Third Party Privacy Notice

Introduction

Monument Bank Limited respects your privacy and is committed to protecting your personal data. This Privacy Notice sets out how we look after and use personal data belonging to our investors, suppliers, business contacts/"friends" of Monument and research participants. It also provides information about your privacy rights under relevant laws and explains how the law provides protection for you.

If you are an applicant for a role with us or a colleague, please refer to our Applicant and Colleague Privacy Notice. If you are a client or have signed-up to our waitlist, please refer to our Client Privacy Notice.

Important information and who we are

This Privacy Notice describes how your information may be used or disclosed by us and the safeguards we use to protect it. Some of the parties that we work with may collect your personal data in their capacity of data controller. We therefore ask you to review such third parties' privacy notices , typically available on their official websites (and which we do not control), to understand their information practices. We cannot be responsible or accept liability for them.

We have drafted this Privacy Notice to be as clear and concise as possible. In some sections we have written a short summary followed by further detail. Please read it carefully to understand our policies regarding your information and how we will treat it. When you provide your personal data to us, you agree to the collection, use and disclosure of information in accordance with this Privacy Notice.

Our services are not intended for children and we do not knowingly collect data relating to children.

Without sufficient personal data we may be unable to interact with you for the third party relationship we have with you, including keeping you informed and providing services. This includes collecting information as required by law. Where we already have your information, we will endeavour to avoid collecting it again, but there will be times when we ask you to confirm that your information remains up to date.

We are Monument Bank Limited, registered in England (10921940) and our registered office is 33 Cavendish Square, London, W1G 0PW. We are registered with the UK Information Commissioner's Officer (ICO) as a data controller (Registration number ZA475288). We are the controller and responsible for your personal data.

Our approach to privacy

We appreciate the value of your personal information. We respect your privacy and reflect that in the way we handle and protect your data.

By using or accessing www.monument.co and any of its pages ("Website"), you agree to the collection, use and disclosure of information in accordance with this Privacy Notice. This may change from time to time so please check this page periodically for updates, as any changes may become effective immediately.

We will never send you direct marketing without your permission. We will seek your permission and you will always have the option to 'opt-out' or change your preferences.

When you visit our Website we will use cookies, so please ensure you have read our Cookie Policy.

Please also review our Website Terms which set out the terms on which we allow use of our Website.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We keep our Privacy Notice under regular review. This page was last updated on 13 September 2021.

What personal information do we collect?

Summary: We may collect, use, store and transfer information about you through our interactions. For example, when visiting and using our Website, and if you get in touch with us by e-mail or other channels. The type and volume of information we collect will depend on the nature of our interaction and can include personal information.

The details:

  • We may collect, use, store and transfer different kinds of personal data about you. Personal data is any information that we can use to identify you for example your name, date of birth or address. It does not include data where the identity has been removed (anonymous data).
  • We may collect the following data:
    • Basic Personal information. Including first name, last name, address, and date of birth.
    • Contact information. This includes email address, telephone numbers, any other electronic communication and address documents for individuals such as directors, authorised signatories or representatives, and ultimate beneficial owners and trustees.
    • Financial information. This includes your bank account details.
    • Profile information. includes your username and password, your interests, preferences, feedback and survey responses.
    • Due diligence information. This includes documentary evidence we may ask you to provide and information from investigations we conduct such as due diligence checks, sanctions and anti-money laundering checks. For investors, it may also include information about your financial position, status and history, including your tax residency and the source of funds and wealth.
    • Third Parties information we receive from other sources. We are working closely with third parties (including, for example, business partners, suppliers, sub-contractors, analytics providers, and search information providers) and may receive information about you from them.
    • User research data. Information about your financial experience disclosed though your participation in a research study.
  • There may be times when the information we collect, use, store or transfer about you includes sensitive personal data, such as information relating to racial or ethnic background, criminal convictions or legal proceedings. We will only hold this data when we need to for the purposes of the product or services we provide or where we are legally required to do so. We will always seek your explicit consent to process sensitive personal data.
  • Personal information that we will collect to perform our due diligence on investors prior to accepting funds and as part of our ongoing relationship may be shared with fraud prevention agencies. They will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found in Section "Where do we collect your information from?" below.
How we use this information and why?

Summary: We collect and use your data to engage with you either as an investor, supplier, business contact/'Friend' of Monument. In all circumstances, we will comply with data protection laws.

