Privacy Notice

Tandem is committed to protecting your privacy. This Privacy Notice sets out the details of the information that we may collect from you and how we may use that information when you use any of our products and services, our app and our websites. Please take your time to read this Privacy Notice carefully. This Privacy Notice should be read alongside, and in addition to all product and service specific terms and conditions.

1. About us

In this Privacy Policy references to “us”, “our”, “we”, or “Tandem” are to Tandem Bank Limited and Tandem Money Limited.  

Tandem Bank Limited is a company registered in England and Wales (company registration number 00955491) with its registered office address at Hogarth House, 136 High Holborn London, WC1V 6PX. Tandem Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 204479.  

Tandem Money Limited is a company registered in England and Wales (company number 08628614) whose registered office is at Hogarth House, 136 High Holborn London, WC1V 6PX. Tandem Money Limited is authorised and regulated by the Financial Conduct Authority under registration number 684908.  

Tandem acts as data controller in respect of your personal information that we process.  

If you have any questions about how we collect, store or use your information, please contact us on 0203 370 0970 or at hello@tandem.co.uk.

2. What personal information do we collect and use and who do we collect it from?

We will collect personal information like your name, address and date of birth when you apply for, or use any of our products or services. We will also collect data from your use of our website and app. The type of information that we collect from you will depend on your relationship with us:  

- Information requested from you when you make an application for one of our products or services (including, but not limited to name, postal address, telephone number, email address, date of birth, nationality, country of birth, employment details) or at any time about your personal and financial circumstances or which we gather about you from the way you use and manage any account which we open for you.

- Details of any transactions in or out of the account including interest accrual.

- We will keep details and records of when you contact us and we contact you, like calls, emails, text messages, social media messages or other communications.

- User interactions and log data when you use our website(s) and app and click on our adverts on other websites (see information on cookies on our website).

- Mobile device specific data.

- Information we receive about you from third parties, such as credit reference or fraud protection agencies.

- Information requested from you when you register for the Tandem app including, but not limited to external security details for your linked accounts from the sites of external providers active on the Tandem App.

- Information gathered regarding your linked account, which is gathered by our Open Banking partner, TrueLayer. This includes information such as account name and type, and details of your balance and relevant transactions

- Information requested from you which is required to complete a switching process via the Tandem App.

- Information that is publicly available.

- Information from social media sites.

Please note that your external security details will be stored on a third party secure server and not on your mobile phone. Your external security details will be encrypted when stored and encrypted when data is transmitted – we will never see or have access to your external security details.

3. Special category data

We may need to process more sensitive data which data protection law categorises as Special Category Data. This could include:

- Racial or ethnic origin

- Political opinion

- Religious or philosophical beliefs

- Trade Union membership

- Genetic or biometric data

- Data concerning your health

- Criminal records of convictions and offences

- Allegations of criminal offences

- Sexual orientation

We will only process Special Category Data if the law allows us to do so. The lawful bases we most commonly rely on are:

1. We have your explicit consent to use your data. We may look to record any information provided concerning your health so that we understand how best to support you and service your account. For example, if you are vulnerable in any way.

2. It is necessary for reasons of substantial public interest to use your data. For example, we may record information about your health if it's necessary to protect your economic well-being, if you're at risk, and seeking consent would be unreasonable or negatively impact our ability to help you.

3. It is necessary to protect your or another person's vital interests. We may share information about you to the emergency services if it is crucial to save either your or another's life and you are unable to consent.

4. How do we collect your information?

We collect information from you:

- When you apply for our products and services via our websites or our app;  

- When you talk to us on the phone, over email, by letter, via chat or social media;

- When you make transactions using our products and services; and

- When you connect to our products and services using devices, such as computers and mobile phones, using cookies and other internet tracking software.

5. What are the purposes for which your personal information is used

Data protection law says that we are allowed to use personal information only if we have a proper reason to do so. We’ll process your personal data under a legal basis and for the following purposes:

- As necessary to perform our contract with you for the relevant account, product or service:

- To take steps at your request before entering into the contract;

- To decide whether to enter into a contract with you;

- To manage and perform that contract;

- To keep our records up to date; and  

- To trace your whereabouts to contact you about your account and recovering money that is owed to us.

We will also process personal data as necessary for our own legitimate interests, that is when we have a business or commercial reason to use your information, for example:

- For good governance, accounting and managing and auditing our business operations;

- To keep our records up to date;

- Working out which of our products and services may be of interest to you;

- To search credit reference agencies if you apply to borrow for a mortgage;

- To monitor emails, calls other communications and activities on your account;

- For market research, analysis and developing statistics; and

- To send you marketing communications.

We are also required to process personal data as necessary to comply with a legal obligation, for example:

- To  comply with our legal and regulatory requirements and related disclosures e.g. where we have specific security obligations, such as two factor authentication, we will process your personal data, in order to authenticate your transaction.

- To establish and defend our legal rights;

- For activities relating to the prevention, detection and investigation of crime;

- To verify your identity, make credit, fraud prevention and anti-money laundering checks;

- To monitor emails, calls and other communications and activities on your account.

