherwise interacting with us through official channels. Our website may contain links to other websites. We are not responsible for the privacy policies of other websites or services. In collecting personal data, we shall abide by applicable laws and regulations. By using or navigating our website, you acknowledge that you have read and understood this Privacy Policy.

3. Legal Ground for the Right to Assumption and Storage of the Personal Data

The right to assume information and personal data is regulated by the General Data Protection Regulation nr. 2016/679 issued by the European Union. To access the full content of the regulation, you can consult the official website https://eur-lex.europa.eu/eli/reg/2016/679/oj where the text of the regulation is available in all the languages of the European Community. The Company is authorized to request and store personal data exclusively within the limits imposed by the current European privacy law and by the General Data Protection Regulation, in force in all countries of the European Union. Authorized subjects are allowed access to a customer's personal data to the extent and within the limits in which it is necessary for carrying out the requested transaction and for compliance with anti-money laundering and anti-terrorist financing regulations.

Should you refuse to provide the personal data necessary for the execution of a requested transaction, we cannot guarantee delivery of the services, i.e. completion of the transaction.

4. Personal Information Collected by the Company

We collect your personal information, for example, when you use our services, contact us, access our website and/or use it along with other information collected or generated during our relationship with you. Depending on your interaction with us, we may collect and process the following personal information which allows us to identify you as an individual.

We may collect and use the following data about you:

You may give us information about you when you sign up to use our service, for example, your full name and your email address. This also includes information you provide through your continued use of our services directly or on our website, by entering a competition or promotion, completing a survey, or if you provide feedback on our services. The information you give us may include (in addition to your full name and e-mail address) your address, phone number, financial information (including debit card or bank account information), payment reason, geographical location, social security number, relationship to your beneficiary and selfies or other images used to verify your identity.

We may also request that you provide additional information, if you send certain high-value or high-volume transactions, or as otherwise needed to comply with our anti-money laundering obligations under applicable law. This may include information about the origin of the funds you are sending, including personal data related to a person upon whose behalf you are entering the transaction. You agree that you are authorized to share the personal data of any other person whose personal data you provide to the Company.

We may also collect technological information about your interaction with the Company, such as your IP address, browser and device information; CCTV data; information collected through cookies; demographic information and other information provided by you that may or may not reveal your specific identity.

We are also working with third parties and may receive information about you from them e.g., the banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details; business partners may provide us with your name and address, as well as financial information, such as debit card payment information.

Children’s information: Our services are directed at adults 18 years and over and not intended for children. We do not knowingly collect information from this age group. If any information is collected from a child without verification of parental consent, it will be deleted.

5. Use of Personal Data and Information that Are Given by Customer

The Company ensures that the processing of personal data is lawful, i.e., that there is at least one justification for the processing pursuant to Article 6 (1) GDPR:

Customer consent (Art. 6 Para. 1 lit. a GDPR);

Fulfillment of a contract (Art. 6 Para. 1 lit. b GDPR);

Fulfillment of a legal obligation (Art. 6 Para. 1 lit. c GDPR);

Performance of a task in the public interest or in the exercise of official authority (Art. 6 Para. 1 lit. e GDPR); or

Processing takes place in the legitimate interest of the institute (Art. 6 Para. 1 lit. f GDPR).

The Company will process a Customer’s personal data for the following purposes:

Execution of the requested transaction.

Customer identification for better access via the internet portal.

Provide customer service assistance.

Fulfillment of customer due diligence obligations.

Prevent fraud or money laundering or any other crime related to money transfer.

Fulfillment of legal obligations or an order of the judicial or public security authorities.

Fulfillment of requests from public authorities, including foreign authorities, in compliance with current international legislation.

Commercial information, surveys, or market surveys to improve the service.

In accordance with these purposes, your personal data could be forwarded to a correspondent payer or foreign bank to enable collection of the funds by your beneficiary, to credit rating or other professional services utilized for fraud detection and other purposes related to the services, or to foreign or domestic public authorities (such as the Financial Information Unit) as required to fulfill regulatory obligations.

6. Right of Accesss, Cancellation, Correction of Personal Data and Withdrawal of Consent by the Customer

Customers and non-customers (data subjects) have a right to information (Art. 13 and 14 GDPR), a right to access (Art. 15 GDPR), a right to correction (Art. 16 GDPR) and deletion ((Art. 17 DS-GVO ("right to be forgotten")), as well as a rights to data portability (Art. 20 DS-GVO), to objection and to avoid automated decision-making.

More specifically, you, as a Customer:

have the right of access, rectification, withdrawal of consent, cancellation, limitation of treatment, opposition to treatment, portability;

have the right to receive a copy of the personal information held by CSI, by contacting us through the methods provided in this Privacy Policy;

have the right to ask us not to contact you for marketing purposes by contacting us via the information provided in any marketing materials sent to you;

have the right to correct any personal information we hold on you that is inaccurate, incorrect, or out of date; and

have the right to ask us to delete your data when it is no longer necessary for the provision of services to you and no longer required to be maintained pursuant to our legal obligations.

If a Customer asserts any of the following rights, which are described more fully below, CSI will ensure that the applicable request is satisfied as soon as practicable.

7. Right to Withdraw Consent

You have the right to withdraw your consent within the limits established by law. For processing of personal data that is performed as a consistent with your prior consent, you have the right to revoke your consent for future processing at any time by contacting the Data Protection Officer through any of the methods provided below.

