Important information and who we are

‍
Monument Technology Limited (“Monument” or the “Company”) respects your privacy and is committed to protecting your personal data. This Privacy Notice sets out how we collect and process the personal data of our investors, business contacts, the representatives of our clients or potential clients (such entity being a “Monument Client”) or of one of our active or potential third-party suppliers (a “TPS”).

It also describes how that information may be used or disclosed by us to other third parties that we work with in order to provide our services and the safeguards we use to protect it.

Some of the third parties we work with may collect your personal data in their capacity of data controller. We therefore ask you to review such third parties’ privacy notices, typically available on their official websites, to understand their information practices.

Our website may contain links to other websites or applications. If you follow these links, please note that each destination may allow third parties to collect or share data about you and each may have their own ways of handling your personal data. We do not control these third-party websites and are not responsible for their privacy notices. We therefore recommend that you review their privacy notices as we cannot be responsible or accept liability for these.

This Privacy Notice was last updated on 5th February 2025, and it may change from time to time, so please check this page periodically for updates as any changes may become effective immediately. We will assume that you accept any changes unless you tell us otherwise.

We use cookies and similar technologies in our website, so please ensure you have read our Cookie Policy.

Please also review our Website Terms (on our website) which set out the terms on which we allow use of our website and the applicable disclaimers and limitations of liability.

If you have any questions about this Privacy Notice or any of our privacy practices, the personal data we hold on you, or you would like to exercise one of your legal rights in relation to your personal data, please do not hesitate to contact us at privacy@monument.tech.

If you have a complaint about how we use your personal data, we will do our best to fix the problem. If you are still not happy, you can refer your complaint to a data protection supervisory authority in the EU, the country you live or work, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk

For the purposes of data protection laws, the data controller is Monument Technology Limited, registered in England (15281121) and our registered office is 33 Cavendish Square, London, W1G 0PW. We are registered with the ICO as a data controller (Registration number ZB798647).

This Privacy Notice gives you information on what personal data we may collect and how we collect and process it if we are engaging with you in your capacity as an investor;

• ffa representative of a TPS;
• a representative of a Monument Client; or
• a business contact.

If you are a customer or member of a Monument Client, please refer to the privacy notice of the institution that you are a direct customer or member of, which you will find on their website.

‍

What we may collect and our approach to privacy

We appreciate the value of your personal data. We respect your privacy and reflect that in the way we handle and protect your data.

‍

What personal data do we collect?

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we collect through our interactions (for example, when visiting and using our website, or if you contact us by e-mail or other channels).

We have grouped together the kinds of personal data we may collect as follows:

• Identity Data - includes first name, last name, date of birth, username, or similar identifier. When you email, phone, WhatsApp or otherwise communicate with us, we may collect information such as your names, email address and phone number(s).·      
• Contact Data - includes email address, telephone numbers and any other electronic communication id.
• Financial Data - includes bank account details
• Third Parties and information we receive from other sources - we work closely with third parties (including, for example, businesses, business partners, suppliers, sub-contractors, analytics providers, and search information providers) and may receive information about you from them.
• Due Diligence information - includes documentary evidence we may ask you to provide and personal data from investigations we conduct such as due diligence checks, sanctions, and anti-money laundering checks.
• Chat and call recordings - includes chat, audio, and video conversations when we are engaging with you.

The information below summarises the nature of personal data collected, its purpose and the lawful basis relied upon for each of the types of individuals whose information is within the scope of this privacy notice.

‍

Investors:

Core Data Collected
Personal and business contact details including names, telephone numbers, email addresses, personal address, copies of ID documents including passport and address details for individuals such as directors and ultimate beneficial owners and trustees, bank account details.

Purposes of Collection
To be able to

• provide information about our company and the details of any potential or actual investment;
• perform due diligence;
• contact data subjects to arrange for provision of share certificates and investor updates;

Bank account details are required to make, and to verify source of, payments.

