Moneliq Limited is the data controller for the personal data we collect. We have appointed a Data Protection Officer (DPO). If you have any questions about this Privacy Policy or how we handle your personal data, you can contact our DPO via:

• Email: dpo@moneliq.com
• Phone: +44 208 103 1222
• Postal Address: 25 Cabot Square, London, England, E14 4QZ.

Personal data, or personal information, means any information about an identified or identifiable individual. It does not include anonymous data, which cannot be linked back to the individual. We only collect the minimum personal data necessary for the specified purposes and take reasonable steps to ensure that any data we hold about you is accurate and kept up to date. You can review and update your personal data directly in your account settings or by contacting the Data Protection Officer.We will collect and process personal data about you as follows:

3.1. Information You Give Us

You may provide personal information directly to us when you:

• Sign up to or use our Services,
• Provide personal details such as your name, email address, postal address, phone number, date of birth, tax residency information or national identification number,
• Provide financial information including credit or debit card details, bank account details (including sort code, IBAN), payment reasons, and geographical location,
• Provide identification documents (such as passport, driving licence, utility bills),
• Provide your photograph or liveness image as part of Know-Your-Customer (KYC) or Know-Your-Business (KYB) checks,
• Provide company information (e.g., directors, shareholders, beneficial owners),
• Communicate with us via email, chat, or messaging services.

If you provide us with the personal data of other individuals (e.g. payment beneficiaries, business partners, shareholders, friends you refer), you must ensure that:

• You have obtained their consent or are otherwise lawfully entitled to share their personal data with us;
• They have been informed of how their personal data will be processed under this policy.

In some cases, such as when you send or receive high-value or high-volume transactions, or where we are required to comply with anti-money laundering or counter-terrorist financing regulations, we may request additional commercial or identification information from you.

You are responsible for ensuring that your personal data is complete and accurate. Please update your personal information through your Moneliq account whenever necessary.

3.2. Information We Collect Automatically

When you use our Services, we may automatically collect:

• Transaction details, including geographic location from which transactions originate,
• Technical information including your IP address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform,
• Website usage information including URL clickstream (to, through and from our website), pages viewed, page response times, download errors, page interaction (scrolling, clicks, mouse-overs), time spent on pages, and phone numbers used to contact customer support,
• Device information such as device type, operating system, and unique identifiers.

We may also collect information about your activity on our Website and App, including products or pages you view or search for, the length of your visits to particular pages, the method you use to browse away from a page, and other page interaction data.

3.3. Information We Receive From Other Sources

We may receive information about you from:

• Banks and payment partners (e.g., your name, address, and account details),
• Business partners and third-party service providers,
• Advertising networks and analytics providers,
• Credit reference agencies (used to verify the information you provide, but not to obtain additional personal data),
• Social networks when you log in via Facebook, Google or other providers (we may receive your name, email address, and profile image in line with their privacy policies),
• Publicly available sources, such as registers, directories, media, and online publications for due diligence and KYC purposes.
• We may receive information about you if you use other websites operated by us or services provided by our group companies.

3.4. Sensitive Data

We process biometric data strictly for the purposes of identity verification and fraud prevention, under the substantial public interest conditions in Article 9(2)(g) UK GDPR and Schedule 1 of the Data Protection Act 2018.

3.5. Children’s Data

Our products and services are intended for adults aged 18 years and over. We do not knowingly collect data from children. Any data collected from a child before age verification will be deleted.

We We will only use your personal data where we have a lawful basis to do so under the UK GDPR and the Data Protection Act 2018. The lawful bases we rely on include:

• Consent – where you have given us clear permission to process your personal data for a specific purpose.
• Contract – where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal obligation – where processing is necessary for us to comply with the law (other than a contractual obligation).
• Legitimate interests – where processing is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Vital interests – where processing is necessary to protect your vital interests or those of another person.

4.1. Purposes of Processing

We use your personal data for the following purposes, each supported by one or more of the lawful bases outlined above:

• To carry out our contractual obligations and provide our Services to you.
• To provide you with information, products, and services, including updates and communications related to your account.
• To comply with legal and regulatory requirements, including responding to lawful requests from public or government authorities.
• To prevent and detect crime, including fraud, money laundering, terrorist financing, and other financial crimes.
• To notify you about changes to our Services or terms.
• To maintain the security and integrity of our Services, including monitoring, incident response, and audits.
• To administer and improve our Services, including internal operations, data analysis, testing, research, troubleshooting, statistical and survey purposes.
• To develop new and improve existing products and services.
• To measure and understand the effectiveness of our advertising and marketing and to deliver relevant offers.
• To allow you to participate in interactive features of our Services.
• To provide you or permit selected third parties to provide you with information about products or services that may interest you.
• To enforce our agreements, recover amounts owed to us, or protect our assets.
• In rare cases, to help safeguard customers, employees, or other individuals by notifying emergency services.

