We're Monzo Bank Limited ('we', 'our', 'us') and operate under the name Monzo.
We're registered with the UK data protection authority (the Information Commissioner's Office or ICO) under number ZA108184.
'You' refers to the business and people who're authorised to use the account. If more than one person is authorised to give instructions on the account, 'you' or 'your' can refer to any or all of those people.
If you give us personal data about other people (like directors, owners, business partners or employees), or you ask us to share their personal data with third parties, you confirm that they've authorised you to disclose information about them, and that they understand how we'll use their personal data.
For information about what cookies are and how we use them, please read our Cookie Notice.
For any questions, please contact us however you prefer:
- chat with us through the app
- email firstname.lastname@example.org; or
- write to us at Monzo, Broadwalk House, 5 Appold Street, London, EC2A 2DA, UK.
If your application for an account was rejected and you want us to review that decision, please email email@example.com. We'll respond within a month in line with data protection laws, like the UK GDPR.
As a Monzo Business Banking customer, you have a right to:
- access the personal data we hold about you, or to get a copy of it;
- ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else;
- make us correct inaccurate data;
- ask us to delete your data, though for legal reasons we might not always be able to do it;
- say no to us using your data for direct marketing and in certain circumstances 'legitimate interests', research and statistical reasons;
- withdraw any consent you've given us; and
- ask a member of staff to review an automated decision.
To do any of these things, please contact us using the details above.
Just so you know, we can only give you rights for information we hold on you. If you choose to accept card payments on requests created from your Monzo Business Account, you'll have opened an account with Stripe. For information that Stripe holds on you for processing card payments, please contact them directly at firstname.lastname@example.org.
We may store the data we collect from you outside the UK, or transfer it to organisations outside the UK. When we do this, we make sure that your data is protected and that:
- the Information Commissioner (ICO) has deemed the country or organisation to provide an adequate level of protection for personal data; or
- we've agreed specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
If you'd like more information on how we transfer your personal data out of the UK, please get in touch through in-app chat or by email email@example.com.
If you have a complaint about how we use your personal information, please contact us through the app or send an email to firstname.lastname@example.org and we'll do our best to fix the problem. You can also reach our DPO at email@example.com. If you're still not happy, you can refer your complaint to the ICO's Office, the UK regulator for data protection issues. For more details, visit their website.
We'll post any changes to our privacy notice on this page and if they're significant changes we'll let you know by email or in the app.
The information we hold about you, and how we use it 👀
When you sign up for a Monzo account
- personal details like your name, date and place of birth;
- business contact details like your address, email and phone number;
- information about your identity, such as a copy of your ID document, a short video of yourself;
- information about your right to live in the UK and your tax residency; and
- financial details, such as the industry your business is in, annual income and residential status.
Information we hold about you and people connected to your business will often come from you directly (for example, when you apply to open an account). That information will include:
- our own records of your shareholders (including beneficial owners), suppliers and companies you use or may have agreements with;
- documents of persons of significant control and Ultimate Beneficiary Owners of businesses (this is for us to verify the PSCs/UBOs of business accounts and includes their name, date of birth, contact details and address);
- other directors, partners, beneficial owners, signatories or employees in your business; and
- people appointed to act on your behalf.
When you sign up for, or use, our services
- details you give us which we pass to our partners when you let us know you're interested in their services;
- information you give us through in-app chat and emails; and
- answers you give to surveys about Monzo and our services.
Information we collect or generate if you get in touch
If you contact us another way (not using in-app chat), we collect the following information so we can help:
- the phone number you're calling from and information you give us during the call (we record all calls);
- the email address you use and the contents of your email (and any attachments); and
- public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.
Information we collect or generate when you use the app and our services
We collect information about how you use the app to help improve features. This includes:
- details about payments to and from your Monzo account, and any overdrafts or loans you take out;
- details about services from us and our partners that you express interest in;
- details about how you use our app; and
- all the countries you're a tax resident in and your Tax Identification Number for each one.
Information we collect from your phone
We collect this information to keep your data safe and to improve features for you. This includes your:
- mobile network and operating system, so we can analyse how our app works and fix any problems;
- IP address and device ID (we'll link your mobile number with your device);
- mobile advertising ID, so we can share it with companies that help us with advertising online (you can reset this ID or limit tracking in your phone 'Settings'); and
- location if you've authorised tracking, so we can help protect you against fraud.
Information we get from external sources
When you sign up for a Monzo account, we search your record at:
- credit reference agencies to verify your identity, check if we can offer you an overdraft and manage business risk (this is a 'soft search' and won't impact your credit score). If you take out a loan or overdraft for the first time, we do a full search (which may impact your credit score). We also use this info to check you can continue to afford your loan; and
- fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties.
