Effective date: 15 July 2021
We are committed to protecting and respecting your privacy, and therefore we will keep your personal data safe and private.
Who we are
We are Appleton Computer Limited, trading as SERCLE and Omnio EMI Limited (who is the issuer of your e-money). We will be joint data controllers in relation to your data.
To sum up…
What data we collect about you
The types of personal data that we collect will depend on our relationship with you, the circumstances of collection and the type of service you request from us. How we may collect your data and the nature or type of data we collect can be seen below:
- We collect information you provide when you:
- register to use our web or mobile app;
- fill in any forms or applications to use our services;
- communicate with us;
- open an account or use any of our services;
- take part in our surveys or promotions;
- speak with a member of our customer support team (whether through the phone or through the web or mobile app);
- enter a competition; or
- contact us for other reasons.
- Information given by you to us:
- We will collect the following information:
- Your name, address, and date of birth;
- Your email address, phone number and details of the device you use (such as your phone, computer or tablet);
- Your password and other registration information, which can include your username;
- Details of your bank account, including the account number, sort code and IBAN;
- Details of your Vox Money cards (or other payment cards you have registered with us), including the card number, expiry date and CVC number;
- Identification documents (such as, your driving licence or your passport), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;
- Your image in photo or video form (where required due to our KYC obligations or if you upload a photo to your Vox Money account).
- Information you provide when you apply for any of our services, including details about your source of funds;
- Records of our discussions, if you contact us or we contact you (including emails and records of phone calls);
- If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this policy to their attention beforehand.
- Information from your device:
- Whenever you use our website or the web or mobile app, we may collect the following information:
- Information about your visit, including the links you have clicked on, through and from our site (including date and time). Also the services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information.
- Technical information, including the IP address used to connect your computer to the internet, your log-in information, your browser type, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
- Information on transactions (such as payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used.
- Information stored on your device, including if you give us access to contact information from your contacts list. Our web or mobile app will regularly collect this information in order to stay up to date (but only if you have given us permission).
- Information about your location:
- If you have location services in our web or mobile app switched on, we may track your location using GPS technology.
- Information from others:
- We must, in order to ensure compliance with applicable legal and regulatory requirements aimed at preventing financial crime, money laundering and terrorist financing, and for us to proceed with your application or otherwise allow you to continue to use our services, obtain, verify and record information that identifies you. For these purposes, we will be aided by third parties, including but not limited to, fraud and crime prevention agencies, official records and/or other means allowed by law. As such, we collect personal data from third parties, such as financial crime agencies, credit-reference agencies, financial or credit institutions, official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services. This can include your credit record, information to help us check your identity, information about your spouse and family (if applicable in the context of an application that you make) and information relating to your transactions.
- When we conduct fraud monitoring, prevention, detection, and financial compliance activities or provide such services to our users, we will receive personal data from you (and your device) and about you through our service and from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud. Our fraud monitoring, detection and prevention services may collect personal data about you and use technology to help us assess the risk associated with an attempted transaction by you.
- Information from social media
- Sometimes we may use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).
- Information from publicly available sources
- We collect information and contact details from publicly available sources, such as online registers or directories, media stories and websites for enhanced due diligence checks, security searches, and KYC (Know Your Customer) reasons.
To sum up…
We collect and store various kinds of personal data about you, mainly based on information you provide us with regarding yourself, from certain third parties, or the service you otherwise request from us.
Why we use your personal data
We collect and process personal data for the following purposes, and relying on the following legal bases (reasons in law):
- To provide our services to you in accordance with our agreement with you
We need certain personal data about you to provide our services. First off, if you apply for a product or service, we will need undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. These checks will decide whether or not to approve your application. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity, for these purposes. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
- To communicate with you and manage our relationship with you, where we have legitimate interests to do this, or where we have your consent
We may use your contact information to provide you with information about our products or services, as well as customer support services. In addition, when you call us, we may monitor or record your calls to confirm your instructions or for training, quality and regulatory purposes. We may also use your personal data to help us develop new products and services.
We may also use your personal data to provide a better experience or to add extra functions to our services, such as for social interactions. If you give us permission [on your device], we may use your phone’s contacts list in order to enable you to make effortless payments to your contacts using our services or to let you know when any of your contacts who are also our customers are in the same area as you (if they have location services switched on).
