Privacy Policy

Dated: July 2018

Overview

Privacy and the security of data are of paramount importance to all of us at TrueLayer. Please read this document carefully, and if you have any questions or queries about the contents, please email us at privacy@truelayer.com

In this Privacy Policy, TrueLayer will sometimes be referred to as ‘we’, ‘us’, or ‘our’. Additionally, there are references to “You”. In these instances, “You” may be a visitor to our site, or a user of our Services (“Provider”), or a customer of a Provider (“End User”).

Our company is based at 40 Islington High Street, London N1 8XB, and our registration number with the Information Commissioners Officer - the regulator in charge of data protection and privacy - is ZA207054.

We are the data controller for the purposes of the personal data we collect via our website and for the performance of the services listed under the usages of your personal data, below (together, the “Services”).

Use of Our Site

When you use our website (the “Site”) we will not collect any personal data about you, except your IP address, and if you have signed up for our marketing services, your email address that you will have provided to us.

Use of our online Services

Collection of personal data

When you use our Services we will have access to your personal data that you submit to us and personal data held by Account Servicing Payment Service Providers (i.e. any payment service provider, such as a bank or a credit card issuer that maintains an online payment account on your behalf) (“ASPSPs”) (“Personal Data”) for the duration of the transmission.

Such Personal Data may include your date of birth, gender, account information, account balance, transactions, information on loans, insurance data and investments data. The manner in which we access, use, process and store your personal data for the provision of the Services is set out below.

Personal Data

Use of your personal data

Your Provider will direct you to use our Services which will include the following:

  • We will provide you with a software tool (“Tool”) which you can use to transmit information (including personal data) relating to payment accounts (“Account Information”) that you hold with ASPSPs to your Provider.
  • To use our Services you will need to provide the same identifying information that use to access the relevant payment accounts when you log in yourself (“Credentials”).
  • The Tool will allow you to use your Credentials to retrieve such Account Information as you choose to transmit to the Provider. Schedule 1 to the Terms of Service lists the information that you can elect to retrieve and transfer using the Tool.

You should check your Provider’s rules on data privacy. Once your Account Information (including any Personal Data) is transmitted through our software to a Provider, that Provider (and not TrueLayer) will become responsible for it.

Our Tool may merge or aggregate Account Information retrieved from a particular ASPSP with Account Information retrieved from other ASPSPs where you have instructed us to access and transmit such information.

When you have signed up on TrueLayer’s website for marketing purposes we will use your email address to contact you in relation to products, events and service-related matters, where you have provided your consent to do so.

Transfer of your personal data outside of the European Economic Area

The data that we collect from you will not be transferred to, or stored outside the European Economic Area ("EEA"). We will take reasonable steps to ensure that your Account Information (including any Personal Data) is handled securely and in accordance with this Privacy Policy.

Retention of your Personal Data

We will not retain your information for any longer than we think is necessary.

Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of your personal data’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.

When determining the relevant retention periods, we will take into account factors including:

  • our contractual obligations and rights in relation to the information involved;
  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s);
  • our legitimate interests where we have carried out balancing tests (see section on 'How we use your personal information' above);
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information where we no longer require your information for the purposes collected.

Deletion of Personal Data

We will not keep your Personal Data for longer than necessary. We will delete your Personal Data as soon as it is no longer needed to provide the Services to you or upon termination of the Terms of Service.

Should you change your login information at any time, we will no longer be able to access your Personal Data.

Disclosure

We may share your Personal Data with selected third parties, including business partners, suppliers and sub-contractors that assist us in the provision of our Service to you. The third-party providers used by us will only collect, use and disclose your information as instructed by us to provide Services to you.

We may also disclose your Personal Data to other third parties in the event that:

  • We reasonably consider that we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or
  • in order to enforce or apply our Terms of Service and other agreements; or
  • to protect the rights, property, or safety of TrueLayer, our customers, or others.

Security

Unfortunately, the transmission of information via the internet is not completely secure. We use industry-standard encryption methods to ensure the security of your Personal Data in accordance with applicable law and regulation but cannot guarantee the security of any data transmitted to a Provider using our Tool. Once we have received your information, we take reasonable precautions to ensure that it is not lost, misused, accessed, disclosed, altered or destroyed. If you have reason to believe that your Personal Data is no longer secure (for example if you feel that the security of your Personal Data has been compromised then please contact us immediately).

Cookies

We collect data about how you interact with our website through the use of cookies. Our website uses cookies to distinguish you from other users of our website.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. You can find out more information about cookies at www.allaboutcookies.org.

We use cookies to enhance the online experience of our visitors and to better understand how our Site is used. Cookies may tell us, for example, whether you have visited our site before or whether you are a new visitor. They can also help to ensure that adverts you see online are more relevant to you and your interests.

When you browse the Site, we automatically receive your computer’s internet protocol (IP) address. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

We use the following types of cookies:

  • ‘Session cookies’ which exist only while your browser is open. These are deleted automatically once you close your browser; and
  • ‘Permanent cookies’ which survive after your browser is closed. They can be used by the site to recognise your computer or mobile device when you open your browser and browse the Internet again.

Here is a full list of cookies that we use. We’ve listed them here so that you could opt out of the cookies if you choose to.

Cookie name Purpose Session or Permanent Cookies
__cfduid Tracking + Technical Session
_ga Tracking Permanent
_gid Tracking Permanent
ajs_anonymous_id Tracking Permanent
ajs_group_id Tracking Permanent
ajs_user_id Tracking Permanent
intercom-id-z9chm81s Tracking Permanent
accepted_cookie Technical Permanent

We allow third parties to set cookies on our Site for analytical purposes. Third parties may set their own cookies to provide advertising. These are the third party cookies we use and their opt-out links:

Cookie name Purpose Session or Permanent Cookies
Google Used for analytics and service improvements https://tools.google.com/dlpage/gaoptout
Mixpanel Used for analytics and service improvements https://tools.google.com/dlpage/gaoptout

You can find more information about how to manage and remove cookies (including how to opt-out) at www.allaboutcookies.org/manage-cookies/ or by visiting the website relevant to the browser you are using. Below we have provided links to some of the most popular browser websites:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Internet Explorer
  • Apple Safari

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies for the provision of our Service) you may not be able to access all or parts of our site.

Minors

Our Services are not intended for use by anyone younger than 18 years old. Please do not use our Services if you are under 18.

Your Rights

Subject Access Requests

You have the right to ask us to provide any personal data we have collected about You, to You. Should You wish to do so, please email us at privacy@truelayer.com to make a subject access request detailing:

  • your name,
  • your address,
  • the details of your Provider, and
  • the period of data you’d like access to.

Making a complaint to a supervisory authority

Should you be dissatisfied with the service we provide, You have the right to file a formal complaint to the Information Commissioner's Office at www.ico.org.uk.

Object to Direct Marketing

You have the right to ask us at any time to stop processing your Personal Data for direct marketing at any time. We provide for the right for you to unsubscribe from any of our marketing material at any time.

The Right to be Forgotten

How do I withdraw my consent?

If after you provided your consent, you change your mind, you may withdraw your consent by contacting us at our address or at the email address set out in the contact information above.

Changes to this Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Questions and Contact Information

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information about how we process your Personal Data, you can contact us at privacy@truelayer.com or by mail at:

Data Protection Officer, TrueLayer, c/o RocketSpace, 40 Islington High Street, London N1 8XB.

Do you have a question? Contact us at legal@truelayer.com