Last Revised: September 12th, 2023
RiseUp Moments UK Ltd. and its affiliates (“RiseUp”, “we”, “our” or “us”) respect the privacy of the users (“User(s)” or “you”) of our "RiseUp" mobile application and related services, such as communications via WhatsApp (respectively, the “App” and “Services”). We believe that you have a right to know our practices regarding the information we may collect and use when you use our App and Services.
1. Who we are
In this policy, references to RiseUp, or to "we" or "us" are to RiseUp Moments UK Ltd., which is a registered company in the United Kingdom (No. 14570315) at C/O Ch. Hausmann & Co. Suite 5 De Walden Court, 85 New Cavendish Street, London, United Kingdom, W1W 6XD.
We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”) in relation to our processing of Personal Data under registration number ZB497625.
Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.
We have appointed Evalian Limited as our Data Protection Officer, whose contact details are as follows: firstname.lastname@example.org..
2. Your Acknowledgment of this Policy
1. You visit our website
2. You purchase our App subscription, including our educational newsletter services
3. You enquire about our products and/or services
4. You use our App and website
5. You sign up to receive newsletters and/or other promotional communications from us
The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below.
3. Personal data we Process
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
The type of Personal Data we collect about you will depend on our relationship with you, for example, we collect and process the following categories of Personal Data as part of your use of the Website, App and Services:
Account and Contact Details: Personal Data is collected from the details you provide in the registration form available on the App and Website, which include, amongst others, your full name, email, phone number, age, gender, marital status and city of residence. You may be required to create a username and password for use of the App. We may collect additional information in order to complete the registration process.
Integration with Open Banking Platforms: personal data collected from the integration between your App and third party open banking platforms, in order to derive your financial information from such platforms, as further detailed below and in our Terms. As such, we will collect and process any Personal Data required to facilitate such integration, including your phone number, date of birth, online identifiers and tokens, consents that you may provide with respect to such integration and the names of third party financial services that you integrate with the App (e.g., details relating to your bank).
Information that you upload to the App and website forms: we collect any information that you voluntarily input/upload to the App and the Services, including details such as your profession, demographic information, spending habits and preferences and content such as financial information, financial goals, questions, tips, stories, comments, etc. Please note that as part of the Services we may also collect any personal data that you voluntarily provide us with, such as information that you provide as part of consultation services that we may provide, marketing activities that we conduct, support we provide in reaching you financial goals, etc.
Communications: Personal Data is collected from the details that you may provide as part of any communications with RiseUp, by any means, including by e-mail, “Contact Form”, communication platforms (such as WhatsApp), telephone, social media or otherwise. Such Personal Data may include your name and contact details and any other information, such as financial information, which you may voluntarily provide to us.
Payment: We may charge certain fees for use of the App and our Services, which are collected through the applicable third-party marketplaces such as Google Play and Apple’s App Store, which may require you to provide certain Personal Data (such as a credit card number and other related billing information). Please note that we do not receive access to such information and do not store such information on our servers. Furthermore, we do not receive any direct payments from Users.
Online Identifiers and Behavioral information: like most online services, when you access and use our Website and App, we collect certain information from your devices which could be used to identify you, including: (i) technical information such as the type and version of your device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity and the type and name of your device and/or browser, etc.; (ii) behavioral information which may include your click-stream on the App, activity information including your activities on the App, content that you view, interactions with our services, and additional information of a similar nature; (iii) IP/Mac address and identifiers, as well as your Unique Device Identifier (UDID); (iv) information about how you interact with our emails, for example, whether and when emails were opened and read and the type of device used.
Inferences. We will use you Personal Data, including Financial Information, to create a profile and draw inferences about you, such as habits and preferences, and combine such information with general aggregated/anonymised data that we hold from similar audiences (e.g., recommended actions for individuals of similar demographics). We will use such profile and inferences to provide you with our Services, including customizing the content made available to you via the App and providing you with insights, suggestions and recommendations.
