Revised: 12 June 2024

Hello – we are Trustie (‘we’, ‘our’ and ‘us) and this is our Privacy Policy. We want you to know that we care about your privacy. Our Privacy Policy sets out how we protect your data when you use our services.

We want to ensure that you are aware of your rights and understand how the law keeps your privacy and data safe. We really want you to read this policy (and any updates or other policies on the use of your data) because it’s important you fully understand when, how and why we collect your data and how we use your data at Trustie.

Purpose of this privacy policy
‍
We want you to know how you collect your personal data and process it when you use our Services.  The Services that you may use on our platform and from which we will collect your data include; our website, gift services, cashback reward services, any access to our App (mobile application), if you buy a product or service from us, post onto the Trustie forum, provide feedback, complete a survey and or enter a competition.

We do not purposively and knowingly collect any data relating to children under the age of 13 years old, because we do not permit such children to use any of our Services.
‍
This policy is a supplement to other policies we may have at Trustie on your privacy and doesn’t override any of them.

Important information and who we are  
‍

Who are we?

We are the Controller of your data and responsible for the website and App – and our legal entity is:

Trustie Technology Limited, registered in Northern Ireland, NI653889
‍

Our data protection officer (DPO) is Sukhi Byrne

‍

Our DPO has overall responsibility in relation to any questions you have about our privacy policy and if you have any questions about the policy or want to exercise your legal rights, please contact our DPO. Our contact details are:
‍
Contact details

Full name of legal entity: Trustie Technology Limited
‍Email address: [email protected]
‍Postal address: Trustie Technologies Catalyst, The Innovation Centre, Queen’s Road, Belfast BT3 9DT

Telephone number: + +44 28 8230 6085
‍‍
Changes to the privacy policy
‍

At Trustie we may from time to time update our privacy policy because we regularly review it. Please contact us if you would like a copy of any past policies.

When you must inform us of any changes

If there is a change in your circumstances, the data we hold about you may no longer be accurate. This is why we need you to keep any information you provide to us updated and let us know if anything does change in the relevant section of your personal data that you utilise in our Services.

The type of personal information we collect

Personal information (or data) means any information about a person which enables that individual to be identified. The data is anonymous if it does not contain any personal information. 

We may collect, use, process, store and transfer the following information:

• Your personal information – including your full name, date of birth, gender, contact details, including email address and telephone number and also information you insert on your profile (username, password, interests, preferences, hashtags, comments, goals, posts, targets and responses)
• Any financial information – including any bank account numbers, sort codes, IBAN numbers, payment card details, transactions, savings, Investments and pensions
• Any financial information you provide when you link into our account, historical account transactions from all bank accounts that are linked to the App
• Any financial transactions you make when you use our App, website, accounts, services and products, including payments that come in and out of your account and purchases that you make (including gift cards)
• Any technical data related to how you use our Services – including your login, the ID of the device you use (e.g. mobile, tablet, laptop and any other devices), internet protocol (IP) address, location, browser type you use and the version, plug-in types, operating system and platform
• Any information on how you use our App, website, services and products
• Any information we request relating to marketing and communication – including your preferences for marketing purposes, and any third parties and how you would like us to communicate with you
• Identification documents – proof of identification including passport, driving licence, national insurance card and proof of address utility bills, bank statement and Liveness video
• Data from 3^rd parties including identity and verification information from fraud prevention agencies, data from partner merchants, identity, and behavioural data from social media account.
• Contacts information from you by letting us access and upload your phone contacts information, or by manually entering a phone number or email address.
• We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing fraud and financial crime, if it is in the wider public interest (for example, to protect customers’ economic wellbeing); making our services accessible to customers; reporting of complaints for regulatory purposes. We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the purposes and activities for which the information is provided as set out in Schedule 1).
  This may include information revealing:
  a) racial or ethnic origin,
  b) religious or philosophical beliefs;
  c) trade union membership;
  d) biometric data used for fraud prevention and identification purposes including physical, physiological, and behavioural
  identification.
  e) information concerning health; and
  f) data concerning a person’s sex life and sexual orientation.