Personal data is also processed based on your consent, for example:

- When we process any special categories of personal data about you at your request (e.g. information concerning your health);  

- To send you marketing communications where we’ve asked for your consent to do so. You’re free to withdraw your consent at any time, however this will mean that we will not be able to do certain things for you.

6. How will your personal information be used?

We will use the personal information we hold about you, and data from the technology/devices you use to access your account(s) to:

- Provide, manage and develop our products and services;

- Understand your preferences and advise you about our other products and services;

- Undertake market research, transactional analysis, statistical analysis and system testing;

- Update our records;

- Recover debt;

- Confirm your identity and location; and

- Prevent and investigate fraud, money laundering and other crimes. If we believe that you have tax obligations in another country, we may disclose personal information of yours with those tax authorities, or with HM Revenue and Customs, who may share the information with the other tax authorities. We may search, use and share the records held by domestic and international credit reference agencies and fraud prevention agencies, as well as our own internal records to confirm your identity and prevent fraud or money laundering

7. Prevention of Fraud and Money Laundering

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting [Cifas] at www.cifas.org.uk and [National Hunter] at www.nhunter.co.uk.

If you have any questions, or wish to find out more about the fraud prevention agencies we use, please call our customer services number on: 020 3370 0970.

8. Who do we share your information with?

We disclose your information to the third parties listed below for the purposes described in this Privacy Policy. You can contact us for details of specific disclosures made in respect of your information:  

- Third parties acting on our behalf, including our service providers and agents who help us manage your products and services, for example our customer service partners and the companies which print any paper statements or notices;

- Our Open Banking partner, TrueLayer, and other banks for payment, aggregation and verification of ownership of the current account you link to your Tandem account;

- Fraud prevention agencies;

- Credit referencing agencies, specifically TransUnion - https://www.transunion.co.uk/crain;

- Know your Customer (KYC) and cyber security providers;  

- Relevant government bodies, authorities and regulatory bodies in order to comply with our regulatory and reporting obligations;

- IT providers/hosted IT solution providers to enable us to provide our products and services to you;

- Debt collection agencies in the event we need to collect arrears from you;

- Other service providers via a shared, secured database for income verification and affordability checks and to manage/collect arrears;

- Our professional advisors (lawyers, accountants and consultants);

- Any other parties connected with your account e.g. guarantors and joint account holders;

- Market research companies to assist us in improving our product or service delivery;

- Any third party who is restructuring, selling or acquiring our assets, as long as that party uses the personal information in accordance with the terms of any agreements between you and us; and  

- Anyone else where we have your consent or where it is required by law. We will make sure that anyone acting on our behalf only uses your personal information in line with our instructions and that they keep the data safe. We won’t share or give your personal information to external companies for their own marketing purposes.

9. What marketing activities do we carry out?

We may also use your personal information to provide you with information about products or services which may be of interest to you where you have provided your consent for us to do so.  

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to unsubscribe from marketing emails sent by us, you may do so at any time by clicking on the “unsubscribe” link that appears in all emails. Otherwise you can always contact us at hello@tandem.co.uk or on 0203 370 0970 to update your contact preferences. Emails required to service your existing products will not be turned off by unsubscribing to marketing activities.

10. Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data which cannot be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.

11. How long do we keep personal information for?

We only keep personal information for as long as reasonably necessary to fulfil the relevant purposes described in this Privacy Policy and in order to comply with our legal and regulatory obligations.  

After you stop being a customer, we may keep your data for up to 7 years for one of these reasons:

- To maintain records according to laws and regulations that apply to us

- To show that we treated you fairly

- To respond to any questions or complaints

We may keep your data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. Fraud prevention agencies can hold your personal data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years.

12. What is our approach to international data transfers

Some of our suppliers who process your data in accordance with this Privacy Policy may be outside the UK and the European Economic Area (“EEA”). When they do, we will have a contract in place to make sure the recipient protects the data to the same standard as is required in the UK.

13. Your rights under applicable data protection law

You have certain rights under applicable data protection law, these rights are:

- The right to be informed about our processing of your personal data

- The right to request access to your personal data and information about how we process it

- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed (the “right to rectification”)

- The right to have your personal data deleted (the “right to be forgotten”)

- The right to restrict processing of your personal data

- The right to move, copy or transfer your personal data (“data portability”)

- The right to object to the processing of your personal data

- Rights in relation to automated decision making including profiling

You can find out more information about your rights at the Information Commissioner’s website: [www.ico.org.uk](http://www.ico.org.uk)

If you choose not to give us the personal information that we request either during an application process or during the life of an account or product, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the services needed to manage your accounts/provide your chosen products and services. It could mean that we have to cancel a product or service you have with us.

Please let us know if you are unhappy with how we have used your personal information. You can contact us at hello@tandem.co.uk or on 0203 370 0970. You also have the right to complain to the Information Commissioner’s Office who can investigate our compliance with data protection law. Find out how at www.ico.org.uk (http://www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

14. Keeping your information up to date

We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, please notify us of any changes to the personal information that you have provided to us by updating your details on the Tandem App or by contacting us at hello@tandem.co.uk or calling us on 0203 370 0970.