- For fraud and financial crime prevention, and complying with our other legal obligations
We use your personal data to check your identity in order to protect you and others against fraud, to abide by financial crime laws and to confirm that you are eligible to use our services. We also use it to help us better understand your financial circumstances and manage fraud and financial crime risks related to your account. In some cases, we will have a legal responsibility to collect and store personal data about you, e.g. under anti-money laundering law or in relation to our KYC obligations.
We must, in order to ensure compliance with applicable legal and regulatory requirements aimed at preventing financial crime, money laundering and terrorist financing, and for us to proceed with your application or otherwise allow you to continue to use our services, obtain, verify and record information that identifies you. For these purposes, we will be aided by third parties, including but not limited to, fraud and crime prevention agencies, official records and/or other means allowed by law. As such, we collect personal data from third parties, such as financial crime agencies, credit-reference agencies, financial or credit institutions, official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services. This can include your credit record, information to help us check your identity, information about your spouse and family (if applicable in the context of an application that you make) and information relating to your transactions.
We may also need to share personal data about you with other organisations (for example, fraud prevention agencies) or if it is necessary to meet our legal obligations or in connection with legal claims; or to help detect or prevent crime. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services have requested, or to employ you, or we may stop providing existing services to you.
- For marketing, where we have legitimate interests to advertise our products and services, or where we have your consent
We may want to send you marketing communications and provide you with information about other products and services we offer, which we think you might be interested in. As such, we may use your personal data to provide relevant advertising to you (for example, information on nearby merchants we think you will like). For this purpose, we may process your personal data in order to understand your interests. You can opt out of receiving personalized marketing communications by amending your privacy settings on our web or mobile app.
If you agree, we may also provide you with information about our partners’ promotions or offers which we think you might be interested in or allow our partners and other organisations to provide you with information about their products or services.
You can always ask us to stop sending you marketing information by adjusting your marketing choices by amending your privacy settings on our web or mobile app.
We may ask for your consent to use your personal data for marketing purposes, for example by asking you to tick a box, which could be done electronically (via our website or our app) or even on paper, or other similar means of receiving your consent.
- Other uses,
We may process your sensitive personal data (sometimes known as special category personal data) where there is a substantial public interest to do so, for example to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.
Finally, we may use your data for other purposes, such as to prepare anonymised statistical datasets about our customers’ spending patterns for forecasting purposes, which may be shared internally or externally with others, including third party companies. We produce these reports using information about you and other customers. You will not be identifiable from this information.
We may also process your data if we re-organise or transfer our business, if we ceases to trade or become insolvent. We may at some stage re-organise or transfer all or part of our business.
To sum up…
We use your personal data in various ways, where we have a legal basis to do so, mainly to provide or improve our services to you, to tell you about products or services you may be interested in, and to meet our legal obligations.
How we use your information for marketing
If you sign up to or otherwise use our services, and where allowed by law, we will assume you want us to contact you about our products, services, offers and promotion, either by post, email or text messages. We may try to find out which services and offers you might most be interested in, which may result us in using your personal data in order to tailor our offers to you.
If you don’t want to receive marketing offers from us, you can opt-out during the application process, or at any time afterwards. Just amend your privacy settings on our web or mobile app. You can also simply click on the unsubscribe links on the marketing messages we send you.
To sum up…
By signing up to use our services, we assume you want us to contact you with marketing offers. You can withdraw your consent at any time.
Automated decisions in relation to your personal data
Whether or not we make automated decisions based on your personal data will depend on the products or services you use and the content of your application. This means that we may use technology that can evaluate your personal data in order to predict risks or outcomes. We do this to ensure that our services are quick and efficient – and to make sure that any decision making is consistent and based on the right information.
An example of us using automated decisions in relation to you would be fraud detection or opening accounts. We will be monitoring your account to detect fraud and financial crime, and this monitoring will in part be automated. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.
If we make an automated decision based on your personal data, you have the right to ask that decision is manually reviewed by a person, as noted below in the section regarding your rights.
To sum up…
We may make partially automated decisions using your personal data, depending on which services or products you use. However, you can always ask us to manually review such a decision.
Do you share my personal data with anyone else?
Yes. We share your personal data with the issuer and our processors. We also may share some of your personal data, or obtain your personal data, to/from certain third parties as follows:
- Companies or people that you transfer your money to:
- If you make a payment from your account, we will need to provide the recipient of that payment with your details.
