1. Introduction to Talu Card Limited’s Privacy Policy

Welcome to TaluCard! Your privacy and trust are paramount to us and to our subsidiaries and affiliate partners, collectively referred to hereinafter as 'TaluCard'. This Privacy Policy is crafted to help you understand how TaluCard collects, uses, protects, and shares your personal information across all our operations, and to inform you about your privacy rights. As a service provider operating under various entities and partnerships, we understand the importance of a unified approach to privacy and data protection. This policy reflects our commitment to safeguard your personal information across all branches of TaluCard Cards Limited, ensuring consistency and reliability in how we handle your data, no matter which part of our group subsidiaries you interact with.

1.1 What is a Privacy Policy?

This Privacy Policy is a statement or a legal document that explains how our organisation collects, handles, stores, and protects your personal data. It serves as a pledge of our commitment to safeguard your privacy and ensure that your personal information is handled responsibly.

1.2 Why is a Privacy Policy Necessary?

Respecting user privacy is not just a matter of ethics; it’s a legal requirement. A Privacy Policy is essential for several reasons:

Legal Compliance: It ensures that we comply with the law. In the United Kingdom, data protection and privacy are governed by the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. These laws mandate organisations to transparently disclose how personal data is collected, used, and managed.
Transparency: It builds trust with you, our users, by being transparent about how we use your personal data.
User Empowerment: It empowers you to make informed choices about the use of your data, providing clarity on your rights, including the right to access, rectify, and erase your personal data.

1.3 UK Legislation Governing Privacy Policies

In the UK, the key pieces of legislation that require the use of Privacy Policies are:

General Data Protection Regulation (GDPR): As a regulation in EU law on data protection and privacy, GDPR impacts UK businesses as it sets guidelines for the collection and processing of personal information from individuals who live in the European Union.
UK Data Protection Act 2018: This Act controls how personal information is used by organisations, businesses, or the government. It is the UK’s implementation of the GDPR.

We are committed to upholding these legal standards, ensuring the highest level of data protection and privacy for our customers.

1.4 Point of Contact for GDPR and Data Protection Inquiries

At TaluCard, we take your privacy and the protection of your personal data seriously. To ensure transparency and address any concerns or queries you may have regarding data protection and your rights under GDPR, we have designated a specific point of contact.

Data Protection Officer:

Dr. Ian Vickers is appointed as the person responsible for overseeing GDPR compliance and data protection strategies within TaluCard. He is committed to ensuring that your personal data is protected and processed in accordance with the relevant data protection laws.

Contacting Dr. Ian Vickers:

Should you have any questions, requests, or concerns regarding how we handle your personal data, or your rights under the GDPR, Dr. Ian Vickers can be reached through the following means:

Email: You can contact Dr. Vickers directly at connect@talucard.com. This email address is monitored regularly to ensure timely responses to your data protection inquiries.
Via TaluCard's Websites: You can also reach out to Dr. Vickers through the contact forms available on any of TaluCard's websites. Simply mention your GDPR or data protection query, and your message will be directed to him.

Via TaluCard's Websites: You can also reach out to Dr. Vickers through the contact forms available on any of TaluCard's websites. Simply mention your GDPR or data protection query, and your message will be directed to him.

2. How We Use Your Personal Information

Your personal information is handled with utmost care and responsibility by TaluCard. This section of our Privacy Policy is dedicated to explaining our commitment to safeguarding your personal information. It encompasses the details you share with us, the insights we gain while you are a customer, and the preferences you set regarding our marketing communications.

2.1 Our Promise to You:

Transparency and Control: We pledge to be transparent about the data we collect and how we use it, ensuring that you have control over your personal information.
Learning from Our Interactions: The information we gather through our interactions with you, as a customer, helps us tailor our services and improve your experience.
Marketing Preferences: We respect your choices regarding the marketing communications you wish to receive. You will have the option to opt-in or opt-out of our marketing messages, in accordance with your preferences.

2.2 Your Privacy Rights:

Access and Rectification: You have the right to access the personal information we hold about you and to request corrections if any details are inaccurate.
Data Portability and Erasure: You can request the transfer of your data in a structured, commonly used format, and under certain conditions, you may also request the deletion of your personal information.
Objection and Restriction: You have the right to object to certain types of processing of your personal data and to request restrictions on how we use your information.

2.3 Legal Protection and Compliance:

Adherence to Laws: Our practices are designed to comply with applicable data protection laws, including the GDPR and the UK Data Protection Act 2018. These laws provide a framework that ensures your data is processed lawfully, fairly, and transparently.
Security Measures: We implement robust security measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

This privacy notice is reflective of our commitment to upholding your privacy rights and safeguarding your personal data in accordance with the law.

2.4 Our Privacy Promise

At TaluCard, we are deeply committed to the privacy and security of your personal information. Our promise to you encompasses the following key principles:

Safeguarding Your Information: We pledge to keep your personal information safe and private. We employ advanced security measures to protect your data against unauthorised access, disclosure, alteration, or loss.
Respect for Your Personal Data: We assure you that we will not sell your personal information to third parties. Our respect for your privacy is integral to our ethics and operations.
Control Over Marketing Communications: You have complete autonomy to manage and review your marketing preferences at any time. We provide easy and accessible ways for you to adjust these choices, ensuring that you receive marketing communications only as per your consent.

In addition to these promises, we are continuously monitoring and updating our practices to align with evolving data protection laws and standards. Our goal is to not only comply with legal requirements but to exceed them in safeguarding your privacy.

