In this Privacy Policy references to “us”, “our”, “we”, or “Tandem” are to Tandem Bank Limited and Tandem Money Limited.
Tandem Bank Limited is a company registered in England and Wales (company registration number 00955491) with its registered office address at Hogarth House, 136 High Holborn London, WC1V 6PX. Tandem Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 204479.
Tandem Money Limited is a company registered in England and Wales (company number 08628614) whose registered office is at Hogarth House, 136 High Holborn London, WC1V 6PX. Tandem Money Limited is authorised and regulated by the Financial Conduct Authority under registration number 684908.
Tandem acts as data controller in respect of your personal information that we process.
If you have any questions about how we collect, store or use your information, please contact us on 0203 370 0970 or at hello@tandem.co.uk.
We will collect personal information like your name, address and date of birth when you apply for, or use any of our products or services. We will also collect data from your use of our website and app. The type of information that we collect from you will depend on your relationship with us:
- Information requested from you when you make an application for one of our products or services (including, but not limited to name, postal address, telephone number, email address, date of birth, nationality, country of birth, employment details) or at any time about your personal and financial circumstances or which we gather about you from the way you use and manage any account which we open for you.
- Details of any transactions in or out of the account including interest accrual.
- We will keep details and records of when you contact us and we contact you, like calls, emails, text messages, social media messages or other communications.
- User interactions and log data when you use our website(s) and app and click on our adverts on other websites (see information on cookies on our website).
- Mobile device specific data.
- Information we receive about you from third parties, such as credit reference or fraud protection agencies.
- Information requested from you when you register for the Tandem app including, but not limited to external security details for your linked accounts from the sites of external providers active on the Tandem App.
- Information gathered regarding your linked account, which is gathered by our Open Banking partner, TrueLayer. This includes information such as account name and type, and details of your balance and relevant transactions
- Information requested from you which is required to complete a switching process via the Tandem App.
- Information that is publicly available.
- Information from social media sites.
Please note that your external security details will be stored on a third party secure server and not on your mobile phone. Your external security details will be encrypted when stored and encrypted when data is transmitted – we will never see or have access to your external security details.
We may need to process more sensitive data which data protection law categorises as Special Category Data. This could include:
- Racial or ethnic origin
- Political opinion
- Religious or philosophical beliefs
- Trade Union membership
- Genetic or biometric data
- Data concerning your health
- Criminal records of convictions and offences
- Allegations of criminal offences
- Sexual orientation
We will only process Special Category Data if the law allows us to do so. The lawful bases we most commonly rely on are:
1. We have your explicit consent to use your data. We may look to record any information provided concerning your health so that we understand how best to support you and service your account. For example, if you are vulnerable in any way.
2. It is necessary for reasons of substantial public interest to use your data. For example, we may record information about your health if it's necessary to protect your economic well-being, if you're at risk, and seeking consent would be unreasonable or negatively impact our ability to help you.
3. It is necessary to protect your or another person's vital interests. We may share information about you to the emergency services if it is crucial to save either your or another's life and you are unable to consent.
We collect information from you:
- When you apply for our products and services via our websites or our app;
- When you talk to us on the phone, over email, by letter, via chat or social media;
- When you make transactions using our products and services; and
- When you connect to our products and services using devices, such as computers and mobile phones, using cookies and other internet tracking software.
Data protection law says that we are allowed to use personal information only if we have a proper reason to do so. We’ll process your personal data under a legal basis and for the following purposes:
- As necessary to perform our contract with you for the relevant account, product or service:
- To take steps at your request before entering into the contract;
- To decide whether to enter into a contract with you;
- To manage and perform that contract;
- To keep our records up to date; and
- To trace your whereabouts to contact you about your account and recovering money that is owed to us.
We will also process personal data as necessary for our own legitimate interests, that is when we have a business or commercial reason to use your information, for example:
- For good governance, accounting and managing and auditing our business operations;
- To keep our records up to date;
- Working out which of our products and services may be of interest to you;
- To search credit reference agencies if you apply to borrow for a mortgage;
- To monitor emails, calls other communications and activities on your account;
- For market research, analysis and developing statistics; and
- To send you marketing communications.
We are also required to process personal data as necessary to comply with a legal obligation, for example:
- To comply with our legal and regulatory requirements and related disclosures e.g. where we have specific security obligations, such as two factor authentication, we will process your personal data, in order to authenticate your transaction.
- To establish and defend our legal rights;
- For activities relating to the prevention, detection and investigation of crime;
- To verify your identity, make credit, fraud prevention and anti-money laundering checks;
- To monitor emails, calls and other communications and activities on your account.
Personal data is also processed based on your consent, for example:
- When we process any special categories of personal data about you at your request (e.g. information concerning your health);
- To send you marketing communications where we’ve asked for your consent to do so. You’re free to withdraw your consent at any time, however this will mean that we will not be able to do certain things for you.