15. Further information

We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure.

16. Updates to this Privacy Policy

Tandem will review this Notice at least annually and as required to ensure it is inline with current legislation and industry best practice. Please check back each time you provide additional personal information to us.

This Privacy Policy was last updated on: 14 January 2022

Heading

General Introduction

This privacy notice is issued on behalf of the Tandem Group (“we”, “us” and “our”) and our subsidiary companies trading as ‘Tandem’, ‘Oplo’, ‘Allium Money’ and ‘GDFC’.

The Group consists of:

  • Allium Lending Group Limited (Company Registration Number 10028311)
  • Allium Money Limited (Company Registration Number 10977963)
  • GDFC Assets Limited (Company Registration Number 08272354)
  • GDFC Services Plc (Company Registration 08271985)
  • Oplo Group Limited (Company Registration Number 05438114)
  • Tandem Bank Limited (Company Registration Number 00955491)
  • Tandem Home Loans Limited (Company Registration Number 05667257)
  • Tandem Money Limited (Company Registration Number 08628614)
  • Tandem Motor Finance Limited (Company Registration Number 07213812)
  • Tandem Personal Loans Limited (Company Registration Number 08457740)

Tandem Bank Ltd is responsible for the Tandem website www.tandem.co.uk

If you apply for a product with us, use our services, or apply for employment with us, Tandem Money Ltd is the Controller responsible for the fair and lawful use of your personal data.

This privacy notice will inform you as to how we collect and process your personal data. It will also tell you about your privacy rights and explain how the law protects you. Your personal data will be shared within the Group as described above.

Data Controller Information & Our Contact Details

Tandem Money Ltd is registered with the Information Commissioners Office (“ICO”) under reference ZA119928

As the lead entity for the Tandem Group, Tandem Money Ltd has implemented a Data Protection governance model and control framework to ensure the fair and lawful management of all personal data processed. This framework applies to all Tandem Group subsidiary companies.

Tandem Group subsidiary companies do not process any personal data independently and do not make any decision concerning how personal data is processed.

Tandem Group trading names are as below:

  • Allium Money Limited
  • GDFC Assets Limited
  • GDFC Services Plc
  • Loop Money
  • Oplo Group Limited
  • Tandem Bank Limited
  • Tandem Home Loans Limited
  • Tandem Motor Finance Limited
  • Tandem Personal Loans Limited
  • All Tandem Group entities are registered at Viscount Court, Sir Frank Whittle Way, Blackpool, FY4 2FB.

Our telephone numbers are as follows:

  • Allium Money Limited - 0333 016 4057
  • GDFC entities – 0330 111 8098
  • Tandem Bank Limited and Tandem Money Limited - 020 3370 0970
  • Tandem Home Loans Limited – 01253 603 962
  • Tandem Home Improvement Loans – 01290 211 495
  • Tandem Motor Finance Ltd – 0191 492 191
  • Tandem Personal Loans Ltd – 01253 603 960

Data Protection Officer’s Contact Details

Our Data Protection Officer can be contacted at: dpo@tandem.co.uk.

Your Data Protection Rights

Your personal information is protected under data protection law and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection Officer should you wish to exercise these rights.  We will need to verify your identity before we can act on your request.

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations. When our relationship is over, we are still required to keep your data for certain periods. This is used for contractual and legal reasons. For example, to detect and prevent financial crime.

Object to processing of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling, or direct marketing.

Request restriction of processing of your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.

Request data portability of your personal data to you or to a third party. You have the right to receive, move, copy or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

How we collect your personal information – If you apply for a product with us or use our services

We collect Personal Data directly from you via our App, Websites, and other communications between us when you use or apply for our services. This includes:

Direct interactions.

  • Applying for our products and services.
  • Creating an account on our app.
  • Creating an account on our Website.
  • When you make transactions using our products and services.
  • Subscribing to our on-line /customer account management area
  • Contacting us via phone, email or by way of correspondence.
  • When you connect to our products and services using devices, such as computers and mobile phones, using cookies and other internet tracking software.
  • Requesting marketing to be sent to you.
  • Information you make public when you interact with our social media profiles.
  • Completing a survey; or
  • Giving us some feedback.

Automated technologies or interactions.

  • From your browsing actions and patterns when visiting our website (Collected by our Website Cookies. Please refer to the section on Cookies for more information).

Cookies

  • Cookies are very small text files that may be stored on your computer or mobile device when you visit a website or enable images/click on a link in an email. These technologies do many different things, such as letting you navigate between web pages efficiently and remembering your preferences. In emails they help us to understand whether you have opened the email and how you have interacted with it. For more information about the Cookies we use, please refer to the Cookies Policy on the website which you are accessing.
  • You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly.

