Privacy policy

Ensuring our customers privacy is respected and information is protected is our priority. This privacy policy describes how we collect and use your information across all the ways you might interact with us such as when you visit our website, use our app, open an account and more.

What information do we collect?

We collect and use information about you when you interact with us such as when you visit our website, use our app, apply to open and have an account with us or use a service that integrates with our systems. We also collect and use information about you that is provided by third parties, such as an identity verification provider or credit reference agency.

• Information you give us when you get in touch with us either through our app, email or by phone (we monitor and record all calls) such as the information you provide when you download our app, use our website, transact with our services, engage in customer research, participate in discussion boards or social media platforms, or when you report a problem. Examples of this information are your name, address and previous addresses, email addresses and phone numbers, financial and credit and debit card information, personal description and photographs, videos or audio files.
• Transactional information in relation to financial products and services including from third party providers.
• Technical information such as the internet protocol (IP) address used to connect your computer or device to the internet, your login information, browser type and version, time-zone setting, browser version, operating system and platform.
• Information about your visit to our website, including the Uniform Resource Locators clickstream to, through and from our website (including date and time), pages you viewed, page response times, download errors, length of visits to certain pages and methods used to browse away from the page.
• Telephone log information, such as your phone number, time and date of calls, duration of calls, phone numbers used to call us and the content of those calls.
• Information about the device you are using including information relating to your mobile phone network, which operating system you use and the version of that operating system, information which enables the identification of that device. We will link your device with your account when you login to our app for the purposes of sending notifications to you and to protect your account against unauthorised use.
• Information about where you are located which is provided through our technology by using details like your IP address or GPS sensors.
• Our app collects certain information when you install, use or uninstall it, including information about your device and the way you use our app, our products and services. Our app may periodically contact our servers and we may collect and store information (including information about you) on your device itself. Our app may also use cookies.
• We also work closely with third parties including but not limited to business partners, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, lenders that we partner with and that optionally you may use.
• We may need to process your special category personal data in certain situations. This is information that can reveal a person's racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic or biometric data and information concerning a person's health, sex life, or sexual orientation.

How do we use your information?

We use your information in order to provide you with financial products and services, to make sure that we do not breach any contracts, to keep you and your account secure, to give you information about our products and services, and to comply with the law.

• To provide financial products and services including to allow you to open an account, receive and make payments (including through services like Google Pay and Apple Pay) and to comply with obligations to our banking and card partners.
• To ensure our app, our website, and our services are effective and as relevant as possible and give you the best experience possible.
• To administer our business, including troubleshooting, fraud detection, data analysis, testing, research, marketing, to identify and assist you if you are a vulnerable customer, and to keep our business, website, our app, and our systems safe and secure.
• To ensure that we comply with laws and regulations, to help detect or prevent fraud or other crimes, and for tax, legal, reporting and auditing obligations.
• To check we have carried out your instructions correctly or to resolve queries or issues.
• For staff training or complaint resolution where we may monitor or record conversations.
• In connection with agreements with credit reference agencies and fraud prevention agencies.
• To carry out our obligations arising from any contracts entered into between you and us.
• To provide you or others, directly or via third party platforms (such as social media platforms), information such as about our products and services and notices about changes to our products or services.
• To measure, understand and improve the effectiveness of any functionality or access to, or the commerciality of, any products or services we offer or to which we provide access and to inform and deliver our marketing communications, and we use social media platforms and other communication platforms, analytics and search engine providers to assist us in marketing and the improvement and optimisation of our website, our app and our business generally.

We process your information for the purposes set out above on the following grounds:

1. Your consent to do so where you choose to share your information with us and subsequently any third parties as required to provide the product or service to you.

2. Where it is necessary for the adequate performance of contracts with you and to take steps requested by you prior to you entering into contracts with us.

3. Complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

Special category personal data:

If there is special category personal data for any of the purposes set out above we will process that data on the following grounds:

1. Where we have your explicit consent.

2. It is necessary for the protection of your vital interests or of another person, or, reasons of substantial public interest, or, the establishment, exercise or defence of legal claims.

Who do we share your information with?

We may share your information with our affiliates or business partners, credit reference and fraud prevention agencies, law enforcement bodies and regulators or if the information is aggregated (and so cannot identify you specifically).

• With business partners, suppliers and subcontractors, social media platforms and other related service providers, with companies, organisations or individuals (such as fraud prevention suppliers and analytics providers) for the performance of any contract we enter into with them or you or for the uses set out in the section above.
• With credit reference agencies and fraud prevention agencies. This might be a condition of us entering into a contract with you.
• If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply any agreement with you or our suppliers, to protect the rights, property or safety of us, our customers or others.
• With government agencies and other companies and organisations for the purposes of fraud protection and credit risk reduction.
• With tax authorities.
• With the police and other law enforcement bodies.

