Welcome to Wagestream’s Credit Privacy Policy

What does this Privacy Policy Cover?
wave

Privacy Notice

Version 2.4

25 October 2024

Who are we?

We are Wagestream Finance Ltd, a company registered in England and Wales (number 12227891) at 7-9 Rathbone Street, London, W1T 1LY (“we”, “our”, “us”). We are part of the Wagestream group and we operate the credit and savings products and services features of the Wagestream app (the “App”). We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO) under reference number ZA568528.

For services that are not provided by Wagestream Finance Ltd (e.g. Flexible Pay and other services provided through the Wagestream App) the privacy notice can be found here

This privacy notice explains how and why we use your personal information when you open a credit card account or take out a personal loan with us, or you use our savings product, and use the App or card, or other related services that are available for account holders.

Read our Cookie Policy for information on how we use cookies.

We are committed to protecting and respecting your privacy and want to be transparent with you about how we collect and use your data. We will:

  • Always keep your information safe and private;
  • Never sell your information; and
  • Allow you to manage and review your marketing choices at any time.

‍This privacy notice complies with and is intended to meet our duties of transparency under the retained EU law version of the General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (referred to collectively throughout this privacy notice as “Data Protection Laws”).

 

Why do I need to read this notice?

We may collect personal information when you use:

  • Our website at www.wagestream.com (the “Website”);
  • The App; or
  • Any of the products or services you can access through the App or Website.

Under Data Protection Law, we are what is known as the ‘Controller’ of your personal information. This document explains what information we collect, how we use it, and your rights, including if you want to change how we use your personal information. Got a question about something in this privacy notice, or want to contact our Data Protection Officer (DPO)? Send us an email at [email protected] or write to us at 7-9 Rathbone Street, London, W1T 1LY.

‍Our products and services are not intended for individuals below 16 and we do not knowingly collect data relating to such children. If you believe we may have processed the data of any persona under 16 years of age please contact our DPO by email at [email protected] or write to us at 7-9 Rathbone Street, London, W1T 1LY.

The information we hold about you, and how we use it

Information you give us

We may collect information you provide when you:

  • Fill in any forms via the App or the Website;
  • Correspond with us, including if you provide feedback;
  • Register to use the App;
  • Apply for a credit card, a personal loan, or use any of our products or services;
  • Take part in online discussions, surveys or promotions;
  • Speak with a member of our customer support team
  • Enter a competition; or
  • Contact us for any other reasons.

We may collect the following information:

  • Details you give when you sign up for a credit card account or a personal loan with us, for example your name, phone number, home address, email address, date of birth (“basic details”).
  • Copies of identification documents or records of information in such documents (for example, your passport or driving licence number), copies of any other documents you have provided for identification purposes, and any other information you provide so we can set up an account for you.
  • The log-in credentials and settings you choose for the App and any credit account with us, so we can give you access to the products you want and provide the services you ask for safely and securely.
  • Special category data (biometric data) for the purposes of Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance checks.
  • Details of your bank account, including the account number, sort code and IBAN.
  • Details of your debit and/or credit cards, including the card number, expiry data and CVC.
  • Your profile picture if you add one.
  • Details about your financial circumstances, to work out how we can provide credit to you or support your workplace savings plans.
  • Information you give us, so we can help you.
  • Records of our discussions, if you contact us or we contact you.
  • The email address you use when you contact us and the contents of any emails you send to us (and any attachments).
  • Answers you give to surveys, so we can improve our services.
  • Health data if you share with us in our discussions (if you contact us or we contact you).
  • Criminal offence data if we uncover something during our KYC or other checks on you.
  • Public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.

 

Information we collect when you use the App and our products or services

We collect this information to deliver our products and services to you in a secure and lawful way, and to keep improving them. This includes:

  • If you have a credit card or personal loan with us, details on transactions (for example, payments on your card and repayment), including date, time, amount, currencies, details of the merchant or ATMs associated with the transaction, IP address of sender and receiver, and other payment information;
  • If you use our workplace savings product, details on deposits made with your salary contributions, the date and amount of such deposits, the products the monies are placed in and the providers of those products;
  • Details about which of our products or services you use and details of our partners that you express interest in; and
  • Details about how you use the App and your credit account.
 

