Informativa sulla privacy
Regno Unito - Informativa sulla privacy di Zepz
United Kingdom
Effective 2 January 2024
Introduction
Your privacy and keeping your personal information secure are extremely important to us. At WorldRemit Limited, we are committed to protecting and respecting Your privacy and handling Your information in an open and transparent manner.
This Privacy Policy (“Policy”) explains among other things: what we do with your personal information; what we do to keep it secure; with whom we share your information; your rights in relation to the personal information we hold about you; and who you can contact for more information.
We will amend or update this Policy regularly to reflect changes in our practices with respect to the processing of personal information, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make to the terms of this Policy.
If you don't want to read all the details. Here are the highlights that you may really wish to know:
WorldRemit Ltd is an international payment service that provides international money transfer and remittance services in more than 130 countries and in over 70 currencies.
WorldRemit Ltd, is part of the WorldRemit Group, which includes WorldRemit Belgium SA, Wave Transfer Limited, Chime Inc and Sendwave SA, among others. For a list of companies in the WorldRemit Group click here.
You will know us by our brands: “WorldRemit” and “Sendwave”.
Where appropriate, we share your personal information within the WorldRemit Group, affiliates, partners and other companies. Upon request or where we are legally obliged, we may share your information with public agencies.
We also collect from You information in relation to other people (for example, details of the recipients of Your money transfers). In providing this information you confirm to us that you have their permission to do so.
We use some third parties to process your personal information on our behalf to perform our services for you, and due to the international nature of our business some of them are based outside the United Kingdom and the European Economic Area.You have several rights over your personal information, and the manner in which you can exercise those rights are contained in this Policy.
We will send you direct Marketing if we are allowed to do so. We do this to encourage you to use our services and send you offers or promotions that may interest you. You can ask us to stop sending you marketing information at any time. Details of how to unsubscribe will be included on each email that we send you. Alternatively, send us an email to dataprivacy@zepz.io with “URGENT - UNSUBSCRIBE REQUEST” in the subject line and the email address that you wish to be removed within the email.
We also use your personal information to display online adverts and Marketing relating to our services on our website, online media channels or by sending you push notifications if you use our mobile app.
We do not intentionally use special category information and children’s information (our website and mobile application are not intended for children).
Who are we?
This website is operated and provided by WorldRemit Ltd (“WorldRemit”, “we”, “us”, “our”) having its registered office at 62 Buckingham Gate, London, SW1E 6AJ.
If you reside in a country where we provide our services to you and are a user of our website https://www.worldremit.com/ (“our website”, “our site”) and/or of our mobile applications (the “Mobile App”), we are a data controller for the purpose of Data Protection Legislation (as defined below). In this Policy, references to “You” and “Your” are references to a user of our website and/or of our Mobile Apps.
WorldRemit Ltd is part of the WorldRemit Group, which includes Wave Transfer Limited, Chime Inc and Sendwave SA (“Sendwave”). For a full list of companies in the WorldRemit Group click here.
You will know us by our brands: “WorldRemit” and “Sendwave”.
Definitions
To help clarify our meaning, we have used certain capitalised terms in this Policy. These terms and their meaning are:
“Data Protection Legislation” means the United Kingdom General Data Protection Regulations as tailored by the Data Protection Act 2018 and all other applicable legislation relating to privacy or data protection. “Marketing” means any action or advertisement or promotion or marketing material like surveys, vouchers, research and events. This list is not exhaustive. “Services” means WorldRemit Money Transfer Service; WorldRemit Digital Money Account; Airtime Top Up; and such other services or products that we may introduce from time to time.
The personal information we collect about you
We may collect, record and use information about You in physical and electronic form and will hold, use and otherwise process this data in accordance with the Data Protection Legislation and as set out in this Policy.
