This policy was last updated on: 25th March 2025.
This policy will take effect on: 25th March 2025
Contents
1 Who we are
2 The information we process
3 How we obtain information
4 Your rights
5 Changes to the way we use your information
6 How we use and share your information with other Hyperlayer group companies
7 Sharing with other third parties
8 Transferring information overseas
9 Marketing information
10 Communications about your account
11 Credit reference and fraud prevention agencies
12 How long we keep your information
13 Security
14 Automated processing
Schedule A – Schedule of Purposes of Processing
A Contractual necessity
B Legal obligation
C Legitimate interests
1 Who we are
1.1 We are Smart Spend a trading name of Hyperlayer limited (“we, “us” or “our”). The purpose of this Privacy Notice (the “Privacy Notice”) is to explain how we collect, use, and protect your personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information).
1.2 This policy applies to your use of our website at HyperJar.com (“Site”), the Smart Spend digital wallet application (“App”) and any of our services that are accessible through the Site or the App (collectively referred to as our “Services”). It sets out the basis on which any personal data we collect about you, or you provide to us, will be processed, and used by us.. This Privacy Notice applies to all the information we collect, use and process about you as a customer or user in relation to the products/services you receive from us carried out by Smart Spend.
1.3 It is important that you read this Privacy Notice, together with any other privacy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about (or provided by) you, so that you are fully aware of how and why we are using data. This Privacy Notice supplements the other notices and is not intended to override them.
1.4 Hyperlayer is a data controller in respect of personal information that we process in connection with our business (including the products and services that we provide). We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions, including any requests to exercise your legal rights, please contact the data privacy manager at smart.privacy@hyperjar.com.
2 The information we process
2.1 We collect and process various categories of personal and confidential information at the start of, and for the duration of, your relationship with us and beyond (subject to appropriate retention periods as set out in section 12). We will limit the collection and processing to information necessary to achieve one or more legitimate purposes as identified in this Privacy Notice. Personal and confidential information may include:
a) basic personal information, including name and address, date of birth, contact details, nationality, the fact you are
our customer;
b) financial information, including account and transactional information and history, payment, and payee details, your Smart Spend account and other financial information that you have linked and your Smart Spend card details including transactions, rewards, redemptions and other purchase information regarding products and services accepted from merchants;
c) information about your family, lifestyle, and social circumstances;
d) information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and
expenditure, needs and goals;
e) employment information;
f) visual images and personal appearance (such as photos, copies of passports or CCTV images), voice recordings, video selfie, fingerprints;
g) online profile and social media information and activity, based on your interaction with us and our websites and
applications, including for example your App profile and login information, Internet Protocol (IP) address, smart
device information, location coordinates, online and mobile App security authentication, mobile phone network
information, searches, site visits and spending patterns, browser plug-in types and versions, operating system and platform.
h) contacts lists stored on the devices you use to access the Services or in social media accounts you choose to link to your account.
i) data from 3rd parties including identity and verification information from fraud prevention agencies, data from partner merchants, identity, and behavioural data from social media account.
2.2 We use Cookies to distinguish you from other users. This helps us to give users a good experience and to improve our Services. We may also receive Technical Data about you if you visit other sites employing our Cookies. Please see our Cookie Policy for further details on the Cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of Cookies.
2.5 We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing fraud and financial crime, if it is in the wider public interest (for example, to protect customers’ economic wellbeing); making our services accessible to customers; reporting of complaints for regulatory purposes. We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the purposes and activities for which the information is provided as set out in
Schedule A).
This may include information revealing:
a) racial or ethnic origin,
b) religious or philosophical beliefs;
c) trade union membership;
d) biometric data used for fraud prevention and identification purposes including physical, physiological, and behavioural
identification.
e) information concerning health; and
f) data concerning a person’s sex life and sexual orientation.
2.6 Where permitted by law we may process information about criminal convictions, criminal offences, related security details, alleged offences including unproven allegations, spent or previous convictions, or other details provided in relation to a criminal reference check or similar.
