Global Privacy Policy (including Cookies Statement)
1. Who we are & our approach to personal data
1.1 This Privacy Policy explains the total range of purposes and legal bases upon which Moneyhub Financial Technology Ltd (company number 06909772) (“Moneyhub”) collects, processes, stores and shares data that can identify you (the “End User”). We reserve the right to publish different or bespoke versions of this global privacy policy, to suit particular products, sites or apps.
1.2 Moneyhub has its registered office at C/O Roxburgh Milkins Limited Merchants House North, Wapping Road, Bristol, United Kingdom, BS1 4RW, United Kingdom., with our principal place of business at Runway East Temple Meads, 101 Victoria Street, Bristol, BS1 6PU, United Kingdom. We are registered with both the Information Commissioner (No. Z2507137) and the FCA’s Financial Services Register (reference no: 809360).
1.3 You can contact Moneyhub at any time for more information about this policy so please get in touch with us at support@moneyhub.com
1.4 This Privacy Policy primarily applies to our account-information services, our payment initiation services, and to your use of our platform and software applications hosted or made available by us, wherever and however you access them (“the Service”). To a lesser extent this Privacy Policy applies to any visitor to our websites (where the level of interaction with your data and the amount of data processing will be much less).
1.5 Together with our various user terms (“Terms of Use”), this Privacy Policy forms our agreement with you. Capitalised terms not defined in this Privacy Policy shall have the meaning given to them in our applicable Terms of Use or in the General Data Protection Regulation (EU) 2016/679 (the “EU GDPR”) or the retained version of the EU GDPR as it applies in the UK from 1 January 2021 (the “UK GDPR”).
2. Collection, purpose and legal basis for processing
Moneyhub only uses personal data when the law allows us to. The most relevant lawful bases to our business model are as follows:
User-Type | What Type of Personal Data Do We Use? | Purpose of Processing | Lawful Basis Relied Upon | General Website Visitor / Browser (especially non-regulated activities) |
---|---|---|---|
If you are simply a visitor to our sites or browsing our app | Your name, email address and any other personal data you supply to us through forms you complete (such as any feedback or survey responses) | To provide you with basic information and updates on our activities, services and products, for statistical analysis, to identify which elements of the Service or other products might interest you, to record your marketing preferences and any feedback or responses for the purposes of improving our Services. | With your consent through our Terms of Use |
Any personal data we collect as part of your cookies setting. These include email-opening statistics, IP address/location, browser type and version, page views and searches. | To allow us to run the operation of our websites, domains, portals, and ensure that our provision of Services runs as smoothly as possible, in a personalised way. | With your consent obtained through our Terms of Use and the purposes of our legitimate interests judged in favour of processing (balanced against your fundamental rights and freedoms at all times). | |
If you use any non-regulated other services (such as subject access requests, requests for proposals | Your username, email and account information, supplied to us by you or your enterprise (if relevant) | To debug and remedy any issues you have when you access our Services and to improve our processes. | Our legitimate interests and occasionally we will need to comply with a particular legal obligation (such as GDPR on subject access requests) | Account Information & Payment Initiation Service Users |
If you are an end-user of our platform, AISP & PISP services in the UK | Any personal data that is contained in the account information that you consent to sharing with us (at the time of use and in accordance with Open Banking legislation). This will include account numbers and sort codes in the case of AISP services and payment information in the case of PISP services. | To deliver & improve our Services, to keep you informed about initiated payments or to categorise payment transactions accurately. Also, to disclose to third parties (such as the police) in order to comply with any legal obligation, to refer to a credit reference agency to check your identity to only authorised Third Party Service Providers, who act for us to operate the Service fully, to anti-fraud agencies, to debt collectors and other third parties (tax authorities and auditors). | To comply with our legal obligations (esp Payment Service Regulations 2017 and the Consumer Rights Act 2015). Also, it is judged necessary for our legitimate interest in ensuring that we can provide you (or your enterprise provider) with the Services and to continuously improve our Services. It is also essential for the performance of our Terms of Use as a contract to which you are party. |
Other information you give us through forms, or when reporting a support-desk issue, or your log of visits to the Service and the resources, tabs and features that you access | To manage, administer and improve the Service, including providing you with newsletters, emails, updates on our activities, services and products; to record your marketing preferences | With your consent and in pursuance of our legitimate interests | |
Your name, date of birth, address, email, photo identification such as passport and telephone number. Such personal data may include any criminal background information. | On a very infrequent basis we may need to conduct basic KYC/ AML checking (such as when enabling payments for an end user for the first time) | To comply with our legal obligations | |
Enterprise Clients (and their agents & staff) | |||
If you are an enterprise client employee, contractor or agent in the UK and you register as an authorised user | Your name, date of birth, address, email, photo identification such as passport and telephone number. Such personal data may include any criminal background information. | To deliver our Services to you | To deliver a contractual service to you as an enterprise with an API, whitelabel, TSP or other form of contract with Moneyhub. |
Your name, date of birth, address, email, telephone number. Such personal data may include any criminal background information (on enterprise clients). | To conduct any due diligence, KYC, AML (including credit checks) that we are required to do in order for you to receive our Services | To comply with our legal obligations (including regulatory requirements we are under) | |
Your name, email address, username | TTo deliver our Services to you and to give you access to information we hold about you, and for corporate / M&A purposes where we may be asked to disclose our client lists/contracts database to a prospective funder, seller or buyer | With your consent and in pursuance of our legitimate interests. |
3. Sharing of information with third parties
3.1 We may need to share information about you with certain service providers who help us to deliver the Service to you, such as agents registered with the FCA or third party technology companies who may provide elements of the Service functionality and other companies in our corporate group). We refer to the latter service providers as (“Third Party Service Providers”). We only disclose personal data to Third Party Service Providers for the purposes explained in this Privacy Policy.