The personal information we collect and use may include, amongst other things:
Your name;
Your contact information such as Your email address, postal address and telephone number or any telephone number used to call us;
Your demographic information such as age, education, gender, and interests;
Evidence of Your identity (for example passport information);
The reason for your transfer request;
Unique identifiers such as Your username, account number and password;
Your profiles and postings on any other social media applications and services that we provide or that You make available to us;
Your payment details and other financial data (for example, Your bank or payment method provider’s name and Your account number and sort code); and
Information about Your visit to our website, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
We also collect from You information in relation to other people (for example, details of the recipients of Your money transfers), where You provide us with such information. In providing this information you confirm to us that you have obtained all necessary permissions from them to the reasonable use of their information for the purposes and in the manner described in this Policy, or are otherwise permitted to give us this information on their behalf. Please also ensure that those other people are aware of this notice and that the provisions of this notice are clearly communicated to them.
How we collect your personal information
Information You give to us when You use our services.
If You use our services You will need to provide certain information including Your name, address and card number, as well as the name and other details of the recipients of the money transfers that you instruct us to carry out. This information must be complete and accurate, and if not we may have to take additional steps to complete the transaction.
Other information You give to us.
This is information about You that You give us by filling in forms on our website (for example, the ‘contact us’ section) or when you communicate with us by phone, e-mail or otherwise. It includes, for example, information You provide when You register on the website for us to contact You, when You inquire about any of our Services, when You sign up to receive notifications, and when You report a problem with our website. The information You give us may include, among other data, Your name and email address. We may also record our telephone conversation with you for training and monitoring purposes.
From other members of the WorldRemit Group.
We may collect information about You from Sendwave, our affiliates and other companies in the WorldRemit Group.
Social Media.
Depending on Your settings or the privacy policies for social media and messaging services such as Facebook, LinkedIn and Instagram, You might give us permission to access information from those accounts or services.
Other Sources.
We may receive information about You from other sources, including publicly available databases and combine this data with information we already have about You. This helps us to update, expand and analyse our records and provide services that may be of interest to You.
Information we collect about You:
- Like most websites, we use "cookies" to help us make our site – and the way You use it – better. Cookies mean that a website will remember You. They are small text files that websites transfer to Your computer (or phone / tablet). They improve website use and speed – for example by automatically filling Your name and address in text fields.
- Log Files. In addition, with regard to each of Your visits to our site, we will automatically collect certain information (for example, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data). We may combine this automatically- collected log information with other information we collect about You.
- Social Media Widgets. Our website includes Social Media Widgets or Features, such as the Facebook Like button and Twitter button which are interactive mini-programs that run on our site to provide specific services from another company (e.g. displaying the news, opinions, music, etc). Personal information, such as Your email address, may be collected through the Widget. Cookies may also be set by the Widget to enable it to function properly. Information collected by this Widget is governed by the privacy policy of the company that created it.
Mobile App. When You download our Mobile App, in addition to the information mentioned above we: - automatically collect information on the type of device You use, operating system version, and system and performance information. We may send You push notifications from time-to-time in order to update You about events or promotions that we may be running. If You no longer wish to receive these types of communications, You may turn them off at the device level. To ensure You receive proper notifications, we will need to collect certain information about Your device such as operating system and user identification information; and - may use mobile analytics software to allow us to better understand the functionality of our Mobile Software on Your device. This software may record information such as how often You use the Mobile App, the events that occur within it, aggregated usage, performance data, and where the Mobile App was downloaded from. We do not link the information we store within the analytics software to any personal information You submit within the Mobile App.
How we use your personal information
Our primary purpose in collecting user information is to provide You with a safe, smooth, efficient, and customised experience and to provide the services You have requested from us. We may also use the information that You have provided to ensure that the content on our site is presented in the most effective manner for You and Your computer or device.
