(“Website”), our web application (“Web App”) and our mobile app (“App”) and
email messages that we send to you (jointly called “Services”). If anything, here only applies to one of our
services, we’ll explicitly point this out to you.
“Personal Data” means any information that relates to an identified or identifiable individual and can
include information about how you engage with our Services (e.g., device information, IP address).
When we say, “Personal Data”, we mean information which:
- we know about you
- can be used to personally identify you
This notice explains what information we collect, how we use it, and your rights if you want to change how
we use your personal data.
Please read this Policy carefully, as it becomes legally binding when you use our Services. We take privacy
and protection of your data very seriously and are committed to handling the personal information of those
we engage with, whether customers, suppliers, or colleagues responsibly and in a way that meets the legal
requirements of the countries in which we operate.
1. Data we collect about you
Personal data, or personal information, means any information about an identified or identifiable
individual. It does not include anonymous data, which cannot be linked back to the individual. We will
collect and process personal data about you as follows:
1.1. Information you give us
- You may give us information about yourself when you sign up to use our Services, e.g., when you
provide us with personal details including your name and email address. This also includes
information you provide through your continued use of our Services. Additional information you give
us for security, identification and verification purposes may include your address, phone number,
financial information (including credit card, debit card, or bank account information), payment
reason, geographical location, social security number, personal description, and photograph.
- The content of your communications with us, which we collect via online chat, emails, direct
messaging, and other means.
In some cases, including when you send or receive high value or high-volume transactions, or where
we need to comply with anti-money laundering regulations, we may also need more commercial or
identification information from you.
In providing the personal data of any individuals other than yourself, including payment
beneficiaries or if you are recommending a friend, or providing information on directors or owners
of a company, or giving us access to your contacts list, you confirm that you have obtained consent
from such individuals to disclose their personal data to us or are otherwise entitled to provide
this information to us. You also confirm that you have their consent to our collection, use and
disclosure of such personal data, for the purposes set out in this Policy.
Please ensure that your personal data is current, complete, and accurate by logging onto your
account and updating it whenever necessary.
1.2. Information we collect about you.
With regard to your use of our Services, we may automatically collect the following information:
Details of the transactions you carry out when using our Services, including the geographic
location from which the transaction originates.
Technical information, including the internet protocol (IP) address used to connect your device to
the internet, your login information, browser type and version, time zone setting, browser plug-in
types and versions, operating system, and platform.
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to,
through and from our Website or App (including date and time); products you viewed or searched for;
page response times, download errors, length of visits to certain pages, page interaction
information (including scrolling, clicks, and mouse-overs), and methods used to browse away from the
page and any phone number used to call our Customer Support service.
1.2.1. We will collect the following personal information:
- your name, address, and date of birth
- your email address, phone number and details of the device you use (for example, your phone,
computer, or tablet)
- your Moneliq username
- your registration information
- details of your account, including the account number, sort code and IBAN
- details of your Moneliq payment cards including the card number, expiry date and CVC (the last
three digits of the number on the back of the card)
- copies of your identification documents (for example, your passport or driving licence) and any
other information you provide to prove you are eligible to use our services
- your country of residence, tax residency information, and tax identification number
- records of our discussions if you contact us or we contact you
- your image in photo or liveness form (where required as part of our Know-Your-Customer (KYC)
checks, to verify your identity
- your image in photo or liveness form (where required as part of our Know-Your-Business (KYB)
checks, to verify your identity
- information about other people (such as the company’s shareholders, directors, employees,
customers, or business partners) where we are legally required to ask for such information (for
example, as part of KYB checks or under anti-money laundering laws to verify your company’s sources
of funds (where you, or your company, give us personal data about other people, you are responsible
for ensuring that they understand how we will process their personal data).
1.3. Information we receive from other sources.
We may receive information about you if you use any of the other websites we operate or the other services
we provide. We are also working closely with third parties and may receive information about you from them.