3.2 You may access the Service directly through us or through enterprise clients of Moneyhub whose platforms are powered by Moneyhub or through other partners who operate within the Moneyhub ecosystem (for example, your financial adviser, your employer or a provider of your financial products) (“Third Party Members”). In order to engage with such Third Party Members, you may be required to enter into contracts with them and accept additional privacy policies which are specific to those Third Party Members. We may also share anonymous aggregated data with Third Party Members so they can understand trends and preferences across groups of users in a non-personalised way such as how spending habits are evolving or which new technologies or payment-types are being used more than others. These insights in turn allows Third Party Members to refine or pivot their own service-offers to their clients or create new partnerships with other organisations to provide better, more relevant functionality, products and services which users may want to use.
4. Where we store your personal data
Moneyhub processes and stores the personal data described in this Privacy Policy inside the UK and in the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, GDPR and UK GDPR at all times.
5. International transfers
5.1 Moneyhub does not engage in restricted transfers of personal data (i.e. those which do not benefit from the “appropriate safeguards” under UK GDPR or EU GDPR). We do however engage in some international transfers of data (outside the EEA and UK) where the appropriate safeguards are in place, such as the deemed application of standard contractual clauses approved by the European Commission. We shall continue to use these and will also use UK related standard contractual clauses as and when appropriate and applicable.
5.2 For more information on the privacy practices of our key international partners, please see the relevant additional material at the foot of this Privacy Policy.
6. How long we store your personal data for (retention & duration)
6.1 Where we hold your personal data and are responsible for it, it will be stored for the life of your contract with us and in accordance with the Moneyhub data retention policy and UK GDPR.
6.2 Your contract with us would typically expire when you delete your account with us or ask us to delete your Moneyhub account for you. Our databases are backed up but such backups are never held for more than 90 days at a time. It is crucial that we hold your personal data in this way because without it, we would not be able to fulfil our contract with you and show you copies of your account information or payment transaction information, when you request/select these.
7. Data Security
7.1 Once we have received your information, we will use procedures and security features to try to prevent unauthorised and unlawful access and processing, as well as accidental loss, destruction or damage. We use encryption technology to protect personal data that you submit to us online in order to reduce the risk of your data being intercepted by unauthorised persons during transmission.
7.2 We deploy a range of “technical and organisational” measures including physical, electronic, and procedural safeguards to protect information we process and maintain.
7.3 Please be aware that the transmission of information via the internet or mobile networks is not completely secure; we cannot guarantee the security of your data transmitted to or from us and any transmission is at your own risk. Moneyhub may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. It will be clear to you when you click on a link that will take you to a Third Party Member we strongly encourage you to read their privacy policies in detail. We do not control these third-party websites and are not responsible for their content or their privacy statements.
7.4 In the event there is an occasion in future where there is an unauthorised use or breach with respect to personal data, Moneyhub shall comply with GDPR expectations and timelines (including a 72 hour investigation and reporting window) in order to mitigate the risk to any individuals affected.
8. Moneyhub’s Cookie Statement – our deployment of cookies across our website and our products (which will be different in each case)
Moneyhub uses (i) Strictly necessary (essential) (ii) Functional (iii) Analytical (measuring performance) and (iv) Tracking/advertising types of cookies.
