PRIVACY POLICY

Updated: 7 February 2025

Hey there! 👋

We're Trustie Technology Limited (Trustie, we, our, or us), and we take your privacy seriously. This policy is here to explain how we protect and handle your personal data when you use our Trustie Platform and Services.

We want you to feel confident about how your information is collected, used and protected. We want to make sure you are aware of your rights and understand how the law keeps your privacy and data safe. That's why we encourage you to read this policy carefully—along with any updates or related privacy policies—so you know exactly when, how, and why we use your data.

You'll find explanations for specific terms (ones with capital letters) at the end of the agreement. 📜

We've kept things clear and simple to ensure we're on the same page. If you ever feel unsure about anything, our friendly support team is just an email away at [email protected].

Why This Policy Matters 📄

This policy sets out how we collect and process your personal data when you use Trustie's Platform and Services.

This includes:

• Our website
• Gift card services
• Cashback rewards
• Our Trustie App
• When you buy a product or service from us
• When you post in the Trustie forum
• If you provide feedback, take a survey, or enter a competition

We don't knowingly collect data from children under 13 because our Services aren't designed for them.

This policy is a supplement to other policies we may have at Trustie on your privacy and doesn't override any of them.

Important information and who we are

We are the Controller of your data and responsible for the Trustie Platform and Services -- and our legal entity is: Trustie Technology Limited, registered in Northern Ireland, NI653889
‍

Our Data Protection Officer (DPO) is: Sukhi Byrne

‍Our DPO has overall responsibility in relation to any questions you have about our privacy policy and if you have any questions about the policy or want to exercise your legal rights, please contact our DPO.

Our Contact details 📞

Full name of legal entity: Trustie Technology Limited ‍
Email address: [email protected] ‍
Postal address: Trustie Technologies, Omagh Business Complex, Cortrush Industrial Estate, Omagh Business Complex, Great Northern Road, Omagh BT 78 5LU Northern Ireland

Telephone number: + +44 28 8230 6085
‍‍

Changes to the privacy policy
‍At Trustie we may from time to time update our privacy policy because we regularly review it.

Please contact us if you would like a copy of any past policies.

When you must inform us of any changes 💡

If there is a change in your circumstances, the data we hold about you may no longer be accurate. This is why we need you to keep any information you provide to us updated and let us know if anything does change in the relevant section of your personal data that you utilise in the Trustie Platform and Services.

The type of personal information we collect 👤

Personal information (or data) means any information about a person which enables that individual to be identified. The data is anonymous if it does not contain any personal information.

We may collect, use, process, store and transfer the following information:

• Your personal information -- including your full name, date of birth, gender, contact details, including email address and telephone number and also information you insert on your profile (username, password, interests, preferences, hashtags, comments, goals, posts, targets and responses)
• Any financial information -- including any bank account numbers, sort codes, IBAN numbers, payment card details, transactions, savings, investments and pensions
• Any financial information you provide when you link into our account, historical account transactions from all bank accounts that are linked to the Trustie Platform or Services
• Any financial transactions you make when you use our Trustie Platform or Services, including payments that come in and out of your account and purchases that you make (including gift cards)
• Any technical data related to how you use our Trustie Platform or Services -- including your login, the ID of the device you use (e.g. mobile, tablet, laptop and any other devices), internet protocol (IP) address, location, browser type you use and the version, plug-in types, operating system and platform
• Any information on how you use our Trustie Platform or Services
• Any information we request relating to marketing and communication -- including your preferences for marketing purposes, and any third parties and how you would like us to communicate with you
• Identification documents -- proof of identification including passport, driving licence, national insurance card and proof of address utility bills, bank statement and Liveness video
• Data from 3^rd parties including identity and verification information from fraud prevention agencies, data from partner merchants, identity, and behavioural data from social media account.
• Contacts information from you by letting us access and upload your phone contacts information, or by manually entering a phone number or email address.
• We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing fraud and financial crime, if it is in the wider public interest (for example, to protect customers' economic wellbeing); making our services accessible to customers; reporting of complaints for regulatory purposes. We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the purposes and activities for which the information is provided as set out in Schedule 1).
  This may include information revealing:
  a) racial or ethnic origin,
  b) religious or philosophical beliefs;
  c) trade union membership;
  d) biometric data used for fraud prevention and identification purposes including physical, physiological, and behavioural
  identification.
  e) information concerning health; and
  f) data concerning a person's sex life and sexual orientation.
• Where you have provided your consent for us to process your special category data, such as biometric data, you can change it any time by contacting us.

