This Privacy Policy sets out the principles and guidelines that The Money Platform adheres to protect the personal data of its users, in compliance with applicable data protection laws and regulations, including the United Kingdom General Data Protection Regulation (UK GDPR). The Money Platform is committed to protecting and respecting the user’s privacy. This Privacy Policy outlines the business’ practices regarding the collection, use, and disclosure of personal information when a user visits The Money Platform’s website or participate in its peer-to-peer lending services or in loans funded directly by The Money Platform using its own capital. By using the services, the user agrees to the terms outlined in this policy.
Gracombex Ltd is the Data Controller for The Money Platform. Its Information Commissioner’s Office (ICO) registration reference is ZA099774.
The following risk warning applies to individuals considering investing via The Money Platform’s peer-to-peer lending platform. If you are a borrower, this risk warning does not apply to you:
Don’t invest unless you’re prepared to lose money. This is a high-risk investment. You may not be able to access your money easily and are unlikely to be protected if something goes wrong. Take 2 mins to learn more.
This policy applies to all personal data processed by The Money Platform in connection with its peer-to-peer lending services and its direct-to-consumer personal lending activities, where loans are funded using the company’s own capital.
Personal Data: Any information relating to an identified or identifiable natural person.
Data Subject: Any individual whose personal data is processed by The Money Platform.
Processing: Any operation performed on personal data, whether automated or manual, including collection, storage, use, disclosure, and deletion.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the Data Controller.
The Money Platform adheres to the following data protection principles:
Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
Storage Limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the data is processed.
Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Data subjects have the following rights regarding their personal data:
Right to Access: Data subjects can request access to their personal data.
Right to Rectification: Data subjects can request correction of inaccurate or incomplete personal data.
Right to Erasure: Data subjects can request deletion of personal data under certain conditions.
Right to Restriction of Processing: Data subjects can request the restriction of processing of their personal data under certain conditions.
Right to Data Portability: Data subjects can request to receive their personal data in a structured, commonly used, and machine-readable format.
Right to Object: Data subjects can object to the processing of their personal data under certain conditions.
Under the UK General Data Protection Regulation (UK GDPR), you have the right to access your personal data, request correction or erasure, restrict or object to processing, and request data portability. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has not been handled in accordance with the law.
The Money Platform implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including but not limited to:
Encryption: Encrypting personal data both at rest and in transit.
Access Controls: Restricting access to personal data to authorized personnel only.
Regular Audits: Conducting regular security audits and risk assessments.
Incident Response: Implementing a robust incident response plan to handle data breaches promptly and effectively.
The Money Platform collects certain personal information to deliver its products and services, including both peer-to-peer loans and loans funded directly by the business. It also collects information about the user and the devices used to access its website, or it may ask third parties to do this. In these cases, technologies such as cookies are used. See the Cookies Policy for more information. We only use non-essential cookies (such as those for analytics or marketing) where the user has given consent, in accordance with the Privacy and Electronic Communications Regulations (PECR).
The Money Platform processes and stores the following personal data:
Identity Data: First and last names, date of birth, gender
Contact Data: Email, postal address, telephone number
Financial Data: Bank and debit card details, transaction history, credit scores, financial statements
Transaction Data: Details of payments to and from the user and other details of transactions they engage in through the business’ services
Technical Data: IP address, login data, browser information, device information, other technology on devices used to access the business’ services
Profile Data: Username, preferences, survey responses, password, transactions
Usage Data: Website interactions
Marketing Data: Communication preferences
Where The Money Platform lends directly to borrowers using its own funds, it will collect and process personal data to assess affordability, issue and administer credit agreements, manage repayments, recover debts, and report credit performance to Credit Reference Agencies. This processing is carried out in line with the business’ obligations under the Consumer Credit Act 1974, the Financial Conduct Authority’s rules, and UK data protection law.
The Money Platform uses the following methods to collect data:
Direct Interactions: Data provided through forms or communication.
Automated Interactions: Technical data collected during website use.
Third Parties: Data from credit agencies and other public sources.
The data is used to manage user accounts, process transactions, send notifications, improve services, check the user’s identity, prevent fraud and money laundering, inform Credit Reference Agencies of the status of a borrower’s account, help make decisions about credit and credit related services, trace debtors, recover debt, and for marketing purposes. Users may receive administrative messages (email or SMS) related to services. Message preferences can be managed in the user profile.
We process your personal data on one or more of the following legal bases: to perform our contract with you, to comply with our legal obligations (including those under the Consumer Credit Act), and for our legitimate interests in operating and improving our peer-to-peer and direct lending platforms.
The Money Platform may share the user’s personal data with the following parties:
Service Providers: Companies that provide services on the business’ behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Credit brokers, Lenders and Borrowers: To facilitate the lending process, the business may share information with credit brokers and prospective lenders or borrowers through its platform. However, information is not shared directly between individual lenders and borrowers. In some cases, a declined application may be forwarded to a credit broker who may help the borrower obtain a loan.
