If you apply for a savings account or home improvement loan with us, or use our services, Tandem Bank Limited is the Controller responsible for the fair and lawful use of your personal data. Tandem Bank Ltd is registered with the Information Commissioners Office (“ICO”) under reference ZB743178.

If you apply for a loan which is secured against a new property purchase or your current property, Tandem Home Loans Limited is the Controller responsible for the fair and lawful use of your personal data. Tandem Home Loans Limited is registered with the Information Commissioners Office (“ICO”) under reference ZB724121.

If you apply for a motor finance loan, Tandem Motor Finance Ltd is the Controller responsible for the fair and lawful use of your personal data. Tandem Motor Finance Limited is registered with the Information Commissioners Office (“ICO”) under reference ZB743184.

If you apply for employment with us, Tandem Money Limited (“TML”) is the Controller responsible for the fair and lawful use of your personal data. Tandem Money Ltd is registered with the Information Commissioners Office (“ICO”) under reference ZA119928.

As the lead entity for the Tandem Group, TML has implemented a Data Protection governance model and control framework to ensure the fair and lawful management of all personal data processed. This framework applies to all Tandem Group subsidiary companies.

With the exception of the above listed Controllers, no other Tandem Group subsidiary company processes any personal data independently and does not make any decision concerning how personal data is processed.

All Tandem Group entities are registered at Viscount Court, Sir Frank Whittle Way, Blackpool, FY4 2FB.

Our telephone numbers are as follows:

• Allium Money Limited - 0333 016 4057
• GDFC entities – 0330 111 8098
• Tandem Bank Limited and Tandem Money Limited - 020 3370 0970
• Tandem Home Loans Limited – 01253 603 962
• Tandem Home Improvement Loans – 01290 211 495
• Tandem Motor Finance Ltd – 0191 492 191
• Tandem Personal Loans Ltd – 01253 603 960

Data Protection Officer’s Contact Details

Our Data Protection Officer can be contacted at: dpo@tandem.co.uk.

Your personal information is protected under data protection law and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection Officer should you wish to exercise these rights.  We will need to verify your identity before we can act on your request.

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations. When our relationship is over, we are still required to keep your data for certain periods. This is used for contractual and legal reasons. For example, to detect and prevent financial crime.

Object to processing of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling, or direct marketing.

Request restriction of processing of your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.

Request data portability of your personal data to you or to a third party. You have the right to receive, move, copy or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

How we collect your personal information – If you apply for a product with us or use our services

We collect Personal Data directly from you via our App, Websites, and other communications between us when you use or apply for our services. This includes:

Direct interactions.

• Applying for our products and services.
• Creating an account on our app.
• Creating an account on our Website.
• When you make transactions using our products and services.
• Subscribing to our on-line /customer account management area
• Contacting us via phone, email or by way of correspondence.
• When you connect to our products and services using devices, such as computers and mobile phones, using cookies and other internet tracking software.
• Requesting marketing to be sent to you.
• Information you make public when you interact with our social media profiles.
• Completing a survey; or
• Giving us some feedback.

Automated technologies or interactions.

• From your browsing actions and patterns when visiting our website (collected by our Website Cookies. Please refer to our Cookie Policy for more information).

We also obtain your personal information from third parties including:

• When you apply to us for a loan via a credit broker, car dealership or retailer and they transfer your personal data to us in accordance with your agreement with them.
• Price Comparison Websites and Aggregators.
• Mortgage Brokers, Advisors and Clubs.
• If another person provides your information to us when they apply to obtain a product from us jointly with you.
• From fraud prevention agencies including Cifas, the credit industry fraud prevention agency and National Hunter.
• From searches of credit reference agencies of their records relating to you and other people with whom you are linked financially.
• From tracing, debt collection and recovery agents acting on our behalf.
• From public records (e.g. sanctions lists, media, the electoral roll).
• From the Land Registry, Registers of Court Judgements, Bankruptcy and Insolvency Register
• If you have a credit agreement with another lender and we buy it from that lender (for example, if we buy a portfolio of credit agreements and your credit agreement is included within that portfolio).
• From analytics providers such as Google and Facebook based outside the UK.
• From Open Banking Services, but only with your explicit consent.
• From credit reference agency data to provide you with Financial Fitness and Track information. By accessing the Oplo Track section of the Customer Account Management Area, a request is submitted to TransUnion under section 15 of the General Data Protection Regulation (GDPR) to obtain your credit score.
• From credit reference agency products such as CAMEO which provides demographic profiling information.
• From screen tracking software, which uses cookies and other technologies to collect data on users’ behaviour and their devices.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, nationality, country of birth, passport information, driving licence information, national insurance numbers or other identification information.