We use Your information for the following specific purposes:
to carry out our obligations arising from any contracts entered into between You and us or from applicable law such as anti-money laundering laws, and to provide You with the Services in accordance with our terms and conditions and with this Policy;
to register You with a WorldRemit account;
to fulfil Your Transaction / (Airtime Top Up) Request;
to send You confirmations or other notifications;
to notify You about temporary or permanent changes to our services or other service-related messages;
to assist you where online applications are not completed;
to prevent fraud, money laundering, and any other illegal activity;
to ensure that content from our site is presented in the most effective manner for You and for Your computer;
to promote our business;
to send You Marketing communications, where You have shown interest; or purchased Our services and in the course of doing so You provided your contact details and You have not opted out from receiving marketing communications;
to administer our site and for internal operations, including troubleshooting, data analysis, profiling and segmentation analysis, testing, research, statistical and survey purposes;
as part of our efforts to keep our site, Mobile App and our services safe and secure;
to measure or understand the effectiveness of advertising we serve to You and others, and to deliver relevant advertising to You;
to make suggestions and recommendations to You and other users of our site about services that may interest You or them;
to train, monitor and assess the effectiveness of the manner in which we provide the Services to You;
to consider and investigate any concerns or complaints you may have; and
to display personal testimonials of satisfied customers on our website in addition to other endorsements, where You have agreed with a third-party review site that we may do so. If You wish to update or delete Your testimonial, contact us at dataprivacy@zepz.io
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, except if: (i) the automated decision-making is required or authorised by law; (ii) is necessary for entering into or performing the contract; or (iii) is based on your individual explicit written consent.
Our Legal basis for processing your personal information
We only use your personal information for a specific purpose; and before we do so we must have a legal reason. For example, when it is necessary for us to perform a contract with you for our services, for our legitimate interest, or where you have given us your consent, or to fulfil our legal obligations. These are all known as the “legal basis for processing”.
Legal basis for processing: Processing is necessary for the performance of a contract, or to take steps prior to entering into a contract with us.
Processing activity:
Deliver our products and provide you with our services such as conducting money transfers, payment services, and mobile phone top-ups. This may include “know your client” checks and verifying your identity and confirming your financial details.
Notifying you with any changes to our Services, Apps or our site or changes to our terms or Policy.
Enable third parties to perform technical, logistical or other functions for us.Respond and resolve any complaints you may have.
Legal basis for processing: Processing is necessary for our legitimate interests (to the extent that such legitimate interests are not overridden by your interests).
Processing activity:
To fulfil our regulatory and compliance obligations;
Providing our Sites, our Apps, or our services to you;
Establishing, exercising, protecting or defending our legal rights and business interests;
Contacting you to facilitate or progress your use of our Services including any problems you may have in completing your transaction, subject always to compliance with applicable law;
Managing and operating the financial and commercial affairs of our business;
To promote and conduct our business;
To personalise your experience of our Services;
Conducting surveys, satisfaction reports and market research;
To develop new services and products, and inform you of any new products and services that may interest you: - When you register on our site and our App, we use the contact details that you provide on registration to send you Marketing on email, SMS and push notifications on our App EXCEPT YOU OPT OUT; - To contact you with targeted Marketing about our Services on third-party online platforms or websites, including adverts we send or display to you on Google, Facebook etc; and - Analyse the effectiveness of our Marketing campaigns.
Managing and maintaining our communications and IT systems;
Detecting and protecting against: fraud; money laundering, criminal activity; illicit use of our Services; breaches of our policies and applicable laws;
Recruitment activities and handling job applications;
Security: physical security of our premises (including records of visits to our premises); CCTV recordings; and electronic security (including login records and access details).
Legal basis for processing: The processing is necessary for compliance with a legal or compliance obligation.
Processing activity:
Health and safety: health and safety assessments and record keeping; providing a safe and secure environment at our premises; and compliance with related legal obligations.
Maintenance of records to comply with legal, audit, regulatory and tax requirements;
To investigate fraud, money laundering, terrorist financing and any other illegal activity;
To comply with legal and regulatory duties related to anti-money laundering terrorist financing; detection, prevention and prosecution of fraud and theft and preventing illicit use of our Services or any other illegal or wrongful activity;
To comply with Data Protection legislation and any other applicable law;
To comply with court orders, disclosures to law enforcement or tax agencies; requests from the Information Commissioner’s Office, the Financial Conduct Authority or other governmental or regulatory agency with supervisory authority over us.
