We Block Code Ltd trading as Plutus (also referred to as “we”, “us”, or “our”) are a company registered in England (Company no. 09674279). Our registered address is 184 Shepherds Bush Road, W6 7NL, London, England.
We’re committed to protecting and respecting your privacy. If you have any questions about your personal information please chat with us on our website, or email us at [email protected], or by writing to us at Plutus, 184 Shepherds Bush Road, W6 7NL, London, England.
The purpose of this policy
This policy is designed to help you understand what kind of personal data we collect in connection with our products and services and how we will process and use this information. This policy describes how we collect, use, share, retain and safeguard personal data. This policy also helps you to understand your legal rights to your personal data and explains our lawful basis for processing personal data and who to contact should you have a query on the collection and use of your personal data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, date of birth, gender, contact details, national insurance number, passport details and national identity number.
Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation. Personal data may also contain data relating to criminal convictions and offences.
Who is responsible for the use of your personal data
Our lawful basis for processing your data
We will only use your personal data where we have a lawful basis to do so. We will usually only use your data:
where it is necessary for us to enter into and/or perform a contract with you (for example, to create your account and provide our services to you).
in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, we might collect technical information about you when you visit our Website or App to improve your experience on our Website or App. Please contact us using the details below if you would like further information about this.
to comply with our legal obligations. For example, we are obligated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain personal data for a period of five years.
In some cases, where you have consented to us using your data, for example, where you subscribe to our email newsletter.
Personal data we collect from you and how we use it
To allow us to provide you with a debit card, currency exchange and digital e-wallet products and services we will collect and process personal data about you. We will collect this information when you register for our services, when you request information on our products and services, during customer events, promotions and campaigns, or when contacting us for technical assistance or for help navigating our website.
In order to process your application and before we fulfil your order and provide services, goods or financing to you, we will use the information you provided to create your account to undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. This may involve sharing your personal data with fraud prevention agencies. We will continue to carry out these checks on a regular basis while you are a customer of ours. When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
The personal data we will collect includes the following categories of personal data as outlined below:
Personal data such as an individual’s name, email, phone numbers, address, date of birth, ID document numbers such as passport, driving licence or ID card.
Data relating to criminal convictions and offences such as details on fraud and money laundering
Financial information, including account and transactional information and history
Visual images and personal appearance (such as copies of passports or real-time biometric facial scans)
Online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile app security authentication, mobile phone network information, searches, site visits and spending patterns.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, or is inconsistent with your previous submissions, or
you appear to have deliberately hidden your true identity.
You have rights in relation to automated decision making: if you want to know more please contact us using the details below.
Consequences of processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
Other than the automated processing set out above, we shall not carry out solely automated decision-making using your personal data.
When you contact us
When you contact us, we will need to collect personal data about you to verify your identity before we disclose any information to you for data security purposes. We will be unable to deal with your query unless you provide the information we request. We may also collect any other personal data you choose to provide to us when communicating with us. We will only use that personal data for the purposes of dealing with your enquiry.
Other uses of our Website or App
We will collect personal data when you first visit our website, wherewith your permission we will place a small text file which is commonly known as a cookie on your computer. Cookies are used to help identify visitors, to simplify accessibility when accessing the website and to monitor visitor behaviour when viewing website content, navigating our website and when using website features. If you have consented, we will also send our newsletter by email.
We will also collect any other personal data that you provide to us when you use our Website or App, such as when you participate in discussion boards, social media functions or competitions.
Each time you visit our Website or App, we may automatically collect the following information:
Technical information: including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, operating system and platform; and
Information about your visit, including the URL clickstream to, through and from our site (including date and time); pages, resources and/or products you viewed or searched for; page response times, errors, length of visits to certain pages, page interaction, and methods used to browse away from the page.
When we communicate with you by email, we may automatically collect the following information:
Information about your interaction with our emails, including whether you have opened the email, the number of times the email is accessed, and your interaction with email content including the links you have clicked.
We will use the above information in order:
to administer our Website/App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes to comply with our legal obligations;
to improve our Website/App to ensure that content is presented in the most effective manner for you and for your computer / device;
as part of our efforts to keep our Website/App safe and secure to comply with our legal obligations;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
to make suggestions and recommendations to you and other users of our Website/App about goods or services that may interest you or them.
If you connect or integrate any social media services with services we provide, you may receive social notifications either from us or from third party companies providing social media services on our behalf. You can manage these social notifications through changing your privacy settings on the relevant social media site or discontinuing any interaction. If you register and provide information to a forum or blog on our Website or App, the information you provide will be published and will be publicly available on our Website or App. It may also be used to address any concerns or complaints about our services directly with you if you are an account holder.
Data we share
We may share your personal data with our third-party service providers, agents, subcontractors and other associated organisations, our group companies and Affiliates in order to complete tasks and provide our Services to you on our behalf. When using third party service providers, they are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may pass your personal data to the following entities:
companies and organisations that assist us in processing, verifying or refunding transactions you make via our apps or website and in providing any of our Services that you have requested;
card producers and networks;
customer ‘interface’ providers (like the ones who manage our support platform);
companies that do advertising for us (but we won’t share identifiable personal data with third parties for their own marketing unless you give us permission, and you can opt out at any time);
anyone who you give us explicit permission to share it with;
identity verification agencies to undertake required verification checks;
fraud prevention agencies to help fight against financial crime including fraud, money- laundering and terrorist financing;
any third party as a result of any restructure, sale or acquisition of our group or any Affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law allows or requires us to do so.
Change of purpose
From time to time we may change the way we use your information. Where we believe you may not reasonably expect such a change, we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
Retaining your data
We will retain your personal data for as long as you continue to use our services. Thereafter, we may retain your information for an additional period as is permitted or required under applicable laws. For example:
If you hold an account with us, your personal data will be retained for six years after the closure of your account to comply with our obligations under anti-money laundering regulations;
If you make a complaint, your personal data relating to that complaint will be retained for five years from the resolution of that complaint to defend against legal claims; and
If you make any transactions on your account, your personal data relating to that transaction will be retained for seven years from the date of the transaction to comply with taxation and accountancy legislation.
We will take all appropriate technical, physical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data third parties.
International transfers of personal data
We will transfer your data to third-party organisations that are based outside of the country where you reside. This is commonly known as an international transfer of data. This is necessary for the purposes of administering our business and/or your products and services. These parties are not permitted to use your personal data for any other purpose than for what has been agreed with us.
In addition, these organisations are also required to safeguard your personal data through the use of appropriate technical, physical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to make copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Access Rights under the Data Protection Act 2018. The following list details these rights:
Access the personal data we hold about you, or to get a copy of it.
Make us correct inaccurate data.
Ask us to delete, 'block' or suppress your data, though for legal reasons we might not always be able to do it.
Object to us using your data for direct marketing and in certain circumstances ‘legitimate interests’, research and statistical reasons.
Withdraw any consent you’ve previously given us.
Individuals can exercise their Access Rights at any time. As mandated by UK and EU law we will not charge a fee to process these requests, however, if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee or to refuse your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
In exercising your Access Rights, you should understand that in some situations we may unable to fully meet your request, for example, if you make a request for us to delete all of your personal data, we may be required to retain some data for business administration or for prevention of crime purposes.
If you are dissatisfied with any aspect on how we process your personal data please contact our Data Privacy Representative at [email protected]. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO can be contacted via its website which is https://ico.org.uk/concerns/.
How to contact us
If you have any questions regarding this policy and its content, the use of your data and your Access Rights please contact our Data Privacy Representative at 184 Shepherds Bush Road, W6 7NL, London, England or by emailing [email protected]