• Where you have provided your consent for us to process your special category data, such as biometric data, you can change it any time by contacting us.

We may be unable to provide you with our Services if we do not get personal data, we require from you by law or if we require it for contractual purposes. We will make sure we tell you when we need it and let you know that if you don’t provide it, why we will have to refuse or cancel any Services with you.

Any data that doesn’t directly or indirectly reveal your personal identity is not personal information about you and we sometimes will collect, use and share this type of information which we call Aggregated Data. If we connect this data to your personal information and we can identify you from it, then it is personal information which we will use for the purposes of our Privacy Policy.

How we get your personal information and why we have it

Most of the personal information we process is provided to us directly by you (as detailed below) and we have also set out the reasons why we need to collect it.

When you interact with us directly by:

• inputting any information into our systems, including registration, we collect personal information
• inputting any information into the Trustie forum
• fill in any forms and surveys
• connect your accounts (UK bank accounts, saving accounts, credit cards, investment accounts, pensions, financial accounts)
• write to us, contact us via our website, App, email, phone or contact us through any other means
• create any accounts on our App and/or website
• apply for our services, products or anything else we have on our App and website
• subscribe to our marketing list
• subscribe to our service or publications
• participate in our promotions, competition, or surveys and give any feedback
• Following or subscribed to any of our 3^rd party social media accounts

We collect technical data when you directly interact with us through our technology and automated technologies including our App and website by automatically recording personal data through:

• your browsing history
• the device you are using
• using cookies and we also use cookies to gain data about other websites you are visiting, see cookie policy for more information
• open banking technologies
• any server logs

We collect data on your transactions when you:

• carry out any payment transactions on our App, website, services and products
• carry out any spending transactions
• make any payments into your account
• any transactions made via linked financial accounts (open banking)
• Trustie Prepays (gift card) transactions 

We also receive personal information indirectly, from the following sources in the following scenarios, which are from any third parties (which may be based in the UK or and/or outside the UK and the EEA) – and public sources that are available to us and include:

• analytical providers which may give us data (e.g. Google)
• delivery services for open banking and gift cards
• any payment, technical and delivery services
• data from data brokers and aggregators which include anti-money laundering checkers
• public sources which can help us verify your identity including the Electoral Register, address verification at Royal Mail Group Ltd, Communication Provider Databases
• parties who send money to and from you using our App, website, services and products which include their identity, contact and any financial information

We use the information that you have given us in order to:

• provide you with a service and/or product when you use our App and/or website
• ensure we can enter into a contract with you to provide services
• provide you with our services on our App, website, accounts and products which include financial products, making payments, fees and charges
• ensure we can process and deliver payment requests from your bank accounts
• contact you if we need to provide any information about the App, website, services and products
• make you aware of any marketing promotions we are offering (if you have provided prior consent)
• making recommendations as to how to budget effectively to achieve your goals

We may share anonymised information with the brands we have partnered with to ensure any marketing or promotion is appropriate to any customers.

If we change the reason as to why we are using your personal information, and it is not related to the original reason as to why we collected it, we will notify you and provide you with an explanation of why the law permits us to do so.

However, we will not inform you if we reasonably believe the change of purpose is related to our original reason or permitted or required by the law.

Sharing your personal data

There are times when we share your personal data with other parties and the reasons as to why we do (as detailed above).

We may need to share your personal information with other companies who will act as processors or joint controllers within our Trustie Group of companies (where joint services are performed for the group of companies e.g. IT and administration services), any agencies and organisations that assist with business functions and running our business (e.g. web hosting, CRM provider) including Tillo for Trustie Prepays (gift cards) and Salt Edge (provider of Open Banking services AIS and PIS), professional advisors (e.g. solicitors, auditors, insurers, consultants and bankers), any organisations assisting in providing checks for Trustie (e.g. anti-money laundering), legal regulators and authorities including HM Revenue & Customs and other authorities. If we decide to restructure, seek funding or sell (part or all of), transfer, or merge our business or any assets, we may need to share your personal information with such companies and we will ensure such companies are bound by confidentiality terms and conditions, which bind them in accordance with this policy and our instructions.

