This Privacy Policy has been prepared by Indigo Michael Limited, trading as Tappily, and acting as a data controller, to meet the requirements of the UK’s Data Protection Act 1998, (the “Act”) and the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR) relating to the collection, protection, disclosure and use of personal data from which living individuals are identified or identifiable.

Tappily is registered by the Information Commissioner’s Office (ICO) with registration number: Z2878281.

This privacy policy (together with our Website Terms and Conditions of Use, available at https://www.tappily.co.uk/content/html/terms.html and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data.

Our site may, from time to time, contain links to and from the websites of our advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

  1. INFORMATION WE MAY COLLECT ABOUT YOU
      Bank transaction data
    1. As part of our Tappily service and Tappily Running Account Credit Agreement, (referred to as the Tappily facility), you may, depending on which bank you have your internet banking account with, be required to enter your internet banking details into our Tappily Site directly, including your personal identification numbers (PIN) and security passwords (Internet Banking Credentials). Your Internet Banking Credentials are in such case encrypted in transit and securely transferred to our agent and supplier Yodlee, Inc. (Yodlee). Your encrypted Internet Banking Credentials are then stored by Yodlee, upon their servers in a secure environment.
    2. As part of Tappily’s revolving credit facility, you give us permission as your agent and nominated representative, to access, view, represent, and copy up to 366 days of transaction history from your nominated internet banking account (Transaction Data) at the time of your application and subsequent Transaction Data on a daily basis thereafter. We use your Transaction Data to assess your credit worthiness, to make on-going lending and collecting decisions and, in accordance with your marketing consent preferences, to notify you of products and/or services, offered by ourselves or trusted third parties that we believe you may be interested in. Your raw Transaction Data is treated as confidential and will not be passed to any third parties other than members of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries in each case as defined in section 1159 of the UK Companies Act 2006), or our business partners, suppliers and sub-contractors for the performance of services under any contract we enter into with them or you. Aggregated and/or anonymised Transaction Data will be used by us to enhance our product and service offerings, and will be shared with third parties.
    3. For the avoidance of doubt, we will not pass your Internet Banking Credentials to any third parties.
    4. In this Privacy Policy, where we refer to sharing information with third parties, we are not referring to sharing your Internet Banking Credentials or raw Transaction Data.
    5. Other personal data
    6. In addition to your Transaction Data as defined above we may collect and process the following data about you:
      1. Information that you may provide by filling in forms on www.tappily.co.uk (our “Site”). This includes your name, address, email address and telephone numbers along with any other information provided at the time of your request for a revolving credit facility or requesting further services. It will also include your date of birth, residential status, time at address, employment details and financial information. We may also ask you for information when you report a problem with our Site.
      2. Correspondence, or a record of it, if you should contact us or we contact you and recordings of telephone calls between us.
      3. Surveys that we use for research purposes, which we have asked you to complete, although you do not have to respond to them.
      4. Financial transactions relating to your Tappily facility.
      5. Credit reference and fraud prevention data pertaining to you and any financial associates (See also section 4).
      6. Publicly available information including, but not limited to, electoral roll, county court judgements, bankruptcy and insolvency information.
      7. Proof of identification or details required to confirm or verify your identity, address, bank account or payment card.
      8. Details of your visits to our Site (including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise) and the resources that you access.
      9. Information from third parties in respect of you which may include information from a lead provider/credit broker, if you have applied to them for a loan and they pass your information to us, your employer or a referee.
      10. Any information you voluntarily provide, which may include special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement.
    7. You are responsible for the accuracy of any information you provide to us. If the data is inaccurate or incomplete, you have the right to request it to be rectified (see section 10.3 below). Your use of our website and services is entirely voluntary and you are not required to provide any personal information unless you choose to do so. However, where such information is necessary for us to enter into a contract with you (for example for providing a loan) we may not be able to provide our services to you in the absence of information that we may require.