Information we collect from your device‍

Whenever you use our Website or the App, we may collect the following information:

  • Technical information, including the IP address used to connect your device to the internet, log-in information, browser type, time-zone setting, operating system, type of device you use, a unique device identifier, mobile network information, your mobile operating system, the type of mobile browser you use, and so on. This is used so we can analyse how our Website and the App work and solve bugs.
  • Information about your visit, including the links you clicked on, through and from our Website, page response times, download errors, length of visit to certain pages, page interaction information, and methods used to browse away from the page.
  • Your mobile advertising ID, so we can share it with companies that help us with advertising online. You can reset this ID or limit tracking in ‘Settings’ on your phone.
  • Your location if you’ve authorised tracking, so we can protect you against fraud. Information stored on your device, including if you give us access to contact information from your address book, log-in information, photos, videos or other digital content.

Information we get from external sources

When you apply to us for a credit card or personal loan, or you use our workplace savings product, we may search your record at:

  • Credit reference agencies (CRAs) to check your credit record for the purposes of determining if we can lend to you.
  • Fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfill our legal duties.
  • Banks that you have explicitly consented to linking to your credit card account.
  • Banks, deposit takers and electronic money/payment service providers your workplace savings are placed with.

We may also collect information about you from public sources for AML reasons or market research. This includes:

  • Official public records, like the Electoral Register or Companies’ House; and
  • Information published by the press or on social media.

Our reasons for using your information‍

Data Protection Laws say we need to have a lawful basis for using your personal data. The processing shall be lawful only if necessary for at least one of the following purposes: entering into or performance of a contract with you, compliance with a legal duty, our legitimate interests or those of a third party, public interest, vital individual interest or where you have given your consent. In this section we explain which one we rely on to use your data in a certain way.

Contractual necessity

We need to use your data for a contract we have with you, or to enter into a contract with you. We use details about you for this purpose to:

  • Consider your application;
  • Give you the services or provide the products that we agreed to in line with our terms and conditions;
  • Send you messages about your credit account, workplace savings and other services you use if you get in touch, or we need to tell you about something;
  • Exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us; and
  • Investigate and resolve complaints and other issues.

Legal Compliance

‍We need to use your data to comply with the law, for example when we:

  • Confirm your identity when you sign up or get in touch;
  • Check your record at immigration and fraud prevention agencies;
  • Prevent illegal activities like money laundering, tax evasion and fraud;
  • Check your credit history and financial circumstances so that we can make responsible decisions when providing you with credit;
  • Keep records of information we hold about you in line with legal requirements; and
  • Adhere to financial laws and regulations (these mean we sometimes need to share customer details with regulators, law enforcement or other third parties).

Legitimate Interest

We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn't involve overriding your privacy rights.


We may:

  • Check your record at CRAs when you sign up to see what kind of credit or savings products we can offer. We will also check your credit history to help us develop and offer credit or savings products that are tailored to you.
  • Tell you about products and services through the App or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We do this so that we can make sure our marketing is useful. We don’t share any other identifying information about you with social media than your mobile advertising ID (unless you’ve disabled it). You can opt out of receiving marketing communications from us at any time, in App by changing your preferences via the ‘Profile’ tab (in respect of push notifications) or by following the unsubscribe links in any of our marketing emails sent to you (in respect of email communications) or in relation to text or WhatsApp messages by replying “STOP” as indicated in these messages. You can also opt out at any time by emailing us at [email protected] or writing to us at 7-9 Rathbone Street, London, W1T 1LY.
  • Show where you were when you bought something with Google maps (in the App) and send you travel reports when you’re abroad (we tell this from transaction data, not by tracking your phone).
  • Track, analyse and improve the products and services we give you and other customers and how you respond to ads we show. We may ask for feedback if you’ve shown interest in a product or service. We do this so that we can make our products and services better and understand how to market them.
  • Protect the rights, property or safety of us, our customers or others.
  • Carry out security and maintenance checks to make sure the App, Website and other products and services run smoothly for you.
  • Manage our business and financial affairs and protect our customers and staff.
  • Share information with credit bureaus so we can benefit from up-to-date information when we make decisions, and other companies so they can help us provide our services.

Consent

We’ll ask for your consent to:

  • Linking any bank accounts to the App.
  • Record any issues you want us to know about if they involve special category (ie sensitive) personal information, like a gambling addiction or information about your health, so we understand how to best support you.
  • Tell you about our products and services, and those of our partners if we think they’re of interest to you. You can unsubscribe from receipt of marketing communications from us by email or via the App. If you don’t want to see lending promotions, you can opt out via the App ‘Settings’.
  • Help protect you against fraud by tracking the location of your phone if you’ve authorised it (iOS).
  • Show your profile picture in the App if you add one.
  • Share information about you with companies we work with when we need your permission (see ‘Who we share your data with’ below).