We also obtain your personal information from third parties including:

  • When you apply to us for a loan via a credit broker, car dealership or retailer and they transfer your personal data to us in accordance with your agreement with them.
  • Price Comparison Websites and Aggregators.
  • Mortgage Brokers, Advisors and Clubs.
  • If another person provides your information to us when they apply to obtain a product from us jointly with you.
  • From fraud prevention agencies including Cifas, the credit industry fraud prevention agency and National Hunter.
  • From searches of credit reference agencies of their records relating to you and other people with whom you are linked financially.
  • From tracing, debt collection and recovery agents acting on our behalf.
  • From public records (e.g. sanctions lists, media, the electoral roll).
  • From the Land Registry, Registers of Court Judgements, Bankruptcy and Insolvency Register
  • If you have a credit agreement with another lender and we buy it from that lender (for example, if we buy a portfolio of credit agreements and your credit agreement is included within that portfolio).
  • From analytics providers such as Google and Facebook based outside the UK.
  • From Open Banking Services, but only with your explicit consent.
  • From credit reference agency data to provide you with Financial Fitness and Track information. By accessing the Oplo Track section of the Customer Account Management Area, a request is submitted to TransUnion under section 15 of the General Data Protection Regulation (GDPR) to obtain your credit score.
  • From credit reference agency products such as CAMEO which provides demographic profiling information.
  • From screen tracking software, which uses cookies and other technologies to collect data on users’ behaviour and their devices.

The data we collect about you – If you apply for a product with us or use our services

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, nationality, country of birth, passport information, driving licence information, national insurance numbers or other identification information.

Employment Data includes the name of your employer and contact details.

Contact Data includes address, email address, telephone numbers and records of calls, emails, text messages, social media messages and other communications between use.

Financial Data includes bank account details, salary details, assets, liabilities, details on Any dependants, income and expenditure, payment card details.

Transaction Data includes details about transactions in or out of your account including Interest accrued; if you have a loan or mortgage with us this will include payments you make and receive, details of any arrears, details of arrears charges and associated costs.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.

Profile Data includes your username and password, loan applications made, payments made by you, your financial situation, marketing preferences, feedback and survey responses.

Usage Data includes information about how you use our website, app, account, loan products and services. Along with interactions with our financial promotions. Some of this data is obtained from Internet Cookies.

Mobile Device Specific Data

Tandem App Data including but not limited to information requested from you when you register for the app and external security details for your linked accounts from the sites of external providers active on the Tandem App.

Linked Account Information, which is gathered by our Open Banking Partner, TrueLayer should you take out a Savings Product with Tandem. This includes information such as account name and type, and details of your balance and relevant transactions.

Marketing and Communications Data includes your preferences in receiving marketing from us and any third-party supplier and your communication preferences.

Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

The data we collect about you – If you are a director, owner or partner of a firm entering a relationship with us

Identity Data includes first name, maiden name, last name, username or similar identifier,  marital status, title, date of birth, gender, nationality, country of birth, passport information, driving licence information, national insurance numbers or other identification information.

How we use your personal data – If you apply for a product with us or use our services

We will only use your personal data we collect to:

  • Verify your identity, income, employment status and location before we provide you with a loan, mortgage, or account and throughout our relationship with you.
  • Assess your credit history and make credit decisions about you.
  • Assess whether the loan or mortgage applied for is affordable.
  • Prevent fraud and money laundering before we provide you with a loan, mortgage, or account and after your loan, mortgage or account has been granted. .
  • Register you as a new customer.
  • Administer your account, collect loan payments, manage any arrears, trace you and recover debts owed by you.
  • Communicate with you by telephone, email, SMS, chatbot, post or any other digital communication method. Including providing you with regulatory notices and account statements and handling any complaints you may have.
  • Meet our legal, regulatory and contractual obligations arising from any agreement you enter into with us.
  • Report positive, delinquent and default data to Credit Reference Agencies.
  • Provide and improve customer service and support. We may also use special category data, if provided, for this purpose.
  • Keep our records up to date, provide good governance, accounting, management and auditing of our business operations.
  • Undertake market research, transactional analysis, statistical analysis and system testing.
  • Administer our Website, enhance operational capabilities and for internal operations.
  • Provide you or others with information about other products and services that we offer that may be of interest to you. This may involve us sharing some personal data (for example, email address), in a secure format, with social media companies so that they can match this to personal data they already hold and so display messages to you and others about our products and services. You may decline the use of your data for this purpose. See the below section on Marketing and Opt-Out Rights.
  • To update our records.

Your data may also be used:

  • For due diligence purposes if another lender or debt purchaser was buying a portfolio of credit agreements where your credit agreement is included within the portfolio.
  • For due diligence if the Group was to be involved in a merger or acquisition.
  • Automated decisioning to assess your loan application. Please refer to the Automated Processing section for more information.

If you end your relationship with us, or if your application for a product with us is declined or you decide not to go ahead with it, your information will be retained in line with our retention schedules.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Marketing and Opt-Out Rights – If you apply for a product with us or use our services

We may send marketing to you about our products and services, and the products and services of other members of the Group (unless you have opted out of marketing, or we are prevented by law from doing so).

This may be sent by post, telephone, email, SMS and through digital channels including social media.

We may ask you from time to time for your preferred methods of contact.

