Skip to content

Privacy Policy

1.  Introduction

This Privacy Policy applies to personal data (“information”) held by Lumon Holdings Ltd, Lumon Pay Ltd, Lumon Risk Management Ltd or Lumon FX Europe Ltd as data controller. It explains in detail the types of information we collect about you, how we use this information and your rights in relation to the personal data we hold about you. Please read it carefully.

When this policy mentions “we,” “us,” or “our,” it refers to the relevant legal entity that you contract with and who is responsible for your information under this Privacy Policy (the “Data Controller”).

Please read this policy carefully to understand how we handle your information.

 2.  The information we may collect 

Information you provide us

  • Personal details, e.g. your name, date of birth, gender;
  • Contact details, e.g. your address, email, phone number, mobile number
  • Information about your identity, e.g. your nationality, passport information, photo ID, National Insurance number; 
  • Information relating to source of funds; and
  • Your bank details (account name, number, and sort code).

Information we collect about you

Transactional information, e.g. details about your accounts, including payments made to and from these accounts and the geographic location from which the transaction originates;

Communication records, e.g. details recorded during our written and verbal communications with you;

Your preferences, such as consents for marketing and other communications;

Publicly available information, e.g. information made available by you on websites such as LinkedIn, Companies House;

Usage data, including information about how you use our products and services;

Investigations data. This may include; anti-money laundering checks, credit checks, external intelligence reports, and other due diligence checks;

Information required to satisfy our regulatory obligations, e.g. information about transactions, detection of any suspicious and unusual activity, and information about parties connected to you or these activities; and

Information gathered when you visit our websites. This might include; the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browsing plug-in types and versions, operating system and platform, Uniform Resource Locators (URL), and how you navigate our websites. We use this information for technical monitoring and optimising our websites. For more information, please read our [insert link to Cookie Policy].

3.  How we collect your information

We collect your personal information when you subscribe to our services, for example by filling in forms on our websites or our partners’ websites, by talking to us on the telephone or corresponding with us via email or text, or when you provide us copies of the documents required for us to confirm your identity. We may also collect your information when you interact with our websites.

Information from other sources

We may receive your information from other legal entities within our group if you use, enquire about, or demonstrate an interest in other services we offer. We will only do this when we have obtained your consent, have a legitimate interest, or have a legal obligation to do so.

We may also receive your information from other third parties, such as:

  • Our business partners (companies that introduce you to us because you have expressed an interest in our products or services);
  • Our clients (when they wish to make a payment to you);
  • Advertising networks, analytics providers and search information providers;
  • Credit reference agencies; 
  • Fraud prevention agencies; 
  • Identity verification agencies;
  • Sub-contractors and advisers;
  • Agents and suppliers;
  • Government and law enforcement agencies (such as Companies House and HMRC);
  • Publicly available online sources, such as company websites, social networks and company registries.

Information you provide about other people

If you provide us with personal information about another person, we ask that you inform them of our identity and the purposes for which their information will be processed by us.

If you ask us to make a payment to another individual, you will need to provide us with their bank account and contact details. We use this information to notify the individual that they will be receiving a payment from us, on your behalf. We will never use the information you provide about another individual for marketing purposes.

 4.  How we use your information

We may use your information for one or more of the following purposes:

To facilitate delivery of our services to you, including: 

  • responding to enquiries about our products and services
  • delivering our products and services to you and any joint account holder under our terms and conditions
  • reporting on transaction performance

To comply with a legal obligation 

In certain cases, we are required by law to collect and process your information. For example, to fulfil our financial reporting obligations, we must store all records of communications you make with us that relate to transactions. We are also required to check that you are the person you say you are before we discuss any of our clients’ accounts (which we may do by asking you to confirm your date of birth or other details about yourself) and to retain personal information to facilitate investigations detecting and preventing fraud, money laundering and other financial crimes to meet requirements imposed on us by, and to respond to notices and requests we receive from our regulator the Financial Conduct Authority or HM Revenue & Customs, the National Crime Agency or their replacements.  

We are also required to meet the requirements of data protection law and respond to notices and requires we receive from the Office of the Information Commissioner (ICO) or any other national or supra-national authority with the same of similar responsibilities.  

