Tymit's privacy policy
This policy explains when and why we collect personal information about you, how we use it,
the conditions under which we may disclose it to others and how we keep it secure.
Tymit is committed to safeguarding the privacy of your information. By “your data”, "your
personal data”, and “your information” we mean any personal data about you which you or
third parties provide to us.
We may change this Policy from time to time so please check this page regularly to ensure
that you’re happy with any changes.
Who are we?
We are Tymit LTD (“we”, “our”, “us”) and operate under the name of Tymit. We’re committed to
protecting and respecting your privacy. Tymit is the Data Controller for any personal data which you
provide which is not related to the card. If you have any questions about your personal information
email us a privacy@tymit.com.
Please note that our partner, Transact Payments Limited (“TPL”), is the issuer of your payment card
and is the Data Controller for the personal data which you provide to us in relation to the card only.
TPL is authorised and regulated by the Gibraltar Financial Services Commission. TPL’s registered office
address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and registered company
number is 108217. When you apply for a Tymit Card, you accept TPL’s Privacy Policy which is provided
to you when you sign up for a card, is available within the Tymit mobile application and is also included
in this document for your convenience.
Information we hold about you
Information submitted through our website - for example, when you sign up and provide details such
as your name and address, or details we collect about how you use the website Details of your
transactions with us, including any cards and accounts used Information which is tied to your usage
or settings on your phone - for example, the mobile network you use, your IP address or operating
system Information from any social network or online account that you share with us.
We use this information to:
Help manage your account Track, analyse and improve the services we provide you and other
customers Search your record at credit reference and fraud prevention agencies to check your identity
and generate a credit assessment of you. Credit reference agencies will keep a record of our enquiries,
which may also be used by other organisations with access. This may affect your ability to get credit.
Prevent illegal activities like money-laundering and fraud Market and communicate our products and
services and those of affiliated partners where we think these will be of interest to you. You can always
unsubscribe from receiving these if you want to by email Make responsible lending decisions.
Who will we share it with?
We may disclose your personal information to: Anyone who works for us Any organisation which
supports any of our products that you have Third parties that carry out advertising services for us
Anyone who you give us explicit permission to share it with or If we must disclose your personal data
to comply with the law, or to enforce our Terms and Conditions or other agreements; or to protect
the rights, property, or safety of us, our customers, or others.
How do we work with Credit Reference Agencies?
To process your application, we will perform credit and identity checks on you with one or
more credit reference agencies (“CRAs”). Where you take services from us, we may also
make periodic searches at CRAs to manage your account with us. To do this, we will supply
your personal information to CRAs, and they will give us information about you. This will
include information from your credit application and about your financial situation and
financial history. CRAs will supply to us both public (including the electoral register) and
shared credit, financial situation and financial history information and fraud prevention
information.
This information will be used for:
− Assessing your creditworthiness and whether you can afford to take the product.
− Verifying the accuracy of the data you have provided to us.
− Preventing criminal activity, fraud and money laundering.
− Managing your account(s).
− Tracing and recovering debts.
− Ensuring any offers provided to you are appropriate to your circumstances.
We will also inform the CRAs about your settled accounts. If you borrow and do not repay in
full and on time, CRAs will record the outstanding debt. This information may be supplied to
other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file
that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate,
we will link your records together, so you should make sure you discuss this with them, and
share with them this information, before lodging the application. CRAs will also link your
records together and these links will remain on your and their files until such time as you or
your partner successfully file for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold,
the ways in which they use and share personal information, data retention periods and your
data protection rights with the CRAs are explained in more detail at
https://www.experian.co.uk/crain. CRAIN is also accessible from each of the three CRAs.
TransUnion: https://www.transunion.co.uk/crain
Experian: https://www.experian.co.uk/crain
Equifax: https://www.equifax.co.uk/crain
Rights
You have a right to access the personal data we hold about you, to delete your data, change and
correct your data, or to obtain a copy of it. To do so please contact us by emailing privacy@tymit.com.
We may charge you a small fee to cover our costs for providing this information.
What we will not do
We won’t share identifiable personal data with third parties for their direct marketing unless you give
us permission, we will only keep your personal information for only as long as we need to. We’ll then
delete it securely and safely There may be times when you give us sensitive information such as your
racial origin or trade union membership. We’ll only use this information in strict accordance with the
law.
