1.1 This Privacy Policy explains the total range of purposes and legal bases upon which Slate Money Financial Technology Ltd (“Slate Money”) collects, processes, stores and shares data that can identify you (the “End User”). We reserve the right to publish different or bespoke versions of this global privacy policy, to suit particular products, sites or apps.
1.2 Slate has its registered office at 6 Dekker House, Dalston Square, London, United Kingdom E8 3FS.
1.3 You can contact Slate Money at any time for more information about this policy so please get in touch with us at support@slatemoney.io
1.4 This Privacy Policy primarily applies to our account-information services and to your use of our platform and software applications hosted or made available by us, wherever and however you access them (“the Service”). To a lesser extent this Privacy Policy applies to any visitor to our websites (where the level of interaction with your data and the amount of data processing will be much less).
1.5 Together with our various user terms (“Terms of Use”), this Privacy Policy forms our agreement with you. Capitalised terms not defined in this Privacy Policy shall have the meaning given to them in our applicable Terms of Use or in the General Data Protection Regulation (EU) 2016/679 (the “EU GDPR”) or the retained version of the EU GDPR as it applies in the UK from 1 January 2021 (the “UK GDPR”).
Data collection and purpose for each type of Slate user is explained below
- Data Collected
- Your name, email address and any other personal data you supply to us through forms you complete such as manual user registration, Google Cloud Platform authentication, feedback, help tickets, or survey responses
- Any personal data we collect as part of your cookies setting. These include email-opening statistics, IP address/location, browser type and version, page views and searches.
- Purpose
- To provide you with basic information and updates on our activities, services and products, for statistical analysis, to identify which elements of the Service or other products might interest you, to record your marketing preferences and any feedback or responses for the purposes of improving our Services.
- To allow us to run the operation of our websites, domains, portals, and ensure that our provision of Services runs as smoothly as possible, in a personalised way.
- Legal Basis
- With your consent through our Terms of Use
2.1 General Website Visitor / Browser / Non-regulated Activities
- Data Collected
- Any personal data that is contained in the account and/or transaction information that you consent to sharing with us (at the time of use and in accordance with Open Banking legislation). This will include account numbers and sort codes in the case of AISP services
- Other information you give us through forms, or when reporting a support-desk issue, or your log of visits to the Service and the resources, tabs and features that you access
- Purpose
- To deliver & improve our Services, to add actionable insights for the benefit of the User.
- Legal Basis
- With your consent through our Terms of Use.
- To comply with our legal obligations under Open Banking legislations and the Consumer Rights Act 2015. Also, it is judged necessary for our legitimate interest in ensuring that we can provide you with the Services and to continuously improve our Services.
- It is also essential for the performance of our Terms of Use as a contract to which you are party.
2.2 Account Information Service Users
Subscribed Service Users (those having an active free or paid subscription) may consent to supply the Service with Open Banking data only, offline data only, or a combination of the two.
3.1 We may need to share information about you with certain service providers who help us to deliver the Service to you, such as agents registered with the FCA or third party technology companies who may provide elements of the Service functionality and other companies in our corporate group). We refer to the latter service providers as (“Third Party Service Providers”). We only disclose personal data to Third Party Service Providers for the purposes explained in this Privacy Policy.
4.1 The Service processes and stores the personal data described in this Privacy Policy inside the UK and in the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, GDPR and UK GDPR at all times.
4.2 The Service takes responsbility for collection and secure cloud storage of Open Banking data provided via the intermediary (subject to the necessary User consents with their financial institutions)
4.3 The Service takes responsbility for collection and secure cloud storage of offline data provided by the User except in the case of Local Mode.
4.4 When a User elects to use the Service in Cloud Mode, data is automcatically synchronized between user devices and, furthermore, a secure master copy of all User Account Information will reside on storage devices operated and maintained by the Service.
4.5 When a User elects to use the Service in Local Mode, the User takes responsibility for the long term storage of Account Information data (as described in 2.2). After the data is released on demand to the end User client application, it is permanently deleted from temporary holding. This means the User's Account Information data is no longer held, managed, readable or accessible by any device owned or operated by the Service.