Employment Data includes the name of your employer and contact details.

Contact Data includes address, email address, telephone numbers and records of calls, emails, text messages, social media messages and other communications between use.

Financial Data includes bank account details, salary details, assets, liabilities, details on Any dependants, income and expenditure, payment card details.

Transaction Data includes details about transactions in or out of your account including Interest accrued; if you have a loan or mortgage with us this will include payments you make and receive, details of any arrears, details of arrears charges and associated costs.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.

Profile Data includes your username and password, loan applications made, payments made by you, your financial situation, marketing preferences, feedback and survey responses.

Usage Data includes information about how you use our website, app, account, loan products and services. Along with interactions with our financial promotions. Some of this data is obtained from Internet Cookies.

Mobile Device Specific Data

Tandem App Data including but not limited to information requested from you when you register for the app and external security details for your linked accounts from the sites of external providers active on the Tandem App.

Linked Account Information, which is gathered by our Open Banking Partner, TrueLayer should you take out a Savings Product with Tandem. This includes information such as account name and type, and details of your balance and relevant transactions.

Marketing and Communications Data includes your preferences in receiving marketing from us and any third-party supplier and your communication preferences.

Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

The data we collect about you

Identity Data includes first name, maiden name, last name, username or similar identifier,  marital status, title, date of birth, gender, nationality, country of birth, passport information, driving licence information, national insurance numbers or other identification information.

How we use your personal data – If you apply for a product with us or use our services

We will only use your personal data we collect to:

• Verify your identity, income, employment status and location before we provide you with a loan, mortgage, or account and throughout our relationship with you.
• Assess your credit history and make credit decisions about you.
• Assess whether the loan or mortgage applied for is affordable.
• Prevent fraud and money laundering before we provide you with a loan, mortgage, or account and after your loan, mortgage or account has been granted. .
• Register you as a new customer.
• Administer your account, collect loan payments, manage any arrears, trace you and recover debts owed by you.
• Communicate with you by telephone, email, SMS, chatbot, post or any other digital communication method. Including providing you with regulatory notices and account statements and handling any complaints you may have.
• Meet our legal, regulatory and contractual obligations arising from any agreement you enter into with us.
• Report positive, delinquent and default data to Credit Reference Agencies.
• Provide and improve customer service and support. We may also use special category data, if provided, for this purpose.
• Keep our records up to date, provide good governance, accounting, management and auditing of our business operations.
• Undertake market research, transactional analysis, statistical analysis and system testing.
• Administer our Website, enhance operational capabilities and for internal operations.
• Provide you or others with information about other products and services that we offer that may be of interest to you. This may involve us sharing some personal data (for example, email address), in a secure format, with social media companies so that they can match this to personal data they already hold and so display messages to you and others about our products and services. You may decline the use of your data for this purpose. See the below section on Marketing and Opt-Out Rights.
• To update our records.

‍

Your data may also be used:

• For due diligence purposes if another lender or debt purchaser was buying a portfolio of credit agreements where your credit agreement is included within the portfolio.
• For due diligence if the Group was to be involved in a merger or acquisition.
• Automated decisioning to assess your loan application. Please refer to the Automated Processing section for more information.

If you end your relationship with us, or if your application for a product with us is declined or you decide not to go ahead with it, your information will be retained in line with our retention schedules.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Marketing and Opt-Out Rights – If you apply for a product with us or use our services

We may send marketing to you about our products and services, and the products and services of other members of the Group (unless you have opted out of marketing, or we are prevented by law from doing so).

