Privacy Policy - Oplo

Privacy Policy

Home > Privacy Policy

General Introduction

This privacy notice is issued on behalf of the Tandem Group (“we”, “us” and “our”) and our companies trading as ‘Tandem’, ‘Oplo’, ‘Allium Money’ and ‘GDFC’.

The Group consists of:

  • Tandem Bank Limited (Company Registration Number 00955491)
  • Tandem Money Limited (Company Registration Number 08628614)
  • Tandem Motor Finance Limited (Company Registration Number 07213812)
  • Oplo HL Limited (Company Registration Number 05667257)
  • Oplo PL Limited (Company Registration Number 08457740)
  • Oplo Group Limited (Company Registration Number 05438114)
  • Allium Money Limited (Company Registration Number 10977963)
  • Allium Lending Group Limited (Company Registration Number 10028311)
  • GDFC Services Plc (Company Registration 08271985)
  • GDFC Assets Limited (Company Registration Number 08272354)

Tandem Bank Ltd is responsible for the Tandem website www.tandem.co.uk.

Oplo Group Ltd is responsible for the Oplo Website www.myoplo.co.uk.

Allium Money Ltd is responsible for the Allium Money website www.alliummoney.co.uk.

If you apply for a product with us or use our services, one of the above listed entities will operate as controller for your data, as detailed within the relevant product Terms & Conditions.

If you apply for employment with us Tandem Money Ltd is the data controller responsible for your data.

The Group respects your privacy and is committed to protecting your personal data.

This privacy notice will inform you as to how we collect and process your personal data when you apply for a product with us, use our services or apply for employment and it will tell you about your privacy rights and explain how the law protects you. By providing your data to one of the legal entities above, your data will be shared with the Group as described above.

Tandem Group companies are registered with the Information Commissioners Officer (ICO) as Data Controllers with the following details:

  • Tandem Bank Limited – ICO Registration Number Z5753656
  • Tandem Money Limited – ICO Registration Number ZA119928
  • Tandem Motor Finance Limited – ICO Registration Number Z3274560
  • Oplo Group Limited – ICO Registration Number ZA011770
  • Oplo HL Limited – ICO Registration Number Z1245955
  • Oplo PL Limited – ICO Registration Number ZA006742
  • Allium Money Limited – ICO Registration Number ZA444371
  • GDFC Services Plc – ICO Registration Number Z3467119
  • GDFC Assets Limited – ICO Registration Number Z3520390

Tandem Bank Limited, Tandem Money Limited, GDFC Services Plc, GDFC Assets Ltd and Allium Money Limited are registered at Viscount Court, Sir Frank Whittle Way, Blackpool, Lancashire FY4 2FB.

The registered address for Oplo Group Ltd, Oplo HL Ltd and Oplo PL Ltd is Viscount Court, Sir Frank Whittle Way, Blackpool, FY4 2FB.

Our telephone numbers are as follows:

  • Tandem Bank Limited and Tandem Money Limited - 020 3370 0970
  • Tandem Motor Finance Ltd – 0191 492 1919
  • Oplo HL Ltd – 01253 603 950
  • Oplo PL Ltd – 01253 603 952
  • Allium Money Limited and GDFC entities - 0333 016 4057

Data Protection Officer’s Contact Details

Our Data Protection Officer for the Group is Steve Peacock. You can contact him at: dpo@tandem.co.uk.

Your personal information is protected under data protection law and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection Officer should you wish to exercise these rights.  We will need to verify your identity before we can act on your request.

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations. When our relationship is over, we are still required to keep your data for certain periods. This is used for contractual and legal reasons. For example, to detect and prevent financial crime.

Object to processing of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling, or direct marketing.

Request restriction of processing of your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.

Request data portability of your personal data to you or to a third party. You have the right to receive, move, copy or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, nationality, country of birth, passport information, driving licence information, national insurance numbers or other identification information.

Employment Data includes the name of your employer and contact details.

Contact Data includes address, email address, telephone numbers and records of calls, emails, text messages, social media messages and other communications between use.

Financial Data includes bank account details, salary details, assets, liabilities, details on Any dependants, income and expenditure, payment card details.

Transaction Data includes details about transactions in or out of your account including Interest accrued; if you have a loan or mortgage with us this will include payments you make and receive, details of any arrears, details of arrears charges and associated costs.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.

