We are the data controller of your information; our data controller registration number is ZA100119. You can check our registration details with the Information Commissioner’s Office (ICO) at https://www.ico.org.uk/esdwebpages/search.
1. What information do we collect about you?
We may collect the following types of data about you:
We get this information from you, your mobile phone, cookies, your bank, credit reference agencies or other third parties such as our partners, service providers, advertising networks, analytics providers, search information providers and social media.
We may also record or monitor telephone conversations or other communications between you and us, which is another source of how we get data about you.
2. How do we use that information?
We use this information to provide you with our services, to improve our services to you, to administer your account and communicate with you. We also use anonymised information collected from all of our customers for research, profiling and analytical purposes.
The list below details exactly how we use the different types of data fields we collect and which lawful basis we rely on (see section 4 below for more details).
3. Who may we share your information with?
We may share your data with other members of our group and with other third parties, such as our service providers, advertisers, credit reference agencies and fraud prevention agencies. This is to enable us to provide you with the products, services and information you request. As such, your data may be shared with the third parties listed below. We encourage you to read their respective privacy policies as these will apply.
|Fraud prevention agencies such as CIFAS (UK’s Fraud Prevention Service), Crimestoppers and ActionFraud (the FPAs) ||
In certain circumstances we may be required to provide your data to the FPAs to ensure you are not involved in fraudulent activities. The FPAs will use your data by:
|Blenheim Chalcot LTF Limited (BC)|
BC provide us with ad hoc legal, tax and finance advice. There may be instances where we share your data with BC to enable them to provide their services to us. BC will only use your data as instructed by us.
L&Z enable you to set up a direct debit to transfer savings into your Modulr payment account.
Intercom provides the technology to enable and store our non-voice consumer communications (web chat, email etc)
|VIA provides the technology to enable and store our voice based consumer communications|
|Cloud Based Services|
Associated technologies and cloud based services required to provide the Tully services. All data is processed securely, encrypted in transmission and at rest.
|Business Finance Technology Group Limited t/a OpenWrks|
OpenWrks enables you to share your financial information with us securely and directly from your bank account so we can analyse your spending habits as part of suggesting ways for you to save without you having to manually upload your bank statements.
|Modulr Finance Limited||
Modulr enables you to open an eMoney account so you can transfer your savings into a single account.
|Financial Conduct Authority (the FCA)||
The FCA may, as our regulator, require us to share information with them and this information may include your data.
Providers of products to which you choose to be referred will need to identify you in order to offer their products and services.
|The company that pays for your access to our Money Coaching Services||
If a company is paying for you to access our Money Coaching Services, then this company may require us to share your personal data with them so they can see the impact of the Money Coaching Services on your debt repayments.
In the majority of the above cases we will obtain your consent before sharing your data with these third parties who also act as data controllers. There may, however, be instances where we are required to share your data, but we will not obtain your consent beforehand (i.e. when required by the FCA or if your consent has already been obtained by a third party).
4. What is the legal basis for processing your information?
We rely on three (3) different lawful bases for processing your data. These are:
The above list is not exhaustive. Where we rely on legitimate interests, you have the right to object at any time by contacting us at the details listed in section 12 below.
5. Direct marketing and how you can change your preference
We may reach out to you directly by email, phone or post for the following purposes:
(A) Product recommendations from third parties – we’ll get in touch with personalised, timely product recommendations from our third party partners that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like either by clicking on the unsubscribe button on the email or by telling us (see section 12 below).
(B) Product recommendations from us – we’ll get in touch with news about our products and services if we feel they will be of interest to you. Where such products or services are similar to what you’ve already purchased on our platform, we rely on the legitimate interests’ legal basis of our need to grow our business. Otherwise we will only send these communications to you if you have provided your explicit consent. Either way, you can always unsubscribe whenever you like by clicking the unsubscribe button on the email or by telling us (see section 12 below).
(C) Content communications – we’ll send you content such as tips, research, features and news, coaching programmes on how to keep on top of your money and other related content. We rely on the legitimate interests’ legal basis of the need to provide you with information about financial planning matters so that you can keep on top of your financial affairs. You can unsubscribe from these communications at any time.
(D) Core communications – we’ll send you key information about our product and services including alerts about your goals and challenges security announcements regarding the Tully platform and your account and significant changes which may impact our service and other related content. These communications are core to the delivery of our services and cannot be opted-out of.
6. How do we protect your information?
We protect your information by adhering to internationally recognised Information Security best practices and standards.
We take the security of your data very seriously and use strict procedures to protect it. Whenever we transfer personal data outside of the UK/European Economic Area (“EEA”), we ensure that appropriate safeguards are in place to protect the data.
All information you provide to us is stored in UK data centres which provide secure cloud infrastructure that are designed by Information Security professionals. We adhere to best practices which among many include defence in depth, security by design, least privilege principles and providing both physical and logical access controls.
We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
Where possible, we try to only process your information within the UK and EEA. If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.
7. How long do we keep your information for?
We keep your information for as long as you have an account on the Tully Money Coaching platform. All of your personal data will be removed within six (6) months of you terminating your Tully Money Coaching account. After which point we will only retain anonymised data which cannot identify you and is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes. We may also keep your email address to ensure that you no longer receive any communications from us and your name, date of birth and latest address for fraud prevention purposes and for the exercise or defence of a legal claim.
8. Do we use Automated Decision Making?
Yes. We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know.
You have the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making, please contact us at the details listed in section 12 below.
10. What are your rights?
You are able to:
(A) request access to your data from us;
(B) ask us to correct the data that we hold on you if it’s incorrect;
(C) object to the use of your data by us;
(D) restrict the use of your data by us;
(E) ask us to erase the data we hold on you;
(F) have your data transferred to you or another third party; and
(G) withdraw your consent regarding processing where we have obtained your consent.
If you wish to exercise any of your rights, please contact us at the details listed in section 12 below.
12. Contact us
13. Complaints to the ICO