OUR TERMS

Financial planning
Privacy PoLicy
CoOKIE NOTICE

Privacy Policy for Octopus Money Services Delivered by a Third-Party 

Updated January 2025

This policy applies specifically to customers who are accessing Octopus Money’s services via a third-party firm. This is in addition to our main Privacy Policy.

Octopus Money (“we”, “our” or “us”) develops and provides solutions to allow third party firms and their customers to use our financial coaching and planning service (“Service”). Our clients – referred to in this policy as “Partners” – are companies providing services, including financial coaching, financial advice, wealth management and cashflow modelling. This Privacy Notice explains the different ways that Octopus Money processes personal data for our clients (“Partners”) or their end customers. 

Both Octopus Money and the Partner might act as the data processor and/or data controllers under applicable data protection laws. This Privacy Policy explains how we manage personal data when offering our Service, including where we act as a Processor on behalf of End User Firms.

Section A of this Privacy Notice explains how Octopus Money, as a service provider, processes personal data on behalf of its Partners. Where we do this, data protection law describes us as a data processor, and our Partners as a data controller. When processing data on behalf of our partners, we must do so in accordance with their instructions. If you have questions about how your supplier processes your personal data, including through the use of Octopus Money’s systems, we recommend reaching out to your supplier first.

Section B of this Privacy Notice explains how we collect and process personal data when we act as a data controller in respect of our products and services, such as when you contact us through our website or mobile app, or if you are a partner user of our products and services.

How and why we use your personal data

We only collect and process data about you where we have a reason for doing so and only where that reason is permitted under data protection law. Where we have indicated that we rely on legitimate interests for the processing of your personal data, we carry out a balancing test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests before we proceed with such processing.

We collect and process personal data in the following ways:

Information provided by you or your organisation

When an institution subscribes to or uses our Service, we may collect the following data about you:

  • User Account Information: Name, email address, company name, job title, and contact information of users within the Partner Firm.
  • Customer Data: Information related to the customers of Partner Firms, which may include personally identifiable information (PII), contact details, and other data uploaded or processed via our platform.
  • Financial Information: If applicable, billing information, payment details, and financial records for transaction processing.

Automatically collected information

  • Usage Data: Information such as IP address, device type, browser type, operating system, and activity on the platform (e.g., login time, pages viewed).
  • Cookies and Tracking: We use cookies and similar technologies to track user activity on our platform and improve performance. For more details, see Section 8 on Cookies.

Sharing Partner data 

Octopus Money may share personal data with affiliates and external third parties to assist with the provision of our services (“sub-processors”). To the extent Octopus Money engages sub-processors, we ensure that they provide necessary levels of protection and security to our Partners’ data as we remain responsible for their compliance. To the extent we share or transfer data outside of the UK/EU to sub-processors based in other countries, we ensure that appropriate protections are in place. 

Disclosure of your information (including outside of the European Economic Area “EEA”) 

We may share personal information within the Octopus Group. 

When we share information with third parties, they will process information and/or personal data either as a data controller or as our data processor and this will depend on the purposes of our sharing your information and/or personal data with such third parties. We will only share information and/or personal data in compliance with the applicable data protection laws and regulatory requirements. 

We may disclose information: 

  • When other products and services within the Octopus Group may interest Partner Firms or their customers and they have provided consent; 
  • If we are under a duty to disclose or share personal data with any of the government bodies or agencies, the law enforcement, to comply with any judicial or legal obligations or regulatory requirements or to protect the rights, property or safety of:
    • (i) the Octopus Group websites, 
    • (ii) our customers, 
    • (iii) exchanging information with other companies and organisations for fraud protection and credit risk reduction; and/or 
    • To third-party suppliers who will process our data on our behalf and their authorised employee(s) and/or team(s) who need to access personal data. 

Transfers may be made outside the EEA where we are satisfied that appropriate safeguards are in place. 

We may share some broader statistics and customer profiling information with third parties and within the Octopus Group, but the information or data will be anonymised, so Partners or customers will not be identifiable from that data. We do not rent or sell personal data and/or information details to any other organisation or individual.

Security 

We take appropriate security measures to prevent personal data that we process on behalf of our Partners from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. 

We restrict access to your personal data, so that only employees who have a need to know the information can access it. We regularly review and continually improve our technical and organisational security measures, including the use of encryption for data both at rest and in transit, following industry standards and best practices.

