Grand logo
Close manifesto

Legals.

Introduction

This Privacy Policy explains how Grand Intelligence Group Ltd, Grand Financial Services UK Ltd, and Grand Financial Services Ireland Ltd (together, “Grand”, “the Company”, “we”, “our”, or “us”) collect, use, store, share, and protect personal data in accordance with applicable data-protection laws — including the UK GDPR, the General Data Protection Regulation (EU) 2016/679 (EU GDPR), the Data Protection Act 2018 (Ireland), and the Data Protection Act 2018 (UK).

This Policy applies to personal data processed in connection with our operations, products, and services, including access to our websites, digital applications, and client communication channels.

For financial-service-related data, B4B Payments Europe UAB acts as a separate data controller. Their privacy policy is available here: https://www.b4bpayments.com/prepaid/privacy/.

By using our services or interacting with us, you acknowledge that you have read and understood this Privacy Policy.

1. General Provisions

1.1. This Privacy Policy sets out the principles governing the processing of personal data by the Grand group of companies.

1.2. We process personal data in compliance with the applicable data-protection legislation in the United Kingdom, Ireland, and the European Union.

1.3. Where Grand Financial Services Ireland Ltd acts as an appointed Agent of UAB B4B Payments Europe (Electronic Money Institution authorised and regulated by the Bank of Lithuania, Licence No. 76), certain personal data are processed under B4B’s control for regulated financial-service provision.

2. Data Controllers and Contact Information

Grand Intelligence Group LtdCompany Registration No. 15757106 (England and Wales) 24A Baggot Street Upper, Dublin, D04 N528, Ireland Email: privacy@heygrand.com

Grand Financial Services UK LtdCompany Registration No. 15756280 (England and Wales) Registered Office: 24A Baggot Street Upper, Dublin, D04 N528, Ireland Email: privacy@heygrand.com

Grand Financial Services Ireland LtdCompany Registration No. IE792368 24A Baggot Street Upper, Dublin, D04 N528, Ireland Email: privacy@heygrand.com

Data Protection Officer (DPO) Our appointed DPO monitors compliance with data-protection obligations and may be contacted regarding any questions concerning this Policy or the exercise of your rights. Contact: privacy@heygrand.com

3. Principles of Personal-Data Processing

We adhere to the following principles:

  • Lawfulness, fairness, and transparency – data are processed lawfully, fairly, and transparently.
  • Purpose limitation – data are collected for specified, explicit, and legitimate purposes and not further processed incompatibly.
  • Data minimisation – only the data necessary for the stated purposes are processed.
  • Accuracy – data are accurate and kept up to date.
  • Storage limitation – data are retained no longer than necessary.
  • Integrity and confidentiality – data are processed securely using appropriate technical and organisational measures.

4. Categories of Personal Data

  • Basic identification data – name, surname, job title, company affiliation
  • Contact data – email address, telephone number, correspondence address
  • Verification and compliance data – ID documentation, date of birth, nationality, beneficial-ownership details, AML/KYC and due-diligence information
  • Financial and transactional data – account identifiers, transaction details, payment references, billing and invoicing information
  • Technical data – IP address, browser type, login information, device identifiers, usage logs
  • Communication data – messages, enquiries, or feedback shared with us
  • Other data – any other personal data provided voluntarily during our business relationship

We do not intentionally collect special-category (sensitive) data unless required by law or regulatory obligations.

5. Purposes and Legal Basis of Processing

  • To establish and perform contractual relationships with clients and partners — Contract performance (Art. 6(1)(b))
  • To comply with legal and regulatory obligations (including AML/CTF and sanctions screening) — Legal obligation (Art. 6(1)(c))
  • To communicate with clients, partners, and service providers — Legitimate interest (Art. 6(1)(f))
  • To operate, maintain, and improve our digital services and internal systems — Legitimate interest (Art. 6(1)(f))
  • To prevent, investigate, or detect fraud, misuse, or unlawful activities — Legal obligation / Legitimate interest (Art. 6(1)(c),(f))
  • To send administrative or marketing communications where permitted — Consent or legitimate interest (Art. 6(1)(a),(f))
  • To comply with requests from competent authorities or regulators — Legal obligation (Art. 6(1)(c))

6. Data Retention

Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected or to meet legal and

regulatory requirements.

Typical retention periods:

  • Contractual and transaction data: up to 10 years after the end of the contractual relationship.
  • AML/KYC records: 8 years from the end of the business relationship or transaction.
  • Communication records: 5 years from receipt or last contact.
  • Marketing data: until consent is withdrawn or an objection is raised.

Where statutory limitation periods or regulatory requirements prescribe longer retention, data may be retained accordingly.

7. Data Sharing and International Transfers

We may share personal data, under appropriate confidentiality and data-protection safeguards, with:

  • Other companies within the Grand group;
  • Regulated financial-service partners and processors (including payment networks, verification and fraud-prevention providers, and compliance partners);
  • Professional advisers (auditors, legal counsel, consultants);
  • Competent supervisory, regulatory, or law-enforcement authorities when required by law.

Some recipients may be located outside the European Economic Area (EEA) or the United Kingdom. Where transfers occur, we ensure adequate safeguards under Chapter V of the GDPR/UK GDPR, such as Standard Contractual Clauses or adequacy decisions.

8. Data-Subject Rights

Under data-protection law, you have the following rights:

  • Access – to confirm whether we process your data and obtain a copy.
  • Rectification – to correct inaccurate or incomplete data.
  • Erasure – to request deletion of data in certain circumstances.
  • Restriction – to limit processing where contested or unlawful.
  • Portability – to receive data in a structured, machine-readable format.
  • Objection – to object to processing based on legitimate interests or direct marketing.
  • Withdraw consent – at any time, without affecting prior lawful processing.
  • No automated decision-making – to request human review of decisions made solely by automated means.

To exercise your rights, contact privacy@heygrand.com.

You may also lodge a complaint with:

  • Data Protection Commission (Ireland): 21 Fitzwilliam Square South, Dublin 2, D02 RD28 — www.dataprotection.ie
  • Information Commissioner’s Office (UK): Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — www.ico.org.uk

9. Cookies

Our websites use cookies and similar technologies to ensure functionality, analyse performance, and improve user experience. Further details are provided in our Cookie Policy, available on our websites. You may adjust browser settings to refuse cookies; however, some services may not function properly as a result.

10. Security

We apply appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

All processors acting on our behalf are contractually required to handle personal data securely and only for specified purposes. Grand maintains controls consistent with PCI DSS requirements where relevant to payment-data processing.

11. Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in law, regulatory guidance, or our processing activities. The latest version will always be available on our websites. Material changes will be communicated in advance where legally required.

12. Contact

For all questions, requests, or complaints relating to this Privacy Policy or the processing of your personal data, please contact:

Grand Intelligence Group Ltd (15757106)
Grand Financial Services UK Ltd (15756280)
Grand Financial Services Ireland Ltd (IE792368) 24A Baggot Street Upper,
Dublin, D04 N528, Ireland Email: privacy@heygrand.com