3. Personal Information and the Law

3.1 Who We Are

Talu Cards Limited is the legal entity that holds and processes your personal information, committed to managing it responsibly and lawfully.

3.2 Contacting Us About Data Privacy

If you have questions or need more information about how we use your personal information, there are several convenient ways to get in touch with us:

In-App Chat: For immediate assistance, you can use our in-app chat feature. This is a quick and easy way to get responses to your data privacy questions.
Website Contact Form: Visit our website and use the contact form for your queries. This method is suitable for detailed questions or feedback.
Direct Contact with Data Protection Officer: If your query is specific to data protection or if you are not satisfied with the initial response, you can directly message our Group Data Protection Officer as detailed in Section 1.4 of this document.

3.3 How the Law Protects You

In addition to our Privacy Promise, your privacy is safeguarded by law. The legal framework under which we operate ensures your data is handled in a compliant and secure manner.

Legal Basis for Processing: Our processing of your personal data is always based on legal grounds, complying with GDPR and the UK Data Protection Act 2018. This includes processing necessary for fulfilling contracts, complying with our legal obligations, protecting vital interests, or processing based on your explicit consent.

4. Legal Basis for Using Your Personal Information

In addition to our commitment outlined in the Privacy Promise, your privacy is also protected by data protection laws. This part of our Privacy Policy explains how we abide by these laws in using your personal information.

4.1 Grounds for Processing Personal Information:

Data Protection Law stipulates that we can only process your personal information if we have a valid reason for doing so. These reasons can include:

Contractual Necessity: When processing is necessary to fulfil a contract we have with you.
Legal Obligation: When we are required to process your data to comply with a legal duty.
Legitimate Interests: When we use your information for our legitimate business interests. We will clearly inform you about such interests and ensure that processing for these reasons does not unfairly impact your own interests and rights.
Consent: When you have given explicit consent to the processing of your personal data for a specific purpose.
Public Interest: When processing is necessary for reasons of substantial public interest.

4.2 Special Categories of Personal Data:

Certain types of sensitive information are classified as ‘special categories of personal data’ under data protection laws. This includes data concerning your health, race, religious beliefs, sexual orientation, and other similar information. We adhere to the following principles in handling such data:

We will not collect or use these categories of data without your explicit consent, unless legally permitted or required.
If we do process such data, it will only be under circumstances where it is necessary for substantial public interest, or for establishing, exercising, or defending legal claims.

4.3 How We Use Your Information and Our Legitimate Interests:

Below is a detailed list of how we may use your personal information and the specific reasons we rely on for each type of use. For instances where we rely on our legitimate interests, we provide a clear explanation of those interests, ensuring transparency and safeguarding your rights.

4.4 Detailed Use of Personal Information and Legal Basis

To ensure full transparency, we provide below a comprehensive table that details all the ways in which we may use your personal information. This table also outlines the legal reasons we rely on for each type of data usage and explains our legitimate interests where applicable. The table is structured to offer you clear insights into our data processing activities, helping you understand:

The Specific Type of Data Usage: What we do with your personal information in various contexts.
Legal Basis for Use: The legal grounds under which we process your data, such as contractual necessity, legal obligation, legitimate interests, consent, or public interest.
Our Legitimate Interests: Where we rely on legitimate interests as the basis for processing, we explain what these interests are, ensuring that your rights and interests are considered and protected.

4.5 Serving you as a customer

What we use your personal information for

To manage our relationship with you or your business
To develop and carry out marketing activities
To study how our customers use products and services from us and other organisations
To communicate with you about our products and services
To develop and manage our brands, products and services

Our reasons

Your consent
Fulfilling contracts
Our legitimate interests
Our legal duty

Our legitimate interests

Keeping our records up to date, working out which of our products and services may interest you and telling you about them
Developing products and services, and what we charge for them
Defining types of customers for new products or services
Seeking your consent when we need it to contact you
Being efficient about how we fulfil our legal and contractual duties
Managing competitions and promotions

4.6 Business improvement

What we use your personal information for

To test new products
To manage how we work with other companies that provide services to us and our customers
To develop new ways to meet our customers' needs and to grow our business

Our reasons

Fulfilling contracts
Our legitimate interests
Our legal duty

Our legitimate interests

Developing products and services, and what we charge for them
Defining types of customers for new products or services
Being efficient about how we fulfil our legal and contractual duties

4.7 Managing our operations

What we use your personal information for

To deliver of our products and services
To make and manage customer payments
To manage fees, charges and interest due on customer accounts
To collect and recover money that is owed to us
To manage and provide treasury and investment products and services

Our reasons

Fulfilling contracts
Our legitimate interests
Our legal duty

Our legitimate interests

Being efficient about how we fulfil our legal and contractual duties
Complying with rules and guidance from regulators

4.8 Managing security, risk and crime prevention

What we use your personal information for

To detect, investigate, report, and seek to prevent financial crime
To manage risk for us and our customers
To obey laws and regulations that apply to us
To respond to complaints and seek to resolve them

Our reasons

Fulfilling contracts
Our legitimate interests
Our legal duty

Our legitimate interests

Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect
Complying with rules and guidance from regulators
Being efficient about how we fulfil our legal and contractual duties

4.9 Business management

What we use your personal information for

To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit
To exercise our rights set out in agreements or contracts

Our reasons

Our legitimate interests
Our legal duty
Our legal duty
Fulfilling contracts

Our legitimate interests

Complying with rules and guidance from regulators
Being efficient about how we fulfil our legal and contractual duties

4.10 For processing special categories of personal information

What we use your personal information for

Substantial public interest
Responding to regulatory requirements
Legal claims
Consent

Our legitimate interests

Using criminal records data to help prevent, detect, and prosecute unlawful acts and fraudulent behaviour
Using criminal and health information as needed to provide insurance products
Showing whether we have assessed your situation in the right way
Passing information to the regulator as needed to allow investigation into whether we have acted in the right way
Using any special categories of data as needed to establish, exercise or defend legal claims
Telling you that we need your consent to process special categories of personal information, when that is what we rely on for doing so

5. Groups of Personal Information

In adherence to data protection laws, we recognise the importance of understanding the various types of personal information we handle. Our approach categorises this information into different groups, ensuring that each type is processed appropriately based on its nature and sensitivity.