  2. HOW WE USE YOUR INFORMATION
    1. We use information held about you in the following ways:
      1. to process any loan application you make and to assess your creditworthiness;
      2. to carry out our obligations arising from any contracts entered into between you and us including determining optimum repayment conditions;
      3. for legal compliance and administrative purposes, for example to process payments, make collections, trace you where necessary, update/maintain our records, prevent fraud and money laundering and enforce our loan terms;
      4. to communicate with you by telephone, email, SMS or post using the details you have provided in relation to your application/agreement with us;
      5. to provide you with marketing communications from us (which you may opt out of receiving when you provide your information and at any other time) and, where you have provided your express consent for us to do so, to pass your details to named third parties so that they may contact you by SMS, email, post or telephone to market their goods and services to you (this may include other lenders where we are not able to provide you with a loan but you agree that we can pass your details to another lender who may be able to offer you credit);
      6. to ensure that content from our Site is presented in the most effective manner for you and for your computer;
      7. for statistical analysis and trend monitoring; and
      8. to notify you about changes to our service.
  3. DISCLOSURE OF YOUR INFORMATION
    1. We may disclose your personal information, including information about how you manage your account, to third parties in the following circumstances:
      1. To those who provide a service to us or are acting as our agents, to prepare or send any communications to you, or to assist us in connection with any of our administrative or business functions, or in the provision of any of our services to you, subject to contractual or other legal obligations to keep the information confidential, and to use your personal data only for the purpose of providing the service to us. If they are located in another country we will meet our legal obligation to ensure that they agree to apply equivalent levels of protection to those we are required to apply to information held in the UK.
      2. To Credit Reference Agencies and Fraud Prevention Agencies (see section 4 below for more information).
      3. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
      4. If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
      5. To our professional advisers where required to advise us from time to time and always subject to a duty of confidentiality.
      6. To other members of our group where required for management information and forecasting purposes.
      7. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms and Conditions of Use https://www.tappily.co.uk/content/html/terms.html, other agreements; or to protect the rights, property, or safety of Indigo Michael Ltd, our customers, or others, or if the law allows us to do so. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
    2. Wherever possible we will anonymise your information before it is transferred to third parties so it does not identify you personally. We may, for example, perform statistical analyses of the behaviour of the users of our Site in order to measure interest in the various areas of our site and to inform advertisers as to how many consumers have seen or “clicked” their advertising banners. This information, and any other general information about our users that we share with advertisers and other partners, will not disclose any personal information about you.
  4. CREDIT REFERENCE AND FRAUD PREVENTION AGENCIES
    1. We use Credit Reference Agencies (CRAs) to assess your application for credit, fulfil our legal obligations (for example to assess affordability and verify your identity to prevent money laundering. We may also make periodic searches at CRAs to manage your account with us.
    2. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. Information on credit applications and details of how you manage your account with us will be sent to CRAs and will be recorded by them. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies.
    3. If you tell us that you have a spouse or financial associate, we will link your records together so you must be sure that you have their agreement to disclose information about them. CRAs also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
    4. The information held by CRAs may be supplied by them to other organisations which make searches of your credit record such as lenders, debt recovery agents, law enforcement agencies and insurers. Records remain on file for 6 years after they are closed, whether settled by you or defaulted.
    5. More information about CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN) available at https://www.equifax.co.uk/crain.html
    You can also contact the major CRAs directly:

    Call Credit, Consumer Services, PO Box 491, Leeds, LS3 1WZ or call 0870 060 1414 or log on to www.callcredit.co.uk

    Equifax plc, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to www.equifax.co.uk