- Our suppliers, which can be classified as follows:
- Financial and banking services partners and payments networks, such as Visa and Mastercard
- We may share your data with them in order to assist us in providing our services to you. This may include our banking and lending partners, banking or payment intermediaries and other payment service providers.
- Suppliers who provide us with IT services, payment and delivery services
- We may share your data with them in order to assist us in providing and improving our services to you, in addition to help us in improving your customer experience.
- Card manufacturing, personalisation and delivery companies
- We may share your data with them in order to create your personalised card and to deliver it or other communications to you.
- Analytics providers and search information providers
- We may share your data with them to help us improve our website or app and to help us in improving your customer experience.
- Customer-service providers, such as our outsourced contact centre, and survey providers, developers or collection services.
- We may share your data with them in order to assist us in providing and improving our services to you, in addition to help us in improving your customer experience by getting your feedback on our services. In exceptional instances we may share your data with debt collection agencies to manage what you may owe us.
- Communications services providers
- We may share your data with them to help us send you emails, push notifications and text messages.
- Other Vox Customers:
- We may share your data with them in order to provide our services to you and to improve your customer experience by making payments simpler.
- Third Party Payers:
- We may share your data with them in order to provide our services to you and to improve your customer experience by making payments simpler. This would for example include sharing your name with third parties that pay money into your Vox Money account. This is necessary to confirm that the payment has been made to the correct account.
- Other Partners who help provide our services:
- We may share your personal data with our partners in order to provide you with certain services you have asked us for, for example, your Credit Union or our reward program service provider.
- Other providers and financial institutions:
- We may share your personal data with other financial institutions if requested. For example, if you want to utilize the ‘open banking’ option through an approved third party provider and given them permission, we will share data from your Vox Money account with such provider.
- We may also share your personal data with other financial institutions where you do not ask us to. For example, if you make an outbound payment, we share information about you alongside your payment, since we have a legal obligation to include particular information with payments.
- Fraud and financial crime prevention agencies.
- We may share your personal data with fraud and financial crime prevention agencies. We do this to check your identity and to fight fraud and financial crime, as well as to ensure our compliance with applicable legal and regulatory requirements aimed at preventing financial crime, money laundering and terrorist financing. For these purposes, we will be aided by third parties, including but not limited to, fraud and crime prevention agencies, official records and/or other means allowed by law. As such, we collect and share personal data from and to third parties, such as financial crime agencies, credit reference agencies, financial or credit institutions, official registers and databases, as well as fraud prevention agencies and partners who help us to provide our services. This can include your credit record, information to help us check your identity, information about your spouse and family members (if applicable in the context of an application that you make) and information relating to your transactions. Law enforcement agencies may check and use this personal data. We may also be required to disclose your personal data by a court order or to comply with other legal or regulatory requirements. We will use reasonable endeavours to notify you before we do so, unless we are legally restricted from doing so.
- We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us via email@example.com
- Social media and advertising companies:
- Your personal data may be shared with social media platforms when we use social media for our marketing purposes. This is so that they can check if you also hold an account with them. If you do, we may ask the advertising partner or social media provider to use your personal data to send our adverts to you, because we think that you might be interested in a new product or service we are offering, or not to send your our adverts, because it relates to a service that you already use.
- Where you ask us to share your data:
- Where you direct us to share your personal data with a third party, we may do so. For example, you may authorise third parties to act on your behalf (such as a lawyer, accountant or family member or guardian under a power of attorney).
- For other reasons:
- We may also need to share your personal data with other third party organisations:
- if we have to do so under any law or regulation;
- if we sell our business;
- in connection with criminal or fraud investigations;
- to enforce our rights (and those of customers or others); or
- in connection with legal claims.
Cookies or other tracking technologies
To sum up…
Transfer of personal data outside of the United Kingdom or Europe
In order to provide our services we may need to transfer your personal data outside the United Kingdom and/or European Economic Area (EEA). By way of an example, our contact centre you call may be located outside the United Kingdom and/or the EEA.
We also note that your personal data may be controlled and processed by any of our offices, some of which may be outside the United Kingdom and/or EEA. The location of our offices may change from time to time and we may acquire offices in any number of countries or territories at any time, any one or more of which may act as data controllers of and/or process personal data. We might also send your personal data outside of the United Kingdom and/or EEA to keep to global legal and regulatory requirements, and to provide ongoing support services.
As such, we may share your personal data with our call centre, our credit reference agencies and fraud prevention agencies that are based outside of the United Kingdom and/or EEA. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
To sum up…
We will transfer data to countries outside the UK and/or the EEA – but only in accordance with the law.
