Privacy notice for EU personal account customers

This privacy notice explains what personal data we collect, what we do with it, who we share it with, how long we keep it for and what legal rights you have.

Monese EU is the data controller of your personal data.

We refer to “Monese”, “we”, “us” or “our” in this notice. Certain sections of this notice may only apply to customers who hold certain accounts with us (for example, Credit Products). If this is the case, we have made this clear in this privacy notice.

1. The Personal Data We Hold About You

Your identity and contact data

This includes personal information about you (for example your name, date of birth, residential address, nationality, passport number) and your contact details.

In most cases the information is provided by you during the set up and management of Monese services, in the form of identity documents, your video selfie and any other personal data you have shared with us. In some cases, it may be provided by a third party where you have given your consent for them to share it with us.

We may be provided with additional identity and contact data by third parties that we use to perform due diligence. In addition, we may source identity and contact data from publicly available sources such as Companies House and Electoral Roll Registers.

Financial and service data

This is information about your Monese accounts, related debit cards and any other products and services that you have obtained from us. It includes things like account numbers, account balances and information about transactions. The information is generated as you use our services and in some cases it is shared with us by the organisations we use to provide our services.

Where you have linked your Monese account to one of our partner services (for example the Avios rewards programme) we may hold financial data for these services.

Information you permit us to access on your phone

This is information stored on your phone that you explicitly permit us to access (for example, your address book, photos and geolocation data).

Technical data

This is information about the phone you use (for example the browser version, time zone settings, phone operating system, IMEI number, IP address and other technical settings). This information is collected automatically when you use the Monese app.

Analytics

This includes information about how you interact with our services. We collect this information automatically when you visit our website or use the Monese app. Our use of cookies to help us achieve this is explained in our cookie policy.

Special and risky category of data

This is information that is considered more sensitive by regulators and includes your race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health and sexual orientation. With the exception of the video selfie and photo ID that you provide so we can verify your identity, we do not process this category of data. However, it is possible that we may hold a special or risky category of data when you provide it to us, e.g. if it is included in documentation (for example your ID document) or when third parties provide it to us (for example details of criminal activities from the police). When this is the case, we will only process this information in strict accordance with the law.

2. What Do We Do With Your Personal Data

We only use your personal data in order to provide great financial services and where there is a lawful basis to do so.

To fulfil our contract with you, we will use your personal data to:

Administer and provide our financial and other related services (for example, account top-ups, payments, direct debits, standing orders and international transfers, as well as additional account benefit services).
To develop and provide a high-quality user experience through the Monese app.

To fulfil our legal obligations we will use your personal data to:

Verify your identity when you apply for a Monese account.
Check applications against certain fraud prevention and sanctions databases. Implement measures to identify and prevent financial crime (for example, money laundering, fraud and terrorist financing).
To make responsible lending decisions.

It is in our legitimate interests to use your personal data to:

Keep you informed of the status of the Monese services you use.
Provide a world class customer service experience.
Perform a soft credit search to assess your suitability for our services.

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details below. We also utilise the latest technology to make automated decisions for the verification of identities and the identification of financial crime. You can contact us to ask for a person to review an automated decision.

Undertake analysis on our customers to better understand how to improve our products and services. This may involve us processing your data (including your transactions) or working with third parties (in which case we will not directly identify you or any other customers) to help better profile our customers and improve how we market our products. We will ensure that appropriate safeguards are put in place with such third parties so that your data is kept secure. See below for more information about processing by third party advertising partners for Monese’s analytics purposes.

With your consent, we will use your personal data to:

Provide you with information about Monese products and services that we think you may like.
Invite you to participate in market research activities (such as focus groups, interviews and surveys).
Provide you with information about third party products and services that we think you may like.
Market our products.
Operate our Hub (where you may choose to take advantage of a wide range of our partners’ products and services).

If we ask you for permission to process your personal data, you can refuse, or withdraw your permission at any time, by using the details at the end of this privacy notice or, if in relation to cookies or similar, through the cookie policy. To withdraw your consent to receive marketing messages, you can set your preferences in the Monese app settings, or by following the opt-out link contained in marketing emails.

3. Who We Share Your Personal Data With

We will share your personal data with organisations and partners that enable and improve the Monese services you use or where we are required by law or court order. This includes:

