RiseUp Privacy Policy

Last Revised: June 6th, 2024

  • RiseUp Moments UK Ltd. and its affiliates (“RiseUp”, “we”, “our” or “us”) respect the privacy of the users (“User(s)” or “you”) of our “RiseUp” websites, mobile application and related services, such as communications via WhatsApp (respectively, the “App” and “Services”). We believe that you have a right to know our practices regarding the information we may collect and use when you use our App and Services. 

 

1. Who we are

In this policy, references to RiseUp, or to “we” or “us” are to RiseUp Moments UK Ltd., which is a registered company in the United Kingdom (No. 14570315) at C/O Ch. Hausmann & Co. Suite 5 De Walden Court, 85 New Cavendish Street, London, United Kingdom, W1W 6XD.

We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”) in relation to our processing of Personal Data under registration number  ZB497625.

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

We have appointed an internal Data Protection Officer, who can be reached via euprivacy@letsriseup.com.

Individuals wishing to contact us about data protection issues and/or this Privacy Policy may do so by writing to our privacy contact by using the contact details specified above or by writing to: euprivacy@letsriseup.com.

 

2. Your Acknowledgment of this Policy

This Privacy Policy (“Privacy Policy”)  applies to you if :

  1.             You visit our website
  2.             You purchase our App subscription, including our educational newsletter services
  3.             You enquire about our products and/or services
  4.             You use our App and website
  5. You sign up to receive newsletters and/or other promotional communications from us

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below.

BY INSTALLING, ENTERING, CONNECTING TO, ACCESSING OR USING THE APP AND/OR SERVICES, YOU ACKNOWLEDGE THAT YOU ARE OR HAVE HAD THE OPPORTUNITY TO BECOME AWARE OF THIS PRIVACY POLICY AND RISEUP’S PRACTICES DESCRIBED HEREIN, INCLUDING THE PROCESSING (INCLUDING COLLECTING, USING, DISCLOSING, RETAINING OR DISPOSING) OF YOUR PERSONAL DATA UNDER THE TERMS OF THIS POLICY.

 

3. Personal data we Process 

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.  

The type of Personal Data we collect about you will depend on our relationship with you, for example, we collect and process the following categories of Personal Data as part of your use of the Website, App and Services:

  • Account and Contact Details: Personal Data is collected from the details you provide in the registration form available on the App and Website, which include, amongst others, your full name, email, phone number, age, gender, marital status and city of residence. You may be required to create a username and password for use of the App. We may collect additional information in order to complete the registration process. 

 

  • Integration with Open Banking Platforms: personal data collected from the integration between your App and third party open banking platforms, in order to derive your financial information from such platforms, as further detailed below and in our Terms. As such, we will collect and process any Personal Data required to facilitate such integration, including your phone number, date of birth, online identifiers and tokens, consents that you may provide with respect to such integration and the names of third party financial services that you integrate with the App (e.g., details relating to your bank).   

 

  • Financial Information: When using the App and Services, you will be required to integrate your account on the App with your existing accounts in relevant financial institutions (such as banks and credit card companies), through dedicated third party open banking aggregation platforms (“Open Banking Platform”), as further detailed in our Terms. Such integration will allow us to collect, store and process financial information from said accounts (“Financial Information”), subject to the grant of your consent to the relevant Open Banking Platform and your acceptance of the Open Banking Platform’s terms of service and privacy policy. Financial Information includes, but is not limited to, the following categories of Personal Data: card transactions and balance, IBAN/Account number/Sort code/SWIFT, account details, account balance and transactions (e.g., time, description, amount, meta-data (arbitrary data that banks associate with a transaction)), account type (e.g. current, saving, investment, credit card), account name, account currency, loans, investments and insurance data when available, payment due date (credit cards) and minimum payment due (credit cards). We may, from time to time, collect and process additional Financial Information from accounts integrated with the App, subject to the availability of such information and its necessity to provide you with our Services. 

 

  • Information that you upload to the App and website forms: we collect any information that you voluntarily input/upload to the App and the Services, including details such as your profession, demographic information, spending habits and preferences and content such as financial information, financial goals, questions, tips, stories, comments, etc. Please note that as part of the Services we may also collect any personal data that you voluntarily provide us with, such as information that you provide as part of consultation services that we may provide, marketing activities that we conduct, support we provide in reaching you financial goals, etc.

