Date amended: 7th September 2022
- Who we are
- The data we hold on you
- How we use your data
- Who we share your data with
- How we keep your data secure
- How long we store your data for
- Your rights & how to make a complaint
- Process for changing this policy
We ask that you read this Policy carefully as it contains important information about what to expect when we collect your personal data and how we use your personal data. Mintago provides various services, so depending on what your agreement is with Mintago, not all of the below may apply to you. Your use of the Mintago Platform is also governed by our Terms and Conditions. Please ensure you read the Terms and Conditions relevant to the service that we provide you as well as this Policy. By registering with the Mintago Platform, you agree to us collecting and utilising your data in accordance with this Policy. If you do not agree with this Policy, please do not use the Mintago Platform. Where we require your consent to comply with the Data Protection Act 1998 (“DP Law”), for example, for the transfer of data outside UK and EEA, we will ask for this separately.
We would like to highlight that:
- Through the use of the Mintago Platform you will be able to provide us with your financial information in various ways, all of which will be at your full discretion and can be deleted at anytime at your request.
- Mintago does not store any bank account details or any account details associated with any financial institution that you choose to add to the Mintago Platform.
- No personal identifiable data is shared with third parties (including your employer) without your consent.
- Aggregated data that we collect, use and share is not associated with any personal identifiable information and is summed and categorised in a way to ensure the identities of users are not directly or indirectly revealed.
- We will never share aggregated data with any parties that look to reverse engineer aggregated data or in our view do not serve the best interest of our users.
- All critical data are encrypted with a 2 key base64 AES encryption methodology and not accessible over a public network.
Who we are
We are Mintago Limited (“we”, “our”, “us”) and operate under the name of Mintago.
We’re committed to protecting and respecting your privacy. If you have any questions about your personal information please chat with us by emailing us at email@example.com, or by writing to us at Mintago, Finchley Park, Emmet Hill Lane, Laddingford, Kent, ME18 6BG.
For the purposes of processing the personal data described in this Policy, we are the data controller (as defined in the Data Protection Act 1998).
We are registered with the Information Commissioner’s Office under number ZA555904
Mintago Limited provides you with regulated account information services as an agent of Plaid Financial Ltd., an authorised payment institution regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Firm Registration Number: 804718) for the provision of payment services, including account information services.
The data we hold on you
Information you may choose to give to us
We ask for and collect basic personal information as part of creating your user account with Mintago. You may also choose to provide us with additional personal information in order to obtain a better user experience when using the Mintago Platform. When providing this additional information you are giving us consent to process and store the information to utilise the full benefit of the Mintago Platform. When using our pension hunting service, in addition to collecting personal information, we will also collect information on your historic employment and pension details
- Information when creating a user account – When you sign up to the service and provide details such as your name, email, date of birth, and address.
- Financial information – When unlocking the potential of Mintago’s financial insights to your personal circumstances, you may choose to provide information about your financial position via linking your bank account or other accounts you
hold at other financial institutions via open banking or by adding these details manually.
- Details about your transactions – Through linking your bank accounts via open banking to the Mintago Platform, details about payments to and from you data in respect of your transactions with third parties.
- Information from pension providers or online accounts – Information from any accounts that you share with us.
- Pension hunting information – Details of previous employment and personal details such as your name, date of birth, address and national insurance number.
- Other information – You may otherwise choose to provide us information when you fill in a form, respond to surveys, post to community forums, participate in promotions, update or add information to your Mintago account, or use other features of the Mintago Platform.
In addition to the personal data that we collect directly from you (as described above), we may also collect certain of your personal data from third party sources and combine that with information we collect through the Mintago Platform. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.
- Your employer: The Mintago Platform is provided to you via your employer. As part of the provision of this service the employer would be required to share your name and contact information.
- Financial service providers: Certain features of the Mintago Platform would require your financial information held by third party financial service providers to be collected by Mintago, should you want to optimise the features being provided. You will be asked to provide explicit permission before this occurs.