Where your data is stored
The data we collect from you may be transferred to and stored somewhere outside the European
Economic Area (“EEA”). It may also be processed by staff outside the EEA who work for us or one of
our suppliers.
Complaints
We hope that our Data Protection Officer can resolve any query or concern you may raise
about our use of your personal information.
The General Data Protection Regulation also gives you right to lodge a complaint with a
supervisory authority, in particular in the European Union (or European Economic Area) state
where you work, normally live or where any alleged infringement of data protection laws
occurred. The supervisory authority in the UK is the Information Commissioner’s Office (ICO).
Details on how to raise a complaint with the ICO can be found here: https://ico.org.uk/make-
a-complaint/
Other websites
Our website may contain links to other websites. This privacy policy applies only to our
website‚ so we encourage you to read the privacy statements on the other websites you visit.
We cannot be responsible for the privacy policies and practices of other sites even if you
access them using links from our website.
Changes to this policy
Any material changes we make to our privacy notice in the future will be posted on this page and, if
appropriate, sent to you by email.
How to contact us
If you have any questions about our Privacy Policy or the personal information which we hold
about you or, please send an email to our Data Protection Officer at privacy@tymit.com.
TPL Privacy Policy
This policy explains when and why we collect personal information about you, how we use it,
the conditions under which we may disclose it to others and how we keep it secure.
TPL is committed to safeguarding the privacy of your information. By “your data”, "your
personal data”, and “your information” we mean any personal data about you which you or
third parties provide to us.
We may change this Policy from time to time so please check this page regularly to ensure
that you’re happy with any changes.
Who are we?
Transact Payments Limited (“TPL”, “we”, “our” or “us”) is the issuer of your card and is the
Data Controller for the personal data which you provide to us in relation to the card only. TPL
is an e-money institution, authorised and regulated by the Gibraltar Financial Services
Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road,
Gibraltar, GX11 1AA and our registered company number is 108217.
Tymit Limited (“Tymit”) is the Program Manager for your card program and is the Data
Controller for any personal data which you provide which is not related to the card. Tymit is
incorporated in England & Wales with registration number 10827757 and registered office at
5 Merchant square, London, England, W2 1DP.
How do we collect your personal data?
We collect information from you when you apply online or via a mobile application for a
payments card which is issued by us. We also collect information when you use your card to
make transactions. We also obtain information from third parties (such as fraud prevention
agencies) who may check your personal data against any information listed on an Electoral
Register and/or other databases.
On what legal basis do we process your personal
data?
Contract
Your provision of your personal data and our processing of that data is necessary for each of
us to carry out our obligations under the contract (known as the Cardholder Agreement or
Cardholder Terms & Conditions or similar) which we enter into when you sign up for our
payment services. At times, the processing may be necessary so that we can take certain
steps, at your request, prior to entering into that contract, such as verifying your details or
eligibility for the payment services. If you fail to provide the personal data which we request,
we cannot enter into a contract to provide payment services to you or will take steps to
terminate any contract which we have entered into with you.
Legal/Regulatory
We may also process your personal data to comply with our legal or regulatory obligations.
Legitimate Interests
We, or a third party, may have a legitimate interest to process your personal data, for
example:
- To analyse and improve the security of our business;
- To anonymise personal data and subsequently use anonymized information.
What type of personal data is collected from you?
When you apply for a card, we, or our partners on our behalf, collect the following
information from you: full name, physical address, email address, mobile phone number,
phone number, date of birth, login details, IP address, identity and address verification
documents.
When you use your card to make transactions, we store that transactional and financial
information. This includes the date, amount, currency, card number, card name, account
balances and name of the merchant, creditor or supplier (for example a supermarket or
retailer). We also collect information relating to the payments which are made to/from your
account.
How is your personal data used?
We use your personal data to:
- set up your account, including processing your application for a card, creating your account,
verifying your identity and printing your card.
- maintain and administer your account, including processing your financial payments,
processing the correspondence between us, monitoring your account for fraud and providing
a secure internet environment for the transmission of our services.
- comply with our regulatory requirements, including anti-money laundering obligations.
- improve our services, including creating anonymous data from your personal data for
analytical use, including for the purposes of training, testing and system development.