Legal Right to Process Information

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us as detailed above.

(b) We have a contractual obligation (See Schedule 1 below)

(c) We have a legal obligation (See Schedule 1 below)

(d) We have a legitimate interest (See Schedule 1 below)

How we store and keep your personal information secure

Your information is securely stored. The measures we have in place ensure that your personal data is not used, given to or accessed by anyone who does not have authority to do so. We also make sure we don’t accidentally lose your data, or that it is not changed without us being aware of it. Your personal information is only accessed by those in our organisation who are entitled to view it for business reasons. There are a number of processes and procedures we put in place to limit which other parties can view your personal information for business purposes.

Data Retention

We retain your personal, financial and technical data for only such period as necessary for the reason we have collected that data, or longer if there is any prospective litigation between us, we may also need to hold onto that data for other purposes which enable us to comply with our legal, tax, accounting, tax obligations or reporting requirements. The type of data we collect also impacts our decision as to how long we hold onto that data. We dispose of your data by permanently deleting from all of our servers. 

Your data protection rights

You have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to delete your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. However, if your request is unreasonable or excessive we may charge a reasonable fee in such circumstances and we may take longer than one month to fulfil such a request, but we will aim to fulfil your request within a reasonable time period.

Please see our contact details above if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at:

Email: [email protected]

Or write to us at: Trustie Technologies Catalyst, The Innovation Centre, Queen’s Road, Belfast, BT3 9DT

Phone Number: +44 28 8230 6085

You can also complain to the ICO if you are unhappy with how we have used your data, we would like an opportunity to resolve your complaint in the first instance and would like you to contact us first, if possible.

Information Commissioner’s Office (ICO)

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Trustie’s ICO Registration number is ZB628293

Schedule 1 – Schedule of Purposes of Processing

We would like you to fully understand the legal reasons as to why we use and share your personal information in our business and have set these out in the sections below.

A. Contractual necessity

We need certain information from you to enable us to enter into a contract with you for our Services, and we may be unable to provide or continue to provide you with our Services if we do not get this personal data for contractual purposes.

The personal information we collect enables us to assess and process your application form for our Services, provide our Services, set up and manage your accounts and sub-accounts (including transferring money, managing and processing transactions, processing payments to and from your account (between accounts and to other accounts) and manage our Services. It also ensures we can communicate with you about your account(s) including resolving any queries, complaints, keeping you updated of any changes and managing and maintaining our relationships with you. We may need to share information with other group companies to ensure we can keep improving our services. Any communications we have with you may be recorded and monitored. We may need to collect and issue necessary documentation and act in accordance with your instructions. If applicable, we will be applying filters based on the age of those whom you open sub-accounts on behalf of to enable them to only utilise certain versions of our App.

B. Legal obligation

We need certain information from you to enable us to comply with the law for the Services we provide. We may be unable to provide or continue to provide you with our Services if we do not get this personal data for legal purposes.

This may include the following:

The law requires us to confirm your identity and we will need to use certain information from you to do so. This will include us collecting and processing voice-recognition technology, using biometric information and any other procedures we may employ to verify your identity as long as we have your consent to do so.  

We are legally obliged to share data with other organisations including the police, tax authorities, law enforcement agencies, government agencies, fraud prevention and any other agencies where we are required to report any activity that is suspicious or comply with production or court orders.

The law requires us to monitor your transactions, perform any necessary checks, and review location data to prevent and detect any criminal activities. The law may require us to review and process information about any criminal convictions and offences, fraud, threats and share data with law enforcement agencies and regulatory bodies. We will also need to comply with the law relating to fraud, terrorist financing, money laundering, bribery, international sanctions and corruption.

We are also legally obliged to share your data with banks and any other relevant parties that need to reclaim any monies that have incorrectly, due to an error by a third party, been applied to your account (or any sub-accounts).

If we are legally required to investigate your account to ensure we can correct any errors due to our Services, resolve any complaints, conduct a formal investigation into breaches of our policies or conduct by any of employees or anyone involved in our organisation, manage litigation, contentious regulatory matters and any other investigations.

