Frost Money Ltd, trading as Frost, respects your privacy and is committed to protecting your personal data.
This statement is designed to provide information for you as to how we look after your personal data when you visit our website or through the use of our mobile App. Further this policy will inform you of your rights regarding your personal data and how the law protects your personal data.
The meaning of words used throughout this policy can be found in the glossary section of this policy.
We are Frost Money Ltd (we, us, our) and we operate under the trading name of Frost.
We are a company incorporated in England and Wales. Our registered address is 3rdFloor, Oakland House, Talbot Road, Manchester, M16 0PQ and our company registration number is 12231881.
We are the data controller for any personal data that you supply to us using this website, or through the use of our App.
Personal data is any personal information about a person from which that person can be identified. If a person cannot be identified from the information then it is not personal data (for example data where identity has been removed and has been anonymised).
For more information on data is considered to be personal data, please visit the website of the Information Commissioner's Office at www.ico.org.uk
If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this policy to their attention beforehand.
All personal data is collected in order to enable us to provide you with the best services. The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn
If you fail to provide personal data by law or under the terms of any contract with us despite us having requested it then we may not be able to perform the contract we have with you or the contract we are trying to enter into with you.
If we are unable to perform our contract or enter into a contract with you, we may take the decision to cancel our services with you. Should we cancel our services, we will notify you accordingly.
Whilst we hold the above information about you, it is your responsibility to ensure that the information that we hold about you is correct. Should you wish to request any changes to personal data that we hold about you, you may contact us. Our contact details are within section 8 “HOW TO MAKE A COMPLAINT”.
We will use the information you give us to keep you up-to-date with what's happening, to provide you with the services you have agreed to and to comply with applicable laws and regulations.
We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.
We need certain personal data to provide our services and cannot provide them without this personal data.
In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).
We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy. For example, the personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Where you've agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
Where we process your sensitive personal data (sometimes known as special category personal data) to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.
In this table you will find some examples of how we use your data and what legal basis we rely on:
USE |
LEGAL BASIS |
Our ProductsWhenever you sign up with Frost, apply for or use a product or service, we'll use your personal data to:
|
Legal obligations Legitimate interest Keeping to our contracts and agreements with you |
Fraud PreventionWe use your personal data for the following purposes at Frost:
|
Legitimate interest Legal obligations |
Statistical DatasetWe prepare anonymous statistical datasets about our customers' spending patterns at Frost for the following purposes:
For example, the FCA requires us to provide them with some statistical data. |
Legal obligations Legitimate interest |
Technical PurposesAt Frost, we use your personal data for various purposes, including managing our website and Frost app. This involves troubleshooting, data analysis, testing, research, statistical, and survey purposes, to ensure that the content is presented in the most effective way for you and your device. We also use your personal data for the following:
|
Legal obligations Keeping to our contracts and agreements with you Consent (if required) |
P2P PaymentsAt Frost, we use your personal data to enhance social interactions through our services and provide a better user experience by offering additional functions. For instance, if you grant us permission, we may utilize the contacts list on your phone to allow you to conveniently make payments or send messages to your contacts using the Frost app. |
Legitimate interest Consent (if required) |
MarketingAt Frost, we use your personal data to achieve the following:
|
Legitimate interest Consent (if required) |
Meet our Legal Obligations and other Legal UsesAt Frost, we use your personal data for various purposes, such as:
You can find out more in the "5. WHO WE SHARE YOUR PERSONAL DATA WITH " section below. |
Legal obligations Legitimate interest Substantial public interest |
We may share your information when is essential for the running of the Forst platform. We share your information with:
Frost or fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
We generally process your information through servers in the EEA and normally store it for six years.
We process your information and store it on servers managed by our hosting providers. Those servers are located across a number of secure data centres in the EEA.
Unfortunately, the transmission of your information via the Internet can never be completely secure. Although we will do our best to protect your information, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have the right to ask a member of staff to review an automated decision.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
You have various rights under data protection laws in relation to your personal data which may be exercised in certain circumstances. Your rights include being able to:
You have also the right to ask a member of staff to review an automated decision.
If you wish to exercise any of the rights set out above, please contact us. Our contact details can be found in the section “HOW TO MAKE A COMPLAINT”.
Should you have any further questions regarding your rights, you should seek the advice of a qualified legal practitioner or advice from the Data Protection Supervisory in your country (if you are accessing this website outside of the United Kingdom). If you are accessing this website within the United Kingdom, more information about your rights can be obtained from the Information Commissioner's Office.
Fees
You are not required to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a fee if your request is one which is unfounded, repetitive or excessive.
If your request is unfounded, repetitive or excessive in addition to being able to charge a fee for complying with your request, we also have to ability to refuse to deal with your request. Should we choose to refuse to deal with your request, we will notify you accordingly.
What we need from you
In addition to a fee, if any, we need documentation from you to enable us to confirm your identity in order to assist us with enabling you to access any of your rights in relation to your personal data. Such documentation to include (1) photographic identification and (2) a document displaying your residential address dated within the period preceding 3 months of your request.
By providing us with the relevant documentation to confirm your identity, you are enabling us to ensure that your personal data is not being disclosed to anyone who is not entitled to it.
We may ask for further information from you to enable us to speed up our response in relation to your request to exercise any of your rights.
Time limits
We try to respond to all legitimate requests from a person to exercise their rights within 30 days. Although please be mindful that it may take us longer to deal with your request if your request is particularly complex or you do not supply us with any documentation and or information that we may request from you.
If we are unable to respond to you within 30 days, we will notify you accordingly.
If you have a complaint about how we use your personal information, please do so using any of the below methods.
By post to:
Frost Money Ltd
3rdFloor, Oakland House
Talbot Road
Manchester
M16 0PQ
If, following our review of your complaint, you are still not happy then you can, if you are based in the United Kingdom, contact the UK's data protection supervisory – The Information Commissioners' Office (“ICO”).
More details about the ICO can be found on their website at ico.org.uk.
If you are not based in the United Kingdom you should refer your complaint to your relevant country's data protection supervisory authority, if any.
You do not have to approach us in the first instance before you contact a Data Protection Supervisory Authority if you have any concerns about how we use your personal data. However, we ask that you approach us first should you have any complaints about the way we handle your data to enable us to take the opportunity to address your complaint accordingly.
We will keep this policy under review and will make any relevant updates to this policy.
If we change the way we use your personal data, we will make any relevant updates to this policy.
Any changes made to this policy will be available on this page.
We use cookies to analyse how you use our website.
For more information on cookies, please read our cookies policy.
The following terms have the meanings opposite them:
“data protection laws” means the General Data Protection Regulation (EU 2016/679) or any substantially equivalent law enacted in the UK, as applicable;
“EEA” means the European Economic Area;
“our website”, “website” or “site” means www.frost.app and all related sites;
“we”, “us”, “our” or “Frost” means Frost Money Limited;
“your information” or “information about you” means personal data (as defined in the data protection laws) about you.