Security of your personal data
We use a variety of technical and physical measures to keep your personal data safe, ensuring the safeguard of the collection, transmission and storage of the data we collect in order to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We use encryption, anonymization or/and pseudonymization procedures where required. This includes the use of SSL (Secure Socket Layer) technology, which is the industry standard method of encrypting personal information and payment information so that they can be transferred via the internet in a safe manner. If your browser does not support SSL, we recommend that you upgrade to the latest version of any browser to enhance the security of further transactions, otherwise the transmission of your personal data may not be protected.
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it.
In addition, we store the data on a secure computer systems with control over access to information using both physical and electronic means.
We also limit access to your personal data within our companies and our service providers to a “business need to know”. In other words: they are not to be able to access or process your data unless they need to, and where they need to, they are doing it on our instructions, under a duty of confidentiality and have appropriate technical and operational security measures in place to protect your data. Furthermore, we have put in place procedures to deal with any suspected personal data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so.
To sum up…
We do our absolute best to keep your data safe.
How long will we keep your personal data
Generally, we will keep your personal data for six years after our business relationship ends. However, in some cases this period may be longer, if required by applicable local laws. We are required to keep your personal data for this long by anti-money laundering and e-money laws. We may keep your personal data for longer because of a potential or ongoing court claim or another legal reason. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
To sum up…
We will keep your personal data for six years, unless we have a legal obligation to keep it for longer.
You do have certain rights in relation to your personal data. Please note that none of these rights are absolute, and we may be entitled or required to refuse or only partially comply with your requests where exceptions or exemptions apply. Your rights include the following:
- Right to know whether we hold information about you and, if so, what that information is and further details how/why we use and process your personal information.
- Right of access to your personal information we hold. If requested (see below) you will receive an electronic copy of the personal information we hold about you.
- Request correction of the personal data that we hold about you, in certain instances, for example if it is inaccurate or incomplete.
- Request erasure of your personal data (or to be “forgotten”). In certain instances, you can ask us to delete or remove personal data, for example where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below). Regardless, we may not be able to agree to your request of erasure. As a regulated financial services provider, we must keep certain personal data even where you ask us to delete it. If you’ve closed your Vox Money account, we may not be able to delete your entire file because our regulatory responsibilities require us to retain these records.
- Right to withdraw consent to the processing of data where consent is relied upon by us as the basis of processing for a specific purpose. You have the right to withdraw your consent for that specific processing at any time. If we receive notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities. Please note that if you withdraw this consent it may mean we will not be able to provide all or parts of the services you have requested from us.
- Right to restrict processing of your personal data. You may ask us to suspend the use of your personal data if you want us to investigate whether it is accurate, you feel our use of your personal data is unlawful but you do not want us to delete it, we no longer need the data, but you want us to continue holding it for you in connection with a legal claim, you have objected to us using your personal data (see below), but we need to check whether we have an overriding reason to use it.
- Object to processing of your personal data if we are relying on a legitimate interest as a basis for our processing. However, if there is an overriding reason why we need to use your personal data, i.e. we feel that our reasons for the underlying processing outweighs your interests, we will not accept your request. If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services. Also, you have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision based on your personal data. Your objection to an automated decision will result in us carrying out a manual review of the decision.
- Request transfer of your personal data to you or to a third party (also known as “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format. We will do this if we are allowed to do so under regulatory requirements.
To sum up…
You have statutory rights concerning your data and if you want to exercise them please let us know. Please note that these are not unqualified rights and exceptions or exemptions may apply.
Although we welcome your queries, please note that any electronic communication through this website between you and us (or any of our employees or agents) may not be secure. For this reason, please do not send us any email that contains confidential or sensitive information.
Note that due to security reasons, we can’t deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
If you have unresolved concerns, or if you are simply unhappy how we have handled your enquiry or your personal data, you also have the right to complain to the relevant data protection authorities. In the United Kingdom this is the Information Commissioner’s Office (ICO), www.ico.org.uk In the EU, there are national and regional data protection authorities you can contact, and a list is available on this website: https://edpb.europa.eu/about-edpb/board/members_en
To sum up…
If you have any questions regarding this Policy, let us know. You also have the right to complain to the relevant data protection authorities.
Changes to this policy
To sum up…
We will modify this policy if there is a change in how we process your data. Any new version of this Policy can be found on our website.