In addition to those helpful topics, I thought I would take time to note down all my thoughts in the hope they will be useful for Mondo’s consideration, especially @tristan and @paul, and (as an investor) avoid paying someone else to do it. I do not have a legal background but have reviewed many contracts from technology, information security and information privacy perspectives.
Also, Mondo is putting a lot of effort into functionality, design and usability… but the current documents don’t seem to have the same degree of thought, polish or accuracy. They do rather look like hacked versions of other companies’ documents.
Minor issue but does “processed” somehow exclude “collected, stored, used and transmitted”?
Information we may collect from you
This appears to be a heading, but is rendered in a paragraph style instead of a heading (H2?) style.
2.Information that you provide when you enter a competition or promotion sponsored by us or third parties, and when you report any problem with our website;
The previous item mentions “via our website or mobile application”, so is this item saying that no personal data is collected when reporting a problem about the mobile app or API? I suspect not. Perhaps define “applications” somewhere to include the website, the mobile apps, community forum, API, developer area, Slack, etc, and avoid listing everything in each clause? Some data about potential and actual investors also came via the Crowdcube website - where is that data, and how is it being used/protected/maintained/etc?
3.If you contact us, we may keep a record of that correspondence, including any phone number or email address you use;
What about other modes of communication like Twitter and post? Again, maybe make this clause more generic to avoid listing every current and future method. Maybe also “phone number or email address” is too specific? Does AppChart use email address? Some other identifiers may also be used like account number, customer ID etc?
5.Details of transactions (including details of payment cards and bank accounts used) that you carry out through our website, mobile application, or using the Mondo card.
Replace full stop with a semi colon like the previous clauses.
6.Details of your usage of our mobile application and website including, but not limited to, traffic data, location data, logs, error- & crash-reporting, and other communication data and the resources that you access.
Same as previous.
8.Information you give us explicit permission to access from your mobile device, including your address book, photos, geolocation, gyroscopes, data from your cameras or microphones. You may choose not to give permission to share this data, but it may restrict the usage of certain features of the mobile application;
Possibly needs an “and” added at the end if item 4 in the subsequent list is correct.
We process personal information for the purposes of:
Use of “process” again. See comment at start of this. Also the following five items should start with a capital letter like the previous list.
Use of IP addresses and cookies
Would “user tracking” be more generic. The text in this section sounds a bit outdated. IP addresses and Cookies are not the only way of tracking users, and that so-called “cookie law” was about all tracking technologies, not cookies. This section also all seems to be about the main website. What about the mobile app, and other ways customers interact with Mondo?
the fulfilment of your order
Sounds like this section was copied from an ecommerce merchant’s privacy notice. May require re-writing.
We may disclose your personal information to any member of our group of companies, which includes our subsidiaries, our ultimate owner and any undertakings owned by it.
Does Mondo really have subsidiaries and an ultimate owner? I suspect not.
3.If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
Add “and” at end as previous list(s).
Access to information
Perhaps be more helpful by stating a particular person/role/team, or asking for some particular wording. This will help Mondo itself identify subject access requests (SARs). Consider email/Twitter etc initiated SARs.
Possibly by app alert instead/as well?
16-28 Tabernacle Court, Tabernacle Street, EC2A 4DD
This address is mentioned twice. It is neither the address listed by Companies House (White Bear Yard, EC1R 5DF) nor the address mentioned on the careers page (Epworth St, EC2A 4DL). Possibly should also quote company number?
Mondo Card Terms and Conditions of Use
Inconsistent use of semi-colons and full stops at end of list items.
“Issuer” is mentioned four times always with an initial capital letter, but is not defined anywhere. Should that not be “us” instead?
This list item finishes with "and’, so either the next item should be at the same level or rthe “and” needs tobe deleted.
10.1.We may change any of these terms and conditions, including fees and charges, or introduce new terms. If we make any changes, we will give 2 month’s prior written notice to you by email.
And/or by the app?
10.2.If we change these terms and conditions, the new terms and conditions will be available at www.getmondo.co.uk/terms-and-conditions from the date the change takes place.
Incorrect URL - that is a dead link. Change to “www.getmondo.co.uk/terms”
10.4.Between receipt of the notice and the proposed date of change, if you notify us that you do not accept the change, this agreement will terminate immediately and subject to condition 8.2 you can redeem your total balance at that time without charge.
Maybe this should be referring to the redemption period validity in “8.1” and not the lack of redemption charge in “8.2”?
13.5.We can delay enforcing its rights under this agreement without losing them.
Who/what does “its” refer to?
Community Terms of Service
Not reviewed in detail. But there are contradictions with the other documents above. Access/use is governed by US Californian law.
There are no specific ToS/T&Cs for the main website, mobile app or API (just for the community site mentioned above). These will be very different to the card T&Cs, and probably need to include something about application abuse issues.
How is Mondo assessing data transfers to US due to the current uncertain status of safe Harbor?