- Third Party Services: If you link, connect, or login to your Mintago Account with a third party service (e.g. Google, Facebook), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
- Background Information: To the extent permitted by applicable laws, Mintago may obtain reports from public records of criminal convictions or sex offender registrations. For Members outside of the United Kingdom, to the extent permitted by applicable laws and with your consent where required, Mintago may obtain the local version of police, background or registered sex offender checks. We may use your information, including your full name and date of birth, to obtain such reports as part of any regulatory and compliance requirements.
- Other Sources: To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the Mintago Platform through partnerships, or about your experiences and interactions from our partner ad networks.
Information we automatically collect from your use of the Mintago Platform
When you use the Mintago Platform, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Mintago Platform.
- Geo-location Information: When you use certain features of the Mintago Platform, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. Mintago may also collect this information even when you are not using the app if this connection is enabled through your settings or device permissions.
- Usage Information: We collect information about your interactions with the Mintago Platform such as the pages or content you view and other actions on the Mintago Platform.
- Log Data and Device Information: We automatically collect log data and device information when you access and use the Mintago Platform, even if you have not created a Mintago Account or logged in. That information includes, among other things: details about how you’ve used the Mintago Platform (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the Mintago Platform.
- Transaction Information: If you link your accounts via open banking to the Mintago Platform, Mintago collects information related to your transactions, including date and time, payment amount, transacting parties and other related transaction details. This information is necessary for Mintago being able to provide and improve the functionalities of the Mintago Platform to you.
How we use your data
We would use your personal data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
- to maintain and improve the functionality of the Mintago Platform;
- to perform any contract we may have in place with you;
- to communicate with you including sending you notifications about your account;
- to allow us to manage your account you link or manually add through us
- to improve your user experience and to prevent abuse;
- for tax, risk management and other internal record keeping purposes;
- to respond to any questions or other matters raised by you in relation to us, the Mintago Platform or any of our products and services;
- to understand your financial situation to be able to provide you with analysis for
you to better plan your finances, goals and lifestyle;
- to understand your use of the Mintago Platform, or keep a record of your product or service preferences;
- to provide you with information regarding our partners’ products and services, where you have consented to be contacted for such purposes or it is otherwise lawful for us to do so;
- to share with our partners only when you have provided consent for Mintago to do so;
- to make offers and market new products that may be of interest to you;
- to develop new ways to meet our customers’ needs and to grow our business;
- to develop and carry out marketing activities;
- for compliance with legal, regulatory and other good governance obligations; and
- for any other purposes related to the management of your legal relationship with us
Account Creation and Transfer
- Data types used: Information submitted through our app or website
- Why we use it: To register you as a new user, tailor the services that we provide you, and transfer your data to a third party, subject to your permission.
- What is our legal basis: Performance of a contract with you.
- Data types used: Information submitted through our app or website, Information on how you access our services and details about your financial information
- Why we use it: To keep our app, our services and associated systems operational and secure. To keep your data and identity secure.
- What is our legal basis: We have a legitimate interest in ensuring the ongoing security and proper operation of our services, app, website and associated IT services and networks.
- Data types used: Information on how you access our services
- Why we use it: To track issues that might be occurring on our systems
- What is our legal basis: Performance of a contract with you so that we are able to monitor and ensure the proper operation of our platform and associated systems and services.
Optimisation and Analytics
- Data types used: Information submitted through our app or website, Financial information, details about your transactions with us, financial information on how you access our services and information from social networks or online accounts
- Why we use it: To understand and measure how users use our Platform to improve it accordingly, and report relevant aggregated management information.
- What is our legal basis: We have a legitimate interest in ensuring the proper operation of, and improving, our services, website and associated IT services and networks.
Through Mintago you are able to access third party financial advisers and experts. Mintago does not have any control over or responsibility for how these professionals will use the data you provide to them and the advisory services they will be conducting for you.
We may convert your personal data into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis (which may include sharing with third parties) to improve the Mintago Platform and/or our products and service.