It is in our legitimate interests to give you information about our products and services that you may be interested in.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

Third-party marketing – If you apply for a product with us or use our services

If we wish to pass your information to selected third parties, so that party can market their products to you, we will inform you of which company we wish to share your details with and we will ask for your consent before doing so. The only exception to this, is where we rely on our legitimate interests as the legal basis for processing/sharing the information in your personal data.

We will carefully consider and balance any possible effect this may have on you and your rights.

Data protection law also allows us to use personal information for our genuine and legitimate reasons as long as we respect your rights and freedoms.

Tandem only relies on this basis for third-party marketing when you have taken out a motor finance with us. In this instance we may pass your details to General Insurance Distribution Ltd, a Motor Insurance Product provider, recognising the marketing preferences you have selected.

Automated Processing – If you apply for a product with us or use our services

We may use automated decision-making software to underwrite your loan or mortgage.

Our automated systems include but are not limited to:

  • A credit assessment
  • Affordability assessment
  • Employment verification
  • Income verification
  • Fraud prevention and anti-money laundering databases

You have the right to request that we manually review the results of any automated decision. You can do this by contacting us at dpo@tandem.co.uk.

Changing the purpose that we collected your data – If you apply for a product with is or use our services

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Changing the purpose that we collected your data – If you are a director, owner or partner of a firm entering a relationship with us

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data – If you apply for a product with us or use our services

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract: the processing is necessary for the loan, agreement, mortgage, account or product you have with us, or because we must take specific steps before you enter into a loan, agreement or mortgage with us such as ensuring the loan is affordable.
  • Legal obligation: the processing is necessary for us to comply with the law. For example, the Consumer Credit Act, Mortgage Regulation or Money Laundering Regulation and associated laws.
  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide. 
  • Explicit consent: this relates specifically to obtaining special category data, such as information regarding your health, which we may request to understand how best to support you. We will look to obtain your explicit consent before processing this information, however we may process under legitimate interests, if seeking consent would be unreasonable or negatively impact our ability to help you. This would only be if it is necessary for reasons of substantial public interest to use your data or to protect your or another person’s vital interests. For example, we may record information about your health if it is necessary to protect your economic wellbeing or we may share information about you to the emergency services if it is crucial to save either your or another person’s life and you are unable to consent.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. 

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. 

Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example for marketing or to pass your information to named third parties for the purposes of marketing to you by electronic means. 

Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. Where the legal basis is ‘legitimate interests’ a further explanation will be provided in italics.

Purpose/Activity

Lawful basis for processing

Verify your identity and account information before we provide you with a Savings account or product.

Contract
Our Legitimate Interests. 
Legal Obligation.
Ensuring we act responsibly and meet legal requirements.

Verify your identity, income and employment status before we provide you with a loan or mortgage and throughout our relationship with you.

Contract
Our Legitimate Interests. 
Legal Obligation to verify identity.
Ensuring we act as a responsible lender.Deciding whether we can offer you the product that you have applied for and to evaluate any security where applicable.

Assess your credit history and make credit decisions about you and assessing whether the loan or mortgage applied for is affordable.

Contract
Our Legitimate Interests. 
Ensuring we act as a responsible lender.Assessing whether you are likely to repay the loan (our credit risk) or mortgage and whether the loan or mortgage is affordable.

Prevent fraud and money laundering before we provide you with a product.

Legal Obligation.
Our Legitimate Interests. 
Ensuring we act as a responsibly to prevent fraud and comply with laws and regulations.Ensuring we can enforce our rights in respect of any security against a property.

Register you as a new customer.

Contract.

Administer your account, collect contractual payments, manage any arrears, trace you and recover debts owed by you.

Contract
Our Legitimate Interests. 

Communicate with you by telephone, email, SMS, chatbot post or any other digital communication method. Including providing you with regulatory notices and account statements and handling any complaints you may have.

Contract.
Legal Obligation.
Our Legitimate Interests. 
Keeping our records updated and recovering debts due to us.

Meet our legal, regulatory and contractual obligations arising from any agreement you enter into with us.

Contract.
Legal Obligation.

Report positive, delinquent and default data to Credit Reference Agencies.

Our Legitimate Interests.
To ensure that we comply with the Principles of Reciprocity (data sharing rules) which relate to Credit Reference Agencies. 

Provide and improve customer service and support. We may also use special category data, if provided, for this purpose. 

Contract.
Our Legitimate Interests.
Explicit Consent (as required for the recording of special category data).
To improve customer service and support. Special category data, particularly in relation to health, may be used here to help provide tailed service for vulnerable customers.

Keep our records up to date, provide good governance, accounting, management, and auditing of our business operations.

Our Legitimate Interests.
Running our business in an efficient and compliant way.

Administer our Website, App, enhance operational capabilities and for internal operations.

Our Legitimate Interests.
Measuring our operations and performance. Running our business in an efficient and compliant way.

Provide you with information about other products and services that we offer that may be of interest to you.

Our Legitimate Interests.
To provide you with information about our products and services that you may be interested in and to grow our business.

So, we can display messages to you and others about our products and services on social media.

Our Legitimate Interests.
To provide you and others information about our products and services that you may be interested in and to grow our business.

For due diligence purposes if another lender or debt purchaser was buying a portfolio of credit agreements where your credit agreement is included within the portfolio.

