1. BASIC PROVISIONS
We, MONETLEY LTD, are authorised EMD/PSD, duly incorporated and operating under the laws of England and Wales (hereinafter also referred to as the Company or We).
For the purposes of this Policy, personal data means any information relating to identified or identifiable natural person - data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Usually, you provide your personal data to us to obtain certain services provided by us. We irrevocably presume, that by submitting your personal data to us, you agree to such data transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely, in accordance with the highest security and privacy standards, best market practice. We are under unconditional obligation to ensure confidentiality and adequate protection of your personal data.
The present Policy provides detailed description of main personal data processing principles and data processing purposes.
We assume that before using our website or becoming our customer you have read this Policy and have accepted its terms and provisions.
This is the most recent version of the Policy. We reserve the right to make amendments and/or update this Policy from time to time, including new data processing and safety practices and guidelines. The Policy is to be updated as and when necessary, and must be reviewed at least once a year, considering legislative changes, as well as changes in Company’s strategy, operation or external circumstances affecting its services.
We are committed to protecting and respecting our customers privacy, complying with applicable data protection laws and regulations and thus ensuring the protection and confidentiality of personal data.
We ensure that your personal data are being processed based on main regulatory enactments:
• United Kingdom Data Protection Act 2018 (hereinafter also referred to as the UK GDPR);
• United Kingdom Data Protection, Privacy and Electronic Communications (EU Exit) Regulations 2019;
• United Kingdom Adequate Regulations and appropriate safeguarding principles;
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as the EU GDPR);
• European Union Standard Contractual Clauses (hereinafter referred to as the SCC);
• European Union Rules for the protection of personal data, including data protection inside and outside EU.
2. DATA CONTROLLER. DATA PROTECTION OFFICER.
MONETLEY LTD is a Data Controller (hereinafter also referred to as the Controller). We are registered with the Companies House of the United Kingdom under company registration number 10978538. We hold United Kingdom Financial Conduct Authority permission to provide electronic money issue and other payment services.
We, being a Data Controller, are fully responsible for your personal data collection, processing and storage.
Our registered office address is at 2nd Floor, Berkeley Square House, Berkeley Square, London, United Kingdom, W1J 6BD.
Our Supervisory Authority is ICO (Information Commissioner’s Office), having address at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113.
You can at any time obtain information about your personal data being at our disposal, about how we collect, use and store your personal data or exercise your other rights as the data subject. In this regard please contact us by emailing email@example.com or firstname.lastname@example.org for attention of Data Protection Officer.
Our Data Protection Officer, as well as any other our staff member, involved in or responsible for personal data processing and protection, is a well-trained and highly experienced. Data Protection Officer is responsible for ensuring communication with customers, as well as with the supervisory authorities regarding personal data processing.
3. GROUNDS FOR PERSONAL DATA PROCESSING
We are entitled to process your personal data only in the following events:
(a) we have previously determined the purposes of processing of your personal data
(b) we have determined the amount of your personal data required to accomplish the pre-determined purpose
(c) we have defined legal basis to process your personal data and
(d) we have provided you with information on your rights within the context of personal data processing.
Usually we process your personal data according to the standard procedure based on:
(a) necessity to render services to our customers and enter into respective agreements (establishment of business relationship, inter alia, when you remotely register with us to use services)
(b) necessity to fulfil legal obligations applicable to us, inter alia, but not limited to, Anti Money Laundering and Counter Terrorism Financing legally binding obligations subject to customers due diligence and Know Your customer purposes (inter alia, for the purposes of customers’ identification and verification, due diligence and know your customer procedures under obligations stipulated in mandatory binding legal enactments). These personal data processing purposes mainly are stipulated by the United Kingdom and European Union Money Laundering and Terrorist Financing Prevention regulations
(c) consideration of legitimate interests of the Company or a third party
(d) Company’s overall risk assessment and management
(e) your consent to process your personal data (inter alia, when you sign up for any news or other information using our website).
