privacy.title

privacy.sections.whoWeAre

This Privacy Policy applies to the processing of personal data by the following companies of the Riva Group:

  • Riva Money Ltd., a company registered in the UK (reg. no. 16174774) with its registered office at 30 Churchill Place, Ground Floor, London, UK E14 5RE.
  • Riva Money Europe AB, a company registered in Sweden (reg. no. 559519-2674) with its registered office at Bröderna Pihl gränd 2, 252 36 Helsingborg, Sweden.
  • Riva Money Switzerland Limited., a company registered in Switzerland (reg. no. CHE-130270533) with its registered office at Gewerbestrasse 10, CH-6330 Cham, Switzerland.

privacy.sections.whoThisAppliesTo

This Privacy Policy explains how we collect, use, and protect personal data relating to the following categories of individuals:

  • Visitors to our websites or digital platforms
  • Prospective customers and users who interact with us before onboarding
  • Registered customers and users of our international payment services platform
  • Payment recipients whose transactions are processed through our services
  • End users or customers of our business clients, where we process personal data on their behalf
  • Individuals applying for employment or contracting opportunities with us

If you are unsure whether or how this Privacy Policy applies to you, please contact us at privacy@rivamoney.com.

privacy.sections.howWeCollect

We collect personal data directly from you when you engage with Riva's services — for example, sign up for our waiting list, when you apply to open a business account, initiate a transaction, or contact us for support. We also collect data as you use our platform, such as transaction activity, payment instructions, and account preferences.

In addition, we may collect personal data from third parties, including:

  • Verification and compliance partners who assist us with customer due diligence (e.g. identity verification, KYB/AML screening);
  • Financial institutions or payment partners involved in processing or facilitating transactions;
  • Public databases and official registries, where required to verify identity, beneficial ownership, or corporate information;
  • Fraud prevention and risk management providers, who may check your information against sanctions lists, PEP lists, or other reference databases.

All processing of your personal data is conducted in accordance with applicable data protection laws and based on lawful grounds, as outlined in this Privacy Policy.

privacy.sections.whatWeCollect

The personal data we collect depends on how you interact with Riva and the nature of your relationship with us. Below is an overview of the categories of personal data we may process:

Website Visitors

When you visit our website, we may collect limited technical and usage data, such as:

  • Pages viewed, access times, and user interaction (clicks, scrolling, time on page);
  • Device and browser type, operating system, IP address, network location, and referral source.

This data is collected via cookies and similar technologies. For more information, please see our Cookies Policy.

Prospective Customers

If you express interest in our services (e.g. via contact forms), we collect:

  • Name, email address, and role/title;
  • Company name and business contact details;
  • Any other information you voluntarily provide.

Customers and Authorised Representatives

When your business signs up with Riva, or you are an authorised signatory, director, or beneficial owner, we may collect:

  • Personal and contact details (e.g. name, date of birth, residential address, email, phone number);
  • Government-issued ID and verification data (including biometric verification, where applicable);
  • Business details (e.g. company name, registration number, ownership structure);
  • Financial information (e.g. transaction history, payment data, bank account details);
  • Information about users of our platform (e.g. access logs, preferences, usage data);
  • Communication records with our support team (e.g. chat logs, emails).

We may also obtain additional information from trusted third-party sources, including identity verification services and financial institutions involved in your transactions.

Payment Recipients

If you receive funds via Riva's services, we may collect your name, account details, and relevant transaction metadata (e.g. payment references), typically from the initiating customer.

End Customers of Our Clients

When our business customers use Riva's platform to make or receive payments on behalf of their own clients, we may process limited data about those end users. This may include payer/payee name, contact details, bank or wallet details, and transaction information, strictly for the purpose of executing the payment and reconciling funds.

