Privacy Policy

Last updated: 21st October, 2021

About us

We Block Code Ltd trading as Plutus (also referred to as “we”, “us”, or “our”) is a company registered in England (Company no. 09674279). Our registered address is 9 Heathmans Road, 2nd Floor, London, SW6 4TJ, England.

We’re committed to protecting and respecting your privacy. If you have any questions about your personal information please chat with us on our website, or email us at, or by writing to us at Plutus, 9 Heathmans Road, 2nd Floor, London, SW6 4TJ, England.

If you apply for and receive a debit card, our card issuer, Modulr FS Limited (“Modulr”), will also collect your personal information. We might pass certain information to Modulr to allow you to apply for a Card, and Modulr might also collect certain personal information directly from you. Please read Modulr’s privacy policy to understand how Modulr collects, uses, and shares your personal information.

Before accessing or using our services or applying for a debit card, please ensure that you have read and understood how we collect, store, use and disclose your personal information as described in this privacy policy.


The UK left the European Union and organisations such as ours are subject to two privacy regimes, the UK, and the EU. At present, they do not differ and therefore, this Privacy Notice is compatible with both and below you can read about how we process your data regardless of whether you reside in the UK or in the EU

Article 5 of the UK and EU GDPR states that Personal Data must be processed lawfully fairly and in a transparent manner. In line with the UK and EU GDPRs changes, we are updating our Privacy Notice so you can better understand why and how we collect, process, and destroy your data. We are committed to protecting and respecting your privacy. This policy (together with the Terms and Conditions and any other documents referred to in it) sets out the legal basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

What types of Personal Data do we collect?

We may control, process and use your Personal Data, which may include names, postal addresses, email addresses, telephone numbers or any other Personal Data that you provide to us. We may also, in appropriate cases and to the extent permitted by law, control, process and use certain special categories of Personal Data which are more sensitive in nature (e.g. when undertaking "Know Your Customer" (KYC) or anti-money laundering (AML) checks, we may collect information about any criminal conviction offence that you or the directors of any company might have committed).

Who is responsible for the use of your personal data?

Plutus and Modulr are each separate data controllers of the personal information we or Modulr hold about you in connection with your use of the services and products we provide to you. This means that Plutus and Modulr will determine and be responsible for how your personal information is used in accordance with their individual privacy policy.

Lawful basis for Processing

Where we act as Data Controller, we rely on the following legal basis for processing your personal data

consent - if you are a recipient of our online direct marketing;

legitimate interests - if you are our client or prospect client, business affiliate, employee or potential employee, or our website visitor;

performance of contract - if you are our client, supplier, employee, akin to employee or business affiliate or our website visitor;

legal obligation - if we process Personal Data according to requirements of domestic legislation. For example, we are obligated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain personal data for a period of five years.

Data protection officer

Our data protection officer can be contacted at, and will work to address any questions or issues that you have with respect to the collection and processing of your personal information.

Purpose of data collected

The personal information we collect is for the following legitimate interest:

provision of financial products and services;

promotion of ideas and events relating to services we provide;

accuracy of client records;

maintenance of records of communications and management of your relationship with us;

to respond to you enquires;

to comply with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, fraud, AML and anticorruption);

to carry out, in appropriate cases, KYC checks and other procedures that we undertake prior to you becoming a customer of ours;

prevention and detection of fraud and other illegal activity or misconduct;

and for informing you about compliance with legal and regulatory obligations and provide related guidance;

Automated decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:

our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, or is inconsistent with your previous submissions, or

you appear to have deliberately hidden your true identity.

You have rights in relation to automated decision making: if you want to know more please contact us using the details below.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
Other than the automated processing set out above, we shall not carry out solely automated decision-making using your personal data.

Social media

If you connect or integrate any social media services with services we provide, you may receive social notifications either from us or from third party companies providing social media services on our behalf. You can manage these social notifications through changing your privacy settings on the relevant social media site or discontinuing any interaction. If you register and provide information to a forum or blog on our Website or App, the information you provide will be published and will be publicly available on our Website or App. It may also be used to address any concerns or complaints about our services directly with you if you are an account holder.