Regulatory Authorities: When required by law or regulation, or to protect the business’ rights or the rights of others, it may share the user’s data with regulatory authorities.
Business Transfers: In the event of a merger, acquisition, or sale of assets, the user’s personal data may be transferred to the acquiring entity.
The Money Platform does not process sensitive or special category personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The processing of genetic data, data concerning health or data concerning a natural person's gender or sexual orientation are also not processed. The Money Platform only allows customers over the age of 18 years old, so do not process data for anyone under this age.
The Money Platform collects, uses and shares aggregated data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from the user’s personal data but is not considered personal data as it does not directly or indirectly reveal the user’s identity.
Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. After this period, personal data will be securely deleted or anonymized.
Communications may be recorded for quality, compliance, and security purposes. If personal data is transferred outside the UK, for example, to service providers or cloud platforms, The Money Platform ensures that appropriate safeguards are in place in line with UK data protection law. This includes the use of UK-approved Standard Contractual Clauses or International Data Transfer Agreements, where applicable.
In the event of platform failure, The Money Platform has a wind-down plan in place to protect the user’s interests and ensure the orderly management of outstanding loans and customer data.
The Money Platform ensures that third-party service providers who process personal data on our behalf adhere to equivalent data protection standards through:
Data Processing Agreements: Signing data processing agreements that include data protection clauses.
Due Diligence: Conducting due diligence on third-party service providers’ data protection practices.
This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.
Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose. Registered providers and participating banks and building societies are listed under the Open Banking Directory. Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.
As a forward-thinking lender, we support the use of Open Banking as it allows us to process loan applications efficiently, securely and in our consumers’ best interests.
By permitting access to your bank or building society account information we are able to make a better lending decision as we shall be able to verify your income, outgoings and other matters in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.
Further information about Open Banking is available from www.openbanking.org.uk.
By proceeding with your loan application via our website, you expressly consent to us sharing your personal, contact and loan application details (the shared personal data) with our registered Open Banking partner, Perfect Data Solutions Limited (PDS) who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS’s secure portal (the portal) for the purposes of granting PDS access to your bank or building society account information (transaction information). As soon as your transaction information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (the permitted purpose).
Further information about PDS including their registered provider and regulatory status is available from www.lendingmetrics.com.
PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the portal will be encrypted and its usage tracked as part of set Open Banking data security standards.
We are responsible for the secure transmission of any shared personal data to PDS, for safely directing you to the portal and for the safe receipt and usage of your transaction information. You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.
Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.
PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your transaction information and submit this back to us for the permitted purpose. By way of example, the transaction information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.
PDS shall be entitled to re-access your transaction information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.
PDS shall hold the shared personal data and the transaction information they receive and retain according to their own terms and conditions and privacy policy, available on the portal, which you will be required to read and consent to once directed their via our website.
As PDS are also a credit reference agency they may also share and keep a record of your shared personal data and transaction information.
The transaction information we receive about you will only be used for the permitted purpose. We do not sell or share transaction information with any third party.
Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including shared personal data and transaction information.
The requirement to share Open Banking data as part of your application process will depend on the individual details of your application and be evaluated on a case-by-case basis. Where your bank or building society have already permitted access to your transaction information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.
Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.
Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.
The Money Platform collaborates with Equifax, Experian, and TransUnion, maintaining a common standard for processing consumer data, known as the Credit Reference Agency Information Notice (CRAIN).
The Money Platform implements appropriate technical and organizational measures to protect the user’s personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
The Money Platform appoints a Data Protection Officer responsible for overseeing compliance with this policy and data protection laws. The DPO’s responsibilities include:
• Monitoring data protection compliance.
• Providing guidance on data protection impact assessments.
• Serving as a contact point for data subjects and supervisory authorities.
All employees and contractors are provided with regular training on data protection principles, policies, and procedures to ensure ongoing awareness and compliance.
This policy will be reviewed annually or when necessary to reflect changes in laws, regulations, or business practices. The Money Platform will notify the user of any changes by posting the new Privacy Policy on its website. The user is advised to review this Privacy Policy periodically for any changes.
For questions or concerns regarding this policy or data protection practices, please contact:
Information Commissioner’s Office
Loans are subject to status and affordability. Over 20 years only.
The Money Platform is a trading name for Gracombex Ltd (company no. 9413521) and our registered offices are at:
Wework Swan House, 33 Queen Street, London, EC4R 1BR.
Gracombex Ltd is authorised and regulated by the Financial
Conduct Authority (Ref. 716455).
Data Protection Registration Number ZA099774.
©️ 2025 The Money Platform, All Rights Reserved