Profile Data includes your username and password, loan applications made, payments made by you, your financial situation, marketing preferences, feedback and survey responses.

Usage Data includes information about how you use our website, app, account, loan products and services. Along with interactions with our financial promotions. Some of this data is obtained from Internet Cookies.

Mobile Device Specific Data

Tandem App Data including but not limited to information requested from you when you register for the app and external security details for your linked accounts from the sites of external providers active on the Tandem App.

Linked Account Information, which is gathered by our Open Banking Partner, TrueLayer should you take out a Savings Product with Tandem. This includes information such as account name and type, and details of your balance and relevant transactions.

Marketing and Communications Data includes your preferences in receiving marketing from us and any third-party supplier and your communication preferences.

Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

The data we collect about you – If you are a director, owner or partner of a firm entering a relationship with us

Identity Data includes first name, maiden name, last name, username or similar identifier,  marital status, title, date of birth, gender, nationality, country of birth, passport information, driving licence information, national insurance numbers or other identification information.

We will only use your personal data we collect to:

  • Verify your identity, income, employment status and location before we provide you with a loan, mortgage, or account and throughout our relationship with you.
  • Assess your credit history and make credit decisions about you.
  • Assess whether the loan or mortgage applied for is affordable.
  • Prevent fraud and money laundering before we provide you with a loan, mortgage, or account and after your loan, mortgage or account has been granted.
  • Register you as a new customer.
  • Administer your account, collect loan payments, manage any arrears, trace you and recover debts owed by you.
  • Communicate with you by telephone, email, SMS, chatbot, post or any other digital communication method. Including providing you with regulatory notices and account statements and handling any complaints you may have.
  • Meet our legal, regulatory and contractual obligations arising from any agreement you enter into with us.
  • Report positive, delinquent and default data to Credit Reference Agencies.
  • Provide and improve customer service and support. We may also use special category data, if provided, for this purpose.
  • Keep our records up to date, provide good governance, accounting, management and auditing of our business operations.
  • Undertake market research, transactional analysis, statistical analysis and system testing.
  • Administer our Website, enhance operational capabilities and for internal operations.
  • Provide you or others with information about other products and services that we offer that may be of interest to you. This may involve us sharing some personal data (for example, email address), in a secure format, with social media companies so that they can match this to personal data they already hold and so display messages to you and others about our products and services. You may decline the use of your data for this purpose. See the below section on Marketing and Opt-Out Rights.
  • To update our records.

Your data may also be used:

  • For due diligence purposes if another lender or debt purchaser was buying a portfolio of credit agreements where your credit agreement is included within the portfolio.
  • For due diligence if the Group was to be involved in a merger or acquisition.
  • Automated decisioning to assess your loan application. Please refer to the Automated Processing section for more information.

If you end your relationship with us, or if your application for a product with us is declined or you decide not to go ahead with it, your information will be retained in line with our retention schedules.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

We may send marketing to you about our products and services, and the products and services of other members of the Group (unless you have opted out of marketing, or we are prevented by law from doing so).

This may be sent by post, telephone, email, SMS and through digital channels including social media.

We may ask you from time to time for your preferred methods of contact.

It is in our legitimate interests to give you information about our products and services that you may be interested in.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

If we wish to pass your information to selected third parties, so that party can market their products to you, we will inform you of which company we wish to share your details with and we will ask for your consent before doing so.

You can ask us or any third parties to stop sending you marketing messages at any time by emailing us at preferences@tandem.co.uk and confirming what you want us to do.

Where you opt out of receiving these marketing messages, this will only apply to marketing preferences and not how we communicate to you in respect of any current product you may have with us.

Automated Processing – If you apply for a product with us or use our services

We may use automated decision-making software to underwrite your loan or mortgage.

Our automated systems include but are not limited to:

  • A credit assessment
  • Affordability assessment
  • Employment verification
  • Income verification
  • Fraud prevention and anti-money laundering databases

You have the right to request that we manually review the results of any automated decision. You can do this by contacting us at dpo@tandem.co.uk.

