TILLIT Limited (“TILLIT”, “we”, “our”, “us”) is registered in England & Wales with company number 12357713.
This privacy notice tells you what to expect us to do with your personal information.
Our website and all our products and services are not intended for children, and we do not knowingly collect data relating to children.
Please take the time to read this Privacy Notice. If you have any questions about this Privacy Notice or our use of your information and/or personal data, you can contact us at:
This Privacy Notice may change from time to time, and our up-to-date version will always be available on this website.
We are authorised and regulated by the Financial Conduct Authority (FRN 983417). We are committed to protecting your privacy and complying with applicable data protection and privacy laws. This privacy notice (the "Notice") is designed to help you understand what kind of personal data we collect and how we process and use such data. It also sets out your rights concerning how we look after your personal data.
We have appointed a data privacy manager who is responsible for overseeing questions about this Notice. If you have any questions about this Notice, including any requests to exercise your legal rights as a data subject, please contact our data privacy manager using the details set out below.
Full name of legal entity: TILLIT Limited
Email address: privacy@tillitinvest.com
Postal address: 42-46 Princelet Street, London, E1 5LP
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), or any other competent data protection authority in the relevant jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or the other relevant authority, so please contact us in the first instance.
Our websites and our other web-based products or services may include links to third-party advertisers, affiliates, websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, notices, or policies. When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to these websites.
The personal data we hold about you must be accurate and current. Please keep us informed if your personal data changes during your relationship with us.
For the purposes of this privacy notice, the information on how TILLIT LIMITED handles your personal data is confirmed in this policy. TILLIT is registered as a data controller (as defined under European Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) with the UK Information Commissioner’s Office (“ICO”):
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights, which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
If you wish to exercise any of the above-mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for example, if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us using the details below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
Please note that we may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally permitted to deal with the request differently.
There are many reasons why we may legitimately collect and process your information and/or personal data (also known as the legal basis), including:
To fulfil our contract with you
We use your personal data as is necessary to provide you with our products and services in line with our contractual arrangements with you. We process and use your personal data to provide you with a personalised service and the product or service you have requested, to fulfil your other requests, process your order(s), and as otherwise may be necessary to perform or enforce the contract between us.
We are required to do so by law or regulation
We are required by law to process and store some of your data in order to fulfil our regulatory obligations. We may capture and share your personal data with organisations that can confirm your identity and provide information necessary to prevent fraud or other financial crimes. We may also be required to share your personal details where requested by any competent legal or regulatory authorities or the Financial Ombudsman Service.
You have provided us with your consent
Where you have given your informed consent, we will process your data in accordance with the permission you have given us and this Notice. You may withdraw your consent at any time.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
Where we have a Legitimate interest in using your data.
We may process your information in the day-to-day running of our business, to manage our business and financial affairs, and to protect our customers, employees, and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests.
Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.
Communicating with you and marketing
We may process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalised marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services, or promotions to you via our own or third parties’ electronic or other services. When contacting you for marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you wish to unsubscribe or opt-out from any third-party websites, you must go to that specific website to unsubscribe or opt-out.
If you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a purchase, warranty registration, product/service experience, or other transactions.
Profiling
We may process and use your personal data for profiling purposes aimed at targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing or predicting your personal preferences or interests to, for example, send you marketing messages concerning products or services best suitable to you.
You can ask us to stop processing your personal data for marketing profiling purposes by following the marketing preferences links on any marketing message sent to you or by contacting us at any time.
Business continuity
In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems) or wind down planning to protect your interests. This may involve a transfer of your personal data to a third party (see below).
We collect or use your personal data typically when you enquire about or register for our services, open an account, for promotion/marketing purposes, to comply with a legal requirement, or otherwise interact with us. Below are examples of the categories of the data we collect on you.
Technical Information
For the most part, you may visit our websites without having to identify yourself. However, certain technical information is normally collected by us as a standard part of our services. This information relates to your IP-address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, including metadata about your use of our websites (such as when you use the website and how you interact with content). If you call us, additional information such as your telephone number may be saved as a standard part of that communication.
Information you provide us
To allow us to provide you with the products and services you have requested, or to communicate with you, we may ask you to provide us with certain information such as your name, title, nationality, date of birth or age, email address, home or postal address history, telephone number, national insurance number and bank details or financial situation. In registering for our services, you create usernames, passwords, and other credentials that we use to authenticate you and to validate your actions. You may send us copies of your personal identity documents or details about other financial products to which you may be a party. We receive and act upon trading instructions, track and monitor cash movements, and may from time to time collect data such as identifiers about other investment accounts in the event you choose to transfer into or out of TILLIT from another provider.
You may also indirectly provide us with information through your consents, preferences, and feedback.
Your transactions with us
We collect details of the queries or requests you have made, the products and services provided, details of agreements between us, records of contacts and communications, information and details relating to the content you have provided us with, details about payments to and from you, and other such transactional information. We may, in accordance with applicable law, record your communication with our customer care or with other similar contact points.
Marketing information
We may also collect information regarding your preferences in receiving marketing from us and our third parties, as well as your communication preferences.
