MCOBS UK Data

In connection with the provision of our AIS Open Banking Solutions, we obtain Personal Information relating to you from the various sources described below.

a. Personal Information Provided by You

• Personal and/or Business Contact Information and Credentials, being: name, user ID, email address and phone number.
• User Open Banking Hub Profile Information, being: email address;, and depending on the Open Banking Solution, any other information that you add to your profile, such as name and bank account detail.
• Authorisations that you grant us to manage your Personal Information in specific ways (e.g., to access, retrieve and display your financial information or transaction information through our Open Banking Solutions, to update your profile based on recent transactions or to transfer financial information to third party service providers of your choice).
• General Communication Information which we may receive when you contact us (e.g. via email, phone, or online web forms), such as your first and last name, phone number, email address, physical address, as well as any other content that you provide. If you do not provide such information, we may not be able to answer your requests or queries.

b. Personal Information provided by third parties

• Financial Information, being: information relating to a bank account that is enrolled in one of the Open Banking Solutions (e.g., account name or reference, unique account reference ID, balance, and transactions), refund account details (account number, sort code and financial institution servicing the refund account), payment receipts, payment card details and billing address.
• Transaction Information, being: your account provider and account number, date / time of payment, payment recipient and data needed for communication with your account provider, information about disputed transactions, financial crime related information (e.g., failed logins).

c. Personal Information automatically obtained from your interaction with the Open Banking Solutions

• Device-related Information, being: information which we obtain by automated means such as cookies, web beacons, and embedded scripts. This may include information from a web browser (such as browser type and browser language), an IP address, device identifier numbers, and the actions taken on a website (such as how a visitor interacts with the web pages and the links clicked, mouse location and keystroke timing). For detailed information about the use of cookies and similar technologies, please see the cookie notices and consent tools that are provided in our Open Banking Solutions.
• Logs of your use of the Open Banking Solutions, which comprise information on which profile is logged into or whether it concerns a one-time user, the IP address used, the time and date, which action has been performed and device information i.e. information on operating system, browser information and settings. Further, whenever a third party service accesses the Open Banking Solutions, a similar log is created.

MCOBS UK Pay

In connection with the provision of our PIS Open Banking Solutions, we obtain Personal Information relating to you from the various sources described below.

a. Personal Information Provided by You

• Personal and/or Business Contact Information and Credentials, being: name, user ID, email address and phone number.
• Authorisations that you grant us to manage your Personal Information (e.g., to transfer financial information to third party service providers of your choice).
• Information relating to your account(s) such as bank account numbers and bank card details.
• General Communication Information which we may receive when you contact us (e.g., via email, phone, or online web forms), such as your first and last name, phone number, email address, physical address, as well as any other content that you provide. If you do not provide such information, we may not be able to answer your requests or queries.

b. Personal Information provided by third parties

• Financial Information, being: information relating to a bank account that is enrolled in one of the Open Banking Solutions (e.g., account name or reference, unique account reference ID), refund account details (account number, sort code and financial institution servicing the refund account), payment receipts, payment card details and billing address.
• Request Information, being: payment initiation service requests, request reference number, and response status.
• Transaction Information, being: your account provider and account number, date/time of payment, payment recipient and data needed for communication with your account provider, information about disputed transactions, financial crime-related information (e.g., failed logins).

c. Personal Information automatically obtained from your interaction with the Open Banking Solutions

• Device-related Information, being: information which we obtain by automated means such as cookies, web beacons, and embedded scripts. This may include information from a web browser (such as browser type and browser language), an IP address, device identifier numbers, and the actions taken on a website (such as how a visitor interacts with the web pages and the links clicked, mouse location and keystroke timing). For detailed information about the use of cookies and similar technologies, please see the cookie notices and consent tools that are provided in our Open Banking Solutions.
• Financial Crime Prevention Information that we need to collect when you use the Open Banking Solutions to initiate payments (e.g., to comply with anti-money laundering legislation). This includes account holder name, address, and date of birth, account number, sort code; and name, address, and date of birth of the beneficial owners, senior management, or authorised signatories, including copies of documents, if necessary, as well as device-related information and logs of your use of the Open Banking Solutions.
• Logs of your use of the Open Banking Solutions, which comprise information on which profile is logged into or whether it concerns a one-time user, the IP address used, the time and date, which action has been performed and device information, i.e., information on operating system, browser information and settings. Further, whenever a third party service accesses the Open Banking Solutions, a similar log is created. We also monitor payments initiations for anomalies such as unusually high frequency of failed initiations, unusually high frequency of successful initiations, unusually high value of initiated payments or if payments are initiated from an unusual geographical location.

We may use Personal Information we obtain about you for the purposes set out below. We will only process your Personal Information when we have a legal basis for the processing as identified in the table below.

We may disclose Personal Information we collect about you to the following third parties, for the purposes described below:

a. Other permitted users

You may allow other users to access and view your Personal Information in the Open Banking Solutions. This applies to our Data services only. If you choose to do this, you agree that MCOBS UK, in order to comply with this agreement with you, will disclose your Personal Information to the person who you have allowed access. You can revoke this access at any time in the Open Banking Solutions’ settings.

b. Mastercard Group

We share the Personal Information we collect with Mastercard’s affiliates and other entities within the Mastercard group of companies, for the purposes described in this Notice. Please see the “Data Transfers” section below to understand how we comply with applicable cross-border data transfer rules.