5.1 Understanding the Categories:

Below, you will find a comprehensive listing of the groups of personal information we may collect and process. This categorisation is designed to give you a clear view of the potential scope of information we have about you. This could range from data obtained through your interactions with our services to insights derived from your purchasing habits in different shops.

5.2 Diverse Uses of Personal Information:

It is important to note that not all personal information is used in the same manner:

For Marketing and Service Provision: Some data is instrumental for marketing purposes or for providing you with our services more effectively.
Sensitive and Private Data: Other types of information are more sensitive and private. We accord these categories the highest level of confidentiality and protection, handling them with the utmost care and in accordance with strict data protection standards.

5.3 Upcoming Detailed Table:

Following this section, we have included a detailed table that breaks down these categories further. The table will provide you with specific examples of the types of personal information in each group, helping you understand how and why we use each category of data.

Type of personal information	Description
Financial	Your financial position, status and history
Contact	Your name, where you live and how to contact you
Socio-Demographic	This includes details about your work or profession, nationality, education and where you fit into general social or income groupings
Transactional	Details about payments to and from your accounts with us, and insurance claims you make
Contractual	Details about the products or services we provide to you
Locational	Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It can also include shops where you buy something with your card
Behavioural	Details about how you use products and services from us and other organisations
Technical	Details on the devices and technology you use
Communications	What we learn about you from letters and emails you write to us and conversations between us
Social Relationships	Your family, friends and other relationships
Open Data and Public Records	Details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet
Usage Data	Other data about how you use our products and services
Documentary Data	Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers’ licence or birth certificate
Gender Identity	Information relating to the gender that you identify as
Special types of data	The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so: Racial or ethnic origin Religious, political or philosophical beliefs Trade union membership Genetic and bio-metric data Health data Information that could identify aspects of your sex life Sexual orientation Criminal records of convictions and offences Allegations of criminal offences. You can read how we may use special types of data in the table 'How the law protects you'.
Consents	Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you, whether you get paper statements, or prefer large-print formats
National Identifier	A number or code given to you by a government to identify who you are, such as a National Insurance number or social security number, or Tax Identification Number (TIN)

6. Where we collect personal information from

In this section, we detail the diverse sources from which we collect personal information about you or your business. This information may come from other companies within the Talu Card Group Limited, as well as from a variety of external sources.

6.1 Directly from You:

Much of the personal information we process is provided directly by you. This may occur in several situations, including but not limited to:

Product and Service Applications: When you apply for our products or services.
Communications: This includes information you provide when you talk to us on the phone (note that these calls may be recorded for quality and training purposes), in person, through our websites, mobile apps, or web chat.
Written Correspondence: The information contained in emails, letters, or other forms of written communication.
Financial Reviews and Interviews: Personal data collected during any financial assessments or interviews.
Customer Surveys: Information you provide when participating in customer surveys.

6.2 From People Associated with You or Your Business:

We also collect information from individuals associated with you or your business. This could include:

Joint account holders, trustees, or fellow company directors.
Representatives or agents acting on your behalf.

It's important to note that we handle all personal information, regardless of its source, with the same level of confidentiality and security. Our aim is to ensure that your data is protected and processed in accordance with applicable data protection laws and our internal policies.

6.3 Data We Collect When You Use Our Services

This section outlines the kinds of personal data we collect and process when you access and use our services. It encompasses two main categories: transactional details and profile and usage data.

Payment and Transaction Data:

When you use our services for financial transactions, we collect data that includes, but is not limited to:

Transaction Details: The amount, frequency, type, and location of your transactions, as well as the origin and recipients involved.
Credit Information: If you borrow money, this will also encompass details of repayments, including whether they are made timely and in full.

Profile and Usage Data:

This category involves information related to how you interact with our services:

Security Information: The security credentials you create and utilise to access our services, such as passwords or biometric data.
Service Settings and Marketing Preferences: Your chosen settings within our services and your preferences regarding marketing communications.
Device Data: We collect data from the devices you use to access our internet, mobile, and telephone banking services. This includes, but is not limited to, hardware models, operating system versions, unique device identifiers, and network information.
Cookies and Tracking Technologies: Our use of cookies and similar technologies helps us understand how you interact with our websites and mobile apps. These tools gather data about your usage patterns, including how you respond to emails we send you. For more detailed information on how we use these technologies, please refer to our Cookies Policy.

Please note that all the data we collect is used in accordance with our Privacy Promise and is aimed at enhancing the quality, security, and personalisation of the services we offer you.

6.4 Data from Outside Organisations

In the course of our operations, we may receive personal information about you from various external organisations. The following list provides an overview of these external sources:

Introduction and Referral Sources:

Companies that introduce you to us, such as price comparison websites, brokers, stores, car dealerships offering finance through us.