Changing the purpose that we collected your data – If you apply for a product with is or use our services

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Changing the purpose that we collected your data – If you are a director, owner or partner of a firm entering a relationship with us

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract: the processing is necessary for the loan, agreement, mortgage, account or product you have with us, or because we must take specific steps before you enter into a loan, agreement or mortgage with us such as ensuring the loan is affordable.
  • Legal obligation: the processing is necessary for us to comply with the law. For example, the Consumer Credit Act, Mortgage Regulation or Money Laundering Regulation and associated laws.
  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide.
  • Explicit consent: this relates specifically to obtaining special category data, such as information regarding your health, which we may request to understand how best to support you. We will look to obtain your explicit consent before processing this information, however we may process under legitimate interests, if seeking consent would be unreasonable or negatively impact our ability to help you. This would only be if it is necessary for reasons of substantial public interest to use your data or to protect your or another person’s vital interests. For example, we may record information about your health if it is necessary to protect your economic wellbeing or we may share information about you to the emergency services if it is crucial to save either your or another person’s life and you are unable to consent.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example for marketing or to pass your information to named third parties for the purposes of marketing to you by electronic means.

Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. Where the legal basis is ‘legitimate interests’ a further explanation will be provided in italics.

Purpose/Activity Lawful basis for processing
Verify your identity and account information before we provide you with a Savings account or product. Contract.

Our Legitimate Interests.

Legal Obligation.

Ensuring we act responsibly and meet legal requirements.

Verify your identity, income and employment status before we provide you with a loan or mortgage and throughout our relationship with you. Contract.

Our Legitimate Interests.

Legal Obligation to verify identity.

 

Ensuring we act as a responsible lender.

Deciding whether we can offer you the product that you have applied for and to evaluate any security where applicable.

Assess your credit history and make credit decisions about you and assessing whether the loan or mortgage applied for is affordable. Contract.

Our Legitimate Interests.

Ensuring we act as a responsible lender.

Assessing whether you are likely to repay the loan (our credit risk) or mortgage and whether the loan or mortgage is affordable.

Prevent fraud and money laundering before we provide you with a product. Legal Obligation.

Our Legitimate Interests.

Ensuring we act as a responsibly to prevent fraud and comply with laws and regulations.

Ensuring we can enforce our rights in respect of any security against a property.

Register you as a new customer. Contract.
Administer your account, collect contractual payments, manage any arrears, trace you and recover debts owed by you. Contract.

Our Legitimate Interests.

Communicate with you by telephone, email, SMS, chatbot post or any other digital communication method. Including providing you with regulatory notices and account statements and handling any complaints you may have. Contract.

Legal Obligation.

Our Legitimate Interests.

Keeping our records updated and recovering debts due to us.

Meet our legal, regulatory and contractual obligations arising from any agreement you enter into with us. Contract.

Legal Obligation.

Report positive, delinquent and default data to Credit Reference Agencies. Our Legitimate Interests.

To ensure that we comply with the Principles of Reciprocity (data sharing rules) which relate to Credit Reference Agencies.

Provide and improve customer service and support. We may also use special category data, if provided, for this purpose. Contract

Our Legitimate Interests.

Explicit Consent (as required for the recording of special category data).

To improve customer service and support. Special category data, particularly in relation to health, may be used here to help provide tailed service for vulnerable customers.

Keep our records up to date, provide good governance, accounting, management, and auditing of our business operations. Our Legitimate Interests.

Running our business in an efficient and compliant way.

Administer our Website, App, enhance operational capabilities and for internal operations. Our Legitimate Interests.

Measuring our operations and performance.

Running our business in an efficient and compliant way.

Provide you with information about other products and services that we offer that may be of interest to you. Our Legitimate Interests.

To provide you with information about our products and services that you may be interested in and to grow our business.

So, we can display messages to you and others about our products and services on social media. Our Legitimate Interests.

To provide you and others information about our products and services that you may be interested in and to grow our business.

For due diligence purposes if another lender or debt purchaser was buying a portfolio of credit agreements where your credit agreement is included within the portfolio. Our Legitimate Interests.

Running our business in an efficient way.

For due diligence if the Group was to be involved in a merger or acquisition. Our Legitimate Interests.

Deciding whether we wish to proceed with the merger or acquisition.

Automated decisioning to assess your loan or mortgage application. Contract

Our Legitimate Interests.

Ensuring we act as a responsible lender.

Deciding whether we can offer you the product that you have applied for and to evaluate any security where applicable.

 

Efficiency and quick service.