2.7 Where you have provided your consent for us to process your special category data, such as biometric data, you can change it any time by contacting us.
3 How we obtain information
3.1 Your information is made up of all the financial and personal information we collect and hold about you. It includes:
a) information you give to us;
b) information that we receive from third parties – including other Hyperlayer group companies – such as:
(i) third parties who provide services to you or us,
(ii) credit reference, fraud prevention, law enforcement or government agencies,
(iii) industry and trade bodies,
c) information that we learn about you through our relationship with you and the way you operate your accounts and/
or services, such as the payments made to and from your accounts and payees from your account and where you are
identified as a payee;
d) information that we gather, where we have your consent, through Cookies or similar tracking tools (e.g. pixels) when you use our websites, the App and contact our customer support team. Advertising or targeting Cookies or similar technologies may also be used, with your consent, to track your responses to adverts, messages, or forms, which helps us to present you with the most relevant content in the future. When running email campaigns, we also track delivery and log when emails are opened. For example, when you open the email a small image file known as a Cookie may be downloaded to your web browser or email programme. You can restrict or block this type of technology through your web browser or email programme settings by preventing automatic downloading. Cookies may also be set if you click on a link within the email. We track delivery and analyse the overall open and click through rates of bulk emails to:
(i) identify delivery problems with Internet Service Providers.
(ii) provide evidence that regulatory messages are being opened.
(iii) ensure subject lines and email content are clear and helpful.
(iv) measure the overall performance of communication campaigns.
(v) make our communications more relevant.
By default, tracking logs are deleted after 6 months.
e) information that we gather from the technology which you use to access our services (for example device data location data from your device, or an IP address or telephone number) and how you use it (for example pattern recognition);
f) information that we gather from publicly available sources, such as the press, the electoral register, company registers
and online search engines. Information that you make public on social media e.g., Facebook, Twitter.
4 Your rights
4.1 You have rights under data protection laws in relation to your personal data. You have the right to:
a. ask us not to contact you or them for marketing purposes before you have signed up for the Services, or after you have withdrawn from the Services, by contacting us at smart.privacy@hyperjar.com, or by clicking on the unsubscribe link in the relevant communication.
b. at any time ask us to stop processing of your personal information for direct marketing purposes.
c. withdraw any consent you have previously given to us.
d. subject to applicable laws, to ask for access to the personal data we hold about you.
e. ask us to correct any personal data we hold on you that is inaccurate, incorrect, or out of date.
f. ask us to delete your personal data when it is no longer necessary, or no longer subject to a legal obligation which we are subject to. If your data is impossible to permanently delete, we will put it beyond reasonable use.
g. request the transfer of your personal data to you or to a third party. We will provide your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
h. object to our use of your information where we are relying on a legitimate interest (or those of a third party) and we cannot demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
i. request restriction of processing of your personal data. You may ask us to suspend the processing of your or their personal data: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
j. lodge complaints. You have a right to lodge a complaint with the regulator. If you wish to raise a complaint on how we have handled your personal information, please contact us at smart.privacy@hyperjar.com. We hope that we can address any concerns you may have. You can also contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk. Our registration number with the ICO is ZA286245.
5 Changes to the way we use your information
5.1 From time to time we may change the way we use your information. Where relevant, we may also include further details or information in relation to a particular service or activity at the point information is collected or the product or service is considered. When we do, we will communicate any changes to you and publish the updated Privacy Notice on our website and in the App. Where we believe you may not reasonably expect such a change, we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
6 How we use and share your information with other Hyperlayer group companies
6.1 We will only use and share your information with other Hyperlayer group companies where it is necessary for us to lawfully carry out our business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in Schedule A – Purposes of Processing.
