Social Money Group Privacy Notice
Social Money Group
This privacy notice cover all entities of the Social Money Ltd and includes the trading names under which we operate (SOMO.CO.UK, Payl8r, Upfront by Payl8r and Dopple,)
So, within this notice, any reference to “us”, “our” or “we” or Social Money relates to the above companies.
This Privacy Notice seeks to explain:
- Who we are
- How we collect, share and use your person information
- How you can exercise your privacy rights.
Personal information is any information that can be used to identify you as a unique individual.
Social Money is the data controller and means we decide how and why your personal information is handled.
Personal information we collect from you:
We collect your personal information when you:
- Apply for our products or services in a retailer’s store, online or on the phone
- Update your information online or over the phone (such as when you change your address)
- Speak to us on the phone
- Visit our website, use our online web chat services and any digital or mobile app we may offer now or in the future
- Send us letters, emails or other documents.
The types of personal information we collect from you are:
- Identity details which includes your full name, title, date of birth, age, unique personal identifier and account number
- Contact details which includes your home address, email address and phone number
- Financial data which includes your bank account number, credit/debit card number, earnings, income, expenditure, spending habits, transaction history, tax reference number and source of funds
- Profile data about you which includes your sex, occupation, employment status, citizenship status, residential status, property details, occupancy status and insurance information
- Identification data which includes your driving licence, passport, National Insurance number and other national identifiers
- How you interact with us which includes call recordings or any other form of communication.
- Technical data which includes internet protocol (IP) address, location data, operating system, time zone etc.
It is important that the personal information we hold about you is accurate and up to date.
Please keep us informed of any changes to your personal information, such as change of contact details etc.
Personal information we collect from others:
Sometimes we work with carefully selected third parties and we may receive your personal information from them.
The third parties include:
- Advertisers
- Referrers
- Public sources (such as the electoral register)
- Credit Reference Agencies (CRAs) are used to perform credit, identity and fraud prevention checks against public (electoral register) and shared credit information
We may obtain personal information relating to you from other individuals as part of the application process for one of our products or services. This can include individuals who are:
- A joint applicant on an account you hold or are applying for
- A nominated representative
- Acting under a Power of Attorney or similar authority
If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us.
When you provide personal information about another individual, we’ll assume that you have told them that you are sharing their details and where they can find more information on how we process their personal information.
We may also collect information from public sources as part of our investigations and due diligence checks.
How we use your personal information:
|
Purpose/Activity |
Types of personal information |
Legal basis for processing your information |
|
Processing your application for a product or service with us |
• Identity data • Contact data • Financial data • Profile data • Family data • Identification documents |
Necessary for the performance of a contract |
|
Managing and administering your account with us |
Identity data • Contact data • Financial data • Profile data • Family data • Identification documents |
Necessary for the performance of a contract |
|
Sending you communication to service your account, products or services |
Identity data • Contact data • Financial data |
Our legitimate interest |
|
To manage queries and complaints raised by you |
• Identity data • Contact data • Financial data • Profile data |
Our legitimate interest |
|
Testing our systems and processes |
• Identity data • Contact data • Financial data • Profile data |
Our legitimate interest |
|
Sharing relevant marketing about products and services |
• Identity data • Contact data • Profile data |
Consent provided by the individual |
|
Meeting our legal and regulatory obligations |
• Identity data • Contact data • Financial data • Profile data • Family data |
Legal obligations |
|
Auditing and assuring our processes, products and services |
Identity data • Contact data • Financial data • Profile data • Family data • Identification documents |
Our legitimate interest |
|
Conducting market research and surveys to understand your experience and interactions with Social Money Ltd |
Identity data • Contact data |
Our legitimate interest |
|
Preventing and investigating fraud |
• Identity data • Contact data • Financial data • Profile data • Family data • Identification documents |
Our legitimate interest Legal obligation |
|
To develop and improve our processes, systems and policies |
Identity data • Contact data • Financial data • Profile data • Family data • Identification documents |
Our legitimate interest |
|
Legal activities and advice |
• Identity data • Contact data • Financial data • Profile data • Family data • Identification documents |
Our legitimate interest |
|
Supporting you through the arrears and debt collection processes |
Identity data • Contact data • Financial data • Profile data |
Our legitimate interest |
|
Purpose/Activity |
Special category of personal data collected |
Legal basis |
Additional legal basis |
|
Preventing and investigating fraud |
Criminal data |
Legal Obligation |
Substantial public interest (preventing fraud) |
|
Managing Anti-money Laundering requirements where applicable |
Criminal data |
Legal Obligation |
Substantial public interest (suspicion of terrorist financing or money laundering) |
|
Managing Anti-money Laundering requirements |
Health data |
Consent |
Explicit consent |
We’ll only ask for Special Category Personal Data when we absolutely need to and use it in limited circumstances.