 

We may share your personal information with:

  • All entities belonging to the Group.
  • Service providers acting as processors who provide data hosting, data storage, electronic messaging services, printing services, call recording services and system administration services.
  • Service providers acting as processors who provide outsourced services such as call centre activity, customer service, marketing, credit score information, behaviour analysis, market research, speech analytics, income verification and affordability checks and business support services such as the collection of arrears or financial advice.
  • Our Open Banking Partners, TrueLayer and Consents Online Ltd, and other banks for payment, aggregation and verification of ownership of the current account you link to your Tandem account (dependent on the product taken out).
  • Retailers and Credit Brokers who have introduced you as a customer to us or are providing you with a product or service from our Tandem choices marketplace.
  • Social media companies (in a secure format), so they can display messages to you and others about our products and services.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, debt recovery services, tracing agents, repossession agents, insurance and accounting services.
  • HM Revenue & Customs, Regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Cifas, a fraud prevention agency and National Hunter based in the United Kingdom who provide fraud prevention services and who we also report to.
  • Know Your Customer (KYC) and cyber security providers.
  • Customer satisfaction survey administrators and Market Research companies assisting us to improve our products or service delivery.
  • Any other parties connected to your account such as guarantors, joint account holders, power of attorney etc.
  • Third parties to which we transfer, charge or assign your agreement.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Public authorities, Law enforcement agencies, government, or regulatory bodies where we are required to do so by law.
  • Credit Reference Agencies.
  • Anyone else where we have your consent or where it is required by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will make sure that anyone acting on our behalf only uses your personal data in line with our instructions and that they keep the data safe. We won’t share or give your personal information to external companies for their own marketing purposes.

To process your loan or mortgage application, we will perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

We will also continue to exchange information about you with credit reference agencies while you are our customer. This includes informing the Credit Reference Agencies if you borrow and do not repay in full and on time. Credit Reference Agencies will record the outstanding debt.

We also inform the Credit Reference Agencies about your settled accounts.

The credit reference agencies may in turn share your personal data with other organisations, which those organisations may use to make decisions about you.

Examples of circumstances when your information may be shared include the following.

  • Verifying the accuracy of the data you have provided us.
  • Making credit and affordability assessments to decide whether to accept your application.
  • Checking your identity details.
  • Preventing criminal activity, fraud and money laundering.
  • Tracing your address so that we can continue to contact you about any existing or previous products you held with us, as well as recovering debts that you owe.
  • Understanding your financial position. This includes the amount you borrow and your payment history, including any payment arrangements.

Ensuring any offers provided to you are appropriate to your circumstances.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders. Our initial search may be a ‘soft footprint’ which cannot be seen by other lenders but if you proceed to take out a loan with us this footprint will be visible to others who search your credit record.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before applying for a loan with us.

Credit Reference Agencies will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the Credit Reference Agencies to break that link.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

TransUnion          https://www.transunion.co.uk/crain
Equifax                 www.equifax.co.uk/crain
Experian               https://experian.co.uk/crain/index.html

The personal information we have collected from you will be shared with fraud prevention agencies to help us make credit related decisions. Fraud prevention agencies can hold your personal data for different periods of time.

We may also share your personal data with law enforcement agencies to detect, investigate and prevent crime. If fraud is detected, we may refuse to provide the loan you have requested, or we may stop providing our service to you.

A record of any fraud will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your personal data for different periods of time.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting Cifas at www.cifas.co.uk and National Hunter at www.nhunter.co.uk.

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We collect Personal Data directly from you via our Websites, via third party recruitment websites, recruitment agencies or head-hunters if you apply for employment with the Group.

We also obtain your personal information from third parties including:

 With your consent:

  • From fraud prevention agencies including Cifas, the Fraud Prevention Agency.
  • From searches of credit reference agencies of their records relating to you and other people with whom you are linked financially.
  • From public records (e.g. sanctions list, media, the electoral roll).
  • From the Land Registry, Registers of Court Judgements, Bankruptcies.
  • Disclosure & Barring Service (DBS).
  • Your named referees.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect different kinds of personal data about you listed below:

  • Any data you have provided to us as part of the application and interview process including information contained in your curriculum vitae (CV) such as your name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, nationality, profession, professional memberships, educational achievements, and computer skills.
  • Right to work documentation.
  • Copies of evidence provided to us for proof of your home address.
  • Any personal data provided to us about you from your referees.
  • Any personal data provided to us about you by a third party which you have given us consent to gain such as Disclosure and Baring Service and Credit Check. This may include details of any criminal convictions and offences (if applicable) and credit rating and history information.
  • Any personal information in relation to a disability where reasonable adjustment needs to be made during the recruitment process or thereafter.

