Privacy Policy

We ask that you read this privacy policy which was last updated on the date set out below (Privacy Policy) carefully as it contains important information on who we are, how and why we collect, store, use, transfer and share personal information, your rights in relation to your personal information, and how to contact us and supervisory authorities (the ICO (as defined below)) in the event you have a complaint. This Privacy Policy should be read alongside, and in addition to any separate product or service agreement entered into between us from time to time.

Whenever we refer to the ‘law’ under this Privacy Policy we are referring to those laws all as amended from time to time. Where we have used but haven’t explained the meaning of a defined term in this Privacy Policy, that defined term has the same meaning as set out under the DPA (as defined below), the Tide Platform Terms of Use, the Bank Account Terms or the Tide Card Terms and Conditions. When we refer to ‘information’ or ‘data’ under this Privacy Policy we refer to your personal information.

This Privacy Policy is divided into the following sections:

  • Who we are
  • Personal information we collect
  • Where we collect personal information
  • How we use your personal information
  • Who we share your personal information with
  • How long we keep your personal information
  • Transfer of your information out of the EEA
  • Cookies and similar technologies
  • Your rights
  • How to contact us and How to complain
  • How to withdraw your consent
  • Credit Reference Agencies
  • ClearBank
  • Prepay Technologies Limited

Who we are

In this Privacy Policy reference to us, our, we, or Tide are to Tide Platform Ltd (Co. No. 09595646). We are registered with ICO (registration no. ZA165305) and are authorised and regulated by the Financial Conduct Authority (FCA) in the United Kingdom (UK) with reference number: 718743. Another Tide company is Tide Platform Limited (Co. No. 09595646), which is authorised and regulated by the FCA in the UK as an Electronic Money Institution (reference number: 900843).

Your personal information that we collect from you will be held by Tide Platform Ltd, which is part of the Tide Group. The Tide Group is made up of a mix of companies, involving different Tide and non-Tide legal entities (more information about this can be found on our website). We’ll let you know which Tide or non-Tide company you have a relationship with, when you take out a product or service with us. We provide the products and services offered on the Tide website and/or Tide mobile application (app) www.tide.co (together, the Platform)

We collect, process, use and are responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (EU) 2016/679 (GDPR) which applies across the European Union and EEA (including in the UK), and the Data Protection Act 2018 (together with the DPA).

We are responsible as ‘controller’ of that personal information for the purposes of those laws. If you have any queries about this Privacy Policy or how we or any other Tide Group company (may) collect, store or use your information, please contact us by email at hello@tide.co.

Personal information we collect

Below is a list of types of personal information that we may collect and use when you apply for, or use any of our products or services.

Type of personal information

Description

Contact

Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you

Transactional

Details about the transactions you carry out and the payments to and from your accounts with us

Contractual

Details about the products or services we provide to you

Locational

Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card.

Behavioural

Details about how you use products and services via our Platform from us and other organisations

Technical

Details on the devices and technology you use

Communications

What we learn about you from communications between us.

Public and third-party records

Details about you that are in public records, such as the Electoral Register, and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies (see below for more information).

Usage data

Other data about how you use our products and services

Documentary data

Details about you that are stored in documents in different formats, or copies of them. This could include things like (without limitation) your passport, driver’s licence, photographs or birth certificate.

Consents

Any permissions, consents or preferences that you give us

Where we collect personal information

We may collect personal information about you (or your business) from other Tide Group companies and any of these sources:

Data you provide to us

This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf.

  • When you apply for our products and services
  • When you talk to us on the phone
  • When you use our website or mobile app
  • In emails, web chats and letters
  • In surveys
  • If you take part in our competitions or promotions

Data we collect when you use our products or services

  • Payment and transaction data
  • Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).
  • We also use cookies and other internet tracking software to collect data while you are using our website or mobile app (or any other device) (as described in more detail below).

Data from third parties

  • Companies and business partners that introduce you to us
  • Our service partners, such as PPS and ClearBank (each as defined below)
  • Our third-party vendors, including (without limitation) those that help us authenticate your identity
  • Credit reference agencies such as (without limitation) TransUnion, Equifax and Experian
  • Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)
  • Fraud prevention agencies
  • Other financial services companies (to fulfil a payment or other service as part of a contract [which they have] with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour)
  • Public information sources such as (without limitation) Companies House
  • Third-party agents, suppliers, sub-contractors and advisers
  • Market researchers
  • Firms providing data services
  • Government, law enforcement agencies, authorities and regulatory bodies to help the Tide Group comply with its legal obligations;

How we use your personal information

Below is a list of the ways that we may use your personal information and our reasons for doing so:

