1. Introduction to Talu Card Limited’s Privacy Policy

Welcome to TaluCard! Your privacy and trust are paramount to us and to our subsidiaries and affiliate partners, collectively referred to hereinafter as 'TaluCard'. This Privacy Policy is crafted to help you understand how TaluCard collects, uses, protects, and shares your personal information across all our operations, and to inform you about your privacy rights. As a service provider operating under various entities and partnerships, we understand the importance of a unified approach to privacy and data protection. This policy reflects our commitment to safeguard your personal information across all branches of TaluCard Cards Limited, ensuring consistency and reliability in how we handle your data, no matter which part of our group subsidiaries you interact with.

1.1 What is a Privacy Policy?

This Privacy Policy is a statement or a legal document that explains how our organisation collects, handles, stores, and protects your personal data. It serves as a pledge of our commitment to safeguard your privacy and ensure that your personal information is handled responsibly.

1.2 Why is a Privacy Policy Necessary?

Respecting user privacy is not just a matter of ethics; it’s a legal requirement. A Privacy Policy is essential for several reasons:

1.3 UK Legislation Governing Privacy Policies

In the UK, the key pieces of legislation that require the use of Privacy Policies are:

We are committed to upholding these legal standards, ensuring the highest level of data protection and privacy for our customers.

1.4 Point of Contact for GDPR and Data Protection Inquiries

At TaluCard, we take your privacy and the protection of your personal data seriously. To ensure transparency and address any concerns or queries you may have regarding data protection and your rights under GDPR, we have designated a specific point of contact.

Data Protection Officer:

Dr. Ian Vickers is appointed as the person responsible for overseeing GDPR compliance and data protection strategies within TaluCard. He is committed to ensuring that your personal data is protected and processed in accordance with the relevant data protection laws.

Contacting Dr. Ian Vickers:

Should you have any questions, requests, or concerns regarding how we handle your personal data, or your rights under the GDPR, Dr. Ian Vickers can be reached through the following means:

Via TaluCard's Websites: You can also reach out to Dr. Vickers through the contact forms available on any of TaluCard's websites. Simply mention your GDPR or data protection query, and your message will be directed to him.

2. How We Use Your Personal Information

Your personal information is handled with utmost care and responsibility by TaluCard. This section of our Privacy Policy is dedicated to explaining our commitment to safeguarding your personal information. It encompasses the details you share with us, the insights we gain while you are a customer, and the preferences you set regarding our marketing communications.

2.1 Our Promise to You:

2.2 Your Privacy Rights:

2.3 Legal Protection and Compliance:

This privacy notice is reflective of our commitment to upholding your privacy rights and safeguarding your personal data in accordance with the law.

2.4 Our Privacy Promise

At TaluCard, we are deeply committed to the privacy and security of your personal information. Our promise to you encompasses the following key principles:

In addition to these promises, we are continuously monitoring and updating our practices to align with evolving data protection laws and standards. Our goal is to not only comply with legal requirements but to exceed them in safeguarding your privacy.

3. Personal Information and the Law

3.1 Who We Are

Talu Cards Limited is the legal entity that holds and processes your personal information, committed to managing it responsibly and lawfully.

3.2 Contacting Us About Data Privacy

If you have questions or need more information about how we use your personal information, there are several convenient ways to get in touch with us:

3.3 How the Law Protects You

In addition to our Privacy Promise, your privacy is safeguarded by law. The legal framework under which we operate ensures your data is handled in a compliant and secure manner.

4. Legal Basis for Using Your Personal Information

In addition to our commitment outlined in the Privacy Promise, your privacy is also protected by data protection laws. This part of our Privacy Policy explains how we abide by these laws in using your personal information.

4.1 Grounds for Processing Personal Information:

Data Protection Law stipulates that we can only process your personal information if we have a valid reason for doing so. These reasons can include:

4.2 Special Categories of Personal Data:

Certain types of sensitive information are classified as ‘special categories of personal data’ under data protection laws. This includes data concerning your health, race, religious beliefs, sexual orientation, and other similar information. We adhere to the following principles in handling such data:

4.3 How We Use Your Information and Our Legitimate Interests:

Below is a detailed list of how we may use your personal information and the specific reasons we rely on for each type of use. For instances where we rely on our legitimate interests, we provide a clear explanation of those interests, ensuring transparency and safeguarding your rights.