These may include:
The banks you use to transfer money to us will provide us with your basic personal information,
including your name and address, as well as your financial information, including your bank account
Business partners may provide us with your name and address, as well as financial information,
including card payment information.
Advertising networks, analytics providers and search information providers may provide us with
pseudonymised information about you, including confirming how you found our website.
Credit reference agencies do not provide us with any personal information about yourself, but we may
use them to corroborate the information you have provided to us.
Credit reference agencies do not provide us with any personal information about yourself, but we
may use them to corroborate the information you have provided to us.
1.4. Information from social networks.
If you log in to our Services using your social network account (including Facebook or Google) we will
receive relevant information that is necessary for us to enable our Services and authenticate your access.
The social network will provide us with access to certain information that you have provided to them,
including your name, profile image and email address, in accordance with the social network service
to us when registering or using our Services, to create your account and to communicate with you about the
information, products, and services that you request from us. You may also be able to specifically request
that we have access to the contacts in your social network account.
1.5. Information from publicly available sources.
We collect information and contact details from publicly
available sources, such as media stories, online registers or directories, and websites for enhanced due
diligence checks, security searches, and KYC purposes.
1.6. Sensitive data.
We process a limited amount of sensitive data when we carry out verification of
identity documents that contain biometric data, where we are relying on the substantial public interest
condition in Article 9(2)(g) of the GDPR and condition 14 ‘Preventing fraud’ in Part 2 of Schedule 1 of the
Data Protection Act 2018.
1.7. Children's data.
Our products and services are directed at adults aged 18 years and over, and not
intended for children. We do not knowingly collect data from this age group. Our verification process
prevents Moneliq from collecting this data. Any data collected from a child before their age is determined
will be deleted.
2. How we protect your personal information
2.1. We take the safeguarding of your information very seriously.
The transmission of information via the
internet is not completely secure. Although we do our best to protect your personal data, we cannot
guarantee the security of your data during transmission, and any transmission is at your own risk. Once we
have received your information, we use strict procedures and security features to ensure it stays secure,
Communication over the Internet between you and Moneliq systems is encrypted using strong
Electronic data and databases are stored on secure computer systems with control over access to
information using both physical and electronic means
We update and patch our servers in a timely manner.
We run a bug bounty program to identify any security issues in Moneliq services.
Our technical security team proactively monitors for abnormal and malicious activity in our
servers and services.
We require our staff and any third parties who carry out any work on our behalf to comply with
appropriate compliance standards (including obligations to protect any information and applying
appropriate measures for the use and transfer of information).
When information you’ve given, us is not in active use, it is encrypted at rest. This means it’s
unreadable without the decryption key.
2.2. We are regularly audited to confirm we remain compliant with our security certifications, including
PCI-DSS. As part of these audits, our security is validated by external auditors.
2.3. We restrict access to your personal information to those employees of Moneliq who have a business
reason for knowing such information and third-party service providers’ processing data on our behalf. All
Moneliq employees who have access to your personal data are required to adhere to this Policy and all
third-party service providers are requested by Moneliq to ensure appropriate safeguards are in place
(including non-disclosure agreements). In addition, contracts are in place with such third-party service
providers acting as data processors for Moneliq that have access to your personal data, to ensure that the
level of security required in your jurisdiction is in place, and that your personal data is processed only
as instructed by Moneliq.
2.4. We continuously educate and train our employees about the importance of confidentiality and
privacy of customer personal information. We maintain physical, technical, and organisational safeguards
that comply with applicable laws and regulations to protect your personal information from unauthorised
2.5. While we take all reasonable steps to ensure that your personal data will be kept secure from
unauthorised access, we cannot guarantee it will be secure during transmission by you to our app, a website,
or other services. We use HTTPS (HTTP Secure), where the communication protocol is encrypted through
Transport Layer Security for secure communication over networks, for all our app, web, and
2.6. If you use a password for the Moneliq app or our website, you will need to keep this password
confidential. Please do not share it with anyone.