Financial Service Providers:

Financial advisors.
Credit card providers such as Visa and Mastercard.
Credit reference agencies, including TransUnion, Equifax, and Experian.
Other financial services companies for payment fulfilment or fraud prevention.

Insurance and Retail Partners:

Insurers.
Retailers.
Loyalty scheme operators.

Online and Technology Platforms:

Comparison websites.
Social networks and tech providers (e.g., interactions with our ads on platforms like Facebook or Google).

Fraud Prevention and Legal Entities:

Fraud prevention agencies.
Government and law enforcement agencies.

Employment and Real Estate Related:

Employers (e.g., for references in mortgage applications).
Payroll service providers.
Land agents (e.g., for property valuations).

Public Records and Information Sources:

Public information sources such as the Electoral Register or Companies House.

Business and Consulting Services:

Agents, suppliers, sub-contractors, and advisers.
We collaborate with various firms that assist us in managing accounts and providing services to you. This collaboration extends to specialist companies who offer consultancy and advice on business development and improvement. The data collected from these entities plays a crucial role in enhancing our service offerings and operational efficiency. By understanding how these firms contribute to our operations, we can ensure that the data we receive is relevant and used effectively to benefit our customers.
Market research firms.
Market research firms play a vital role in helping us understand your needs and experiences. These firms might contact you directly on our behalf to gather your opinions and feedback. They often combine the insights you provide with data from other sources to conduct comprehensive analyses. The findings from these studies are used to generate reports and offer advice that is instrumental in understanding our customers' perspectives. This information is crucial for us to continuously improve our business practices and enhance the services we offer to you.
Firms providing data services.

Medical Professionals:

Medical professionals (for insurance products, subject to your consent).

This list is not exhaustive but covers the primary sources from which we might receive data about you. We ensure that all data received from these external sources is handled with the same level of security and privacy as the data we collect directly from you. We also ensure that our use of this data is in line with the legal bases outlined in our Privacy Policy.

7. How Long We Keep Your Personal Information

Understanding the duration for which we retain your personal information and the reasons for it is crucial. Our data retention policies are designed to ensure that we keep your information for no longer than necessary.

7.1 While You Are a Customer:

We retain your personal information for the entire duration of your relationship with us as a customer.

7.2 After You Cease Being a Customer:

Post the end of your relationship with us, we may retain your personal data for up to 10 years. The reasons for this extended retention period include:

To Address Inquiries or Complaints: To respond to any questions or complaints and to demonstrate whether we treated you fairly.
For Internal Research: To conduct studies and analyses as part of our internal research to improve our services.
Compliance with Legal and Regulatory Obligations: To adhere to legal and regulatory requirements that dictate record-keeping. For example, the Money Laundering Regulations mandate retaining certain data for a minimum of 5 and a maximum of 10 years.

7.3 Exceptions to the 10-Year Limit:

In specific instances, we may retain your data for periods longer than 10 years if we are legally unable to delete it due to regulatory, legal, or technical constraints. In all cases, we assure you that your personal information will be used solely for the stated purposes, and we are committed to protecting your privacy throughout this period.

8. If You Choose Not to Give Personal Information

In this section, we explain the potential consequences of your decision not to provide personal information to us. While you have the right to withhold information, it is important to understand the impact this may have on our ability to provide services to you.

8.1 Mandatory Information for Legal and Contractual Reasons:

Certain personal information may be required by law or for the purposes of entering into or fulfilling a contract with you. This could include data needed to comply with legal obligations or to provide the products and services you request from us
If you choose not to provide this mandatory information, it may lead to delays or prevent us from fulfilling our contractual obligations. In some cases, it could also hinder our ability to comply with legal requirements.

8.2 Potential Consequences:

Non-provision of necessary data may result in our inability to manage or provide certain accounts or services to you. This might lead to the cancellation of a product or service you have with us.

8.3 Optional Information:

At times, we may request information that is useful for enhancing our services but is not required by law or a contract. Whenever this is the case, we will clearly indicate that the provision of such information is optional.
Choosing not to provide this optional information will not impact the existing products or services you have with us. It is entirely at your discretion to decide whether to share these additional details.

9. Cookies and Similar Tracking Technologies

In this section, we detail how we use cookies and other tracking technologies on our websites and apps, as well as in the emails we send to you. Understanding these technologies is important for you to know how your data is being collected and used.

9.1 Cookies:

What Are Cookies?: Cookies are small text files stored on your computer or mobile device when you visit a website. They are sent back to the originating website on subsequent visits or to another website that recognises that cookie.
Purpose of Cookies: Cookies are used to store information about your visits and preferences each time you visit our website. They help in enhancing your user experience by remembering your preferences and settings.
Types of Information Stored: While some cookies may store personal information, many only gather data related to your website usage or preferences. This data, whether or not it includes personal details, is protected under this Privacy Policy.

9.2 Email Tracking:

Purpose of Email Tracking: We employ tracking within our emails to improve the effectiveness of our communications. This includes the use of tiny graphics known as pixels.
What We Track: These pixels can tell us if and when you opened an email, how many times it was viewed, and the device used to view it. We may also use cookies to track whether you clicked on any links within the email.

9.3 Further Information:

For more comprehensive details on how we use cookies and email tracking, including how to manage your preferences or opt-out, please refer to our Cookie Policy.

