Last updated: June 2018
Protecting your personal information is extremely important to us at Yoma. It’s especially important for a digital company like ours, as our customers trust us to look after a huge amount of information and their customers. The way we collect and share your information is equally important. This policy tells you how we collect and process your personal and personal business information. Please take a few minutes to read it and show it to anyone else connected to the policy.
What does this policy cover?
What is personal information?
When we talk about personal information we mean information about an individual that can identify them, like their name, address, e-mail address, telephone number and financial details. It can relate to customers, employees, shareholders, business contacts and suppliers. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.
What information do we hold?
We may collect and process the following personal information about you. In most cases this will be limited to business information that relates to you, how these have an impact on our products and services that may be of interest to you and how we manage our relationship:
|TYPE OF DATA||DESCRIPTION||EXAMPLES OF HOW WE USE IT|
|Consent & preferences||
|Open data & public records||
Where do we get our information from?
- Information you give us directly (when you fill in forms or contact us by phone, e-mail etc.).
How do we use your information?
We use personal information that we hold about you:
- To carry out our responsibilities resulting from any agreements you’ve entered into with us and to provide you with the information, products and services that you’ve asked from us.
- To provide you with marketing information about services and products we offer across the Yoma group which may be of interest to you. Based on your marketing preferences, we may deliver this information by post, telephone, e- mail, SMS or personalised online marketing via our own systems such as social media platforms and/or other third party websites e.g. YouTube. We will not sell your data to third parties for them to market to you. We may also send marketing to you using our “legitimate interests”, please see below for further information.
- To tell you about changes to our services and products.
- To comply with any applicable legal or regulatory requirements.
- For carrying out market research, statistical analysis and customer profiling to help us to improve our processes, products and services and generate new business (e.g. to understand digital behaviours, identify financial attitudes and develop more engaging communications).
- To run our business in an efficient and proper way. This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance, and audit.
- For any other purpose that we’ve agreed with you from time to time.
When you apply for a product or to receive a service from us, the application form you fill out or the resulting contract may contain additional conditions relating to the way we use and process your personal information. These will apply in addition to the above uses. In some cases, we may use systems to make automated decisions (including profiling) based on the personal information we have, or collect from others. These may include:
- Personalizing the content and design of communications and online services.
- Determining when to provide tailored servicing communications and the appropriate channel(s) to use.
Using your information in accordance with data protection laws
- Providing our contracts & services to you: We’ll process your personal information to carry out our responsibilities resulting from any agreements you’ve entered into with us and to provide you with the information, products and services you’ve asked from us, which may include online services.
- Complying with applicable laws: We may process your personal information to comply with any legal obligation we’re subject to.
Legitimate interests: To use your personal data for any other purpose
interests". It’s in our legitimate interests to collect your personal data as it
provides us with the information that we need to provide our services to you
more effectively. We may use your information to:
- Carry out market research and product development, which can include creating customer demographics and/or profiling. We may sometimes work with carefully selected third parties to do this, for example using advertising services provided by organisations such as Google or Facebook and may share data with them, which could be combined with the information they hold about you.
- Continue to send marketing information, via post only, to customers who purchased a product before 25th May 2018 and did not opt-out, until such time as they have reviewed their marketing preferences (which can be done at any time).
- Develop and test the effectiveness of marketing activities.
- Develop, test and manage our brands, products and services.
- Study and also manage how our customers use products and services from us and our business partners.
- Manage risk for us and our customers.
This requires us to carry out an assessment of our interests in using your personal
data against the interests you have as a citizen and the rights you have under data
- Consent: We may provide you with marketing information about our services or products where you’ve provided your consent for us to do so. You may opt out of marketing at any time by e-mailing or telephoning our account management team. Alternatively, you can also use the Contact Us section of our website.
Please be aware that the personal information you provide to us, and which we collect about you, is required for us to be able to provide our services to you and without it we may not be able to do so.
How long do we keep your information for?
We’ll keep your personal information in accordance with our internal retention policies. We’ll determine the length of time we keep it for based on the minimum retention periods required by law or regulation. We’ll only keep your personal information after this period if there’s a legitimate and provable business reason to do so.
Who do we share your personal information with?
We’ll only disclose your information to:
- Third-party suppliers, contractors and service providers for the purposes listed under “How do we use your information” above.
- Selected third parties, so that they can contact you with details of the services that they provide, where you have expressly opted-in or consented to the disclosure of your personal data for these purposes.
- The government (e.g. HMRC)
Additionally, we may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we’ll disclose your personal data to the prospective seller or buyer of such business or assets.
- If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If you have been dealing with a financial adviser, we’ll provide information about your product and, where appropriate, with other information about your dealings with us, to enable the adviser to give you informed advice.
- In order to enforce or apply the terms of any contract with you.
- If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements.
If you’ve been introduced to us by another company (such as hosting company), we may share your information with them to enable them to:
- Carry out market research, statistical analysis and customer profiling.
- Where you have consented, send you marketing information by post, telephone, e-mail and SMS about their products and those of carefully selected third parties.
- Assist you with your application process (e.g. hosting companies or Financial services)
Transferring your data outside the EU
We’ll only transfer your data to a recipient outside the EEA where we’re permitted to do so by law (for instance, (A) where the transfer is based on standard data protection clauses adopted or approved by the European Commission, (B) where the transfer is to a territory that is deemed adequate by the European Commission, or (C) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards, etc.).
Unfortunately, sending information via e-mail is not completely secure; anything you send is done so at your own risk. Once received, we will secure your information in accordance with our security procedures and controls.
You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on the Information Commissioner’s website. If you wish to exercise any of these rights, please get in touch with our account management team. Alternatively, you can also use the Contact Us section of our website.
Contacts and complaints
your rights, including changing your marketing preferences, please get in
touch with your usual account management contact. Alternatively, you can
also use the Contact Us section of our website.
If you have any concerns about the way we process your personal data, or
are not happy with the way we’ve handled a request by you in relation to your
rights, you also have the right to make a complaint to the Information
Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Data Protection Officer
Yoma has appointed a Data Protection Officer to provide independent expert
advice and monitor compliance with data protection laws:
Name: Kimberley England
E-mail address: [email protected]
Address: Yoma, Unit 12, The Matchworks, Speke Road, Garston, Liverpool, L19 2RF