How we use credit reference and fraud prevention agencies

We use credit reference and fraud prevention agencies for a number of purposes including when you apply for an account with us and subsequently when you request to use some of our products and services.

• We use credit reference agencies and fraud prevention agencies. For a detailed explanation of what they do and what they do with information about you, please contact our customer care team to find out which agencies we use for your country.
• We may use systems to make automated decisions for the purposes of whether to give you an account or check if a product or service is relevant for you, detecting fraud or money-laundering and taking action such as closing or freezing accounts.
• If you apply for a service such as balance protection, we may use a credit scoring system. This is an automated system which allows us to make a fair and informed decision on whether to allow you to access this service and to determine a limit. The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased. The system takes account of different information, including that of the credit reference agencies and the information we already hold about you. The system applies the information to look at your application and whether it is responsible to agree to allow you to use this service.
• If your application is declined from an automated system, you can contact us if you wish to have your application reviewed.
• Ongoing reports may also be provided by credit reference or fraud agencies.
• Automated decision making (including profiling) is when we use systems to make decisions solely by automated means without any human involvement, which then has a legal or similarly significant effect on you. This specific type of decision making has additional rules to protect you.

Where do we process and store your information?

Depending on your location, we may process your information through servers in the UK, the EEA or Asia and normally store it for six to seven years. We try and keep your information going outside the UK, the EEA and Asia to a minimum and we put safeguards in place as far as possible.

• We process your information and store it on servers located across a number of secure data centres in the UK, the EEA and Asia.
• Our server environment is highly secure and there is very limited personnel access. Information is encrypted on being stored.
• We try to ensure that we do not send your information outside the UK, the EEA and Asia. However, this is not possible in all cases as a very small number of our suppliers are located in destinations outside these areas. We ensure that suitable safeguards are in place as required by law and we will take all steps reasonably necessary to ensure that information about you is treated securely and in accordance with this notice.
• If you are transacting internationally we may process payments through other institutions and payment systems. They may have to process and store information about you in connection with their own regulations.
• The transmission of your information over the internet can never be 100% secure. We will do our best to protect your information, however, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures to try to prevent unauthorised access.

Your rights

You have certain rights under the law and under this policy to request access to your information, to manage it, to withdraw consent, and to request us to delete or transfer information about you or restrict the way it is used. You also have a right to complain.

• You may access information held about you. Your right of access can be exercised by contacting our customer care team.
• To provide our products and services to you we need accurate customer information. You are required to inform us whenever your circumstances change.
• If you wish to update information about you which is inaccurate or incorrect please do this via our app or by contacting our customer care team.
• We may need to ensure that your information is accurate and correct and this may involve a number of further steps such as confirming your identity prior to being able to assist you or answer questions about your account.
• Depending on your location, we will store your information for six to seven years but in certain circumstances, including through regulatory requirements, we may have to store this for a longer period.
• You may request that we delete your information and we will do so but only if we do not need to retain it for any of the matters set out above.
• Some of your information may be impossible to permanently delete and where this is not possible we will put that information beyond reasonable use.
• Your information which you have shared with others (for example on our website or social media platforms) may remain publicly available.
• You can ask us to stop using all or some of your information, withdraw consent or to limit our use of it by contacting our customer care team. We will do so but only if we do not need to retain or use it for any of the matters set out above.
• Before sending you marketing communications, we will always obtain your permission to do so. Please note that if you update your permissions on marketing communications, there may be a period of time before the update takes effect and you may be sent marketing communications during this time.
• You can ask to have information about you that you have provided to us transferred elsewhere by contacting our customer care team.
• We will do so but we may also need to retain it for any of the matters set out above or we may be restricted from doing so for the same reasons.
• If you are located in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office.

Other important information

This policy may be updated from time to time. Any updates we make to this policy will become effective immediately on posting on our website. We will provide you with notice of significant updates via email or any other method we think is suitable.

For the purposes of the data protection laws, the data controller is Mondooli Ltd. Our company registration number is 14521473. Our ICO registration number is ZB491062.

To ensure clarity of some of the meanings we've used above:

• Affiliates and business partners means our holding companies, subsidiary companies and all the subsidiary companies of such holding companies.
• Data protection laws means the General Data Protection Regulation (EU 2016/679) or any substantially equivalent law enacted in the UK and other locations that we may offer our services.
• EEA means the European Economic Area.
• Our website means the Mondooli website at www.mondooli.com and all related sites.
• We, us, our or Mondooli means Mondooli Ltd and our affiliates.
• Your information or information about you means personal data (as defined in the data protection laws) about you.