Job Applicants

If you apply for a role at Riva, we collect the personal information you provide as part of your application, such as your CV, contact details, employment history, and references.

privacy.sections.legalBasis

We will only process your personal data when the law permits us to do so. Depending on the nature of our relationship with you and the specific purpose for which we are processing your data, we rely on the following lawful bases under UK, EU and Swiss data protection laws:

Contractual Necessity

We process your personal data where it is necessary to enter into or perform our contract with you. This includes:

  • Conducting pre-contractual checks, such as verifying your identity and eligibility;
  • Establishing and managing your relationship with Riva, including account setup, service provision, customer support, and other obligations under any contractual agreement

If you do not provide the personal data required for these purposes, we may not be able to offer or continue our services.

Compliance with Legal and Regulatory Obligations

We are legally required to process certain personal data to comply with applicable laws and regulations, particularly those related to:

  • Anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions screening;
  • Regulatory reporting obligations to competent authorities (e.g. FCA (UK), FSA (Sweden), MROS (Switzerland));
  • Tax, accounting, or other statutory requirements.

Legitimate Interests

In some cases, we process your personal data where it is necessary for our legitimate business interests—or those of a third party—provided that such interests are not overridden by your rights and freedoms. Examples include:

  • Monitoring and improving our website, products, and services;
  • Ensuring the security of our systems, network, and infrastructure;
  • Anonymising data for analytics, research, and product development;
  • Managing business relationships with corporate clients and partners.

Consent (where applicable)

We do not generally rely on consent as a primary lawful basis for processing. However, where we do ask for your consent—such as for direct marketing communications—you have the right to withdraw it at any time, without affecting the lawfulness of any processing carried out before withdrawal.

Note: We may rely on more than one lawful basis depending on the specific processing activity. If you have any questions about the legal grounds we rely on for a particular use of your data, please contact us at privacy@rivamoney.com.

privacy.sections.howWeUse

We use the information we hold about you to deliver and improve our services, manage your relationship with us, and communicate with you. This includes verifying your identity, processing transactions, providing customer support, and complying with legal and regulatory obligations. We may also use anonymised or aggregated data for internal research, profiling, and analytics to enhance the functionality, security, and performance of our services.

If you have any questions about the legal grounds we rely on, you can contact us at privacy@rivamoney.com.

We use personal data for the following purposes:

  • Conducting pre-contractual checks, such as identity verification and eligibility assessments;
  • Establishing and managing your relationship with Riva, including account setup, transactional services, and customer support;
  • Fulfilling our obligations under any contractual agreement entered into between you (or the business you represent) and Riva;
  • Preventing fraud, money laundering, and other financial crimes, including conducting ongoing due diligence and transaction monitoring;
  • Complying with legal and regulatory requirements, including those related to anti-money laundering (AML), counter-terrorism financing (CTF), sanctions screening, and tax reporting;
  • Sending service-related communications, including updates about changes to our terms, services, or privacy practices;
  • Managing and improving our website, user experience, and platform performance;
  • Exercising or defending legal claims and protecting our rights, privacy, safety, or property;
  • Sending direct marketing communications (only where legally permitted and, where applicable, with your consent);
  • Managing recruitment processes and employment applications (if you apply for a job with us).

We will only use your information for the purposes outlined above and not for any unrelated reason. If we are required to process certain personal data by law or under the terms of our agreement with you, and you do not provide it when requested, we may be unable to provide the services. In some cases, this may require us to close your account. We will inform you if this becomes necessary.

We generally do not rely on consent as a lawful basis for processing your personal data, except where required—for example, when sending direct marketing communications by email or text. Where we do rely on consent, you can withdraw it at any time, free of charge. This will not affect the lawfulness of any processing carried out before your consent was withdrawn.

You can update your details or change your marketing preferences at any time by contacting us using the details provided in the "Contact" section of this policy.

privacy.sections.sharingData

We may share your personal data with the following categories of recipients, depending on how you interact with Riva and use our services:

  • Authorised Riva personnel, where access is necessary for them to carry out their responsibilities, including customer onboarding, transaction processing, compliance, and technical support.
  • Counterparties to your transactions, such as payment recipients, intermediaries, and other financial institutions, in order to facilitate the execution, settlement, and reconciliation of payment instructions.
  • Third-party service providers who support the delivery and operation of our services.