MCOBS EU is part of the Mastercard group. We work with MCOBS EU to provide services which enable us to deliver our account information services (Data) and payment initiation services (Pay). We therefore share your Personal Information with MCOBS EU which is a Controller for this purpose. If you have any questions regarding the services of MCOBS EU, please contact us.

c. Financial institutions, business customers, partners and service providers acting on our behalf

For the purpose of providing our Open Banking Services, we also share the Personal Information we collect with financial institutions, business customers (where you permit us to do so) and partners. For Pay, this can mean disclosing Transaction Information to a third party provider to enable the payment transaction. For Data, this means sharing your Personal Information with your Bank. Additionally, we use service providers acting on our behalf, such as hosting and infrastructure providers; and providers for monitoring, security, and IT support services.

d. Public authorities

YIn some circumstances we share the Personal Information we collect with public authorities. This includes (i) if we are required to do so by law or legal process, (ii) in response to a request from a court, law enforcement authorities, or government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

e. Potential transactional partners

We may share the Personal Information we collect with potential transactional partners or other third parties in the event of a sale or transfer of our business or assets.

You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you.

In some instances, we may not be able to provide you with the service that you request if you choose to exercise certain rights.

You can choose:

• Not to provide Personal Information to MCOBS UK by refraining from conducting payment transactions using Pay, obtaining and sharing payment account information using Data or from submitting Personal Information directly to us. When we collect Personal Information from you, we indicate whether and why it is necessary to provide it to us, as well as the consequences of failing to do so. If you do not provide Personal Information, you may not be able to benefit from the MCOBS UK services if that information is necessary to provide you with them, or if we are legally required to collect it in relation to the provision of such service. Please note that Personal Information shared with your service provider prior to removal of your authorisation may still be retained and processed by them; for further information, please refer to their privacy notice.
• To opt out of the collection and use of certain information, which we collect about you by automated means, when you visit our websites or use our apps. You can exercise your choice regarding the use of cookies and similar technologies by clicking on the “Manage cookies” banner displayed in the bottom right corner of MCOBS UK websites. Your browser may tell you how to be notified of and opt out of having certain types of cookies placed on your device. Note that without certain cookies you may not be able to use all the features of our websites, apps or online services.
• To opt out of certain uses of information, which we collect about you by automated means when you visit third party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customised and served based on the use of data we and our partners have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third party websites to customise and serve these ads. MCOBS UK ads are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Please click, where applicable, on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behaviour for advertising purposes. You may also exercise your choice regarding the use of cookies and similar technologies by clicking on the “Manage cookies” banner displayed in the bottom right corner of our websites.
• To tell us not to send you marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below.
• To opt out of the anonymisation of your Personal Information to perform data analyses by clicking https://www.mastercard.co.uk/en-gb/vision/terms-of-use/commitment-to-privacy/privacy/data-analytics-opt-out.html.

You have the right to:

• Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymised destroyed or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
• Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights, contact us as specified in the "How To Contact Us” section below.

If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

Our Services are not directed to, or intended for, children under the age of 16. If you learn that a child has provided us with Personal Information in violation of this Notice, please alert us using the contact details below.

MCOBS UK is part of the Mastercard group, which is a global business. We may transfer the Personal Information we collect about you to third party recipients which are situated in countries other than your country. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Information to other countries, we will protect that information as described in this Privacy Notice, as disclosed to you at the time of data collection or as described in our programme-specific privacy notice.

Regulations under section 17A of the UK’s Data Protection Act 2018 specify that all countries within the EEA are regarded as providing an adequate level of data protection. A list of EEA member countries can be found on the UK Government website here. If personal data are transferred to a country outside the UK or EEA, the adequacy of that country and the organisations and systems processing the data are assessed to ensure appropriate safeguards are in place. This is in accordance with UK data protection law and may be by an adequacy decision issued by the UK Government, Binding Corporate Rules, standard contractual clauses, standard data transfer agreements or other transfer mechanisms as permitted by law. We have established and implemented Binding Corporate Rules (“BCRs”) that have been recognised by the UK Information Commissioner’s Office as providing an adequate level of protection to the Personal Information we process globally. A copy of our UK BCRs is available here, and which apply to our transfers to MCOBS EU . We equally rely on EEA BCRs to transfer Personal Information outside of the EEA. A copy of our EEA BCRs is available here.

You may contact us as specified in the “How To Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of your jurisdiction.

The security of your Personal Information is important to MCOBS UK. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain Personal Information.

We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

Our websites may provide links to other websites for your convenience and information. Our website may also contain certain features for which we partner with other entities. These entities may learn of your visit regardless of whether you use these features. These websites and features, which may include social networking and geo-location tools, operate independently from MCOBS UK, and are clearly identified as such. To the extent any linked websites or features you visit or use are not owned or controlled by MCOBS UK, please review the privacy practices of the websites.

You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with MCOBS UK. These features, including geo-location tools, are operated by third parties and are clearly identified as such. Social media providers such as Facebook and Twitter, and these other third parties, are independent from MCOBS UK and do not necessarily share the same policy as MCOBS UK regarding the protection of privacy. Please verify their privacy notices if you decide to use their services and consult your social media account settings if you want to deactivate certain features.