We’re Monzo Bank Limited (“we”, “our”, “us”) and operate under the name Monzo. We’re registered with the UK data protection authority (the Information Commissioner’s Office, or ICO) under number ZA108184.
This privacy notice explains how we use your information when you use the ‘Other accounts in Monzo’ service to see balance and transaction data from non-Monzo accounts in Monzo.
You should read this notice alongside our Customer Privacy Notice which explains how we process your data when you use the Monzo app, current account, card or services for account holders on monzo.com. Please read the Business Customer Privacy Notice for details about how we use your information if you get a business account.
If you use the ‘Other accounts in Monzo’ service to see information about accounts you share with others (joint and business accounts), please let them know how we’ll process their information to give you this service. You can do that by showing them this notice.
Got a question about something in this notice, or want to contact our Data Protection Officer (DPO)?
- Chat with us through the app or send us an email at firstname.lastname@example.org
- Write to us at Monzo, Broadwalk House, 5 Appold St, London EC2A 2AG
When you give us consent to access details about accounts you hold with other banks so we can show this information in your Monzo app, we collect:
- your account name and status (open/closed)
- your account number, sort code, IBAN and BIC
- the first 6 and last 4 digits of your card number (if the account comes with a card)
- your account balance and any overdrafts or credit limits you have
- details of transfers going in and out of your account in the last 90 days (refreshed daily). This includes transaction amounts, currencies, exchange rates, merchants and information about people you’ve paid or who’ve paid you, as well as any joint account or supplementary card holders who have made transactions
Some account providers also give us extra information that we do not request or analyse. This can include details on whether you have enabled paperless billing, or the benefits and rewards that come with your account.
To show your Monzo and non-Monzo account balances and transactions in the app, we also use:
- your Monzo account balances and any overdrafts or credit limits you have with us
- your Monzo account transaction history (including information about people you’ve paid or who’ve paid you)
We collect analytics on how you use the service. For example, we check how often you view or refresh information about other accounts you’ve added.
Your Monzo transactions or transaction data from your other accounts can contain information that data protection laws call ‘special category data’.
This is information that could reveal your or someone else’s (like the other person you share a joint account with) racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information concerning health, sex life or sexual orientation.
If your transaction data includes ‘special category data’, we’ll only use the transaction data to give you the ‘Other accounts in Monzo’ service, unless we have a legal duty to use it for another reason.
European Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use the information you give us consent to access from other banks for a specific purpose (either on its own or together with your Monzo balance or transaction data that we already hold).
With your permission, we access specific details about accounts you hold with other banks so that we can show this information to you in the Monzo app. If you don’t give us consent to access an account, we can’t give you the service.
We’ll also use details about other accounts you’ve added to the Monzo app to support you if you contact our customer support team.
We may need to use your balance and transaction data from other accounts to investigate and resolve complaints.
We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn't involve overriding your privacy rights.
We may use your balance and transaction data from other accounts together with other details we hold about you to:
- improve the ‘Other accounts in Monzo’ service. For example, we’ll analyse aggregated data to understand what additional insights we could give other customers about their finances as part of the service.
- develop our business strategy using aggregated data about how customers use Monzo, other accounts and engage with the ‘Other accounts in Monzo’ service. This helps us make sure we develop the right products and make the right business decisions to make sure Monzo is successful.
- investigate suspected criminal activity to help keep our customers and Monzo safe, and to meet our legal obligations. We may share your information with law enforcement if authorised by law.
- to store backup copies in case we face a legal claim about the information.
Here we mean companies that help us provide the ‘Other accounts in Monzo’ service and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified where possible (for instance by using a User ID instead of your name).
Companies that give services to us for ‘Other accounts in Monzo’ are:
- cloud computing power and storage providers like Amazon Web Services (AWS) and Google Cloud our business intelligence and analytics platform provider Looker
- companies that help us with functional analytics (for example, to help us solve technical issues with the app)
- companies that help us with customer support (like Sykes and our subsidiaries)
We may share your details with:
- authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons
- the police, courts or dispute resolution bodies if we have to
- other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment
- any other third parties where necessary to meet our legal obligations
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
Our subsidiaries in the US help us with customer support. We may also share details about you with Monzo Inc for other lawful reasons if you open a US Monzo account (this is only available to US residents).
We hold the information we get about non-Monzo accounts you’ve added to the ‘Other Accounts in Monzo’ service on live systems until you cancel Monzo Plus or Monzo Premium or remove all your non-Monzo accounts. After that we’ll keep a backup copy for 6 years in case we need to respond to a legal claim. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to.
You have a right to:
- access the personal data we hold about you, or to get a copy of it
- ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else
- make us correct inaccurate data
- ask us to delete, 'block' or suppress your data, though for legal reasons we might not always be able to do it
- say no to us using your data in certain ‘legitimate interest’ circumstances
- withdraw any consent you’ve given us
- ask a member of staff to review a computer-made (automated) decision.
To do any of these things, please contact us through the app or by emailing email@example.com. EU data protection laws, like the GDPR, give us one month to respond.
We may transfer and store the data we collect from you to organisations outside the European Economic Area (‘EEA’). When we do this, we make sure that your data is protected and that:
- the European Commission says the country or organisation has adequate data protection, or
- we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
If you’d like a copy of the relevant data protection clauses, please get in touch through the app or send an email to firstname.lastname@example.org.
If you have a complaint about how we use your personal information, please contact us through the app or send an email to email@example.com and we’ll do our best to fix the problem.
If you’re still not happy, you can refer your complaint with a data protection supervisory authority in the EU country you live or work in, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
We’ll inform you about any changes we make to this privacy notice in the app or by email.
Monzo Bank Limited, authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (Financial Services Register No. 730427). Registered in England. Registered No. 9446231. Registered Office: Broadwalk House, 5, Appold Street, London, EC2A 2AG. The Financial Services Register can be accessed at https://register.fca.org.uk/