Cookies may be delivered by us directly to you (first-party cookies) or delivered by one of our partners (such as Intercom for users of AISP or PISP services). Cookies can be either session cookies or persistent cookies. Session cookies enable sites to recognise and link the actions of a user during a browsing session and expire at the end of each session. Persistent cookies help us recognise you and these are stored on your system or device until they expire, although you can delete them before the expiry date.
8.1 Moneyhub uses cookies for the following reasons:
For our products/platform:
- To help us improve End Users’ experience
- To fulfil API calls and integration requests to connect to various accounts
- To help with data protection and spot fraudulent activity
For our websites:
- To remember preferences and settings
- To identify errors on the site and assess performance
- To help us understand traffic data relating to our site, e.g. time and date of visit
8.2 What other similar technologies does Moneyhub use?
Moneyhub uses certain tools for basic font usage and to understand email-opening statistics by recipients of our emails). These help us to gauge the effectiveness of certain communications, promotions and marketing campaigns.
8.3 How you can take control of cookies and similar technologies
You have rights to manage and turn off/on certain cookies as you wish from your browser settings but you may not be able to use our applications or features of our sites if cookies are disabled.
8.4 In light of recent changes to cookies practices in 2021 (with respect to the disablement of third party cookies on some browsers) we include below an updated list of the more popular browser types with hyperlinks showing how to adapt their cookie settings accordingly:
8.5 Where & how Moneyhub uses cookies
We use cookies in several places, and some examples from third parties are included below:
For our Product (platform):
- Adjust
- Braze
- Heap
- Intercom
- Zendesk
For our websites:
- Squarespace
- Google Ads
- Google Analytics
- Vimeo
- Cloudflare
- Pardot
For more information on the main cookies currently used, their purpose and their duration please get in touch with us at support@moneyhub.com
9. Changes to this Privacy Policy
We reserve the right to add to or change the terms of this Privacy Policy in the same way that we need from time to time to vary our Terms of Use to keep up to date with evolving data protection laws or to take account of changes to our Service. You are therefore advised to keep abreast of this Privacy Policy through whatever medium, site or device you access it.
10. Your rights
10.1 Right of Access
You have the right to access information held about you and you can ask us for a copy of the information at any time. Where we have good reason, and if the law permits, we can refuse your request for a copy of your personal data, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
10.2 Right of Correction or Completion
If personal data we control and hold about you is not accurate or needs updating you have a right of rectification (we can easily correct some of your personal data like an email address upon your instruction, but we cannot unilaterally amend your credit card transaction data if supplied to us in error by a third party) .
10.3 Right of Erasure
In certain circumstances, you have the right to request that personal data we hold about you is erased for example if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
10.4 Right to Object to or Restrict Processing
In certain circumstances, you have the right to object to our processing of your personal data by contacting us. You have the right to object to use of your personal data for direct marketing purposes. You have a legal right to object at any time to: (i) use of your personal data for direct marketing purposes; and (ii) processing of your personal data which is based on our legitimate interests, unless there are compelling legitimate grounds for our continued processing.
NOTE: If you do object, it is highly unlikely we will be able to provide our Service to you given the nature of our products and solutions.
10.5 Right of Data Portability
To save you time, you should know that the vast majority of the personal data and transaction data you would want to port across to other systems, devices or software solutions are readily downloadable from our platform and the Moneyhub App. (It is highly unlikely if you are a website visitor we will have any personal data you would wish to port).
Where your request to move or migrate is more complex than you simply downloading the data that you need from the platform, you can ask us to transmit your data in a structured, commonly used and machine-readable format. Of course, we cannot guarantee technical compatibility with a third party organisation’s systems if that is your desired destination and we cannot accede to requests that involve personal data belonging to other persons.
10.6 Marketing
You have the right to ask us not to process your personal data for marketing purposes. We will only process your personal data for such purposes where you agree to such processing (e.g., by checking certain boxes on the forms or registration pages we use to collect your information).
If you have previously agreed to us using your personal data for marketing purposes, you may change your mind at any time by contacting us at marketing@moneyhub.com. You will also be given the opportunity to unsubscribe when you receive marketing messages.
10.7 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us.
We aim to keep your personal data up-to-date, so please advise us of any changes and feel free to exercise any of the above rights by contacting us at Support.
11. Complaints & Contact
11.1 Should you be dissatisfied with the service we provide, you have the right to file a formal complaint to the Information Commissioner's Office at www.ico.org.uk, or to the relevant data protection supervisory authority in your country of residence. The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by telephone on 0303 123 1113 or 01625 545 745.
11.2 Contact details for Moneyhub’s EU Representative in the EU as required by Article 27 of the EU GDPR shall be made available upon request in writing.