The details:

  • Applicable Data Protection and Privacy Legislation requires that we ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights.
  • We will only process your personal data:
    • to fulfil a contract with you (this includes any steps prior to entering a contract), for example:
      • to be able to provide information about our company and the details of any potential or actual investment;
      • to be able to contact you to arrange provision of share certificates and investor updates;
      • to gather information about supplier services to engage contractually;
      • to manage contracts and communicate with suppliers regarding contracts and the performance of contracts;
    • to meet our legal obligations, for example:
      • to assist with the prevention of fraud and money laundering, and to verify your identity when required;
      • to fulfil our regulatory obligations and business requirements by keeping records of calls, correspondence and our business activities and archiving and backing up data;
      • to meet tax, legal, regulatory and auditing obligations;
    • for our legitimate interest (or those of a third party), when this does not override your privacy rights, for example:
      • to respond to any questions and queries you may have when you contact us;
      • to improve our Website's performance, security and functionality in order to enhance your browsing experience;
      • to prevent fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us;
      • to support in the development of our staff so that we can maintain the quality of our products and services;
    • if we have your consent, for example:
      • to keep you up to date with our latest news and updates including introduction of new products and services, should you wish to stay in touch;
      • to send out regular surveys to gather feedback from our target client market;
      • to administer a contest, promotion, survey or other feature;
      • to conduct user research interviews, which may include audio recordings. The records from this study will be kept in a confidential manner as required by law. We anonymise all our notes, which means that your personal data will not be linked with the notes we take. We may also publish research reports that include your comments, but no personal data will be included or disclosed without your express consent;
    • where necessary to protect the vital interests of you or of another natural person. We do not anticipate processing your personal data routinely on this basis, however there may be rare occasions where it is necessary to process your personal data to protect someone's life.
  • In some instances, it may be appropriate for us to combine your information with other information that we may be holding about you, such as combining your e-mail address with your browsing history.
  • If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services, financing or in the future employment to you, or we may stop providing existing services to you.
  • A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, servicing or employment to you. If you have any questions about this, please contact us at service@monument.co.
Where do we collect your information from?
  • We may use different methods to collect or receive your information including:
  • When you visit our Website
    • if you sign up to receive updates from us;
    • through cookies.
  • From other third parties that are acting on your behalf.
  • If you attend any of our events.
  • From other organisations such as fraud prevention agencies, providers of identity and verification checks, security providers, data aggregators, comparison websites.
  • When you write to us by letter, e-mail, chat or contact us by telephone.
  • Where you provide information about other people to which you are financially linked.
  • When we search public sources, such as the internet or news reports, social networks, the electoral register and Companies House.
  • If you take part in a competition or promotion.
  • Information we get from analysing your financial situation.
  • If you participate in our surveys or research, including remote or face to face interviews.
  • Our third-party business partners, including RELX (UK) Limited, trading as LexisNexis ("LexisNexis"), may provide us with your personal information in order to enable us to conduct background checks and screening activities, comply with our legal obligations and for other purposes as described in this Privacy Notice. LexisNexis is responsible for any personal information which they may collect and hold about you until it is received by us. To learn more about how LexisNexis collects and uses your personal information, please see their privacy policy at https://www.lexisnexis.com/global/privacy/en/article-14-bis.page.
Who do we share your information with?

Summary: In order to comply with our legal and regulatory obligations or to perform research , we may need to share your data with other people and businesses that assist us. We may also need to share your data in order to identify potential financial crime or where we are under legal or regulatory obligation to do so.

We do not sell your information to any third party organisations.

The details:

  • We may disclose your personal information to:
    • Fraud Prevention Agencies;
    • Know your customer (KYC) service providers including to verify your identity;
    • Third parties you give us permission to share it with;
    • Suppliers that are required for the functionality of our Website;
    • UK Companies House;
    • HM Revenue and Customs, government, legal, regulatory and other statutory bodies and authorities;
    • Market research agencies acting on our behalf, in order to gather your input to surveys;
    • Anybody else that we've been instructed by you to share your information with,
    • Cloud computing power and storage providers;
    • Google analytics, provided we have your consent to store cookies;
    • Software companies who power our technology and enable us to deliver our products and services;
    • Companies that help us with functional analytics (to help us solve technical issues with the Website for instance);
    • Our professional advisors, regulatory authorities and auditors.
  • We may also share your information with other organisations if we sell, transfer, or merge parts of the business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this privacy notice.
  • Where we share your data, we will take reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under relevant Data Protection Legislation.