This may be sent by post, telephone, email, SMS and through digital channels including social media.

We may ask you from time to time for your preferred methods of contact.

It is in our legitimate interests to give you information about our products and services that you may be interested in.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

Third-party marketing

If we wish to pass your information to selected third parties, so that party can market their products to you, we will inform you of which company we wish to share your details with and we will ask for your consent before doing so. The only exception to this, is where we rely on our legitimate interests as the legal basis for processing/sharing the information in your personal data.

We will carefully consider and balance any possible effect this may have on you and your rights.

Data protection law also allows us to use personal information for our genuine and legitimate reasons as long as we respect your rights and freedoms.

Tandem only relies on this basis for third-party marketing when you have taken out a motor finance with us. In this instance we may pass your details to General Insurance Distribution Ltd, a Motor Insurance Product provider, recognising the marketing preferences you have selected.

Automated Processing

We may use automated decision-making software to underwrite your loan or mortgage.

Our automated systems include but are not limited to:

• A credit assessment
• Affordability assessment
• Employment verification
• Income verification
• Fraud prevention and anti-money laundering databases

You have the right to request that we manually review the results of any automated decision. You can do this by contacting us at dpo@tandem.co.uk.

Changing the purpose that we collected your data

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Changing the purpose that we collected your data

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

• Contract: the processing is necessary for the loan, agreement, mortgage, account or product you have with us, or because we must take specific steps before you enter into a loan, agreement or mortgage with us such as ensuring the loan is affordable.
• Legal obligation: the processing is necessary for us to comply with the law. For example, the Consumer Credit Act, Mortgage Regulation or Money Laundering Regulation and associated laws.
• Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide.
• Explicit consent: this relates specifically to obtaining special category data, such as information regarding your health, which we may request to understand how best to support you. We will look to obtain your explicit consent before processing this information, however we may process under legitimate interests, if seeking consent would be unreasonable or negatively impact our ability to help you. This would only be if it is necessary for reasons of substantial public interest to use your data or to protect your or another person’s vital interests. For example, we may record information about your health if it is necessary to protect your economic wellbeing or we may share information about you to the emergency services if it is crucial to save either your or another person’s life and you are unable to consent.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example for marketing or to pass your information to named third parties for the purposes of marketing to you by electronic means.

Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. Where the legal basis is ‘legitimate interests’ a further explanation will be provided in italics.

Who we may share your Personal Data with

We may share your personal information with:

• All entities belonging to the Group.
• Service providers acting as processors who provide data hosting, data storage, electronic messaging services, printing services, call recording services and system administration services.
• Service providers acting as processors who provide outsourced services such as call centre activity, customer service, marketing, credit score information, behaviour analysis, market research, speech analytics, income verification and affordability checks and business support services such as the collection of arrears or financial advice.
• Our Open Banking Partners, TrueLayer and Consents Online Ltd, and other banks for payment, aggregation and verification of ownership of the current account you link to your Tandem account (dependent on the product taken out).
• Retailers and Credit Brokers who have introduced you as a customer to us or are providing you with a product or service from our Tandem choices marketplace.
• Social media companies (in a secure format), so they can display messages to you and others about our products and services.
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, debt recovery services, tracing agents, repossession agents, insurance and accounting services.
• HM Revenue & Customs, Regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
• Cifas, a fraud prevention agency and National Hunter based in the United Kingdom who provide fraud prevention services and who we also report to.  
• Know Your Customer (KYC) and cyber security providers.
• Customer satisfaction survey administrators and Market Research companies assisting us to improve our products or service delivery.
• Motor Insurance Product provider, General Insurance Distribution Ltd if you take out a motor finance loan with us.
• Any other parties connected to your account such as guarantors, joint account holders, power of attorney etc.
• Third parties to which we transfer, charge or assign your agreement.
• The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• Public authorities, Law enforcement agencies, government, or regulatory bodies where we are required to do so by law.
• Credit Reference Agencies.
• Anyone else where we have your consent or where it is required by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will make sure that anyone acting on our behalf only uses your personal data in line with our instructions and that they keep the data safe. We won’t share or give your personal information to external companies for their own marketing purposes.