Who do we share your information with?
We pass your information to our third party service providers, agents, subcontractors,
program managers and other associated organisations for the purposes of completing tasks,
managing your account and providing services to you on our behalf, as detailed above. When
we use third party service providers, we have a contract in place that requires them to keep
your information secure and confidential.
We pass your information to the following categories of entity:
- identity verification agencies to undertake required verification, regulatory and fraud
prevention checks;
- information security services organisations, web application hosting providers, mail support
providers, network backup service providers and software/platform developers;
- document destruction providers;
- mobile/digital payment services providers (where you choose to use such payment services)
- anyone to whom we lawfully transfer or may transfer our rights and duties under this
agreement;
- any third party as a result of any restructure, sale or acquisition of TPL or any associated
entity, provided that any recipient uses your information for the same purposes as it was
originally supplied to us and/or used by us.
- regulatory and law enforcement authorities, whether they are outside or inside of the EEA,
where the law requires us to do so.
Sending personal data overseas
To deliver services to you, it is sometimes necessary for us to share your personal information
outside the European Economic Area (EEA), e.g.:
• with service providers located outside the EEA;
• if you are based outside the EEA;
• where there is an international dimension to the services we are providing to you.
These transfers are subject to special rules under European and Gibraltar data protection law.
These non-EEA countries do not have the same data protection laws as Gibraltar and EEA. We
will, however, ensure the transfer complies with data protection law and all personal
information will be secure. We will send your data to countries where the European
Commission has made an adequacy decision, meaning that it has ruled that the legislative
framework in the country provides an adequate level of data protection for your personal
information. You can find out more about this here.
Where we send your data to a country where the European Commission has not made an
adequacy decision, our standard practice is to use standard data protection contract clauses
that have been approved by the European Commission. To obtain a copy of those clauses,
please go to the European Commission’s website.
If you would like further information please contact our Data Protection Officer on the details
below.
How long do we store your personal data?
We will store your information for a period of six years after our business relationship ends in
order that we can comply with our obligations under applicable legislation such as anti-money
laundering and anti-fraud regulations. If any changes to applicable legislation require us to
retain your data for a longer period of time, we shall retain it for that period. We will not
retain your data for longer than is necessary.
Your rights regarding your personal data?
You have certain rights regarding the personal data which we process:
- You may request a copy of some or all of it.
- You may ask us to rectify any data which we hold which you believe to be inaccurate.
- You may ask us to erase your personal data.
- You may ask us to restrict the processing of your personal data.
- You may object to the processing of your personal data.
- You may ask for the right to data portability.
- If you would like us to carry out any of the above, please email the Data Protection Officer
at DPO@transactpaymentsltd.com.
How is your information protected?
We implement security policies and technical measures in order to secure your personal data
and take steps to protect it from unauthorised access, use or disclosure.
While we strive to protect your personal information, we cannot guarantee the security of
any information you transmit to us, and you do so at your own risk. Once we receive your
information, we make our best effort to ensure its security on our systems. Where we have
given (or where you have chosen) a password which enables you to access certain parts of
our websites, you are responsible for keeping this password confidential. We ask you not to
share your password with anyone.
Complaints
We hope that our Data Protection Officer can resolve any query or concern you may raise
about our use of your personal information.
The General Data Protection Regulation also gives you right to lodge a complaint with a
supervisory authority, in particular in the European Union (or European Economic Area) state
where you work, normally live or where any alleged infringement of data protection laws
occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority. Their
contact details are as follows:
Gibraltar Regulatory Authority,
2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.
(+350) 20074636/(+350) 20072166 info@gra.gi
Other websites
Our website may contain links to other websites. This privacy policy applies only to our
website‚ so we encourage you to read the privacy statements on the other websites you visit.
We cannot be responsible for the privacy policies and practices of other sites even if you
access them using links from our website.
Changes to our Privacy Policy
We keep our Privacy Policy under review and we regularly update it to keep up with business
demands and privacy regulation. We will inform you about any such changes. This Privacy
Policy was last updated on 10
th
November 2020.
How to contact us
If you have any questions about our Privacy Policy or the personal information which we hold
about you or, please send an email to our Data Protection Officer at
DPO@transactpaymentsltd.com.
version: 1.0