4.4 Detailed Use of Personal Information and Legal Basis

To ensure full transparency, we provide below a comprehensive table that details all the ways in which we may use your personal information. This table also outlines the legal reasons we rely on for each type of data usage and explains our legitimate interests where applicable. The table is structured to offer you clear insights into our data processing activities, helping you understand:

4.5 Serving you as a customer

What we use your personal information for

Our reasons

Our legitimate interests

4.6 Business improvement

What we use your personal information for

Our reasons

Our legitimate interests

4.7 Managing our operations

What we use your personal information for

Our reasons

Our legitimate interests

4.8 Managing security, risk and crime prevention

What we use your personal information for

Our reasons

Our legitimate interests

4.9 Business management

What we use your personal information for

Our reasons

Our legitimate interests

4.10 For processing special categories of personal information

What we use your personal information for

Our legitimate interests

5. Groups of Personal Information

In adherence to data protection laws, we recognise the importance of understanding the various types of personal information we handle. Our approach categorises this information into different groups, ensuring that each type is processed appropriately based on its nature and sensitivity.

5.1 Understanding the Categories:

Below, you will find a comprehensive listing of the groups of personal information we may collect and process. This categorisation is designed to give you a clear view of the potential scope of information we have about you. This could range from data obtained through your interactions with our services to insights derived from your purchasing habits in different shops.

5.2 Diverse Uses of Personal Information:

It is important to note that not all personal information is used in the same manner:

5.3 Upcoming Detailed Table:

Following this section, we have included a detailed table that breaks down these categories further. The table will provide you with specific examples of the types of personal information in each group, helping you understand how and why we use each category of data.

Type of personal information Description
Financial Your financial position, status and history
Contact Your name, where you live and how to contact you
Socio-Demographic This includes details about your work or profession, nationality, education and where you fit into general social or income groupings
Transactional Details about payments to and from your accounts with us, and insurance claims you make
Contractual Details about the products or services we provide to you
Locational Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It can also include shops where you buy something with your card
Behavioural Details about how you use products and services from us and other organisations
Technical Details on the devices and technology you use
Communications What we learn about you from letters and emails you write to us and conversations between us
Social Relationships Your family, friends and other relationships
Open Data and Public Records Details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet
Usage Data Other data about how you use our products and services
Documentary Data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers’ licence or birth certificate
Gender Identity Information relating to the gender that you identify as
Special types of data The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:
  • Racial or ethnic origin
  • Religious, political or philosophical beliefs
  • Trade union membership
  • Genetic and bio-metric data
  • Health data
  • Information that could identify aspects of your sex life
  • Sexual orientation
  • Criminal records of convictions and offences
  • Allegations of criminal offences.
  • You can read how we may use special types of data in the table 'How the law protects you'.
Consents Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you, whether you get paper statements, or prefer large-print formats
National Identifier A number or code given to you by a government to identify who you are, such as a National Insurance number or social security number, or Tax Identification Number (TIN)

6. Where we collect personal information from

In this section, we detail the diverse sources from which we collect personal information about you or your business. This information may come from other companies within the Talu Card Group Limited, as well as from a variety of external sources.

6.1 Directly from You:

Much of the personal information we process is provided directly by you. This may occur in several situations, including but not limited to:

6.2 From People Associated with You or Your Business:

We also collect information from individuals associated with you or your business. This could include:

It's important to note that we handle all personal information, regardless of its source, with the same level of confidentiality and security. Our aim is to ensure that your data is protected and processed in accordance with applicable data protection laws and our internal policies.

6.3 Data We Collect When You Use Our Services

This section outlines the kinds of personal data we collect and process when you access and use our services. It encompasses two main categories: transactional details and profile and usage data.

6.4 Data from Outside Organisations

In the course of our operations, we may receive personal information about you from various external organisations. The following list provides an overview of these external sources:

This list is not exhaustive but covers the primary sources from which we might receive data about you. We ensure that all data received from these external sources is handled with the same level of security and privacy as the data we collect directly from you. We also ensure that our use of this data is in line with the legal bases outlined in our Privacy Policy.

7. How Long We Keep Your Personal Information

Understanding the duration for which we retain your personal information and the reasons for it is crucial. Our data retention policies are designed to ensure that we keep your information for no longer than necessary.

7.1 While You Are a Customer:

7.2 After You Cease Being a Customer:

Post the end of your relationship with us, we may retain your personal data for up to 10 years. The reasons for this extended retention period include:

7.3 Exceptions to the 10-Year Limit:

In specific instances, we may retain your data for periods longer than 10 years if we are legally unable to delete it due to regulatory, legal, or technical constraints. In all cases, we assure you that your personal information will be used solely for the stated purposes, and we are committed to protecting your privacy throughout this period.

8. If You Choose Not to Give Personal Information

In this section, we explain the potential consequences of your decision not to provide personal information to us. While you have the right to withhold information, it is important to understand the impact this may have on our ability to provide services to you.

8.1 Mandatory Information for Legal and Contractual Reasons:

8.2 Potential Consequences:

8.3 Optional Information:

9. Cookies and Similar Tracking Technologies

In this section, we detail how we use cookies and other tracking technologies on our websites and apps, as well as in the emails we send to you. Understanding these technologies is important for you to know how your data is being collected and used.

