Who we are
Digital Moneybox Limited, including Moneybox Mortgages Limited, is a private limited company with the registered company number 0959775 and a registered office address of 1-2 Hatfields, London, SE1 9PG.
Digital Moneybox is also registered with the Financial Conduct Authority (FCA) with the FCA registration number 712935. Digital Moneybox Limited is also registered as a Data Controller with the Information Commissioner’s Office (ICO) with registration number ZA130953.
Moneybox has appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice, including any requests to exercise your legal rights.
This privacy notice is issued on behalf of Digital Moneybox Limited. As such, any references to “Moneybox”, “we”, “us” or “our” in this privacy notice are references to Digital Moneybox Limited, which is responsible for processing your data.
What is the purpose of this document?
Moneybox is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal data about you during the recruitment process with us in accordance with the UK General Data Protection Regulation (UK GDPR).
Moneybox is a data controller, which means that we are responsible for deciding how we hold and use personal data about you. This notice applies to all candidates that apply for any role at Moneybox.
This notice does not form any part of any contract of employment or other contract to provide services and we may update this notice at any time. It is important that you read this notice so that you are aware of how and why we are using your personal data.
Data protection principles
Your personal data that we hold, in alignment with the obligations of the UK GDPR, must be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in a way that is incompatible with those purposes;
- relevant, and limited, to those purposes;
- accurate and kept up to date and kept only as long as necessary for those purposes; and
- kept securely
Specifically, Moneybox will seek to only collect the minimum amount of data required for the processing purpose agreed under the UK GDPR’s Data Minimisation principle reducing the risk of exposure or excessive collection of personal data.
The kind of information we hold about you
Your personal data is any information related to you from which you can be identified. It does not include anonymous data (i.e. where your identity has been removed). Your personal data may also include special categories of personal data that is particularly sensitive, and may include information about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health (including medical conditions and sickness records, genetic information), biometric data and criminal convictions and offences.
We will collect, store and use the following types of personal data about you:
- personal contact details such as name, title, address, telephone number and email address;
- date of birth;
- gender;
- marital status and dependants;
- National Insurance Number;
- identification document such as driving licence or passport, which include photographs;
- recruitment information, including copies of right to work documentation, references, test results and other information included in a CV, cover letter or as part of the application process;
- special category information
How is your personal information collected?
We collect personal data about our candidates through the application and recruitment process. We may also collect additional information from third parties including former employers and credit reference agencies.
How will we use information about you?
We will only use your personal data when and how the law allows us to. Most commonly we will use your personal data in the following circumstances:
- where we need to perform the contract we have entered into with you;
- where we need to comply with legal obligations;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- where we rely on your consent to contact you about future job role opportunities
Situations in which we will use your personal data
The situations in which we will process your personal information are listed in the table below, with the corresponding legal basis for such use as indicated. You will see that some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
| Use of your personal data | Legal basis for processing |
| To consider your application in respect of a role for which you have applied | Legitimate interests |
| To consider your application in respect of a future role for which you have not applied, but may be suitable for | Consent |
| To communicate with you in respect of the recruitment process | Consent |
| To enhance any information that we receive from you with information obtained from third party providers | Legal obligation
Legitimate interest |
| To conduct our background employment checks | Legal obligation |
| To make sure that you have a right to work in the UK or apply for a work visa on your behalf | Legal obligation |
| To learn about your fitness and suitability for a Senior Manager Role (where applicable and as part of the Financial Conduct Authority’s ‘fit and proper test’) | Legal obligation |
| To continuously reflect and develop our hiring practices to ensure that our processes encourage talent regardless of their background, sex, race, etc. | Legitimate interest |
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as completing the recruitment process with a view to providing an offer of employment), or we may be prevented from complying with our legal obligations (such as conducting our pre-employment background checks).
Change of purpose
We will only use your personal information for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we use particularly sensitive personal information
Use
Special categories of personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We may process special categories of data:
- in limited circumstances, with your explicit written consent;
- where we need to carry out our legal obligations or exercise rights in connection with employment;
- where it is needed in the public interest, such as for equal opportunities monitoring
- where it is needed in relation to legal claims;
- where it is needed to protect yours or someone else’s interests and you are not capable of giving consent or where you have already made the information public;
- for legitimate business activities with the appropriate safeguards
We will use your sensitive personal data in the following ways:
- making accommodations during the interview process
- equal opportunity monitoring
Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our legal or regulatory obligations and provided we do so in line with our interview process.We will hold information about criminal convictions, however we will only collect information about criminal convictions during the recruitment process if it is appropriate given the nature of the role and where we are legally able to do so.We are allowed to use your personal information in this way to carry out our obligations in relation to employment law, and to satisfy particular regulatory obligations that require us to ensure our employees are fit and proper for the role. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.
Automated decision making
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Who we share your data withWe may have to share your personal data with selected third parties for the performance of any contract we enter into with you, to satisfy our legal or regulatory obligations or otherwise in our legitimate business interests. We may share your personal details with the following third parties:
- companies that help us recruit, and need to process your details. This includes recruitment agencies that help us to recruit candidates for our roles
- our background check provider, Veremark (https://www.veremark.com/legal/privacy-policy)
- our applicant tracking system, Lever (https://www.lever.co/privacy-notice/)
- the FCA and other authorities. We have a legal duty to let the FCA know about certain roles that we fill under the Senior Manager and Certification Regime
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and our privacy notice. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How we store your data
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality and integrity of your data.We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where legally required to do so.
Restricted transfers
Some of our external third parties are based outside of the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside of the EEA. Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by:
- only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government;
- using specific contracts contracts approved by the UK Government which give personal data the same protection it has in Europe (known as ‘model clauses’); or
- where we use providers based in the US, we may rely on the UK / US extension to the EU / US Data Protection Framework or Standard Contractual Clauses / International Data Transfer Agreement approved by the UK Government
Data retention
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, or reporting requirements. To consider the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any applicable legal and regulatory requirements.
Generally, we will not keep your personal data for longer than 12 months following the end of your application process. If you want us to delete your personal data sooner, you can email us at dpo@moneyboxapp.com. As part of your application we will ask you to confirm whether you want to be considered for other roles. If you agree we may contact you about other relevant roles.
Your rights
You will need to confirm your identity and ensure your right to access your personal data or to exercise any of the other rights listed below. We may also need further information from you in order to speed up your request. You will not have to pay a fee to access your personal data (or to exercise any of the other rights listed below), however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in these circumstances. We try to respond to all legitimate requests within one month, but occasionally this may take longer if your request is particularly complex or you have made a number of requests (we will notify you and keep you updated if this is the case).If you would like to exercise any of your rights at any time, please contact dpo@moneyboxapp.com.
Access to your personal data
You have the right to request access to your personal data (commonly known as a data subject access request).
Correction of your personal dataYou have the right to request a correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
Erasure of your personal data
You have the right to request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. you have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erasure your personal data to comply with local law.
Note, however, that we may not be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Objection to processing of your personal data
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Restriction of processing of your personal data
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate ground to use it
Transfer your personal data
You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdrawing consent
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Making a complaintYou have the right to contact the Information Commissioner’s Office (ICO) who are an independent body and complain to them if you are unhappy with how we have used your data. The ICO’s details are:
- Postal correspondence: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
- Website: ico.org.uk
Data Protection Officer
We have an appointed Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this notice or how we handle your personal data, please contact the DPO:
- By post: Data Protection Officer, Moneybox, 1-2 Hatfields, London, SE1 9PG; or
- By email: dpo@moneyboxapp.com
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.