    Experian, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0870 241 6212 or log on to www.experian.co.uk:
  5. PROCESSING YOUR DATA USING AUTOMATED DECISION-MAKING SOFTWARE
    1. We use automated decision-making software to underwrite your loan. Our automated decision-making systems includes but is not limited to the following inputs:
      • • Credit model algorithms
      • • Affordability algorithms
      • • Employment verification
      • • Anti-fraud and Anti-money laundering databases
      • • Other data sources that provide inputs that show your creditworthiness, affordability or fitness to receive credit
    2. The use of automated decision-making software is a requirement to enter into a loan agreement with us. You have the right to request that we undertake a manual review of the results of the automated decision rendered.
  6. OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION
    1. We use your personal information for a variety of reasons, subject to different legal bases for processing, including:
      1. Where necessary for the purposes of the performance of our agreement with you or to take steps at your request prior to entering into an agreement with you. If you do not provide such information we will be unable to provide you with a loan.
      2. Where necessary for our legitimate interests, for example in managing and monitoring our website operation, preventing fraud and for our business compliance purposes
      3. Where necessary in order to comply with a legal obligation, for example making reports to our regulatory authority or to law enforcement agencies.
    2. Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example if we ask you to complete a customer survey, or request your consent to pass your information to named third parties for the purposes of marketing to you by electronic means. Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us using the details set out at section 12 below.
  7. SECURE STORAGE, TRANSFER AND RETENTION OF YOUR PERSONAL INFORMATION
    1. All information you provide to us is, as far as reasonably practicable, stored on our secure servers. Any payment transactions will be encrypted using industry standard 256-bit bank level encryption.
    2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access. We ask you not to permit anyone to use your Tappily profile.
    3. If you have provided your internet banking details to be encrypted in transit and securely transferred to Yodlee your data will be stored on Yodlee servers which are situated in the United States; Yodlee is a member of the US government ‘Privacy Shield’ scheme (go to http://www.yodlee.com/privacy-policy/ for more details and to https://www.privacyshield.gov/list to verify Yodlee’s certification). The European Commission considers that personal data sent to the US under the “Privacy Shield” scheme is adequately protected to equivalent standards as prescribed under the GDPR.
    4. If we otherwise transfer your data outside of the European Economic Area, we will always ensure that your data is transferred subject to equivalent protections applying the principles under Chapter V of the GDPR.
    5. Information we collect from you will only be kept for the length of time considered necessary after you cease using Tappily’s revolving credit facility and in accordance with any statutory retention periods. We will not ordinarily store information for in excess of six years after your account is closed whether settled by you or in default.
  8. MARKETING
    1. Where we have obtained your contact details in the course of a sale or negotiations for a sale of our products and services to you, we may contact you by electronic methods including telephone, e-mail, or SMS, with information about similar products and services we provide, unless you have opted out of receiving such marketing communications (see 8.3 below).
    2. Where you have provided your consent by way of an opt in by ticking the appropriate box on the Tappily revolving credit facility application form on our Site or written consent, we may share your personal information with named third parties for marketing purposes (for example if we decline your loan application and you agree we can pass you information to another lender or credit broker who may be able to assist you in finding a loan)
    3. You may opt-out at any time from receiving any marketing communications from us or third parties to which you have agreed we can pass your personal data as per section 8.2 by getting in touch through the below methods. You may opt-out of any SMS marketing by following the instruction in the message itself. Likewise, by responding to any of our email communications with “remove” in the subject line, or by sending us an email to customer.services@tappilymail.co.uk or writing to us at Indigo Michael Ltd t/a Tappily, PO Box 1515, High Wycombe, HP11 9JE. We are not responsible for stopping unwanted communications from sources beyond our control.
    4. If you opt-out of our use of your data for marketing purposes, we will honour such choice once we have had a reasonable opportunity to process your request. We reserve the right to take reasonable steps to authenticate your identity with respect to any such request or other enquiry.
    5. For the avoidance of doubt, we will never use Transaction Data or special category data within the meaning of the GDPR for marketing purposes.
  9. IP ADDRESSES AND COOKIES
    1. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and may report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