The Control You Have

Empowering You to Manage Your Personal Information

In this key part of our Privacy Policy, we focus on the control you have over your personal information. It is important for us to not only inform you about how we use your data but also to empower you with the ability to manage, review, and update your data as needed. This section outlines the various tools and processes we have in place to help you exercise your data rights and preferences.

10. How to Complain

Your Feedback and Concerns Regarding Data Privacy

We take your concerns about privacy and data protection seriously. If you are unhappy with how we have used your personal information, we encourage you to let us know so that we can address your concerns.

10.1 Contacting Us:

You can reach out to us via our secure online contact form. We are committed to resolving any issues concerning your personal data promptly and fairly.

10.2 Your Right to Complain to the Regulator:

Besides contacting us, you have the right to make a complaint directly to the relevant data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

Information Commissioner’s Office (ICO): The ICO is responsible for enforcing data protection laws and handling complaints about data privacy. You can find out how to report a concern to the ICO on their website.
Appealing Decisions: If you are not satisfied with the outcome of your complaint, either with us or the ICO, you have the right to lodge an appeal.

We are dedicated to ensuring that all your data privacy concerns are addressed respectfully and efficiently.

11. How to Withdraw Your Consent

Your Right to Change Your Mind

We understand that your preferences and decisions regarding your personal information may change over time. This section explains the process for withdrawing consent that you have previously given us.

11.1 Withdrawing Your Consent:

If you wish to withdraw your consent at any time, please reach out to us directly. You can use our secure online contact form, or any other contact method provided in our Privacy Policy.
Withdrawing consent will affect only those data processing activities that are based on consent. For more comprehensive options regarding the restriction of your information use, please refer to the section titled 'Your Rights'.

11.2 Implications of Withdrawing Consent:

It is important to note that withdrawing your consent may impact our ability to provide you with certain products or services. If such a situation arises, we will inform you accordingly.
We ensure that any withdrawal of consent is processed promptly and that it ceases any further processing of your data for the purposes for which consent was originally given.

Your control over your personal information is a priority for us, and we are committed to facilitating your rights in a transparent and accessible manner.

12. Letting Us Know if Your Personal Information Is Incorrect

Your Right to Accurate Information

Maintaining the accuracy of your personal information is a key priority for us. If you believe that any information we hold about you is incorrect, incomplete, or outdated, you have every right to have it corrected.

12.1 How to Notify Us:

To raise concerns about the accuracy of your personal information, you can easily contact us through the following methods:

Online Contact Form: The most direct way to notify us is via the contact form available on our website.
In-App Chat: You can also use our in-app chatbot for a swift response and assistance in updating your information.

12.2 Our Commitment to You:

To raise concerns about the accuracy of your personal information, you can easily contact us through the following methods:

Upon receiving your query, we will take reasonable steps to verify and, if necessary, correct the information in question.
We are committed to responding to your concerns promptly and ensuring that your personal information is accurate and up to date.

Your confidence in the accuracy of the information we hold is fundamental to our relationship, and we are dedicated to upholding your right to correct any inaccuracies in your personal data.

13. How to Get a Copy of Your Personal Information

Accessing Your Data

We acknowledge and support your right to access the personal information we hold about you. Whether you need a copy for personal use or to share with others, we have made the process straightforward and accessible.

13.1 Requesting Your Information:

You can request a copy of all the personal information we have about you. To do so, you can either:

Write to Us: Send a written request to the following address:
- Talu Cards Limited Unit 36-37 Tondu Enterprise Centre, Bryn Road, Aberkenfig, Bridgend, Wales, CF32 9BS
Online Request: Alternatively, you can make this request online through our website or via our in-app features.

13.2 Digital File for Ease of Use:

Upon request, we can provide your personal data in a digital format. This makes it easy for you to use, store, or share the information as needed.

13.3 Response Time:

We strive to respond to your requests promptly and efficiently, in line with data protection laws.

Your right to access your personal information is a key aspect of data transparency and control. We are committed to facilitating this right in a user-friendly and efficient manner.

13.4 Data Portability: Sharing Your Data with Outside Companies

Your Right to Use and Transfer Your Personal Information

In addition to accessing your personal data, you have the right to use your data for your own purposes and share it with other organisations as you see fit.

13.5 Getting Your Data in a Digital Format:

We can provide you with your personal information in a digital file format. This format is designed to be easily reusable, allowing you to keep, use, or transfer your data as needed.

Electronic Transfer: On your request, we can furnish your data in an electronic format that facilitates easy use and transfer.

13.6 Passing Your Data to Other Organisations:

If you wish, we can also directly transfer your personal data to other organisations on your behalf.

To initiate this process, you can reach us through:

Online Contact: The most efficient way to make this request is via our online contact form or through our in-app chat service.

13.7 Maintaining Your Data Integrity:

We ensure that all data transfers are conducted securely and in a manner that protects the integrity of your personal information.
Our commitment is to make the process of data portability as seamless and user-friendly as possible, respecting your rights to control and distribute your personal data.

14. Your Rights

Understanding and Exercising Your Data Privacy Rights

This section explains your rights regarding your personal data and how you can exercise them. We are committed to not only respecting these rights but also to assisting you in exercising them.

14.1 Right to Object:

You have the right to object to our processing of your personal information. If you feel that your data should not be used in a certain way, you can raise an objection.

14.2 Right to Erasure (‘Right to be Forgotten’):

You can request the deletion or removal of your personal data when there is no compelling reason for its continued processing. This right is known as the ‘right to erasure’ or the ‘right to be forgotten’.

14.3 Exceptions to Data Deletion:

There may be circumstances under legal or regulatory obligations where we need to retain or use your data. However, we encourage you to inform us if you believe we should not be using your data.

