Home-Privacy Policy
United Exchange
Untitled Document

1. Introduction
United Exchange Ltd (“United Exchange”, “we”, “us”, or “our”) is a UK-registered Money Service Business providing money remittance services. We are authorised and supervised for AML purposes by HMRC and registered with the Financial Conduct Authority (FCA).
This Privacy Policy is provided pursuant to:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Money Laundering Regulations 2017 (as amended)
  • FCA Handbook and regulatory guidance
  • Proceeds of Crime Act 2002
  • Terrorism Act 2000

For the avoidance of doubt, nothing in this Privacy Policy limits our statutory obligations, nor does it expand them beyond what is legally required. Where there is any conflict between this policy and applicable law, the legislation shall prevail.
This Privacy Policy explains how we collect, use, store, and protect your personal data.
It is intended to be transparent while also recognising that we operate in a regulated financial environment where certain actions are mandated by law and are not optional.

2. Important Legal Disclaimer
While we take reasonable steps to comply with applicable laws and to protect your data, no financial institution can guarantee absolute compliance or security in all circumstances.
Accordingly:

  • We will use reasonable endeavours,
  • We will act in good faith,
  • We will follow proportionate measures,

but we cannot accept liability for matters outside our reasonable control, including regulatory changes, actions taken by third-party settlement partners, force majeure events, or decisions required under the Proceeds of Crime Act 2002 or HMRC/FCA instructions.
This clause is included to ensure that United Exchange Ltd and its officers—including the Director and MLRO—are protected from unreasonable claims arising from mandatory compliance actions.

3. What Personal Data We Collect
To provide services and to comply with AML regulations, we may collect and process:
Identity & Contact Information

  • Full name
  • Date of birth
  • Address
  • Contact details
  • Occupation
  • Nationality

Verification Documents

  • Passport
  • BRP or immigration documents
  • Driving licence
  • Utility bills
  • Bank statements
  • Employer letters
  • Source of funds/wealth evidence

Transaction Information

  • Sender and receiver details
  • Transaction history
  • Purpose of remittance
  • Beneficiary information
  • Linked transaction behaviour

Compliance & Regulatory Information

  • Sanctions and PEP screening results
  • Enhanced Due Diligence documentation
  • Risk assessment notes
  • Suspicious Activity Reports (SARs)** (strictly confidential by law)**

Technical Information

  • IP address
  • Device data
  • Cookies
  • Website analytics

4. Why We Process Your Data
We process your data based on the following lawful bases:
4.1 Legal Obligation
We are required by law to:

  • verify identity (KYC/CDD)
  • maintain transaction records
  • screen against sanctions and PEP lists
  • monitor for suspicious activity
  • file reports with UKFIU/NCA
  • maintain compliance files for regulatory audits

These obligations override your right to object or delete your data.
4.2 Contractual Necessity
To provide a money transfer service and maintain your remittance account.
4.3 Legitimate Interests
For:

  • fraud prevention
  • service improvement
  • internal record keeping
  • staff training

4.4 Consent
Only applies to optional communication (e.g., marketing), and you may withdraw your consent at any time.

5. How We Use Your Data
We use your information to:

  • process your remittances
  • verify identity and documents
  • meet HMRC/FCA compliance requirements
  • monitor for fraud and criminal activity
  • protect our business, customers, and legal obligations
  • conduct internal audits
  • satisfy transaction monitoring rules
  • respond to law enforcement requests

Where use of data is required by law, we must comply even if you object.

6. Sharing Your Data
We may share your data with:
Regulatory & Government Bodies

  • HMRC (AML Supervisor)
  • FCA
  • NCA/UKFIU (Suspicious Activity Reports – mandatory)
  • HM Treasury (sanctions checks)
  • Law enforcement agencies
    This sharing is mandatory, not optional.

Operational & Technical Service Providers

  • Payment processors
  • Settlement partners
  • IT and hosting providers
  • Cybersecurity providers

All third-party partners are expected to apply reasonable levels of protection.
However, we cannot accept liability for independent failings by third parties outside our control.

7. International Transfers
Where a transaction is destined abroad (e.g., Afghanistan), limited personal data may be transferred to payout agents solely for the purpose of fulfilling the remittance.
We take reasonable steps to ensure data is handled securely, but we cannot guarantee the legal framework of foreign jurisdictions.

8. Data Retention
Under AML law, we must retain:

  • Identification documents – 5 years
  • Transaction records – 5 years
  • Compliance records – 5–10 years depending on the matter

Deletion requests cannot override statutory retention obligations.
Once the retention period expires, data is securely deleted unless legally required to be preserved further.

9. Your Rights Under UK GDPR
Subject to legal AML restrictions, you may request:

  • Access to your personal data
  • Correction of inaccurate information
  • Restriction of processing
  • Portability

However, AML laws override GDPR where there is a conflict.
For example:
- We cannot delete your data during the legally required retention period
- We cannot disclose SARs to you or anyone else (criminal offence under POCA)

10. Security Measures
We adopt proportionate and reasonable measures including:

  • Encrypted systems
  • Access-controlled databases
  • Secure hosting
  • Staff AML/GDPR training
  • Audit trails
  • Monitoring and firewalls

While we take reasonable steps, no system can guarantee absolute security, and we cannot accept liability for breaches outside our reasonable control (e.g., cyberattacks on global infrastructure, external software vulnerabilities, or upstream service providers).

11. Changes to This Privacy Policy
We may update this policy from time to time to reflect regulatory or operational changes. The most current version will always appear on our website.

12. Contact Us
For data protection enquiries:
Compliance Department – United Exchange Ltd
149 Cheetham Hill Road, Manchester, M8 8LY
Email: info@unitedexchangeltd.co.uk
Attention: MLRO – Abdul Musawer Zahedi

13. Lodging a Complaint
If you are dissatisfied with how we handle your data, you may contact:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
www.ico.org.uk

United Exchange is UK based remittance services provider company. You can send your money SriLanka in just few minutes.

Important Link

Support

Get in Touch

United Exchange Ltd is authorised and regulated by the Financial Conduct Authority (FCA) under Firm Reference Number 584295 and registered with HM Revenue & Customs (HMRC) under the Money Laundering Regulations with Registration Number XBML00000198839.

Company Registration Number: 07860668 Registered Office: 512–516 Lady Margaret Road, Southall, Middlesex, UB1 2NP Trading Address: 149 Cheetham Hill Road, Manchester, M8 8LY

We are committed to protecting your information and complying with UK AML, GDPR, and data protection standards.

Copyright @2025 United Exchange. All Rights Reserved