    2. A “cookie” is a small electronic file that collects information when someone visits a website. A cookie can identify the pages that are being viewed, and this can assist us to select the pages that the viewer sees. Some cookies only exist whilst viewers are online, but “persistent” cookies - which are not session-based - remain on the viewer’s computer, so that he or she can be recognised as a previous visitor when he or she next visits our website. We may use persistent cookies to allow us to collect information about a viewer’s browsing habits whilst on our site, so that we can monitor and improve our services.
    3. Under the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) we are required to get the consent of everyone who uses our Site to the use of cookies. When first accessing our site you will be presented with a pop up requesting your explicit consent to the use of cookies by us. You will also be given the option to opt-out of our use of cookies. However, in the event that you do not respond to our cookie pop-up request, it will be implied that you agree to the use of cookies by us in the manner outlined in this Policy.
    4. We do not store sensitive information such as account numbers or passwords in “persistent” cookies, and cookies in themselves do not contain enough information to identify you. We will only acquire a personal identity in relation to your browsing habits after you have formally provided us with your personal data for the purposes outlined at section 4 below.
    5. In addition to using cookies, we might also use web tools to collect information about your browsing activities whilst on our Site. In this respect the information that is provided is similar to the information supplied by cookies, and we use it for the same purposes.
    6. Any information that we acquire about you using cookies or web tools is subject to the same restrictions and conditions as any other information we collect about you.
    7. Some of our advertisers may also use cookies or web tools that are set by other people such as advertising agencies, or the businesses to which the advertisements in question relate. We do not have access to any information that might be collected in this way, and, if you are concerned, you should contact the advertiser for more information. We have no control over third party cookies technology.
    8. List of Cookies
    9. Most browsers automatically accept cookies. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site and we cannot guarantee that your experience with our Site will be as quick or responsive. Unless you have adjusted your browser setting so that it will refuse cookies, our system will automatically issue cookies when you log on to our Site.
    10. You can find and control your cookie settings via your browser; your browser help function will tell you how. Please note, it is not possible for Tappily to allow you to carry your settings with you between your browsers and devices so you will need to change these settings for each browser you use.
  10. YOUR RIGHTS
    1. Your personal information is protected under data protection law and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details shown at section 12 below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
    2. Right of access
    3. Subject to certain exceptions, you have the right of access to information that we hold about you upon request. You can exercise this right by making a request in writing, by email or telephone using the contact details shown below.
    4. Right to rectify your personal information
    5. If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
    6. Right to be forgotten
    7. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in particular circumstances. It may not therefore be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations or to exercise or defend legal claims.
    8. Right to restriction of processing
    9. In some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified. You have the right to ask us to restrict the use of your information certain purposes for example for marketing communications.
    10. Right to object to processing
    11. You may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing (including profiling to the extent it relates to direct marketing) and for the purposes of statistical analysis.
    12. Right to data portability
    13. You have the right to receive, move, copy or transfer your personal information to a controller which is also known as ‘data portability’. You have the right to this when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means. You should note that this right is different from the right of access (see above) and the types of information you can obtain under the two separate rights may be different.
  11. CHANGES TO OUR PRIVACY POLICY
    1. Our privacy policy will be reviewed and amended from time to time and you should check this page to see our most up to date version of the privacy policy. Any changes we may make to our privacy policy in the future will be posted on this page, with immediate effect and we will notify you of the change.
  12. CONTACT & COMPLAINTS
    1. If you have any questions about this privacy policy, how we treat your personal data and protect your privacy, if you have any comments or wish to seek to exercise any of your rights as outlined above please contact the Data Protection Officer:

      By post to The Data Protection Officer, Tappily, PO Box 1515, High Wycombe, HP11 9JE
      By email to DPO@tappilymail.co.uk
      By telephoning the Data Protection Officer on 0203 819 6410.
    2. You have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO by writing to them at Information Commissioner’s Office Client Services Team, Wycliffe House, Water Lane, Wilmslow, SK9 5AF telephone 0303 123 1113. www.ico.org.uk/.