We ensure lawfulness, fairness and transparency when processing your personal data. All data possessed by us shall be used to the minimum maximally permitted by applicable legal regulations. We shall collect only data reasonable needed to ensure provision of services and compliance with legally binding obligations applied to us. We are fully accountable to follow all our data protection obligations.
4. PERSONAL DATA STORAGE
We perform your personal data processing during the validity term of business relationship established between us and after termination of business relationship, in order to fulfil requirements under applicable laws and regulations and in order of protection of our legitimate interests.
We are entitled to store your personal data at least for 5 (five) years period as from the moment of termination of business relationship unless the laws and regulations set other time-limits for storing the personal data.
We shall ensure centralised storage of personal data and data masking/erasure after expiry of the mandatory storage period according to the requirements of applicable regulatory acts. If there are obstacles for these actions (e.g., order on the prohibition of data erasure), data storage shall be ensured until the elimination or cancellation of these obstacles.
We ensure accurate data storage and keeping data up-to-date, where necessary providing prompt data correction.
When assessing the personal data storage duration, we take into account the requirements of the applicable legislative and regulatory acts, contractual obligation fulfilment aspects, your instructions (for instance, in the case of consent) as well as our legitimate interests. If your personal data is no longer required for the purposes specified, we will erase or destroy it without undue delay. We shall have the right to determine a new purpose for certain personal data in certain cases, if arising due to regulatory enactments or, or if is required in order to protect of our legal interests.
5. PERSONAL DATA TRANSFER
We do not rent or sell your personal data to anyone. In case of your personal data transfer, we diligently consider the amount of data to be transferred and appropriate legal basis for permitted data transfer.
We apply adequate and sufficient safeguarding regarding your data transfer conditions, ensuring that data transfer is legally permitted and is compliant with United Kingdom adequacy regulations and good practise standards. We also use secure technical solutions to achieve your personal data safety and confidentiality. Description of technical solutions used by as is provided below.
We will transmit your personal data to third parties only in cases directly allowed by the applicable laws and regulations, providing that the legal framework in “data receiving country”, territory, sector or international organisation has been assessed as providing adequate protection for individuals rights and freedoms for their personal data. We shall transfer your personal data only with the aim to provide our services and exclusively on the base of special agreement entered between and by the Company and respective third party (Data Processor/Data Subprocessor), which includes nondisclosure and secure exchange provisions. We ensure that agreements entered or to be entered with our Data Processors/Subprocessors will contain privacy and data processing safeguarding provisions with no less effect and force as those contained herein.
The third parties in question belong to the following categories: banking and payment operators, internet providers, companies specialising in IT and SMS services; companies that carry out KYC/AML database checks and fraud database checks.
We may also be required to share your personal data with various financial institutions and/or enforcement or court authorities to comply with Anti-Money Laundering, Terrorist Financing and Transfer of Funds laws and regulations, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others.
Additionally, we may reveal your personal data to third-parties if:
(a) you request or authorize it
(b) to address emergencies or acts of God and
(c) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
Transfer of your personal data to third countries (outside United Kingdom, as well as European Union (EU) and European Economic Area (EEA) and international organisations) is possible based on:
(a) UK GDPR;
(b) EU GDPR;
(c) United Kingdom Adequacy Regulations;
(d) decisions made by the European Commission regarding the level of protection of a third country's personal data, available here: https://ec.europa.eu/info/law/law-topic/data-protection_en
(e) EU SCC;
(f) exceptional legal grounds.