4.2. Service Delivery and Account Management

We also process your personal data to:

• Verify your identity (KYC/AML checks)
• Decide whether to approve your application or transaction
• Meet our legal and contractual obligations relating to payments and account activity
• Help you understand and manage your spending behaviour
• Provide customer support, including call recording for training and quality control
• Recover debt and exercise other rights under our agreements.

4.3. Automated Decision-Making

We use automated systems for fraud monitoring, risk scoring, and identity verification. These systems are regularly audited for fairness, accuracy, and non-discrimination. We use automated decision-making and profiling for purposes including:

• Identity verification and onboarding (e.g., KYC, AML, and sanctions checks),
• Fraud detection and prevention,
• Transaction monitoring and risk scoring.

You have the right to:

• Request an explanation of any decision made solely through automated means that has a legal or similarly significant effect on you,
• Seek human intervention or oversight of the decision, and
• Challenge the outcome if you disagree with the decision.

We take the safeguarding of your personal information very seriously. While transmission of data over the internet can never be completely secure and any transmission is at your own risk, we use strict procedures and security features to protect your data once received. Our security measures include:

• Encryption in transit: All communication between you and Moneliq systems is encrypted using strong encryption protocols (HTTPS/TLS) for our app, website, and payment-processing services.
• Encryption at rest: When your information is not in active use, it is encrypted and unreadable without decryption keys.
• System and physical security: Electronic data and databases are stored on secure servers with both physical and electronic access controls.
• Security maintenance: We apply timely software updates and patches, maintain firewalls, intrusion detection systems, and run a bug bounty programme to identify vulnerabilities.
• Proactive monitoring: Our technical security team continuously monitors for abnormal or malicious activity.
• Independent audits: We undergo regular security audits and maintain industry certifications including PCI-DSS, with security controls validated by external auditors.
• Access restrictions: Access to your personal data is limited to authorised employees and approved processors who require it to perform their duties.
• Third-party safeguards: All third-party processors must comply with strict data protection standards, confidentiality obligations (including NDAs), and contractual data protection clauses.
• Organisational safeguards and training: We maintain physical, technical, and organisational safeguards and continuously educate employees on data protection and confidentiality obligations.
• Password protection: You are responsible for keeping your account credentials and passwords secure and confidential. Please do not share your password with anyone.

While no method of transmitting information over the Internet is entirely risk-free, we use strong encryption protocols (HTTPS/TLS) to protect your personal data during transmission to our app, website, and payment processing services. We also apply robust security measures once your information is received to keep it secure from unauthorised access, use, alteration, or disclosure.

In the event of a personal data breach, we will notify the Information Commissioner’s Office (ICO) without undue delay and, where feasible, within 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms. Where required, we will also inform affected individuals without undue delay.

We may share your personal data with:

• Affiliates, business partners, suppliers and subcontractors to perform contracts,
• Banks, payment schemes, and service providers,
• Advertisers and advertising networks (only with your consent),
• Analytics and search engine providers,
• Professional advisers (e.g. auditors, legal counsel),
• Payment beneficiaries (limited information to process transactions),
• Law enforcement, regulatory authorities and fraud prevention agencies,
• Debt recovery agencies or insolvency practitioners if necessary,
• Any parties where required by law, subpoena, or court order.

Where we share personal data with third-party service providers, they act under written contracts and must comply with strict data protection and confidentiality obligations.

We keep your personal data only for as long as necessary to:

• Deliver our services and maintain your account,
• Meet legal and regulatory requirements (e.g. FCA and AML rules),
• Resolve disputes, and
• Enforce our agreements.

As a regulated financial institution, we typically retain key personal and transactional data for at least five (5) years after the end of our relationship with you, unless a longer retention period is required by law. Retention periods for personal data not subject to regulatory requirements are determined based on operational needs and legal obligations. When data is no longer required, it is securely deleted or anonymised.

We may transfer and store your personal data in countries outside the United Kingdom (UK) and the European Economic Area (EEA), including locations that may not provide the same level of data protection as the UK or EEA. Your data may also be processed by staff operating outside these regions who work for us or for one of our trusted service providers.

We may transfer your personal data internationally when necessary to:

• Comply with global legal and regulatory requirements,
• Provide ongoing support and services,
• Work with fraud prevention agencies, credit reference agencies, regulators, or law enforcement authorities, and
• Deliver the products and services you have requested.