Credit Reference Agencies

To process your loan or mortgage application, we will perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

We will also continue to exchange information about you with credit reference agencies while you are our customer. This includes informing the Credit Reference Agencies if you borrow and do not repay in full and on time. Credit Reference Agencies will record the outstanding debt.

We also inform the Credit Reference Agencies about your settled accounts.

The credit reference agencies may in turn share your personal data with other organisations, which those organisations may use to make decisions about you.

Examples of circumstances when your information may be shared include the following.

• Verifying the accuracy of the data you have provided us.
• Making credit and affordability assessments to decide whether to accept your application.
• Checking your identity details.
• Preventing criminal activity, fraud and money laundering.
• Tracing your address so that we can continue to contact you about any existing or previous products you held with us, as well as recovering debts that you owe.
• Understanding your financial position. This includes the amount you borrow and your payment history, including any payment arrangements.

Ensuring any offers provided to you are appropriate to your circumstances.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders. Our initial search may be a ‘soft footprint’ which cannot be seen by other lenders but if you proceed to take out a loan with us this footprint will be visible to others who search your credit record.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before applying for a loan with us.

Credit Reference Agencies will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the Credit Reference Agencies to break that link.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

• TransUnion https://www.transunion.co.uk/crain
• Equifax  www.equifax.co.uk/crain
• Experian https://experian.co.uk/crain/index.html

Fraud prevention agencies

The personal information we have collected from you will be shared with fraud prevention agencies to help us make credit related decisions and to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected you could be refused certain services. Your personal information may also be used to verify your identity.

Fraud prevention agencies can hold your personal data for different periods of time.

We may also share your personal data with law enforcement agencies to detect, investigate and prevent crime. If fraud is detected, we may refuse to provide the loan you have requested, or we may stop providing our service to you.

A record of any fraud will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your personal data for different periods of time.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting Cifas at www.cifas.co.uk and National Hunter at www.nhunter.co.uk.

Third-Party Links

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information

We collect Personal Data directly from you via our Websites, via third party recruitment websites, recruitment agencies or head-hunters if you apply for employment with the Group.

We also obtain your personal information from third parties including: If you apply for employment - as part of the recruitment process

With your consent:

• From fraud prevention agencies including Cifas, the Fraud Prevention Agency.
• From searches of credit reference agencies of their records relating to you and other people with whom you are linked financially.
• From public records (e.g. sanctions list, media, the electoral roll).
• From the Land Registry, Registers of Court Judgements, Bankruptcies.
• Disclosure & Barring Service (DBS).
• Your named referees.
  

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect different kinds of personal data about you listed below:

• Any data you have provided to us as part of the application and interview process including information contained in your curriculum vitae (CV) such as your name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, nationality, profession, professional memberships, educational achievements, and computer skills.
• Right to work documentation.
• Copies of evidence provided to us for proof of your home address.
• Any personal data provided to us about you from your referees.
• Any personal data provided to us about you by a third party which you have given us consent to gain such as Disclosure and Baring Service and Credit Check. This may include details of any criminal convictions and offences (if applicable) and credit rating and history information.
• Any personal information in relation to a disability where reasonable adjustment needs to be made during the recruitment process or thereafter.

How we use your personal data

We will only use your personal information we collect to:

• Assess your skills, qualifications, and suitability to make a decision about your recruitment or appointment
• Checking you are legally entitled to work in the UK
• Carry out background and reference checks, including credit reference agency, fraud prevention agency, and Disclosure and Barring Service checks (with your consent).
• Communicate with you by telephone, email, SMS or post about the recruitment process
• Keep records related to our hiring processes
• Comply with legal and regulatory requirements

Your data may also be used:

• For due diligence if the Group was to be involved in a merger or acquisition.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

If you fail to provide certain information when requested, which is necessary for us to consider your application (such as evidence of qualifications, work history, proof of address, identification), we may not be able to process your application further. For example, if we require to apply for a DBS certificate and you fail to provide us with relevant details, we will not be able to take your application further.