9.1 Cookies:

9.2 Email Tracking:

9.3 Further Information:

The Control You Have

Empowering You to Manage Your Personal Information

In this key part of our Privacy Policy, we focus on the control you have over your personal information. It is important for us to not only inform you about how we use your data but also to empower you with the ability to manage, review, and update your data as needed. This section outlines the various tools and processes we have in place to help you exercise your data rights and preferences.

10. How to Complain

Your Feedback and Concerns Regarding Data Privacy

We take your concerns about privacy and data protection seriously. If you are unhappy with how we have used your personal information, we encourage you to let us know so that we can address your concerns.

10.1 Contacting Us:

10.2 Your Right to Complain to the Regulator:

Besides contacting us, you have the right to make a complaint directly to the relevant data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

We are dedicated to ensuring that all your data privacy concerns are addressed respectfully and efficiently.

11. How to Withdraw Your Consent

Your Right to Change Your Mind

We understand that your preferences and decisions regarding your personal information may change over time. This section explains the process for withdrawing consent that you have previously given us.

11.1 Withdrawing Your Consent:

11.2 Implications of Withdrawing Consent:

Your control over your personal information is a priority for us, and we are committed to facilitating your rights in a transparent and accessible manner.

12. Letting Us Know if Your Personal Information Is Incorrect

Your Right to Accurate Information

Maintaining the accuracy of your personal information is a key priority for us. If you believe that any information we hold about you is incorrect, incomplete, or outdated, you have every right to have it corrected.

12.1 How to Notify Us:

To raise concerns about the accuracy of your personal information, you can easily contact us through the following methods:

12.2 Our Commitment to You:

To raise concerns about the accuracy of your personal information, you can easily contact us through the following methods:

Your confidence in the accuracy of the information we hold is fundamental to our relationship, and we are dedicated to upholding your right to correct any inaccuracies in your personal data.

13. How to Get a Copy of Your Personal Information

Accessing Your Data

We acknowledge and support your right to access the personal information we hold about you. Whether you need a copy for personal use or to share with others, we have made the process straightforward and accessible.

13.1 Requesting Your Information:

You can request a copy of all the personal information we have about you. To do so, you can either:

13.2 Digital File for Ease of Use:

13.3 Response Time:

Your right to access your personal information is a key aspect of data transparency and control. We are committed to facilitating this right in a user-friendly and efficient manner.

13.4 Data Portability: Sharing Your Data with Outside Companies

Your Right to Use and Transfer Your Personal Information

In addition to accessing your personal data, you have the right to use your data for your own purposes and share it with other organisations as you see fit.

13.5 Getting Your Data in a Digital Format:

We can provide you with your personal information in a digital file format. This format is designed to be easily reusable, allowing you to keep, use, or transfer your data as needed.

13.6 Passing Your Data to Other Organisations:

If you wish, we can also directly transfer your personal data to other organisations on your behalf.

To initiate this process, you can reach us through:

13.7 Maintaining Your Data Integrity:

14. Your Rights

Understanding and Exercising Your Data Privacy Rights

This section explains your rights regarding your personal data and how you can exercise them. We are committed to not only respecting these rights but also to assisting you in exercising them.

14.1 Right to Object:

14.2 Right to Erasure (‘Right to be Forgotten’):

14.3 Exceptions to Data Deletion:

14.4 Right to Restrict Processing:

In certain situations, you have the right to ‘restrict’ or limit the ways in which we can use your personal information. These situations include:

14.5 Contacting Us to Exercise Your Rights:

14.6 Legislation and Regulatory Compliance:

In addition to outlining your personal data rights, it is important to acknowledge the legal and regulatory framework that underpins these rights. TaluCard operates in compliance with several key regulations and legal requirements, especially concerning our consumer credit license and payment services. This includes, but is not limited to:

Understanding these regulations helps contextualise your rights and our obligations. Our commitment to these legal and regulatory frameworks ensures that we not only protect your personal data but also uphold your rights as a consumer in our credit and payment services.

15. How Personal Information is Used

Who We Share Your Personal Information With

At TaluCard, we may share your personal information with a range of outside organisations to provide you with our products and services, for business operations, and to comply with legal obligations. Below is a detailed list of the types of organisations we may share your information with:

In all instances of data sharing, our priority is to ensure your personal information is protected and used in accordance with this Privacy Policy.

16. Your Rights

Personalised Marketing and Your Choices

Understanding how we use your personal information to tailor and present marketing to you is important. This section explains our approach to determining the marketing content that may interest you and how you can control what you receive.

