1. Scope of Policy
1.2. This policy applies together with the Terms and Conditions of the product(s) (as applicable) to your use of:
a. our website at www.enumis.com (the "Site") including, without limitation, the Online Account functionality (“Online Account”);
b. the Enumis App ("App") that you download onto a mobile telephone or handheld device ("Device");
c. the Enumis API functionality that may be available to you; and
d. any of the services accessible through the App or the Site (the "Services").
1.3. It also explains your rights under the law relating to your personal data.
2. What personal information do we collect
2.1. The information we collect may depend on the product or service you apply for or provided to you. We will collect information that you submit to us, including information in communication with us, or where we're required to collect the information to enable us to perform our legal or contractual obligations necessary to provide you with the products or services, we will collect information from third party sources.
2.2. This will include the collection of:
a. Submitted Information: information you give us about you by filling in forms on the App and/or the Site, or by corresponding with us (for example, by e-mail or via the App and/or the Site). It includes information you provide when you register to use the Site, App, download or register the App, subscribe to any of our services, enter into any transaction on the App or the Site, when you report a problem with the Services, App or the Site. If you contact us, we will keep a record of that correspondence. The information we obtain is but not limited to: name, address, date of birth, email address, contact number(s), username, password, access code and other registration related information, details of your other bank accounts, IBAN, details of your debit or credit cards, identification documents including utility bills and other proof of address, employment information, financial information, income and expenditure information, special personal information* (eg health information), credit & financial history, county court judgements, bankruptcies;
b. Technical Information: information about you and your device, your visits and usage of the Site, the App and the API:
i. technical information such as website usage, preferences & interests, browser type and usage, operating system, your IP address(es), Internet Service Provider, user demographic information, statistical information about your use of our services, your login information, and version, time zone setting, browser plug-in types and versions, Device information, a unique device identifier such as IMEI number or MAC address, or the mobile phone number used by the Device), mobile network information, your mobile operating system;
ii. usage and visit information such as the full uniform resource locators (URL), clickstream analysis to, through and from our site, services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, device information;
iii. transaction information such as amount, date, time, currencies, exchange rates, beneficiary details, payer details, merchant details for the transaction, ATM details for the transaction, IP address of sender and receiver, name and registration information of sender and receiver, messages accompanying the payment, information on the device used to facilitate the payment and the payment instrument;
c. Location Information: information about your location such as your mobile or device’s GPS information, mobile network information and your IP address to determine your location. Some of our fraud prevention and detection systems require this information to be able to work. These features require your consent to your data being used for this purpose. You can withdraw your consent at any time by disabling location permission for the App in your Device;
d. Third Party Information: Information that helps us deliver the service to you. We may need to work with third parties in order to help us deliver our Service to you. These third parties include business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions. Please see the 'Disclosure of your Information' section for more information.
2.3. Special Personal Information*
b. Any personal information about you relating to criminal convictions or offences may only be used by us when authorised by law.
3. How we collect your personal information
3.1. We may collect your information in a number of ways
a. When you make an application or enquiry to us either by phone, email, our website, by a third party or by any other means;
b. When we receive Information from a third party, such as checks with a third party, including but not limited to credit reference agencies or fraud prevention agencies, or where you have agreed for your information to be shared with us, for example, if you have been introduced to us by another company;
c. When you participate in promotions, market research and competitions provided by us, or on our behalf;
d. By adding reviews, posts or interacting with us or others using social media;
e. When you use our App, API or Site.
f. When we may need to obtain up to date information about you to meet our legal or regulatory obligations.
g. Where you have given permission for your information to be provided to us.
4. How we use the personal information
4.1. We can only use your personal information where it falls into one or more of the following categories:
a. it is necessary to fulfil a contract we have with you;
b. you have provided your consent;
c. we have a legal or regulatory obligation to do so;
d. it is necessary to carry out a task which is in the public interest;
e. it is necessary to protect your vital interests; or
f. it is in our legitimate interest to do so and it is not against your rights.