Geolocation data: while using the App we will access, collect, process, monitor and/or remotely store “geolocation data”, including through the collection of IP addresses and other similar information to determine your location for the purposes of providing you our Services, enhancing your experience on the App, analytics and security purposes
We may cross-reference Personal Data we have about you and any Non-personal Information (for example, aggregate and statistical data obtained from similar user audiences) connected or linked to or associated with any Personal Data shall be deemed as Personal Data as long as such connection, linkage or association exists.
Upon your consent, we may produce and retain statistical, aggregated and anonymized information based on your use of the App and Services and you Personal Data and such will be deemed non-personal data after anonymisation, which we may use, transfer and disclose to third parties at our discretion, including following termination of you use of the App and/or Services.
4. How Do we Collect and/or Produce Information on our Users?
There are a few methods that we use to collect information about you:
(a) We collect information through your entry and use of the App and Services. In other words, when you are using our App and/or our Services, we are aware of it and may gather, collect and store the information relating to such usage..
(b) We collect information which you decide to provide us with voluntarily. For example, we collect Personal Data when you register for a user account and when you contact us via email.
(c) We collect information from third parties. We collect your Financial Information from financial institutions (using Open Banking Platforms).
(d) We may produce information as part of the App and Services. We may produce inferences using our AI technologies and/or our human expertise based on your Personal Data.
We may gather, collect and store such information either independently or through the help of our authorized third-party service providers, as detailed below.
5. What are the Purposes, Lawful Bases and Data Retention Periods of the Processing of Personal Data?
In order for RiseUp to process your Personal Data, as detailed herein, such processing must be justified by a "lawful basis" for processing, as prescribed by applicable law. Please note that the Personal Data processing activities detailed herein may be justified on the basis that:
The processing is based on your consent - where you provide us with your consent to process your Personal Data for one or more specific purposes. For instance, before we contact you for electronic marketing purposes, you will be asked to consent to our processing of your Personal Data for this purpose. If you choose not to provide your consent for such processing activities, or if you decide later on to revoke your consent, this will affect our ability to provide you with RiseUp's marketing materials. We also rely on consent when collecting Online Identifiers, Online Behavior information, Geolocation Data, and Activity information for the purposes of carrying out analytics. This information will be fully anonymised and aggregated once collected.
The processing is necessary to comply with a legal obligation - we may process your Personal Data for disclosure of information to authorities and to comply with our legal obligations (e.g., paying taxes and reporting financial crimes and complying with our anti-money laundering obligations); or
The processing is necessary for the purposes of our legitimate interests - subject to your interests and fundamental rights, processing of Personal Data will take place pursuant to our legitimate interests in offering you comfortable, effective and safe access to our App and Services by improving our services and platform.. Where we rely on legitimate interests as a lawful basis, we carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests.
Our specific purposes for processing your Personal Data, and the relevant lawful bases and data retention period are as follows:
Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
6. Sharing Information with Third Parties
RiseUp respects its Users’ privacy and will not disclose, share, rent, or sell their Personal Data to any third-party, other than as permitted under this Policy. Notwithstanding, we may share Personal Data in the following cases:
RiseUp Personnel and Affiliates: Personal Data that we collect and process may be transferred to, or accessed by, personnel of RiseUp and RiseUp affiliated companies, for the operation of the App and to contact you for marketing and sales purposes. Please note that all RiseUp personnel and affiliates that will have access to your Personal Data are under an obligation of strict confidentiality with respect to such Personal Data.
Service Providers: We may share Personal Data with commercial software providers, consultants and data processors who perform services on our behalf, including without limitation, companies that provide analysis, messaging services and host services, for example:
1. Cloud storage services (for example, Amazon Web Services s3 & MongoDB)
2. Analytics services (for example, Google pixel and Analytics)
3. Logging and performance services (for example, Sentry & Datadog)
4. Digital Forms & Experiences services (for example, Typeform)
5. User feedback & support platform (for example, Intercom)
Open Banking Platforms: in order to retrieve your Financial Information we will integrate your account on the App with third Party Open Banking Platforms, as detailed above and in our Terms. To this end, we may share with such Open Banking Platform certain Personal Data, including: name, date of birth, full address(es), email address, phone number and gender
7. Data Subjects’ Rights
RiseUp acknowledges you have certain rights relating to the Personal Data we collect and process about you. You can access, amend and delete your Personal Data, directly through your Account page on the App. If you are unable to independently access your Personal Data, and for any other inquiries relating to the exercise of your rights under applicable privacy laws, please send us an email to: email@example.com and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.
