We’re Monzo Bank Limited (‘we’, ‘our’, ‘us’) and operate under the name Monzo.
We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO) under number ZA108184.
This notice explains how and why we use your personal information when you open a current account and use our app, card, or services for account holders on monzo.com. For more information about how we use your data:
- if you use our community forum on our website, see our Monzo Community Forum Privacy Notice.
Got a question about something in this notice, or want to contact our Data Protection Officer (DPO)?
- Chat with us through the app or send us an email at [email protected].
- Write to us at Monzo, Broadwalk House, 5 Appold Street, London, EC2A 2DA, UK.
- Personal details like your name, date and place of birth.
- Contact details like your home address (and previous addresses), email and phone number.
- Information about your identity, such as a copy of your ID document, a short video of yourself.
- Information about your right to live in the UK and your tax residency.
- Financial details, such as your employment status and the industry you work in, annual Income, number of dependents, residential status and monthly housing costs.
- Details you give us when you sign up for a specific service, like your National Insurance number if you open an Individual Savings Account (ISA). If you apply for credit, we’ll ask for details about your financial circumstances and reasons for borrowing.
- Details you give us which we pass to our partners when you let us know you’re interested in their services (like energy switching).
- Information you give us through Monzo chat.
- Answers you give to surveys about Monzo and our services.
If you use other ways to get in touch than Monzo chat, we collect the following information so we can answer your questions or take action.
- The phone number you’re calling from and information you give us during the call (we record all calls).
- The email address you use and the contents of your email (and any attachments).
- Public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.
We collect information about how you use the app to help improve features. This includes:
- details about payments to and from your Monzo account, your savings activity (using Pots) and any overdrafts or loans you take out
- details about services from us and our partners that you express interest in
- details about how you use our app
- all the countries you're a tax resident in and your Tax Identification Number for each one.
We collect this information to keep your data safe and to improve features for you. This includes your:
- mobile network and operating system, so we can analyse how our app works and fix any issues
- IP address and device ID (we’ll link your mobile phone number with your device)
- mobile advertising ID, so we can share it with companies that help us with advertising online (you can reset this ID or limit tracking in ‘Settings’ on your phone)
- location if you’ve authorised tracking, so we can help protect you against fraud
- phone contacts who use Monzo, if you activate Payments with Friends, and they do too (we don’t store your full address book).
When you sign up for a Monzo account, we search your record at:
- credit reference agencies to verify your identity and check if we can offer you an overdraft and manage business risk (this is a 'soft search' and won’t impact your credit score). If you take out a loan or turn on your overdraft for the first time, we do a full search (which may impact your credit score)
- fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties.
For more information about data we collect from and share with credit reference agencies, see ‘Who we share your data with’ below.
We may also collect information about you from public sources for AML reasons or market research. This includes:
- official public records, like the Electoral Register or Companies’ House
- information published by the press or on social media.
If you sign up to a service from one of our partners through the Monzo app (like energy switching or remortgaging), they may share details with us about your deal. See our Credit Tracker Privacy Notice for information about data we get from TransUnion if you start using the Credit Tracker in our app.
Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.
We need to use your data for a contract we have with you, or to enter into a contract with you. We use details about you to:
- consider your application
- give you the services we agreed to in line with our terms and conditions
- send you messages about your account and other services you use if you get in touch, or we need to tell you about something
- exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us
- investigate and resolve complaints and other issues.
We need to use your data to comply with the law.
- confirm your identity when you sign up or get in touch
- check your record at immigration and fraud prevention agencies
- prevent illegal activities like money laundering, tax evasion and fraud
- check your credit history and ask about your reasons for applying for an arranged overdraft or loan, and other details about your financial circumstances so that we can make responsible lending decisions
- keep records of information we hold about you in line with legal requirements
- adhere to banking laws and regulations (these mean we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties)
- compare information we hold about your account with your tax residency information to make sure we don’t have a reason to doubt it.
When it’s in our ‘legitimate interest’. We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn't involve overriding your privacy rights.
Product development and marketing
- check your record at credit reference agencies when you sign up to see if we can offer you an overdraft or a loan (this is a soft check)
- tell you about products and services through the app or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We may also exclude ads on this basis. We do this so we can make sure our marketing is useful. That includes instructing platforms to show or not show Monzo adverts to existing customers. We don’t share any other identifying information about you with social media companies than your mobile advertising ID (unless you’ve disabled it)
- track, analyse and improve the services we give you and other customers and how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can make our products better and understand how to market them
- use the personal information you share with us and data you create from using the app to suggest Monzo features or products you’d find useful. It's in your control if you want us to stop, just ahead over to the App and opt-out.