You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of our products or services.

 

Who we share your data with

‍Companies that give services to us

Here we mean companies that help us provide products or services you use, and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name).

  • Companies that make and issue our Wagestream credit cards.
  • Card producers and networks, like Visa and Mastercard.
  • Banks, deposit takers and electronic money/payment service providers your workplace savings are placed with.
  • Know Your Customer (KYC) and Anti-Money Laundering (AML) service providers that help us with identity verification or fraud checks
  • Credit reference agencies (CRAs)
  • Debt recovery service providers
  • Cloud computing power and storage providers
  • Our business intelligence and analytics platform provider
  • Companies that help us with functional analytics (to help us solve technical issues with the App for instance)
  • Companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us your express consent to do so, and you can opt out any time)
  • Software companies that we use for emailing you
  • Companies that help us with customer support (like our subsidiaries)
  • Companies that offer benefits or rewards through special programmes you sign up to via the App
  • Companies that print written statements and notices
  • Companies that manage our CCTV and security if you visit our offices

Anyone you give us permission to share it with

We will ask you when we need your consent to share your data with:

  • Your bank (except for deposit placements in respect of your workplace savings, if any)
  • or what deposits will be made available for your workplace savings.
  • People you’ve asked to represent you, like solicitors.
  • Law enforcement and other external parties.
 

Group companies

We may share your personal data within the Wagestream group of companies to:

  • provide you with the best service;
  • protect you, other customers and our systems from fraud or harmful behaviour;
  • facilitate you quickly signing up to use other Wagestream products or services;
  • improve existing, or develop new, products or services;
  • transfer information for reporting, regulatory or transaction processing purposes; and
  • send you information about Wagestream products and services we think you’ll be interested in hearing about if you have consented to receive these communications.

We may share your details with:

  • Authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons.
  • The police, courts or dispute resolution bodies if we have to.
  • Banks, to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment.
  • Any other third parties where necessary to meet our legal obligations.

We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.

 

Information provided to CRAs

We will need to carry out credit checks when you apply for any of our credit products and to also help us develop and offer credit products tailored to you.

These checks of your credit history (credit insights) mean that when you apply for credit products, or we suggest credit products to you through the App, we can better understand your financial circumstances and repayment history, and can tailor our credit products to your needs.

Some of the searches we make when you apply for a credit product leave a 'soft footprint' on your credit history. This means that the search will be registered on your credit file but will not be visible to others if they search your credit history. This means that you will be able to see this footprint but other people won't. A soft footprint will not affect your credit rating.

If you apply for credit, we will supply your personal information to CRAs and they will give us information about you, such as about your financial history. We do this to assess your creditworthiness, product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also exchange certain information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at www.experian.co.uk/crain.

Some of our third-party providers, such as fraud-prevention agencies, may also use CRAs to help us check your identity and prevent fraud. These searches also only leave a soft footprint credit history. We do not accept joint account holders, but credit-reference agencies may sometimes link your credit record with that of anyone else who is financially connected to you.

Due to the international nature of our services, we use credit-reference agencies and fraud-prevention agencies in the UK and overseas. Please see below under 'Where we store or send your data' for more information about the safeguards in place if we send your personal data overseas.

Sometimes you may have a right to see your personal records held by credit-reference and fraud-prevention agencies. If you would like details of the credit-reference and fraud-prevention agencies we use, please contact us by sending an email to [email protected].

When we make automated decisions

We sometimes use computers to make decisions. We do this for things like deciding what credit product or other services we can offer you or what deposits will be made available for your workplace savings based on information we hold about you, your transactional or banking behaviour (if available), what other products or services you may be using with us or another Wagestream group company and information we get from CRAS. This includes details on whether you’ve kept up to date with payments on any credit accounts, and if you’ve been to court. You can ask for a member of the team to review a decision.

We also use automated checks to make decisions about applications for our credit products. But we never reject an application unless a member of staff has reviewed it first.

Cifas

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further information can be found on https://www.cifas.org.uk/fpn

 

How we protect your personal information

We store your information on our secure servers. We have put in place appropriate technical and operational security measures designed to prevent your personal information from loss, misuse, alteration or destruction. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality.