7 Sharing with other third parties
7.1 We will not share your information with anyone outside Hyperlayer except:
a) where we have your permission;
b) where required, whether directly or indirectly, for your product or service, which could include in relation to your welfare or accessibility requirements;
c) with law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory or trade bodies around the world;
d) with third parties in relation to fraud or financial crime or criminal activities; or in the event of suspected fraud or financial crime or criminal activities; or the monitoring, prevention, and investigation of the same; with other third parties to help recover funds that have entered your account as a result of a misdirected payment by such a third party;
e) with third parties, agents and sub-contractors acting on our behalf providing services to us, such as payment and card processing, electronic money provision, technology and security, or any other services are required in connection with our legal, regulatory, or contractual rights or obligations relating to products or services provided to you;
f) with merchants as featured on the App or websites from time to time for support purposes or, with your consent, for their marketing or other stated purposes;
g) where required for a proposed or actual sale, reorganisation, transfer, financial arrangement, asset disposal or other
transaction relating to our business and/or assets held by our business where such data is shared with a third party
it is done so under strict duties of confidentiality;
ih) in anonymised form as part of statistics or other aggregated data shared with third parties; or
i) where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent
with the purposes listed above.
7.2 Smart Spend will not share your information with third parties for their own marketing purposes without your permission.
7.3 Our websites and the App may include links to third-party sites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy policies or any data that may be collected or used through those sites. Please check their policies before you submit any information to them.
7.4 If you would like further information about with whom we have shared your personal data with, and whether they will be acting as a controller or processor of that data, please contact us at smart.privacy@hyperjar.com.
8 Transferring information overseas
8.1 We may transfer your information to organisations in other countries (including to other Hyperlayer group companies) on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
8.2 In the event that we transfer information to countries outside of the UK and European Economic Area (which includes
countries in the European Union as well as Iceland, Liechtenstein, and Norway), we will only do so where:
a) the UK has decided that the country or the organisation we are sharing your information with will protect your
information adequately;
b) the transfer has been authorised by the relevant data protection authority; and/or
c) we have entered into a contract with the organisation with which we are sharing your information (on terms approved
by the UK) to ensure your information is adequately protected. If you wish to obtain a copy of the relevant data protection
clauses, please contact us at smart.privacy@hyperjar.com.
9 Marketing information
9.1 Where we have appropriate marketing permissions, we will send you relevant marketing information (including details of other products or services provided by us, other Hyperlayer Group companies, or other selected third parties which we believe may be of interest to you), by mail, phone, email, text, in-App, online and other forms of electronic communication.
9.3 If you change your mind about how you would like us to contact you, or you no longer wish to receive this information, you can change your preferences in the App.
10 Communications about your account
10.1 We will contact you with information relevant to the operation and maintenance of your account (including updated
information about how we process your personal information), by a variety of means including via App, email, text message, post and/or telephone. If at any point in the future, you change your contact details you should tell us promptly about those changes.
10.2 We may monitor or record calls, emails, text messages, customer support teams or other communications in accordance with applicable laws for the purposes outlined in Schedule A – Purposes of Processing.
10.3 We may contact you if we have concerns about your economic wellbeing and offer practical support.
11 Credit reference and fraud prevention agencies
11.1 We may access and use information from credit reference and fraud prevention agencies when you open your account and periodically to:
a) prevent criminal activity, fraud, and money laundering;
b) check your identity and verify the accuracy of the information you give us.
11.2 Account opening decisions may be taken based solely on automated checks of information from credit reference and fraud prevention agencies and internal Hyperlayer records. You have rights in relation to automated decision-making, including a right to appeal. You can appeal via our normal complaints process, which can be found here: https://www.HyperJar.com/support-centre/how-to-complain.html
11.3 If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
11.4 If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we and others may refuse to provide the services you have requested, to employ you, or we may stop providing existing services to you.
