This policy was last updated October 2019.
By “personal information” we mean all information that identifies or may identify you.
Who is processing your data?
We are the data controller of the personal data that you provide on the website/App and/or that we collect about you. This means that we are the company responsible for deciding how your data is processed.
In order for us to provide the Service to you, you will be invited to link accounts that you hold with account providers with your Bean account which will allow details of transactions that have been carried out relating to your accounts to be displayed in your Bean account.
Where do we get the data from?
Most of the data that we process will be data that we collect from you directly when you set up an account. We will ask you various questions to collect the data we need for the purpose of setting up your account. We will not be able to set up an account unless you answer the mandatory questions. Where questions are optional, we will explain what we need the data for.
From your account providers when you link accounts
If you link any of your accounts to your Bean account, your account provider will allow us read only access to the accounts you specify which will include the name, date and amount of any transactions. It will not include any of your account log-in information or passwords. The consent that you provide for us to have this read only access will last for a period of 90 days after which you will be asked to reconfirm your consent again.
From our partners
We will from time to time provide links on this website/app to third parties who are able to offer you products and services. If you register with a third party or purchase any products or services through links on this website/app, our partners may provide us with information about you such as what product or service you purchased and when.
From your use of the Website of App and our services
We also collect data about you based on your actions, for example we collect data about how and when you use the website, our App or our Services so that we can build up a picture of you as a customer. This can include information such as how often you use your account, mouse clicks/taps, mouse movements, page scrolling and text entered into forms which we collect through software which monitors how customers use our website and our App. This helps us to provide you with a good service and to design improvements to our products and services (including changes to our website/app) but is also used to help us to prevent and detect fraud.
We, and our partners collect some of this data by using cookies, web beacons and pixel tags. A cookie is a small file that is placed on your device, which enables a server to identify that device and allows us to offer the best services possible by allowing us to recognise you as a unique user and provide us with information about how you use our website. Cookies are commonly used on the Internet and do not harm your computer system. Web beacons and pixel tags are similar to cookies and allow us to collect information about how you use our website and help us to offer you the best service.
We may use web beacons and pixel tags alongside cookies both on our Website and App and in any emails we send to you. Information collected may include items such as the IP address of your computer, the time you visited our Website or App and what links you clicked on or when you opened our emails. We may also use information from cookies or tags when you click through from our Website or App to our partners’ websites to help us understand which links you have used. Further information about cookies, web beacons and pixel tags can be found at www.allaboutcookies.org.
This website also uses Google Analytics to allow us to monitor how customers use our Website. We use services provided by Google to do this including Google’s Remarketing and Advertising Reporting Features. The features that we use include Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting and integrated services that require Google Analytics to collect data for advertising purposes including the collection of the data via advertising cookies and identifiers. As part of this activity, if you have a Google account and have allowed Google to associate your web and app browsing history so that you may receive personalised ads then Google may collect a Google identifier which allows them to identify your Google account when you are using this Website (including where you use different devices to access this website). Google use this data alongside other data they may collect about you, which may include your location, search history, YouTube history and data from other sites that partner with Google, to provide us with aggregated and anonymised information which assists us in understanding how individuals are using our website. If you require further information or wish to opt out of Google Analytics Remarketing and Advertising Reporting Features then please visit Google’s currently available opt-outs.
If you contact us electronically, we may collect your electronic identifier e.g. Internet Protocol (IP) address, or device ID or telephone number supplied by your service provider. This information may be used by us and/or shared with and used by our partners to aid in the detection of fraud.
What do we use your data for?
The data that we hold is used for the following purposes:-
Part 1 – Providing you with our services
The personal data that we use for the purposes set out in this Part includes: your name, contact details, date of birth, details of your payment transactions, account details, online payment account information and details of bills and other recurring contracts.
