Privacy & Cookie notice
Last updated: 30 March 2020 (version 4.4)
Trezeo Limited (“We”, “Us”, “Trezeo”) are committed to protecting and respecting your privacy.
This notice describes the privacy practices of Trezeo, its subsidiaries and affiliated companies with respect to information relating to you that you or third parties provide to Trezeo, including information collected or provided on the Trezeo website www.trezeo.com (the Website) and Trezeo’s mobile application (the Mobile App).
Trezeo is a data controller and is registered in the UK with the Information Commissioner’s Office (the ICO) under registration number ZA286309 and in Ireland with the Office of the Data Protection Commissioner (the DPC) under registration number 17672/A. Our lead supervisory authority in the EU is the DPC. By visiting and using our Website, you acknowledge and agree to the practices described in this notice.
Information we collect about you
Our primary goal in collecting information about you is to provide you with your Trezeo Account, help you manage your account effectively and ensure that we communicate in the most effective manner with you. The information we collect also helps us personalise and continually improve your experience on our Website and through the Mobile App, and your experience of services provided by Us and our Affiliates.
The information we collect about you may include:
- Contact information (e.g. email address and telephone numbers);
- Financial information (e.g. your bank account and income details); and
- Website analytics (e.g. which pages you visited on our Website).
This information may come from:
- You, when you sign up to use the Trezeo app; e.g. when you open an account with Trezeo and use the app to redirect your income;
- The way you use your Trezeo account;
- Your digital devices;
- Your interactions with us, including information you may voluntarily share with us;
- Credit reference agencies (who may check the information against other databases – public and private – to which they have access) or fraud prevention agencies;
- Account information service providers (AISPs) – who may provide us with 12 months of transactional data from your designated bank account;
- Authorised Electronic Money Institutions (EMIs) – who may pass your data to its own sub-contractors and partners when this data is necessary for them to fulfil their legal and regulatory obligations as an issuer of electronic money; and
- Partner API’s (Application Programming Interface) – who may pass information in relation to your employment status including hours worked, earnings, future jobs, location,enter code here etc.
We do not seek or knowingly collect any personal data about children under 18 years of age.
How we use your personal information
The UK’s data protection law allows us to use your personal information, provided we have a legal basis for doing so. The legal basis that we rely on to use your information is laid out below:
- Verifying your identity to enable us to consider and process your application
- To assist you in setting your regular mandate payment by reference to your average income
- Verifying the validity of your bank account details by accessing your account via an account aggregation provider
- For administrative purposes, for example to process payments, update/maintain our records, fraud monitoring and enforcement of terms; and
- To administer our site and the Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
Comply with a legal obligation:
- Verifying your identity to enable us to consider and process your application;
- To prevent or detect fraud, money laundering or other crime; and
- To comply with applicable regulatory record-keeping requirements.
To perform our obligations under our agreement with you:
- To enhance your experience of our Website and of our services, for example by conducting statistical analysis, or for editorial or feedback purposes; and
- To assist you in setting your regular mandate payment by reference to your average income.
- We may ask for your email address so that we may provide you with marketing communications that we believe may be of interest to you but aren’t directly related to our use of the platform.
When you provide your information, we will ask for your consent to contact you by telephone, short message service (SMS), email or by post to assist you with your account or to provide you with information about similar products and services that we may provide. You are able to withdraw your consent in relation to us using your information for marketing purposes at any time in the following ways:
- Via email: Click the “Unsubscribe” link in any email communication and submit your email address on the next screen or email us at firstname.lastname@example.org; or
- Via our app: Update your contact preferences in the settings section.
If you opt-out of our use of your information for marketing purposes, we will process your request as soon as possible. Please note that we reserve the right to take reasonable steps to authenticate your identity with respect to any such request. We will only transfer your information to third parties for marketing purposes when we have obtained your express consent to do so.
Disclosure of your information
We may disclose your personal information with selected third parties including:
- Group policy insurance providers to manage the coverage of eligible customers under the Personal Accident and Sickness Insurance policies.
- Credit reference and fraud prevention agencies;
- Our regulators or government authorities, for example the Financial Conduct Authority, the Financial Ombudsman Service and crime prevention agencies;
- Collection agencies to help us collect any outstanding money owed;
- Third-party data processors, for example AISP’s; and
- Anyone to whom we may transfer all or part of our assets.
You will receive notice when information about you may be shared by us with third parties in circumstances not defined in our legal basis, and you will have an opportunity to notify us that you do not wish for such information to be disclosed.
We reserve the right to use and disclose all information that does not constitute “personal data” (i.e. that you cannot be identified from).
If you have any questions or concerns about the sharing of your information as described above, please contact us as described at the end of this notice.
Credit Reference Agencies
In order to provide you with the credit functionality on your Trezeo App, we will perform credit checks on you with one or more credit reference agencies (“CRAs”). We may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness;
- Verify the accuracy of the data you have provided;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us.
We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
More information about CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN) available at https://www.callcredit.co.uk/crain.
How we keep your information secure
We have measures in place to protect the security and confidentiality of your information and we strive to keep it accurate. We only keep your information for as long as is necessary and required by law.
