PRIVACY NOTICE

INTRODUCTION

Frost Money Ltd, trading as Frost, respects your privacy and is committed to protecting your personal data.

This statement is designed to provide information for you as to how we look after your personal data when you visit our website or through the use of our mobile App. Further this policy will inform you of your rights regarding your personal data and how the law protects your personal data.

The meaning of words used throughout this policy can be found in the glossary section of this policy.

1. WHO WE ARE

We are Frost Money Ltd (we, us, our) and we operate under the trading name of Frost.

We are a company incorporated in England and Wales. Our registered address is 3^rdFloor, Oakland House, Talbot Road, Manchester, M16 0PQ and our company registration number is 12231881.

We are the data controller for any personal data that you supply to us using this website, or through the use of our App.

2. WHAT PERSONAL DATA IS

Personal data is any personal information about a person from which that person can be identified. If a person cannot be identified from the information then it is not personal data (for example data where identity has been removed and has been anonymised).

For more information on data is considered to be personal data, please visit the website of the Information Commissioner's Office at www.ico.org.uk

3. THE PERSONAL DATA WE COLLECT

We collect information you provide when you:

fill in any forms;
correspond with us;
register to use the Frost app;
open an account or use any of our services;
take part in online discussions, surveys or promotions;
speak with a member of our customer support team (either on the phone or through the Frost app);
enter a competition; or
contact us for other reasons.

We will collect the following information:

Your name, address, and date of birth;
Your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
Your password and other registration information;
Details of your bank account, including the account number, sort code and IBAN;
Details of your Frost debit cards and credit cards (or other debit or credit cards you have registered with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card);
Identification documents (for example, your passport or driving licence), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;
Information you provide when you apply for credit, including details about your income and financial obligations;
Records of our discussions, if you contact us or we contact you (including records of phone calls);
Your image in photo or video form (where required as part of our Know-Your-Client (KYC) checks or where you upload a photo to your Frost account).

If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this policy to their attention beforehand.

All personal data is collected in order to enable us to provide you with the best services. The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn

If you fail to provide personal data by law or under the terms of any contract with us despite us having requested it then we may not be able to perform the contract we have with you or the contract we are trying to enter into with you.

If we are unable to perform our contract or enter into a contract with you, we may take the decision to cancel our services with you. Should we cancel our services, we will notify you accordingly.

Whilst we hold the above information about you, it is your responsibility to ensure that the information that we hold about you is correct. Should you wish to request any changes to personal data that we hold about you, you may contact us. Our contact details are within section 8 “HOW TO MAKE A COMPLAINT”.

4. HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU

We will use the information you give us to keep you up-to-date with what's happening, to provide you with the services you have agreed to and to comply with applicable laws and regulations.

LEGAL BASIS

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.

Keeping to our contracts and agreements with you

We need certain personal data to provide our services and cannot provide them without this personal data.

Legal obligations

In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).

Legitimate interests

We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy. For example, the personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

Consent

Where you've agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.

Substantial public interest

Where we process your sensitive personal data (sometimes known as special category personal data) to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.

In this table you will find some examples of how we use your data and what legal basis we rely on:

USE

LEGAL BASIS

Our Products

Whenever you sign up with Frost, apply for or use a product or service, we'll use your personal data to:

Check your identity and the identity of joint account holders (as part of our KYC process).
Check your address.
Decide whether or not to approve your application.
Meet our contractual and legal obligations relating to any products or services you use (for example, making payments into and out of your Frost account, withdrawing cash or making payments with your Frost card).
Help you understand your spending behaviour, how you use Frost products and services, and to help you save money (for example, by providing you with product usage and spending insights).
Provide you with customer support services. We may record and monitor any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our services, and for training and quality control purposes.

Legal obligations

Legitimate interest

Keeping to our contracts and agreements with you

Fraud Prevention

We use your personal data for the following purposes at Frost:

To check your address and identity to protect against fraud, keep to financial crime laws and to confirm that you're eligible to use our services.
To help us better understand your financial circumstances and manage fraud risks related to your Frost account.