Group companies, affiliates and branches of Monese.
Any third party after a restructure, sale or acquisition of any Monese company or debt, as long as that person uses your information for the same purposes you originally gave it to us for.
Organisations that help us to verify your identity.
Organisations that help us to provide our financial service. This includes:
Card issuers.
Independent third-party service providers who you (or a third party properly authorised to give instructions on your behalf) ask us to share information with (for example, providers of payment-initiation or account-information services). If we share your information with these third parties, we will have no control over how they use it. You (or the person with authority over your account) will need to agree this directly with the third party. *
Prepay service providers.
PPS EU which is a separate independent Data Controller in relation to data processed in connection with your Monese Card and all necessary activities relating to the operation of the Monese Card including: allowing you to receive, activate and use your Monese Card; making and receiving payment transactions, meeting legal requirements regarding your Monese Account and Monese Card; answering your requests and providing information to you. The PPS EU privacy notice is available on its website: https://eps.edenred.com/privacy-policy-0.
Payment service providers and technical and non-technical processors.
The providers of our IT and cyber security services.
Credit reference agencies. For details on how they use your personal data, see https://www.equifax.co.uk/crain, https://www.experian.co.uk/crain/index.html and https://www.transunion.co.uk/crain.
Organisations that provide our customer service tools.
Any organisations that enable the Monese services that you use.

To fulfil our legal obligations, we may share your personal data with:

Government and law enforcement agencies in the pursuit of financial crime prevention and in the fight against terrorism.
Tax authorities.
Fraud prevention agencies and providers of due diligence services.
Any organisation that we are legally required to do so.

Where you have provided your consent, we may share your personal data with:

Organisations that provide marketing and advertising services.
Organisations that provide services in the Monese Hub.
Anyone you give us explicit permission to do so.

In all cases, we will only share the personal data that is absolutely necessary to provide our services, fulfil our obligations to you and to fulfil any legal or regulatory requirements.

Processing by third party advertising partners for Monese’s analytics purposes

Our third party advertising partners will process your data in order to provide advertising related services for us such as marketing analytics and marketing and performance optimisation but also for their own additional purposes. The table below provides a link to each partner’s privacy notice in case you want to learn more about what they do with your data.

Partner Link to Privacy Notice

Apple Search Ads – https://searchads.apple.com/privacy/
Affiliate Window – https://www.awin.com/privacy
Facebook Technology – https://www.facebook.com/privacy/policy/
Firebase – https://firebase.google.com/support/privacy
Google Ads Processor Terms – https://business.safety.google/adsprocessorterms/
Instal – https://www.instal.com/privacy-policy
MiQ – https://www.wearemiq.com/privacy-policy
Mobupps – https://mobupps.com/privacy-policy/
Outbrain – https://www.outbrain.com/legal/privacy
TikTok – https://www.tiktok.com/legal/privacy-policy
BCNMonetize – https://bcnmonetize.com/privacy-policy/
Iconpeak – https://www.iconpeak.com/privacy-policy/
Taptica – https://www.taptica.com/privacy-policy/

How to opt out of processing by third party advertising partners

You can opt-out of ads tracking by adjusting your device settings. Do this by going into your phone’s device settings and opting out from there.

If you are on iOS, go to Settings > Privacy > Tracking and move the toggle to switch off.

If you are on Android, go to settings > Google > Ads > Opt out of ads personalisation and switch off by tapping the toggle on your screen to turn it off.

4. How Long We Keep Your Personal Data

We hold our customers’ personal data only as long as necessary to meet our legal and regulatory obligations and where:

The relevant local law requires us to hold your personal information for a longer period, or delete it sooner.
You exercise your right to have your personal data erased from our systems (where it applies).
We have a legitimate reason to keep it (for example, helping us to respond to queries or complaints, to show that we have given you fair treatment, in the fight against financial crime).

5. Your Rights

You have certain rights relating to your personal data:

Your right to access

You may request access to all the personal data we hold about you. This is known as a ‘subject access request’.

Your right to erasure

The right to have your personal data erased from our systems

Your right to rectification

If you believe that any of the personal data we hold about you is inaccurate, you have the right to have it updated (for example, you may wish to update your personal or contact details).

Your right to object to processing

You may object to, or request that we restrict the processing of your personal data (for example, you may withdraw your consent for marketing at any time).

Your right to portability

You may ask that we provide a copy of your personal data in a structured, commonly used and machine-readable format. You can request that we provide this to you directly, or that we transfer the data to a third party of your choosing.

Your right to object and automated individual decision-making

Where we have used technology to make an automated decision, or to evaluate your suitability for a Monese service, you have the right to challenge the decision directly with a member of our customer service team and request a review of the decision process by a human intervention.

To exercise any of these rights, simply submit a request to the customer service team via the chat function in the Monese app, or by emailing privacy@monese.com. We will fulfil all requests within one calendar month.

6. Making A Complaint

If you are unhappy about our management or use of your personal data you are entitled to make a complaint to complaints@monese.com.

If we fail to resolve your complaint to your satisfaction, you may pursue your complaint via the relevant Data Protection Authority. You can contact the Belgian Data Protection Authority (https://www.gegevensbeschermingsautoriteit.be/citizen/actions/lodge-a-complaint) or your local Data Protection Authority.

If you have any questions or would like to know more, don’t hesitate to contact our Data Protection Officer at dpo@monese.com, or write to us at Eagle House, 163 City Road, London EC1V 1NR.