11.5 A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
11.6 If you would like a copy of your information held by the credit reference and fraud prevention agencies we use, or if you want further details about how your information is used by these agencies, please visit their websites, or contact them using the details below. The agencies may charge a fee. Credit reference Agency contact details:
Equifax Limited https://equifax.co.uk/crain)
Experian Limited https://experian.co.uk/crain
CIFAS https://cifas.org.uk/fpn
National Hunter Ltd https://www.nhunter.co.uk/privacypolicy/
TransUnion International UK Limited https://www.transunion.co.uk/crain
12 How long we keep your information
12.1 By providing you with products or services, we create records that contain your information, such as customer account records and activity records. Records can be held on a variety of media (physical or electronic) and formats.
12.2 We manage our records to help us to serve our customers well, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and as evidence of our business activities.
12.3 Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant Hyperlayer company is located and the applicable local legal or regulatory requirements. We (and other Hyperlayer group companies) normally keep customer account records for up to ten years after your relationship with us ends, while other records are retained for shorter periods. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
12.4 We may by exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence if they are needed.
12.5 If you would like more information about how long we keep your information, please contact us at smart.privacy@hyperjar.com.
13 Security
We use a range of measures to keep your information safe and secure, which may include encryption and other forms of security. We require our staff and any third parties who carry out any work for us to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
14 Automated Processing
14.1 In the course of providing products and services to you we may process your personal information by automated means, to include profiling. This means we will use computer software or predictive analysis to automatically evaluate your personal circumstances to identify risks or to predict certain outcomes. Examples of this type of processing include;
a) the assessment of account activity to detect and prevent fraud;
b) the identification of customers in vulnerable situations so that we can offer them support or protection; and
c) to provide personalised offers and create market insights.
14.2 Profiling is a useful tool as we try to understand our customers and their specific needs in more detail. It gives us the opportunity to use personal information to tailor our marketing and to ensure that we achieve fair customer outcomes. However, our customers have rights and entitlements in relation to automated processing
and these are covered in Schedule A. You also have the right to opt out of profiling for marketing purposes.
Schedule A – Schedule of Purposes of Processing
We will only use and share your information where it is necessary for us to carry out our lawful business activities. Your information may be shared with and processed by other Hyperlayer group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:
A. Contractual necessity
We may process your information where it is necessary to enter into a contract with you for the provision of our Services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.
This may include processing to:
a) assess and process applications for products or services
b) provide Services throughout your relationship with us, including opening, setting up or closing your accounts, or products; collecting and issuing all necessary documentation; executing your instructions; processing transactions, including transferring money between accounts; making payments to third parties; resolving any queries or discrepancies and administering any changes. Communications to our mobile and website customer support team may be recorded and monitored for these purposes;
c) apply age-appropriate filters to versions of the App;
d) manage and maintain our relationships with you and for ongoing customer service. This may involve sharing your information with other Hyperlayer group companies to improve the availability of our services, for example enabling customers to visit branches of other Hyperlayer group companies;
e) communicate with you about your account(s) or the Services you receive from us.
B. Legal obligation
When you apply for a product or Service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
a) confirm your identity, (including using biometric information and voice-recognition technology and other identification
procedures, for example fingerprint verification where we have a valid legal basis e.g. consent);
b) perform checks and monitor transactions and location data for the purpose of preventing and detecting crime and; to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud, and threats and to share data with law enforcement and regulatory bodies;
c) share data with banks and third parties to help recover funds that have entered your account because of a misdirected payment by such a third party;
d) share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including reporting suspicious activity and complying with production and court orders;
e) deliver mandatory communications to customers or communicating updates to product and service terms and conditions;
f) investigate and resolve complaints, and remediate errors occurring on your account or service;
g) conduct investigations into breaches of conduct and corporate policies by our employees;
h) manage contentious regulatory matters, investigations, and litigation;
i) perform assessments and analyse customer data for the purposes of managing, improving and fixing data quality;
j) provide assurance that we have effective processes to identify, manage, monitor and report the risks it is or might
be exposed to;
k) investigate and report on incidents or emergencies on our properties and premises;
l) coordinate responses to business-disrupting incidents and to ensure facilities, systems and people are available to continue providing services.