 

  • Communications: Personal Data is collected from the details that you may provide as part of any communications with RiseUp, by any means, including by e-mail, “Contact Form”, communication platforms (such as WhatsApp), telephone, social media or otherwise. Such Personal Data may include your name and contact details and any other information, such as financial information, which you may voluntarily provide to us.

 

  • Payment: We may charge certain fees for use of the App and our Services, which are collected through the applicable third-party marketplaces such as Google Play and Apple’s App Store, which may require you to provide certain Personal Data (such as a credit card number and other related billing information). Please note that we do not receive access to such information and do not store such information on our servers. Furthermore, we do not receive any direct payments from Users. 

 

  • Online Identifiers and Behavioral information: like most online services, when you access and use our Website and App, we collect certain information from your devices which could be used to identify you, including: (i) technical information such as the type and version of your device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity and the type and name of your device and/or browser, etc.;  (ii) behavioral information which may include your click-stream on the App, activity information including your activities on the App, content that you view, interactions with our services, and additional information of a similar nature; (iii) IP/Mac address and identifiers, as well as your Unique Device Identifier (UDID); (iv) information about how you interact with our emails, for example, whether and when emails were opened and read and the type of device used.

 

  • Inferences: We will use you Personal Data, including Financial Information, to create a profile and draw inferences about you, such as habits and preferences, and combine such information with general aggregated/anonymised data that we hold from similar audiences (e.g., recommended actions for individuals of similar demographics). We will use such profile and inferences to provide you with our Services, including customizing the content made available to you via the App and providing you with insights, suggestions and recommendations. 

 

  • Geolocation data: while using the App we will access, collect, process, monitor and/or remotely store “geolocation data”, including through the collection of IP addresses and other similar information to determine your location for the purposes of providing you our Services, enhancing your experience on the App, analytics and security purposes.

 

Important notes

  • If any Personal Data that you input or upload to the App or Services, including the Financial Information that you grant us access to, includes Personal data of third parties, such as family members, partners or beneficiaries of your relevant accounts in third party financial institutions, you are fully and solely responsible for providing all necessary information notices to affected data subjects and obtaining any required consents under applicable privacy laws from data subjects for the use, processing, sub-processing and storing of their information in accordance with this Privacy Policy.
  • We may cross-reference Personal Data we have about you and any Non-personal Information (for example, aggregate and statistical data obtained from similar user audiences) connected or linked to or associated with any Personal Data shall be deemed as Personal Data as long as such connection, linkage or association exists. 
  • Upon your consent, we may produce and retain statistical, aggregated and anonymized information based on your use of the App and Services and you Personal Data and such will be deemed non-personal data after anonymisation, which we may use, transfer and disclose to third parties at our discretion, including following termination of you use of the App and/or Services.  
  • We do not collect any Personal Data from you or related to you except as detailed in this Privacy Policy.

 

4. How Do we Collect and/or Produce Information on our Users?

There are a few methods that we use to collect information about you: 

(a) We collect information through your entry and use of the App and Services. In other words, when you are using our App and/or our Services, we are aware of it and may gather, collect and store the information relating to such usage.

(b) We collect information which you decide to provide us with voluntarily. For example, we collect Personal Data when you register for a user account and when you contact us via email.

(c) We collect information from third parties. We collect your Financial Information from financial institutions (using Open Banking Platforms).

(d) We may produce information as part of the App and Services. We may produce inferences using our AI technologies and/or our human expertise based on your Personal Data.  

We may gather, collect and store such information either independently or through the help of our authorized third-party service providers, as detailed below.