Legitimate interest

Legal obligations

Statistical Dataset

We prepare anonymous statistical datasets about our customers' spending patterns at Frost for the following purposes:

For forecasting purposes
To understand how customers use Frost
To comply with governmental requirements and requests These datasets may be shared internally or externally with others, including non-Frost companies. We produce these reports using information about you and other customers. The information used and shared in this way is never personal data, and you will never be identifiable from it. Anonymous statistical data cannot be linked back to you as an individual.

For example, the FCA requires us to provide them with some statistical data.

Legal obligations

Legitimate interest

Technical Purposes

At Frost, we use your personal data for various purposes, including managing our website and Frost app. This involves troubleshooting, data analysis, testing, research, statistical, and survey purposes, to ensure that the content is presented in the most effective way for you and your device.

We also use your personal data for the following:

Verifying your identity if you contact our customer support or social media teams.
Allowing you to participate in interactive features of our services.
Informing you about changes to our services.
Helping to maintain the safety and security of our website and the Frost app.

Legal obligations

Keeping to our contracts and agreements with you

Consent (if required)

P2P Payments

At Frost, we use your personal data to enhance social interactions through our services and provide a better user experience by offering additional functions.

For instance, if you grant us permission, we may utilize the contacts list on your phone to allow you to conveniently make payments or send messages to your contacts using the Frost app.

Legitimate interest

Consent (if required)

Marketing

At Frost, we use your personal data to achieve the following:

Personalize your in-app experience and marketing messages related to our products and services to make them more relevant and interesting to you (where permitted by law). This may involve analysing how you use our products, services, and your transactions.
If you agree, provide you with information regarding our partners' promotions or offers that we think you might be interested in.
If you agree, allow our partners and other organizations to provide you with information about their products or services.
Measure or comprehend the effectiveness of our marketing and advertising and provide pertinent advertising to you.
Ask for your opinion about our products or services.

Legitimate interest

Consent (if required)

Meet our Legal Obligations and other Legal Uses

At Frost, we use your personal data for various purposes, such as:

Sharing it with other organizations (for example, government authorities, law enforcement authorities, tax authorities, and fraud prevention agencies)
Recovering debts from you (for example, where you hold a credit product with us or have a negative balance in your account)
Meeting our legal or regulatory obligations
Identifying and supporting vulnerable customers by analysing your behaviour in the Frost app, customer support communications, and through transactions. For instance, we try to identify whether you are potentially vulnerable so we can provide you with enhanced support. Identifying and supporting vulnerable customers is a legal requirement.
Using it in connection with legal claims
Helping detect or prevent crime.

You can find out more in the "5. WHO WE SHARE YOUR PERSONAL DATA WITH " section below.

Legal obligations

Legitimate interest

Substantial public interest

5. WHO WE SHARE YOUR PERSONAL DATA WITH

We may share your information when is essential for the running of the Forst platform. We share your information with:

Business partners, suppliers and subcontractors, social media platforms and other related service providers, with companies, organisations or individuals outside Frost (such as analytics providers) for the performance of any contract we enter into with them or you or for the uses set out in the section 4 “HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU”;
HM Revenue & Customs, the Financial Conduct Authority and other competent regulators and authorities acting as processors or joint controllers based in the UK only where we are required to report processing activities pursuant to statutory and regulatory requirements.
Third parties that provide know your client (KYC), identification verification, address verification and anti-money laundering check services;
Third party cloud computing service providers who provide essential hosting, data storage and security services for the core Frost platform;
Providers of payment processing services;
Professional advisers acting as processors or joint controllers including bankers, lawyers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
Fraud prevention agencies, in order to prevent fraud and money laundering, and to check your identity.
Law enforcement agencies, to detect, investigate and prevent crime.