We may be unable to provide you with our Trustie Platform or Services if we do not get personal data, we require from you by law or if we require it for contractual purposes. We will make sure we tell you when we need it and let you know that if you don't provide it, why we will have to refuse or cancel any use of the Trustie Platform or Services with you.

Any data that doesn't directly or indirectly reveal your personal identity is not personal information about you and we sometimes will collect, use and share this type of information which we call Aggregated Data. If we connect this data to your personal information and we can identify you from it, then it is personal information which we will use for the purposes of our Privacy Policy.

How we get your personal information and why we have it 📝

Most of the personal information we process is provided to us directly by you (as detailed below) and we have also set out the reasons why we need to collect it.

When you interact with us directly by:

• inputting any information into our systems, including registration, we collect personal information
• inputting any information into the Trustie forum
• fill in any forms and surveys
• connect your accounts (UK bank accounts, saving accounts, credit cards, investment accounts, pensions, financial accounts)
• write to us, contact us via our website, Trustie Platform, email, phone or contact us through any other means
• create any accounts on our Trustie Platform
• apply for our Services, products or anything else we have on our Trustie Platform
• subscribe to our marketing list
• subscribe to our service or publications
• participate in our promotions, competition, or surveys and give any feedback
• Following or subscribed to any of our 3^rd party social media accounts

We collect technical data when you directly interact with us through our technology and automated technologies including our Trustie Platform and Services by automatically recording personal data through:

• your browsing history
• the device you are using
• using cookies and we also use cookies to gain data about other websites you are visiting, see our Cookie Policy for more information
• open banking technologies
• any server logs

We collect data on your transactions when you:

• carry out any payment transactions on our Trustie Platform or Services
• carry out any spending transactions
• make any payments into your account
• any transactions made via linked financial accounts (open banking)
• Trustie gift card transactions

We also receive personal information indirectly, from the following sources in the following scenarios, which are from any third parties (which may be based in the UK or and/or outside the UK and the EEA) -- and public sources that are available to us and include:

• analytical providers which may give us data (e.g. Google)
• delivery services for open banking and gift cards
• any payment, technical and delivery services
• data from data brokers and aggregators which include anti-money laundering checkers
• public sources which can help us verify your identity including the Electoral Register, address verification at Royal Mail Group Ltd, Communication Provider Databases
• parties who send money to and from you using our Trustie Platform or Services which include their identity, contact and any financial information

We use the information that you have given us in order to:

• provide you with a service(s) and/or when you use our Trustie Platform
• ensure we can enter into a contract with you to provide services
• provide you with our Services on our Trustie Platform which includes financial products, making payments, fees and charges
• ensure we can process and deliver payment requests from your bank accounts
• contact you if we need to provide any information about the Trustie Platform and/or Services
• make you aware of any marketing promotions we are offering (if you have provided prior consent)
• making recommendations as to how to budget effectively to achieve your goals

We may share anonymised information with the brands we have partnered with to ensure any marketing or promotion is appropriate to any customers.

If we change the reason as to why we are using your personal information, and it is not related to the original reason as to why we collected it, we will notify you and provide you with an explanation of why the law permits us to do so.

However, we will not inform you if we reasonably believe the change of purpose is related to our original reason or permitted or required by the law.

Sharing your personal data

There are times when we share your personal data with other parties and the reasons as to why we do (as detailed above).

We may need to share your personal information with other companies who will act as processors or joint controllers within our Trustie Group of companies (where joint services are performed for the group of companies e.g. IT and administration services), any agencies and organisations that assist with business functions and running our business (e.g. web hosting, CRM provider) including Tillo for Trustie gift cards and Salt Edge and Nuapay (provider of Open Banking services AIS and PIS), professional advisors (e.g. solicitors, auditors, insurers, consultants and bankers), any organisations assisting in providing checks for Trustie (e.g. anti-money laundering), legal regulators and authorities including HM Revenue & Customs and other authorities. If we decide to restructure, seek funding or sell (part or all of), transfer, or merge our business or any assets, we may need to share your personal information with such companies and we will ensure such companies are bound by confidentiality terms and conditions, which bind them in accordance with this policy and our instructions.

Legal Right to Process Information

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us as detailed above.

