This privacy notice tells you what to expect when we collect, use and process your personal data. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
Tuxedo MoneyPlus Limited are the data controllers. If another company is the data controller, this will be made clear when you provide your personal information.
We collect and use your information for a number of reasons, including:
- confirming your identity
- processing applications
- managing your products and providing our services
- to understand how you use your eccount
- to develop and improve our services to you
Any information that you provide will only be used for the purposes described in your current Terms and Conditions that apply to the relevant product or service.
How we collect your personal information
We collect your information in a number of ways, and these are categorised below.
Directly from you:
- when you apply for our products and services
- when you talk to us on the phone or in-store
- when you use our websites
- via email, or in writing
From the products and services you use:
- payment and transaction data including location, amount, frequency, origin and recipient
- profile and usage data including how you use our services and websites
From third parties we work with:
- Companies that introduce you to us
- Fraud prevention agencies
- Payroll service providers
- Public information sources such as Companies House
- Agents working on our behalf
- Government and law enforcement agencies
We may monitor and record our communications with you, including emails and phone conversations. Information that we collect in this way may be used for training purposes; quality assurance; to record details about our website, applications and services you order from us or ask us about; and in order to meet our legal and regulatory obligations.
How the law protects you
Tuxedo MoneyPlus Limited takes measures to protect your data and keep it private, but your privacy is also protected by law.
Data Protection law states that we are only allowed to use your personal information if we have a valid reason to do so. Tuxedo MoneyPlus Limited complies with the data protection principles, meaning that your personal information is:
- fairly and lawfully processed
- only processed for a limited time
- adequate, relevant and not excessive
- accurate and complete
- not kept longer than necessary
- processed in accordance with your rights
- kept secure
- not transferred to countries without adequate protection
Tuxedo MoneyPlus Limited also ensure a lawful basis for processing your personal data, and this is categorised as follows:
|What we use your personal information for||Our lawful basis||Our reasons for this|
|• To manage our relationship with you or your business.
• To manage our products and services.
• To detect, investigate, report, and seek to prevent financial crime.
• To manage risk for us and our customers.
• To obey laws and regulations that apply to us.
• To respond to complaints and seek to resolve them.
|Legal||• Effectively fulfilling our legal duties.
• Ensuring compliance with regulations and legal requirements that apply to us.
• Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect.
|• To manage our relationship with you or your business.
• To manage our products and services.
|Contract||• Exercising our rights set out in agreements or contracts (informal or formal).
• Ensuring we provide the level of service that you’d expect, in line with any terms and conditions or contracts of service.
|• Campaign measurement.
• To develop new ways to meet our customers’ needs and to grow our business.
|Legitimate Interest||• Monitoring campaign data through our websites, and identifying how we can improve our products and services.|
|• To create specific and tailored marketing, based on your activity.||Consent||• Ensuring you always have the option to update your marketing preferences, allowing you to maintain complete control over what marketing information you receive.|
Sharing your personal information
We will not disclose any of your information except:
- to fraud prevention agencies and other organisations who may use the information to prevent fraud and money laundering
- to persons acting as our agents and our partners who sell our cards under a strict code of confidentiality
- to anyone to whom we transfer, or may transfer, our rights and duties under our card terms and conditions with you
- as required by law or regulation
- for purposes where you have provided consent, such as marketing
We will only transfer your information outside the European Economic Area (EEA) where required, either to:
- Follow your instructions
- Comply with a legal duty
- Work with a service provider or agent to help run your products and services
If we do need to transfer your information outside the EEA, we take reasonable measures to ensure the service provider or agent complies with the General Data Protection Regulations.
If you choose not to provide personal information
We may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to maintain your products, and could mean that we cancel a product or service you have with us.
Any data collection that is optional will be made clear at the point of collection.
We will only send you marketing information if we have your consent to do so.
You can ‘opt in’ to receive marketing communications from us at any time. If you do opt in, we will use your information to determine which offers are specifically relevant for you. The personal information we use for this purpose is made up of what you tell us, data we collect when you use our services, and data from third parties we work with.
You can ask us to stop sending you marketing messages by contacting us to withdraw your consent at any time.
Whether you give your consent to receive marketing or not, you will still receive your statements, and any important information, including but not limited to: changes to your existing products or services; changes to any loyalty or cashback schemes; any additional information relating to the operation of your account.
We may ask you to confirm or update your consent if you take out any new products or services with us in future. We may also ask you to do this if there are changes in the law, regulation, or the structure of our business.