We will only use your personal information we collect to:

  • Assess your skills, qualifications, and suitability to make a decision about your recruitment or appointment
  • Checking you are legally entitled to work in the UK
  • Carry out background and reference checks, including credit reference agency and Disclosure and Barring Service checks (with your consent).
  • Communicate with you by telephone, email, SMS or post about the recruitment process
  • Keep records related to our hiring processes
  • Comply with legal and regulatory requirements

Your data may also be used:

  • For due diligence if the Group was to be involved in a merger or acquisition.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

If you fail to provide certain information when requested, which is necessary for us to consider your application (such as evidence of qualifications, work history, proof of address, identification), we may not be able to process your application further. For example, if we require to apply for a DBS certificate and you fail to provide us with relevant details, we will not be able to take your application further.

We will not send marketing to you about our products and services, and the products and services of other members of the Group.

We do not use automated decision-making software to assess your suitability for employment.

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract:the processing is necessary before entering into an employment contract.
  • Legal obligation:the processing is necessary to comply with employment legislation and to meet regulatory requirements.
  • Consent: To obtain Disclosure & Barring Service checks or a credit check.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to refuse your application, but we will notify you if this is the case at the time depending on the stage of your employment application.

Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We may share your personal information with:

  • Service providers acting as processors based in the UK who provide a credit reference check, criminal records check, employment agency/recruitment services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.
  • Credit Reference Agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

With your consent we may perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

  • Verifying the accuracy of the data you have provided us.
  • To review your credit history as part of our suitability for employment assessment.
  • Checking your identity details.
  • Preventing criminal activity, fraud and money laundering.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other firms. However, we will perform a ‘soft footprint’ which cannot be seen by other firms.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

TransUnion             https://www.transunion.co.uk/crain

Equifax                   www.equifax.co.uk/crain

Experian                 https://experian.co.uk/crain/index.html

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We collect Personal Data directly from you via due diligence forms and other communications between us.

We will only use your personal data we collect to:

  • Verify your identity before we enter a relationship with you and throughout our relationship with you.
  • Assess your credit history (depending on the nature of the relationship).
  • Prevent fraud and money laundering.
  • Meet our legal, regulatory, and contractual obligations arising from any agreement you enter with us.
  • To update our records.

Your data may also be used:

  • For due diligence if the Group was to be involved in a merger or acquisition.

If your relationship with us ends, your information will be retained in line with our retention schedules.

If you have any concerns about the processing above, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Data Protection Rights” section above.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

We will not send marketing to you about our products and services, and the products and services of other members of the Group.

We do not use automated decision-making software as part of the onboarding process.

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract:the processing is necessary before entering into a contract.
  • Legal obligation:the processing is necessary to comply with legislation and to meet regulatory requirements.
  • Consent: To obtain a credit check.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter with you.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We may share your personal information with:

  • Service providers acting as processors based in the UK who provide credit reference check, and identity checks.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.
  • Credit Reference Agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

With your consent we may perform credit and identity checks on you with one or more Credit Reference Agencies.

To do this, we will supply your personal information to Credit Reference Agencies, and they will give us information about you.

  • Verifying the accuracy of the data you have provided us.
  • To review your credit history as part of our suitability for employment assessment.
  • Checking your identity details.
  • Preventing criminal activity, fraud and money laundering.

When Credit Reference Agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other firms. However, we will perform a ‘soft footprint’ which cannot be seen by other firms.

The identities of the Credit Reference Agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the Credit Reference Agencies are explained in more detail at https://www.transunion.co.uk/crain. The Credit Reference Agency Information Notice is also accessible from each of the three Credit Reference Agencies – clicking on any of these three links will also take you to the same document:

TransUnion          https://www.transunion.co.uk/crain

Equifax                 www.equifax.co.uk/crain

Experian         https://experian.co.uk/crain/index.html

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

 We collect Personal Data directly from you via our Newsletter sign-up form.