14.4 Right to Restrict Processing:

In certain situations, you have the right to ‘restrict’ or limit the ways in which we can use your personal information. These situations include:

If you contest the accuracy of the data.
If the data has been used unlawfully but you do not want it deleted.
If the data is no longer needed but you wish to keep it for use in legal claims.
If you have objected to our use of your data but are awaiting verification of our grounds for processing.
While your data is restricted, we will not use or share it in other ways.

14.5 Contacting Us to Exercise Your Rights:

If you wish to exercise any of these rights, you can contact us through our secure online contact form or via our in-app chat service.
We are here to help you understand and exercise your rights effectively, ensuring your data is handled in accordance with your wishes.

14.6 Legislation and Regulatory Compliance:

In addition to outlining your personal data rights, it is important to acknowledge the legal and regulatory framework that underpins these rights. TaluCard operates in compliance with several key regulations and legal requirements, especially concerning our consumer credit license and payment services. This includes, but is not limited to:

Financial Conduct Authority (FCA) Regulations: We adhere to FCA guidelines, which govern fair and responsible lending and financial services practices.
Payment Services Regulations: Our payment services are in line with the regulatory standards set out in the Payment Services Regulations, ensuring secure and efficient processing of payment transactions.
Consumer Credit Legislation: We operate our consumer credit services under strict compliance with relevant consumer credit legislation, which provides a framework for consumer rights and protections in credit agreements.
Data Protection Legislation: This includes the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, which provide the foundation for your rights to access, rectify, erase, or restrict the processing of your personal data.

Understanding these regulations helps contextualise your rights and our obligations. Our commitment to these legal and regulatory frameworks ensures that we not only protect your personal data but also uphold your rights as a consumer in our credit and payment services.

15. How Personal Information is Used

Who We Share Your Personal Information With

At TaluCard, we may share your personal information with a range of outside organisations to provide you with our products and services, for business operations, and to comply with legal obligations. Below is a detailed list of the types of organisations we may share your information with:

Within Talu Cards: We share your personal information with our affiliate, Blukite Finance Limited, exclusively for the management and operation of your payment account. This ensures that we provide you with efficient and secure financial services.
Authorities: This includes central and local government, HM Revenue & Customs, regulators, tax authorities, the UK Financial Services Compensation Scheme, deposit guarantee schemes, law enforcement, and fraud prevention agencies.
Banking and Financial Services: Entities that are part of providing banking and financial services, including credit reference agencies (like TransUnion, Equifax, and Experian), and other financial services companies for payments or fraud prevention.
Service Providers and Business Partners:
- Agents, suppliers, sub-contractors, and advisers that help run accounts, policies, and services.
- Credit and collection agents.
- Independent Financial Advisors, with your consent.
- Price comparison websites and similar companies.
- Employers, for verification purposes (e.g., mortgage references).
- Open Banking partners, as directed by you.
Additional Services and Schemes:
- Card transaction processors such as Visa and Mastercard.
- Direct Debit scheme operators.
- Loyalty scheme operators.
- Insurance and benefit providers.
- Other lenders for joint loans or mortgages.
General Business Operations:
- Joint venture partners and other business collaborators.
- Market research firms for customer insights.
- Advisers and consultants for business development.
- Advertisers and technology providers for marketing purposes.
Mergers, Acquisitions, and Business Transfers:
- Potential buyers or partners in business sales, mergers, or acquisitions. We ensure data protection terms are agreed upon in these situations.
Anonymised Data Sharing:
- We may share aggregated, anonymised data with outside companies for research and analysis. This data is grouped to prevent identification of individuals.

In all instances of data sharing, our priority is to ensure your personal information is protected and used in accordance with this Privacy Policy.

16. Your Rights

Personalised Marketing and Your Choices

Understanding how we use your personal information to tailor and present marketing to you is important. This section explains our approach to determining the marketing content that may interest you and how you can control what you receive.

16.1 Marketing Decisions Based on Your Information:

We use your personal information to make informed decisions about the products, services, and offers that may be of interest to you. This process involves analysing data from your interactions with our services, information you provide, and data from external sources.
This method of using personal information for marketing is often referred to as ‘profiling’.

16.2 Consent and Legitimate Interest:

We only send you marketing communications if we have your explicit consent or a ‘legitimate interest’. A legitimate interest means a business or commercial reason that justifies the use of your information, without unfairly impacting your own interests.

16.3 Your Marketing Preferences:

The marketing material you receive, be it online, in apps, via email, mobile phone, post, or through other digital channels, is dependent on your marketing preferences.
You have the right to alter these preferences at any time or to opt out of marketing communications entirely.
If you choose not to have your data collected via our websites or mobile apps, you may still see marketing from us, but it will not be specifically tailored to you. Our Cookies Policy details how this data is used.

16.4 Receiving Essential Information:

Regardless of your marketing preferences, you will continue to receive essential information, such as statements and updates about changes to your existing products and services.

16.5 Protection of Your Personal Information:

We do not sell your personal information to outside organisations.

16.6 Updating Your Preferences:

We may request you to confirm or update your marketing preferences in certain scenarios, such as when you acquire new products or services from us, or if there are changes in laws, regulations, or our business structure.
You can update your choices anytime by contacting us.

17. How We Use Your Information to Make Automated Decisions

Understanding Automated Decision-Making and Your Rights

This section explains how we use automated systems to make decisions based on your personal information. These decisions can significantly impact the products, services, or features we offer you, including their pricing.