Additionally, if you decide that you no longer want to receive commercial or other marketing information, you may revoke your consent at any time.

8. Data Correction

If there is any error in the personal data transmitted by you, or any update needed to prevent your personal data from being inaccurate, it is your duty to notify us immediately. The Company is not responsible in the event of errors or omissions in any personal data transmitted by a Customer.

9. Data Storage Duration and Protection

The Company periodically checks the tools through which the personal data is processed, and the security measures associated with them, in order to perform necessary updates. Personal data collected by the Company is stored in various formats, including hard-copy paper files as well as digital archives. All personal data is securely stored within the European Economic Area. Personal data is kept for 10 years, unless anti-money laundering or other applicable legislation requires a longer holding period. Once the Company no longer has any legitimate purpose for storing a Customer’s personal data, the Company will delete or anonymize such personal data. The reasons for storing personal data include:

Legal and Regulatory Requirements: We retain personal and transactional data for the period required to comply with all retention and reporting obligations under applicable laws, including without limitation, commercial, tax and anti-money laundering laws and regulations.

Customer Service: We may process and retain your personal information for as long as we have an on-going relationship with you. Once our relationship has ended (for example because you have exercised your right to stop the services), we will, subject to any retention requirements under applicable laws, erase or anonymize your personal data.

Marketing: Personal data provided to us for marketing purposes may be retained until we become aware that any such data is inaccurate or until you revoke your consent, provided you do not have other on-going relationships with us. In some circumstances, we may anonymize your personal data for research or statistical purposes, in which case we may use this data indefinitely without further notice to you.

10. Transfer of Data Outside the European Economic Area

The Company is headquartered in Germany, but sometimes your personal data may be transferred outside the European Economic Area (the “EEA”). Your personal data may need to be sent outside the EEA in order to fulfill your transaction if your beneficiary is located outside the EEA and/or to work with our vendors who help verify and process transactions.

If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA. We’ll use one of these safeguards:

Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.

Put in place a contract with the recipient that means they must protect it to the same standards as the UK and EEA. Read more about this here on the European Commission Justice website.

11. Communication of a Personal Data Breach

The Company cannot guarantee the security of all retained personal data in the event of a cyber-attack, malicious event, or other natural disaster. Should there be a personal data breach, the Company will, in accordance with art.55 and art. 33 of the GDPR, inform the competent supervisory authority of the violation within 72 hours from the moment the Company becomes aware of it.

12. Obligation to Cooperate with the Public Security Authorities

The Company may be obligated by law to share personal data or other information in his possession in the event of a request by a domestic or foreign investigative body for the purposes of preventing, detecting or investigating a suspected crime, or in response to a subpoena, warrant, court order, or as otherwise required by law.

13. Cookies

Our website use cookies to distinguish you from other users. This helps us to provide you with a better experience while visiting our website and allows us to improve our services provided to you on-line.

Cookies are small text files that are stored on your computer and saved by your browser. Cookies serve to make our service offerings more user-friendly, effective, and secure. Cookies do not damage your computer and do not contain viruses.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies; you can choose to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, or to activate the automatic deletion of cookies when the browser is closed. Please note that if cookies are deactivated, the functionality of this website may be restricted.

Not all cookies may be managed by you. Certain cookies that the Company needs in order to communicate with you or to carry out certain essential functions (for example, a shopping cart feature) are deployed in accordance with Art. 6 Para. 1 lit. f GDPR, where the Company has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.

14. Changes to the Privacy Policy

Any changes we may make to this Privacy Policy will be posted on our website and, when appropriate, will be sent to you by e-mail. Please be sure to check the website to see any updates or changes to the Privacy Policy.

15. Contact Forms on our Website

Our website gives you the option of filling out and submitting an on-line form, or, downloading the form and returning it via e-mail or fax. If you send us the form, regardless of the method of delivery, the personal data contained on the form will be stored by us for the purposes of processing the requested transaction, providing customer service to you, and in compliance with our legal data retention obligations. We do not transfer your personal data other than for the foregoing purposes without your consent.

The use and storage of your personal data contained on the contact form is therefore exclusively based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. An informal message by e-mail to the Data Protection Officer, whose e-mail address is provided below, is sufficient to revoke your consent. The legality of the uses of your personal data that happened prior to the receipt of your written revocation remains unaffected by the revocation. The personal data you enter in the contact form will be stored until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g., after your requested transaction has been completed). All applicable mandatory legal provisions, specifically including but not limited to applicable retention periods, remain unaffected by any revocation.

16. Contact: Data Protection Officer

Comments, requests, or questions regarding this Privacy Policy ,or your rights hereunder, are welcomed and should be addressed to the Data Protection Officer: DPO@suedamerika-csi.de. We will respond within 30 days of receiving a message. The response time may be extended up to a maximum of 60 days, provided that we have informed you of the reasons for the extension. If we reject your request, we will provide you with a written explanation for our rejection. If the matter is not resolved to your reasonable satisfaction, or you have concerns regarding the handling of your complaint, you have the right to file a complaint with the appropriate Data Protection Authority or courts. For all other complaints or concerns about our Services that are unrelated to privacy, please contact us at Kundendienst@suedamerika-csi.de.