Marketing and Opt-Out Rights

We will not send marketing to you about our products and services, and the products and services of other members of the Group.

Automated Processing

We do not use automated decision-making software to assess your suitability for employment.

Changing the purpose that we collected your data

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

• Contract: the processing is necessary before entering into an employment contract.
• ‍Legal obligation: the processing is necessary to comply with employment legislation and to meet regulatory requirements.
• ‍Consent: To obtain Disclosure & Barring Service checks or a credit check.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to refuse your application, but we will notify you if this is the case at the time depending on the stage of your employment application.

Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your Personal Data with

We may share your personal information with:

• Service providers acting as processors based in the UK who provide a credit reference check, criminal records check, employment agency/recruitment services.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
• The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• Law enforcement agencies or regulatory bodies where we are required to do so by law.
• Credit Reference and fraud prevention agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Credit Reference Agencies

With your consent we may perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

• Verifying the accuracy of the data you have provided us.
• To review your credit history as part of our suitability for employment assessment.
• Checking your identity details.
• Preventing criminal activity, fraud and money laundering.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other firms. However, we will perform a ‘soft footprint’ which cannot be seen by other firms.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

• TransUnion https://www.transunion.co.uk/crain
• Equifax www.equifax.co.uk/crain
• Experian https://experian.co.uk/crain/index.html

‍

Fraud Prevention Agencies

The personal information we have collected from you will be shared with fraud prevention agencies to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information may also be used to verify your identity. Fraud prevention agencies can hold your personal data for different periods of time.

Further details of how your information will be used by us and Cifas, and your data protection rights, can be found at www.cifas.org.uk/fpn

Third-Party Links

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information

We collect Personal Data directly from you via due diligence forms and other communications between us.

How we use your personal data

We will only use your personal data we collect to:

• Verify your identity before we enter a relationship with you and throughout our relationship with you.
• Assess your credit history (depending on the nature of the relationship).
• Prevent fraud and money laundering.
• Meet our legal, regulatory, and contractual obligations arising from any agreement you enter with us.
• To update our records.

Your data may also be used:

• For due diligence if the Group was to be involved in a merger or acquisition.

If your relationship with us ends, your information will be retained in line with our retention schedules.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Marketing and Opt-Out Rights

We may send marketing to you about our products and services, and the products and services of other members of the Group (unless you have opted out of marketing, or we are prevented by law from doing so).

This may be sent by post, telephone, email, SMS and through digital channels including social media.

We may ask you from time to time for your preferred methods of contact.

It is in our legitimate interests to give you information about our products and services that you may be interested in.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

Automated Processing

We do not use automated decision-making software as part of the onboarding process.

Changing the purpose that we collected your data

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

• Contract: the processing is necessary before entering into a contract.
• ‍Legal obligation: the processing is necessary to comply with legislation and to meet regulatory requirements.
• ‍Consent: To obtain a credit check.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter with you.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your Personal Data with

We may share your personal information with:

• Service providers acting as processors based in the UK who provide credit reference check, and identity checks.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
• The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• Law enforcement agencies or regulatory bodies where we are required to do so by law.
• Credit Reference Agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Credit Reference Agencies

With your consent we may perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

Verifying the accuracy of the data you have provided us.

• To review your credit history as part of our suitability for employment assessment.
• Checking your identity details.
• Preventing criminal activity, fraud and money laundering.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other firms. However, we will perform a ‘soft footprint’ which cannot be seen by other firms.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

• TransUnion https://www.transunion.co.uk/crain
• Equifax www.equifax.co.uk/crain
• Experian https://experian.co.uk/crain/index.html

Third-Party Links

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information

We collect Personal Data directly from you via our Newsletter sign-up form.

How we use your personal data

We will only use your personal data we collect to:

• Send you our Newsletter regarding greener choices products and services.

Marketing and opt-out rights

We will not send direct marketing to you about our products and services, and the products and services of other members of the Group. However, the Newsletter will contain information regarding greener choices products and services.

You can opt-out of the Newsletter by clicking unsubscribe on the Newsletter or contacting us.