For more information about data we collect from and share with credit reference agencies, see 'Who we share your data with'. We may also collect information about you from public sources for AML reasons or market research. This includes:
- official public records, like the Electoral Register or Companies' House; and
- information published by the press or on social media.
If you sign up to a service from one of our partners through the Monzo app, they may share details with us about you.
Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.
We need to use your data for a contract we have with you, or to enter into a contract with you
We use details about you to:
- consider your application;
- give you the services we agreed to in line with our terms and conditions;
- help us maintain the account;
- facilitate international payments for businesses;
- send you messages about your account and other services you use if you get in touch, or we need to tell you about something;
- exercise our rights under contracts we've entered into with you, like managing, collecting and recovering money you owe us; and
- investigate and fix complaints and other problems.
We need to use your data to comply with the law
- confirm your identity when you sign up or get in touch;
- check your record at immigration and fraud prevention agencies;
- prevent illegal activities like money laundering, tax evasion and fraud;
- check your credit history and ask about your reasons for applying for an arranged overdraft or loan, and other details about your financial circumstances so that we can make responsible lending decisions;
- keep records of information we hold about you in line with legal requirements;
- adhere to banking laws and regulations (these mean we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties); and
- compare information we hold about your account with your tax residency information to make sure we don't have a reason to doubt it.
When it's in our 'legitimate interest'
We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party's) interest and which doesn't involve overriding your privacy rights.
Product development and marketing
We don't sell any of your information.
- check your record at credit reference agencies when you sign up to see if we can offer you an overdraft or a loan;
- tell you about products and services through the app or other channels, like social media companies, based on how you use our products and services and other information we hold about you;
- may also exclude ads on this basis. We do this so we can make sure our marketing is useful. That includes instructing platforms to show or not show Monzo adverts to existing customers;
- share limited identifying information about you with social media companies, other communication platforms, and analytics and search engine providers, including your mobile advertising ID and hashed versions of the email address and phone number you give us;
- may use the personal information you share with us to test third party services;
- track, analyse and improve the services we give you and other customers and how you respond to ads we show;
- may ask for feedback if you've shown interest in a service. We do this so that we can make our products better and understand how to market them;
- use the personal information you share with us and data you create from using the app to suggest Monzo features or products you'd find useful. If you don't want us to do this, you can opt-out in the app; and
- share insights with the public about spending or borrowing trends based on data that doesn't personally identify you.
- show where you were when you bought something with Google maps (in the Monzo app) and send you travel reports when you're abroad (we tell this from transaction data, not by tracking your phone);
- give you reports on how you've spent money using Monzo ('Spending Reports'); and
- personalise your visual experience in the Monzo app.
Security and business management
- protect the rights, property or safety of us, our customers or others;
- carry out security and maintenance checks to make sure our app, website and other services run smoothly for you;
- manage Monzo's business risk and finances, and protect our customers and staff;
- share information with credit bureaus and fraud prevention agencies so we can benefit from up-to-date information when we make decisions about accounts or loans. This helps us make responsible lending decisions and fight financial crime; and
- share your name, title and account number with other banks and building societies, so that people making payments to you can confirm the name they have for you matches the name we hold in our records. This helps us fight financial crime.
Companies that give services to us
We share your information with companies so they can help us provide our services (see 'Who we share your data with').
We'll ask for your consent to:
- record any issues you want us to know about so we understand how to best support you (if the information is sensitive, we need a second lawful basis, see 'Our reasons for using special category information');
- tell you about our products and services, and those of our partners by email or push notification if we think they're of interest to you. You can unsubscribe from these by email or in the app. (If you don't want to see lending promotions in the app, you can opt out in 'Settings');
- help protect you against fraud by tracking the location of your phone if you've authorised it (iOS);
- show your profile picture in the app if you add one; and
- share information about you with companies we work with when we need your permission (see 'Who we share your data with').
You don't have to share information about yourself if you don't want to. But if you don't, you may not be able to use some, or any, of our services.
We may need to process sensitive information about customers that data protection laws call 'special category' data. This is information that can reveal a person's:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic or biometric data (if used for identification purposes)
- information concerning a person's health, sex life or sexual orientation
Data protection laws say we need a second lawful basis to use special category data. This can be: explicit consent, exercising legal rights in connection with an employment relationship, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In this section we explain which lawful basis we rely on to use your special category data in a certain way.
It's necessary for reasons of substantial public interest
- use facial recognition technology to identify people who use our services in the Monzo app. We do this because it's necessary for reasons of substantial public interest to prevent or detect unlawful acts; and
- record information about your health if it's necessary to protect your economic well-being if you're at risk, and seeking consent would be unreasonable or negatively impact our ability to help you.
