Data Privacy Policy
This page outlines the data processing procedures and policies for Moneydero that provides cross-border payments and foreign exchange services. As a company we are committed to meeting all applicable laws and regulations regarding data protection and privacy.
Data Collection and Use
We collect personal data from our customers as part of our Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) processes, as required by UK financial regulations. This includes information such as:
- Name
- Address
- Date of birth
- Government identification numbers
- Proof of identity documents
We use this data solely for the purposes of verifying customer identities, conducting due diligence, and complying with our legal obligations. We do not sell or share this data with third parties for marketing or other commercial purposes.
Data Security
We employ robust security measures to protect the personal data of our customers, including:
- Encryption of data in transit and at rest
- Access controls and authentication requirements
- Network monitoring and threat detection
- Regular security audits and penetration testing
All our systems and processes adhere to industry best practices for data security and privacy protection.
Incident Response Plan
In the event of a data breach or security incident involving personal data, we have an established Incident Response Plan that includes:
Activation of the Incident Response Team
Containment and recovery procedures
Risk assessment and notification protocols
Investigation and root cause analysis
Implementation of remediations and process improvements
Our plan aims to minimise impacts, ensure timely notification to affected individuals and authorities where required, and prevent recurrences.
Data Retention
We retain customer personal data only for as long as necessary to fulfil legal and regulatory requirements, as well as for the establishment or defence of legal claims, if applicable. Our data retention periods are:
- Transactional data: 5 years
- KYC and due diligence data: 5 years after account closure
After these retention periods, all personal data is securely deleted or destroyed.
Individual Rights
Our customers have the following rights regarding their personal data that we process:
- Right to access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
We have established procedures for customers to exercise these rights in compliance with UK data protection laws.
Data Privacy Impact Assessments
We conduct Data Privacy Impact Assessments (“DPIAs”) for any new processing activities, products or services that may result in a high risk to individual privacy rights and freedoms. The DPIAs involve:
Describing the processing operations
Assessing necessity and proportionality
Identifying privacy risks
Determining risk mitigations
Documenting approvals
DPIAs are an integral part of our Privacy by Design approach.
Privacy by Design
Privacy and data protection are core considerations in our product development and engineering processes. We follow the principles of Privacy by Design, conducting Data Protection Impact Assessments for new products and services that involve the processing of personal data.
Third-Party Processors
In certain cases, we may use third-party service providers for data processing activities. We conduct thorough due diligence on all such vendors and require adequate security and privacy safeguards through contractual agreements.
Oversight and Governance
Our data processing activities are overseen by a designated Data Protection Officer and governed by our internal policies aligned with UK data protection laws. We regularly train employees on privacy and security practices.
Questions and Concerns
Customers with questions or concerns about our data processing practices can contact our Data Protection Officer at: info@moneydero.com.
This policy is reviewed and updated annually or whenever there are material changes to our practices, products, or services that affect personal data processing.