We will only send your personal data outside the United Kingdom and EU/EEA to a country, in relation to which there has not been made any decision regarding the adequacy of its security level and which does not provide the corresponding guarantees, if:
(g) You have clearly agreed to the proposed transfer, having received information from us about the potential risks that such a transfer could pose to you;
(h) Transfer is necessary in order to fulfil the agreement between the us and customer or to implement measures after the conclusion of the agreement, which were approved at customer’s request;
(i) Transfer is necessary for conclusion of an agreement between us and another private individual or legal entity, in the interests of the person or for the fulfilment of such an agreement;
(j) Transfer is necessary if there are important reasons of public interest;
(k) Transfer is necessary in order to raise, fulfil or defend legal requirements, or
(l) Transfer is necessary in order to protect the vitally important interests of customer if customer is physically or legally incapable of giving its consent.
6. PERSONAL DATA PROCESSED
To provide you services that meet your needs, we use various personal data, including audio and video recordings, IP addresses and etc., subject to the legal obligations arising mainly from money laundering and terrorist financing prevention legal requirements mandatory binding to us. At all circumstances we process your personal data only for specific, legitimate and explicit purposes. The personal data processed by us are grouped into main categories to manage them in the most efficient way and for you to be able to see the amount of customer information managed by us.
We may request, obtain, collect personal data from customer itself or its representatives, authorised persons, or other persons related to customer (if any), or from public and private registers or other third persons.
We may also obtain information from other sources and combine that with information we collect through our services. For example, we may collect information about you from third parties, including but not limited to, social media platforms and publicly available sources: public court documents, the ROC and the company houses and registers of other jurisdictions, and from electronic data searches, online KYC search tools (which may be subscription or license based), anti-fraud databases and other third party databases, sanctions list, outsourced third-party KYC providers and from general searches carried out via online search engines (e.g. Google).
We shall ensure confidentiality of personal data, protect it from unauthorised access, illegal processing disclosure, accidental change (amendments, corrections), loss or destruction by implementing organisational and technical measures in accordance with the requirements of the applicable law and regulations.
7. YOUR RIGHTS SUBJECT TO YOUR PERSONAL DATA PROCESSING
We irrevocable accept that the following rights are granted by the effective legislation to the customer subject to personal data processing:
(a) to access your personal data and forward them – in particular, you are entitled:
(i) to obtain additional information about the processing of your personal data irrespective of what type of information you already have
(ii) to receive an electronic copy of your personal data processed by us.
(b) to amend or delete your personal data – it means that:
(i) you are entitled to amend your personal data if they have changed or you have grounds to believe that your personal data processed by us are not accurate.
(c) to request the Company to delete your personal data, and we will do it if we are not prohibited to do so subject to provisions of applicable legal acts and regulations and we do not need these personal data anymore for the purposes which the data were collected or processed in any other way.
(d) to limit the processing of your personal data:
(i) you are entitled to request the Company to limit the processing of your personal data (or certain processing activities), which means that we could store and process your personal data only to establish, exercise or defend our legal claims
(ii) you are entitled to limit the processing of your personal data in cases when:
• they are not accurate
• they are being processed unlawfully but you do not want to delete them,
• their processing is not required anymore but you want to establish, exercise or defend your legal claims
• you have already exercised your right to object to the processing of your personal data but you are waiting for our assessment whether we are entitled to further process your
personal data based on our or third party’s legitimate interests.
(e) to object to the processing of your personal data:
(i) you are entitled to object to the processing of your personal data if the objection is based on serving the Company or third party’s legitimate interests, and your rights, interests and freedoms are more important than our said or third party’s legitimate interests.
(f) to be informed about a new purpose of data processing in advance:
(i) you are entitled to receive information on whether the provision of personal data is related to the law or an agreement, whether the provision of data is a precondition for the conclusion of an agreement, as well as information that the subject is required to provide personal data, and consequences in case such data are not provided
(g) in relation to the automated individual decisions, including profiling:
(i) you are entitled to make our specialist participate in taking such decisions or request that we do not take a decision based on an automated calculation only.
(h) to lodge a complaint with the appropriate data protecting authority if you have concerns about how we process your personal data.
(k) to revoke your given consent on your personal data processing.
