£

Well hey there! Can you spare 2 minutes to share your anonymous feedback about Moneysmart and help us to build the best financial wellbeing hub the world has ever seen? You can?! Then CLICK HERE to answer these 10 quick questions!

Privacy

1. Introduction

Welcome to Pay Dashboard Services Limited’s privacy notice.

1. Pay Dashboard Services Limited (registered number 12795349) with registered office at 86 – 90, 4th Floor, Paul Street, London EC2A 4NE, and registered no 12795349 (“we” or “us” or “our”) is committed to working in accordance with the UK General Data Protection Regulation as enacted in the UK by the Data Protection Act 2018 (“the GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), other applicable and subsequent regulation or legislation and with the highest standards of ethical conduct.

2. This Privacy Notice describes how we collect and use your Personal Data, as a Data Controller, when you use our web site (“Moneysmart”), in accordance with the GDPR and all applicable data protection legislation.

3. Capitalised words not defined herein shall bear the meanings associated with them under the GDPR.

4. We have appointed a Data Protection Officer to inform and direct our use of the Personal Data who may be contacted by email at [email protected], if you have any queries or concerns or wish to exercise your rights as a Data Subject.

2. Data Protection Principles

1. In adhering to the GDPR we are committed to protecting your Personal Data in accordance with the following:

  1. Data must be processed lawfully, fairly and in a transparent manner.
  2. Data must be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data processed must be adequate, relevant and limited to what is necessary.
  4. Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure data that is inaccurate, is erased or rectified without delay.
  5. Data must not be kept for longer than is necessary for the purposes for which the data is being processed.
  6. Data must be processed in a manner that ensures appropriate security of your Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.

3. Personal Data

1. The Personal Data, as defined under the GDPR, which we process includes certain information which can be used to identify you.

2. Although we do not currently collect and/or process Special Categories of Personal Data, we shall inform you should this change, as well as the further protections that we would implement. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Nor do we collect any information about criminal convictions and offences. However, should you subscribe to a Moneysmart Partner product you may be required to provide Special Categories of Personal Data, in which case you should review the Privacy Notice of the relevant Moneysmart Partner prior to providing that information.

3. The Personal Data we collect and Process about you is as follows:

 

Our Capacity Data Controller
Purpose/Activity To identify and authenticate users.
Type of data Forename(s), surname, email, telephone number.
When When you first sign-up for the service.
How Long Until you request to delete your personal data.
Lawful basis Contract

 

Our Capacity Data Controller
Purpose/Activity To personalise the service for business users.
Type of data Job title, company name, company size, industry.
When When you first sign-up for the service.
How Long Until you request to delete your personal data.
Lawful basis Contract

 

Our Capacity Data Controller
Purpose/Activity To personalise the service for individuals.
Type of data Answers to questions on financial attitudes and situation.
When When you first sign-up for the service, if you choose to answer these questions.
How Long Until you request to delete your personal data.
Lawful basis Contract

 

Our Capacity Data Controller
Purpose/Activity To improve the service.
Type of data Site usage data (for example when you view or redeem Moneysmart Partner products or services).
When When you use the service.
How Long Until you request to delete your personal data.
Lawful basis Contract

 

Our Capacity Data Controller
Purpose/Activity Refer a contact to Moneysmart
Type of data Your forename(s), your contact’s user name
When When you send a “Refer a Friend” link to a contact, and then when the contact creates a Moneysmart account.
How Long Until you request to delete your personal data.
Lawful basis Contract

 

Our Capacity Data Controller
Purpose/Activity To contact you in relation to the service and your use of the service (Service Notifications).
Type of data Name, email, telephone number.
When Ongoing basis after you subscribe to the service.
How Long Until you request to delete your personal data.
Lawful basis Contract
Other parties Mailjet

 