Our Legitimate Interests.
Running our business in an efficient way.

For due diligence if the Group was to be involved in a merger or acquisition.

Our Legitimate Interests.
Deciding whether we wish to proceed with the merger or acquisition.

Automated decisioning to assess your loan or mortgage application.

Contract.
Our Legitimate Interests.
Deciding whether we can offer you the product that you have applied for and to evaluate any security where applicable.
Efficiency and quick service.

Who we may share your Personal Data with – If you apply for a product with us or use our services

We may share your personal information with:

  • All entities belonging to the Group.
  • Service providers acting as processors who provide data hosting, data storage, electronic messaging services, printing services, call recording services and system administration services.
  • Service providers acting as processors who provide outsourced services such as call centre activity, customer service, marketing, credit score information, behaviour analysis, market research, speech analytics, income verification and affordability checks and business support services such as the collection of arrears or financial advice.
  • Our Open Banking Partners, TrueLayer and Consents Online Ltd, and other banks for payment, aggregation and verification of ownership of the current account you link to your Tandem account (dependent on the product taken out).
  • Retailers and Credit Brokers who have introduced you as a customer to us or are providing you with a product or service from our Tandem choices marketplace.
  • Social media companies (in a secure format), so they can display messages to you and others about our products and services.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, debt recovery services, tracing agents, repossession agents, insurance and accounting services.
  • HM Revenue & Customs, Regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Cifas, a fraud prevention agency and National Hunter based in the United Kingdom who provide fraud prevention services and who we also report to.  
  • Know Your Customer (KYC) and cyber security providers.
  • Customer satisfaction survey administrators and Market Research companies assisting us to improve our products or service delivery.
  • Motor Insurance Product provider, General Insurance Distribution Ltd if you take out a motor finance loan with us.
  • Any other parties connected to your account such as guarantors, joint account holders, power of attorney etc.
  • Third parties to which we transfer, charge or assign your agreement.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Public authorities, Law enforcement agencies, government, or regulatory bodies where we are required to do so by law.
  • Credit Reference Agencies.
  • Anyone else where we have your consent or where it is required by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will make sure that anyone acting on our behalf only uses your personal data in line with our instructions and that they keep the data safe. We won’t share or give your personal information to external companies for their own marketing purposes.

Credit Reference Agencies – If you apply for a product with us or use our services

To process your loan or mortgage application, we will perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

We will also continue to exchange information about you with credit reference agencies while you are our customer. This includes informing the Credit Reference Agencies if you borrow and do not repay in full and on time. Credit Reference Agencies will record the outstanding debt.

We also inform the Credit Reference Agencies about your settled accounts.

The credit reference agencies may in turn share your personal data with other organisations, which those organisations may use to make decisions about you.

Examples of circumstances when your information may be shared include the following.

  • Verifying the accuracy of the data you have provided us.
  • Making credit and affordability assessments to decide whether to accept your application.
  • Checking your identity details.
  • Preventing criminal activity, fraud and money laundering.
  • Tracing your address so that we can continue to contact you about any existing or previous products you held with us, as well as recovering debts that you owe.
  • Understanding your financial position. This includes the amount you borrow and your payment history, including any payment arrangements.

Ensuring any offers provided to you are appropriate to your circumstances.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders. Our initial search may be a ‘soft footprint’ which cannot be seen by other lenders but if you proceed to take out a loan with us this footprint will be visible to others who search your credit record.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before applying for a loan with us.

Credit Reference Agencies will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the Credit Reference Agencies to break that link.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

Fraud prevention agencies – If you apply for a product with us or use our services

The personal information we have collected from you will be shared with fraud prevention agencies to help us make credit related decisions. Fraud prevention agencies can hold your personal data for different periods of time.

We may also share your personal data with law enforcement agencies to detect, investigate and prevent crime. If fraud is detected, we may refuse to provide the loan you have requested, or we may stop providing our service to you.

A record of any fraud will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your personal data for different periods of time.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting Cifas at www.cifas.co.uk and National Hunter at www.nhunter.co.uk.

Third-Party Links – If you apply for a product with us or use our services

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information – If you apply for employment - as part of the recruitment process

We collect Personal Data directly from you via our Websites, via third party recruitment websites, recruitment agencies or head-hunters if you apply for employment with the Group.

We also obtain your personal information from third parties including: If you apply for employment - as part of the recruitment process

With your consent:

  • From fraud prevention agencies including Cifas, the Fraud Prevention Agency.
  • From searches of credit reference agencies of their records relating to you and other people with whom you are linked financially.
  • From public records (e.g. sanctions list, media, the electoral roll).
  • From the Land Registry, Registers of Court Judgements, Bankruptcies.
  • Disclosure & Barring Service (DBS).
  • Your named referees.