Lawful Basis of Collection
As necessary to perform our contract, or for pre- contractual steps, or as may be necessary for us to comply with our legal obligations

Standard Retention Period*
6 years

‍

Suppliers (including TPS)

Core Data Collected
Contact details in the business capacity, including email address and telephone number.

Purposes of Collection
As may be necessary to take pre-contractual steps, enable us to provide information about supplier services to engage contractually; to manage contracts and communicate with suppliers regarding contracts.

Lawful Basis of Collection
As necessary to perform our contract, or for pre- contractual steps, or as may be necessary for us to comply with our legal obligations.

Standard Retention Period*
6 years for those with whom we had a contract, 12 months for those with whom we did not contract.

‍

Monument Client

Core Data Collected
Contact details in the business capacity, including email address and telephone number.

Purposes of Collection
As may be necessary to take pre-contractual steps, enable us to provide information about supplier services to engage contractually; to manage contracts and communicate with suppliers regarding contracts.

Lawful Basis of Collection
As necessary to perform our contract, or for pre- contractual steps, or as may be necessary for us to comply with our legal obligations.

Standard Retention Period*
6 years for those with whom we had a contract, 12 months for those with whom we did not contract.

‍

Business Contacts

Core Data Collected
Personal (in the business context) and business contact details including names, telephone numbers, email address, personal address.

Purposes of Collection
To enable us to provide updates on developments within Monument Technology Limited.

Lawful Basis of Collection
Legitimate interests of both Monument Technology Limited (to inform these individuals in their business capacity about developments within the company and services that it offers) and data subjects (to be able to receive information that the company believes may be relevant to the data subjects in their business capacity).  The collection and processing of the categories of personal data mentioned are necessary in order to inform data subjects about developments in the company. Contact information is obtained from individuals in their business capacity and this privacy notice will be referenced and a right to unsubscribe provided with every communication.

Standard Retention Period*
12 months

‍

*We may be required to retain personal data for a longer period of time to ensure we comply with our legal and regulatory requirements. We may also anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this personal data indefinitely without further notice to you.

In some circumstances, you can ask us to delete your data. Please see the “Your rights” section below for further information. We review our data retention obligations to ensure we are not retaining data for longer than we are required to.

Where we collect special categories of personal data about you (this includes details about your race or ethnicity , religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data criminal convictions, allegations, investigations and proceedings) and it is necessary to do so for our business, we will obtain your specific consent, unless we have another lawful basis to process such special categories of personal data.  

We normally process data on criminal records, PEP (politically exposed person) information and sanctions data if it is relevant as part of our due diligence processes, similar to “know your customer,” and to confirm your identity (copies of identity documents). We normally process such data on the basis of legal obligation where we are required to do so by law or, where relevant, with your consent.

‍

How do we use this personal data and why?

Data protection laws require that we ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data:

• to negotiate or fulfil a contract with the organisation you represent (this includes any steps prior to entering a contract), and where processing is required as part of that contract for example:
  • to communicate with you as a representative of a TPS in connection with the performance by the TPS or by us of that contract
  • to communicate with you as a representative of a Monument Client entity in connection with the performance by that Monument Client entity or by us of that contract
• to meet our legal obligations, for example:
  • to fulfil our regulatory obligations and business requirements by keeping records of calls, correspondence and our business activities and archiving and backing up data;
  • to meet tax, legal and auditing obligations;
• for our legitimate interest (or those of a third party), when this does not override your privacy rights, for example:
  • to respond to any questions and queries you may have when you contact us;
  • to improve our website's performance, security, and functionality to enhance your browsing experience;
  • to assess, improve and monitor the use, performance and effectiveness of our products and services;
  • to verify identity to protect our business and to comply with laws that apply to us;
  • to support in the development of our staff so that we can maintain the quality of our service delivery;
• if we have your consent, for example (and where required):
  • to communicate with you by email as a participant in any community or programme we establish from time to time and which you join with the purpose of keeping up to date on our news, products, and services; you can always unsubscribe;
  • To process special category data;
• where necessary to protect the vital interests of you or of another natural person. We do not anticipate processing your personal data routinely on this basis, however there may be rare occasions where it is necessary to process your personal data to protect someone’s life.
  • In some instances, it may be appropriate for us to combine your personal data with other personal data that we may be holding about you, such as combining your e-mail address with your use of our website

‍

Who do we share your personal data with?