What we use your personal information for

Our reasons

Serving you

  • Managing our relationship with you or your business
  • Developing and carrying out marketing activities
  • Studying how our customers use products and services from us and other organisations
  • Communicating with you about our and our business partners’ products and services
  • Fulfilling our contract with you
  • When it is our legal duty
  • When you consent to it
  • When it is in our legitimate interest:
    • Keeping our records up to date
    • Working out which of our products and services may interest you and telling you about them
    • Developing products and services, our pricing for them and types of customers that may want to use them
    • Asking for your consent when we need it to contact you

Improving our business

  • Testing new products
  • Improving our products and services
  • Managing how we work with other companies that provide services to us and our customers
  • Developing new ways to meet our customers’ needs and to grow our business
  • Fulfilling our contract with you
  • When it is our legal duty
  • When you consent to it
  • When it is in our legitimate interest:
    • Developing products and services, our pricing for them and types of customers that may want to use them
    • Being efficient about how we fulfil our legal and contractual duties

Managing our operations

  • Delivering our and our business partners’ products and services
  • Making and managing customer payments
  • Managing fees, charges and interest due on customer accounts
  • Collecting and recovering money that is owed to us
  • Fulfilling our contract with you
  • When it is our legal duty
  • When it is in our legitimate interest:
    • Being efficient about how we fulfil our legal and contractual duties
    • Complying with rules and guidance from regulators

Crime prevention and managing risks

  • Identifying, investigating, reporting and preventing fraud, money laundering and other crime
  • Managing risk for us and our customers
  • Complying with laws and regulations
  • Investigating and responding to complaints and feedback
  • Fulfilling our contract with you
  • When it is our legal duty
  • When it is in our legitimate interest:
    • Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect
    • Being efficient about how we fulfil our legal and contractual duties
    • Complying with rules and guidance from regulators

Business management

  • Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit
  • When it is our legal duty
  • When it is in our legitimate interest:
    • Being efficient about how we fulfil our legal and contractual duties
    • Complying with rules and guidance from regulators
  • Carrying out our obligations arising from and exercising our rights set out in our contracts
  • Fulfilling our contract with you

Who we share your personal information with

Below is a list of the types of third parties that we may share your personal information with. We will only disclose personal information with such third parties for the reasons explained in this Privacy Policy.

Tide Group
We may share your personal information with other companies in Tide Group.

Authorities
This means legal or other official bodies that include (without limitation):

  • Central and local government, and where applicable, any EU/EEA or any other international government agency
  • HM Revenue & Customs, regulators and other domestic, EU/EEA or international tax authorities
  • UK Financial Services Compensation Scheme (FSCS) and other deposit guarantee schemes
  • Local, EU/EEA or international law enforcement or fraud prevention agencies (where applicable).

Services
Third-party companies we work with to provide our services and products to you and to run our business.

  • Agents, business partners, suppliers, sub-contractors and advisers
  • Agents who help us to collect what is owed to us (for example, debt collection agencies)
  • Credit reference agencies (such as Transunion, Equifax and Experian)
  • Someone linked with you or your business’s product or service.
  • Other financial services companies (for example, without limitation), to help prevent, detect and prosecute unlawful acts, money laundering or  fraudulent behaviour)
  • Accountants (if you have one and have provided your consent to us sharing your information with them)
  • Companies you ask us to share your data with
  • If you have a product with benefits such as discount offers, we will share your data with the benefit providers.

General business
Third-party companies we use to help grow and improve our business.

  • Companies we have a joint venture or agreement to co-operate with
  • Organisations that introduce you to us
  • Market researchers
  • Advisers who help us to come up with new ways of doing business.
  • Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices)

Sharing anonymised data

In addition to the data sharing listed above, we may share or sell some data to other companies outside Tide Group, but only when it is converted so that no-one’s identity can be known or found out and is no longer considered to be personal information under the law (it is anonymised).

Third-party links

Occasionally, at our reasonable discretion, we may include or offer products or services to you from our business partners (third parties). Business partner websites have separate and independent privacy policies that apply and we (and any other Tide Group company; or any of our Tide company directors, officers, agents, contractors, sub-contractors or workers) have no responsibility or liability (however so caused) for the content, activities and services relating to those linked websites. (You can contact those third part business partners for more information on how they may use your information).

How long we keep your personal information

We will keep your personal information as long as you are a customer of Tide.

We may keep your personal information for up to 10 years after you stop being a customer. The reasons we may do this are:

  • To respond to a question or complaint, or to show whether we gave you fair treatment
  • To study customer data as part of our own research
  • To comply with legal rules that apply to us about keeping records. For example, the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to retain certain data for a minimum of 5 and a maximum of 10 years.

We may also keep your data for longer than 10 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.

