Montify Ltd hereinafter known as “the Firm”, is fully committed to compliance with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679), which came into force on 25th May 2018. The UK General Data Protection Regulation is the retained EU law version of the EU GDPR as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).
It is defined in section 3(10) of the Data Protection Act 2018 (DPA 2018), supplemented by section 205(4). It includes the provisions of what was previously the applied GDPR, unless the context otherwise requires.

The Firm is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data the Firm collects from you, or that you provide to the Firm, will be processed, and stored by the Firm. Please read the following carefully to understand our views and practices regarding your personal data and how the Firm will treat it. By using the Firm’s website, you are agreeing to be bound by this Policy, however, you are free to withdraw your consent anytime by notifying the Firm in writing.

For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), your data controller is Montify Ltd.


PRIVACY

The Firm knows that you are concerned with how the Firm deals with your personal information. This privacy statement sets out the Firm’s current policies and demonstrates its commitment to your privacy. The Firm’s privacy policy may change at any time in the future for compliance purposes. You agree to revisit the relevant page(s) on the Firm’s website regularly and your continued access to, or use of the Firm’s website will represent your consent to these changes.


PURPOSE OF THE DATA PROCESSING

The Firm is required to maintain certain personal data about individuals for the purposes of satisfying its operational and legal obligations e.g., to open an account, client due diligence, money laundering prevention, transact business effectively and to safeguard your assets and your privacy. The Firm recognises the importance of correct and lawful treatment of personal data as it helps to maintain confidence in the Firm and to ensure efficient and successful outcomes when using this data.

The Firm only uses personal information as legally appropriate, to provide you with a high quality of service and security. The Firm may use personal data collected from you to verify your identity and contact information. The Firm may also use this information to establish your account, issue an account number and a secure password, maintain your account activity, and contact you with account information. This information helps the Firm improve its services, satisfy financial regulations, and inform you about new products, services or promotions that may be of interest to you.

Personal data may consist of data maintained on paper, computer, or other electronic media; all of which is protected under the GDPR.


PRINCIPLES OF THE DATA PROCESSING

All data is:

  • Fairly and lawfully
  • Processed with specified legal
  • Adequate, relevant, and not
  • Not kept for longer than
  • Processed in accordance with the individual’s (i.e., data subject’s)
  • Secure; and
  • Not transferred to other countries without adequate protection or data subject

PERSONAL DATA THE FIRM COLLECTS

The Firm may collect and process the following data about you:

  • Information that you provide by completing forms on the Firm’s
  • Up-to-date data about you and your identity, if you register your personal details for the Firm’s services; and
  • Details of your visits to the Firm’s website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access or have

The types of personal data that the Firm may process, for example, may include information about current, past, and prospective customers, website visitors, etc. with whom the Firm has dealings. This information includes information required to communicate with you, including your name, mailing address, telephone number, email address, date of birth, ID, and your location information.

The Firm may also ask you for information if you report a problem with the website. If you contact the Firm, we may keep a record of that correspondence. The Firm may also ask you to complete surveys that the Firm uses for research purposes, although you do not have to respond to them.

You have choices about the data the Firm collects. When you are asked to provide personal data, you may decline. You are also entitled to have the Firm erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of your data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal however, if you choose not to provide data that is necessary to provide a service or feature or to withdraw the data that is still relevant to original purposes of processing, you may not be able to use that service or feature.

The data the Firm collects depends on the context of your interactions with the Firm, the choices you make, including your privacy settings, and the service and features you use.


USE OF COOKIES

Cookies are small text files sent from the web server to your computer. The Firm uses cookies to assist it in securing your account activities and enhance the performance of the Firm’s website. Cookies used by the Firm do not contain any personal information, nor do they contain account or password information, they only allow the site to recognise that a page request comes from an internet address which has previously used the Firm’s website.