6.1 Where we hold your personal data and are responsible for it, it will be stored for the life of your contract with us and in accordance with the Slate data retention policy and UK GDPR.
6.2 Your contract with us would typically expire when you delete your account with us or ask us to delete your Slate account for you. Our databases are backed up but such backups are never held for more than 90 days at a time. It is crucial that we hold your personal data in this way because without it, we would not be able to fulfil our contract with you and show you copies of your account information when you request/select these.
7.1 Once we have received your information, we will use procedures and security features to try to prevent unauthorised and unlawful access and processing, as well as accidental loss, destruction or damage. We use encryption technology to protect personal data that you submit to us online in order to reduce the risk of your data being intercepted by unauthorised persons during transmission.
7.2 We deploy a range of “technical and organisational” measures including physical, electronic, and procedural safeguards to protect information we process and maintain.
7.3 Please be aware that the transmission of information via the internet or mobile networks is not completely secure; we cannot guarantee the security of your data transmitted to or from us and any transmission is at your own risk. Slate may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. It will be clear to you when you click on a link that will take you to a Third Party Member we strongly encourage you to read their privacy policies in detail. W e do not control these third-party websites and are not responsible for their content or their privacy statements.
7.4 In the event there is an occasion in future where there is an unauthorised use or breach with respect to personal data, Slate shall comply with GDPR expectations and timelines (including a 72 hour investigation and reporting window) in order to mitigate the risk to any individuals affected.
We reserve the right to add to or change the terms of this Privacy Policy in the same way that we need from time to time to vary our Terms of Use to keep up to date with evolving data protection laws or to take account of changes to our Service. You are therefore advised to keep abreast of this Privacy Policy through whatever medium, site or device you access it.
9.1 Right of Access
You have the right to access information held about you and you can ask us for a copy of the information at any time. Where we have good reason, and if the law permits, we can refuse your request for a copy of your personal data, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
9.2 Right of Correction or Completion
If personal data we control and hold about you is not accurate or needs updating you have a right of rectification (we can easily correct some of your personal data like an email address upon your instruction, but we cannot unilaterally amend your credit card transaction data if supplied to us in error by a third party) .
9.3 Right of Erasure
In certain circumstances, you have the right to request that personal data we hold about you is erased for example if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
9.4 Right to Object to or Restrict Processing
In certain circumstances, you have the right to object to our processing of your personal data by contacting us. You have the right to object to use of your personal data for direct marketing purposes. You have a legal right to object at any time to: (i) use of your personal data for direct marketing purposes; and (ii) processing of your personal data which is based on our legitimate interests, unless there are compelling legitimate grounds for our continued processing.
9.5 Right of Data Portability
To save you time, you should know that the vast majority of the personal data and transaction data you would want to port across to other systems, devices or software solutions are readily downloadable from our platform and the Moneyhub App. (It is highly unlikely if you are a website visitor we will have any personal data you would wish to port).
Where your request to move or migrate is more complex than you simply downloading the data that you need from the platform, you can ask us to transmit your data in a structured, commonly used and machine-readable format. Of course, we cannot guarantee technical compatibility with a third party organisation’s systems if that is your desired destination and we cannot accede to requests that involve personal data belonging to other persons.
9.6 Marketing
You have the right to ask us not to process your personal data for marketing purposes. We will only process your personal data for such purposes where you agree to such processing (e.g., by checking certain boxes on the forms or registration pages we use to collect your information).
If you have previously agreed to us using your personal data for marketing purposes, you may change your mind at any time by contacting us at marketing@slatemoney.io. You will also be given the opportunity to unsubscribe when you receive marketing messages.
9.7 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us.
We aim to keep your personal data up-to-date, so please advise us of any changes and feel free to exercise any of the above rights by contacting us at support@slatemoney.io
10.1 Should you be dissatisfied with the service we provide, you have the right to file a formal complaint to the Information Commissioners Office at www.ico.org.uk, or to the relevant data protection supervisory authority in your country of residence. The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by telephone on 0303 123 1113 or 01625 545 745.
10.2 Contact details for the Slate Money EU Representative in the EU as required by Article 27 of the EU GDPR shall be made available upon request in writing.