We use the data set out above to:
• Provide access to your payment transactions. From time to time we may ask you if you’d like to provide us with further information about your transactions (for example the nature of the service the transaction relates to), this will be optional and any additional data you provide will be used for analysis and research purposes to allow us to improve the Service;
• To provide you with relevant information and tips about how you could save money by looking at the type of transactions you make;
• Send you any reminders that you have set up;
• Communicate with you about our services, for example sending you any service updates;
• Manage, run and administer your account;
• Help us build up a picture of you as a customer to ensure that we provide you with more relevant information, such as showing you the right content at the right time; and
• Send you personalised communications.
It may also be necessary for the data described above to be shared with third parties or with other companies within the BGL Group of Companies for the following purposes:-
• In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets, along with its professional advisers;
• In connection with any proposed or actual financing, securitisation, insuring, assignment or other disposal of all or part of our business or assets, we may disclose your personal information to anyone whom we may transfer our rights and/or obligations for the purposes of evaluating and performing the proposed transaction;
• If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
• If required in order to obtain professional advice;
Data protection law says that we have to tell you the legal basis on which we process your personal data. In relation to personal data used for providing you with a service and managing your account, we process this data because it is necessary to perform the contract that we have in place with you to provide you with our services.
Part 2 – Fraud Prevention
In order to prevent and detect fraud we may use the personal data set out above at any time to:
• Check and/or share your details with fraud prevention and detection agencies; and
• Share information about you with other organisations including the police, where necessary and proportionate; and
• Carry out analysis on data that is held in order to assist the identification of fraud.
In relation to the personal data processed for fraud prevention, we process this because we have a legitimate business interest in carrying out these activities to help minimise the risk of fraud or crime occurring and in its detection.
Part 3 – Other Uses of Data
When you provide your details you will be given an opportunity to confirm whether you are happy to receive marketing material from us. If you confirm you are happy to receive this material, we will use your postal address, email address and telephone number to send you marketing materials by post, email, telephone call or SMS. We do not pass your data to other companies for marketing purposes.
You can change your mind at any time by logging into your account and updating your preferences. You can also unsubscribe from emails by clicking on the unsubscribe link on any marketing emails that we send you or updating your preferences in your account.
This will not impact any communications that we need to send you for the purpose of your account, for example any necessary service updates.
If you have agreed to receive messages from us, we will either use your device information to send you push messages (where you have opted in specifically to receiving push messages), or we will send in-app messages to you, for example to ask you to review the App.
From time to time we may want to use your postal address, email address and/or telephone number to contact you to assist us with our research by asking you a few questions about the service you have received or by asking if you would like to complete a review of our services. We may sometimes ask market research companies to contact you on our behalf. If you would prefer us not to contact you for market research purposes then you can let us know by contacting us at firstname.lastname@example.org.
Research and Analysis Activities
We use data that is collected on the Website or the App for research and analysis activities. This includes information relating to your account, (including information about your payment transactions). We use this information to carry out various research and analysis activities to help us to regularly review and improve the products and services we or our partners provide and carry out research. We also share this data with our partners and with other companies within the BGL Group of Companies to enable them to use this data for these purposes. Where possible, data will be shared on an anonymised basis. The data will not be used to make any decisions that will affect you or any other individual and data will be deleted as soon as the relevant research and analysis activity is concluded.
We also use the data that we collect about you through your Website/App usage to carry out research and analysis into usage and activities on our Website/App to enable us to continue to improve our Website/App and our products and services.
In relation to personal data used for the purposes described in this Part 3, we process this data because we have a legitimate business interest in carrying out these activities to promote and improve our business. We have ensured appropriate safeguards to protect your rights when processing this data for these purposes.
How long do we keep data?
We’ll only keep your personal data as long as we need it and ensure it is securely destroyed when it is no longer required. We do however need to keep certain data after we have provided you a service as described below.
If you have an account with us we will keep your data while your account with us is active and then if you stop using your account we will generally retain your data for a period of 6 years from that point (unless there is a requirement for us to keep the data for longer, for example if there are any ongoing queries or claims relating to your account).