Transfer of your information out of the EEA

The personal data that we hold will be stored in the UK or the European Economic Area (EEA), but may also be transferred to, and stored at, a destination outside the UK or EEA, with and by third parties, to help us provide our products or run our services. If we do transfer your personal information outside the UK or  EEA, we will make sure that it is protected to the same extent as in the UK and EEA. We’ll use one of these legal safeguards:

  • Transfer it to a non-UK or non-EEA country with privacy laws that give the same protection as those under the UK or the EEA.
  • Put in place a contract with the recipient that means they must protect it to the same standards as the UK and EEA.
  • Transfer it to organisations that are part of Privacy Shield (see the ICO’s website for more information about the Privacy Shield – https://ico.org.uk/).

Cookies and other tracking technologies

We may use cookies to distinguish you from other users of our products or services. This helps us to provide you with a good experience, and also allows us to improve our products or services. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device when you visit our website. Cookies send information back to the originating website on each subsequent visit, or to another website which recognises that cookie. Cookies also make it easier for you to log in and use our website.

We may use the following cookies:

  • Strictly necessary cookies required for the operation of our products or services (including, for example, cookies that enable you to log into secure accounts and use interactive features);
  • Analytical/performance cookies that allow us to recognise and count the number of visitors and users and see how they use the products or services (e.g. (without limitation) to help us improve the way our products or services work or are provided, by ensuring that users are finding what they are looking for easily);
  • Functionality cookies to help us recognise you when you return to our website  (this enables us to e.g. (without limitation) personalise our content for you, greet you by name and remember your preferences, such as choice of language or region).
  • Targeting cookies to record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our products and services and the information displayed on it, which we reasonably think is more relevant to your interests. We may also share this information with third parties for this purpose.

You can block or disable cookies by activating the setting on your website browser that allows you to refuse the setting of all or some cookies. All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the ‘settings’, ‘preferences’ or ‘options’ menu of the browser you are using, but you could also look for a ‘help’ function or contact the browser provider. However, if you set your browser settings to block or disable all cookies (including essential cookies) you may not be able to access all or parts of our Platform for which we require the use of cookies. 

Your rights

Under the GDPR, you are entitled to the following rights:

  • question any information about you that you think is incorrect and have us take reasonable steps to correct it for you.
  • to be told about how we process your information.
  • require the erasure of personal information concerning you in certain situations
  • access personal information and copies (free of charge, where reasonable for us to do so at the time) concerning you  collected by us in the course of our relationship with you
  • object at any time to processing of personal information concerning you for e.g. (without limitation) direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or which similarly may significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise, restrict our processing of your personal information in certain circumstances
  • The right to move, copy or transfer your personal data (where reasonable and proportionate for us to do so).

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the GDPR .

If you would like to exercise any of those rights, please contact us at:

hello@tide.co

Tide Platform Ltd

2nd Floor White Bear Yard

144a Clerkenwell Road

EC1R 5DF

London

United Kingdom

How to contact us and how to complain

We hope that our Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your information. You can write to our DPO at hello@tide.co or Tide Platform Ltd, 2nd Floor White Bear Yard, 144a Clerkenwell Road, EC1R 5DF, London, United Kingdom.

You also have the right to complain to the regulator. The supervisory authority in the UK is the ICO. You can find out how to report a concern on their websitehttps://ico.org.uk/.

How to withdraw your consent

You can withdraw your consent to our processing of your information at any time. Please contact us if you want to do so.

This will only affect the way we use information when our reason for processing your information is that you  have provided your consent to that use. See the section ‘Your Rights’ about more generally your right to restricting use of your information.

If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.

Credit Reference Agencies

We carry out credit and identity checks when you apply for a product or services for your business. We may use domestic or international credit reference agencies (CRAs) to help us with this.

If you use our products or services, from time to time, we may also search or use information that the CRAs have, to help us manage those accounts and to comply with our legal and other obligations. We will also share your personal information with CRAs and they will give us information about you for the same reasons stated in this Privacy Policy. This information may include (without limitation) information about settled accounts or any debts not fully repaid on time.

  • We will continue to share your personal information with CRAs for as long as you are a customer.

CRAs may share your information with other organisations.

The identities of the CRAs, and the ways in which they use and share personal information are explained in more detail at:  

ClearBank

ClearBank Limited (“ClearBank”) provides the bank account under the Tide Platform Terms of Use and the Bank Account Terms. Generally speaking, ClearBank holds and processes your personal data for the same reasons and in the same ways that Tide does.

  • Who is ClearBank and why do they handle my data?
    • ClearBank is a Data Controller in relation to your bank account and all necessary activities relating to the operation of the bank account: allowing you to establish, access and operate your bank account. The processing of your personal data is necessary for the performance of your contract for the operation of the bank account and is necessary for compliance with legal and regulatory obligations applicable to ClearBank. ClearBank does not use your personal data for marketing purposes and will not share your personal data with third parties for marketing purposes.
  • What personal data does ClearBank process?