4.2. Use of each type of information:
a. Submitted Information: We will use this information:
i. to carry out our obligations with respect to any transactions you enter into with us, including account payments, ATM Withdrawals and card purchases and to provide to you information, products and services that you request from us;
ii. to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
iii. to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. Please see the section on 'Third Party Services' below for more information;
iv. to verify your identity to protect against fraud, comply with financial crime laws and to confirm your eligibility to use our products and services;
v. to notify you about changes to our service;
vi. to ensure that content from our site is presented in the most effective manner for you and for your computer.
b. Device Information: We will use this information:
i. to administer our App, API or Site, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
ii. to improve our App, API or Site to ensure that content is presented in the most effective manner for you and for your Device(s);
iii. to allow you to participate in interactive features of our service, if you choose to do so;
iv. as part of our efforts to keep our App, API or Site safe and secure;
v. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
vi. to make suggestions and recommendations to you and other users of our App, API or Site about goods or services that may interest you or them;
vii. to verify your identity, protect against fraud, comply with anti-financial crime laws and to confirm your eligibility to use our products and services; and
viii. to comply with our regulatory obligations.
c. Location Information: We will use this information:
i. to deliver relevant advertising to you, for example, information on nearby merchants;
ii. to protect against fraud;
d. Third Party Information: We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information:
i. to help us better understand your financial circumstances and behaviour so that we may make decisions about how we manage your Enumis Account;
ii. to process applications for products and services available through us including making decisions about whether to agree to approve any applications; and
iii. for the purposes set out above (depending on the types of information we receive).
4.3. We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this policy for as long as it is combined.
4.4. To help us better understand you and your requirements and provide you with information about other products which may be suitable and relevant, we may use your personal data to create a profile of you and your circumstances. This allows us to more accurately provide services to you. We believe we have a legitimate interest to do this and that it is not against your rights.
4.5. Where we have a copy of your personal information we may contact you to ask you to provide a review about the services you’ve received or where we are carrying out market research which may help us design future products and services or to help improve our current services.
4.6. We are required to process your personal information where there is a legal or regulatory obligation on us to do so, for example, to adhere to anti-money laundering regulations and our regulatory commitments set out by the Financial Conduct Authority.
4.7. If you make an enquiry or complaint with us, we will use your personal information to investigate the complaint and deal with your enquiry. We have a legal and regulatory obligation to deal with your complaint appropriately.
4.8. As part of our legitimate interest to develop our business and our products we will use your personal information to assess our performance as a business and for statistical analysis. We will use as little personal information as we can to achieve this. We may also share this information with third parties who provide us with services and where we have a contractual obligation to do so.
4.9. We have set out below a description of all the ways we use your personal data as stated above, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
4.10. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Below we describe all the ways we may use your personal data and the legal basis on which we rely on to do so. Where appropriate our legitimate interest is also detailed:
What we use the information for
Type of Information
Reasons for Use
5. Who We Disclose Your Information To
5.1. We may disclose the data we collect from you to third parties who may use personal data to help us deliver services to you. We will have strict contractual contracts in place with any provider who directly provides us with such services to ensure they use personal data securely and confidentially and that they comply with their data protection obligations. This will include ensuring they have appropriate security measures in place.
5.2. We may share the personal data with the following organisations:
a. Information Technology service providers who provide IT services or technology platforms. This includes Cloud system and storage providers.
b. Fraud prevention agencies who assist to verify your identity, protect against fraud, comply with anti-money laundering laws, counter terrorist financing laws and to confirm your eligibility to use the products and services. If fraud is detected, it could result in you being refused certain services, finance, or employment. Further details of how your information may be used by us or fraud prevention agencies and your data protection rights can be obtained by contacting us at firstname.lastname@example.org
c. Banks and financial services providers who help provide the Services including payment and transaction processors, intermediary banks and international payment providers.
d. Credit reference agencies that assist with assessing a credit score.
e. Printers, card manufacturers and delivery companies that help to create and deliver physical cards, information packs and other communication to you.
f. Advertisers, social media and analytics providers such as Facebook, Google, Twitter, Instagram that we use for our social media accounts. We also use analytics providers to assist with improvements to the Site.
g. Enumis subsidiary or group companies
h. Communication providers such as telephone, SMS and email services.
i. Third parties who may have introduced you to our services.
5.3. We may also share your personal information where we have your consent to do so or where we’re required to do so under a legal or regulatory obligation or court order, such as the police, local authorities or the courts.
5.4. We may share your personal information in order to:
a. enforce or apply the Terms and Conditions of products and services we provide to you and/or any other agreements between you and us or to investigate potential breaches; or
b. protect Enumis, our customers and others rights, property or safety. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and management.
5.6. We may partner with third parties to offer you co-branded services or promotional offers. In order to provide these services to you and to allow us and any associated third party to optimise the offering to you, we will share some of your personal data with such third parties. We will obtain your express opt-in consent before we share your personal data with any company outside the Enumis group.
5.7. You can withdraw your consent at any time after giving your explicit opt-in consent by contacting us at email@example.com.
6. Storage Security and International Transfers
6.1. Your personal information will be stored within the European Economic Area (EEA).
6.2. We will only share your personal information outside the European Economic Area (EEA): where we have your consent; to comply with a legal obligation; or where we work with a business partner or provider to enable us to provide you with our services, and they process information outside of the EEA; where we need to fulfil our contractual obligations in providing the service to you for example, making international payments.
