We are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

We are the data controller for the personal data we collect from you in connection with your use of iSpent19’s services in the United Kingdom. This means that we are responsible for deciding how we hold and use personal information about you.

We created this App so that you can avoid the types of inabilities and frustrations that we experienced in wanting to manage bank transactions in ways personal to ourselves. Such frustrations tend to be more visible when life gets busy that renders personal finance due diligence to be done less regularly. We have summed up 19 ways where bank transactions can be managed more efficiently, by making transactions interactive. Being efficient means you can spend more time doing what you love or simply be with your loved ones.

Whether you enjoy our App in more or less use cases than the original 19 that we envisaged is not important. We hope this is a starting point that will evolve with your needs, under the following guiding principles:

• It offers you better VISIBILITY of all your daily transactions across all your bank accounts
• It gives you the CONVENIENCE you need to interact with your banking transactions where and when it happens
• It enables you to take more CONTROL over your financial matters

These are the values of User Centricity that we hope to deliver to you when you use our services. We aim to achieve them through transaction personalisation!

By providing you with our services, we will inevitably come to handle some of your personal data so that we can provide you with the best services we can. We encourage you to read this document as it makes transparent how we process your data.

You may give us personal data about you by filling in forms on, or interacting with the App, our website, or by corresponding with us by phone, email or otherwise. This includes:

• Name, address, email address and phone number
• Information we require to comply with our legal and regulatory obligations (such as “Know-Your-Customer” or KYC). This includes copies of personal identification documents (e.g. your Passport or Driving License)
• Any other personal information required to identify you and verify the information you give us.

Personal data from connected banks:

If you connect one of your banks to our App, we will collect data from your connected banks, such as:

• Bank account details such as your sort codes and account numbers;
• Information identifying the account you have with your connected bank;
• Transactions made on those accounts;
• Balances available on those accounts;
• Your direct debits and standing orders;
• We will not profile you solely on the basis of this data and we will not use this data for any other purposes than providing our services as detailed hereunder.

Personal data we collect from you:

When you use the App or our website we may collect information such as:

• location data such as IP address;
• Device details;
• Your login information;
• Information about your interaction with the app or our website;
• Information to verify the data you give us;
• Information from your phone (like contact details in your address book or photos) if you give us consent to use that data to perform particular functionalities of our app.

Contractual performance:

If you download our App and want us to deliver you our services, we can only perform these services if we can process your personal data as part of our contractual agreement as per our App Terms.

Your consent:

We rely on your consent to process and use your personal data for the following purposes:

• Using personal information we have collected to identify you and to verify your identity to validate the data we hold about you and enrich your data visibility;
• Provide information on your Accounts to allow you to interact with your transactions in ways relevant to your needs;

Legitimate interest:

We use your personal data on the basis of our legitimate interest and to your benefit so that we can:

• Deliver to you the benefit of our App and connect you to our services;
• Improve your experience of our service including bug fixing or introducing new features;
• Assess the usage of the App;
• Help us identify people like you that might enjoy and benefit from the App;
• Make a secure connection between your device, the App and our data hosting services;
• Take action if we need to defend our rights under the App Terms if you would misbehave or act in deviation of laws or regulations or our App Terms;
• Track and examine the use of the App and the website to prepare reports on its activities and analyse that data;
• Perform research and trend analysis to optimise your experience;
• Create content using some personal data that will enable us to engage with you in a relevant way;
• Engage with our users by providing relevant updates to our App and through social media or email communication channels;
• Provide more detailed information on your transactional data. e.g. a weekly or monthly summary of personalised insights;

We will always use the minimum data required and will process to the minimum extent required.

Legal obligations:

We will also process your personal data where we are under a legal obligation to do so to:

• Identify you and verify your identity to comply with our KYC obligations;
• Prevent and detect fraud, money laundering, other crime, and security issues, and to reduce iSpent19’s risks;
• Comply with laws and regulations, as well as any sector-specific guidelines and regulations;

Please be aware that if you do not want us to process the data for the purposes set out above, then we can not provide our services to you.

• Secure data storage centres located in the UK
• Identification and verification service providers who will check your identity
• Social media platforms where we will promote our App and new features
• Email services whom we may use to communicate with you
• Website and app analytics tools that will help us refine our service offerings to you and enhance your user experience

We may also share users’ personal data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing personal data with law enforcement officials, public health officials, other government authorities or other third parties as necessary to enforce our App Terms or other policies; to protect iSpent19’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services.