We will only use your personal data we collect to:

  • Send you our Newsletter regarding greener choices products and services.

We will not send direct marketing to you about our products and services, and the products and services of other members of the Group. However, the Newsletter will contain information regarding greener choices products and services.

You can opt-out of the Newsletter by clicking unsubscribe on the Newsletter or contacting us.

We do not use automated decision-making software when sending our Newsletter.

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We must have a legal basis (lawful reason) to process your personal data. In this case the legal basis is Consent.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We may share your personal information with:

  • Service providers acting as processors based in the UK who provide mailing services or software.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We collect Personal Data directly from you when you enquire about our preferred suppliers within our Marketplace.

We will use the personal data we collect to:

  • Provide you with information from our preferred suppliers about their products. This means we will pass your details on to the suppliers you have selected.
  • To provide you with information about our products and services.

We will send direct marketing to you about our products and services, and the products and services of other members of the Group.

You will also receive direct marketing from the suppliers you have selected.

You do however have the right at any time to ask us not to use your Personal Data for marketing purposes. Please email preferences@tandem.co.uk to unsubscribe.

We do not use automated decision-making software when to provide you with direct marketing.

We will only use your personal data for the purposes described above.

Any changes to this would only be made if the purpose were compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We must have a legal basis (lawful reason) to process your personal data. In this case the legal basis is Consent.

Where we ask for your consent, you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us.

We may share your personal information with:

  • Our preferred suppliers about their products, as selected by you.
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Law enforcement agencies or regulatory bodies where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Our Website or communications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Where possible we try to restrict data transfers to the UK only. We will only transfer your personal data outside the UK if the organisation we are sharing data with operates in an equivalent jurisdiction i.e. The country applies equivalent levels of protection as the UK. In these circumstances, we will have a contract in place to make sure the recipient protects the data to the same standard as is required in the UK. We will not transfer your data outside of the UK if you apply for employment or as part of the recruitment process.

If fraud prevention agencies transfer your personal data outside of the European Economic Area (EEA), they impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the EEA. They may also require the recipient to subscribe to ‘internal frameworks’ intended to enable secure data sharing.

It is important that the personal data we hold about you is accurate and current.

Please keep us informed of any changes during your relationship with us.

If you apply for a product with us or use our service this should include any change of address, telephone numbers and name changes.

If your information changes as part of the employment application process this should include contact details, and name changes.

The length of time we retain your information is determined by the purpose for which we use that information and our obligations under laws and regulation. We do not retain personal information in an identifiable format for longer than necessary.

Personal data relating to product and services will in most cases be kept for a period of 6 years once our relationship with you comes to an end. This period may be reduced depending on the nature of the data, the purpose it was obtained and legal/regulatory requirements.

We may keep your data for longer if we cannot delete it for legal or regulatory reasons.

Employment application data will be retained for a period of 1 year after your last application date if you are unsuccessful. This is so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

If you become an employee, we will retain your data for the period of your employment and for a period following the end of employment sufficient to meet our legal or legitimate interests. Further details can be found in our employee privacy notice and data retention policy.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This data may be shared and used in all the ways described in this notice.

In certain circumstances you can ask us to delete your data: see the Data Protection Rights section for further information.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you of any breaches where we are legally required to do so.

Subject to applicable laws, we will monitor and record calls, emails, text messages, social media messages and other communications. We will do this for the purposes of complying with applicable laws and regulations and our own internal policies and procedures, to prevent or detect crime, and for quality control and staff training purposes.

If you have any questions about how we treat your personal data and protect your privacy, please email dpo@tandem.co.uk or call us on one of the numbers below.

Tandem Bank Limited and Tandem Money Limited - 020 3370 0970

Tandem Motor Finance – 0191 492 1919

Oplo HL Ltd – 01253 603 950

Oplo PL Ltd – 01253 603 952

Allium Money Limited and GDFC entities - 0333 016 4057

You also have the right to make a complaint to the Information Commissioner's Office (ICO) https://ico.org.uk/make-a-complaint/ or call 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

The Data Controller reserves the right to make changes to this Privacy Policy at any time. This version was last updated on 19/08/22. Historic versions can be obtained by contacting us at dpo@tandem.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing). Unless stated otherwise the current privacy policy applies to all Personal data held by the Data Controller.

V1/102022