It's necessary to protect your or another person's vital interests
We may share information about you externally (generally with law enforcement in an emergency), if it's necessary to protect your or another person's life and you can't consent.
We have your explicit consent
We record any issues you want us to know about relating to your health, so we understand how to best support you.
Companies that give services to us
Here we mean companies that help us provide services you use, and need to process details about you for this. We share as little information as we can and encrypt and/or make it impossible for the recipient to identify you where possible (for example, using a User ID rather than your name).
- companies that make our Monzo cards;
- card producers and networks, like MasterCard;
- card processing partners;
- analytical, Know Your Customer (KYC) and cyber security service providers that help us with identity verification or fraud checks;
- cloud computing provider, storage and software providers;
- our business intelligence and analytics platform provider;
- companies that help us with functional analytics (to help us solve technical problems with the app for example);
- companies that help us with marketing (we won't share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
- software companies we use for emailing you, or for processing and storing emails with you;
- companies that help us with customer support;
- companies that help us with fraud prevention;
- companies that offer benefits or rewards through special programmes you sign up to in the app;
- companies that print written statements and notices; and
- companies that manage our CCTV and security if you visit our offices.
Credit reference agencies
Credit reference agencies (CRAs) give lenders information about borrowers to help them make responsible lending decisions. Banks share details about their customers to help CRAs maintain up-to-date information about people's financial status. We work with TransUnion, Experian and Equifax.
When you sign up, and for as long as you're a customer, we'll exchange details about you with CRAs. This includes:
- your name, address and date of birth;
- accounts you have, including when you opened them and money going into them (if you owe us money, we'll also share your balance);
- if you've borrowed, details of your loan and repayments (like whether you repay in full and on time); and
- fraud prevention information.
We'll use this information to comply with our legal duties and when it's in our 'legitimate interest' to:
- verify your identity and make sure what you've told us is true;
- help detect and prevent fraud and money laundering;
- assess whether you can afford to make repayments if you borrow;
- manage your account with us;
- trace and recover debts; and
- make sure our offers are relevant to you.
Fraud prevention agencies (FPAs)
When you apply for an account, we check your record with FPAs like Cifas. During the application process and after you become a customer, we may share information about you with them to help prevent fraud and money laundering when it's in our 'legitimate interest'.
If we detect fraud, we may stop activity on your account or block access. Other organisations may use information we share with FPAs about fraud to refuse their services, finance or employment. For more information about the details we collect from and share with Cifas, and how they'll use your data, see Cifas' Fair Processing Notice.
Anyone you give us permission to share it with
We tell you in the app when we need your consent to share your data with:
- companies that introduce their own services in the Monzo app;
- other apps;
- other banks if you use account switching or aggregation services; and
- people you've asked to represent you, like solicitors.
Law enforcement and other external parties
We may share information about you with:
- authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it's necessary for other reasons; the police, courts or dispute resolution bodies if we have to;
- other banks to help trace money if you're a victim of fraud or other crimes or if there's a dispute about a payment; and
- any other third parties where necessary to meet our legal obligations.
Other Monzo Group companies
We may share details about you with Monzo Inc for lawful reasons if you open a US Monzo account (this is only available to US residents).
We may share your details with people or companies if we change the structure of our group of companies, merge with another company, or get bought by another company.
If you use the auto export feature to transfer transaction data into your Google Drive account, we'll share this information with the Google account or organisation that you link your bank account with until you pause exports or remove access. We'll have access to your spreadsheet, but won't collect the information in it.
We sometimes use computers to make decisions. We do this to decide if:
- we can give you a Monzo account based on your age, residency, nationality, financial position and other circumstances, like the results of anti-money laundering and sanctions checks;
- we can give you an arranged overdraft or loan based on information we hold about you, and information we get from credit reference agencies. This includes details on whether you've kept up to date with payments on any credit accounts, and if you've been to court;
- we need to take action, like freeze a transaction or account, because we suspect fraud or money-laundering against Monzo or a customer. Our computers decide this based on patterns in our data, like an account or policy being used in a way that fraudsters work;
- you're eligible for our borrowing products;
- we complete initial assessments for disputed transactions you raise through the app; and our services and products, or those of companies we work with, are suitable for you so that we can tailor our marketing.
We'll tell you in the app once we've made these decisions. You can ask for a member of the team to review a decision through in-app chat. If your application for a Monzo account was rejected, you can ask us to check this decision by emailing firstname.lastname@example.org.
We keep most of your data as long as you're using Monzo, and for 6 years after that to comply with the law and if we face a legal challenge. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that's in our legitimate interest) and/or the law says we have to.
To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.