 

5. What are the Purposes, Lawful Bases and Data Retention Periods of the Processing of Personal Data?

In order for RiseUp to process your Personal Data, as detailed herein, such processing must be justified by a “lawful basis” for processing, as prescribed by applicable law. Please note that the Personal Data processing activities detailed herein may be justified on the basis that:

  • The processing is based on your consent – where you provide us with your consent to process your Personal Data for one or more specific purposes. For instance, before we contact you for electronic marketing purposes, you will be asked to consent to our processing of your Personal Data for this purpose. If you choose not to provide your consent for such processing activities, or if you decide later on to revoke your consent, this will affect our ability to provide you with RiseUp’s marketing materials. We also rely on consent when collecting Online Identifiers, Online Behavior information, Geolocation Data, and Activity information for the purposes of carrying out analytics. This information will be fully anonymised and aggregated once collected.
  • The processing is necessary for performance of a contract to which you are a party – generally your Personal Data will be provided to us because you are interested in using our App and Services in accordance with the contractual Terms you entered into (which serve as the ‘contract’ for purposes of this lawful basis for processing). As such, we rely on this basis for processing activities that are required in order to enable you to use the App, to provide our Services and to let you know of changes to our terms and this Privacy Policy. This includes providing you with our app, financial education services and informative newsletters and notifications about financial planning, tips, and education, which form part of the Terms.
  • The processing is necessary to comply with a legal obligation – we may process your Personal Data for disclosure of information to authorities and to comply with our legal obligations (e.g., paying taxes and reporting financial crimes and complying with our anti-money laundering obligations); or
  • The processing is necessary for the purposes of our legitimate interests – subject to your interests and fundamental rights, processing of Personal Data will take place pursuant to our legitimate interests in offering you comfortable, effective and safe access to our App and Services by improving our services and platform.. Where we rely on legitimate interests as a lawful basis, we carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests.


Our specific purposes for processing your Personal Data, and the relevant lawful bases and data retention period are as follows: 

1. Purpose of Processing – To fulfill your order, communicate with you about our contract,  create your account in the App and/or with our community, and to update you about our Terms of service.

  • Categories of individuals – Users
  • Categories of Personal Data – Account and Contact Details
  • Lawful Basis – Contract
  • Retention Period – 6 years in backups and archives post account closure.
 

2. Purpose of Processing – To provide you with the App and its functionalities, financial educational services and educational and informative relevant newsletters which form part of the Terms you entered into with RiseUp.

  • Categories of Personal Data – Account and Contact Details information obtained from  the integration with Open Banking Platforms, Financial Information, Information that you uploaded to the App
  • Categories of individuals – Users
  • Lawful Basis – Contract
  • Retention Period – 6 years in backups and archives post account closure. Following 2 years of account inactivity (based on date of last payment), we will delete your personal information.

 

3. Purpose of Processing – To provide you with customer service support

  • Categories of Personal Data – Account and Contact Details,  information obtained from  the integration with Open Banking Platforms, Financial Information, Information that you uploaded to the App, Payment information, Customer conversations with support and RiseUp staff via various channels
  • Categories of individuals – Users
  • Lawful Basis – Contract
  • Retention Period – 6 years in backups and archives post account closure. Following 2 years of account inactivity (based on date of last payment), we will delete your personal information.

 

4. Purpose of Processing – To carry out troubleshooting activities, data analysis, testing, system maintenance, and support.

  • Categories of Personal Data – Cookie, pixel or similar information Device identifiers or device information Geolocation, IP addresses, technical identifiers of devices, networking and browsing of websites & applications
  • Categories of individuals – Users
  • Lawful Basis – Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) or the legitimate interests of a third party; Necessary to comply with a legal obligation
  • Retention Period – 6 years

 

5. Purpose of Processing – To meet our regulatory compliance and reporting obligations relating to tax, bookkeeping, and managing your subscription with RiseUp. To protect the company against legal claims.

  • Categories of Personal Data – Account and Contact Details  information Information about payments made to RiseUp, Email & messaging exchanges, Geolocation data
  • Categories of individuals – Users
  • Lawful Basis – Necessary to comply with a legal obligation; Necessary for our legitimate interests (running the business and meeting our regulatory, compliance and reporting obligations) or the legitimate interests of a third-party; Legitimate interest in keeping the App safe, secure and compliant
  • Retention Period – 7  years

 

6. Purpose of Processing –  To conduct internal market research and improve our services through analytics, including by anonymising and aggregating personal information collected through cookies and other technologies.

  • Categories of Personal Data – Identifiers and Behavioural Information, Geolocation, Inferences, Email tracking information
  • Categories of individuals – Users
  • Lawful Basis – Consent
  • Retention Period – 2 years. Retained permanently, once information is fully aggregated or anonymised.