Who we share our information with

We will not share personal information about you with third parties without your consent. We are required, by law, to sometimes pass on some of this Personal Data to:

companies and organisations that assist us in processing, verifying or refunding transactions you make via our apps or website and in providing any of our Services that you have requested;

card producers and networks;

customer 'interface' providers (like the ones who manage our support platform);

companies that do advertising for us (but we won't share identifiable personal data with third parties for their own marketing unless you give us permission, and you can opt out at any time);

anyone who you give us explicit permission to share it with;

identity verification agencies to undertake required verification checks;

fraud prevention agencies to help fight against financial crime including fraud, money- laundering and terrorist financing;

any third party as a result of any restructure, sale or acquisition of our group or any Affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and

regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law allows or requires us to do so.

International transfer outside the EEA

The Firm does not transfer your personal information outside of the European Economic Area (EEA) unless the transfer is necessary for one of the reasons set out in the GDPR including the performance of a contract between the Firm and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.

In these cases, we will follow the GDPR Guidelines in protecting the transfer of data to countries outside the EEA to ensure that the level of data protection afforded to individuals by the GDPR is not undermined.

The Firm will only transfer Personal Data outside the EEA if one of the following conditions applies:

the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ this refers to (individual’s resident rights and freedoms);

appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the Responsible Officer;

the Data Subject has provided Explicit Consent (Explicit consent is where permission has been given by the Data Subject in writing to the proposed transfer after being informed of any potential risks.


We will keep your Personal Data for no longer than reasonably necessary. We will retain your personal information in accordance with legal and regulatory requirements as set out in our Data retention policy.

Your rights and your Personal Data

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to make copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

You have a right:

to request a copy of your Personal Data which the Firm or related data Controller holds about you;

to request the Firm or any related data Controller to correct any Personal Data if it is found to be inaccurate or out of date;

to request your Personal Data is erased where it is no longer necessary for the Firm or related data Controller to retain such data;

to withdraw your consent to the Processing at any time if consent constitutes the lawful basis for processing;

to object to Processing based on grounds relating to the Data Subject situation if the processing is necessary for the performance of a task carried out in the public interest or the processing is necessary for the purposes of the legitimate interest by us or a third party, unless such interest is overridden by your fundamental rights and interests;

to request a restriction is placed on further Processing;

to lodge a complaint with the Information Commissioners Office (the UK Supervisory Authority); you can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;

Further Processing

Where we may seek to further process your data other than for the original purpose for which it was collected, the Firm shall only further process such data where the new Processing is compatible with the original purpose.

Safeguarding measures

We take your privacy seriously and take every reasonable measure and precaution to protect and secure your Personal Data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including, without limitation, encryptions.

Special Categories of Data (if applicable)

Owing to the products and services that we offer, such as performance of KYC and other background checks, we sometimes need to process special categories of data which are deemed to be more sensitive in nature. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so. Where we rely on your consent for Processing Special Categories Data, we will obtain your explicit consent through electronic means.

Legitimate Interests (if applicable)

We occasionally process your personal information under the Legitimate Interests’ legal basis. Where this is the case, we have carried out a Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own and that such interests are proportionate and appropriate such as for the purposes of HR, marketing and day-to-day operations.


When sending marketing materials to customers, we may have the option to rely on your consent or legitimate interest.

We only use legitimate interests for marketing if we have assessed that the information being sent is beneficial to the customer, and have weighed our interests against your own and there is little to no risk posed, the method and content is non-intrusive, and the material being sent is something you would usually expect to receive.

Cookies, analytics and traffic data

Cookies are small text files which are transferred from our website, applications or services and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our website, applications and services better for you.

We provide the following information with some explanations to ensure transparency to our users:

what types of cookies are set;

how long they persist on your user’s browser;

what data they track;

for what purpose (functionality, performance, statistics, marketing, etc.;

where the data is sent and with whom it is shared;

how to reject cookies, and how to subsequently change the status regarding the cookies.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.


Get the Plutus app

Scan the QR code to download the app

Apple app storeGoogle playstore