(b) We have a contractual obligation (See Schedule 1 below)

(c) We have a legal obligation (See Schedule 1 below)

(d) We have a legitimate interest (See Schedule 1 below)

How we store and keep your personal information secure 🛠️

Your information is securely stored. The measures we have in place ensure that your personal data is not used, given to or accessed by anyone who does not have authority to do so. We also make sure we don't accidentally lose your data, or that it is not changed without us being aware of it. Your personal information is only accessed by those in our organisation who are entitled to view it for business reasons. There are a number of processes and procedures we put in place to limit which other parties can view your personal information for business purposes.

Data Retention ⏳

We retain your personal, financial and technical data for only such period as necessary for the reason we have collected that data, or longer if there is any prospective litigation between us, we may also need to hold onto that data for other purposes which enable us to comply with our legal, tax, accounting, tax obligations or reporting requirements. The type of data we collect also impacts our decision as to how long we hold onto that data. We dispose of your data by permanently deleting from all of our servers.

Your data protection rights 🛡️

You have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to delete your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. However, if your request is unreasonable or excessive we may charge a reasonable fee in such circumstances and we may take longer than one month to fulfil such a request, but we will aim to fulfil your request within a reasonable time period.

Please see our contact details above if you wish to make a request.

Your Right to Complain 💬

If you have any concerns about our use of your personal information, you can make a complaint to us at:

Email: [email protected]

Write to us at: Trustie Technologies, Omagh Business Complex, Cortrush Industrial Estate , Omagh Business Complex, Great Northern Road, Omagh BT 78 5LU Northern Ireland

Phone us: +44 28 8230 6085

You can also complain to the ICO if you are unhappy with how we have used your data. We would like an opportunity to resolve your complaint in the first instance and would like you to contact us first, if possible.

Information Commissioner's Office (ICO)

The ICO's address:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Trustie's ICO Registration number is ZB628293

Schedule 1 -- Schedule of Purposes of Processing

We would like you to fully understand the legal reasons as to why we use and share your personal information in our business and have set these out in the sections below.

A. Contractual necessity

We need certain information from you to enable us to enter into a contract with you for the Trustie Platform and/or Services, and we may be unable to provide or continue to provide you with the Trustie Platform and/or Services if we do not get this personal data for contractual purposes.

The personal information we collect enables us to assess and process your application form for our services, provide our services, set up and manage your accounts and sub-accounts (including transferring money, managing and processing transactions, processing payments to and from your account (between accounts and to other accounts) and manage our services. It also ensures we can communicate with you about your account(s) including resolving any queries, complaints, keeping you updated of any changes and managing and maintaining our relationships with you. We may need to share information with other group companies to ensure we can keep improving our services. Any communications we have with you may be recorded and monitored. We may need to collect and issue necessary documentation and act in accordance with your instructions. If applicable, we will be applying filters based on the age of those whom you open sub-accounts on behalf of to enable them to only utilise certain versions of our Trustie Platform.

B. Legal obligation

We need certain information from you to enable us to comply with the law for the services we provide. We may be unable to provide or continue to provide you with the Trustie Platform and/or Services if we do not get this personal data for legal purposes.

This may include the following:

The law requires us to confirm your identity and we will need to use certain information from you to do so. This will include us collecting and processing voice-recognition technology, using biometric information and any other procedures we may employ to verify your identity as long as we have your consent to do so.

We are legally obliged to share data with other organisations including the police, tax authorities, law enforcement agencies, government agencies, fraud prevention and any other agencies where we are required to report any activity that is suspicious or comply with production or court orders.

The law requires us to monitor your transactions, perform any necessary checks, and review location data to prevent and detect any criminal activities. The law may require us to review and process information about any criminal convictions and offences, fraud, threats and share data with law enforcement agencies and regulatory bodies. We will also need to comply with the law relating to fraud, terrorist financing, money laundering, bribery, international sanctions and corruption.

We are also legally obliged to share your data with banks and any other relevant parties that need to reclaim any monies that have incorrectly, due to an error by a third party, been applied to your account (or any sub-accounts).

If we are legally required to investigate your account to ensure we can correct any errors due to our services, resolve any complaints, conduct a formal investigation into breaches of our policies or conduct by any of employees or anyone involved in our organisation, manage litigation, contentious regulatory matters and any other investigations.

If we are required to assess our own internal procedures and processes to identify, monitor, manage and report any risks which may be present in them, this includes being able to comply with any legal obligations in relation to responding to any risks for our own business and making sure the systems, facilities and people within the organisation are able to continue to provide these services. We also need to respond to emergencies on any properties/premises and investigate and report upon such incidents.