- share insights with the public about spending, saving or borrowing trends based on data that doesn’t personally identify you
- don’t sell any of this information.
- show where you were when you bought something with Google maps (in the Monzo app) and send you travel reports when you’re abroad (we tell this from transaction data, not by tracking your phone)
- give you reports on how you’ve spent and/or saved money using Monzo (‘Spending Reports’ and ‘Year in Monzo’)
- personalise your visual experience in the Monzo app, like choosing a picture for your virtual loan card based on what you’ve told us you’ll use the loan for.
Security and business management
- protect the rights, property or safety of us, our customers or others
- carry out security and maintenance checks to make sure our app, website and other services run smoothly for you
- manage Monzo’s business risk and financial affairs, and protect our customers and staff
- share information with credit bureaus and fraud prevention agencies so we can benefit from up-to-date information when we make decisions about accounts or loans. This helps us make responsible lending decisions and fight financial crime
- share your name, title and account number with other banks and building societies, so that people making payments to you can confirm the name they have for you matches the name we hold in our records. This helps us fight financial crime.
Companies that give services to us
- share your information with companies that so they can help us provide our services (see ‘Who we share your data with’ below).
Consent. We’ll ask for your consent to:
- record any issues you want us to know about so we understand how to best support you. (If the information is sensitive, we need a second lawful basis, see ‘Our reasons for using special category information’ below.)
- tell you about our products and services, and those of our partners by email or push notification if we think they’re of interest to you. You can unsubscribe from these by email or via the app. (If you don’t want to see lending promotions in the app, you can opt out in your app ‘Settings’.)
- help protect you against fraud by tracking the location of your phone if you’ve authorised it (iOS)
- show your profile picture in the app if you add one
- show your profile picture and name to Monzo contacts in their app if you turn on ‘Payments with Friends’, provided they’ve stored your phone number. (If you pay someone, they’ll see your name regardless of whether or not you’ve turned on Payments with Friends. It’s our legal duty to show this, so it isn’t something you can opt out of.)
- share information about you with companies we work with when we need your permission (see ‘Who we share your data with’ below).
You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of our services.
We may need to process sensitive information about customers that data protection laws call ‘special category’ data. This is information that can reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic or biometric data (if used for identification purposes) and information concerning a person’s health, sex life or sexual orientation.
Data protection laws say we need a second lawful basis to use special category data. This can be: explicit consent, exercising legal rights in the field of employment, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In this section we explain which lawful basis we rely on to use your special category data in a certain way.
It’s necessary for reasons of substantial public interest
- use facial recognition technology to identify people who use our services in the Monzo app. We do this because it is necessary for reasons of substantial public interest to prevent or detect unlawful acts
- record information about your health if it’s necessary to protect your economic well-being if you’re at risk, and seeking consent would be unreasonable or negatively impact our ability to help you.
It's necessary to protect your or another person’s vital interests. We may share information about you externally (generally with law enforcement in an emergency), if it’s necessary to protect your or another person’s life and you are unable to consent.
We have your explicit consent. We record any issues you want us to know about relating to your health, so we understand how to best support you.
Companies that give services to us. Here we mean companies that help us provide services you use, and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name).
- companies that make our Monzo cards
- card producers and networks, like MasterCard
- Know Your Customer (KYC) service providers that help us with identity verification or fraud checks like Jumio and Onfido
- cloud computing power and storage providers like Amazon Web Services (AWS) and Google Cloud
- our business intelligence and analytics platform provider Looker
- companies that help us with functional analytics (to help us solve technical issues with the app for instance)
- companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time)
- software companies that we use for emailing you like Front, or for processing and storing email communications with you like Intercom
- companies that help us with customer support (like Sykes and our subsidiaries)
- companies that help us with fraud prevention
- companies that offer benefits or rewards through special programmes you sign up to via the app
- companies that print written statements and notices
- companies that manage our CCTV and security if you visit our offices.
Credit reference agencies. Credit reference agencies (CRAs) give lenders information about borrowers to help them make responsible lending decisions. Banks share details about their customers to help CRAs maintain up-to-date information about people’s financial status. We work with TransUnion, Experian and Equifax.
When you sign up and for as long as you’re a customer, we’ll exchange details about you with CRAs. This includes:
- your name, address and date of birth
- accounts you have, including when you opened them and money going into them (if you owe us money, we’ll also share your balance)
- credit applications you’ve made and limits you’ve turned on
- if you’ve borrowed, details of your loan and repayments (like whether you repay in full and on time)
- fraud prevention information.