12. Optional Information – For those based in the EU
12.1 You may be located in the European Union. This Privacy Policy applies to our provision of services within the EU, as well as our provision of services within the UK. For all personal data held by us in connection with End Users located in the European Union since 1 January 2021, (and for historical personal data sets processed by us up until 31 December 2020) we continue to apply and adhere to the GDPR. We also comply with the UK GDPR as it applies in the UK from 1 January 2021 as amended from time to time.
12.2 We may need to share information about you with certain service providers who help us to deliver the Service to you, such as with fino run GMBH, our European outsourced partner who provides AISP and PISP service delivery to our End Users located in the EU. For the time being and until we are formally authorised in Slovenia, fino will have a role in processing and storing your personal data in accordance with its privacy policy, found here:
Fino General Terms & Conditions
Fino T&Cs for Payment Initiation Services
Fino T&Cs for Account Information Services
13. Optional Information – for those accounts not accessible via Open Banking
13.1 Where possible we will use Open Banking to allow you to see your accounts and payment transactions in Moneyhub. Where a particular bank, financial institution or account is not enabled for Open Banking we may use another method via the non-exclusive use of certain aggregation partners. One such partner is Yodlee Inc who allow you to retrieve your financial/account data using their services. We work with Yodlee Inc as a Third Party Service Provider who are supervised by the US Banking Regulators (a body similar to the UK’s Financial Conduct Authority).
13.2 Yodlee Inc handle any personal data (which can exist as part of aggregated data or wider client data) in accordance with this privacy policy and its own privacy practices which we are required to point out to you, as part of our terms and conditions with Yodlee. We provide you with important information about Yodlee’s client privacy arrangements through a dedicated link, which is available here.
14. Optional Information – for those occasions where we use credit reference agencies
14.1 Another subset of personal data shared with Third Party Service Providers relates to identity data emanating from our Know-Your-Client and anti-money laundering obligations. On rare occasions we will need to check user identity and other personal details with a fraud prevention and credit reference agency. An example of when we will need to do this includes when using our payments capability for high value, high volume or unusual transactions or if you opt into our Rent Recognition Service to submit your rent data to a credit reference agency. If you give false or inaccurate information and we identify fraud, this will be recorded and may be shared by those agencies with other organisations. This is important:
a. to trace debtors, recover debt, prevent fraud, and to manage your accounts or insurance policies; and,
b. to prevent fraud and money laundering, for example, for payments services or where a bank or other third party, such as an Enterprise client requests these checks as part of their service.
14.2 Links to each agency’s relevant Credit Reference Agency Information Notice:
Transunion: www.transunion.co.uk/legal/privacy-centre
Equifax: www.equifax.co.uk/crain
Experian: www.experian.co.uk/crain
15. Optional Information – for those using Moneyhub for the Rent Recognition Service
15.1 We provide a Rent Recognition feature (delivered in conjunction with Experian) which helps individuals by giving them intended credit-score benefits flowing from their regular property rental payments. End-User data can only be used to positively impact your credit score when rent is paid on time.
15.2 When you sign up to use the Experian Rental Exchange service (known as Rent Recognition on the Moneyhub app/service), you are expressly consenting to our use and process any personal data provided to deliver this particular service. The kind of personal data includes financial account categorisations for the rental information and tenancy details, and other identifiers such as your name, address, date of birth.
15.3 We will continue to exchange information about you with Experian while you have a relationship with us. Please note that we understand that Experian will record any outstanding debt. Experian will hold your rental data for the time limits explained in their CRAIN notice as explained above.
15.4 Further information about the Rent Recognition service is available here: https://www.experian.co.uk/assets/rental-exchange/rental-exchange-privacy-notice.pdf & here https://www.experian.co.uk/assets/rental-exchange/rental-exchange-data-protection.pdf
16. Optional Information – Details about our International Partners
We enclose below some privacy statements and related information from our international partners and Third Party Service Providers, for your further information.
Website:
https://www.squarespace.com/privacy
https://policies.google.com/privacy?hl=en and https://analytics.google.com/analytics/web/provision/#/provision
https://marketingplatform.google.com/intl/en_uk/about/tag-manager/
https://www.cloudflare.com/en-gb/privacypolicy/
Product (platform):
https://www.intercom.com/terms-and-policies#privacy
https://www.yodlee.com/europe/company/clients-consumers
https://www.zoopla.co.uk/privacy/
https://www.adjust.com/terms/privacy-policy/
https://www.braze.com/company/legal/privacy
https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/
V17 – 11 November 2024 Update