Privacy Policy.

Privacy Policy

Thank you for visiting Together Online (“the Website”). Please read the following information carefully as the terms and conditions will apply to your use of the Website. The Website is operated by Together Financial Services Limited, trading as “Together”, a company registered in England and Wales under company registration number 02939389, on its behalf and on behalf of its subsidiary companies; Together Personal Finance Limited (company registration number 02613335) and Together Commercial Finance Limited (company registration number 02058813), together trading as “Together”, and each having its registered office address situated at Lakeview, Lakeside, Cheadle, Cheshire, SK8 3GW. References in this Privacy Policy to "we", "us", "our" and "ourselves" are references to Together Financial Services Limited and its subsidiary companies as outlined above. References to “you” or “your” are references to any person reading this Privacy Policy.

We take the privacy of our Website users seriously and we are committed to protecting your privacy in compliance with United Kingdom (“UK”) data protection laws, including UK General Data Protection Regulation the Data Protection Act 2018, the Privacy and Electronic Communication Regulation, (collectively “Data Protection Laws”) . This Privacy Policy explains what personal data (see below for details of what this means) is collected about you via the Website and what we do with that personal data. Please see our Cookies Policy for information of how the Website uses cookies, and your choices regarding cookies use.

We encourage you to familiarise yourself with this Privacy Policy to understand our views and practices regarding your personal data collected via the Website and how we will treat it.

We reserve the right in our sole discretion to amend this Privacy Policy from time to time. In this event, we will post the revised policy on the Website. We encourage you to periodically re-read this Privacy Policy so that you are aware of any updates and remain informed as to how we are using, disclosing and processing your personal data. We may, where necessary, notify users of any modified version of this Privacy Policy that might materially affect the way we use, disclose or otherwise process users’ personal data or otherwise affect their privacy rights. We may do this for example by posting an update on the Website which users will see at their next visit.

Supplementary privacy policies, notices or other privacy related information will apply to personal data obtained by us (or on our behalf) where you interact with us in ways other than through the Website (e.g. via the phone or where you make a loan application by post or through a broker). This additional privacy information will be made available to you at the relevant point at which we collect your personal data.

If you do not agree to your personal data being used in the manner described in this Privacy Policy then please do not provide us with your personal data. However, please note that some functionality of the Website may be restricted or unavailable where you do not provide us with any personal data we request.

YOU HAVE A RIGHT TO KNOW HOW WE WILL USE YOUR PERSONAL DATA

We provide this Privacy Policy to make you aware of our practices in connection with your privacy and of the choices you can make about the way your personal data is collected via the Website and used.

We are committed to ensuring the security of your personal data.

Data Protection Laws place obligations on us to process your personal data fairly and lawfully and to keep it secure. For the purposes of the Data Protection Laws, the data controller of Website users’ personal data is Together Financial Services Limited of Lake View, Lakeside, Cheadle, SK8 3GW.

As a data controller, Together Financial Services Limited maintains a notification of its data processing activities with the Information Commissioner’s Office (ICO) and its registration number is ZA067862.

Personal data may also be processed by Together Personal Finance Limited (ICO registration number Z6004427) and/or Together Commercial Finance Limited (ICO registration number Z6462238).

WHAT IS PERSONAL DATA?

For the purposes of this Privacy Policy, “personal data” is data which relates to a living individual, who can be identified from the data or from that data and other information which is in the possession of, or likely to come into the possession of, Together.

HOW WE WILL COMPLY WITH DATA PROTECTION LAWS

Data Protection Laws require that we meet certain lawful grounds before we are allowed to use your personal data in the manner described in this Privacy Policy and that we explain these legal grounds to you. We take our responsibilities under Data Protection Laws seriously, including meeting these conditions. To use your personal data, we will rely on the following lawful grounds (more than one ground may be relevant to each example of our processing):

  • Contract: Where you are an existing customer we will process your personal data to the extent required for us to provide you with services related to products that you have purchased from us in accordance with its terms (for example existing customers can make a payment, request information in respect of how to obtain additional finance or how to obtain a redemption figure);
  • Legitimate Interests: We may also process your personal data where this processing is in our “legitimate interests”. It is in our legitimate interests to collect your personal data as it provides us with the information that we need to run the Website or provide our services and/or products more effectively. When relying on this condition, we are required to carry out a balancing test of our interests in using your personal data (for example, in order to improve the Website or our services), against the interests you have as a citizen and the rights and freedoms you have under Data Protection Laws. The outcome of this balancing test will determine whether we can use your personal data in the ways described in this Privacy Policy. We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test and where an imbalance is indicated, your personal data will not be used for this purpose;
  • Legal Obligation: Where there is a legal requirement upon us to record, retain or share your personal data with authorities, we must do so. For example to comply with laws and regulations which govern our business, such as the Financial Services and Markets Act 2000 or the Proceeds of Crime Act 2002;
  • Consent: Where you have provided your specific agreement to the processing of personal data for a specific purpose(s). For example, if you advise us of a health condition, we will seek your consent to record and process this information.
TYPE OF PERSONAL DATA COLLECTED