If we need to send you any communications, terms and conditions, updates to our products, services, which we are required to do so by law.

If the law requires us to assess and analyse our personal data to manage, fix and improve data quality.

C. Legitimate interests

If there is a legitimate interest as an organisation or of a third party, we may need to process your information.

Running & managing our business

There may be reasons connected to how we run, manage and operate our business and whether we are required to do anything to ensure that our processes and procedures work well in terms of how we operate within our business.

This may include the following:

How we manage the physical operations of our business including, monitoring our properties (whether by CCTV or otherwise to ensure we can prevent crime), monitoring any accidents, incidents that occur, ensure we are prepared for emergency situations and can provide relevant training internally. Making sure we are prepared for disaster recovery and overall business continuity.

How we manage Information technology, information and network security in our organisation. This includes how we respond to any emergencies, business incidents. How we use technology to maintain, improve and monitor our communications solutions, services, information and data, business processes, authorised and unauthorised access to our information technology and telecommunications and website.

How we manage risks in our business including preventing and detecting crime, protecting personal data, managing material risks and protecting our legal rights and interests.

How we report internally in our business including reporting practices, internal management, supervisory authorities, financial and regulatory accounting and reporting.

How we reorganise our business, transfer, propose a sale, sell, or any other method we use to carry out a transaction relating to our business.

Developing and improving our business

There may be reasons as to how we want to improve and develop our business, to ensure we can provide services that meet our customers' requirements.

This may include the following:

We want to ensure we can review and develop any new business opportunities and work on developing our relationship with you too, by being able to carry out research, monitor and review how well our services work, and also make sure that we are aware of any additional needs you may have and ensure that we adequately provide any necessary support and services which meet those needs and offer you any extra protection if required.

We analyse customer data to ensure that we can review any errors we make, review our processes, implement changes where our actions have had an adverse impact on our customers, we can analyse complaints, make any necessary payments to compensate customers due to any of our failures whether process or regulatory failures.

We may analyse and identify third-party products, services and data you use to help us to assist with the above matters. And, to make sure that we can improve our service and comprehend your needs better.

Sending you marketing information, including marketing information online and on our other services (including our Trustie Platform), by email, SMS or post. We will only share marketing information within our own group companies or companies we have selected which we have analysed and consider will be of value to you.

Using your information to ensure we can review and assess the effectiveness of our own internal departments and how they interact with you and implement any necessary improvements or develop new services and products, or offers, to ensure you have a positive experience with us. This is why we record your communications in our Trustie Platform to continually improve your experience with our customer services team. The information we may analyse includes your actions, transactions, feedback, financial information and any profile information and preferences.

Managing risk in our business

We will need to protect our business and ensure that we prevent fraud, financial crime and any other criminal activities.

This may include the following:

Making sure we liaise with external agencies (including law enforcement, fraud prevention, banks and regulatory bodies) and share data to prevent fraud. Carry out investigations, gathering intelligence, carrying out checks and regular monitoring, to ensure we can detect and investigate any criminal activity in our business. Ensuring we screen customers using our internal fraud databases, gather intelligence and investigate any suspicious activity on suspected financial crimes, and fraud and threats. This could include money laundering, financial crime, fraud, bribery and corruption, terrorist financing, trafficking and international sanctions.

Making sure we can carry out our own internal assessments including financial risk assessments, risk reporting and risk management, carrying out improvements and consultations in the business industry, responding to complaints and investigating complaints made directly to us, or any third parties.

Enabling us to review and check your accounts and make any necessary decisions, if we need to check on our customers and potential customers, confirm any payee data business partners and associated persons, screening against external databases and sanctions lists and reviewing any connections to politically persons who are exposed.

Definitions 📚

• Services: All services we offer on the Trustie Platform including the Ask Service, Rewards Service, Gift Cards Service, Saving & Spending Service and any other services we provide.
• Terms: These terms and conditions outlined in the Terms and Conditions agreement.
• Trustie: Trustie Technology Limited a UK-based company (registration number NI653889) and our registered office is Trustie Technologies, Omagh Business Complex, Cortrush Industrial Estate, Omagh Business Complex, Great Northern Road, Omagh BT 78 5LU Northern Ireland
• Trustie App or App: The Trustie mobile application
• Trustie Platform: The Trustie App and the Website used to access the Services.
• Trustie Profile or Profile: The profile a Trustie User sets up via the Trustie Platform to access the Service
• Trustie User: A registered user of the Trustie Platform
• Website: The Trustie website at www.trustie.co.uk