If we are required to assess our own internal procedures and processes to identify, monitor, manage and report any risks which may be present in them, this includes being able to comply with any legal obligations in relation to responding to any risks for our own business and making sure the systems, facilities and people within the organisation are able to continue to provide these Services. We also need to respond to emergencies on any properties/premises and investigate and report upon such incidents.

If we need to send you any communications, terms and conditions, updates to our products, Services, which we are required to do so by law.

If the law requires us to assess and analyse our personal data to manage, fix and improve data quality.

C. Legitimate interests

If there is a legitimate interest as an organisation or of a third party, we may need to process your information.

Running & managing our business

There may be reasons connected to how we run, manage and operate our business and whether we are required to do anything to ensure that our processes and procedures work well in terms of how we operate within our business.

This may include the following:

How we manage the physical operations of our business including, monitoring our properties (whether by CCTV or otherwise to ensure we can prevent crime), monitoring any accidents, incidents that occur, ensure we are prepared for emergency situations and can provide relevant training internally. Making sure we are prepared for disaster recovery and overall business continuity.

How we manage Information technology, information and network security in our organisation. This includes how we respond to any emergencies, business incidents. How we use technology to maintain, improve and monitor our communications solutions, services, information and data, business processes, authorised and unauthorised access to our information technology and telecommunications and website.

How we manage risks in our business including preventing and detecting crime, protecting personal data, managing material risks and protecting our legal rights and interests.

How we report internally in our business including reporting practices, internal management, supervisory authorities, financial and regulatory accounting and reporting.

How we reorganise our business, transfer, propose a sale, sell, or any other method we use to carry out a transaction relating to our business.

Developing and improving our business

There may be reasons as to how we want to improve and develop our business, to ensure we can provide Services that meet our customers’ requirements.

This may include the following:

We want to ensure we can review and develop any new business opportunities and work on developing our relationship with you too, by being able to carry out research, monitor and review how well our Services work, and also make sure that we are aware of any additional needs you may have and ensure that we adequately provide any necessary support and Services which meet those needs and offer you any extra protection if required.

We analyse customer data to ensure that we can review any errors we make, review our processes, implement changes where our actions have had an adverse impact on our customers, we can analyse complaints, make any necessary payments to compensate customers due to any of our failures whether process or regulatory failures.

We may analyse and identify third-party products, services and data you use to help us to assist with the above matters. And, to make sure that we can improve our service and comprehend your needs better.  

Sending you marketing information, including marketing information online and on our other Services (including our App), by email, SMS or post. We will only share marketing information within our own group companies or companies we have selected which we have analysed and consider will be of value to you.

Using your information to ensure we can review and assess the effectiveness of our own internal departments and how they interact with you and implement any necessary improvements or develop new services and products, or offers, to ensure you have a positive experience with us. This is why we record your communications in our App and website to continually improve your experience with our customer services team. The information we may analyse includes your actions, transactions, feedback, financial information and any profile information and preferences.

Managing risk in our business

We will need to protect our business and ensure that we prevent fraud, financial crime and any other criminal activities.

This may include the following:

Making sure we liaise with external agencies (including law enforcement, fraud prevention, banks and regulatory bodies) and share data to prevent fraud. Carry out investigations, gathering intelligence, carrying out checks and regular monitoring, to ensure we can detect and investigate any criminal activity in our business. Ensuring we screen customers using our internal fraud databases, gather intelligence and investigate any suspicious activity on suspected financial crimes, and fraud and threats. This could include money laundering, financial crime, fraud, bribery and corruption, terrorist financing, trafficking and international sanctions.

Making sure we can carry out our own internal assessments including financial risk assessments, risk reporting and risk management, carrying out improvements and consultations in the business industry, responding to complaints and investigating complaints made directly to us, or any third parties.

Enabling us to review and check your accounts and make any necessary decisions, if we need to check on our customers and potential customers, confirm any payee data business partners and associated persons, screening against external databases and sanctions lists and reviewing any connections to politically persons who are exposed.