Fraud prevention agencies

  • In some situations, the personal information we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.
  • Fraud prevention agencies like Cifas, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
  • Where we share personal data about you with Cifas, it will process that personal data in accordance with its Fair Processing Notice, a copy of which can be found at: https://www.cifas.org.uk/fpn.
  • Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.
Where do we store your information?

Summary: We try to ensure that we do not store your information outside the UK and EEA, however, sometimes this is not possible.

The details:

  • If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the Data Protection Legislation. Such steps may include, but not be limited to, legally binding contractual terms between us and any third parties we engage with and the use of the standard contractual clauses.
  • By giving us your personal data, you agree to this arrangement.
Data security

Summary: Data security is of great importance to us, and to protect your data we have put in place strict procedures and security features to try to prevent unauthorised access.

The details:

  • We have put in place strict procedures and appropriate security features to try to prevent unauthorised use of or access to your data and to prevent your personal data from being lost. This includes physical, electronic and managerial procedures to safeguard and secure data collected, including back up procedures, usernames and passwords. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality and, where applicable, data processing agreements.
  • We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
  • Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure. You are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.
How long do we store your information?
  • Our policy is to store personal data for no longer than needed for the purposes for which we collect it; unless we are required to keep it for a longer period of time to ensure we comply with our legislative and regulatory requirements as a bank. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
  • This means the exact length of time will depend on our relationship and the type(s) of interaction we are involved in:
    • If you browse our website, we will hold your cookie data for a maximum of 90 days.
    • If you participate in our research and surveys, we will hold your information for as long as you continue to do so and for a maximum of 6 months after you unsubscribe.
    • If you subscribe to our updates, we will ask for subscription renewals every 2 years. If we do not hear from you, we will take reasonable steps to delete your data as soon as we can.
    • If you participate in a recorded research interview, we will hold the audio recording for a maximum of 6 months.
    • If you have e-mailed us for feedback or to inquire about a particular matter, we will hold your personal information for a maximum of 6 months since our last interaction.
    • If you are a supplier, we will hold your data for 6 years from the end of a contract and 12 months for those with whom we didn't contract.
    • If you are a investor/shareholder, we keep personal details on our shareholder register for 10 years after you have ceased to be a shareholder/investor to comply legislative and regulatory requirements.
    • If you are a Business contact/'Friend' of Monument, 6 months after you unsubscribe.
  • Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
  • In some circumstances you can ask us to delete your data: see Section "Your rights" below for further information.
  • In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your rights

Summary: You have certain rights under data protection legislation. This includes the right to request access to your information, to manage it and to request us to delete or transfer information about you or restrict the way it is used. You also have a right to complain. To do any of these things, please contact us by e-mail on service@monument.co. Please also contact us whenever your circumstances change – having accurate data enables us to manage your personal data in the most appropriate manner

The details:

  • You may unsubscribe at any time using the email address provided above.
  • Under data protection legislation you have the right to:
    • request access to, deletion of or correction of, your personal data held by us at no cost to you;
    • request that your personal data be copied or transferred to another person (data portability);
    • be informed of what data processing is taking place;
    • restrict processing, for example, withdrawing any consent you have given us;
    • object to processing of your personal data;
    • complain to a supervisory authority; and
    • ask a member of staff to review a computer-made (automated) decision.
  • You have the right to ask us not to process your personal data for marketing purposes and in certain other 'legitimate interest'; circumstances. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
  • Please note that there may be a few circumstances where we cannot 'delete' or block your data, for example:
    • where we are required to retain it by law;
    • where we have shared your information with UK Companies House as a shareholder;
    • where your information may be impossible to permanently delete. If this is not reasonably possible, we will put that information beyond reasonable use; and
    • where you have shared your information with others and therefore made it public.
  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to contact us or make a complaint?

If you have any questions about this Privacy Notice or any of our privacy practices, the personal data we hold on you, or you would like to exercise one of your legal rights in relation to your personal data, please do not hesitate to contact us on service@monument.co.

If you have a complaint about how we use your personal information, we will do our best to fix the problem. If you are still not happy, you can refer your complaint to a data protection supervisory authority in the EU, country you live or work, or where you think a breach has happened. The UK's supervisory authority is the Information Commissioner's Office (ICO). For more details, you can visit their website at ico.org.uk.

For the purposes of the data protection laws, the data controller is Monument Bank Limited, company number 10921940, and we have our registered office at 33 Cavendish Square, London, W1G 0PW.