This privacy notice explains how we use your information collected through Open Banking, to help us make decisions about which products and services we can offer you.
You should read this notice alongside our Customer Privacy Notice which explains how we process your data when you use the Monzo app, current account, card or services for account holders on monzo.com. Please read the Business Customer Privacy Notice for details about how we use your information if you get a business account.
Got a question about something in this notice, or want to contact our Data Protection Officer (DPO)?
- Chat with us through the app or send us an email at firstname.lastname@example.org
- Write to us at Monzo, Broadwalk House, 5 Appold St, London EC2A 2AG
Information we get from other banks. When you give us consent to access details about accounts you hold with other banks so we can making lending decisions, we collect:
- Full legal name of any account holders and status (open/closed)
- your account number, sort code,
- your account balance
- details of transfers going in the last 4 calendar months. This includes transaction amounts, currencies, exchange rates, merchants and information about people who’ve paid you.
Data protection laws say we need to have a lawful basis for using your personal data. In this section, we explain which ones we rely on to use the information.
Consent to connect to Open Banking. With your permission, we access specific details about accounts you hold with other banks to help us make lending decisions. If you don’t give us consent to access an account, we may not be able to offer you the service.
We need to use your data for a contract we have with you, or to enter into a contract with you. We use details about you to:
- consider your application
- give you the services we agreed to in line with our terms and conditions
- exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us
We need to use your data to comply with the law. We may need to use your transaction data from other accounts to investigate and resolve complaints.
When it’s in our ‘legitimate interest’. We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn't involve overriding your privacy rights.
We may use your balance and transaction data from other accounts together with other details we hold about you to:
- improve our decision making. For example, we’ll analyse data to make improvements to the decisions we make.
- develop our business strategy using aggregated data about how customers use Monzo, and engage with the Open Banking service. This helps us make sure we develop the right products and make the right business decisions to make sure Monzo is successful.
- to store backup copies in case we face a legal claim about the information.
Companies that give services to us. Here we mean companies that help us provide the Open Banking service and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it difficult for you to be identified where possible (for instance by using a User ID instead of your name).
Companies that give services to us for Open Banking in Monzo are:
- cloud computing power and storage providers like Amazon Web Services (AWS) and Google Cloud
- our business intelligence and analytics platform provider Looker
- companies that help us with functional analytics (for example, to help us solve technical issues with the app)
- companies that help us with customer support (like Sykes and our subsidiaries)
Law enforcement and other external parties. We may share your details with:
- authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons
- the police, courts or dispute resolution bodies if we have to
- other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment
- any other third parties where necessary to meet our legal obligations
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
Other Monzo Group companies. Our subsidiaries in the US help us with customer support. We may also share details about you with Monzo Inc for other lawful reasons if you open a US Monzo account (this is only available to US residents).
We consider the information we get about non-Monzo accounts you’ve connected valid for 30 days. After that we’ll keep a backup copy for 6 years in case we need to respond to a legal claim. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to.
You have a right to:
- access the personal data we hold about you, or to get a copy of it
- ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else
- make us correct inaccurate data
- ask us to delete, 'block' or suppress your data, though for legal reasons we might not always be able to do it
- say no to us using your data in certain ‘legitimate interest’ circumstances
- withdraw any consent you’ve given us
- ask a member of staff to review a computer-made (automated) decision.
To do any of these things, please contact us through the app or by emailing email@example.com. EU data protection laws, like the GDPR, give us one month to respond.
We may transfer and store the data we collect from you to organisations outside the European Economic Area (‘EEA’). When we do this, we make sure that your data is protected and that:
- the European Commission says the country or organisation has adequate data protection, or
- we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
If you have a complaint about how we use your personal information, please contact us through the app or send an email to firstname.lastname@example.org and we’ll do our best to fix the problem.
If you’re still not happy, you can refer your complaint with a data protection supervisory authority in the EU country you live or work in, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
We’ll inform you about any changes we make to this privacy notice in the app or by email.