- gather customer journey information across our site
- ensure your privacy in our secure sites, and prevent unauthorised access to your data
- store log in details for our secure sites, so you don’t have to key them every time you log in
- temporarily store details input into our calculators, tools, illustrations and demonstrations
- store details of your marketing, product and business unit preferences to improve our targeting and enhance your journey through our sites
- evaluate the advertising and promotional effectiveness of the site
The cookies we use may be session cookies (temporary cookies that identify and track users within our websites, applications or services which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our websites, applications or services to “remember” who you are and to remember your preferences within our websites, applications or services and which will stay on your computer or device after you close your browser or leave your session in the application or service).
The specific cookies we use are:
Strictly necessary cookies – These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our website or to remember your details for you.
Performance cookies and analytics technologies – These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don’t collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, applications and services work.
Functionality cookies – These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
We do not store personal information obtained from cookies in a way that others could read and understand, and we never sell or distribute cookie information without your permission.
You may be able to restrict cookies or block all cookies of you wish. However, if you disable cookies this may affect your ability to use certain websites, applications or services. For more information about cookies and instructions on how to adjust your browser settings to accept, delete or reject cookies, you can visit the Information Commissioner’s Office website.
IP Address and traffic data
We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our site. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with industry standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
On registering your personal information for our products and services you will have been granted a username and password, allowing you to access certain restricted parts of our websites. You are responsible for all information posted on the website by anyone using your username and password.
If you believe your personal information has been compromised, please contact us using the details below.
You must be responsible for protecting your own personal data, and we recommend that you:
- keep your PC updated with current anti-virus software
- treat emails with caution – remember we will never ask you to disclose your personal information via email
- ensure you choose a password that could not easily be guessed by someone else
- regularly visit the Take Five to Stop Fraud website to keep up to date with tips to protect yourself from the latest scams
All forms and online pages that hold your information use 128-bit encryption. This encryption makes your information unreadable to anyone who might intercept it. The latest browsers support 128-bit encryption, so we recommend that you always update your browser to the latest version.
In addition, a Secure Sockets Layer (SSL) is used to connect your browser to our secure servers.
This is a commonly used method of managing the security of messages transmitted across the Internet. You can tell that SSL is in use when a small padlock icon appears on your browser status bar.
It is our policy that if any of our customers or clients are victims of unauthorised access to their eccounts (provided they have not breached our security procedures, acted fraudulently or without reasonable care), we will cover any direct financial loss which they have suffered.
Under the UK Data Protection legislation, Data Protection Act 2018 (DPA 2018), you have rights as an individual, which you can exercise in relation to the information we hold about you.
Access to your personal information
To make a request for any personal information we may hold you need to put the request in writing addressing it to the Data Protection and Compliance Officer and writing to the address provided below.
If your personal information is incorrect
You have the right to question any information we hold about you that you think is wrong or incomplete.
If you believe we hold inaccurate or incomplete personal data about you please contact us using the details below, and we will take reasonable steps to check its accuracy and make any necessary corrections.
If corrections to your data are required, we will notify any relevant third parties and/or data processors that share this data, so they can also make corrections.
If you want us to stop using your personal information
You have the right to object to our use of your personal information, or to ask us to delete or stop using this information if there is no genuine requirement for us to keep it. This is known as the ‘right to object’, and the ‘right to erasure’ or ‘right to be forgotten’.
If you exercise these rights, we will review your request and inform you of our response and any actions taken. There may be legal or other official reasons why we need to keep or use your data, but if this is the case we will inform you of this.
Automated decision making
At times we will use systems to make automated decisions based on your personal information. This enables us to make quick and fair decisions, based on what we know. These automated decisions can affect the products, services, or features we may offer you.
When you open an eccount with us, we use automation to check that the product or service is relevant for you, based on what we know. We also check that you or your business meet the conditions of the product. This may include checking age, residency, nationality or financial position.
We also use your personal information to understand how you use your product(s), and to spot any activity that could potentially be fraudulent or criminal. If we think there is a risk of criminal activity, we may freeze your products or refuse access to them.
You have rights over automated decisions, and can request that we do not make our decisions based on an automated score alone. You can challenge an automated decision, and ask that a person reviews the data. If you want to talk to us about an automated decision please get in touch using the details below.
Making a complaint
We will always aim to collect and use your personal information in a way meets the highest data protection standards. We take any complaints about data protection very seriously, and encourage anyone who thinks that our collection or use of information is unfair, misleading, or inappropriate to contact us using the details below.
You also have the right to complain to the Information Commissioner’s Office. You can find details on their website advising how to report a concern.
If you want to request any further information you can write to us using the following address:
Tuxedo Money Solutions, PO BOX 3753, Chester, CH1 9UH
You can email us at firstname.lastname@example.org
You can call us on 0203 219 3100. Lines are open 9am – 5pm Monday to Friday, excluding bank holidays.