Type of personal information

Description

Personal Details

Your name, including any alias or nickname, and date of birth

Contact Details

The contact addresses you provide including phone numbers, email addresses and online identifiers.

Transactional and Account Data

Details about payments to and from your account

Documentary Data

Details about you that are contained within documents you provide to us and which we store, or copies of them. This could include (without limitation) a passport, driver’s licence, birth certificate, marriage certificate, death certificate or other documents required to fulfil customer due diligence requirements imposed on ClearBank by law or regulation.

  • Sending personal data outside of the UK or EEA
    • ClearBank will only send your personal data outside the UK or EEA if:
      • you have instructed ClearBank to do that; or
      • there is a legal or regulatory duty imposed upon ClearBank to make such a transfer.

In such cases, ClearBank will ensure that the parties who process that particular personal data do so in accordance with the GDPR and the DPA.

  • Does ClearBank send my personal data to any third parties?
    • ClearBank has certain legal arrangements in place with third parties to facilitate aspects of its operations and to ensure the best customer service experience for you. All ClearBank third parties are required to comply with the GDPR and contract with ClearBank to protect any of your personal data processed by them. Third parties of ClearBank might process your personal data for a range of legal or regulatory reasons including (without limitation) as part of an identity verification process, money laundering prevention or conformance with sanctions.
  • How long does ClearBank hold my personal data?
    • ClearBank only holds your personal data in accordance with its established policies and usually no longer than 7 years from the date on which your account is closed. The retention period may be longer for legal, regulatory or technical reasons, but all personal data will be destroyed as soon as practicable in all other cases.
  • Contacting ClearBank

The Data Protection Officer

ClearBank

Level 4, 133 Houndsditch

London

EC3A 7AH

Prepay Technologies Limited

PrePrepay Technologies Limited trading as Prepay Solutions (PPS) provides the prepaid Mastercard under the Tide Platform Terms of Use and the Tide Card Terms and Conditions.

  • Who is PPS and why do they handle my data?
    • PPS is a Data Controller in relation to your card and all necessary activities relating to the operation of the card: allowing you to receive, activate and use your Card. The processing of your personal data is necessary for the performance of your contract for the issue and operation of cards and is necessary for compliance with legal and regulatory obligations applicable to PPS. PPS does not use your personal data for marketing purposes and will not share your personal data with third parties for marketing purposes.
  • What personal data does PPS process?

Type of personal information

Description

Personal Details

Full name and date of birth

Contact Details

Where you live and how to contact you including phone numbers and e-mail addresses

Transactional and Card Data

Details about your Card, use of your Card and payments to and from your accounts

Documentary Data

Details about you that are stored in documents in various formats, or copies of them. This could include things like (without limitation) your passport, driver’s licence or birth certificate collected to fulfil customer due to diligence requirements.

Personal information will only be collected directly and voluntarily from you as part of the application process or as a result of transactions relating to your Card(s). Some personal information may be verified by PPS with the use of publicly accessible sources to fulfil customer due diligence.

  • Sending personal data outside of the UK or EEA
    • PPS will only send your personal data outside of the UK or EEA if:
      • you have instructed PPS to do that; or
      • there is a legal or regulatory duty imposed upon PPS to make such a transfer. In such cases, PPS will ensure that the parties who process that particular personal data do so in accordance with the GDPR.
    • In relation to personal data processed by Mastercard certain processors are located outside of the UK and the EEA . Personal information processed by Mastercard is subject to Mastercard Binding Corporate Rules (BCRs) which you have enforcement rights under as a third-party beneficiary (for more information on the use of BCRs, you can visit the ICO’s website).
  • Does PPS send my personal data to any third parties?
    • PPS is committed to ensuring that your information is secure with us and with third parties who act on our behalf. These third parties include MasterCard, card manufacturers, suppliers of identity validation services, IVR and call recording (telephone) suppliers and to Tide. PPS uses certain tools to make sure that your information remains confidential and accurate and is only processed in accordance with applicable laws.
  • How long does PPS hold my personal data?
    • PPS only holds your personal data in accordance with its established policies and usually no longer than 7 years after the termination of your contract. The retention period may be longer for legal or regulatory reasons, but all personal data will be destroyed as soon as practicable in all other cases.
  • Contacting PPS

PPS DPO

PO Box 3883

Swindon

SN3 9EA.

Further information

We will employ adequate technical and organisational security measures to protect your

personal information.

We will use reasonable effort to ensure that your personal data is accurate, complete and up-to-up-date. Please ensure you notify us without undue delay of any changes to the personal data that you have provided to us by updating your details on the Platform or by contacting us at the details provided in this Privacy Policy.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to ensure that it remains accurate. Please check

back from to time to time for updates.

This Privacy Policy was last updated on 6 December 2019.