Overview
This Privacy Notice explains how we collect, store, process and protect your personal data when providing you with our Services.
Please read this Privacy Notice carefully before using our website, console or other web applications (collectively the "Site") or any of our Services. If you have any questions or queries about the contents, please email us at [email protected].
TrueLayer (Ireland) Limited (“TrueLayer”) (with company number 671615) with its registered office at 6th Floor, 2 Grand Canal Square, Dublin 2, D02 A342, Ireland is the data controller for the purposes of this Privacy Notice.
In this Privacy Notice, TrueLayer will be referred to as "we", "us", or "our".
Depending on the context, “you” means a visitor to our Site, a representative of one of our Merchants, or the End User of one of our Services.
Our Services
If you are an End-User, the provider of the website or app through which you access our Services (a Merchant) will direct you to use our Services.
We currently provide the following Services (these are further explained in our Terms of Service):
Account Information Services (AIS)
Payment Initiation Services (PIS)
Verification Services
Signup+
Pay Ins
Pay Outs
Remember Me
What personal data do we collect?
The table below sets out the personal data that we collect, process and in some instances store when you use our Services.
| The personal data we collect about you and how we use it | What type of personal data are we using? | Purpose of Processing | What is our lawful basis for this processing? |
|---|---|---|---|
| If you represent a TrueLayer Merchant | Your name, date of birth, address, email, number, username, client ID and login data if you register as a user. | So we can register you as a user and deliver our Services. | Performance of a contract with you |
| Your name, email address, username and login data you supply to us if you register as a user. | To provide you with updates on our activities, Services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our Services | With your consent | |
| Your name, date of birth, address, email, phone number, photo identification and any criminal background information. | To conduct any due diligence that we are required to do in order for you to receive our Services | To comply with our legal obligations (including regulatory requirements that we are under) | |
| If you are an End-User of any of our products | Your name, address, photo identification and any criminal background information. | To conduct any due diligence that we are required to do in order for you to receive our Services | To comply with our legal obligations (including regulatory requirements that we are under) |
| Your name, email address, username and login data you supply to us if you register as a user via any TrueLayer portal or console. | To deliver our Services to you and to give you access to information we hold about you | With your consent | |
| Your name, email address, postal address, account number and sort-code | To keep a record of your use of our Services, to provide our Services to you and/or our Merchants, to improve our Services and to allow us to identify you for reporting, compliance and customer service purposes. | To comply with our legal obligations (including regulatory requirements), and where it is necessary for our legitimate interest in ensuring we can provide you and your Merchant with the Services and to continuously improve our Services | |
| If you are an End-User using our AIS or Verification Service | Any personal data that is contained in the account information that you have given us your explicit consent to access in our Terms of Service including your bank account, balance and transaction details | To deliver our Services to you and/or our Merchants and to improve our Services | It is necessary for our legitimate interest in ensuring that we can provide you and your Merchant with the Services and to continuously improve our Services |
| If you are an End-User using our PIS Service | Any personal data that you give to us, for example your name, email address, username, login data and any payment reference that you supply. | To deliver our Services to you and/or our Merchants and to improve our Services | It is necessary for our legitimate interest in ensuring that we can provide you and your Merchant with the Services and to allow us to continuously improve our Services |
| If you are an End-User whose bank operates an ‘Embedded Flow’ authentication procedure as described in the Terms of Service | Your online banking personalised security credentials | To deliver our Services to you | Performance of a contract with you |
| If you receiving a payment from a Merchant | Your name, account details (account number, sort code and/or IBAN), date of birth and postal address | To deliver our Services to you and/or our Merchants including processing a Pay Out to you. | It is necessary for our legitimate interest in ensuring that we can provide you and your Merchant with the Services and to allow us to continuously improve our Services |
| If you are an End-User using our Signup+Service | Your name, postal address, date of birth, phone number, email address, account number, sort-code and/or National ID number | To deliver our Services to you and/or our Merchants and to improve our Services | It is necessary for our legitimate interest in ensuring that we can provide you and your Merchant with the Services and to allow us to continuously improve our Services |
| If you opt in to store your details with us for future payments (Remember Me / Save Details) | Any personal data that you have chosen to store with us | To deliver our Services to you and/or our Merchants and to improve our Services | Performance of a contract with you |
| If you are a visitor to our Site | Your name, email address and any other personal data you supply to us (such as any feedback) | To provide you with updates on our activities, Services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our Services. | With your consent |
| Any personal data we collect as part of your Cookies setting, namely online identifiers (such as your cookie identifier, IP address, browser type and version, time zone settings and location) | To allow us to run the operation of our Site and ensure that our provision of Services through our website runs as smoothly as possible | With your consent |
Important: Before we process your personal data to pursue our legitimate interests for the above purpose, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedom. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
We will only use your personal data for the purposes for which we collect it (as outlined in this section) unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How do we collect your personal data?