Regarding your access to personal data, please note, that reasonable access to your personal data will be provided at no cost upon request made at e-mail address email@example.com or firstname.lastname@example.org for attention of Data Protection Officer. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.
8. PERSONAL DATA RECIPIENTS
We are entitled to disclose your personal data to the following recipients:
(a) members of management bodies, employees, representatives, authorised persons of the Company
(b) public institutions, public officials, investigatory authorities, courts, prosecutor's office, subjects of operational activities, orphans' courts, notaries, law enforcement officials, judicial and investigatory authorities of other member states and foreign countries, tax authorities, arbitration courts, out-of-court dispute resolution bodies — financial market participants (correspondent banks, insurance companies, payment systems, credit registers, securities registers, agency companies, stock exchanges, depositories, business partners of the Company or customers, financial service intermediaries etc.)
(c) the Company’s cooperation partners, agents, suppliers and service providers, auditors, advisors.
We strictly ensure that all persons entitled to process your personal data are appropriately instructed and trained subject to personal data processing principles and legal requirements. We bear full responsibility for any actions from such third parties side.
We ensure regular training of our personal, both internal and external. Training plan is approved by Data Protection Officer and senior management of the Company.
9. WEBSITE AND COOKIES
Our website is: www.monetley.com
The purpose of our Website is to keep its visitors informed about Company’s business, provided services and terms and conditions of usage thereof.
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
Our website is not intended for minors and we do not collect personal data relating to minors. We do not knowingly collect and process infants personal data. In case we recognize that we have collected personal data from a child, we shall inform our Data Protection Officer and delete that information as quickly as possible. If you suppose that a child under 13 may have provided us a personal data, please contact us at email@example.com or firstname.lastname@example.org for attention of Data Protection Officer.
We use the following cookies:
(a) session cookie (functional) – are necessary for ensuring the security and technical functionality. Cookies are not stored and are processed only during the actual website visiting time
(b) persistent cookie (analytics) – remembers information about the visitor's actions, such as language settings, login information or the statistics information about routing of the website visitors.
(c) third party cookie (advertising) – analytical software such as Google Analytics or Yandex Metrika cookies, which by analysing the data allows to track the visitors between two or more websites, and offers more appropriate website connections.
Any information gathered by cookies is stored only until cookie expiration dates and is not used for any purposes other than those specifically mentioned
Each time you visit our website from a new IP address, you have the right to accept or reject the processing of cookies.
We are entitled to pass available technical data about the website visitor to the agencies and officials in cases and according to the order, established by the applicable legislative and regulatory acts.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings.
Information on the settings you may find here http://www.allaboutcookies.org/manage-cookies/.
If you disable cookies off, some features will be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will may not function properly.
Please be advised, that cookies cannot contain computer viruses, and with the assistance of cookies, it is not possible to install spyware or malware on your computer. Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We respect the privacy of website visitors and do not perform cookie processing without your permission. Furthermore, we do not try to identify you when visiting our website.
10. SECURITY MEASURES AND TECHNICAL SOLUTIONS
We ensure security of your personal data. For these purposes we use safe technical solutions, providing use of such solutions also from third parties engaged by us in data processing and lawful data recipients as stipulated hereof. We use reliable internal data protection mechanisms combined with a robust security system.
In order to prevent unauthorised access or disclosure of personal data possessed by us, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure personal data.
We use secure servers within United Kingdom, EU/EEA, having adequate data protection legal frame and appropriate safeguarding methods.
We will do our best to protect your personal information, but we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk only. It is your responsibility to keep website login and passwords credentials, and other authentication means confidential and not to share them with anybody.
Once we have received your information, we will use encryption (using SSL technology) and other security technologies to protect information from unauthorized access. We ensure that information, personal data, and data under our responsibility is properly backed up and that arrangements for recovery processes are in place.
We ensure regular update for technical solutions used by us and ongoing safety monitoring over technical support and safety effectiveness. Once any lack is discovered, we act immediately, ensuring high level of security and technical backup.