 

7. Purpose of Processing –  To target you with advertisement for marketing purposes across third-party platforms and devices.

  • Categories of Personal Data – Identifiers and Behavioural Information, Geolocation, Inferences, Email tracking information
  • Categories of individuals – Users
  • Lawful Basis – Consent
  • Retention Period – 2 years. Retained permanently, once information is fully aggregated or anonymised.

 

 

Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

6. Sharing Information with Third Parties

RiseUp respects its Users’ privacy and will not disclose, share, rent, or sell their Personal Data to any third-party, other than as permitted under this Policy. Notwithstanding, we may share Personal Data in the following cases:

  • RiseUp Personnel and Affiliates: Personal Data that we collect and process may be transferred to, or accessed by, personnel of RiseUp and RiseUp affiliated companies, for the operation of the App and to contact you for marketing and sales purposes. Please note that all RiseUp personnel and affiliates that will have access to your Personal Data are under an obligation of strict confidentiality with respect to such Personal Data.  
  • Service Providers: We may share Personal Data with commercial software providers, consultants and data processors who perform services on our behalf, including without limitation, companies that provide analysis, messaging services and host services, for example:
  1. Cloud storage services (for example, Amazon Web Services s3 & MongoDB)
  2. Analytics services (for example, Google pixel and Analytics)
  3. Logging and performance services (for example, Sentry & Datadog)
  4. Digital Forms & Experiences services (for example, Typeform)
  5. User feedback & support platform (for example, Intercom)
  • Open Banking Platforms: in order to retrieve your Financial Information we will integrate your account on the App with third Party Open Banking Platforms, as detailed above and in our Terms. To this end, we may share with such Open Banking Platform certain Personal Data, including: name, date of birth, full address(es), email address, phone number and gender. 
  • In addition, we may share Personal Data in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy and/or the Terms of Use, including investigation of potential violations thereof; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to respond to User’s support requests; (e) to respond to claims that any content available on the App violates the rights of third-parties; (f) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment; (g) to protect the rights, property, or personal safety of the Company, its Users, or the general public; (h) when the Company is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets; (i) to cooperate with third parties for legitimate business purposes, including without limitation, enhancing the User’s experience; and/or (l) pursuant to your explicit approval prior to the disclosure. 

 

Use of Artificial Intelligence (AI) @ RiseUpAt RiseUp, we use artificial intelligence in various ways to better understand our users, improve the services, products, and content created for customers, and to foster better communication and support.Commitments and Safety:
  • Privacy Protection: We will not share customers’ personal financial information (financial information identified with a specific person) with AI services. We will only share the minimum necessary to provide you with excellent service and products.
  • Social Responsibility: We will not use AI (or other technologies) to process special categories of information or for dangerous uses, such as analyzing information about minors, medical information, personal security, sexual orientation, or financial vulnerability. At RiseUp, such information is not maintained at all.
  • Preventing Discrimination: We will not use AI (or other technologies) in a way that could discriminate against a person in our services or in any other way. In general, RiseUp does not provide services where there is a risk of meaningful discrimination, such as credit scoring or offering financing.
 

7. Data Subjects’ Rights

RiseUp acknowledges you have certain rights relating to the Personal Data we collect and process about you. You can access, amend and delete your Personal Data, directly through your Account page on the App. If you are unable to independently access your Personal Data, and for any other inquiries relating to the exercise of your rights under applicable privacy laws, please send us an email to: euprivacy@letsriseup.com and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law. 

You are hereby informed of your rights relating to your Personal Data under the UK General Data Protection Regulation (UK GDPR),  Data Protection Act 2018 and Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR):

  • Right to be informed: you have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use this privacy notice to explain this.Right to access (commonly known as a “Subject Access Request”): you have the right to request access to your Personal Data that is held by RiseUp. 
  • Right to rectification: if the Personal Data processed by RiseUp is incorrect or incomplete, you have the right to have your Personal Data rectified.
  • Right to erasure (commonly known as the right to be forgotten): under certain conditions, you may be entitled to require that RiseUp deletes your Personal Data (e.g., if the continued processing of that data is not justified).
  • Right to portability: you may have the right to (i) receive the Personal Data concerning you, or (ii) transfer your Personal Data between data controllers (i.e., to transfer your Personal Data to another entity). The right to data portability only applies where your Personal Data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means. 
  • Right to object to or withdraw consent: where that lawful basis for processing your Personal Data is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and you may have a right to object to such processing. Where you object to processing based on our legitimate interests, we shall no longer process your Personal Data unless (i) we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or (ii) for the establishment, exercise or defense of legal claims. If the processing of your Personal Data is based on your consent, you have the right to withdraw your consent to such processing at any time. 
  • The right to restrict processing – under certain circumstances, you may have the right to obtain the restriction of the processing of your Personal Data.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. 