Legal basis for processing: We have obtained your prior consent to the processing.
Processing activity:
With your consent, we may send Marketing and promotional communications by email, SMS and push notifications (depending on your choice of contact. For more information please see the Direct Marketing section of this policy.
We may send targeted Marketing about Our services on third-party online services such as Google, Instagram and Facebook if we believe that you are likely to be interested in using our services based on your profile. Your consent to receive targeted adverts would have been obtained by these third parties on our behalf.
Surveys: engaging with you for the purposes of obtaining your views on our Sites, our Apps, or our services.
Direct Marketing
We may use the contact details You provided to send you marketing communications by email, telephone, direct mail or other communication formats about similar products or services where permitted by applicable law (unless you have opted out). In other cases, we may ask for Your consent to send You marketing communications about products or services offered by us, Sendwave or other companies within the WorldRemit Group, for a full list of these companies click here.
Notice to Sendwave Customers before 2 January 2024
If you were a Sendwave customer before 2 January 2024, we will only use your personal information for marketing and promotional purposes if you had “opted in” to such uses before 1 January 2024. You can withdraw this permission by opting out at any time.
Opting Out of Direct Marketing
If you have a WorldRemit or Sendwave account, you can opt out of receiving WorldRemit marketing communications by modifying your email or SMS subscriptions by clicking on the unsubscribe link or following the opt-out message included in the communication.
Alternatively, simply send an email to dataprivacy@zepz.io with “URGENT - UNSUBSCRIBE REQUEST” in the subject line and the email address that you wish to be removed within the email.
Please note that if you request we stop sending you Marketing messages or you unsubscribe, we may continue to send you service and administrative communications such as transfer updates and other important information on your transaction.
Who we might share your personal information with
Your personal information is very important to us. However there are circumstances where it is necessary for us to share your information for legitimate business purposes (including operating our site and our Mobile App, and providing services to you), in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and professional secrecy. In addition, we may disclose your personal information to:
Our affiliates - we share your information with our affiliates and other companies within the WorldRemit group of companies such as Wave Transfer Limited, Sendwave SA, Chime Inc: - for our internal business, operational, management and service needs; - for compliance, regulatory and audit activity and in connection with legal, regulatory and tax claims and investigations; - to understand and support our customers and other individuals who use our services, apps and visit our sites; and - to send Marketing communications.
Third party processors which include organisations or individuals with whom we do business or who provide services to us. We may disclose your personal information to respond to legal requirements (for example, as part of our “Know Your Customer” and due diligence obligations), enforce our policies, liaise with judicial or regulatory authorities where required under applicable law, understand the nature of the transaction You have made, provide our services, and to protect our rights and property. If we engage a third party processor to process your information, the Processor will be subject to binding contractual obligations to: only use the personal information in accordance with our prior written instructions; and use measures to protect the confidentiality and security of the personal information, together with any additional requirements.
Processors may include: - Credit reference agencies or other service providers to verify Your identity or the identity of recipients of the money transferred through our services or for any other purpose related to providing our services; - Professional advisers, such as our auditors and lawyers; - Companies that capture or analyse information to help us understand how our services, sites and Mobile Apps are used and perform or to tailor our services and promotions, including for the purpose of allowing us to improve the services we provide; - Companies that provide us with marketing assistance, including: the management of email marketing operations, SMS and other services that deploy marketing on the internet or social media platforms (such as Facebook and Google); the running of surveys and other feedback activity; as analysis of the effectiveness of any marketing or customer engagement we do; - Banks, payment card processors and other service providers that process bank transfers, credit and debit card payments or otherwise provide financial infrastructure services to enable us to provide our services; - Our service providers, including those who provide data hosting services, fraud prevention services; technology services, and technology tools that allow us to monitor, test and improve our services, sites and Mobile Apps; - Companies that we have instructed to provide services to or for us for those purposes that may be reasonably ascertained from the circumstances in which the information was submitted; - Other business entities should we plan to merge with, or be acquired by, or be invested in by that business entity, or if we undergo a corporate reorganisation; and - Any successor in business to us.