In order to conduct our business, we may need to share your data with other people and businesses that assist us where that is required in order for those parties to provide their services to us.

These are the third parties that may have access to some of your personal data:

• Cloud providers;
• Law firms – for the purpose of receiving legal advice;
• Accountants and auditors - in order to comply with our statutory obligations;
• Suppliers – that are required for the functionality of our website and provide functional analytics;
• Professional services providers - in order to provide you with independent reports and opinions on the Company’s business plans;
• Google Analytics and Google Tag Manager, provided we have your consent to store cookies.  By default, tracking logs are retained for up to 14 months;
• Research partners – in order to gather your input to surveys;
• Software companies who power our technology and enable us to deliver our services - such as our client relationship manager provider;
• Due diligence data providers- in order to verify your identity and the potential risk of accepting funds from you as an investor (see further below); and
• Anybody else that we have been instructed by you to share your personal data with.
  

Where any of your data is required to be shared for such a purpose, we will take all reasonable steps to ensure that your personal data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under data protection laws.

We do not sell your personal data to any third-party organisations.

We may also share your personal data with other organisations in the following cases:

• if we want to sell our business or the company, or transfer, or merge parts of the business or our assets, or if we seek to acquire other businesses or merge with them, we can disclose it to the potential acquirer / other party (in which event such party may then use your personal  data in the same way as set out in this Privacy Notice;
• we can exchange information with others to protect against fraud or credit risks;
• we can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety, or rights.

‍

Where we store your personal data and security

We normally store your personal data with a cloud provider with servers in the UK and Ireland. We may transfer your collected personal data to storage outside the UK and European Economic Area (EEA), and we will apply measures to protect it.

• We may store or transfer data to other countries which have data protection laws that are different to the laws of your country (and in some cases, may not be as protective).
• Where we transfer your personal data to countries and territories outside of the EEA and the UK, we rely on adequacy decisions from the relevant governmental bodies.

Where the transfer is not subject to an adequacy decision, we have taken all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and the UK under data protection laws. Such steps may include, but not be limited to, legally binding contractual terms (or Standard Contractual Clauses) between us and any third parties we engage with.

Data security is of great importance to us.

• We have put in place strict procedures and appropriate security features to try to prevent unauthorised use of or access to your data and to prevent your personal data from being lost. This includes physical, electronic, and managerial procedures to safeguard and secure data collected, including back up procedures, usernames, and passwords. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and are subject to appropriate agreements.
• We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
• Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure. You are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.

‍

Your rights

• When you submit personal data to us, including via our website, you may be given options to restrict our use of your data. We aim to give you controls (where applicable) on our use of your data (including the ability to opt-out of receiving certain communications. You can do confirm your preferences by emailing privacy@monument.tech).
• Under data protection laws you have the right to:
  • request access to, deletion of or correction of your personal data held by us;
  • request that your personal data be copied or transferred to another person (data portability);
  • be informed of what data processing is taking place;
  • ask us to restrict processing,
  • withdraw any consent you have given us;
  • object to processing of your personal data;
  • complain to a supervisory authority; and
• You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes.
• Please note that there may be a few circumstances where we cannot ‘delete’ or block your data, for example:
  • where we are required to retain it by law;
  • where your personal data may be impossible to permanently delete. If this is not reasonably possible, we will put that personal data beyond reasonable use; and
  • where you have shared your personal data with others and therefore made it public.
• You will not have to pay us a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
• We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
• We try to respond to all legitimate requests within one month. Occasionally we may need an additional two months if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated.

How to contact us?

If you have any questions about this Privacy Notice or any of our privacy practices, the personal data we hold on you, or you would like to exercise one of your legal rights in relation to your personal data, please do not hesitate to contact us at  privacy@monument.tech.