The Money Platform Privacy Policy

1. Introduction

This Privacy Policy sets out the principles and guidelines that The Money Platform adheres to protect the personal data of its users, in compliance with applicable data protection laws and regulations, including the United Kingdom General Data Protection Regulation (UK GDPR). The Money Platform is committed to protecting and respecting the user’s privacy. This Privacy Policy outlines the business’ practices regarding the collection, use, and disclosure of personal information when a user visits The Money Platform’s website or participates in its peer-to-peer lending services. By using the services, the user agrees to the terms outlined in this policy.

Gracombex Ltd is the Data Controller for The Money Platform. Its Information Commissioner’s Office (ICO) registration reference is ZA099774 .

2. Scope

This policy applies to all employees, contractors, and third-party service providers who handle or have access to personal data processed by The Money Platform.

3. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Subject: Any individual whose personal data is processed by The Money Platform.
• Processing: Any operation performed on personal data, whether automated or manual, including collection, storage, use, disclosure, and deletion.
• Data Controller: The entity that determines the purposes and means of processing personal data.
• Data Processor: The entity that processes personal data on behalf of the Data Controller.

4. Data Protection Principles

The Money Platform adheres to the following data protection principles:

• Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.
• Purpose Limitation: Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
• Storage Limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the data is processed.
• Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

5. Data Subject Rights

Data subjects have the following rights regarding their personal data:

• Right to Access: Data subjects can request access to their personal data.
• Right to Rectification: Data subjects can request correction of inaccurate or incomplete personal data.
• Right to Erasure: Data subjects can request deletion of personal data under certain conditions.
• Right to Restriction of Processing: Data subjects can request the restriction of processing of their personal data under certain conditions.
• Right to Data Portability: Data subjects can request to receive their personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Data subjects can object to the processing of their personal data under certain conditions.

6. Data Security Measures

The Money Platform implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to:

• Encryption: Encrypting personal data both at rest and in transit.
• Access Controls: Restricting access to authorised personnel only.
• Regular Audits: Conducting regular security audits and risk assessments.
• Incident Response: Implementing a robust incident response plan to handle data breaches promptly and effectively.

7. Data Collection and Processing

The Money Platform collects certain personal information to deliver its products and services. It also collects information about the user and the devices used to access its website, or it may ask third parties to do this. In these cases, technologies such as cookies are used. See the Cookies Policy for more information.

Personal Data

The Money Platform processes and stores the following personal data:

• Identity Data: First and last names, date of birth, gender
• Contact Data: Email, postal address, telephone number
• Financial Data: Bank and debit card details, transaction history, credit scores, financial statements
• Transaction Data: Details of payments to and from the user and other details of transactions they engage in through the business’ services
• Technical Data: IP address, login data, browser information, device information, other technology on devices used to access the business’ services
• Profile Data: Username, preferences, survey responses, password, transactions
• Usage Data: Website interactions
• Marketing Data: Communication preferences

Methods of Data Collection

• Direct Interactions: Data provided through forms or communication.
• Automated Interactions: Technical data collected during website use.
• Third Parties: Data from credit agencies and other public sources.

Purpose of Data Usage

The data is used to manage user accounts, process transactions, send notifications, improve services, check the user’s identity, prevent fraud and money laundering, inform Credit Reference Agencies of the status of a borrower’s account, help make decisions about credit and credit-related services, trace debtors, recover debt, and for marketing purposes. Users may receive administrative messages (email or SMS) related to services. Message preferences can be managed in the user profile.

Data Sharing

The Money Platform may share the user’s personal data with the following parties:

• Service Providers: Companies that provide services on the business’ behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
• Credit Brokers, Lenders, and Borrowers: To facilitate the lending process, the business may share information between lenders and borrowers. It may also send a declined application to a credit broker or lender who may help the borrower obtain a loan.
• Regulatory Authorities: When required by law or regulation, or to protect the business’ rights or the rights of others, it may share the user’s data with regulatory authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, the user’s personal data may be transferred to the acquiring entity.

Special Category/Sensitive Personal Data

The Money Platform does not process sensitive or special category personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The processing of genetic data, data concerning health, or data concerning a natural person's gender or sexual orientation is also not processed. The Money Platform only allows customers over the age of 18 years old and does not process data for anyone under this age.

Non-Personal Data

The Money Platform collects, uses, and shares aggregated data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from the user’s personal data but is not considered personal data as it does not directly or indirectly reveal the user’s identity.

8. Data Retention

Personal data will be retained only as long as necessary for legal, accounting, or reporting requirements. After this period, data will be securely deleted or anonymised.

Communications may be recorded for quality, compliance, and security purposes. If data is transferred outside the UK, The Money Platform ensures adequate protections equivalent to UK standards.

9. Third-Party Processors

The Money Platform ensures that third-party service providers who process personal data on our behalf adhere to equivalent data protection standards through:

• Data Processing Agreements: Agreements with third-party processors to ensure compliance.
• Due Diligence: Reviewing third-party service providers’ data protection practices.

10. Credit Reference and Fraud Prevention Agencies

The Money Platform collaborates with Equifax, Experian, and TransUnion under the Credit Reference Agency Information Notice (CRAIN).

11. Data Security

The Money Platform implements appropriate technical and organizational measures to protect the user’s personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

12. Data Protection Officer (DPO)

The Money Platform appoints a Data Protection Officer responsible for overseeing compliance with this policy and data protection laws. The DPO’s responsibilities include:

• Monitoring data protection compliance.
• Providing guidance on data protection impact assessments.
• Serving as a contact point for data subjects and supervisory authorities.

13. Training and Awareness

All employees and contractors are provided with regular training on data protection principles, policies, and procedures to ensure ongoing awareness and compliance.

14. Policy Review and Changes

This policy will be reviewed annually or when necessary to reflect changes in laws, regulations, or business practices. The Money Platform will notify the user of any changes by posting the new Privacy Policy on its website. The user is advised to review this Privacy Policy periodically for any changes.

15. Contact Information

For questions or concerns regarding this policy or data protection practices, please contact: support@themoneyplatform.com