Frost or fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

6. STORAGE OF YOUR PERSONAL DATA

We generally process your information through servers in the EEA and normally store it for six years.

We process your information and store it on servers managed by our hosting providers. Those servers are located across a number of secure data centres in the EEA.

Unfortunately, the transmission of your information via the Internet can never be completely secure. Although we will do our best to protect your information, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have the right to ask a member of staff to review an automated decision.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

7. RIGHTS OVER YOUR PERSONAL DATA

You have various rights under data protection laws in relation to your personal data which may be exercised in certain circumstances. Your rights include being able to:

Request access to your personal data
Request that your personal data be corrected
Request the erasure of your personal data
Object to the processing of your personal data
Restrict the processing of your personal data
Request a transfer of your personal data
Withdraw your consent

You have also the right to ask a member of staff to review an automated decision.

If you wish to exercise any of the rights set out above, please contact us. Our contact details can be found in the section “HOW TO MAKE A COMPLAINT”.

Should you have any further questions regarding your rights, you should seek the advice of a qualified legal practitioner or advice from the Data Protection Supervisory in your country (if you are accessing this website outside of the United Kingdom). If you are accessing this website within the United Kingdom, more information about your rights can be obtained from the Information Commissioner's Office.

Fees

You are not required to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a fee if your request is one which is unfounded, repetitive or excessive.

If your request is unfounded, repetitive or excessive in addition to being able to charge a fee for complying with your request, we also have to ability to refuse to deal with your request. Should we choose to refuse to deal with your request, we will notify you accordingly.

What we need from you

In addition to a fee, if any, we need documentation from you to enable us to confirm your identity in order to assist us with enabling you to access any of your rights in relation to your personal data. Such documentation to include (1) photographic identification and (2) a document displaying your residential address dated within the period preceding 3 months of your request.

By providing us with the relevant documentation to confirm your identity, you are enabling us to ensure that your personal data is not being disclosed to anyone who is not entitled to it.

We may ask for further information from you to enable us to speed up our response in relation to your request to exercise any of your rights.

Time limits

We try to respond to all legitimate requests from a person to exercise their rights within 30 days. Although please be mindful that it may take us longer to deal with your request if your request is particularly complex or you do not supply us with any documentation and or information that we may request from you.

If we are unable to respond to you within 30 days, we will notify you accordingly.

8. HOW TO MAKE A COMPLAINT

If you have a complaint about how we use your personal information, please do so using any of the below methods.

By post to:

Frost Money Ltd

3^rdFloor, Oakland House

Talbot Road

Manchester

M16 0PQ

If, following our review of your complaint, you are still not happy then you can, if you are based in the United Kingdom, contact the UK's data protection supervisory – The Information Commissioners' Office (“ICO”).

More details about the ICO can be found on their website at ico.org.uk.

If you are not based in the United Kingdom you should refer your complaint to your relevant country's data protection supervisory authority, if any.

You do not have to approach us in the first instance before you contact a Data Protection Supervisory Authority if you have any concerns about how we use your personal data. However, we ask that you approach us first should you have any complaints about the way we handle your data to enable us to take the opportunity to address your complaint accordingly.

9. CHANGES TO THIS POLICY

We will keep this policy under review and will make any relevant updates to this policy.

If we change the way we use your personal data, we will make any relevant updates to this policy.

Any changes made to this policy will be available on this page.

10. COOKIES

We use cookies to analyse how you use our website.

For more information on cookies, please read our cookies policy.

11. GLOSSARY

The following terms have the meanings opposite them:

“data protection laws” means the General Data Protection Regulation (EU 2016/679) or any substantially equivalent law enacted in the UK, as applicable;

“EEA” means the European Economic Area;

“our website”, “website” or “site” means www.frost.app and all related sites;

“we”, “us”, “our” or “Frost” means Frost Money Limited;

“your information” or “information about you” means personal data (as defined in the data protection laws) about you.