Automated processing

We do not use automated decision-making software when sending our Newsletter.

Changing the purpose that we collected your data

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our legal basis for using your personal data

We must have a legal basis (lawful reason) to process your personal data. In this case the legal basis is Consent.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your personal data with

We may share your personal information with:

• Service providers acting as processors based in the UK who provide mailing services or software.
• The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• Law enforcement agencies or regulatory bodies where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Third-party links

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information

We collect Personal Data directly from you when you enquire about our preferred suppliers within our Marketplace.

How we use your personal data

We will use the personal data we collect to:

• Provide you with information from our preferred suppliers about their products. This means we will pass your details on to the suppliers you have selected.
• To provide you with information about our products and services.
  

Marketing and opt-out rights

We will send direct marketing to you about our products and services, and the products and services of other members of the Group.

You will also receive direct marketing from the suppliers you have selected.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

Automated processing

We do not use automated decision-making software when to provide you with direct marketing.

Changing the purpose that we collected your data

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our legal basis for using your personal data

We must have a legal basis (lawful reason) to process your personal data. In this case the legal basis is Consent.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your personal data with

We may share your personal information with:

• Our preferred suppliers about their products, as selected by you.
• The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• Law enforcement agencies or regulatory bodies where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Third-party links

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Where possible we try to restrict data transfers to the UK only. We will only transfer your personal data outside the UK if the organisation we are sharing data with operates in an equivalent jurisdiction i.e. The country applies equivalent levels of protection as the UK. In these circumstances, we will have a contract in place to make sure the recipient protects the data to the same standard as is required in the UK. We will not transfer your data outside of the UK if you apply for employment or as part of the recruitment process.

If fraud prevention agencies transfer your personal data outside of the European Economic Area (EEA), they impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the EEA. They may also require the recipient to subscribe to ‘internal frameworks’ intended to enable secure data sharing.

It is important that the personal data we hold about you is accurate and current.

Please keep us informed of any changes during your relationship with us.  

If you apply for a product with us or use our service this should include any change of address, telephone numbers and name changes.

If your information changes as part of the employment application process this should include contact details, and name changes.

The length of time we retain your information is determined by the purpose for which we use that information and our obligations under laws and regulation. We do not retain personal information in an identifiable format for longer than necessary.

Personal data relating to product and services will in most cases be kept for a period of 6 years once our relationship with you comes to an end. This period may be reduced depending on the nature of the data, the purpose it was obtained and legal/regulatory requirements.

We may keep your data for longer if we cannot delete it for legal or regulatory reasons.

Employment application data will be retained for a period of 1 year after your last application date if you are unsuccessful. This is so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

If you become an employee, we will retain your data for the period of your employment and for a period following the end of employment sufficient to meet our legal or legitimate interests. Further details can be found in our employee privacy notice and data retention policy.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This data may be shared and used in all the ways described in this notice.

In certain circumstances you can ask us to delete your data: see the Data Protection Rights section for further information.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you of any breaches where we are legally required to do so.

Subject to applicable laws, we will monitor and record calls, emails, text messages, social media messages and other communications. We will do this for the purposes of complying with applicable laws and regulations and our own internal policies and procedures, to prevent or detect crime, and for quality control and staff training purposes.

If you have any questions about how we treat your personal data and protect your privacy, please email dpo@tandem.co.uk or call us on one of the numbers below.

Tandem Bank Limited and Tandem Money Limited - 020 3370 0970

Tandem Home Loans Limited – 01253 603 950

Oplo PL Ltd – 01253 603 952

Tandem Motor Finance Ltd – 0191 492 1919

Allium Money Limited and GDFC entities - 0333 016 4057

You also have the right to make a complaint to the Information Commissioner's Office (ICO) https://ico.org.uk/make-a-complaint/ or call 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

The Data Controller reserves the right to make changes to this Privacy Notice at any time. This version was last updated on 25 September 2024. Historic versions can be obtained by contacting us at dpo@tandem.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing). Unless stated otherwise the current privacy notice applies to all Personal data held by the Data Controller.