We keep data for this period as it plays an important part in allowing us to deal with any queries or complaints that may arise regarding service that has been provided, to assist us in any fraud detection or investigation and allow us to carry out research and analysis to help us improve our products and services (as described in the section headed “What do we use your data for?” above).
Overseas Transfer of Data
We use third party suppliers to process limited personal data about you. Some of these suppliers may be located in countries outside the UK which may not have equivalent laws in place to protect your personal data. For example, we use third party software suppliers such as Microsoft to process data such as your IP address and email address, which Microsoft stores in the USA.
Data protection law gives you various rights in relation to your personal data. All the rights set out below can be exercised by contacting us using the contact details set out under the “Contacting us” section below. Please note that we can only deal with requests to exercise these rights where they relate to personal data that we process as data controller. If you send us a request which relates to personal data processed by your account provider, we will direct you back to your account provider to make the request to them directly.
Your rights include:-
• You have the right to ask us to provide a copy of the personal data that we hold about you. This is called a Data Subject Access Request or “DSAR”. You can access much of your information directly by logging into your account. If you want to receive other personal data that we hold then you can make a DSAR. When contacting us please describe the information you require and include the following: your full name, your date of birth and your full address. For security purposes we can only deal with requests where the contact details you provide match the details we have on file and we may need to ask you for further information to verify your identity. If you have changed your contact details or you require information sending to different contact details please include a copy of your passport or driving licence and proof of address such as a recent utility bill to assist us in verifying your identity. We might also need to ask you for additional information to help us locate the data that you are looking for. Once we have all the information that we need to process your DSAR, we will respond within one month unless your DSAR is very large or complex, in which case we may need to extend this period. If we need to do this we will let you know.
• You have the right to ask us to correct inaccurate personal data that we hold about you. If you think any of your personal data is inaccurate, please contact us and, provided we can verify your identity and are satisfied as to the accuracy of the correction requested, we will correct the relevant personal data as soon as we can. If the inaccurate data relates to the payment transactions received from your account provider, we will let you know and you will need to contact your account provider directly regarding this. We are not responsible for the accuracy of the information your account provider provides.
• You have the right to request that we provide a copy of your personal data in a machine readable format or to ask us to send your personal data to another company. This applies to personal data that you have provided to us, which we have processed electronically, such as personal data you entered on our website when you obtained a quote.
• You also have the right to ask us to delete personal data that we hold about you. We are obliged to delete personal data in some circumstances, such as where it is no longer needed. However, data protection laws allow us to keep the personal data if we need to, for example if the data is needed for fraud prevention. In any case, we will retain your personal data in line with the retention periods detailed under “How long do we keep data?” above.
• You have the right to ask us not to do anything with your personal data except store it in limited circumstances, such as if you and we do not agree on the accuracy of personal data and steps are required to validate it.
• You have the right to object to us processing certain personal data about you. However, where we need to continue to process the personal data, for example for fraud prevention purposes, we are not obliged to stop processing it.
• You have the right to ask for significant decisions that have been made about you wholly by automated means to be reviewed however, we confirm that we do not make any significant decisions about you wholly by automated means.
• If you would like to contact us about one of your data rights set out under “Your Rights” above, then please contact email@example.com.
• If you would like to contact our Data Protection Officer, you can email firstname.lastname@example.org or write to the Data Protection Officer at Saverd Limited, Pegasus House, Bakewell Road, Orton Southgate, Peterborough, PE2 6YS.
Information Commissioner’s Office
• If you have a complaint regarding how your personal data has been processed by us then please contact us first using the complaints procedure set out at section 11 of the our Terms and Conditions. You also have the right to complain to the Information Commissioner’s Office, which regulates data protection compliance. You can find more information by visiting their website www.ico.org.uk.
- Date of birth;
- Email address;
- Telephone number(s);
- Bean account information;
- Bank account details;
- Online banking information;
- Bills and other recurring contracts;
- Transaction data;
- Information regarding any interactions you may have with us;
- Yodlee username and password (see the section on Yodlee below);
- Information regarding your demographics, interests and experiences with our products.
