Privacy Policy

Please read this notice carefully to understand our policies and practices regarding your personal data and how we will treat it. It also governs your use of products, services, content, features, technologies or functions offered by us and all related sites, applications, and services (collectively, the Services).

1. Who we are

We are Financial House Limited, a company incorporated under the laws of England and Wales with company number 07209813 and registered office at 6 Bevis Marks Building, 1st Floor, Bury Court, London, United Kingdom, EC3A 7HL.

We are an authorised electronic money institution authorised by the Financial Conduct Authority (FCA) under the Electronic Money Regulations 2011 and the Payment Services Regulations 2017 to issue electronic money and provide payment services and our FCA reference number is 902039.

References in this notice to ‘we’, ‘our’ or ‘us’ means Financial House Limited, its subsidiaries, affiliates, and the other partnerships and other entities or practices authorised to use the name ‘Financial House’ or describe themselves as being in association with Financial House as the context may require.

We shall be responsible for processing your personal data as indicated in this notice, and for this purpose, shall be the ‘controller’ of your personal data.

2. Our Partners

We provide the Services, including payment services, and card and electronic money issuance in collaboration with our partners (Partners) under various brands. These Partners market, distribute and support payment service programs and you should also refer to their respective privacy notices. When you register with such Partners, you may also be asked to register with our Services in order to make or receive payments and we will be required to process your personal data in order to provide you with such Services.

3. Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

4. How we obtain your personal data

We collect personal data about you in a number of ways including:

1. where you register for an account or to receive emails from us;
2. when you visit our website;
3. when you order Services from us or otherwise use our Services;
4. when you submit a query or request to us;
5. when you respond to a survey that we run or fill in forms on one of our websites;
6. by tracking your use of our websites and mobile applications;
7. from public sources; or
8. from third parties who are entitled to disclose that information to us.

In some cases, we may also be required by law to collect certain types of personal data about you. Where we collect personal data from you, we will generally do so ourselves. However, we also collect personal data from third parties, such as through your representatives, our Partners, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our Services.

5. Personal data we collect from you

The kinds of personal data that we collect and hold about you may include:

1. identifying information, such as your name and date of birth
2. identity verification information, such as images of your government issued ID, passport, national ID card, utility bill or driving licence contact information, such as your postal address, email address and telephone numbers
3. transactional and financial information where you use a card issued by us to make transactions
4. financial information, such as a credit or debit card, bank account or other payment details and/or other personal wealth information
5. online identifiers that may also constitute personal data, such as your MAC address, computer and mobile device unique device ID and IP information based on your internet connection settings
6. usernames and passwords that you create when registering for an account with us
7. details of any Services that we provide to you and how you use them
8. records of our communications with you, including any messages you send us
9. visual images and personal appearances
10. lifestyle information such as family

Without this information, we may not be able to provide you with our Services (or with all of the features and functionality offered by our Services), to respond to queries or requests that you submit to us and to protect against the risks of cybercrime, fraud and money laundering & terrorist financing.

6. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

1. where you consent to it e.g. you have ticked a box to indicate that you are happy for us to use your personal data in a certain way;
2. where we enter into a contract with you and need certain personal data to provide our Services to you;
3. where it is necessary for our legitimate interests (or those of a third party) and this is reasonable when balanced against your right to privacy; or
4. where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

7. Purposes for which we use your personal data

We use personal data that we collect about you for the following purposes:

1. to verify your identity (including age) when you are dealing with us;
2. to determine your eligibility for, and enable us to provide, any of our Services, and information that you have requested;
3. to determine your compliance with the terms and conditions that apply to any of our Services and applicable law;
4. to improve our website based on your information and feedback;
5. to manage and resolve any complaints and legal issues;
6. to comply with our legal and regulatory obligations;
7. to carry out market analysis and research;
8. to monitor use of and improve our Services, including creating anonymous data from your personal data for analytical use, including for the purposes of training, testing and system development;
9. to carry out education and training programs for our staff;
10. to carry out planning and forecasting activities and other internal business processes;
11. to keep you informed about our activities, including by sending out newsletters; or
12. any other of our legitimate business interests.