The Firm may share website usage information about visitors to the website with reputable advertising companies for targeting the Firm’s internet banner advertisements on its website and other sites. For this purpose, pixel tags, also called clear GIFs or web beacons, may be used to note the pages you have visited. The information collected by the advertising company using these pixel tags is not personally identifiable.

To administer and improve the Firm’s website, we may use a third party to track and analyse usage and

statistical volume information including page requests, form requests, and click paths. The third-party may use cookies to track behavior and may set cookies on the Firm’s behalf. These cookies do not contain any personally identifiable information.


REASONS THE FIRM MAY SHARE YOUR PERSONAL DATA

The Firm may share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorised. The Firm also share data with:

  • The Firm’s affiliates and
  • With vendors working for the Firm and / or on the Firm’s
  • When required by law or to respond to legal
  • To protect the Firm’s
  • Maintain the security of the Firm’s services and to protect the Firm’s rights or

OUR AFFILIATES AND PARTNERS.

The Firm may share information with affiliates if the information is required to provide the product or service you have requested, or to provide you with the opportunity to participate in the products or services the Firm’s affiliates offer. The Firm may also forge partnerships and alliances, which may include joint marketing agreements, with other companies who offer high-quality products and services that may be of value to the Firm’s customers.

To ensure that these products and services meet your needs and are delivered in a manner that is useful and relevant, the Firm may share some information with partners, affiliates, and alliances. This allows them to better understand the offers that are most relevant and useful to you. The use of your personal information is limited to the purposes identified in our relationship with the partner or affiliate.


NON-AFFILIATED THIRD PARTIES.

The Firm does not sell, license, lease or otherwise disclose your personal information to any third party for any reason, except as described below.

The Firm reserves the right to disclose your personal information to third parties when required to do so by law, to regulatory, law enforcement or other government authorities. The Firm may also disclose your information as necessary to credit reporting or collection agencies, and to non-affiliated third parties if it is necessary to protect the Firm's rights or property.

To assist the Firm in improving our services to you, the Firm may engage another business to help it to conduct certain internal functions such as account processing, fulfillment, customer service, customer satisfaction surveys or other data collection activities relevant to the Firm’s business. The Firm may also provide a party with customer information from its database to assist the Firm in analysing and identifying customer needs and to notify customers of product and service offerings.

Use of the shared information is strictly limited to the performance of the task the Firm requests, and for no other purpose. All third parties with which the Firm share personal information are required to protect personal information in a manner similar to the way the Firm protects your personal information. The Firm uses a variety of legal mechanisms, including contracts, to help insure your rights and protections.


RESTRICTION OF RESPONSIBILITY

If at any time you choose to purchase a product or service offered by another company, any personal information you share with that company will no longer be controlled under our Privacy Policy. The Firm are not responsible for the privacy policies or the content of sites the Firm link to and have no control of the use or protection of information provided by you or collected by those sites.

Whenever you elect to link to a co-branded website or to a linked website, you may be asked to provide registration or other information. Please note that the information you are providing is going to a third party, and you should familiarise yourself with the privacy policy provided by that third party.


ACCESS TO PERSONAL DATA

All individuals who are the subject of personal data held by the Firm are entitled to:

  • Ask what information the Firm maintains about them and
  • Ask how to gain access to it.
  • Be informed how to keep it up to
  • Have inaccurate personal data corrected or
  • To receive the personal data concerning them, which they have previously
  • Prevent the Firm from processing information or request that it is stopped if the processing of such data is likely to cause substantial, unwarranted damage or distress to the individual or
  • Require the Firm to ensure that no decision which significantly affects an individual is solely based on an automated process for the purposes of evaluating matters relating to them, such as conduct or performance; and
  • Be informed what the Firm is doing to comply with its obligations under the GDPR.

If you cannot access certain information and personal data collected by the Firm, you can always contact the Firm by emailing dpo@montify.com. The Firm will respond to requests to access or delete your personal data within thirty [30] days.