Our Capacity Data Controller
Purpose/Activity To contact you in relation to the Moneysmart Partners and Moneysmart Partner offers that may be relevant to you (Marketing Communication).
Type of data Name, email, telephone number.
When Ongoing basis after you subscribe to the service after you have provided specific consent.
How Long Until you request to delete your personal data or withdraw consent.
Lawful basis By Consent
Other parties Mailjet

 

Our Capacity Data Controller
Purpose/Activity To register you with Moneysmart Partner products and services.
Type of data Forename(s), surname, email, telephone number, job title, company name, company size, industry.
When When you request to redeem a partner product or service.
How Long Until you request to delete your personal data.
Lawful basis Contract
Other parties Moneysmart Partners

 

Our Capacity Data Controller
Purpose/Activity To provide availability of the service in the case of damage, corruption, or service interruption.
Type of data Database Backup

All relevant information collected during the operation of the system.

When On a continuing basis during the operation of the system
How Long Database backups will be held for a maximum of 35 days before being deleted.
Lawful basis By Legitimate Interest before you are a customer and By Contract after you subscribe to the service.

 

Our Capacity Data Controller
Purpose/Activity Prevention, investigation, detection or prosecution of criminal offences.
Type of data System Logs

IP Address, URLs visited within the platform.

When Ongoing basis during system use.
How Long Deleted/anonymised after a period of 14 months.
Lawful basis By Legitimate Interest before you are a customer and By Contract after you subscribe to the service.

 

Our Capacity Data Controller
Purpose/Activity Application Audit Trail

Prevention, investigation, detection or prosecution of criminal offences

Providing transparency for access and changes made regarding the Personal Data.

Type of data Contact: Email Address.

Identity: Forename(s), Surname, IP Address.

When Ongoing basis during system use after you subscribe to the service.
How Long Deleted/anonymised after a period of 14 months.
Lawful basis By Contract

 

Our Capacity Data Controller
Purpose/Activity Operational management of the platform to ensure the performance and capacity of the service meets service level agreement targets and the proper authentication of users to the service
Type of data Cookies

Identity: IP Address, temporary unique user identifier

Stored as cookies and other local storage mechanisms. See Cookies below.

When Ongoing basis during system use
How Long See Cookies below.
Lawful basis By Legitimate Interest before you subscribe to the service and By Contract after you subscribe to the service.

 

Our Capacity Data Controller
Purpose/Activity To provide support to you in the usage of the service
Type of data Email address, name and other information you may provide to assist with the resolution of a support issue
When When you contact us for support
How Long Until you request to delete your personal data.
Lawful basis By Legitimate Interest before you subscribe to the service and By Contract after you subscribe to the service.
Other parties Zendesk

 

4. Third-Party Links

1. Where we provide links to third-party websites, plug-ins and applications, clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. We encourage you to read the privacy notice of every website visited.

5. Other Parties

1. In providing the Services, we currently engage the following parties as Data Processors, all of whom we have assessed to ensure compliance with the GDPR:

Processor Service Data HQ
Microsoft Azure Infrastructure hosting partner UK US
Mailjet Email notification partner EU EU
Zendesk Customer support ticketing partner US US
Microsoft Azure Infrastructure hosting partner UK US
Google Analytics Platform operational management partner US US
Cloudflare Network infrastructure partner (when accessed from UK) UK US
Network infrastructure partner (when accessed from EEA) EEA US

2. In providing the Services, we currently engage with the following parties as Third Parties, all of whom we have assessed to ensure compliance with the GDPR:

Processor Service Data HQ
Moneysmart Partners Moneysmart partners will vary over time. Your Personal Data will only be transferred to a Moneysmart partner if you confirm you wish for that transfer to take place.  –  –

6. Other Non-Personal Data

1. This is data where the identity has been removed (anonymised data). We use such data for our own purposes, as well as providing extracts of such information to third parties. Once personal data is anonymised it is no longer regarded as Personal Data, hence the GDPR no longer applies to that anonymised data.