3. Ways we use your information
3.1. Lawful basis: We will only use your personal data when the law allows us to. Most commonly, we will use
your personal data in the following circumstances:
Where you have given us your consent to process your data
Where it is necessary for our legitimate interests (or those of a third party) and your interests
and fundamental rights do not override those interests
Where we have a legal obligation to process your personal data to comply with laws, regulations,
or court orders
Where it is necessary to fulfil our obligations under a contract with you
Where it is necessary to protect the vital interests of yourself or other individuals.
3.2. Purposes for which we will use your personal data: the ways we plan to use your personal data are
described below, including which of the legal bases we rely on to do so in the UK and the EU. We have also
identified what our legitimate interests are where appropriate.
to carry out our obligations relating to your contract with us for provision of Services/Lawful
basis for processing, including basis of legitimate interest: necessary to fulfil our obligations
under a cooperation
to provide you with information, products, and services/Lawful basis for processing, including basis
of legitimate interest: legitimate interest (to keep our records up to date, decide which of our
products and services may be of interest to you and to tell you about them) and where you’ve
consented for us to process your personal data in a certain way
to comply with any applicable legal and/or regulatory requirements, including to respond to requests
from public and government authorities, including public and government authorities outside your
country of residence upon demonstration of lawful authority/Lawful basis for processing, including
basis of legitimate interest: legal obligation, necessary to fulfil our obligations under a contract
and legitimate interest (to be efficient about how we meet our legal obligations and to comply with
regulations that apply to us)
to prevent and detect crimes, including fraud and financial crime/Lawful basis for processing,
including basis of legitimate interest: legal obligation and legitimate interest (to detect and
prevent criminal activity in connection with our Services and improve how we manage instances of
suspected financial crime)
to notify you about changes to our Services and send you other administrative information/Lawful
basis for processing, including basis of legitimate interest: legal obligation, legitimate interest
(to provide you with a good customer service and keep you up to date with new developments) and
necessary to fulfil our obligations under a cooperation
as part of our efforts to keep our Services safe and secure/Lawful basis for processing, including
basis of legitimate interest: legal obligation, legitimate interest (protecting our customers and
ourselves from loss or harm) and necessary to fulfil our obligations under a contract
to administer our Services and for internal operational, planning, audit, troubleshooting, data
analysis, testing, research, statistical and survey purposes/Lawful basis for processing, including
basis of legitimate interest: legitimate interest (to keep our records up to date, efficiently
fulfil our legal and contractual duties, carry out our administrative operations, and develop new
and existing products and services)
to undertake system or product development, improve our Services and to ensure that they are
presented in the most effective manner/Lawful basis for processing, including basis of legitimate
interest: legitimate interest (to develop existing and new products and services and to efficiently
meet our legal and contractual obligations)
to measure or understand the effectiveness of advertising we serve and to deliver relevant
advertising to you/Lawful basis for processing, including basis of legitimate interest: legitimate
interest (to market our products and services in the most efficient manner) and where you’ve
consented for us to process your personal data in a certain way
to allow you to participate in interactive features of our Services, when you choose to do so/Lawful
basis for processing, including basis of legitimate interest: legitimate interest (to provide an
efficient and innovative service to our customers) and where you’ve consented for us to process your
personal data in a certain way
to provide you with information about other similar goods and services we offer/Lawful basis for
processing, including basis of legitimate interest: legitimate interest (to market our products and
services) and where you’ve consented for us to process your personal data in a certain way
to provide you, or permit selected third parties to provide you, with information about goods or
services we feel may interest you/Lawful basis for processing, including basis of legitimate
interest: where you’ve consented for us to process your personal data in a certain way
to take steps to recover amounts owed to us and to allow us to pursue available remedies or limit
damages that we may sustain/Lawful basis for processing, including basis of legitimate interest:
legitimate interest (to protect our assets)
to enforce our cooperation with you/Lawful basis for processing, including basis of legitimate
interest: legitimate interest (to protect our assets)
on rare occasions, to help safeguard our customers, employees, or other individuals by notifying the
emergency services/Lawful basis for processing, including basis of legitimate interest: vital
3.3. Providing our services: Legitimate interests (we need to be efficient about how we meet our
obligations, and we want to provide you with good products and services), legal obligations.