We generally keep records of any transactions that you enter into for a minimum of six years.
Some of the security measures include:
- We work to protect the security of your personal data during transmission by using Secure Sockets Layer (SSL) software, which encrypts personal data you input;
- We store personal data in an encrypted database;
- We transmit personal data in an encrypted format; and
- Our networks are secured with certified firewalls in a multi-layered fashion with redundancy.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. If we transfer your personal data to a country outside the EEA we will ensure that the receiving party agrees to apply the same levels of protection as we are required to under applicable data protection legislation.
By providing us with your personal information on our Website or in the course of using our services, you consent to the transfer of your information in this way. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Notice.
Your personal information is protected under data protection law and you have a number of rights (explained below) which you can seek to exercise.
Please contact us using the details shown below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights, we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
Right of access
Subject to certain exceptions, you have the right of access to information that we hold about you upon request. You can exercise this right by making a request in writing, by email or telephone using the contact details in the contact section below.
You have the right to ask us not to process your information for marketing purposes (see above).
We will inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking applicable boxes on our Website or other forms we use to collect your data. You can also exercise the right at any time by contacting us by post or email using the details in the contact section of this notice (see below).
Right to rectify your personal information
If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
Right to be forgotten
You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in particular circumstances. It may not therefore be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations or to exercise or defend legal claims.
Right to restriction of processing
In some cases, you may have the right to have the processing of your personal information restricted.
For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified. You have the right to ask us not to use your information for marketing purposes. We will ask for your consent to use your information for these purposes when we collect it and you can exercise your right to prevent such processing by checking certain boxes on our Website or other forms we use to collect your data. You can also exercise the right at any time by contacting us by post or email using the details in the contact section of this notice (see below).
Right to object to processing
We may use your personal information to further our legitimate interests;
For example, we may use information about you to improve our marketing messages because we have a legitimate interest in making sure our customers know about new products which could be of benefit to them. We’ll always give you a right to object whenever we intend to use your personal information for our legitimate interests.
Right to data portability
You have the right to receive, move, copy or transfer your personal information to a controller which is also known as ‘data portability’. You have the right to this when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means. You should note that this right is different from the right of access (see above) and the types of information you can obtain under the two separate rights may be different.
Consequences of not providing us with your personal information
You don’t have to provide us with your personal information. However, we need your information partly because the law requires us to ask for certain details about you and partly so that we can offer products and services to you in accordance with our agreement with you. This means that if you don’t provide us with the information we ask for, we’ll not be able to open an account for you.
If you have any questions or concerns about how we treat your personal data and protect your privacy, or if you have any comments, please send them to us by email at email@example.com or by post to:
Trezeo Limited, Epworth House, 25 City Road, London, EC1Y 1AA
Making a complaint
If you’re unhappy with how we’ve handled your communication in regards to how we treat your personal data and protect your privacy, you can refer your concerns to the Information Commissioner’s Office, the body that regulates the handling of personal information in the UK, at:
Information Commissioner’s Office Wycliffe House Water Lane Wimslow SK9 5AF Tel: 0303 123 1113 Website: www.ico.org.uk
Conditions of use and changes to this Notice
If you choose to visit our Website, your visit and any dispute over privacy, is subject to this Notice. We reserve the right to change this Notice at any time by notifying you of the existence and location of the new or revised Notice or by posting the changes online at our Website.
What are cookies?
Like many websites, we use “cookies” when you visit our Website.
Cookies are pieces of information that are transferred to your computer’s hard drive via your web browser and we use them for various purposes to improve your experience on our Website, like identifying errors or how to make your journey better. By visiting our Website, you agree to us placing cookies on your device and accessing them when you visit the Website in the future.
Further information about cookies can be found at www.allaboutcookies.org.
What cookies do we use?
For these reasons, we may share your site usage data with our analytics partners. When you first visit www.trezeo.com from a new device, you will be given the opportunity to allow cookies and set your preferences. By clicking “Accept Cookies,” you consent to store on your device all the technologies described below. You can change your cookie settings at any time by clicking “Cookie Preferences.” This is located at the bottom of our homepage. Please note that by deleting or disabling future cookies your user experience of our Website may be affected and you might not be able to take advantage of certain functions on the Website, such as signing up or connecting your bank account.
These cookies are essential in order to enable you to move around the Website and use its features, like when you sign up to Trezeo and provide your personal details. Without these cookies, you can’t sign up to the platform because we will not be able to fulfil our legal obligations to you or our Regulator.
- Authentication cookies: Session cookie recognising user application through to completion.
- Security cookies: Session cookie used to support security measures within the site.
- Mixpanel: This helps us track customers journeys and provide the most appropriate communications to help users through the sign up process.
These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from certain pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and, therefore, anonymous.
- Google Analytics: Session cookie recognising user application through to completion.
These cookies are used to deliver adverts and communications most relevant to you and your legitimate interests. They can limit the number of times you see an advertisement as well as help measure the effectiveness of advertising campaigns so that you aren’t bombarded with irrelevant ads.
- Facebook: This helps us track conversions from advertisements that we place on Facebook so that we can keep them relevant.
- Google Adwords: This helps us to track conversions from advertisements that we place on Google and its ad network.