8. Legal basis for use of your personal data

Our legal bases for using your personal data are as follows:

• necessary to perform our, or a third party’s, obligations under any contract with you (for example, to provide Services to you, to fulfil an order which you place with us or a third party, and/or to comply with our contract to provide services to or receive services from you or your employer);
• necessary for complying with our legal obligations (for example, complying with our regulatory obligations to the Financial Conduct Authority);
• where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:

1. a. run, grow and develop our business;
2. b. operate our website;
3. c. select appropriately skilled and qualified suppliers;
4. d. marketing, market research and business development;
5. e. provide efficient and effective Services to our customers, make and receive payment and provide customer services;
6. f. place, track and ensure fulfilment of orders with our suppliers; and
7. g. for internal group administrative purposes.

9. Automated decision making

We may process your personal data without human intervention to evaluate your personal situation such as transactional history and account opening anniversary events. We may do this to decide what marketing communications are suitable for you, to analyse statistics and to assess risks. We may also automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

This is all done on the basis of our legitimate interests, to protect our business, and to develop and improve our products and services. If we use automated decision making including profiling activity to assess your application, this will be performed on the basis of it being necessary to perform the contract.

10. Marketing

We may from time to time use your personal data in order to send you marketing materials about our Services that we think you may be interested in but we shall always give you the opportunity to easily opt out of any such communications. You can opt out of receiving marketing communications from us following the instructions on the relevant communication.

We will get your express opt-in consent before we share your personal data with any company outside our group of companies for marketing purposes.

11. Who disclose your personal data to:

We may disclose your personal date to:

1. your representatives, advisers and others you have authorised to interact with us on your behalf;
2. our staff who need the information to discharge their duties;
3. related entities within our corporate group;
4. our business partners, agents and service providers;
5. payment system operators and financial institutions;
6. identity verification agents;
7. fraud and crime prevention agencies and organisations;
8. credit reference agencies;
9. prospective purchasers of all or part of our business or a related entity;.
10. professional advisers who we engage to provide advice on our business; and/or
11. government authorities and bodies, supra-national authorities and bodies, crime investigation agencies, courts and others who ask us to disclose that information as required by law.

We may also disclose your personal information where it is necessary to do so (some examples are listed below):

1. for compliance with a legal obligation;
2. in order to protect the vital interests of you or another natural person; and/or
3. for the establishment, exercise or defence of legal claims.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

12. Transferring your personal data outside of the UK or EEA

Whenever we transfer your personal data out of the United Kingdom (UK) or European Economic Area (EEA), we will ensure that it is sufficiently safeguarded in accordance with applicable laws: please contact us if you want further information on the specific safeguarding mechanism used by us.

We may send your personal data outside of the UK/EEA to:

1. provide you with the products/services you have requested; or
2. comply with global legal/regulatory requirements, law enforcement authorities, fraud prevention agencies and credit reference agencies.

13. Cookies policy

Please refer to our Cookies Notice for details on how we collect, use, or disclose information in respect of cookies.

14. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may also process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

15. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

16. Data retention

Your personal data will only be kept as long as required to meet our legal obligations and no longer than is necessary. In most cases we will retain your personal data for a period of between 1 to 6 years after our relationship ends. In some cases we may be obliged to retain some of your personal data for longer periods as is required by applicable law.

17. Your legal rights

You have rights under data protection laws in relation to your personal data, which are set out below:

Access right: this enables you to receive a copy of the personal data we hold about you.

Rectification right: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Erasure right (‘right to be forgotten’): this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.

Please note that if you request the erasure of your personal information:

1. We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
2. We may retain and use your personal information to the extent necessary to comply with our legal obligations.

Data processing restriction right: this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our services but we will notify you if this is the case at the time.

Data portability right: on your request, we can provide your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdrawal of consent: at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is the case at the time you withdraw your consent.

Please contact us if you wish to exercise any of the rights set out above.

18. No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

19. What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

20. Third-party sites

Some pages made available through the Services include links to third-party websites: clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control such websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

21. Changes to this policy

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy notice.

22. Contact and complaints

If you have any questions about our policy, privacy practices, or the personal information that we hold about you, please contact our Data Protection Officer at:

• Email: hello@financialhouse.io;
• Mail: 6 Bevis Marks, Bury Ct, London EC3A 7HL

If you are unsatisfied by our response you can contact the Information Commissioner's Office.