PRIVACY NOTICE

INTRODUCTION

Frost Money Ltd, trading as Frost, respects your privacy and is committed to protecting your personal data.

This statement is designed to provide information for you as to how we look after your personal data when you visit our website or through the use of our mobile App. Further this policy will inform you of your rights regarding your personal data and how the law protects your personal data.

The meaning of words used throughout this policy can be found in the glossary section of this policy.

1. WHO WE ARE

We are Frost Money Ltd (we, us, our) and we operate under the trading name of Frost.

We are a company incorporated in England and Wales. Our registered is 3 rd Floor, Oakland House, Talbot Road, Manchester, M16 0PQ and our company registration number is 12231881.

We are the data controller for any personal data that you supply to us using this website, or through the use of our App.

2. WHAT PERSONAL DATA IS

Personal data is any personal information about a person from which that person can be identified. If a person cannot be identified from the information then it is not personal data (for example data where identity has been removed and has been anonymised).

For more information on data is considered to be personal data, please visit the website of the Information Commissioner’s Office at www.ico.org.uk.

3. THE PERSONAL DATA WE COLLECT

We collect information you provide when you:

· register to use the Frost app;

· open an account or use any of our services;

· take part in online discussions, surveys or promotions;

· speak with a member of our customer support team (either on the phone or through the Frost app);

· enter a competition; or

· contact us for other reasons.

We will collect the following information:

· Your name, address, and date of birth;

· Your email address, phone number and details of the device you use (for example, your phone, computer or tablet);

· Your password and other registration information;

· Details of your bank account, including the account number, sort code and IBAN;

· Details of your Frost debit cards and credit cards (or other debit or credit cards you have registered with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card);

· Identification documents (for example, your passport or driving licence), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;

· Information you provide when you apply for credit, including details about your income and financial obligations;

· Records of our discussions, if you contact us or we contact you (including records of phone calls);

· Your image in photo or video form (where required as part of our Know-Your-Client (KYC) checks or where you upload a photo to your Frost account).

If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this policy to their attention beforehand.

All personal data is collected in order to enable us to provide you with the best services.

If you fail to provide personal data by law or under the terms of any contract with us despite us having requested it then we may not be able to perform the contract we have with you or the contract we are trying to enter into with you.

If we are unable to perform our contract or enter into a contract with you, we may take the decision to cancel our services with you. Should we cancel our services, we will notify you accordingly.

Whilst we hold the above information about you, it is your responsibility to ensure that the information that we hold about you is correct. Should you wish to request any changes to personal data that we hold about you, you may contact us. Our contact details are within section 8 “HOW TO MAKE A COMPLAINT”.

4. HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU

We will use the information you give us to keep you up-to-date with what’s happening, to provide you with the services you have agreed to and to comply with applicable laws and regulations.

LEGAL BASIS

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.

We need certain personal data to provide our services and cannot provide them without this personal data.

In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).

We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy.

Where you've agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.

Where we process your sensitive personal data (sometimes known as special category personal data) to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.

5. WHO WE SHARE YOUR PERSONAL DATA WITH

We may share your information when is essential for the running of the Forst platform. We share your information with:

a. Business partners, suppliers and subcontractors, social media platforms and other related service providers, with companies, organisations or individuals outside Frost (such as analytics providers) for the performance of any contract we enter into with them or you or for the uses set out in the section 4 “HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU”;

b. HM Revenue & Customs, the Financial Conduct Authority and other competent regulators and authorities acting as processors or joint controllers based in the UK only where we are required to report processing activities pursuant to statutory and regulatory requirements.

c. Third parties that provide know your client (KYC), identification verification and anti-money laundering check services;

d. Third party cloud computing service providers who provide essential hosting, data storage and security services for the core Frost platform;

e. Providers of payment processing services;

f. Professional advisers acting as processors or joint controllers including bankers, lawyers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.

6. STORAGE OF YOUR PERSONAL DATA

We generally process your information through servers in the EEA and normally store it for six years.

We process your information and store it on servers managed by our hosting providers. Those servers are located across a number of secure data centres in the EEA.

Unfortunately, the transmission of your information via the Internet can never be completely secure. Although we will do our best to protect your information, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7. YOUR RIGHTS OVER YOUR PERSONAL DATA

You have various rights under data protection laws in relation to your personal data which may be exercised in certain circumstances. Your rights include being able to:

a. Request access to your personal data

b. Request that your personal data be corrected

c. Request the erasure of your personal data

d. Object to the processing of your personal data

e. Restrict the processing of your personal data

f. Request a transfer of your personal data

g. Withdraw your consent

If you wish to exercise any of the rights set out above, please contact us. Our contact details can be found in the section “HOW TO MAKE A COMPLAINT”.

Should you have any further questions regarding your rights, you should seek the advice of a qualified legal practitioner or advice from the Data Protection Supervisory in your country (if you are accessing this website outside of the United Kingdom). If you are accessing this website within the United Kingdom, more information about your rights can be obtained from the Information Commissioner’s Office.

Fees

You are not required to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a fee if your request is one which is unfounded, repetitive or excessive.

If your request is unfounded, repetitive or excessive in addition to being able to charge a fee for complying with your request, we also have to ability to refuse to deal with your request. Should we choose to refuse to deal with your request, we will notify you accordingly.

What we need from you

In addition to a fee, if any, we need documentation from you to enable us to confirm your identity in order to assist us with enabling you to access any of your rights in relation to your personal data. Such documentation to include (1) photographic identification and (2) a document displaying your residential address dated within the period preceding 3 months of your request.

By providing us with the relevant documentation to confirm your identity, you are enabling us to ensure that your personal data is not being disclosed to anyone who is not entitled to it.

We may ask for further information from you to enable us to speed up our response in relation to your request to exercise any of your rights.

Time limits

We try to respond to all legitimate requests from a person to exercise their rights within 30 days. Although please be mindful that it may take us longer to deal with your request if your request is particularly complex or you do not supply us with any documentation and or information that we may request from you.

If we are unable to respond to you within 30 days, we will notify you accordingly.

8. HOW TO MAKE A COMPLAINT

If you have a complaint about how we use your personal information, please do so using any of the below methods.

By post to:

Frost Money Ltd

3rd Floor, Oakland House

Talbot Road

Manchester

M16 0PQ

If, following our review of your complaint, you are still not happy then you can, if you are based in the United Kingdom, contact the UK’s data protection supervisory – The Information Commissioners’ Office (“ICO”).

More details about the ICO can be found on their website at ico.org.uk.

If you are not based in the United Kingdom you should refer your complaint to your relevant country’s data protection supervisory authority, if any.

You do not have to approach us in the first instance before you contact a Data Protection Supervisory Authority if you have any concerns about how we use your personal data. However, we ask that you approach us first should you have any complaints about the way we handle your data to enable us to take the opportunity to address your complaint accordingly.

9. CHANGES TO THIS POLICY

We will keep this policy under review and will make any relevant updates to this policy.

If we change the way we use your personal data, we will make any relevant updates to this policy.

Any changes made to this policy will be available on this page.

10. COOKIES

We use cookies to analyse how you use our website.

For more information on cookies, please read our cookies policy.

11. GLOSSARY

The following terms have the meanings opposite them:

“data protection laws” means the General Data Protection Regulation (EU 2016/679) or any substantially equivalent law enacted in the UK, as applicable;

“EEA” means the European Economic Area;

“our website”, “website” or “site” means www.frost.app and all related sites;

“we”, “us”, “our” or “Frost” means Frost Money Limited;

“your information” or “information about you” means personal data (as defined in the data protection laws) about you.