Sharing your personal information:
When necessary, we share your personal information with:
- Service providers
- Tax, government, and any relevant regulatory authorities
- Prosecuting authorities and courts, and/or other relevant third parties connected with legal proceedings or claims
- Fraud prevention and/or law enforcement agencies
- Industry databases (such as CIFAS. You can learn more about how your personal information is used for CIFAS’ National Fraud Database at www.cifas.org.uk/fpn)
- Third parties where you have asked us to share your information
- Third parties where it’s necessary to enter into or Necessary for the performance of a contract
- Third parties where we are required to do so by law
- Credit reference agencies are used to perform credit, identity and fraud prevention checks against public (electoral register) and shared credit information.
All companies we work with are assessed for adequacy of their security controls, so we aim to ensure that your personal data is safe.
Transfer of your personal information outside the United Kingdom:
Your personal information may be transferred or stored outside of the UK.
We will only transfer your data when:
- We’re required or permitted to by law or regulatory requirements
- We’re sharing data with a third party to support us in the management of your account.
When transferring data, we make sure that suitable protection is always maintained by ensuring appropriate safeguards are in place. This could be by:
- Ensuring that we transfer personal data to countries that the Information Commissioner (ICO) has
deemed to provide an adequate level of protection
- Putting suitable clauses in our contracts so that organisations take appropriate steps to give personal data the same protection it has in the UK
If you would like more information on this, please feel free to contact us by using the details provided in this notice.
Keeping your personal information:
We keep personal information for as long as it is required by us:
- For the purposes described in ‘How We Use Personal Information’ section above
- To meet our legal or regulatory obligations
- For the exercise and/or defence of any legal claims.
When determining retention periods, we consider the following:
- The maximum or minimum retention periods identified by the law or regulatory guidance
- Our contractual rights and obligations
- Customer expectations, the nature of your relationship with us, your membership status and the types of accounts, products and services you have with us
- Current or future operational requirements
- Forensic requirements, for example, the potential need to access data no longer actively used in order to manage or respond to complaints and disputes
- The risks involved in retention, deletion and removal
- The cost of maintaining, storing, archiving and retrieving data
- The capability or restraints of our systems and technology.
If you would like more information on this, please feel free to contact us by using the details provided in this notice.
Profiling:
There may be some circumstances where we use your personal information for profiling (processing of personal information to evaluate certain things about you).
For example, to ensure that we’re providing a consistent service and giving people the best products and advice at the right times.
We’ll always make sure the way we process your information is safe and not unfair to you.
Where possible, we’ll keep your details anonymous and use your information only to produce statistical reports. This way, you will not be identifiable from the data.
You have the right to object to us using your personal information for profiling activities.
Please refer to the Subject rights section for more information.
Automated decision making:
There may be circumstances where we use automated decision making using your personal information.
We use automated decision making to check that we can enter into an agreement with you, and also carry out our legal and regulatory obligations (e.g. when complying with UK money laundering regulations).
You have certain rights over your personal information when using automated decision making.
Your data subject rights and how to exercise them:
You have rights relating to the personal information we hold about you, however, they may be subject to various exceptions and limitations.
You can request to exercise your rights at any time by contacting us using the details in this privacy notice.
Right to be informed: We are obliged to provide clear and transparent information about our processing activities of your personal information.
Right to request access to your personal information (commonly known as a “data subject access request”): You have the right to understand what personal information we hold about you and why.
Right to request correction of the personal information: If you believe that we hold inaccurate or incomplete personal information, you have the right to request us to rectify or correct your personal information.
Right to request erasure of your personal information: You may ask us to delete or remove personal information where there is no good reason for us to continue to process it. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons.
Right to request restriction of processing of your personal information: You may ask us to stop processing your personal information. We will still hold the data but will not process it any further.
You may exercise the right to restrict processing when one of the following conditions applies:
- The accuracy of the personal information is contested
- Processing of the personal information is unlawful
- We no longer need the personal information for processing but the personal information is required for part of a legal process
- The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
Right to data portability: You may request your personal information be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means, and if the processing is based on the fulfilment of a contractual obligation.
Right to withdraw consent: You may withdraw consent at any time if we are relying on your consent to process your personal information. This won’t affect any processing already carried out before you withdraw your consent or processing under other grounds.
Right to object: You have the right to object to our processing of your personal information where:
- Processing is based on legitimate interest • Processing is for the purpose of direct marketing.
We may need specific information from you to help us confirm your identity before we can review your request.
The simplest and quickest way to request this information is by asking one of our advisors, who will then raise the request with the Data Protection Officer
Data protection questions and complaints:
If you have any questions or are unhappy about this document, how we use your information or any of your rights, contact our Data Protection Officer.
By email: [email protected]
If you’re not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the
UK Information Commissioner’s Office. See www.ico.org.uk for details