SECURITY OF PERSONAL DATA

The Firm maintains strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including its staff. The Firm uses leading technologies such as (but not limited to) data encryption, firewalls, and server authentication to protect the security of your data.

The Firm’s hardware and software protection includes up to date industry standard protocols. The Firm’s staff and other third parties, whenever contracted to provide support services, are required to observe the Firm’s privacy standards and to allow the Firm to audit them for compliance.


BREACH OF PERSONAL DATA

In the case of a personal data breach, the Firm shall without undue delay and, where feasible, not later than seventy-two [72] hours after having become aware of such breach, notify the personal data breach

to the supervisory authority – Information Commissioner's Office, UK (“ICO”), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the ICO is not made within seventy-two [72] hours, it shall be accompanied by the reasons for the delay in accordance with Article 33 of GDPR.


WHERE PERSONAL DATA IS STORED AND PROCESSED

Personal data collected by the Firm may be stored and processed in your region or in any other country where the Firm or its affiliates, subsidiaries or service providers maintain facilities. Typically, the primary storage location is in the customer’s region or in the UK, often with a backup to a datacentre in another region.

The storage location(s) are chosen to operate efficiently, to improve performance, and to create redundancies to protect the data in the event of an outage or other unforeseen problem(s). The Firm takes steps to ensure that the data the Firm collects under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

The Firm may transfer personal data from the European Economic Area to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. Should this situation arise, the Firm will use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. Also, such a transfer will only be made with your written permission.


RETENTION OF PERSONAL DATA

The Firm retains personal data for as long as necessary to provide its services, or for other essential purposes such as complying with the Firm’s legal obligations, including as an authorised financial services provider, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of various products, actual retention periods may vary significantly. The criteria used to determine the retention periods include, for example:

  • The period of data processing needed to provide the services

    This includes such things as maintaining and improving the performance of those services, keeping the Firm’s systems secure, and maintaining appropriate business and financial records. This is a general rule that establishes the baseline for most data retention periods.

  • The data subject's consent for a longer retention period

    If so, the Firm will retain data in accordance with the consent.

  • The Firm is subject to a legal, contractual, or similar obligation to retain the data

    Mandatory data retention laws can be applied in an applicable jurisdiction where government orders preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.


CHANGES TO THIS PRIVACY POLICY

Periodically, the Firm may update this GDPR Data Protection and Privacy Policy. In the event the Firm materially changes this Policy, the revised GDPR Data Protection and Privacy Policy will promptly be posted to the Firm’s website and the Firm will post a notice on its website informing you of such changes.

You agree to accept a posting of the revised Policy electronically on the Firm’s website as actual notice to you. Any dispute over the Firm’s GDPR Data Protection and Privacy Policy is subject to this notice and the Firm’s Customer Agreement.

The Firm encourages you to periodically check and review this Policy so that you will remain up to date with what information the Firm collects, how the Firm uses it, and to whom the Firm discloses it. If you have any questions that this statement does not address, please contact the Firm’s Data Protection Officer (“DPO”) via email at dpo@montify.com.


CONTACT

If you have a privacy concern, complaint, or a question for the DPO, please contact them via email at dpo@montify.com. The Firm will respond to all questions or concerns within thirty [30] days.

Unless otherwise stated, the Firm is the data controller for the personal data the Firm collects through the services subject to this statement. The Firm is a private limited company under Companies House number: 12230765. The Firm’s Registered Office address is New London House, 6, London Street, London, EC3R 7LP, United Kingdom.

The Firm’s Responsible Officer for Compliance is also the person responsible for data protection as the Data Protection Officer. The address for correspondence is 2, West Avenue, Hullbridge, Hockley, Essex, SS5 6JU, United Kingdom. Telephone: +44 (0) 1268 661 696.

The Firm is authorised in the UK by the Financial Conduct Authority (“FCA”) as an Authorised Electronic Money Institution (“AEMI”) under FCA Firm Reference Number: 901069.