Anonymised aggregated personal information does not personally identify you or any other user of the Mintago Platform and is therefore not personal data.
Should we want or need to rely on consent to lawfully process your data we will request your consent through the app,orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time
How we keep your data secure
To provide you with a better user experience when using the Mintago Platform, we may share your personal information with the various parties identified below. No personal identifiable data is shared with third parties without your consent, unless required for regulatory and compliance purposes
We may share your personal information with:
- Mintago team members (within Europe) – employees and advisers of Mintago when they need it to do their job. All such people are subject to a contractual duty of confidentiality
- KYC Processing Partners (within Europe) – we may use third party providers to process KYC checks on our behalf, in order to provide you with our services.
- Communication Partners (within Europe) – we use some third parties for communications, like in-app notifications, e-mail, chat and phone, to provide you with the best customer service possible.
- Service Provider Partners (within Europe) – we partner with various third parties to provide you with some of our services. Please ensure that you read their privacy policies and if you do not agree with their policies you are able to choose not to use their services and your personal information won’t be shared with them.
- HM Revenue & Customs, regulators and other authorities (within Europe) – Authorities may require reporting of processing activities in certain circumstances
Your personal data may be transferred by us as data controller to countries and territories outside the UK and the European Economic Area which do not have the same level of protections for personal data as apply in the UK. We are required by the DP Law to ensure that there are adequate protections for it in those other countries and territories.
If we do transfer your personal data outside the EEA, we will make sure that it is protected to the same extent as in the EEA. We’ll use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA
How we keep your data secure
We have put in place appropriate security measures (Amazon Web Services Cognito) to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. Accounts will be password protected and this will be required each time the user logs in. The data that we collect from you is stored on Amazon Web Services (AWS) servers within the European Economic Area (”EEA”).
All data is stored on AWS and critical data are encrypted with a 2 key base64 AES encryption methodology.
We have put in place procedures to deal with any actual or suspected personal data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your personal data.
How long we store your data for
We will only retain your personal data for so long as we reasonably need to use it for the purposes set out in ‘How we use your data’, for the purposes of satisfying any
legal, accounting, or reporting requirements. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes, and we may also use such data to enable us to respond to any future complaints, or to share information with the Financial Conduct Authority who regulate us.
On what legal basis do we process your data
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we have entered into an agreement with you or your organisation or any other contract to provide services to you.
We will rely on legal obligation if we are legally required to hold information on to you to fulfill our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to share your details with third parties not already included in our agreement with you or your organisation or any other agreement to provide services to you.
Our Legitimate Business Interests:
We have a number of lawful reasons that mean we can use your personal information, including your consent, where you give it. One lawful reason is something called ‘legitimate interests’. In general terms, “Legitimate Interests” means we can process your personal information if:
- We have a genuine and legitimate reason; and
- We are not harming any of your rights and interests.
Your rights & how to make a complaint
By law you have the right to:
- Access the personal data we hold about you, or to get a copy of it.
- Make us correct inaccurate data.
- Ask us to delete, ‘block’ or suppress your data, though for legal reasons we might not always be able to do it.
- Object to us using your data for direct marketing and in certain circumstances ‘legitimate interests’, research and statistical reasons.
- Withdraw any consent you’ve previously given us. Please be aware that if you
withdraw your consent, we may not be able to provide certain products or
services to you. If this is the case, we will tell you.
- Question any information we have about you that you think is wrong or
- Request the transfer of your personal information to another party in certain formats, if practical
To do so, please email us on firstname.lastname@example.org
How to make a complaint
If you would like to make a complaint, please contact us at: email@example.com. We will reply to your complaint as soon as we can and do our best to fix the problem.
If you are still not happy, you can refer your compliant to our lead supervisory data protection authority, Information Commissioner’s Office (ICO).
Process for changing this policy
We may change this policy from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We will update the date at the top of the policy accordingly. We encourage you to check this policy for changes when you revisit the Mintago website.