Fraud Prevention Agencies - Where we have a good reason to suspect fraud, money laundering, counter terrorist financing or any other illegal activity, we can upon request or where legally obliged share your personal information with crime prevention agencies and other third parties for the purpose of detecting, preventing or reporting crime or for actual or suspected breach of any applicable law or regulation. These third parties may include business partners and companies that provide services to us, law enforcement bodies, regulatory and supervisory authorities, providers of fraud prevention and detection services. Please note, we may suspend activity on your account or any transaction, refuse access to your account or cancel any transaction you may want to make, if we think there is a risk of any illegal activity.
Public Agencies - We release accounts or other personal information when we consider it appropriate to comply with the law, to enforce our Terms and Conditions and any other agreement to protect the rights, property, or safety of WorldRemit, our employees, customers, our business partners and the public. In these circumstances, we will only provide them with the information they require to perform their function.
Facebook Ireland - We may share with Facebook, actions that you take on our website such as your visits to our website, your interactions on our website, use of Facebook Connect and information collected from cookies or similar technologies including Facebook Pixel. This allows us to measure the effectiveness of our advertising, improve our marketing practices, and helps us deliver more relevant advertising to you and people like you (including on social media such as Facebook). WorldRemit is a Joint Data Controller with Facebook Ireland for this processing. This arrangement means that WorldRemit has to provide you this notice, but you should contact Facebook if you wish to exercise your data protection rights. Further information, including how Facebook enables you to exercise your data protection rights, and subsequently processes your information as an independent data controller can be found in Facebook Data Policy
If you would like to know more please contact us using the details below.
Google - We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Sites and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online services. You can learn about Google’s practices by going to google.com/policies/privacy/partners, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.
Research companies - We may share personal information in a secure way to allow research companies and feedback providers to contact you directly on our behalf to get your opinions on or refuse to take part in the research or surveys.
Links to Other Sites
Our sites may contain links to other websites, including via our social media buttons. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites and a link does not constitute an endorsement of that website. Once You link to another website from our site You are subject to the terms and conditions of that website, including, but not limited to, its internet privacy policy and practices. Please check these policies before You submit any data to these websites.
International transfer of your personal information
Due to the international nature of our business, we may transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as:
The European Commission approved standard contractual clauses in contracts for the transfer of personal information to third countries.
Other EU approved mechanisms, as required by Data Protection Legislation. More information of these measures can be found at r
How we keep your personal information secure
We have implemented appropriate technical and organisational security measures designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.Unfortunately, the transmission of information via the internet (including by email) is not completely secure. Although we will do our best to protect Your personal information, we cannot guarantee the security of Your data transmitted to our site; and any transmission is at Your own risk. Once we have received Your information, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting your own information
It is important to keep your password secure to prevent fraudulent use of your account. Do not disclose your password to anyone else and especially anyone who requests it from you by telephone or email. WorldRemit will never ask you to provide your password or personal information via email. Please be aware of the following:
Change your password regularly and avoid using the same password on other websites to prevent hackers from access to your account;
Avoid simple passwords that can easily be guessed;
Be aware that public WiFi networks are risky and hackers may capture your online transactions and personal information. Only connect to a network you can trust;
If you use a shared computer, make sure you log out immediately after you have finished using the website; and
Beware of ‘phishing’ where criminals may attempt to steal your information by sending you bogus emails.
How long will we keep your personal information for
We take every reasonable step to ensure that your personal information is only retained for as long as it is required for the purposes set out in this Policy. Therefore, we will only keep the information we collect about You for as long as required for the purposes set out above, or as required to comply with any legal or regulatory obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.
In addition, after you have ceased to be a Customer, we may take steps to delete your personal information or hold it in a form which no longer identifies you (for example, we may still use your data in an anonymised format for research and other business purposes).