These may include providers of:

  • Identity verification and KYB/AML services
  • Cloud hosting and storage
  • Cybersecurity and fraud prevention
  • Analytics and performance monitoring
  • Communications (e.g. SMS, email distribution)
  • Customer support tools (e.g. session recording, chat services)
  • Legal, accounting, and compliance advisory services (these parties act as processors or sub-processors on our behalf and are contractually bound to handle your data securely and lawfully).
  • Law enforcement, regulators, or public authorities, where we are legally required to disclose information or where it is necessary to detect, investigate, or report suspected fraud, money laundering, terrorist financing, or other unlawful activities.
  • Affiliated entities within the Riva group, where necessary for internal governance, compliance, infrastructure support, or other legitimate business purposes.
  • With your explicit consent, where you have agreed for us to share your personal data with specific third parties or for particular purposes.
  • In the context of a business transfer, such as a merger, acquisition, financing, or sale of assets, where personal data may be disclosed as part of the transaction, subject to appropriate safeguards.

We ensure that any third party with whom we share personal data has appropriate data protection and confidentiality obligations in place, and we only disclose what is necessary for the intended purpose.

If you would like more information about how we share your data or a list of key third-party providers, please contact us at privacy@rivamoney.com.

privacy.sections.internationalTransfers

Riva operates across multiple jurisdictions, including the United Kingdom, the European Union, and Switzerland. Some of our service providers, technology partners, or affiliated entities may be located in other countries, or may store and process personal data in jurisdictions outside your country of residence.

When personal data is transferred internationally, we ensure that it is protected with a level of security and legal safeguards equivalent to those required under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in the UK, the EU General Data Protection Regulation (EU GDPR), and Swiss data protection legislation.

To safeguard your personal data, we implement one or more of the following transfer mechanisms:

  • Adequacy decisions: We may transfer data to countries that have been officially recognised by the relevant authority (e.g. the UK Secretary of State, the European Commission, or the Swiss Federal Council) as providing an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): For transfers to countries that are not covered by an adequacy decision, we use the European Commission's SCCs or equivalent safeguards approved by UK or Swiss authorities.
  • Binding Corporate Rules (BCRs): Where applicable, transfers within multinational service providers or technology vendors may rely on BCRs approved by supervisory authorities to ensure data protection compliance across their group.
  • Supplementary safeguards: Where required, we implement technical and organisational measures such as encryption, access controls, and regular security assessments to protect your personal data during and after transfer.

If you would like more information about how we manage international data transfers or the safeguards we apply, please contact us at privacy@rivamoney.com.

privacy.sections.retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to meet our legal, regulatory, accounting, or reporting obligations across the jurisdictions in which we operate — including the United Kingdom, the European Union, and Switzerland.

For example:

  • In accordance with anti-money laundering and financial services regulations, we typically retain customer and transactional data for at least five years after the end of the business relationship or from the date of a relevant transaction.
  • In some cases, we may retain certain information for longer periods where required to comply with specific regulatory requirements or to exercise or defend legal claims.

We may also retain personal data for operational reasons such as maintaining accurate business and audit records, providing customer support, and improving our services — but always within the limits of applicable data protection law.

When determining appropriate retention periods, we take into account:

  • The nature and sensitivity of the data;
  • The purpose for which the data was collected;
  • The potential risk of harm from unauthorised use or disclosure;
  • Statutory requirements under UK, EU, and Swiss law.

Once data is no longer required, we will securely delete or anonymise it in accordance with our internal data retention and destruction procedures.

If you have questions about how long your personal data is retained, please contact us at privacy@rivamoney.com.

privacy.sections.security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, alteration, or disclosure.

These measures include, but are not limited to:

  • Encryption of data both in transit and at rest;
  • Access controls to ensure that only authorised personnel can access your information;
  • Network and system monitoring to detect and respond to potential threats;
  • Secure development practices and regular penetration testing of our systems;
  • Strict internal policies governing data access, handling, and confidentiality obligations for all staff.

We also ensure that any third-party service providers processing your data on our behalf meet strict data protection and security standards through appropriate contractual safeguards.