- Complete forms on our website or mobile app (this includes when you create or amend an account with us);
- Use or access our website or mobile app;
- Communicate with us (through any channel);
- Respond to surveys or questionnaires we send you.
- To provide our products and services to you;
- For correspondence or participating in online surveys to help us enhance our services and products for you;
- To provide special offers and other related services to you;
- To verify your identity when setting up an account;
- To enable us to contact you about your account and finances;
- To enable us to ask security related questions if, for instance, you later ask us to reset your password;
- To improve and tailor our products and services;
- For our own internal record keeping requirements;
- For marketing purposes, such as sending you email newsletters with offers, information, promotions or products and services, from us or our partners, or other information we think you may find interesting;
- To analyse it so we can make suggestions which may enable you to save money or consider alternative products to the ones which you are using (this may involve us sending limited details about you (which will not identify you) to our partners so that suggested products can be tailored to you);
- For the purposes of statistical analysis of users’ behaviour as a whole;
- To help in the creation of anonymised statistical data which we may use at our discretion (including licensing to third parties);
- To contact you, for instance with notifications relating to your account.
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Advertisers and advertising networks and other third parties that require the data to select and serve relevant adverts to you and others;
- Analytics and search engine providers that assist us in the improvement and optimisation of our website(s). Your personal information is generally shared in a form that does not directly identify you;
- Yodlee so that it can provide financial aggregation services, as explained below.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets, along with its professional advisers;
- In connection with any proposed or actual financing, securitisation, insuring, assignment or other disposal of all or part of our business or assets, we may disclose your personal information to anyone whom we may transfer our rights and/or obligations for the purposes of evaluating and performing the proposed transaction;
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- If required in order to obtain professional advice;
We also keep track of the internet addresses from which users visit us, and track the page(s) on our site which you visit. This is so we can analyse this data for trends and statistics.
When we may obtain information
You do not have to supply any information simply to visit our website.
We may receive personal information from you when you:
We may also receive your personal information from a US-based company called Yodlee, Inc. ( including its subsidiaries, together referred to as “Yodlee”). Yodlee is the company we use to access your banking transaction data (its software lets you add details of the accounts which you want to include in our Service, i.e. account aggregation). Please see below for further information on Yodlee.
How we use personal information
We use the personal information we collect to enable us to improve our Service and to better understand your needs.
In particular, we collect, store and process your personal information for the following reasons:
Sharing of your personal information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also share your personal information with third parties in the following circumstances:
We may disclose your personal information to third parties:
Your access to the information we hold
You are legally entitled to request modification or deletion of your personal data, or deletion from the registered user’s database at any time. Modification or deletion of data shall be effectuated on the basis of an appropriate notice addressed to email@example.com.
Third Party Links
It is a possibility that personal information which we collect from you may be transferred to, and stored in, countries outside the European Economic Area (the “EEA”) and/or may be processed by staff located outside the EEA. Due to having different legislation, such countries may not offer the same levels of data protection as the UK. You agree to this transfer, storage and processing when you input your personal information.
We will, of course, take all steps which we consider to be reasonably necessary to keep your data secure. However, transmission of information via the internet is not entirely secure and we cannot, therefore, guarantee the security of any data you send to our app or website via the internet. Your personal information (and other information which we have collected or received) will be retained to the extent required by applicable laws and as we may require for operational and legal purposes.
If your account is deleted by you, the data will be promptly deleted from our systems and we will subsequently be unable to access it. However, we reserve the right to continue to use any anonymised statistical data which we created during your use of our Service.
When setting up your Bean account, you will be able to opt into receiving marketing communications from us.
We will, however, only send you marketing communications by e-mail, phone call, push notification, letter or text message concerning services, opportunities or goods which are similar to those which you have previously purchased or expressed an interest in or if you have consented to such communications from us.
You can change your marketing preferences at any time in the platform at any time or by contacting us at firstname.lastname@example.org.
If you have any questions or comments on this policy, please contact us at email@example.com.