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated. 

 

8. Third-party Service Providers and International Transfers

Your Personal Data may be processed outside of the UK and EU/EEA. This is because the organizations we use to provide our service to you are based outside the UK, EU/EEA, for example, in Israel, and the United States. 

We have taken appropriate steps to ensure that the Personal Data processed outside the  UK and EU/EEA has an essentially equivalent level of protection to that guaranteed in the UK and EU/EEA. 

In the UK, we do this by ensuring that:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or

  • We enter into an International Data Transfer Agreement (“IDTA”) or Standard Contractual Clauses (with the IDT Addendum) with the receiving organization and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).

In the EU, we do this by ensuring that:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
  • We enter into an International Data Transfer Agreement (“IDTA”) or Standard Contractual Clauses (with the IDT Addendum) with the receiving organization and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).

In the EU, we do this by ensuring that:

  •  Your Personal Data is only processed in a country which the European Commission has confirmed has an adequate level of protection (an adequacy decision); or
  • We enter into Standard Contractual Clauses (“SCCs”) with the receiving organizations and adopt supplementary measures, where necessary. (A copy of the SCCs can be found here Standard Contractual Clauses (SCCs)) .

 

9.  Minors

Minors under the age of eighteen (18) are not allowed to use the App and Services. Therefore, The Company does not intend and does not knowingly collect Personal Data from minors under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the App and/or Services. If we learn that we collected Personal Data from minors under the age of eighteen (18) we will delete that information as quickly as possible. If you have reasons to suspect that the Company collected Personal Data from minors under the age of eighteen (18), please notify us through the means indicated in Section 1 above, and we will delete that information as quickly as possible.

 

10. Links to Third Party Websites 

The App and Services may contain links to third-party websites, applications or services, which permit Users to leave our App and enter non-RiseUp services. Most of such linked websites and services provide legal documents, including terms of use and privacy policy governing the use thereof. It is always advisable to read such documents carefully before using those websites and services, inter alia, in order to know what kind of information about you is being collected. The Company is not responsible for the privacy practices or the content of such resources. 

 

11. Security

We take reasonable measures to maintain the security and integrity of your Personal Data and prevent unauthorized access to your Personal Data or use thereof through generally accepted industry standard technologies and internal procedures. Your Personal Data is hosted on third parties’ servers, which provide advanced strict security standards (both physical and logical). In the event of any breach of the security, confidentiality, or integrity of your Personal Data we will inform you of such breach as and to the extent required by applicable law. Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use of your Personal Data will never occur. 

 

12. Changes to the Privacy Policy 

The terms of this Privacy Policy will govern the use of the App and any information collected therein and/or provided to us voluntarily. RiseUp may, at its sole discretion, change this Privacy Policy from time to time, so please re-visit this page frequently. In case of any material change, we will make reasonable efforts to post a clear notice on the App and/or will send you an email (to the extent that you provided us with such email address) regarding such change. Such material changes will take effect seven (7) days after such notice was provided on the App or sent via email, whichever is earlier. Otherwise, all other Changes to these Terms are effective as of the stated “Last Revised” and your continued use of App on or after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes. In the event that the Terms should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice.

 

13. Got any Questions? How to contact us and our Data Protection Officer:

If you have any questions (or comments) concerning this Privacy Policy, or if you’d like to exercise any of your rights outlive above,  you are most welcome to contact us as follows:

RiseUp Moments UK Ltd.

85 New Cavendish Street

Ch. Hausmann & Co. Suite 5 De Walden Court

London

United Kingdom 

W1W 6XD

euprivacy@letsriseup.com

Please mark your communications FAO the ‘Data Protection Officer’. 

You can find our cookie policy here.