The data we collect about you – If you apply for employment – as part of the Recruitment process

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect different kinds of personal data about you listed below:

  • Any data you have provided to us as part of the application and interview process including information contained in your curriculum vitae (CV) such as your name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, nationality, profession, professional memberships, educational achievements, and computer skills.
  • Right to work documentation.
  • Copies of evidence provided to us for proof of your home address.
  • Any personal data provided to us about you from your referees.
  • Any personal data provided to us about you by a third party which you have given us consent to gain such as Disclosure and Baring Service and Credit Check. This may include details of any criminal convictions and offences (if applicable) and credit rating and history information.
  • Any personal information in relation to a disability where reasonable adjustment needs to be made during the recruitment process or thereafter.

How we use your personal data – If you apply for employment – as part of the Recruitment process

We will only use your personal information we collect to:

  • Assess your skills, qualifications, and suitability to make a decision about your recruitment or appointment
  • Checking you are legally entitled to work in the UK
  • Carry out background and reference checks, including credit reference agency and Disclosure and Barring Service checks (with your consent).
  • Communicate with you by telephone, email, SMS or post about the recruitment process
  • Keep records related to our hiring processes
  • Comply with legal and regulatory requirements

Your data may also be used:

  • For due diligence if the Group was to be involved in a merger or acquisition.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

If you fail to provide certain information when requested, which is necessary for us to consider your application (such as evidence of qualifications, work history, proof of address, identification), we may not be able to process your application further. For example, if we require to apply for a DBS certificate and you fail to provide us with relevant details, we will not be able to take your application further.

Marketing and Opt-Out Rights – If you apply for employment – as part of the Recruitment process

We will not send marketing to you about our products and services, and the products and services of other members of the Group.

Automated Processing– If you apply for employment – as part of the Recruitment process

We do not use automated decision-making software to assess your suitability for employment.

Changing the purpose that we collected your data – If you apply for employment - as part of the recruitment process

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data – If you apply for employment – as part of the recruitment process

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract: the processing is necessary before entering into an employment contract.
  • Legal obligation: the processing is necessary to comply with employment legislation and to meet regulatory requirements.
  • Consent: To obtain Disclosure & Barring Service checks or a credit check.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to refuse your application, but we will notify you if this is the case at the time depending on the stage of your employment application.

Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your Personal Data with – If you apply for employment – as part of the recruitment process

We may share your personal information with:

  • Service providers acting as processors based in the UK who provide a credit reference check, criminal records check, employment agency/recruitment services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.
  • Credit Reference Agencies

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Credit Reference Agencies - If you apply for employment – as part of the recruitment process

With your consent we may perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

  • Verifying the accuracy of the data you have provided us.
  • To review your credit history as part of our suitability for employment assessment.
  • Checking your identity details.
  • Preventing criminal activity, fraud and money laundering.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other firms. However, we will perform a ‘soft footprint’ which cannot be seen by other firms.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

Third-Party Links - If you apply for employment – as part of the recruitment process

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information – If you are a director, owner or partner of a firm entering a relationship with us

We collect Personal Data directly from you via due diligence forms and other communications between us.

How we use your personal data – If you are director, owner or partner of a firm entering a relationship with us

We will only use your personal data we collect to:

  • Verify your identity before we enter a relationship with you and throughout our relationship with you.
  • Assess your credit history (depending on the nature of the relationship).
  • Prevent fraud and money laundering.
  • Meet our legal, regulatory, and contractual obligations arising from any agreement you enter with us.
  • To update our records.

Your data may also be used:

  • For due diligence if the Group was to be involved in a merger or acquisition.

If your relationship with us ends, your information will be retained in line with our retention schedules.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Marketing and Opt-Out Rights – If you are director, owner or partner of a firm entering a relationship with us

We may send marketing to you about our products and services, and the products and services of other members of the Group (unless you have opted out of marketing, or we are prevented by law from doing so).

This may be sent by post, telephone, email, SMS and through digital channels including social media.

We may ask you from time to time for your preferred methods of contact.

It is in our legitimate interests to give you information about our products and services that you may be interested in.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

Automated Processing– If you are a director, owner or partner of a firm entering a relationship with us

We do not use automated decision-making software as part of the onboarding process.

Changing the purpose that we collected your data – If you are a director, owner or partner of a firm entering a relationship with us

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data – If you are a director, owner or partner of a firm entering a relationship with us

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract: the processing is necessary before entering into a contract.
  • Legal obligation: the processing is necessary to comply with legislation and to meet regulatory requirements.
  • Consent: To obtain a credit check.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter with you.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your Personal Data with – If you are a director, owner or partner of a firm entering a relationship with us

We may share your personal information with:

  • Service providers acting as processors based in the UK who provide credit reference check, and identity checks.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.
  • Credit Reference Agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Credit Reference Agencies - If you are a director, owner or partner of a firm entering a relationship with us

With your consent we may perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

Verifying the accuracy of the data you have provided us.

  • To review your credit history as part of our suitability for employment assessment.
  • Checking your identity details.
  • Preventing criminal activity, fraud and money laundering.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other firms. However, we will perform a ‘soft footprint’ which cannot be seen by other firms.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

Third-Party Links – If you are a director, owner or partner of a firm entering a relationship with us

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information – If you sign-up to our Newsletter

We collect Personal Data directly from you via our Newsletter sign-up form.

