Version date: 29 May 2024
1. Introduction
- This Privacy Policy (“Policy”) is an overview of how we collect, use and process your data when you use our website https://moneff.com (“website”) or when you register on our website, subscribe to our products and services, install and use our mobile app, provide us with feedback, enter your data or other details on registration page, participate in surveys or by communicating with us by phone, email or otherwise.
- Please read the Policy carefully as it becomes legally binding and we expect you to understand Moneff views and practices regarding the data and how Moneff will treat it.
- We respect your privacy and take protection of your data very seriously and are committed to handling the data of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.
2. Definitions
When used throughout the text of this Policy:
"Moneff, us, we or our" each means Safenetpay Service Company Ltd, a private limited company with registered address at First floor, Sierra Quebec Bravo, 77 Marsh Wall, London, E14 9SH, United Kingdom.
"You" or "your" means any natural or legal person who interacts with us, uses our website or the products and services we provide;
"Personal data" is the information that can be used to uniquely identify an individual;
“Processing of data” means the carrying out of any operation or set of operations in relation to personal data, including recording, holding, organisation, adaption or alteration, retrieval, combination, transmission and erasure or destruction.
"Non-personal data" is information that will not allow a specific individual to be identified;
"Data" denotes personal data and/or non-personal data.
"Data controller" is Moneff, and as the data controller we determine the purposes and the means of processing personal and non-personal data.
3. About Moneff
We, Safenetpay Services Company Ltd (trading as Moneff), are an authorised electronic money institution (EMI) regulated by the United Kingdom Financial Conduct Authority (“FCA”) under the Electronic Money Regulations 2011 and Payment Service Regulations 2017 for the issuing of electronic money and providing payment services. Our FCA reference number is 927601.
For the purposes of this Policy and the Data Protection Act 2018 and the UK GDPR (General Data Protection Regulation) Moneff is data controller. Moneff is registered with the United Kingdom Information Commissioner’s Office under reference number ZA489747.
If you have any questions about how we protect or use your data, please email us at [email protected].
4. Data we collect about you
4.1. We collect and process the following data:
a. If you are user of our website and not our customer:
- data we collect about you when you communicate with us (it may include your full name, phone number, your emails and letters);
- information about the visit to the website
(a) full Uniform Resource Locators (URL), clickstream to, through and from website (including date and time); products and services which are viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
(b) technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use;
your submitted job applications with the data therein where it is applicable;
b. If you are our customer (or an applicant for Moneff services):
- data which you give to us (it may include your name, address, emailaddress, phone number, date of birth, biometric data (fingerprints), datarelated to face ID, identity documents (including any photos therein),video of you, username (or similar identifier), occupation and companyinformation, recruitment data, social media, contact details, etc.) for ourKYC process;
- data we collect about you when you communicate with us and when you use our products or services (it may include financial data, phone number, your account details, emails and letters);
- data on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant associated with the transaction, IP address, counterparty name and registration information, geographic location from where the transaction originates or sent to;
- data we collect automatically about you when you use our mobile application: technical information, including the Internet protocol (IP) address used to connect the computer mobile or other device to the Internet, your login information, brrowser type and version, time zone setting, browser plug-in types and versions, operating system and platform, mobile phone network.
4.2. We obtain and confirmyour data fromthe following sources:
- If you are user of our website, we collect the data automatically, advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website;
- If you are a non-customer, we may collect the data from you, publicly available sources, business partners and other third parties.
- If you are a customer, we may collect the data from you as part of our KYC process, publicly available sources, business partners, banks that you use to transfer funds to/from us, commercial registers, counterparties when you use our services and products. You promise that you have obtained consent from such an individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Policy. Periodically, we may conduct a soft check of credit files which may leave small traces on them but will not affect the file itself.
Moneff also collects non-personal data or may anonymise personal data in order to make it non-personal data. Moneff may collect, store, use, transfer and disclose non-personal data for any purpose (for example, the use of aggregated transactional data for commercial purposes).