Our security systems and information tools are accredited to ISO27001 standards.

Data Retention

We will retain personal data for as long as necessary to:

  • Fulfil the purposes described in this Privacy Policy;
  • Comply with legal, regulatory, or contractual obligations;
  • Resolve disputes and enforce our agreements.

Please refer to our main Privacy Policy for more detailed record retention periods. . 

Cookies and Tracking Technologies

We use cookies and similar technologies to collect usage information and enhance your experience on our platform. These technologies help us understand how users interact with the Service, personalise content, and improve functionality.

  • Essential Cookies: Required for basic functionality of the Service.
  • Performance Cookies: Collect data to analyse user behaviour and improve our Platform.
  • Marketing Cookies: Used for personalised advertising.

You may adjust your browser settings to disable cookies, but this may limit your ability to use certain features of the Service.

A full list of the cookies which we use is available in our Cookie Notice. . 

Your Privacy Rights

Partner Firms’ customers have the following rights regarding your personal data:

  • Access and Correction: You can request access to your personal data and request that we correct any inaccurate or incomplete data.
  • Deletion: You can request that we delete personal data, subject to certain exceptions (e.g., legal obligations).
  • Data Portability: You may request a copy of the personal data in a structured, machine-readable format.
  • Restrict Processing: You may request limitations on how we process your personal data.

To exercise these rights, contact us at dataprotection@octopusmoney.com.  If we process your data on behalf of a Partner Firm, we may refer your request to them as the data controller.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of the policy. Any changes will be effective when posted on our website. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your data.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email dataprotection@octopusmoney.com  
  • write to us at Data Protection, Octopus Money, 33 Holborn, London, EC1N 2HT
  • Call us: 020 3195 4455

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Section A: Octopus Money as Data Processor 

Processing personal data on behalf of our Partners

We act as a data processor and in accordance with our Partner’s instructions with respect to all the personal data shared by our Partners with us, or any personal data obtained or collected by us when providing our services to our Partners.

If you are a customer of one of our Partners, please also review your own institution’s Privacy Notice for information on how they use your personal data. 

Retention of customer personal data

Our Partners determine retention periods for personal data we process on their behalf.

Rights

Our Partners are responsible for disclosing information about rights available under data protection laws and for helping their customers exercise them. If you are a customer of one of our Partners, further information and advice about these rights should be obtained from them directly.

Section B: Octopus Money as Data Controller

How do we collect your personal data?

We may collect and process the following personal data related to your use of our services:

  • Your name and contact information, including email address.
  • Company details, including your company’s name, industry, country, and your role.
  • Technical and usage data, including (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our services; and information about how you use and interact with our services.
  • Marketing data, including your preferences to receive email marketing from us.
  • Financial Information: If applicable, billing information, payment details, and financial records for transaction processing or cashflow modelling purposes.
  • Financial Advice Processing (If Applicable): For Partners using our financial advice services, we may process your financial data as instructed by you.
  • Financial Planning: Storing and processing personal and financial data uploaded by you or your institution to us.

We collect and use this personal data to provide our services to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing our services.

How your personal data is collected

We use different methods to collect personal data from and about you including through:

Automated technologies. We may also collect personal data via cookies as you interact with our services. Please see the “Cookies” section of this Privacy Notice to learn more.

Your interactions with us. We collect most of this personal data directly from you, for example by filing in online forms, contacting us, or when you enter into a contract to purchase products or services from us.

COMPANY AND TEAM

LEGAL

FOLLOW US

LinkedIn

Instagram

Twitter

Octopus Money Limited is an appointed representative of Octopus Investments Limited which is authorised and regulated in the UK by the Financial Conduct Authority. Registered office: 33 Holborn, London EC1N 2HT. Registered in England & Wales under No. 14069098.

Octopus Money is a trading name of Octopus Money Financial Solutions Limited. Registered in England and Wales (No. 10339119). Authorised and regulated by the Financial Conduct Authority. Our Financial Services Register number is 763630.

As with all investing, your capital is at risk. If you choose to invest with Octopus Money, the value of your investments can go down as well as up and you may get back less than you invest.


Some of our services are not regulated by the Financial Conduct Authority. Before you use any of our services, we will outline which of those services are and are not regulated by the Financial Conduct Authority to ensure you can make a fully informed decision.