We’ll use this information to to comply with our legal duties and when it’s in our ‘legitimate interest’ to:
- verify your identity and make sure what you’ve told us is true
- help detect and prevent fraud and money laundering
- assess whether you can afford to make repayments if you borrow
- manage your account with us
- trace and recover debts
- make sure our offers are relevant for you.
If you apply for a joint account with someone else, we and CRAs will link your records with theirs.
Fraud prevention agencies. When you apply for an account, we check your record with fraud prevention agencies (FPAs) like Cifas. During the application process and after you become a customer, we may share information about you with them to help prevent fraud and money laundering when it’s in our ‘legitimate interest’. If we detect fraud, we may stop activity on your account or block access. Other organisations may use information we share with FPAs about fraud to refuse their services, finance or employment. For more information about the details we collect from and share with Cifas and how they’ll use your data, see Cifas’ Fair Processing Notice.
Anyone you give us permission to share it with. We tell you in the app when we need your consent to share your data with:
- companies that introduce their own services via the Monzo app, like energy switching, insurance or remortgaging
- other customers you want to set up joint Monzo accounts with
- other apps
- other banks if you use account switching or aggregation services
- people you’ve asked to represent you, like solicitors.
Law enforcement and other external parties. We may share information about you with:
- authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons
- the police, courts or dispute resolution bodies if we have to
- other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment
- any other third parties where necessary to meet our legal obligations.
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
Other Monzo Group companies. Our subsidiaries in the US help us with customer support. We may also share details about you with Monzo Inc for other lawful reasons if you open a US Monzo account (this is only available to US residents).
If you sign up for Monzo Premium, we’ll share your name and contact details with our insurance and airport lounge partners so they can provide the services you get through Monzo Premium. We also share your account details, so insurance partners can pay you if you make a successful insurance claim, and we share your payment details so we can collect payments you owe us for using lounge access benefits. Our legal basis for sharing your information for these reasons is ‘contractual necessity’: we need to use your data for a contract we have with you. To learn how our partners will use your information, please read:
- Assurant’s Privacy Notice (phone insurance)
- Axa’s Privacy Notice (travel insurance)
- LoungeKey’s Privacy Notice (airport lounge access)
If you sign up for Monzo Plus or Monzo Premium and start using Credit Tracker, please read the Credit Tracker Privacy Notice. If you start using the ‘Other Accounts in Monzo’ service, please read the Other Accounts in Monzo Privacy Notice.
If you use the auto export feature to transfer transaction data into your Google Drive account, we’ll share this information with the Google company that manages your account until you pause exports or remove access. We’ll have access to your spreadsheet, but won’t collect the information in it.
We sometimes use computers to make decisions. We do this for deciding if:
- we can give you a Monzo account based on your age, residency, nationality, financial position and other circumstances, like the results of anti-money laundering and sanctions checks
- we can give you an arranged overdraft or loan based on information we hold about you, and information we get from credit reference agencies. This includes details on whether you’ve kept up to date with payments on any credit accounts, and if you’ve been to court
- we need to take action, like freeze a transaction or account, because we suspect fraud or money-laundering against Monzo or a customer. Our computers decide this based on patterns in our data, like an account or policy being used in a way that fraudsters work
- our services and products, or those of companies we work with, are suitable for you so that we can tailor our marketing.
You can ask for a member of the team to review a decision via Monzo Chat. If your application for a Monzo account was rejected, you can ask us to check this decision by emailing [email protected].
We keep most of your data as long as you’re using Monzo, and for 6 years after that to comply with the law and if we face a legal challenge. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to.
To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
You have a right to:
- access the personal data we hold about you, or to get a copy of it
- ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else
- make us correct inaccurate data
- ask us to delete, 'block' or suppress your data, though for legal reasons we might not always be able to do it
- say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances
- withdraw any consent you’ve given us
- ask a member of staff to review a computer-made (automated) decision.
To do any of these things, please contact us through the app or by emailing [email protected]. If your application for a Monzo account was rejected and you want us to review that decision, please email [email protected]. EU data protection laws give us one month to respond.
We may transfer and store the data we collect from you to organisations outside the UK and the European Economic Area (‘EEA’). When we do this, we make sure that your data is protected and that:
- the European Commission says the country or organisation has adequate data protection, or
- we’ve agreed standard data protection clauses approved by the European Commission with the organisation.
If you’d like a copy of the relevant data protection clauses, please get in touch via Monzo chat or send an email to [email protected].
If you have a complaint about how we use your personal information, please contact us through the app or send an email to [email protected] and we’ll do our best to fix the problem. You can also reach our Data Protection Officer in these ways.
If you’re still not happy, you can refer your complaint with the UK’s supervisory authority: the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
We’ll post any changes we make to our privacy notice on this page and if they’re significant changes we’ll let you know by email.