Select location and language
United Kingdom
English
Apply now

Legal

Companies incorporated in the UK

Legal and Data Subject Access Requests

Updated July 2025

At Currenxie, we are dedicated to delivering exceptional service and addressing any concerns you may have with the utmost care and professionalism. If you would like to make a legal request or a request concerning your personal data, we commit to handling it promptly, fairly, and transparently, ensuring your experience is as smooth and reassuring as possible. 

This page is intended for individuals, regulatory bodies, and other legal entities seeking information or data related to the EMI's operations. Should you wish to raise a legal or Data Subject Access Request (“DSAR”), please see the information below to ensure we can provide a timely review and response to your requests. 

Where to Submit a Legal Request?

You may send your request through any of the following channels:

Email: legal@currenxie.com

Post: 1st Floor, Nicholas House, 3 Laurence Pountney Hill, London EC4R 0EU

Online: Support Request

If you require any assistance or adjustments to facilitate your complaint, please do not hesitate to contact us. We are here to support you.

Requests from Regulatory Bodies (e.g., FCA, Bank of England)

Currenxie welcomes transparent and helpful dialogue with all regulatory bodies. We kindly request the following information, so that we can be the most efficient and helpful possible:

  • Specific contact information for each regulatory body.

  • Required format for submitting information (e.g., specific forms, file formats).

  • Timeframe for response, as stipulated by the relevant regulations.

  • How to handle sensitive or confidential information.

Other Legal Requests

Other legal requests, such as court orders, subpoenas, or requests from law enforcement agencies would also kindly be asked to include the following information: 

  • Specific contact information and hours to reach the requestor 

  • Any relevant transactional data

  • Timeframe for response, as stipulated by the relevant law, if any

  • How to handle sensitive or confidential information.

What to Expect

We will acknowledge receipt of your complaint within three working days. Our aim is to resolve your concerns swiftly and informally wherever possible.

Should your complaint require more time and is allowable, we will provide a written update within 15 business days, outlining the progress and anticipated timeline for resolution.

Further Recourse

If you are not satisfied with our final response, you have the right to escalate your complaint to the Financial Ombudsman Service (FOS), an independent body that resolves disputes between consumers and financial firms.

Website: www.financial-ombudsman.org.uk

Phone: 0800 023 4567

Data Subject Access Requests (DSAR)

Your Data Rights

In accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to access personal data we hold about you. This is known as a Data Subject Access Request (DSAR).

When do We Process Your Personal Data

We process your personal data only when permitted by law. In most instances, our legal grounds for doing so fall within one or more of the following categories:

  • Contractual Necessity: Processing essential to perform or enter into an agreement, such as facilitating payments or managing an account.

  • Legal Obligation: Processing required by law, like collecting identification documents for anti-money laundering regulations.

  • Legitimate Interests: Processing based on valid and reasonable interest that doesn't override fundamental rights, such as analyzing service usage and enhancing offerings.

  • Consent: Processing with explicit permission given by the user.

  • Substantial Public Interest: Processing sensitive data to serve a significant public interest, like crime prevention.

Security Measures in Place to Protect Data

We take the protection of your personal information with the utmost seriousness. While the transmission of data over the internet can never be entirely risk-free, we employ rigorous measures to safeguard your information. Please be aware that any data sent online is transmitted at your own risk. Once received, we apply stringent security protocols to maintain the confidentiality and integrity of your data, including:

  • Encrypt all communications between you and Currenxie systems using robust asymmetric encryption.

  • Promptly update and patch servers to address vulnerabilities.

  • Operate a Responsible Disclosure and bug bounty program.

  • Continuously monitor servers and services for abnormal or malicious activity.

  • Encrypt data at rest when it is not actively in use.

Procedures for Handling Data Breaches

We handle any potential data breaches with the upmost importance according to the requirements under applicable law. If you feel your information may have been compromised, please contact us immediately through our customer support channels or to our data requests email address, dataprivacy@currenxie.com

In the UK, your business’s data breach procedure must comply primarily with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

1. Breach Identification and Internal Reporting

We have robust internal procedures to detect, investigate, and internally report personal data breaches promptly.

Our staff is trained to recognise what constitutes a personal data breach, which includes any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

2. Notification to the Information Commissioner’s Office (ICO)

We notify the ICO of a personal data breach without undue delay, and where feasible, no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to individuals’ rights and freedoms.

When we cannot provide all details within 72 hours, we submit the information in phases without undue delay.

The notification includes:

  • Description of the nature of the breach

  • Categories and approximate number of individuals and records affected

  • Contact details of our Data Protection Officer (DPO) or other contact point

  • Likely consequences of the breach

  • Measures taken or proposed to mitigate the breach and its effects.

3. Notification to Affected Individuals

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we notify those affected without undue delay.

Notification may be withheld or limited in certain circumstances, such as if appropriate technical measures (e.g., encryption) were applied or if notification would involve disproportionate effort (in which case an alternative communication will be used).

4. Record-Keeping

We maintain a record of all personal data breaches, regardless of whether they are reported to the ICO. This record includes the facts relating to the breach, its effects, and remedial actions taken.

These records are available for ICO inspection upon request.

5. Risk Assessment and Remediation

Upon detecting a breach, Currenxie promptly assesses the risk to individuals’ rights and freedoms. We then implement measures to contain and mitigate the breach’s impact. After which, we will review and update our security and breach response procedures to prevent recurrence.

For further information please see our Privacy Policy.

How to Make a Request

To help us process your request most efficiently, please provide

  • A clear statement indicating your request is a “Subject Access Request”

  • Your full name (and any previous names, if applicable) and the name of your corporate entity registered with Currenxie

  • Contact details including email, postal address, and telephone number

  • Any relevant identifiers such as your customer account number or transaction references

  • Specific details about the information you wish to access (e.g., transaction history, account information)

  • Your preferred method of receiving the information (electronically or by post)

  • Any special requirements (e.g., large print or other accessible formats)

Please send your DSAR to email: dataprivacy@currenxie.com

Post: Data Protection Officer, 1st Floor Nicholas House, 3 Laurence Pountney Hill,, London, United Kingdom, EC4R 0EU

What You Can Expect

Upon receipt, we will promptly acknowledge your request and verify your identity to safeguard your information. We endeavor to respond within one calendar month. For complex requests, this period may be extended by up to two additional months, in which case we will notify you within the initial month, explaining the reasons for the delay.

Your personal data will be provided in a clear, accessible format, typically via a secure electronic delivery unless otherwise requested. If we require further information to process your request or if any limitations apply, we will communicate this to you promptly.

We do not charge for standard DSARs. However, if a request is manifestly unfounded, unreasonable, or excessive, we reserve the right to charge a reasonable fee or refuse the request, notifying you accordingly.

Additional Support

Should you have any questions about your data rights or wish to raise concerns regarding our data handling practices, you may contact the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk

Phone: 0303 123 1113

Important Notes and Disclaimers

Currenxie reserves the right to verify the identity of requesters. We will respond to requests within the legal timeframe, but some requests may take longer to process due to their complexity and necessity to obtain information that may not be easily accessible.

The information provided here is for guidance only and does not constitute legal advice.