17.1 Automated Decision-Making Processes:

Pricing: Automated systems help determine prices for some products and services. For example, online mortgage calculators use your financial details to estimate mortgage offers, and insurance applications may use data to assess claim likelihood.
Tailoring Products, Services, and Marketing: We categorise customers into segments to better understand and meet needs, influencing our product and service design. This includes using segments from external partners, like social networks, to identify potential new customers with similar interests.
Detecting Fraud: We use automated systems to identify unusual activities that may indicate fraud or money-laundering in personal or business accounts.
Opening Accounts: When opening an account, automated checks ensure the product or service is suitable and that you meet the necessary criteria, such as age, residency, nationality, or financial standing.

17.2 Your Rights Regarding Automated Decisions:

Right to Challenge: You have the right to object to decisions made by automated systems. You can request that a person reviews an automated decision to ensure fairness and accuracy.
Further Information: For more information about these processes or to exercise your rights, please contact us using the methods outlined in our Privacy Policy.

18. Credit Reference Agencies (CRAs)

How We Use CRAs for Credit and Identity Checks

This section explains our collaboration with Credit Reference Agencies (CRAs) to conduct credit and identity checks, essential for decisions about lending through products like credit cards or loans.

18.1 Credit and Identity Checks:

When you apply for a product or service, we perform checks on your creditworthiness and verify your identity. CRAs assist us in this process.
We also periodically review CRA information to manage your account effectively.

18.2 Data Exchange with CRAs:

We share your personal information with CRAs, and they provide us with information about you.

The shared data includes:

Name, address and date of birth.
Credit application details.
Information on shared credit.
Financial situation and history.
Fraud prevention information.
Public information from sources like the Electoral Register, Companies House, media, and social networks.

18.3 Use of CRA Data:

We use this data to assess creditworthiness and affordability, verify accuracy, detect and prevent financial crime, manage accounts, recover debts, and ensure offers are appropriate for you.
Your information is shared with CRAs as long as you remain a customer, including account balance and transaction details.

18.4 Linked Records:

If you apply for a product jointly with someone else or have a financial association (like a spouse, partner, or business associate), we link your records with theirs.
It is important to inform these individuals that their records will be linked and subject to credit searches.
CRAs also link your records, which remain linked unless you or the other individual request and provide proof to break the link.

18.5 Further Information from CRAs:

More detailed information about CRAs can be found in the Credit Reference Agency Information Notice on their websites. This includes:

CRA identity and role.
Their function as fraud prevention agencies.
The data they hold and its usage.
How they share personal information.
Data retention periods.
Your rights concerning data protection.

19. Fraud Prevention Agencies (FPAs)

Collaboration in Fighting Financial Crime

This section describes how we collaborate with external organisations, including Fraud Prevention Agencies (FPAs), to combat financial crimes like fraud, money laundering, and terrorist financing.

19.1 Identity Confirmation and Fraud Checks:

CWe conduct identity verification and fraud checks before providing products or services. This is crucial for ensuring the security and integrity of our transactions.
Once you are a customer, we continue to share information as necessary to combat fraud and other financial crimes.

19.2 Organisations We Share Data With:

We exchange data with Registered FPAs, other similar agencies, industry databases, and insurers for fraud prevention purposes.
The mutual exchange of data helps us and these organisations in preventing, detecting, investigating, and prosecuting financial crimes.

19.3 Reasons for Using Your Information:

The use of your personal information is based on legal obligations or ‘legitimate interests’. We will specify the legitimate interests when they are the basis for processing your data.
The purposes include confirming identities, preventing fraud and money laundering, and fulfilling contracts.

19.4 Law Enforcement Access:

In certain circumstances, we or an FPA may allow law enforcement agencies to access your personal information to aid in their crime prevention duties.
Different organisations may retain personal information for varied durations, up to a maximum of six years.

19.5 Types of Information Used:

The personal information used includes but is not limited to:

Name, date of birth, addresses (current and historical), contact details, financial data, fraud victim status, data related to products or services, employment and vehicle details, and online identifiers like IP addresses.

19.6 Automated Decisions in Fraud Prevention:

We and other organisations may use automated systems to detect fraud. These systems analyse patterns in data to identify activities typical of fraudsters or unusual for you or your business.

19.7 Impact of Fraud Decisions:

If fraud is suspected, actions may include freezing activity on accounts or blocking access.
FPAs may keep records of fraud risks, which could influence other organisations' decisions to offer you services or employment.

19.8 International Data Transfers:

FPAs may transfer data outside the UK and EEA. In such cases, contracts ensure that the data is protected to EEA standards, including adherence to international data sharing frameworks.

19.9 FPA Information Notice:

For more details on how FPAs operate, please visit the CIFAS information notice page: CIFAS - Fraud Prevention Agency Information Notice

20. Sending Data Outside the UK and EEA

Safeguards for International Data Transfers

This section details the measures we take to protect your personal information when it is transferred outside the UK and the European Economic Area (EEA).

20.1 Circumstances for Data Transfer:

Following Your Instructions: For instance, if you use a card to book a hotel abroad, we transfer necessary details to fulfil the payment.
Legal Compliance: We share information as required by law, such as reporting to foreign tax authorities.
Working with International Suppliers: To manage your accounts and services, we might need to transfer data to suppliers outside the UK and EEA.