7. Keeping in Touch With You

1. We may keep you informed of the availability of the service or other relevant service-related notifications or new features and capabilities of the service (“Service Notifications”).

2. We may keep you up to date with information about related services (“Marketing Information”) we can offer either directly or through third parties.

3. If you decide you do not want to receive this Marketing Information, you can request that we stop by the method we indicate to you.

4. We will not share your Personal Data with other companies other than as outlined herein.

8. Your Rights as a Data Subject

1. You have the following rights under the GDPR:

  1. the right to be informed, which encompasses the obligation to provide transparency as to how Personal Data will be used – this Privacy Notice provides that information;
  2. the right of access, otherwise known as a Data Subject Access Request (DSAR);
  3. the right to rectification of data that is inaccurate or incomplete;
  4. the right to be forgotten under certain circumstances;
  5. the right to block or suppress processing of Personal Data; and
  6. the right to data portability which allows you to obtain and reuse your Personal Data for your own purposes across different services under certain circumstances.

2. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

3. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

4. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. Security of Data

1. We are committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.

2. Any data breaches will be managed according to the Company’s procedures documented in its Incident Management Policy and Procedures.

10. Transferring Personal Data to a Country Outside the UK

1. Other than as set out above, we do not transfer Personal Data outside the United Kingdom (UK) if you are based within the UK.

2. If you are based outside of the UK, in order to provide our services, we shall be obliged to send the Personal Data outside of the UK, in order to reach you.

3. Whenever we transfer Personal Data to a Data Processor or Third Party outside of the UK, we have ensured that appropriate measures, as allowed for by the GDPR, are in place to continue the ongoing protection of the Personal Data. Such measures may include Standard Contractual Clauses, Binding Corporate Rules or equivalent legal mechanism.

11. Data Protection Measures

1. We are committed to ensuring the security of Personal Data and to processing it in line with the Data Protection rules. As such, we will:

  1. Ensure that all staff are aware of their responsibilities and our obligations and responsibilities in relation to data protection.
  2. Ensure that all staff and individuals/organisations who handle data on our behalf are appropriately trained and receive refresher training on a regular basis.
  3. Ensure that all staff and individuals/organisations who handle data on our behalf are regularly monitored, assessed and reviewed.
  4. Ensure that all organisations who handle data on our behalf are carrying out data processing in line with the Data Protection rules.
  5. Regularly review our methods of data collection, handling, processing and storage.

12. Monitoring

1. We are committed to monitoring this policy and will update it as appropriate, on an annual basis or more frequently if necessary.

13. Cookies

1. Prior to you subscribing the service is deemed a Public Electronic Communications Service as defined by PECR. After you subscribe the service is not deemed a Public Electronic Communications Service at which point the requirements of PECR with respect to cookies and other local storage mechanisms (“cookies”) do not apply.

2. The service makes use of first party and third-party cookies to facilitate the operation and performance monitoring of the system to provide a safe and reliable system.

3. Cookies are only used for the purpose of the provision of the service. They are not used for the identification of Data Subjects for the purposes of direct marketing.

4. We will always strive to minimise the use of cookies to those that are strictly necessary for the operation and performance of the service and to minimise any Personal Data which may be collected directly or indirectly. Cookies that are not persistent will be removed automatically at the end of your session with the service. Cookies that are anonymous cannot be used to identify you either during or after use of the service.

View the list of current cookies here

14. Complaints

1. We try to meet the highest standards when processing your Personal Data. For this reason, we take any complaints we receive about our services seriously. We encourage you to bring any issues in relation to data privacy, to our attention if you think that our processing of your Personal Data is unfair, misleading or inappropriate, by email at [email protected]

2. You may also contact the Supervisory Authority in the UK, the Information Commissioner’s Office, by selecting the appropriate option at https://ico.org.uk/concerns

Powered by

© Pay Dashboard Services Ltd. 2021