The personal data that you may provide to us through the Website is set out below:

  • your name and username;
  • security information (passwords and answers to security questions) (please note that passwords and answers to security questions are encrypted and as such are not available for Together to view);
  • your contact details (including postal address, email address and phone number);
  • your account number;
  • any personal data you choose to include when typing additional comments in free text boxes.

The Website also uses cookies, which may constitute your personal data in certain circumstances. Please see our Cookies Policy for information about the cookies we use and your choices in relation to cookie use.

In addition, you may also provide us with your personal data by corresponding with us by phone, e-mail, post or otherwise. This includes personal data you submit when you register to use the Website, make an enquiry and/or when you report a problem with the Website. The information you give us may include some of the personal data listed above and any other personal data you choose to provide.

We will only collect information about you where this is necessary in order for us to be able to provide you with our products/services (including contacting you to discuss our products/services) and as otherwise set out in this Privacy Policy.

HOW WE USE THE PERSONAL DATA

We will store and process your personal data on our computers and in our paper folders.

Please see the Data Security header below for details about how we keep your personal data secure, in line with our obligations under Data Protection Laws.

We will use your personal data (including from any third parties, where relevant and lawful) to:

  • contact you about our products/services (in response to your request for this contact which you have made via our Website);
  • manage your account;
  • provide our products/services to you;
  • contact you in respect of any complaint that you submit;
  • process payments if you make a payment to us relating to your loan/mortgage via the Website;
  • comply with our legal obligations; and
  • identify patterns which we can use to help us develop, administer, support and improve our services.

This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate.

We may also use your personal data where such use is in our (or a third party’s) legitimate business interests, providing this use does not cause you unwarranted prejudice, and as otherwise set out in this Privacy Policy.

We will only use the personal data you provide to us as described in this Privacy Policy. We will observe the rights granted to you under Data Protection Laws and will ensure that queries relating to privacy are dealt with promptly and in a transparent manner.

PREVENTION OF FRAUD

If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may request and/or access this information.

We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

  • Checking details on applications for credit and credit related or other facilities;
  • Managing credit and credit related accounts or facilities;
  • Recovering debt;
  • Checking details on proposals and claims for all types of insurance; and
  • Checking details of job applicants and employees.

Please contact the Financial Crime Team (financialcrimequeries@togethermoney.com) if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

WHO DO WE PASS YOUR PERSONAL DATA TO?

We may use third parties to provide services on our behalf. This means we will disclose your personal data to them.

We will provide your personal data to the following categories of third parties:

  • companies that provide data hosting and website management services such as Azure, OKTA, OPUS and Microsoft; and
  • companies that provide website analytics services and /or help us to make advertising messages more relevant to you such as Google Analytics, AppNexus, Hotjar and/ or Infinity (please see our Cookies Policy for further information).

In each case, we will, in accordance with our obligations under Data Protection Laws, put in place appropriate contractual protections for your personal data.

In addition to the disclosures described above, we may disclose your personal data to:

  • our auditors, solicitors, professional advisors, sub-contractors or any person providing services to Together Financial Services Limited group companies and, who have agreed to treat your personal details as confidential;
  • anybody having a legal right to your personal data, including the police and any other legal and regulatory authorities and government bodies;
  • to any third party who acquires all, or substantially all, of the assets or shares in Together Financial Services Limited, any of our corporate group, and/or the Website, whether by sale, merger, acquisition or otherwise; and
  • as required to enforce or apply our Terms of Use.

This Privacy Policy describes above how users’ personal data collected via the Website may be disclosed outside of Together Financial Services Limited. Pursuant to this, including for instance where we engage providers of services and/or where companies within our corporate group provide services to it (for example, hosting databases containing users’ personal data), users’ personal data may be transferred to countries or territories located outside of the United Kingdom which do not have data protection laws equivalent to ours. This may mean that in certain limited circumstance personal data is transferred to countries which do not provide the same level of protection for personal data as the UK.