20.2 Safeguards for Protection:

We ensure that your data is protected to the same standards as within the UK and EEA. This is achieved through:

Adequacy Decisions: Transferring data to countries deemed by the European Commission to have adequate data protection laws. More information is available on the European Commission Justice website.
Standard Contractual Clauses: Implementing contracts with recipients that obligate them to protect data to UK and EEA standards. Further details can be found on the European Commission Justice website.

20.3 Restriction on Marketing Data Transfer:

TaluCard’s Policy: It is important to note that TaluCard does not transfer personal data outside of the UK for marketing purposes. This policy is in place to ensure greater control and protection of your personal data.

21. Data Security Measures

Protecting Your Personal Information

At TaluCard, we understand the importance of securing your personal data against unauthorised access, alteration, and loss. We implement a range of technical and organisational measures to ensure the highest level of data protection.

21.1 Our Security Practices:

Encryption: We use advanced encryption technologies to protect data during transmission and while stored on our systems.
Access Control: Access to personal data is strictly controlled. Only authorised personnel have access to sensitive information, and only for designated purposes.
Regular Security Audits: We conduct regular audits and reviews of our security measures to ensure they are up to date and effective against emerging threats.
Secure Data Storage: Personal information is stored in secure facilities with restricted physical access. Online data is housed in servers with robust cybersecurity protections.
Data Processing Protocols: Our data processing protocols are designed to safeguard data integrity and prevent unauthorised access or leakage.
Employee Training: Staff receive regular training on data protection and security protocols, emphasising the importance of confidentiality and handling data responsibly.
Incident Response Plan: We have a comprehensive incident response plan to address any potential data breaches quickly and effectively, minimising any potential impact on your data.
Compliance with Standards: We adhere to internationally recognised standards and frameworks for data security, ensuring our practices meet global benchmarks.

21.2 Commitment to Data Security:

Our commitment to data security is ongoing. We continually monitor and update our security practices in response to new threats and advancements in technology. Protecting your personal information is a responsibility we take very seriously, and we are dedicated to maintaining the confidentiality, integrity, and availability of your data.

22. Third-Party Links

Disclaimer for External Links

Our website and services may include links to third-party websites, applications, and platforms that are not operated or controlled by TaluCard. This section addresses our position and disclaimers regarding these external links.

22.1 Understanding Third-Party Links:

When you follow a link to an external website, you are leaving our site and are subject to the privacy policy and security practices of that external website.
These third-party sites are not under our control, and we are not responsible for their content, privacy policies, or security practices.

22.2 Our Recommendations:

We recommend that you review the privacy policies of these third-party websites to understand how they collect, use, and share your personal information.
Be cautious when providing personal information on any external site, especially if the privacy practices are unclear or seem inadequate.

22.3 Disclaimer:

TaluCard does not endorse, guarantee, or make any representations regarding the accuracy, reliability, or any use of information on third-party websites.
The inclusion of a third-party link on our website or services does not imply an affiliation, sponsorship, endorsement, approval, investigation, verification, or monitoring by Be. of any information contained in the linked website.

22.4 User Responsibility:

Your use of any third-party sites and their available services is at your own risk. We encourage users to be aware when they leave our site and to read the privacy statements of other sites that collect personally identifiable information.

23. User Rights in Detail

Your Rights Under Data Protection Laws

Our commitment to your privacy includes ensuring you are fully aware of your rights under data protection laws, such as the GDPR and the UK Data Protection Act. Below is a detailed overview of these rights and how you can exercise them.

Right to Access: You have the right to request access to the personal information we hold about you. This includes the right to obtain confirmation of whether or not personal data concerning you is being processed.
Right to Rectification: If the information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.
Right to Erasure (‘Right to be Forgotten’): You can ask us to delete or remove your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected.
Right to Restrict Processing: Under certain conditions, you have the right to restrict the processing of your personal data. For instance, if you contest the accuracy of your data, you can request a restriction on processing until verification.
Right to Data Portability: This right allows you to obtain and reuse your personal data for your own purposes across different services. It applies to data you have provided, where the processing is based on consent or a contract and is carried out by automated means.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, direct marketing (including profiling), and processing for scientific or historical research and statistics.
Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

23.1 How to Exercise Your Rights:

To exercise any of these rights, please contact us at connect@talucard.com
We will respond to your request in accordance with applicable data protection laws and within the legally required time frames.

23.2 Further Assistance:

If you have any questions or need assistance regarding your rights, our Data Protection Officer can be contacted at connect@talucard.com

24. Policy Updates and Changes

Keeping You Informed About Changes

At TaluCard, we periodically review and update our Privacy Policy to ensure it remains up to date with legal requirements, reflects changes in our data practices, or incorporates feedback from our users and stakeholders.

24.1 Notification of Changes:

Proactive Communication: When we make changes to our Privacy Policy, we will proactively inform you. This may be done through email notifications, alerts on our website, in-app messages, or other communication channels we use to engage with you.
Publication on Website: The updated Privacy Policy will always be published on our website, allowing you to review the changes at your convenience.

24.2 Reviewing Changes:

Highlighting Key Changes: In our communications, we will highlight key changes to the policy, especially those that might significantly impact the way we handle your personal information.
Effective Date: The date when the updated policy comes into effect will be clearly stated. We encourage you to review the policy as of this date to understand the current terms.

24.3 Your Acceptance of Changes:

Continued Use: Your continued use of our services after the effective date of these changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you have the option to discontinue using our services.

24.4 Questions and Concerns:

Should you have any questions or concerns about any changes made to our Privacy Policy, please do not hesitate to contact us. We are committed to addressing your queries and providing clarity on how these changes might affect you.