Where your personal data is transferred to countries without an equivalent level of protection, we take all steps reasonably necessary to ensure it is treated securely and in accordance with this Policy. This includes implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the UK or EU, the UK International Data Transfer Agreement (IDTA), or other contractual, technical, and organisational measures, supplemented with additional safeguards where appropriate.

Where applicable, we may also rely on adequacy decisions issued by the UK government. You can request further information or a copy of the safeguards in place by emailing dpo@moneliq.com.

You have Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have a number of rights in relation to your personal data. You can exercise these rights at any time by contacting us at dpo@moneliq.com.

Before processing any data subject requests, we may ask you to verify your identity to help ensure your personal data is protected and not disclosed to anyone who does not have the right to access it.

Your rights include:

• Access – You can request a copy of the personal data we hold about you and check that we are processing it lawfully.
• Correction – You can ask us to correct or update inaccurate or incomplete data. We may need to verify the accuracy of any new information you provide.
• Erasure (“Right to be Forgotten”) – You can ask us to delete your personal data where there is no good reason for us to continue processing it. This right may also apply where:
• you have successfully exercised your right to object to processing,
• we have processed your data unlawfully, or
• we are required to delete your data to comply with legal obligations.
  Please note that as a regulated financial institution, we may be required to retain certain information for legal or regulatory reasons (e.g., anti-money laundering or financial regulations), even after account closure.
• Withdraw Consent – Where our processing relies on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal. However, withdrawal of consent may limit our ability to provide certain services to you.
• Marketing Opt-out – You can ask us to stop sending you direct marketing communications at any time by contacting us or adjusting your account settings.
• Objection – You can object to processing based on legitimate interests if you feel it impacts your fundamental rights and freedoms.
• Restriction – You can ask us to temporarily suspend the processing of your personal data in certain situations, including:
• if you want us to verify the data’s accuracy,
• where our processing is unlawful but you prefer restriction to erasure,
• where you need the data to establish, exercise, or defend legal claims, or
• where you have objected to processing and we are considering our legitimate grounds.
• Portability – You can request that we transfer your personal data to you or another party in a structured, commonly used, machine-readable format. This right applies when we process your data based on consent or a contract.
• Automated Decision-Making and Profiling – If we make a decision about you solely through automated means that has a legal or significant impact, you can:
• request information about the logic involved,
• ask us to verify that the decision has been made correctly, and
• in some cases, request human review of the decision.
  We may refuse requests only where permitted by law (e.g., to protect trade secrets or prevent fraud).
• Legal Exemptions – In certain cases, your rights may be subject to exemptions to protect the public interest (e.g., prevention or detection of crime) or our legitimate interests (e.g., legal privilege).

We will assess and respond to all valid requests within one month. In some cases, particularly for complex or multiple requests, this period may be extended by up to two further months, in line with UK GDPR.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you are unhappy with how we process your personal data.

We encourage you to raise any concerns or complaints directly with our Data Protection Officer (DPO) in the first instance so that we have the opportunity to resolve them. If you remain dissatisfied, you can then escalate your complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

We use cookies and similar technologies to:

• Provide core site functionality,
• Analyse how people use our site,
• Improve your user experience,
• Deliver relevant marketing.

You can manage your cookie preferences through your browser or device settings. See our Cookie Policy for full details.

We review and update this Privacy Policy from time to time to reflect changes in the law, regulatory requirements, best practice, or how we handle personal data.

If we make any significant changes to the way we collect, use, or share personal data, we will:

• Update this Privacy Policy on our official website,
• Clearly show the date the updated version takes effect, and
• Let you know about the changes through appropriate channels — for example, by email, in-app notifications, or a notice on our website.

We encourage you to review this Privacy Policy regularly so that you stay informed about how we protect and use your personal information. Any changes will always comply with UK data protection laws and reflect our commitment under the FCA’s Consumer Duty to communicate clearly and transparently.

If you have any questions about this Privacy Policy or how we use your personal data, or if you would like to exercise any of your data protection rights, please contact us:

• Email: dpo@moneliq.com
• Phone: +44 208 103 1222
• Postal address: Moneliq Limited, 25 Cabot Square, London, England, E14 4QZ.

We take data protection seriously and aim to respond to any concerns promptly and transparently.

If you are not satisfied with how we handle your personal data or our response to your request, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) — the UK’s supervisory authority for data protection:

Website: https://ico.org.uk
Telephone: 0303 123 1113 (within the UK)

We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance if possible.