6.4. More information on this can be found on the European Commission Justice Website.
6.5. All information you provide to us is stored on secure servers. Any payment transactions carried out by us or via our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology or a secure virtual private network. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App, API and/or our Site, you are responsible for keeping this password confidential. You should not share a password with anyone.
6.6. The transmission of information via the internet is not completely secure. We will do our best to protect your personal data but we cannot guarantee the security of your data transmitted to our App, API or our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Retention Of Your Personal Information
7.1. We will keep a record of your personal information to provide you with the best service possible and where we’re required to keep your personal information to meet our legal and regulatory obligations whilst you continue to be our customer. We are obliged under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain data for a minimum period of 5 years.
7.2. We will normally keep personal data for at least six years, starting from the date when we are no longer providing you with a service. We will retain telephone calls for at least six years from the date the call was made.
7.3. After this time we will delete the information or anonymise the information so that it cannot be linked back to you.
8.1. We take the protection of personal information very seriously, and we will maintain appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided. Such measures include:
a. Company security policies and standards.
b. Staff security awareness.
c. Role-based access controls to prevent unauthorised access to the information.
d. Encryption and anonymisation technology.
e. Anti-malware technologies.
f. Security monitoring.
g. Security testing.
h. Secure archiving and deletion.
i. Compliance with industry regulation and legislation.
9. Data Controller And Contacting Us
9.2. We are the data controller responsible for your personal data and we are registered with the Information Commissioner's Office with reference number Z2767919.
9.3. Data Protection Officer - We have appointed a data protection officer ("DPO"). Our DPO has a number of important responsibilities including:
a. monitoring our compliance with the GDPR and other data protection laws;
b. raising awareness of data protection issues, training our staff and conducting internal audits; and
c. cooperating with supervisory authorities such as the ICO on our behalf.
9.4. If you have any questions or queries about how we use your personal information you can contact us or our Data Protection Officer using the address or email below:
Data Protection Officer
9.5. If you are not happy with how we process your personal information you should contact us. If you’re not happy with how we have dealt with your complaint, you have the right to make a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/.
10. Your Legal Rights
10.1. Access to your personal information. You have a legal right in relation to your personal information and can request from us a copy of the personal information that we may hold about you. This is often called a “Data Subject Access Request”. You can request this information by contacting us as set out in Section 9 above.
a. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
b. As a security measure to ensure that personal data is not disclosed to any person who has no right to receive it we may ask for proof of identity or request specific information to enable us to locate the information and confirm your identity and your right to access the personal data. We will do this before providing this information to you or any other person or company where you have requested the personal information to be sent to..
10.2. You have the right to request to have your personal information corrected if the personal information we hold about you is incorrect. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data you provide to us. You can contact us at firstname.lastname@example.org to request this.
10.3. You have the right to request erasure of your personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Our regulatory obligation to retain certain data for a minimum of 6 years supersedes any right to erasure requests under applicable data protection laws.
10.4. You have the right to request restriction of processing of your personal data. You can ask us to suspend the processing of your personal data in the following scenarios:
a. if you want us to establish the data's accuracy;
b. where our use of the data is unlawful but you do not want us to erase it;
c. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
d. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please be aware a request in relation to the restriction of the processing of your data may mean we are unable to perform the contract we have or are trying to enter into with you. We may therefore have to cancel your use of the Services but we will notify you if this is the case at the time.
10.5. You may have the right to request to transfer your personal data to yourself or another company in a format that can be processed electronically by yourself or the other company. If you want to request this, you’ll need to contact us.
11. Contacting You About Other Products Or Offers.
11.1. We may contact you about other products or services taht we may offer if you have provided us with your consent or where we are legally entitled to do so. We may contact you to let you know about other offers, products and services that we provide which we think you may be interested or that may benefit you. We may do this through post, emails, text messages, telephone, push notifications, social media or other electronic means.
11.2. You can retract your consent to receiving these messages by using the details below, emailing us at email@example.com or unsubscribing using the link or information within the message.
12. We will record any telephone calls you make to us, or we make to you or any other third party. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes. We may keep a copy of the telephone calls for up to six years from the date the telephone call was made.
14. Cookies and how we use them:
14.1. When using Site, we collected some information using 'cookies'. These are small text files that facilitate the processing of your information and enable us to analyse how the website is being used.
14.2. Temporary cookies form part of the security process while you are using the website; permanent cookies identify the link you used to find our website, check your browser so that we can make sure that our website and services work well with your computer and to help us monitor traffic on our website.
14.3. Cookies allow us to provide personalised content and settings.