Where your personal data is being transferred outside the UK, we will ensure that appropriate safeguards are in place, such as the use of the approved International Data Transfer Agreements (IDTA) to protect your information in accordance with Data Protection Laws, along with any relevant risks assessments.

Other than set out in this Privacy Policy (and supplemental privacy information, notices and/or statements where relevant), we will not otherwise disclose, sell or distribute your personal data we collect via the Website to any third party without your permission unless we are required or permitted to do so by law.

HOW LONG DO WE KEEP YOUR PERSONAL DATA

We take steps with a view to deleting, destroying or permanently anonymising your personal data (which means that we are no longer able to identify you from it) when it is no longer necessary for its purpose and we are not required by law to keep it.

How long we keep your personal data depends upon the purpose for which your personal data was collected was provided. Generally however we will hold your personal data:

  • for as long as it is necessary to enable us to provide you with a product or service (i.e. until that service or product has been provided to you and all parties have fulfilled their obligation in relation to that service or product);
  • if you taken out a loan or mortgage with us, for the duration of your loan or mortgage and an additional 6 years after the loan or mortgage has concluded;
  • We will never retain your personal data for longer than is necessary. However, we may keep your data longer than 6 years if we cannot delete it for example, to comply with our legal or regulatory obligations.
YOUR RIGHTS

You have a number of rights under Data Protection Laws in relation to the way we process your personal data. These are set out below. You may contact us using the details below to exercise any of these rights and we will respond to any request received from you within one month from the date of the request.

The right to be informed As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided within this notice, our Fair Processing Notice and in any related communication we may send you.
The right of access You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity, we will provide access to the personal data we hold about you.
The right to rectification Where you believe we hold inaccurate or incomplete personal information about you, then you may exercise your right to correct or complete this data.
The right to erasure (the ‘right to be forgotten’) Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.
The right to restrict processing You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
  1. The accuracy of the personal data is contested;
  2. Processing of the personal data is unlawful;
  3. We no longer need the personal data for processing but the personal data is required for part of a legal process;
  4. The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
The right to data portability You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format. You have the right to require us to transfer your personal data to another organisation, at your request. This right only applies when we care carrying out the processing by automated means.
The right to object You have the right to object to our processing of your data where:
  1. Processing is based on legitimate interest;
  2. Processing is for the purpose of direct marketing;
Processing involves automated decision-making and profiling.
Right regarding automated decision-making and profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way.

If you would like to exercise the rights listed above, you can send a request:

  • By mail to: Customer Services, Lake View, Lakeside, Cheadle, Cheshire SK8 3GW enclosing details of your account number(s) or application date
  • By e-mail to:datarightsteam@togethermoney.com
  • By telephone to: 0161 333 7403
DATA SECURITY

We take protecting your personal information seriously and are continuously developing our security systems and processes. In accordance with our obligations under the Data Protection Laws; to prevent unauthorised access to or disclosure of your personal data, maintain data accuracy, and ensure the appropriate use of your personal data; we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data we collect online. Some of the controls we have in place are:

  • We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
  • We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems and data;
  • Systems are proactively monitored through a “detect and respond” information security function;
  • We utilise industry “good practice” standards to support the maintenance of a robust information security management system; and
  • We enforce a “need to know” policy, for access to any data or systems.

We require that third parties who process your personal data on our behalf apply at least equivalent technical and organisational measures to ensure that data is securely processed.

However, you acknowledge that, unfortunately, the transmission of information via the internet, including forms you submit to us, is not completely secure. We cannot guarantee the security of your data transmitted to the Website: any transmission (i.e. your sending of the personal data to us) is at your own risk. Once we have received your personal data, we will use the steps detailed above to protect it.

You should be aware that there are inherent risks in transferring personal data over the Internet. For example, if you send us an e-mail from your private mailbox, we cannot guarantee the security of the content during its transmission to us. For that reason, please do not send to us an unsecured e-mail with confidential information such as your employee number or bank account numbers, or any sensitive personal data.

FEEDBACK AND COMPLAINTS

If you are not happy with the way in which your personal data is held or processed by us, or if you are not satisfied with our handling of any request by you in relation to your rights, our Data Protection Officer (“DPO”) would be happy to help. You can contact our DPO at Lake View, Lakeside, Cheadle SK8 3GW or via email – dpo@togethermoney.com.

Alternatively, you have the right to complain to the Information Commissioner’s Office (ICO) by calling 0303 123 1113. The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website (www.ico.org.uk).