We will use the personal information we hold about you, and data from the technology/devices you use to access your account(s) to:
- Provide, manage and develop our products and services;
- Understand your preferences and advise you about our other products and services;
- Undertake market research, transactional analysis, statistical analysis and system testing;
- Update our records;
- Recover debt;
- Confirm your identity and location; and
- Prevent and investigate fraud, money laundering and other crimes. If we believe that you have tax obligations in another country, we may disclose personal information of yours with those tax authorities, or with HM Revenue and Customs, who may share the information with the other tax authorities. We may search, use and share the records held by domestic and international credit reference agencies and fraud prevention agencies, as well as our own internal records to confirm your identity and prevent fraud or money laundering
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you.
Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting [Cifas] at www.cifas.org.uk and [National Hunter] at www.nhunter.co.uk.
If you have any questions, or wish to find out more about the fraud prevention agencies we use, please call our customer services number on: 020 3370 0970.
We disclose your information to the third parties listed below for the purposes described in this Privacy Policy. You can contact us for details of specific disclosures made in respect of your information:
- Third parties acting on our behalf, including our service providers and agents who help us manage your products and services, for example our customer service partners and the companies which print any paper statements or notices;
- Our Open Banking partner, TrueLayer, and other banks for payment, aggregation and verification of ownership of the current account you link to your Tandem account;
- Fraud prevention agencies;
- Credit referencing agencies, specifically TransUnion - https://www.transunion.co.uk/crain;
- Know your Customer (KYC) and cyber security providers;
- Relevant government bodies, authorities and regulatory bodies in order to comply with our regulatory and reporting obligations;
- IT providers/hosted IT solution providers to enable us to provide our products and services to you;
- Debt collection agencies in the event we need to collect arrears from you;
- Other service providers via a shared, secured database for income verification and affordability checks and to manage/collect arrears;
- Our professional advisors (lawyers, accountants and consultants);
- Any other parties connected with your account e.g. guarantors and joint account holders;
- Market research companies to assist us in improving our product or service delivery;
- Any third party who is restructuring, selling or acquiring our assets, as long as that party uses the personal information in accordance with the terms of any agreements between you and us; and
- Anyone else where we have your consent or where it is required by law. We will make sure that anyone acting on our behalf only uses your personal information in line with our instructions and that they keep the data safe. We won’t share or give your personal information to external companies for their own marketing purposes.
We may also use your personal information to provide you with information about products or services which may be of interest to you where you have provided your consent for us to do so.
We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to unsubscribe from marketing emails sent by us, you may do so at any time by clicking on the “unsubscribe” link that appears in all emails. Otherwise you can always contact us at hello@tandem.co.uk or on 0203 370 0970 to update your contact preferences. Emails required to service your existing products will not be turned off by unsubscribing to marketing activities.
Your personal data may be converted into statistical or aggregated data which cannot be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.
We only keep personal information for as long as reasonably necessary to fulfil the relevant purposes described in this Privacy Policy and in order to comply with our legal and regulatory obligations.
After you stop being a customer, we may keep your data for up to 7 years for one of these reasons:
- To maintain records according to laws and regulations that apply to us
- To show that we treated you fairly
- To respond to any questions or complaints
We may keep your data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. Fraud prevention agencies can hold your personal data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years.
Some of our suppliers who process your data in accordance with this Privacy Policy may be outside the UK and the European Economic Area (“EEA”). When they do, we will have a contract in place to make sure the recipient protects the data to the same standard as is required in the UK.
You have certain rights under applicable data protection law, these rights are:
- The right to be informed about our processing of your personal data
- The right to request access to your personal data and information about how we process it
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed (the “right to rectification”)
- The right to have your personal data deleted (the “right to be forgotten”)
- The right to restrict processing of your personal data
- The right to move, copy or transfer your personal data (“data portability”)
- The right to object to the processing of your personal data
- Rights in relation to automated decision making including profiling
You can find out more information about your rights at the Information Commissioner’s website: [www.ico.org.uk](http://www.ico.org.uk)
If you choose not to give us the personal information that we request either during an application process or during the life of an account or product, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the services needed to manage your accounts/provide your chosen products and services. It could mean that we have to cancel a product or service you have with us.
Please let us know if you are unhappy with how we have used your personal information. You can contact us at hello@tandem.co.uk or on 0203 370 0970. You also have the right to complain to the Information Commissioner’s Office who can investigate our compliance with data protection law. Find out how at www.ico.org.uk (http://www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, please notify us of any changes to the personal information that you have provided to us by updating your details on the Tandem App or by contacting us at hello@tandem.co.uk or calling us on 0203 370 0970.
We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure.
Tandem will review this Notice at least annually and as required to ensure it is inline with current legislation and industry best practice. Please check back each time you provide additional personal information to us.
This Privacy Policy was last updated on: 14 January 2022