How we use your personal data – If you sign-up to our Newsletter

We will only use your personal data we collect to:

  • Send you our Newsletter regarding greener choices products and services.

Marketing and Opt-Out Rights – If you sign-up to our Newsletter

We will not send direct marketing to you about our products and services, and the products and services of other members of the Group. However, the Newsletter will contain information regarding greener choices products and services.

You can opt-out of the Newsletter by clicking unsubscribe on the Newsletter or contacting us.

Automated Processing– If you sign-up to our Newsletter

We do not use automated decision-making software when sending our Newsletter.

Changing the purpose that we collected your data – If you sign-up to our Newsletter

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data – If you sign-up to our Newsletter

We must have a legal basis (lawful reason) to process your personal data. In this case the legal basis is Consent.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your Personal Data with – If you sign-up to our Newsletter

We may share your personal information with:

  • Service providers acting as processors based in the UK who provide mailing services or software.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Third-Party Links - If you sign-up to our Newsletter

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we collect your personal information – If you enquire about our preferred suppliers within our Marketplace

We collect Personal Data directly from you when you enquire about our preferred suppliers within our Marketplace.

How we use your personal data – If you enquire about our preferred suppliers within our Marketplace

We will use the personal data we collect to:

  • Provide you with information from our preferred suppliers about their products. This means we will pass your details on to the suppliers you have selected.
  • To provide you with information about our products and services.

Marketing and Opt-Out Rights – If you enquire about our preferred suppliers within our Marketplace

We will send direct marketing to you about our products and services, and the products and services of other members of the Group.

You will also receive direct marketing from the suppliers you have selected.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

Automated Processing– If you enquire about our preferred suppliers within our Marketplace

We do not use automated decision-making software when to provide you with direct marketing.

Changing the purpose that we collected your data – If you enquire about our preferred suppliers within our Marketplace

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our Legal Basis for using your personal data – If you enquire about our preferred suppliers within our Marketplace

We must have a legal basis (lawful reason) to process your personal data. In this case the legal basis is Consent.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

Who we may share your Personal Data with – If you enquire about our preferred suppliers within our Marketplace

We may share your personal information with:

  • Our preferred suppliers about their products, as selected by you.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Third-Party Links - If you enquire about our preferred suppliers within our Marketplace

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Transferring your data abroad

Where possible we try to restrict data transfers to the UK only. We will only transfer your personal data outside the UK if the organisation we are sharing data with operates in an equivalent jurisdiction i.e. The country applies equivalent levels of protection as the UK. In these circumstances, we will have a contract in place to make sure the recipient protects the data to the same standard as is required in the UK. We will not transfer your data outside of the UK if you apply for employment or as part of the recruitment process.

If fraud prevention agencies transfer your personal data outside of the European Economic Area (EEA), they impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the EEA. They may also require the recipient to subscribe to ‘internal frameworks’ intended to enable secure data sharing.

Keeping your information accurate

It is important that the personal data we hold about you is accurate and current.

Please keep us informed of any changes during your relationship with us.  

If you apply for a product with us or use our service this should include any change of address, telephone numbers and name changes.

If your information changes as part of the employment application process this should include contact details, and name changes.

Retention of your information

The length of time we retain your information is determined by the purpose for which we use that information and our obligations under laws and regulation. We do not retain personal information in an identifiable format for longer than necessary.

Personal data relating to product and services will in most cases be kept for a period of 6 years once our relationship with you comes to an end. This period may be reduced depending on the nature of the data, the purpose it was obtained and legal/regulatory requirements.

We may keep your data for longer if we cannot delete it for legal or regulatory reasons.

Employment application data will be retained for a period of 1 year after your last application date if you are unsuccessful. This is so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

If you become an employee, we will retain your data for the period of your employment and for a period following the end of employment sufficient to meet our legal or legitimate interests. Further details can be found in our employee privacy notice and data retention policy.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This data may be shared and used in all the ways described in this notice.

In certain circumstances you can ask us to delete your data: see the Data Protection Rights section for further information.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you of any breaches where we are legally required to do so.

How we monitor your communications

Subject to applicable laws, we will monitor and record calls, emails, text messages, social media messages and other communications. We will do this for the purposes of complying with applicable laws and regulations and our own internal policies and procedures, to prevent or detect crime, and for quality control and staff training purposes.

Complaints

If you have any questions about how we treat your personal data and protect your privacy, please email dpo@tandem.co.uk or call us on one of the numbers below.

Tandem Bank Limited and Tandem Money Limited - 020 3370 0970

Tandem Home Loans Limited – 01253 603 950

Oplo PL Ltd – 01253 603 952

Tandem Motor Finance Ltd – 0191 492 1919

Allium Money Limited and GDFC entities - 0333 016 4057

You also have the right to make a complaint to the Information Commissioner's Office (ICO) https://ico.org.uk/make-a-complaint/ or call 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Changes to this Privacy Notice

The Data Controller reserves the right to make changes to this Privacy Notice at any time. This version was last updated on 19/08/22. Historic versions can be obtained by contacting us at dpo@tandem.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing). Unless states otherwise the current privacy notice applies to all Personal data held by the Data Controller.