EMERALD FINANCIAL GROUP (UK) LTD (reg. No. 11557885) is a UK authorised electronic money institution (FRN 900908) since 1st May 2019. We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO) under number CSN5526515.
This notice explains how and why we use your personal information when you open an account and use our app, card, or services for account holders.
Information EMERALD collects and holds about you and how this information is used
Information you provide us via the EMERALD app
- Information you provide when applying for an account with EMERALD (your name, surname, address, contact information, place and date of birth, tax residency, identification document, information on source of income, etc.).
- A short video of yourself and your selfie, which you provide as part of the on-boarding process.
- The log in credentials and settings you choose for your app and card.
- Information you give us through the EMERALD app when you contact us.
- Answers you give to surveys so we can improve our services.
Information EMERALD collects if you get in touch
If you use other ways to get in touch than the EMERALD app, we collect the following information so we can answer your questions or take action:
- The phone number you’re calling from and information you give us during the call.
- The email address you use and the contents of your email (and any attachments).
- Public details from your social media profile (like Linkedin) if you reach out to us via these platforms, and the contents of your messages or posts to us.
Information we collect when you use the app and our services
We collect this information to give you services in a safe and lawful way, and to keep improving them. This includes:
- details about payments to and from your EMERALD account;
- details about how you use our app;
- all the countries you’re a tax resident in and your Tax Identification Number for each one.
Information we collect from your phone and PC
- The mobile network and operating system you use, so we can analyse how our app works and fix any issues.
- Your IP address and device ID for security reasons (we’ll link your mobile phone number with your device).
Information we obtain from external sources
When you apply for our services, we search your records at fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal obligations.
We may also collect information about you from public sources for AML reasons or market research. This includes:
- official public records, like Companies’ House;
- information published by the press or on social media.
Legal basis for collecting and processing your information
European data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal obligation, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.
We need to use your data for a contract we have with you, or to enter into a contract with you. We use details about you to:
- consider your application;
- give you the services we agreed to in line with our terms and conditions;
- send you messages about your account and other services you use if you get in touch, or we need to tell you about something;
- exercise our rights under contracts we’ve entered into with you;
- investigate and resolve complaints and other issues.
We need to use your data to comply with the law. We:
- confirm your identity when you sign up or get in touch;
- check your record at immigration and fraud prevention agencies;
- prevent illegal activities like money laundering, tax evasion and fraud;
- keep records of information we hold about you in line with legal requirements;
- adhere to applicable laws and regulations (according to which we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties);
- compare information we hold about your account with your tax residency information to make sure we don’t have a reason to doubt it.
When it’s in our “legitimate interest”. We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights. We:
- tell you about products and services through the app or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We do this so we can make sure our marketing is useful. That includes instructing platforms to show or not show EMERALD adverts to existing customers. We don’t share any identifying information with social media companies other than your mobile advertising ID. You can disable or reset your mobile advertising ID in your device’s operating system;
- provide you with transaction reports;
- track, analyse and improve the services we provide to you and other customers and how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can make our products better and understand how to market them;
- protect the rights, property or safety of us, our customers or others;
- carry out security and maintenance checks to make sure our app and other services run smoothly for you;
- manage EMERALD’s business risk and financial affairs and protect our customers and staff.
Consent. We’ll ask for your consent to share information about you with companies we work with when we need your permission (see “Who we share your data with” below).
You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of our services.
Parties EMERALD shares your information with
Companies that provide services to us.
Here we mean companies, that help us provide services you use and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name):
- companies that make EMERALD cards;
- card producers and networks, like MasterCard;
- Know Your Customer (KYC) and Anti-Money Laundering (AML) service providers that help us with identity verification or fraud checks like Onfido, LexisNexis;
- cloud computing power and storage providers like Amazon Web Services (AWS) and Google Cloud;
- companies that help us with technical support;
- companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
- software companies that we use for emailing you;
- companies that offer benefits or rewards through special programmes you sign up to via the app.
Anyone you give us permission to share it with.
We tell you in the app, when we need your consent to share your data with:
- other banks if you use account switching or aggregation services;
- people you’ve asked to represent you, like solicitors.
Law enforcement and other external parties.
We may share your details with:
– authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons;
– the police, courts or dispute resolution bodies if we have to;
– other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment;
– any other third parties where necessary to meet our legal obligations.
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
How long we keep your information
EMERALD will hold your personal information for no longer than reasonably necessary – not more than 6 years from the moment we establish business relationship with you, except in cases where there is a legal reason to hold it longer (e.g., due to AML reasons, claims, initiated court proceedings).
To establish how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
You have a right to:
- access the personal data we hold about you, or to get a copy of it;
- ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else;
- make us correct inaccurate data;
- ask us to delete, ‘block’ or suppress your data, though for legal reasons we might not always be able to do it;
- say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances;
- withdraw any consent you’ve given us;
- ask a member of staff to review a computer-made (automated) decision.
To do any of these things, please contact us by emailing email@example.com. As per European data protection laws, we will respond you in a months’ time.
Where EMERALD stores and send your data
We may transfer and store the data we collect from you to organisations outside the European Economic Area (EEA). When we do this, we make sure that your data is protected and that:
- the European Commission says the country or organisation has adequate data protection, or
- we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
How EMERALD protects your personal data
EMERALD complies with its obligations under the applicable data protections laws by:
- keeping personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data;
- protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organizational measures are in place to protect personal data.
How to make a complaint
If you have a complaint about how we use your personal information, please contact us through the app or send an email to firstname.lastname@example.org and we’ll do our best to fix the problem.
If you’re still not happy, you can refer your complaint to a data protection supervisory authority in the EU country you live or work, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
Changes to this Policy