Any payment transactions carried out by us or our payment-processing providers will be encrypted.

If you use a password for the App or our Website, you will need to keep this password confidential. Please do not share it with anyone.

Unfortunately, providing information online is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee that all information you provide through the App or our Website will be secure. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

When you use our services, which include social networking, chat room or forum features, do not share any personal information that you don't want to be seen, collected or used by other users, as this information will become publicly available.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If you suspect any misuse or loss of, or unauthorised access to, your personal information, you should let us know immediately.

How long we keep your information

We keep most of your data as long as you’re using the App or the Wagestream credit card or otherwise using our products and/or receiving our services, and for 7 years after that to comply with the law and if we face a legal challenge. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (pursuant to our legitimate interests) and/or where the law says we have to. To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

Information related to marketing activities is typically stored for three years.

Your rights

Under Data Protection Laws you have a right to:

  • Request access to your personal data. This is commonly known as a "data subject access request" and enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data. This right exists where we are relying on a Legitimate Interest (or those of a third party) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent. This right only exists where we are relying on consent to process your personal data ("Consent Withdrawal"). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our platform. We will advise you if this is the case at the time you withdraw your consent.
  • Ask a member of staff to review a computer-made (automated) decision.

To do any of these things, please contact us through the app or by emailing [email protected].

Typically, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee, or refuse to comply with the request, if it is unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity to exercise any of your rights, including those related to data protection). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Where we store or send your data

We may transfer and store the data we collect from you to organisations outside the United Kingdom or the European Economic Area ("EEA"). When we do this, we make sure that your data is protected and that:

  • The UK Information Commissioner's Office says the country or organisation has adequate data protection, or
  • We’ve agreed to standard data protection clauses approved by the UK Information Commissioner's Office or the European Commission with the organisation.

If you’d like a copy of the relevant data protection clauses, please send an email to [email protected].

How to make a complaint

If you have a complaint about how we use your personal information, please contact us through the App or send an email to [email protected] and we’ll do our best to fix the problem. You can also reach our Data Protection Officer in these ways.

If you’re still not happy, you can refer your complaint with a data protection supervisory authority in the UK or the EU country you live or work, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.

Where we are a Processor

Where we are a Processor of your Personal Data, we will operate under the terms of a Data Protection Agreement with the relevant Controller.

 

Changes to this policy

We’ll post any changes we make to our privacy notice on this page and if they’re significant changes we’ll let you know by email.

 

 

TPL Privacy Policy

This section only applies in respect of our credit card product. It does not apply in respect of our personal loan product.

This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

TPL is committed to safeguarding the privacy of your information. By “your data”, "your personal data”, and “your information” we mean any personal data about you which you or third parties provide to us.

We may change this Policy from time to time so please check this page regularly to ensure that you’re happy with any changes.

Who are we?

Transact Payments Limited (“TPL”, “we”, “our” or “us”) is the issuer of your card and is the Data Controller for the personal data which you provide to us in relation to the card only. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.

Wagestream Financial Services Limited (“WFS”) is the Program Manager for your card program. Wagestream Finance Ltd (“WFL”) is the Data Controller for any personal data which you provide which is not related to the card. Please see the WFL privacy notice for details of how they manage your personal data. WFS is incorporated and registered in England and Wales with registered office at 7-9 Rathbone Street, London, W1T 1LY and company registration number 13926226. WFL is incorporated and registered in England and Wales with company number 12227891 and registered office is at 7-9 Rathbone Street, London, W1T 1LY.

How do we collect your personal data?

We collect information from you when you apply online or via a mobile application for a payments card which is issued by us. We also collect information when you use your card to make transactions. We may also process information from Program Manager, WFL, other third-party payment partners and service providers. We also obtain information from third parties (such as fraud prevention agencies) who may check your personal data against any information listed on an Electoral Register and/or other databases. When we process your personal data, we rely on legal bases in accordance with data protection law and this privacy policy. For more information see: On what legal basis do we process your personal data?

On what legal basis do we process your personal data?

Contract

Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the Cardholder Agreement or Cardholder Terms & Conditions or similar) which we enter into when you sign up for our payment services. At times, the processing may be necessary so that we can take certain steps, or at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.

Legal/Regulatory

We may also process your personal data to comply with our legal or regulatory obligations.