The period for which we will retain information about You will vary depending on the type of information and the purposes that we use it for. In general, unless applicable law requires a longer retention period, we will keep our records for as long as you are our Customer and for 6 years after the end of your relationship with us.For more details of the retention periods we apply to your personal information please contact dataprivacy@zepz.io.
Your Rights
Subject to applicable law, you may have a number of rights regarding our processing of your relevant personal information, including:
the right not to provide your personal information to us (however, please note that we may be unable to provide you with the full benefit of our site, our Mobile App, or our services, if you do not provide us with your personal information);
the right to request access to your personal information, together with information regarding the nature, Processing and disclosure of those personal information;
the right to request for the correction of any inaccuracies in your personal information;
the right to request for the erasure of your personal information. This is also known as the right to be forgotten. We will keep a note of your name if you ask for your personal information to be erased;
the right that we restrict our use of your personal information;
the right to object to our use of your personal information. Wherever we use legitimate interest as the ground for processing your personal information you can object to our use of it;
the right to have certain personal information transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
where we use your personal information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal information in reliance upon any other available legal basis); and
the right to lodge complaints with a Data Protection Authority regarding the use of your personal information by us or on our behalf.
We may require proof of your identity before we can give effect to these rights. You should also be aware that some of these rights are qualified and not absolute; therefore exemptions or limitations may apply. For example, we can refuse to provide information if fulfilling your request would reveal the personal information about another person, or if you request that we delete information which we are required to retain by law, have compelling legitimate interests to keep, or need access to fulfil our legal obligations.
The quickest and easiest way to make a data subject request is to contact us directly to exercise your rights by emailing dataprivacy@zepz.io. We will endeavour to respond within a reasonable period and in any event within one month (three months for complex or numerous requests), in compliance with Data Protection Legislation.
We reserve the right to charge a reasonable fee (reflecting the costs of providing the information) or to refuse to respond where requests are manifestly unfounded or excessive: in this case, we will explain the situation to You and we will inform You about Your rights.
Identity Verification
We will only process your data subject rights request where we are satisfied that we have successfully verified your identity, and you are the one asking for your personal data to be processed. We will not process personal data where we are in doubt of the identity of the requestor. You may be asked to prove your identity when making a data subject request.
Requests made by third parties
In line with our privacy practices and to protect your rights and freedoms, we are unable to process a data subject rights request made by a third party (such as Rightly) where; there is doubt that the third party has the appropriate authority to act on your behalf; and where we are not satisfied adequate evidence has been provided in support of identity verification. We would always aim to ensure that a third party has the appropriate consent or authority to act on your behalf, and most significantly that you are fully aware that the third party has made contact specifically with us, regarding exercising your data subject rights.
Before we can process a data subject rights request made by a third party on your behalf, we require as a minimum from the third party:
a copy of an identity document for you;
evidence of your address; and
a physically signed authority by you; or a verbal authority provided directly to us from you and noted on your account; and if provided electronically the authority is to come directly from your email address that matches our records.
We will not access or process your personal data without being confident we are acting on your specific instructions.
Cookies and similar technologies
When you visit our site or use a Mobile App we may place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We may use your personal information through Cookies and similar technologies, in accordance with our WorldRemit Products Cookie Policy and Sendwave Products Cookie Policy.
Contact us
Questions, comments and requests regarding your personal information and our Policy are welcome and should be sent to dataprivacy@zepz.io or you can send it by post addressed to the:
Data Protection Officer: WorldRemit Ltd 62 Buckingham Gate London, SW1E 6AJ United Kingdom
You may also use these contact details if You wish to make a complaint to us relating to Your privacy.
If You have any concerns about our use of Your information, You also have the right to make a complaint to:
the Information Commissioner's Office, which regulates and supervises the use of personal data in the United Kingdom, via their helpline on 0303 123 1113; or
if you are based in the EU or EFTA country, the national data protection supervisory authority in such a country (a list can be found at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).