We may share a user’s personal data other than as described in this notice if we notify the user and they consent to the sharing. This may apply when we release new features over time where 3rd party support or involvement is necessary.

In order to prevent unauthorised access to or disclosure of it, we have put in place suitable physical, electronic and operational procedures to safeguard and secure the personal data we collect about you. In particular, we protect your personal data by deploying SSL and bank level encryption algorithms.

We will never ask for your PIN or other security credentials.

To help us protect your personal data, you agree to comply with our security policies and procedures that we notify through our App’s Terms to you from time to time. You also agree to take all reasonable steps to prevent the unauthorised or fraudulent use of your username or password, or other security credentials.

If you find out or suspect that your App’s User Login, PIN code, or Password has been lost, stolen, or someone has used it without your permission, you must tell us as soon as possible as per our App Terms.

• Authenticating users
• Remembering user preferences, usage of our services and settings
• Determining the popularity of content
• Delivering and measuring the effectiveness of advertising campaigns
• Analysing site traffic and trends, and generally understanding the online behaviours and interests of people who interact with our services
• Personalising your experience or financial product offers

We may also allow others to provide analytics services for us, to serve advertisements on our behalf across the Internet, and to track and report on the performance of those advertisements. These entities may use cookies, web beacons, SDKs, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services.

We may retain certain user data after receiving an account deletion request if necessary, such as to comply with legal requirements. A user may request deletion of their account at any time through the Settings menu in the iSpent19 App. Following such requests, iSpent19 deletes the data after 30 days as long as it is not required for further retention for purposes of regulatory, tax, insurance, litigation, or other legal requirements. Such compliance related data is retained for a minimum of 5 years after the deletion request is received.

We also retain such data for purposes of safety, security, fraud prevention and detection, and research and development. For example, if iSpent19 deactivates a user’s account because of unsafe behaviour or security incidents, iSpent19 may retain certain information about that account to prevent that user from opening a new iSpent19 account in the future.

In certain circumstances, iSpent19 may be unable to delete a user’s account, such as if there’s any unresolved claim or dispute. Upon resolution of the issue preventing deletion, iSpent19 will delete the account as described above.

Our operational teams have presence in countries outside of the EEA. All parties are bound by the same European data protection rules as we are. We also have operational procedures that restrict access by team members on a strictly “as needed” basis, hence minimising sharing of your data regardless of national boundaries.

Our App is designed to provide you with benefits in managing your bank transactions such as better Visibility, stronger Control and a great deal of Convenience, which were the reasons why we created this App. At any point, if we no longer provide you with sufficient value, we welcome your feedback so that we can improve and continue to add value. However, should you decide not to continue using our services, you can withdraw your consent by:

• Deleting one or more connected banks of yours
• Deleting your user account with us entirely
• Sending us an email with the request to be forgotten if any of the above does not work or if you cannot connect to the App.
• You have the right to object to us processing information about you where we do so on the basis of a legitimate interest. If you do exercise this right, it could mean that we may not be able to provide you with the App or any of its service functionalities at all.

You also have the right to ask us not to process your personal data for marketing purposes by unsubscribing from our mailing list.

This would not invalidate any processing of the personal data prior to your withdrawal of consent.

Right of access and data portability:

All data that you have provided us is accessible in the App.

You can request a copy of all personal data you have provided us through the App or via the email-address you have provided us at registration.

If technically possible, we will help you export this data.

We can only give you the data we hold ourselves.

Right to rectification:

You can control your data through the App. Where you cannot change this data through the App, you have the right to ask us to rectify inaccurate or incomplete personal data which we have about you.

Right to erasure:

You have the right to ask us to erase your personal data:

You can request us to delete your iSpent19 account entirely through the App. This will automatically delete all information we have about you after 30 days, provided we are not required to hold your data longer for any legal reasons.

Right to object to automated processing:

You don’t need to object because we don’t subject you to decisions based solely on automated processing which significantly affect you.

All of the above rights can be exercised subject to successful checking of your ID to ensure we will only share data with yourself.

You also have the right to complain to the privacy regulator the Information Commissioner’s Office (the “ICO”). The ICO can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: https://ico.org.uk/

We encourage users to periodically review this notice for the latest information on our privacy practices. After such notice, continued use of our services by users will be understood as consent to the updates to the extent permitted by law.