You are hereby informed of your rights relating to your Personal Data under the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR):
Right to be informed: you have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use this privacy notice to explain this.Right to access (commonly known as a “Subject Access Request”): you have the right to request access to your Personal Data that is held by RiseUp.
Right to rectification: if the Personal Data processed by RiseUp is incorrect or incomplete, you have the right to have your Personal Data rectified.
Right to erasure (commonly known as the right to be forgotten): under certain conditions, you may be entitled to require that RiseUp deletes your Personal Data (e.g., if the continued processing of that data is not justified).
Right to portability: you may have the right to (i) receive the Personal Data concerning you, or (ii) transfer your Personal Data between data controllers (i.e., to transfer your Personal Data to another entity). The right to data portability only applies where your Personal Data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
Right to object to or withdraw consent: where that lawful basis for processing your Personal Data is either "public interest" or "legitimate interests", those lawful bases are not absolute, and you may have a right to object to such processing. Where you object to processing based on our legitimate interests, we shall no longer process your Personal Data unless (i) we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or (ii) for the establishment, exercise or defense of legal claims. If the processing of your Personal Data is based on your consent, you have the right to withdraw your consent to such processing at any time.
The right to restrict processing – under certain circumstances, you may have the right to obtain the restriction of the processing of your Personal Data.
Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you.
Right to lodge a complaint: you have the right to lodge a complaint before the relevant data protection authority or supervisory authority of your jurisdiction. Contact details of the various EU supervisory authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-fr. The Information Commissioner’s Office is the UK’s supervisory authority, and can be contacted at https://ico.org.uk/global/contact-us/.
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated. .
8. Third-party Service Providers and International Transfers
Your Personal Data may be processed outside of the UK and EU/EEA. This is because the organizations we use to provide our service to you are based outside the UK, EU/EEA, for example, in Israel, and the United States.
We have taken appropriate steps to ensure that the Personal Data processed outside the UK and EU/EEA has an essentially equivalent level of protection to that guaranteed in the UK and EU/EEA.
In the UK, we do this by ensuring that:
Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
We enter into an International Data Transfer Agreement (“IDTA”) or Standard Contractual Clauses (with the IDT Addendum) with the receiving organization and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).
In the EU, we do this by ensuring that:
· Your Personal Data is only processed in a country which the European Commission has confirmed has an adequate level of protection (an adequacy decision); or
· We enter into Standard Contractual Clauses (“SCCs”) with the receiving organizations and adopt supplementary measures, where necessary. (A copy of the SCCs can be found here Standard Contractual Clauses (SCCs)) .
Minors under the age of eighteen (18) are not allowed to use the App and Services. Therefore, The Company does not intend and does not knowingly collect Personal Data from minors under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the App and/or Services. If we learn that we collected Personal Data from minors under the age of eighteen (18) we will delete that information as quickly as possible. If you have reasons to suspect that the Company collected Personal Data from minors under the age of eighteen (18), please notify us through the means indicated in Section 1 above, and we will delete that information as quickly as possible.
10. Links to Third Party Websites
We take reasonable measures to maintain the security and integrity of your Personal Data and prevent unauthorized access to your Personal Data or use thereof through generally accepted industry standard technologies and internal procedures. Your Personal Data is hosted on third parties’ servers, which provide advanced strict security standards (both physical and logical). In the event of any breach of the security, confidentiality, or integrity of your Personal Data we will inform you of such breach as and to the extent required by applicable law. Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use of your Personal Data will never occur.
13. Got any Questions? How to contact us and our Data Protection Officer:
RiseUp Moments UK Ltd.
85 New Cavendish Street
Ch. Hausmann & Co. Suite 5 De Walden Court
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited can be contacted as follows:
Unit 5, West Lodge Nobs Crook
Colden Common, Winchester
Please mark your communications FAO the ‘Data Protection Officer’.