TILLIT Limited (“TILLIT”, “we”, “our”, “us”) is registered in England & Wales with company number 12357713. We are authorised and regulated by the Financial Conduct Authority (FRN 983417). We are committed to protecting your privacy and complying with applicable data protection and privacy laws. This privacy notice (Notice) is designed to help you to understand what kind of personal data we collect and how we process and use such data. It also sets out your rights in relation to how we look after your personal data.
We act as a data controller for the personal data we hold about you.
Our products or services may contain links to a third party’s website or service. Unless that third party is processing your personal data on our behalf, we are not responsible for the privacy policies or practices of such a third party. We recommend that you carefully read the privacy notice for such third parties.
We collect your personal data typically when you register for our services, make a purchase, enter a sales promotion or otherwise interact with us. Below are examples of the categories of the data we collect on you.
For the most part, you may visit our websites without having to identify yourself. However, certain technical information is normally collected by us as a standard part of our services. This information relates to your IP-address, information about your device and other technical information your browser provides us with, and metadata about your use of our websites (such as when you use the website and how you interact with content). If you call us, additional information such as your telephone number may be saved as a standard part of that communication.
To allow us to provide you with the products and services you have requested, or to communicate with you, we may ask you to provide us with certain information such as your name, date of birth or age, email address, home or postal address, or financial situation. In registering for our services, you create usernames, passwords and other credentials that we use to authenticate you and to validate your actions. You may send us copies of your personal identity documents or details about other financial products to which you may be a party.
You may also indirectly provide us with information through your consents, preferences and feedback.
We collect details of the queries or requests you have made, the products and services provided, details of agreements between us, records of contacts and communications, information and details relating to the content you have provided us with and other such transactional information. We may, in accordance with applicable law, record your communication with our customer care or with other similar contact points.
We may obtain personal data about you from third party sources such as social media analytics.
We collect and process your data for one or more of the following grounds:
We use your personal data as is necessary to provide you with our products and services in line with our overall contract. We process and use your personal data to provide you with a personalised service and the product or service you have requested, to fulfil your other requests, process your order(s), and as otherwise may be necessary to perform or enforce the contract between us.
We are required by to process and store some of your data in order to fulfil our regulatory obligations. We may capture and share your personal data with organisations who can confirm your identity and provide information necessary to prevent fraud or other financial crimes. We may also be required to share your personal details where requested by legal authorities or the Financial Ombudsman.
Where you have given your informed consent, we will process your data in accordance with the permission you have given us and this Notice. You may withdraw your consent at any time.
Taking into account your interests, we process your personal data for the following purposes:
We process and use your personal data to ensure the functionality and security of our products and services, to identify you and the instructions you give us, and to prevent and detect fraud and other misuses.
We process and use your personal data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalise our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customised content and advertising. We may combine personal data collected in connection with your use of a particular product and/or service with other personal data we may hold about you, unless the purpose for which we collected that data is incompatible with amalgamation.
We process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalised marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services. When contacting you for the purpose of marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing.
We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.
In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems) or wind down planning to protect your interests. This may involve a transfer of your personal data to a third party (see below).
Your information is shared with employees of TILLIT who require it to run your account, resolve any issues or queries, improve our product and services or contact you about features you may be interested in where we have your consent to do so. Some of your personal data is also shared with third parties for the following services, or as obligated by law.
As part of our onboarding checks we search your record at credit agencies. This leaves a ‘soft footprint’ on your file which is not visible to lenders and does not impact your credit rating.
We never sell any of your personal information.
We will only keep your personal data for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. In general, we will delete redundant account information within 14 days of our relationship ending. However, we are obliged to keep certain records of our relationship to comply with the certain regulations and legal requirements, in which case we will instead restrict access through our archiving processes. Subject to any actual or potential legal claim, the maximum time that we envisage retaining any of your information is five years after the end of the relationship, after which time it will be destroyed.
Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information.
You have the right to request information and access to the personal data we hold about you.
You also have the right to request that we correct or delete any incomplete, incorrect, unnecessary or outdated personal data we hold on you. However, we cannot delete such personal data that is necessary for compliance, our binding legal obligations or if the personal data must be retained according to applicable laws, or is required for the exercise or defence of a legal claim.
In case you consider your personal data collected by us to be inaccurate but you do not wish your personal data to be deleted; if we have used your personal data unlawfully; or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration, you may request restriction of processing of your personal data.
You may also at any time object to your personal data being processed for direct marketing purposes, sending promotional materials, or for the performance of market research. Further, where your personal data is processed based on your consent, you have the right to withdraw your consent for such processing at any time.
In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred in the marketing materials or below in this Notice. In some cases, especially if you wish us to delete or cease the processing of your personal data, this may also mean that we may not be able to continue to provide the services to you.
Please note that we may need to identify you and to ask for additional information in order to be able to fulfil your above requests. Please also note that applicable law may contain restrictions and other provisions that relate to your above rights.
A cookie is a small piece of code, sent from a website sends to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service.
You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website.
The types of cookies we use are:
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
If you want more information about how cookies operate, or how to manage them, please visit About Cookies.
We may change this Notice from time to time. You should check this Notice occasionally to ensure you are aware of the most recent version.
This Notice was last updated on 31 July 2023.