C. Legitimate interests
We may process your information where it is in our legitimate interests do so as an organisation or where it is in the legitimate interest of a third party.
a) We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our customers, employees, and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:
(i) monitor, maintain, and improve internal business processes, information and data, technology, and communications
solutions and services (for example confirmation of payee);
(ii) ensure business continuity and disaster recovery and respond to information technology and business incidents and
emergencies;
(iii) ensure network and information security, including monitoring authorised users’ access to our information technology
for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites,
prevention or detection of crime and protection of your personal data;
(iv) provide assurance on our material risks and reporting to internal management and supervisory authorities
on whether we are managing them effectively;
(v) perform general, financial and regulatory accounting and reporting;
(vi) protect our legal rights and interests;
(vii) manage and monitor our properties (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and
(viii) enable a proposed or actual sale, reorganisation, transfer or other transaction relating to our business;
b) It is in our interest as a business to ensure that we give you the most appropriate products and Services and that we develop and improve as an organisation. This may require processing your information to enable us to:
(i) identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
(ii) send you relevant marketing information (including details of other products or services provided by us, other Hyperlayer group companies or other selected third parties, which we believe may be of interest to you). We may show or send you marketing material online (on our own and other websites including social media platforms), in our App, or by email, SMS or post; Hyperlayer will not share your information with third parties for their own marketing purposes;
(iii) understand our customers’ actions, preferences, transactions, expectations, feedback and financial history to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services by Hyperlayer group companies;
(iv) research your experiences with us and to monitor the performance and effectiveness of products and services;
(v) assess the quality of our customer services and to provide staff training. Communications with our App and website customer support may be recorded and monitored for these purposes;
(vi) perform analysis of customer complaints for the purposes of preventing errors and process failures and rectifying
negative impacts on customers;
(vii) compensate customers for loss, inconvenience or distress because of service, process or regulatory failures;
(viii) identify our customers’ use of third-party products and services in order to facilitate the uses of customer information
detailed above;
(ix) combine your information with third-party data, such as economic data in order to understand customers’ needs better and improve our services; and
(x) consider your welfare needs, including any adjustments, support or different products or services which might be
suitable or protections that should be put in place.
c) It is in our interest as a business to manage our risk and to determine what products and services we can offer and the terms of those products and services. It is also in our interest to protect our business and customers and others by preventing financial crime, fraud, and other criminal activities. This may include processing your information to:
(i) carry out financial risk assessments;
(ii) manage and take decisions about your accounts.
(iii) carry out checks (in addition to statutory requirements) on customers and potential customers, confirmation of payee
data business partners and associated persons, including performing adverse media checks, screening against external
databases and sanctions lists and establishing connections to politically exposed persons;
(iv) share data with fraud prevention agencies and law enforcement agencies;
(v) for risk reporting and risk management;
(vi) perform checks, monitoring and investigation to prevent and detect crime including in relation to money laundering,
fraud, terrorist financing, bribery and corruption, trafficking and international sanctions. It may involve screening
against internal fraud databases, investigating and gathering intelligence on suspected financial crimes, fraud and
threats and sharing data between banks and with law enforcement and regulatory bodies;
(vii) responding to and participating in industry improvements and consultations; and
(viii) responding to and investigating complaints both raised directly to us, or raised through a third party such as
a regulatory body.
Hyperlayer Limited is a company registered in England and Wales (Company number 10130583).
Registered Address: Hyperlayer, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Data Protection Registration Number: ZA286245.
The Smart Spend card is issued by Monavate Ltd., pursuant to license by Mastercard International.
Modulr FS Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011, firm reference number 900573, for the issuance of electronic money and provision of payment services. Hyperlayer Limited is an agent of Modulr FS Limited, firm reference number 902842.
Apply in minutes to see if you're approved with no impact to your credit score.
Download for free
.png)