Personal data obtained from third parties
We may obtain personal data about you from third-party sources such as social media analytics platforms.
Aggregated data
We also collect, use, and share aggregated data, such as statistical or demographic data, for any purpose. Aggregated data could be derived from your personal data, but it is not considered personal data in law, as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Notice.
In certain circumstances, we process your personal data based on our legitimate interests, where such processing is necessary and proportionate and does not unduly affect your rights. This legal basis applies primarily in situations where we have a genuine and reasonable business interest, and where processing is essential to support and grow our services.
Our legitimate interests include:
Product and Service Development
We may process data to help improve and develop our products and services. This includes analysing usage trends, customer feedback, and market performance to inform product enhancements and innovation. These insights allow us to remain competitive, meet evolving client needs, and deliver better value.
Business Continuity and Operations
We use personal data to ensure the resilience of our services and systems. This includes data processing for disaster recovery, service continuity planning, and maintaining essential internal records. Such activities are vital for upholding our obligations to clients and regulatory bodies in the event of disruptions.
Fraud Prevention and Security
We process data to protect our business, clients, and the financial ecosystem from fraud, money laundering, and cyber threats. This involves monitoring transactions, verifying identities, and applying security controls to detect and prevent suspicious activity in compliance with regulatory expectations.
Client Communications and Marketing
We may use your contact details to send you information about products or services similar to those you already hold with us. This form of direct marketing is based on our legitimate interest in developing our client relationships and keeping you informed. You can opt out of these communications at any time.
Regulatory Support and Risk Management
Although many of our regulatory obligations are based on legal requirements, we also process personal data to support broader compliance and risk management practices. This includes maintaining audit trails, managing internal governance, and preparing for regulatory reviews and reporting.
We only share your personal data if it is necessary to do so to provide our services to you or enhance our relationship with you. Whenever we share your personal data with a third-party provider, we ensure that this is done so in accordance with applicable data protection laws by implementing appropriate measures to maintain the security and confidentiality of your personal data, and to ensure that your personal data is used in accordance with this Privacy Notice. We may share your personal data with the following categories of recipients:
In all circumstances that we share personal data with a third party, we only do so to the extent that it is required for them to provide their services to us. At all times, your personal data must be processed following (i) this Privacy Notice; and (ii) any additional data protection terms, incorporated into the agreement that we have with them, which are no less stringent than the protection afforded by this Privacy Notice.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only keep your personal data for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we relied when collecting it. We retain copies of our customer contracts to enable us to deal with any legal issues, along with the information provided to us for identification and verification checks and anti-money laundering checks for a minimum of 6 years after the termination or expiry of our relationship with you. Where possible, we will delete redundant account information within fourteen (14) days of our relationship ending. We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any court or competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we can produce records as evidence, if needed, to those respective authorities.
Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information or until your previously given consent is deemed to have expired and is not renewed by you.
When we share your information with third parties, they will process your information and/or personal data as either a data controller or as our data processor, and this will depend on the purposes of our sharing your information and/or personal data with such third parties. We will only share your information and/or personal data in compliance with the applicable data protection laws and regulatory requirements.
We may disclose your information:
Where necessary, we transfer personal information outside of the UK. When doing so, we ensure full compliance with the UK General Data Protection Regulation (UK GDPR) by implementing appropriate safeguards to protect your data.
We currently engage the following carefully selected third-party service providers, some of whom process personal data outside of the UK:
We continuously monitor our third-party relationships to ensure that your data remains protected and is processed only for the specific purposes for which it was collected. If you would like more details on these safeguards or our data processing partners, please contact us using the details set out in the "Contact Us" section.
If you have any questions about our data transfer practices or wish to obtain more details, please contact us at privacy@tillitinvest.com
We may share some broader statistics and customer profiling information with third parties, but the information or data will be anonymised, so you will not be identifiable from that data. We do not rent or sell your personal data and/or information details to any other organisation or individual.
Our main storage and back-up database is located on secure servers in the Republic of Ireland.
Ireland is part of the European Economic Area (EEA), and the UK Government has recognised the EEA (including Ireland) as providing an adequate level of data protection. This means that your personal data is afforded a level of protection that meets UK legal standards under the UK General Data Protection Regulation (UK GDPR).
All personal data is handled in accordance with applicable data protection laws, including the Data Protection Act 2018 and UK GDPR. We ensure appropriate technical and organisational measures are in place to safeguard your data against unauthorised access, alteration, disclosure, or destruction.
If you would like more information about how and where your data is stored, or about our data protection practices, please contact us using the details provided in the "Contact Us" section of this policy.
If you wish to contact us, please send an email to privacy@tillitinvest.com or write to 42-46 Princelet Street, London, E1 5LP, or contact support via www.tillitinvest.com.
Our website uses cookies to allow customers to access the services and to give us an overall view of visitor habits and visitor volumes. To view more information on what cookies we use and how we use them, please review our separate Cookies Policy, which can be found at tillitinvest.com/cookies
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
We may change this Notice from time to time. You should check this Notice occasionally to ensure you are aware of the most recent version.
This Notice was last updated May 25.