4.3. You must take reasonable steps to ensure that data which you provide to us is:
- accurate, complete, and current;
- adequate and relevant;
- limited to what is necessary in relation to the purposes for which they are processed;
- kept in a form which permits your identification for no longer than is necessary for the purposes for which the data is processed, unless a longer retention is required or allowed under applicable law.
5. Risk Assessment
- We take reasonable steps to ensure that data is accurate, complete and current, adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- We may make automated decisions by using technology that can evaluate your circumstances and other factors to predict and evaluate associated risks. We do this to comply with our regulatory obligations. Risk assessment also allows us to run our business efficiently and to ensure our decisions are informed and consistent. Where the automated assessment cannot be completed, we evaluate your data manually.
6. Cookies
We collect data about your use of our website from cookies and to distinguish you from other users, see how you use our site and products in order to provide you with the best user experience. They also enable us to improve our products and services. For detailed information on cookies and other technologies we use and the purposes for which we use them, see our Cookie Policy.
7. Use of your data
We will use your data for the following purposes:
- to enter into a contract with you or to carry out our contractual obligations we owe to you where it is applicable;
- to pursue our legitimate interests in providing and marketing our products and services to you;
- improving our website and interactions with you and other users of our products and services;
- to comply with applicable legal and/or regulatory requirements;
- to process your job application where it is applicable;
- to send periodic emails or mobile application notifications regarding your Moneff account, our products and services and changes to them as well as the customer support services;
- to improve our products and services, and to ensure that they are presented in the most effective manner;
- to adhere to government regulations or guidance or to pursue any legitimate business interest;
- as may be required or requested by any judicial process or governmental agency having or claiming jurisdiction over Moneff or Moneff’s affiliates;
- to follow up with you after correspondence (online or mobile application live chat, email), answer your questions or resolve queries;
- to provide staff training and evaluation (for example, in customer service quality assurance);
- to prepare internal reports for use by Moneff or any of Moneff’s affiliates, staff, management, and consultants for the purposes of operating, evaluating, and managing Moneff’s business;
- to manage risk exposures and protect against or prevent actual or potential fraud, unauthorised transactions, claims, or other liability including to third parties providing these services;
- to combine data we receive from other sources with the data you give to us. We may use such data or the combined data for the purposes set out above (depending on the types of data we receive).
- If you wish to change how we use your data, please refer to section ‘Your rights’ below.
- If you choose not to share your data with us, or refuse certain contact permissions, we might not be able to provide some services or products which are asked for.
8. Disclosure of data
- We may share your data within Moneff group of companies in order to provide you with the best products and services if you are our customer.
- We will not sell, trade, or otherwise transfer your data to third parties unless we provide you with an advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or serving our customers, so long as those parties agree to keep this data confidential or under regulatory obligation to protect your data.
- We may further disclose your data to third parties:
a. affiliates, business partners, suppliers (suppliers who provide us with IT,payment and delivery services, our banking and financial services partners andpayments networks, trust services providers etc) and subcontractors for theperformance and execution of any contract we enter into with them or you;
b. third parties that pay money into your Moneff account (this may be necessary to confirm that the payment has been made to the correct account, or, for example, to claim back a payment made to your account by mistake) when you are our customer;
c. if we are under a duty to disclose or share your data in order to comply with any legal or regulatory obligation;
d. to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so to check your identity, protect against fraud, keep to anti-money laundering regulations and confirm that you are eligible to use our products and services;
e. to prevent and detect fraud or other illegal activity;
f. where you ask us to share your data.
9. Retention period
- The periods for which we retain your data are determined based on the nature and type of data, potential risk of harm from unauthorised use or disclosure of data, the purposes for which Moneff processes the data as well as any applicable legal or regulatory framework.
- In general, once no longer needed for a legitimate business purpose or reason, your data will be deleted, or we may anonymise or aggregate it with other data to make it non-personal.
- We keep your data in a form which permits your identification for no longer than is necessary for the purposes for which this data is processed unless a longer retention is required or allowed under applicable law and regulations.
- Generally, we keep your data for at least 6 years after our business relationship with you ends or such period as may be required by applicable law and regulations.