Everyone
We will collect personal data about you:
Through email when you communicate with us.
When you visit our Site through cookies or other similar tracking technologies
For more information see the “Cookies” section below
When you provide us with your consent, your marketing preferences.
If you are an End User
We will collect personal data about you:
From Merchants
Basic identity information (name, email address, postal address, phone number, date of birth) will be provided to us by your Merchant. This is required in order for us to provide you with the Service you have explicitly consented to.
From you
Some of our Services require you to share personal data with us directly. We will also give you the opportunity to store some of this information with us to speed up future payments.
From your bank
The provision of our Services requires us to collect information from your bank regarding bank accounts, account transactions and other financial information. Please note that we do not collect this type of information without your explicit consent.
From Identity Providers
We will sometimes use third party identity providers to obtain further information about you in order to provide our Service.
| Service | What Data | From Who |
|---|---|---|
| AIS and/or Verification | personal data in your Account Information | Your bank |
| personal data identifying you | Your Merchant | |
| Online banking personalised security credentials* *embedded flow only | You | |
| PIS and/or PayIn | personal data in your Account Information or payment account details shared with us | Your bank |
| personal data identifying you | Your Merchant | |
| personal data included in a payment reference | You | |
| Online banking personalised security credentials* *embedded flow only | You | |
| Signup+ | Personal data identifying you | Your Merchant |
| Personal data identifying your bank account | Your bank | |
| Personal data identifying you | Our third party data provider who you have expressly instructed to provide such personal data | |
| PayOuts | personal data to identify your bank account | Your Merchant |
| Save details / Remember me | personal data collected as part of the Service we provide you with | You Your Merchant Your bank |
| End User Portal Registration | personal data to identify you | You |
If you represent a Merchant
If you represent a Merchant, we may collect your personal data from the following sources:
through our Site when you register as a Merchant or use our Services
through information that you provide to us and from third party sources such as Companies House and LexisNexis for due diligence at onboarding and periodically.
How long we keep your personal data
We will not keep your personal data for any longer than we think is necessary. When deciding how long to keep your personal data, we consider factors including:
our contractual obligations and rights in relation to the personal data involved (including the Terms of Service)
legal obligation(s) to retain data, or delete data, for/after a certain period of time
whether we relied on your consent to use the personal data, but you have since withdrawn your consent
our legitimate interests where we have carried out balancing tests;
fraud and risk management
(potential) disputes
guidelines issued by relevant data protection authorities.
Sharing of your personal data
By using our Services as an End-User, we share your personal data with your Merchant who will become responsible for it. You can refer to your Merchant’s privacy notice to understand how they use and manage your personal data.
If you are an End-User or represent a Merchant, we may also have to share your personal data:
if we reasonably consider that we are under a duty to disclose or share your personal data in order to comply with any legal obligation
if we need to enforce or apply our Terms of Service and other agreements
to protect the rights, property, or safety of TrueLayer, our Merchants or others
to fulfil our legal obligations
with our professional advisors such as lawyers, auditors, consultants or insurers
with partners or suppliers who process personal data on our behalf.
We take the security and protection of your personal data seriously and only allow such suppliers to use your personal data for specified purposes and in accordance with our instruction
with third parties to whom we may sell, transfer or merge parts of our business or assets.
If a change like this happens to our business, the new owners may use your personal data in the same way as set out in this Privacy Notice
to another company in our group, if this is necessary to ensure continuity in the provision of Services to you, or to reflect any business reorganisation or expansion that we may engage in from time to time
Depending on the Service that you use, your personal data may be shared with one of the following entities solely for the purpose of providing that Service.