check your identity, and the identity of joint account holders (as part of our KYC process)
decide whether to approve your application
meet our contractual and legal obligations relating to any products or services you use (for
example, making payments into and out of your Moneliq account, withdrawing cash or making payments
with your Moneliq card)
help you understand your spending behaviour, how you use Moneliq products and services, and to help
you save money
recover debt and exercise other rights we have under any cooperation with you
exercise other rights we have under any cooperation we have with you
provide you with customer support services; we may record and monitor any communications between you
and us to maintain appropriate records, check your instructions, analyse, assess, and improve our
services, and for training and quality control purposes
4. Do you make automated decisions about me?
Depending on the Moneliq products or services you use, we may make automated decisions about you. This means
that we may use technology that can evaluate your personal circumstances and other factors to predict risks
or outcomes. This is sometimes known as profiling. We do this for the efficient running of our services and
to ensure decisions are fair, consistent, and based on the right information.
Where we make an automated decision about you, you have the right to ask that it is manually reviewed by a
Opening accounts: KYC, anti-money laundering and sanctions checks; identity and address checks
Detecting fraud: monitoring your account to detect fraud and financial crime
5. Disclosure of your personal data
5.1. We may share your personal data with third parties including:
affiliates, business partners, suppliers and subcontractors for the performance and execution of any
relationships we enter with them or you
advertisers and advertising networks to select and serve relevant adverts to you and others with
analytics and search engine providers that assist us in the improvement and optimisation of our site
limited information is sent to payment beneficiaries when you initiate a payment transaction.
5.2. We may disclose your personal information to third parties:
- including affiliates, business partners, suppliers and subcontractors for the performance and
execution of any relationships we enter with them or you
- if we sell or any business or assets or combine with another organisation, in which case we may
disclose your personal data to the prospective buyer of such business or assets or prospective
organisation with which our business or assets may be combined
- if we are under a duty to disclose or share your personal data to comply with any legal obligation,
or to enforce or apply our cooperation and other applicable agreements; or to protect the rights,
property, or safety of Moneliq, our customers, our employees, or others. This includes exchanging
information with other companies and organisations for the purposes of fraud protection and credit
- to assist us in conducting or co-operating with investigations of fraud or other illegal activity
where we believe it is reasonable and appropriate to do so
- to prevent and detect fraud or crime
- in response to a subpoena, warrant, court order, properly constituted police request or as otherwise
required by law
- to assess financial and insurance risks
- to recover debt or in relation to your insolvency; and
- to develop customer relationships, services, and systems.
5.3. If you would like further information about who we have shared your data with, or to be provided with
a list specific to you, you can request this by writing to
6. Sharing and storing your personal data
6.1. We may transfer your data to and store it in countries outside the UK and European Economic Area
("EEA") which do not offer an equivalent level of protection to your country. It may also be processed by
staff operating outside the UK and EEA. We will take all steps reasonably necessary to ensure that your data
is treated securely and in accordance with this Policy.
6.2. To provide our Services to you, it is sometimes necessary for us to transfer your data to the third
parties (keep to global legal and regulatory requirements, provide ongoing support services, credit
reference agencies, fraud prevention agencies, law enforcement authorities) enable us to provide you with
products or services you have requested that are based outside of the UK and EEA. In these cases, we ensure
that appropriate safeguards, including Standard Contractual Clauses, are in place.
We use small files (known as cookies) to distinguish you from other users, see how you use our site and
products while providing you with the best experience. They also enable us to improve our services. For
detailed information on cookies and other technologies we use and the purposes for which we use them, see
8. Data Retention
8.1. We will retain your personal data only for as long as is necessary to fulfil the purposes for which we
collected it (we’ll generally keep your personal data for six years after our business relationship with you
ends, or such period as may be required by applicable local laws). As a regulated financial institution
(E-Money Institution (EMI)), Moneliq is required by law to store some of your personal and transactional
data beyond the closure of your account with us. We only access your data internally on a need-to-know
basis, and we’ll only access or process it if necessary.