Where we have a legitimate interest 

We may use your personal information to pursue our legitimate business interests.  Some of our legitimate interests include:

  • Carrying out marketing activities;
  • Communicating with you about our products and services; 
  • Improving our products, services, and relationships with you and our partners; 
  • Creating a smoother customer service experience;
  • Monitoring complaints handling;
  • Improve our websites to ensure that content is well presented for you. 

We may record texts, emails or telephone calls, including for training purposes, customer service, quality control, performance improvement, to verify any comments you or any of our dealers may make during any conversation, for regulatory purposes and for the purposes of fraud or crime prevention and detection.


Consent is also a lawful basis for our processing of personal data and so, sometimes, we may ask for your permission (called “consent” in the legislation) to process your personal data.

Where this is the case, we will make this clear together with how we might use your personal data should you allow us to do so. If, at the time we ask for it, you choose not to provide us with the requested information or do not consent, then we will not use it in that way.

If you have given consent to the use of your personal information, you are entitled to withdraw this consent at any time. Please be aware, however, that in some circumstances, the withdrawal of your consent may result in us being unable to provide some services to you.

Combining information 

We may combine information about you which we receive from other sources with the information you give to us, and the information we collect about you, for the same purposes as those set out above.

5.  How we share your information

We only share your personal information under the following circumstances:

  • If we are under a duty to disclose or share your personal information in order to comply with a legal obligation;
  • In order to conduct necessary background checks on you before offering our products and services;
  • Where we have been asked for information to facilitate an investigation;
  • In order to enforce or apply our terms and conditions and other agreements; 
  • To protect the rights, property, or safety of our organisation, our customers, or others;
  • Where we have a legitimate business interest that is not overridden by your own rights and freedoms; and 
  • Where we have obtained your consent.

Entities that we may share your information with include:

  • Other companies within our organisation;
  • Our partners (individuals or companies that introduce you to us);
  • Our clients (when they wish to make a payment to you);
  • Credit reference agencies;
  • Fraud prevention agencies; 
  • Identity verification agencies;
  • Agents, suppliers, sub-contractors and advisers;
  • Regulatory bodies.

6.  International Transfers and Security

We may be required to transfer your information to countries outside of the UK and the European Economic Area (“EEA”), e.g. if we are obliged to report to foreign authorities, or when your information is processed by one of our partner or suppliers under our instruction. In these cases, there will be a contract in place to make sure the recipient protects the information to the same standard as the EEA. We also implement strict procedures and security features to ensure that your information is transferred securely in line with the standards set out in the General Data Protection Regulation (“GDPR”). 

7.  Storing personal information

We retain personal information in line with our data retention schedule. We only retain your information for a period necessary to fulfil the purpose for which it was originally processed, or in order to fulfil a legal obligation. 

8.  Your rights

You may request access to the information we hold about you by making a Subject Access Request.

You may request that we destroy, delete or discontinue using your personal information.  We may not always be able to comply with your request of erasure for specific legal and regulatory reasons which will be notified to you, if applicable, at the time of your request.

You may request that we stop processing your information when you contest its accuracy or the lawfulness of the processing.

You may ask us to update and correct any out-of-date or incorrect personal information that we hold about you.

Under certain circumstances, you may ask us to provide a copy of your information to another organisation in a structured, machine-readable format.

Withdrawing consent
Whenever you have given us your consent to use your information, you have the right to change your mind at any time and withdraw your consent.

Legitimate interest
In cases where we are processing your information on the basis of our legitimate interests, you can ask us to stop for reasons connected to your individual situation.

We will do so unless we believe we have a legitimate overriding reason to continue processing your information. Please bear in mind that if you do object, this may affect our ability to provide you with some of our services.

You have the right to opt out of direct marketing and surveys from us at any time by visiting our online Preferences, where available on our websites, or clicking the ‘unsubscribe’ link in any email we have sent you, or sending an email to [email protected].

9.  Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, or would like to exercise of any of your rights listed above, please contact the Data Protection Officer through the following methods:

Email: [email protected]

Letter: Data Protection Officer, Lumon Holdings Ltd, 40 Holborn Viaduct, London, EC1N 2PB.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy.  If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act on your behalf.

You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If we do refuse your request, we will explain to you the reasons for our refusal.

You have the right to complain to the Office of the Information Commissioner (the “ICO”), which is the supervisory authority in relation to data protection law and its enforcement in the United Kingdom.  Further details concerning the ICO, its powers and your rights, can be found here ICO.

10. Updates to this policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. We recommend you check back regularly for any changes that may affect you