| Processor | Service Description | Location of Processing | Which Services? |
|---|---|---|---|
| AWS | Cloud infrastructure Merchant | United Kingdom & Ireland | All Services |
| Zendesk | Zendesk provides our ticketing and chat system used to communicate with you | Ireland | All Services |
| Pontica | Pontica is used to triage incoming end user questions and complaints | Ireland | All Services |
| Auth0 | Auth0 provides user authentication and authorisation Services | United Kingdom | All Services |
| Salv Technologies OÜ | Providing transaction monitoring Services | Germany | All Payments Products |
| Moodys | Providing transaction monitoring Services | Belgium | All Payments Products |
| AS LHV Pank | LHV is our partner bank for SEPA CT, SEPA INST and Target2 Covering the EU | Estonia | EU PayIns and PayOuts |
| Form 3 | Form3 is our technical Service provider that facilitates our communication with the SEPA and Target payment schemes. Covering the EU | Ireland and United Kingdom | EU PayIns and PayOuts |
| ClearBank | ClearBank is our partner bank and provides TrueLayer the ability to facilitate Faster Payments, CHAPS, and BACS payment schemes covering the UK | United Kingdom | UK PayIns and Payouts |
| Signicat | Signicat is our data provider for the purposes of our Signup+ product | Norway, Ireland and Denmark | Signup+ |
| Twilio | Twilio sends a one time password (OTP) to authenticate you | Ireland | Remember me / Save Details |
| GB Group Plc | Providing transaction monitoring Services | United Kingdom | All Payments Products |
International transfers of your personal data
The data that we collect from you will generally speaking not be transferred to or stored outside the European Economic Area ("EEA") or the UK. We will take reasonable steps to ensure that your personal data is handled securely and in accordance with this Privacy Notice.
However, whenever we do transfer your personal data out of the EEA or the UK, we will only do so if:
you have given your prior written authorisation; or
there is an appropriate transfer agreement or other approved transfer mechanism in place such as Standard Contractual Clauses or an adequacy decision by the European Commission.
Please contact us if you want further information on how we ensure adequate protection for any personal data transferred out of the EEA or the UK.
Cookies
When you browse the Site, use our Services or visit websites or apps that offer our Services, we will automatically receive your computer’s internet protocol (IP) address. We may collect data about how you interact with our Site or Services through the use of cookies or other similar tracking technologies (collectively referred to as Cookies). A cookie is a small file of text that is stored on your browser or the hard drive of your computer.
We use Cookies to distinguish you from other users of our Site and/or Services. It helps us to remember your preferences. When you visit our Site and/or use our or Services, Cookies allow us to keep track of how many times you’ve visited us, how long you’ve visited us for and what you’ve done whilst you’ve been on our Site and/or using our Services.
The information collected with these technologies helps us in ensuring that we can:
provide you with, and continuously improve, our Services;
enhance your experience of our Site;
better understand how our Site is used;
help our Merchants better understand the uses of their platform; and
help our Merchants to enhance your customer experience.
None of the Cookies we use are used to identify you as an individual. They typically collect anonymous identifiers associated with your device, browser, referring site URLs, time or usage information. Cookies never store any of your banking details.
Cookies can be "first party" which are cookies set by us, or "third-party" which are cookies that are placed on your computer/device by a third party when you visit our Site or use our Services.
We will only deploy non-necessary Cookies on your computer/device when we have obtained your prior consent to do so. If you choose to consent to our use of non-necessary Cookies, you may withdraw your consent to these Cookies at any time.
We use the following types of cookies:
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Managing cookies
We only deploy strictly necessary Cookies upon the initial loading of our Site. All other types of Cookies are non-necessary and so we need your prior consent to deploy them. Non-necessary Cookies help to maximise your experience when using our Site.
We request your prior consent to use non-necessary Cookies via our Cookie banner. You can change your Cookie preferences and withdraw your consent through changing the setting via our cookie banner.
You may also set your browser to disable Cookies, but this action may block our strictly necessary cookies and prevent our Site from functioning properly, and you may not be able to fully utilise all of the Site's features and services.
Your Rights
Subject to applicable law, you have the following rights which you can seek to exercise in respect of your personal data that we process.
The right to request confirmation of whether we process any personal data relating to you, and if so, to request a copy of that personal data
The right to request us to stop processing personal data and, in particular, to cease using your personal data for any direct marketing purposes
The right to request that we restrict the use of your personal data in certain circumstances
The right to request that we rectify or update your personal data that is inaccurate, incomplete or outdated
The right to request that we delete any personal data we hold about you where there is no legitimate reason for us to continue to process it
Where the processing of your personal data is based on your previously given consent, you have the right to withdraw your consent at any time
The right to request that we export your personal data to another company, where technically feasible
In order to exercise any of the above rights, please email us at [email protected] to make a subject access request detailing:
your name;
your address;
the details of your Merchant; and
the period of data you would like access to.
We may not always be able to delete or correct your data on request if it is not within our control (such as with Account Information, in which case we will forward your request to the ASPSP) or if we are subject to legal requirements to keep the data.
Changes to this Privacy Notice
Any changes we make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy Notice.
Questions and Contact Information
If you would like to access, correct, amend or delete any personal information we have about you,, or simply want more information about how we process your personal data, you can contact us at [email protected]
Making a complaint
Should you be dissatisfied with the service we provide, you have the right to register a complaint with us at [email protected] and/or file a formal complaint to the Data Protection Commission, or to the relevant data protection supervisory authority in your country of residence.