16.1 Marketing Decisions Based on Your Information:

16.2 Consent and Legitimate Interest:

16.3 Your Marketing Preferences:

16.4 Receiving Essential Information:

16.5 Protection of Your Personal Information:

16.6 Updating Your Preferences:

17. How We Use Your Information to Make Automated Decisions

Understanding Automated Decision-Making and Your Rights

This section explains how we use automated systems to make decisions based on your personal information. These decisions can significantly impact the products, services, or features we offer you, including their pricing.

17.1 Automated Decision-Making Processes:

17.2 Your Rights Regarding Automated Decisions:

18. Credit Reference Agencies (CRAs)

How We Use CRAs for Credit and Identity Checks

This section explains our collaboration with Credit Reference Agencies (CRAs) to conduct credit and identity checks, essential for decisions about lending through products like credit cards or loans.

18.1 Credit and Identity Checks:

18.2 Data Exchange with CRAs:

We share your personal information with CRAs, and they provide us with information about you.

The shared data includes:

18.3 Use of CRA Data:

18.4 Linked Records:

18.5 Further Information from CRAs:

More detailed information about CRAs can be found in the Credit Reference Agency Information Notice on their websites. This includes:

19. Fraud Prevention Agencies (FPAs)

Collaboration in Fighting Financial Crime

This section describes how we collaborate with external organisations, including Fraud Prevention Agencies (FPAs), to combat financial crimes like fraud, money laundering, and terrorist financing.

19.1 Identity Confirmation and Fraud Checks:

19.2 Organisations We Share Data With:

19.3 Reasons for Using Your Information:

19.4 Law Enforcement Access:

19.5 Types of Information Used:

The personal information used includes but is not limited to:

19.6 Automated Decisions in Fraud Prevention:

We and other organisations may use automated systems to detect fraud. These systems analyse patterns in data to identify activities typical of fraudsters or unusual for you or your business.

19.7 Impact of Fraud Decisions:

19.8 International Data Transfers:

FPAs may transfer data outside the UK and EEA. In such cases, contracts ensure that the data is protected to EEA standards, including adherence to international data sharing frameworks.

19.9 FPA Information Notice:

For more details on how FPAs operate, please visit the CIFAS information notice page: CIFAS - Fraud Prevention Agency Information Notice

20. Sending Data Outside the UK and EEA

Safeguards for International Data Transfers

This section details the measures we take to protect your personal information when it is transferred outside the UK and the European Economic Area (EEA).

20.1 Circumstances for Data Transfer:

20.2 Safeguards for Protection:

We ensure that your data is protected to the same standards as within the UK and EEA. This is achieved through:

20.3 Restriction on Marketing Data Transfer:

TaluCard’s Policy: It is important to note that TaluCard does not transfer personal data outside of the UK for marketing purposes. This policy is in place to ensure greater control and protection of your personal data.

21. Data Security Measures

Protecting Your Personal Information

At TaluCard, we understand the importance of securing your personal data against unauthorised access, alteration, and loss. We implement a range of technical and organisational measures to ensure the highest level of data protection.

21.1 Our Security Practices:

21.2 Commitment to Data Security:

Our commitment to data security is ongoing. We continually monitor and update our security practices in response to new threats and advancements in technology. Protecting your personal information is a responsibility we take very seriously, and we are dedicated to maintaining the confidentiality, integrity, and availability of your data.

22. Third-Party Links

Disclaimer for External Links

Our website and services may include links to third-party websites, applications, and platforms that are not operated or controlled by TaluCard. This section addresses our position and disclaimers regarding these external links.

22.1 Understanding Third-Party Links:

22.2 Our Recommendations:

22.3 Disclaimer:

22.4 User Responsibility:

Your use of any third-party sites and their available services is at your own risk. We encourage users to be aware when they leave our site and to read the privacy statements of other sites that collect personally identifiable information.

23. User Rights in Detail

Your Rights Under Data Protection Laws

Our commitment to your privacy includes ensuring you are fully aware of your rights under data protection laws, such as the GDPR and the UK Data Protection Act. Below is a detailed overview of these rights and how you can exercise them.

23.1 How to Exercise Your Rights:

23.2 Further Assistance:

If you have any questions or need assistance regarding your rights, our Data Protection Officer can be contacted at connect@talucard.com

24. Policy Updates and Changes

Keeping You Informed About Changes

At TaluCard, we periodically review and update our Privacy Policy to ensure it remains up to date with legal requirements, reflects changes in our data practices, or incorporates feedback from our users and stakeholders.

24.1 Notification of Changes:

24.2 Reviewing Changes:

24.3 Your Acceptance of Changes:

Continued Use: Your continued use of our services after the effective date of these changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you have the option to discontinue using our services.

24.4 Questions and Concerns:

Should you have any questions or concerns about any changes made to our Privacy Policy, please do not hesitate to contact us. We are committed to addressing your queries and providing clarity on how these changes might affect you.

© 2024 Blukite Finance Limited. All rights reserved