While no system can be guaranteed 100% secure, we continuously review and update our security practices to mitigate risks and maintain the integrity of your personal data.

privacy.sections.cookies

Riva and our third-party service providers may use cookies and similar tracking technologies to enhance your experience, analyse website usage, and support marketing and performance initiatives.

Cookies are small text files that are placed on your device when you visit a website. These cookies serve various purposes and are typically classified into the following categories:

  • Essential Cookies: These are necessary for the basic functioning of our website and services. They enable core features such as page navigation and secure access to certain areas. Without these cookies, the website may not function properly.
  • Analytics Cookies: These cookies collect aggregated data on how visitors use our website. They help us understand traffic patterns, improve user experience, and enhance the performance of our platform.
  • Functionality Cookies (optional to include): These allow the website to remember choices you make (such as language or region) and provide enhanced, more personalised features.
  • Marketing and Advertising Cookies (if applicable): These may be used to deliver relevant ads to users and track the effectiveness of marketing campaigns.

We work with third-party analytics providers, including but not limited to Google Analytics, to help us measure and improve the performance of our website and understand user behaviour.

Most web browsers accept cookies by default. However, you can change your browser settings to block or alert you about cookies. Please note that disabling cookies may impact your experience and limit functionality on our website.

For more details on how we use cookies and to manage your preferences, please refer to our Cookie Policy or contact us at privacy@rivamoney.com.

privacy.sections.yourRights

Depending on your location and the applicable data protection laws (such as the UK GDPR, EU GDPR, or Swiss FADP), you have certain rights in relation to your personal data. These rights may include:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct or update inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You may ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for the purpose for which it was collected.
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability: Where applicable, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data in certain situations, such as where it is being processed for direct marketing or based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

To exercise any of your rights, or if you have any questions or concerns about how we handle your personal data, please contact us at privacy@rivamoney.com.

privacy.sections.thirdParties

This Privacy Policy applies only to the services provided by Riva and the use of our own websites and platforms. It does not apply to any third-party websites, services, or applications that may be linked to or accessible from our website or services.

Our website may contain links to external websites operated by third parties. These third parties may have their own privacy policies and practices, which we do not control and are not responsible for. We encourage you to review the privacy statements of any third-party sites or services before providing them with your personal data.

Your use of any third-party services, including those we may partner with or integrate, is subject to those providers' own privacy policies and terms of use.

privacy.sections.changes

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or business practices. The most recent version will always be available on our website, along with the date it was last updated.

Where appropriate, we may notify you of any material changes by email or through our platform. We encourage you to review this policy periodically to stay informed about how we collect, use, and protect your personal data.

privacy.sections.contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

Email: privacy@rivamoney.com

By post:
You can also write to us at any of the following registered offices, depending on your location or relationship with the relevant entity:

United Kingdom
Riva Money Ltd.
30 Churchill Place, Ground Floor
London, UK E14 5RE

Sweden
Riva Money Europe AB
Bröderna Pihl gränd 2
252 36 Helsingborg, Sweden

Switzerland
Riva Money Switzerland Ltd.
Gewerbestrasse 10
CH-6330 Cham, Switzerland

If you're unsure which entity is responsible for your data, please reach out via email, and we will direct your query accordingly.

riva

footer.description

support@rivamoney.com+44 (0) 20 8036 3678

footer.resources

footer.allRightsReserved

GBP electronic money accounts and related payment services are provided by Transact Payments Limited, a payment and electronic money institution authorised and regulated by the Gibraltar Financial Services Commission (GFSC) to offer payment and electronic money services in Gibraltar and the United Kingdom. Registered office: 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA. Incorporation number: 108217.

EUR electronic money accounts and related payment services are provided by Transact Payments Malta Limited, a payment and electronic money institution authorised and regulated by the Malta Financial Services Authority (MFSA) to offer payment and electronic money services in Malta and in the European Economic Area (EEA). Registered office: Vault 14, Level 2, Valletta Waterfront, Floriana, Malta, FRN 1914. Company number: C 91879.

footer.languageSelector