Dated: 6 Nov 2020
|The personal data we collect about you and how we use it||What type of personal data are we using?||Purpose of Processing||What lawful basis do we rely on to use your personal data?|
|If you are a TrueLayer Customer||Your name, date of birth, address, email, number, username, client ID and login data if you register as a user.||To deliver our Services to you||To deliver a contractual service to you as our Customer|
|Your name, date of birth, address, email, number and photo identification. Such personal data may include any criminal background information.||To conduct any due diligence that we are required to do in order for you to receive our Services||To comply with our legal obligations (including regulatory requirements that we are under)|
|Your name, email address, username and login data you supply to us if you register as a user.||To provide you with updates on our activities, services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our Services||With your consent|
|If you are an End-User of our AIS Tool or our Verification Tool||Your email address||To allow us to identify you for reporting, compliance and customer service purposes.||To comply with our legal obligations (including regulatory requirements); and It is necessary for our legitimate interest to ensure we provide you and your Provider with the Services and to improve our Services|
|If you are an End-User of our PIS Tool or our Verification Tool||Your name, email address, postal address, account number and sort-code||To allow us to identify you for reporting, compliance and customer service purposes.||To comply with our legal obligations (including regulatory requirements); and It is necessary for our legitimate interest to ensure we provide you and your Provider with the Services and to improve our Services|
|If you are an End-User of Merchant Services (as defined in the End-User Terms of Service)||Any Personal Data that you have given to your Provider (through whom you are accessing Merchant Services), including your name, account number, sort code, date of birth, address and email address and any photo identification. Such personal data may include any criminal background information.||To conduct any identification and verification checks which are required for customer due diligence during the onboarding process that we are required to do in order for you to receive our Services||To comply with our legal obligations (including regulatory requirements that we are under)|
|Your name and IBAN details that are set up when you register with your Provider through whom you are accessing Merchant Services||To deliver our Merchant Services to you and/or your Provider, including initiating payment and, where relevant, processing a refund.||It is necessary for our legitimate interest in ensuring that we can provide you and your Provider with the Services|
|If you are an End-User of any of our products||Your name, address and any photo identification. Such personal data may include any criminal background information.||To conduct any due diligence that we are required to do in order for you to receive our Services||To comply with our legal obligations (including regulatory requirements that we are under)|
|Your name, email address, username and login data you supply to us if you register as a user via any TrueLayer portal or console.||To deliver our Services to you and to give you access to information we hold about you||With your consent|
|Your username, email and account information, supplied to us by your Provider||To debug any issues you have when you access our Services and to improve our automated processes for retrieving data.||It is necessary for our legitimate interest in ensuring that we can provide you and your Provider with the Services and to allow us to continuously improve our Services|
|Any Personal Data that is contained in the account information that you have given us your explicit consent to access in accordance with the End-User Terms of Service.||To anonymise or pseudonymise the Personal Data in order for it to be used to improve our Services, to be part of a market study or analytics by us or a third party.||It is necessary for our legitimate interest in ensuring that we are able to continuously improve and develop our Services and enhance the experience of you and your Provider|
|If you are a visitor to our Site or Tool||Your name, email address and any other Personal Data you supply to us (such as any feedback)||To provide you with updates on our activities, services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our Services.||With your consent|
|Any Personal Data we collect as part of your Cookies setting, namely online identifiers (such as your cookie identifier, IP address, browser type and version, time zone settings and location)||To allow us to run the operation of our Site and ensure that our provision of Services through our website runs as smoothly as possible||With your consent|
How we collect your Personal Data
These are the ways in which we may collect your personal data:If you are an End-UserIf you are an End-User, the provider of the application through which you access our Services (your “Provider”) will direct you to use our Services which will include the following:
- If you are an End-User using either:
- our AIS product, through a software tool (the “AIS Tool”); or
- our Verification product, through a software tool (the “Verification Tool”)
- If you are an End-User using our payment initiation services (“PIS”) product, through a software tool (the “PIS Tool”) which you can use to consent to and authorise a payment as specified by your Provider; this may require that your ASPSP sends us your bank account details. When you use the PIS Tool, we will collect and process the Personal Data that you provide to us (e.g. any Personal Data you include in the payment reference) in order for us to provide the PIS Tool. We may also collect and process Personal Data contained in your bank or payment account details shared with us by your ASPSP.Our Tool may merge or aggregate Account Information retrieved from a particular ASPSP with Account Information retrieved from other ASPSPs where you have consented to us accessing and transmitting such information. Our Tool may use your Account Information for profiling purposes or store your Account Information if this forms part of the Services we are delivering to your Provider, for example, if it is necessary for the functioning of your Provider’s app.
- If you have registered to use the TrueLayer End-User Portal or console we will collect and process your name, email, username that you provide to us in order to access the End-User Portal and the information about your use of the AIS Tool.
- Through email when you communicate with us.
- When you visit our Site.
- When you provide us with your marketing preferences.
- through our Site when you register as a Customer or use our Services;
- through email when you communicate with us;
- through information that you provide to us, and from third party sources such as Companies House and LexisNexis for due diligence and onboarding purposes;
- when you visit our Site; and/or
- when you provide us with your marketing preferences.
- through cookies or similar tracking technologies that we have set on our Site; and/or
- when you provide us with your marketing preferences through the Site.
How long we keep your Personal Data
We will not keep your Personal Data for any longer than we think is necessary.When deciding how long to keep your Personal Data, we consider factors including:
- our contractual obligations and rights in relation to the Personal Data involved (including the End-User Terms of Service);
- legal obligation(s) under applicable law to retain data for a certain period of time;
- whether we relied on your consent to use the Personal Data, but you have since withdrawn your consent;
- statute of limitations under applicable law(s);
- our legitimate interests where we have carried out balancing tests;
- fraud and risk management;
- (potential) disputes; and
- guidelines issued by relevant data protection authorities.
International transfers of your Personal Data
- it is to a country that has been deemed to provide an adequate level of protection for Personal Data by the European Commission (or the UK once the Brexit transition period is over); or
- we have entered into a standard contractual clause approved by the European Commission or the UK once the Brexit transition period is over, which give Personal Data the same protection it has in the EEA or the UK, with the recipient of the data.
Right of accessYou have the right to ask us to provide any personal data we have collected about you, to you. Should you wish to do so, please email us at [email protected] to make a subject access request detailing:
- your name,
- your address,
- the details of your Provider, and
- the period of data you would like access to.
Questions and Contact Information
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information about how we process your Personal Data, you can contact us at [email protected] or by mail at:
- Data Protection Officer,
- 1 Hardwick Street,
- London EC1R 4RB.
Subject to such Account Information being returned by the relevant ASPSP, Account Information shall include, but not be limited to, the following financial information and Personal Data:
- Personal details: name, date of birth, full address(es), email address, phone number, gender;
- Bank account information:
- Account type (e.g. current, saving, investment, credit card);
- Account name;
- IBAN/Account number/Sort code/SWIFT;
- Account balance information:
- Current balance;
- Available balance (credit cards);
- Meta-data (arbitrary data that banks associate with a transaction e.g. category); and/or
- Additional data which TrueLayer may collect in the future (as confirmed in writing from time to time):
- Loans data when available;
- Insurance data when available; and/or
- Investments data when available;
- Payment due date (credit cards) when available; and/or
- Minimum payment due (credit cards) when available.