8.2. We will always delete data that is no longer required by a relevant law or jurisdiction in which we
operate. We do this automatically, so you don’t need to contact us to ask us to delete your data.
9. Your rights
9.1. Subject to applicable laws, you may have certain rights regarding the information we hold about you.
Your rights can be exercised in accordance with the relevant data protection legislation. If you have any
questions in relation to our use of your personal information, contact us. You may have the right to:
- Request a copy of the personal data we hold about you and to check that we are lawfully processing
- Request correction of the personal data that we hold about you. We may need to verify the accuracy
of the new data you provide to us
- Ask us to delete personal information where there is no good reason for us to continue to process
it. You may also have the right to ask us to delete your personal data where (i) you have
successfully exercised your right to object to processing (see below), (ii) where we may have
processed your information unlawfully or (iii) where we are required to delete your personal data to
comply with local law. We may not always be able to comply with your deletion request for specific
legal reasons which will be notified to you, if applicable, in our response to your request,
including financial regulations that may require us to hold your personal data for a period after
the closure of your account
- Withdraw your consent for us to process data, where our lawful basis for processing is based on that
consent. Note that withdrawal of consent does not affect the lawfulness of processing which may have
taken place prior to withdrawal of consent. If you withdraw your consent, we may not be able to
provide certain products or services to you
- Request us to cease direct marketing to you, by contacting us or adjusting your notification
preferences in the settings section of your account
- Where we use wholly automated decision making-processes, request that we provide information about
the decision-making methodology and ask us to verify that an automated decision that results in a
legal impact on you has been made correctly. We may reject the request, as permitted by applicable
law, including when providing the information would result in a disclosure of a trade secret or
would interfere with the prevention or detection of fraud or other crime. However, generally in
these circumstances we will verify that the algorithm and source data are functioning as anticipated
without error or bias or if required by law to adjust the processing
- Object to any processing based on the legitimate interests ground when there is something about your
situation where you feel processing on this ground impacts your fundamental rights and freedoms
- Ask us to suspend the processing of your personal data in the following situations: (i) if you want
us to determine the data's accuracy; (ii) where our processing of the data is unlawful but you do
not want us to delete it at this time; (iii) where you wish us to retain the data even if we no
longer require it because you need it to establish, exercise or defend legal claims; or (iv) you
have objected to us using your data but we need to confirm whether or not we have over-riding
legitimate grounds to continue using it
- Request the transfer of your personal data to a third party or yourself. We will provide you or your
chosen third party with the personal data you provided to us in a structured, commonly used,
machine-readable format. This right applies only to information where we used the information to
perform a cooperation with you or where you initially consented for us to use it.
9.2. Your exercise of these rights is subject to certain exemptions to safeguard the public interest
(including the prevention or detection of crime) and our interests (including the maintenance of legal
privilege). If you exercise any of these rights we will check your entitlement and respond in most cases
within a month.
10. Third-party links
Our Services may, from time to time, contain links to the websites of our partner networks, advertisers, and
affiliates. Please note that these websites have their own privacy policies and that we do not accept any
responsibility for them, so if you follow a link, check these policies before you submit any personal data
to these websites.
To keep up with changing legislation, best practice, and changes in how we process personal information, we
may revise this Policy at any time without notice by posting a revised version on this website. To stay up
to date on any changes, check back periodically.
12.1. Please send any questions, comments, or requests regarding this Policy to our privacy team at
12.2. If you feel that we have not addressed your questions or concerns adequately, or you believe that
your data protection or privacy rights have been infringed, you can complain to any supervisory
other public body with responsibility for enforcing privacy laws. In the United Kingdom this is the
Information Commissioner’s Office at www.ico.org.uk.