10. Storing and transfer of data
- We store your data on our secure servers located in the UK and the European Union.
- You grant us the right to transfer your data outside the United Kingdom or European Economic Area (EEA) in connection with the provision of our products and services to you or with any lawful data transfer mechanism that provides an adequate level of protection under the UK data protection legislation.
- For example, if you ask to make an international payment, we will send funds to banks outside of the United Kingdom or EEA. We might also send your data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing customer support services.
- We may share your data with credit-reference agencies and fraud-prevention agencies that are based outside of the United Kingdom or EEA.
- We comply with mandatory standards pertaining to the storage, safeguarding, transmission of your data.
- We will take all reasonable steps to make sure that your data is handled securely and in line with this Policy and applicable data protection regulations. If we reasonably believe that an unauthorised person accessed or may have accessed the account, then we will take necessary measures to notify you in writing.
- Please note that the transmission of data via the internet is not completely secure and although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
- Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
11. How to protect your data
- We use regular malware scanning for security breaches and known vulnerabilities in order to make your visit to our website as safe as possible.
- The data is contained behind secured networks.
- We limit access to your data to those employees who need to have access in order to perform their job duties and who are required to keep the data confidential.
- Communication over the internet between you and us is encrypted using strong asymmetric encryption. The provided data is encrypted via Secure Socket Layer (SSL) technology.
- We implement security measures and update our servers regularly in order to maintain their effectiveness when users place an order, enter, submit, or access their data.
- We periodically conduct the training on the significance of confidentiality and privacy of the data we collect.
12. Your rights
- You have certain rights under the data protection legislation, including but not limited to the following:
- request copies of your data that we hold;
- provide you with further details on the use we make of your data;
- request that we correct data if it is inaccurate or that we complete data if it is incomplete;
- object to our processing of your data in certain circumstances;
- request to delete data in certain circumstances;
- your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). For example: we may not be able to agree to your request to delete data.
- As a regulated financial services provider, we must keep your data even when you ask us to delete it. We will let you know if we can't delete your data.
- If you are our customer and you have closed your Moneff account, we may not be able to delete your entire file because these regulatory responsibilities take priority.
- For security reasons, we cannot deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
- We develop and implement appropriate procedures for handling your requests to exercise your rights of (a) access, (b) rectification, (c) erasure, (d) portability, (e) restriction, (f) objection, and (g) not being subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
13. How will we keep you updated on how we use your data?
- If we wish to change the way we process your data or contemplate using data for a different purpose, we will update this Policy accordingly.
- If we wish to change the way we process your data that we already hold or contemplate using such data for a purpose which you have not agreed to, we will seek your separate consent.
14. Third-party links
- Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If we indicate a link to any of these websites, please note that (1) these websites have their own privacy policies and we do not accept any responsibility or liability for these policies and (2) third-party products or services are not included for the purposes to offer them on our website.
15. Changes to our Privacy Policy
Any changes to the Policy will be posted on our website. Please check our website regularly to see any updates or changes to the Policy. If we change the way we use your data, we will update this Policy and, if appropriate, let you know through our website or other means.
16. Breach
- We will notify ICO about a personal data breach that relates to processing of personal data in the context of provisioning our service and products, without undue delay, and no later than 72 hours after having become aware of this breach. If we are late 72 hours we will need to explain the reasons for the delay.
- We will notify you about a personal data breach that relates to processing of personal data in the context of provisioning our service, without undue delay, after having become aware of this breach.
- We record all personal data breaches, including the facts relating to the breach, its effects and the remedial action taken.
17. Complaints
If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can contact us in the first instance through submission of your complaint to us in the first instance by contacting us through the following address, or email: First floor, Sierra Quebec Bravo, 77 Marsh Wall, London, E14 9SH, United Kingdom. Email: [email protected].
We are required to verify the identity in order to process the request and may ask to provide valid identification documents to allow Moneff to do so.
You can also complain to the Information Commissioner’s Office (https://www.ico.org.uk) if you are unhappy with how we have used your data:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113