Legitimate Interests

We, or a third party, may have a legitimate interest to process your personal data, for example:

  • To analyse and improve the security of our business;
  • To anonymise personal data and subsequently use anonymized information.

What type of personal data is collected from you?

When you apply for a card, we, or our partners or service providers, collect the following information from you: full name, physical address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.

When you use your card to make transactions, we store that transactional and financial information. This includes the date, amount, currency, card number, card name, account balances and name of the merchant, creditor or supplier (for example a supermarket or retailer). We also collect information relating to the payments which are made to/from your account.

How is your personal data used?

We use your personal data to:

- set up your account, including processing your application for a card, creating your account, verifying your identity and printing your card.

- maintain and administer your account, including processing your financial payments, processing the correspondence between us, monitoring your account for fraud and providing a secure internet environment for the transmission of our services.

- comply with our regulatory requirements, including anti-money laundering obligations.

- improve our services, including creating anonymous data from your personal data for analytical use, including for the purposes of training, testing and system development.

Who do we share your information with?

When we use third party service partners, we have a contract in place that requires them to keep your information secure and confidential.

We may receive and pass your information to the following categories of entity:

  • identity verification agencies to undertake required verification, regulatory and fraud prevention checks;
  • information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;
  • document destruction providers;
  • Mastercard, Visa, digital payment service partners or any third party providers involved in processing the financial transactions that you make;
  • anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;
  • any third party as a result of any restructure, sale or acquisition of TPL or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us.
  • regulatory and law enforcement authorities, whether they are outside or inside of the United Kingdom (UK) or European Economic Area (EEA), where the law requires us to do so.

Sending personal data overseas

To deliver services to you, it is sometimes necessary for us to share your personal information outside the UK/Gibraltar e.g.:

  • with service providers located outside these areas;
  • if you are based outside these areas;
  • where there is an international dimension to the services we are providing to you.

These transfers are subject to special rules under Gibraltar data protection law.

These countries do not have the same data protection laws as Gibraltar. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the Gibraltar Government has made a ruling of adequacy, meaning that they have ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about adequacy regulations here and here.

Where we send your data to a country where no adequacy decision has been made, our standard practice is to use standard data protection contract clauses that have been approved by the United Kingdom government and/or the European Commission. You can obtain a copy of the European Commission’s document here and the UK’s document here.

If you would like further information, please contact our Data Protection Officer on the details below.

How long do we store your personal data?

We will store your information for a period of five years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any applicable legislation or changes to this require us to retain your data for a longer or shorter period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.

Your rights regarding your personal data?

You have certain rights regarding the personal data which we process:

  • You may request a copy of some or all of it.
  • You may ask us to rectify any data which we hold which you believe to be inaccurate.
  • You may ask us to erase your personal data (where applicable).
  • You may ask us to restrict the processing of your personal data.
  • You may object to the processing of your personal data (where applicable).
  • You may ask for the right to data portability.
  • If you would like us to carry out any of the above, please email your request to the Data Protection Officer at [email protected].

How is your information protected?

We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with appropriate care and security.

These are some of the security measures we have in place:

  • We use a variety of physical and technical measures to keep your personal data safe.
  • We have detailed information and security policies to ensure the confidentiality, integrity, and availability of information.
  • Your data is stored securely on computer systems with control over access on a limited basis. 
  • Our staff receives data protection and information security training on a regular basis.
  • We use encryption to protect data at rest and anonymization where applicable.
  • We have adequate security controls to protect our IT infrastructure and staff computers including but not limited to Identity and Access Management, Firewalls, VPN, Antivirus, Advanced Email Threat Protection and more.
  • We conduct regular audits such as PCI-DSS to ensure we are following adequate security controls to protect your data.

While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to the App, Website or other services over the internet. However, once we receive your information, we make appropriate efforts to ensure its security on our systems.  

Complaints

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority. Their contact details are as follows:

Gibraltar Regulatory Authority,

2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.

(+350) 20074636/(+350) 20072166 [email protected]

Other websites

Our Website may contain links to other websites. This privacy policy applies only to our Website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Website.

Changes to our Privacy Policy

We keep our Privacy Policy under review and we regularly update it to keep up with business demands and privacy regulation. We will inform you about any such changes. This Privacy Policy was last updated on 22nd November 2023.

How to contact us

If you have any questions about our Privacy Policy or the personal information which we hold about you or, please send an email to our Data Protection Officer at [email protected].


Version 2024_3