This Privacy Notice relates to two companies
Tabeo Broker Limited (“Tabeo Broker”) is a limited liability company registered in England and Wales, number 10416530. Its registered office address is C/O Shs, Fifth Floor, The Terrace, 76 Wardour Street, London, England, W1F 0UR. Tabeo Broker is authorised and regulated by the Financial Conduct Authority with permission number 777539. It is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA260247.
Tabeo Limited (“Tabeo Ltd”) is a limited liability company registered in England and Wales, number 10363602. Its registered office address is C/O Shs, Fifth Floor, The Terrace, 76 Wardour Street, London, England, W1F 0UR. It is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA260299.
Tabeo Broker provides services to consumers, including finance (known as “Pay Over Time”) and payment services (the “Payment Services”) to merchants from which you purchase products or services (“Merchants”) so they can receive payments from you, whether in relation to the Products or otherwise.
Tabeo Ltd offers subscription services (known as “Care Plans”).
The provision of Pay Over Time and Payment Services by Tabeo Broker, and the provision of Care Plans by Tabeo Ltd, are together referred to in this Privacy Notice as the “Products”). The Products are provided via mobile application, www.tabeo.co.uk, app.tabeo.co.uk, merchant.tabeo.co.uk and m.tabeo.co.uk (together, the “Apps”).
Where reference is made in this Privacy Notice to Pay Over Time, Payment Services, or the Pay Over Time element of the Products, we are referring to Tabeo Broker. Where reference is made in this Privacy Notice to Care Plans, or the Care Plan element of the Products, we are referring to Tabeo Ltd. Tabeo Broker and Tabeo Ltd both trade as Tabeo.
At Tabeo we are committed to protecting your privacy. This Privacy Notice applies to all users of our Apps and mobile application and any Products customers, including Payment Services customers; in respect of Loan Agreements customers, accepted customers, declined customers (due to credit or fraud risk levels unacceptable to Tabeo); customers who are offered a loan but choose not to take up the offer (with or without any financial transaction); and Merchants. This Privacy Notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please read this Privacy Notice to understand our practices regarding your personal data and how we will treat it.
Please see paragraph 1 which explains in more detail which company will be the controller in relation to the Tabeo Service provided to you. When we mention “Tabeo”, “we”, “us” or “our” in this Privacy Notice, we are referring to either Tabeo Broker or Tabeo LTD depending on which Tabeo Service is being provided. Tabeo Limited is the controller which is responsible for administering the Apps.
If you have any questions about our Privacy Notice or your information, or to exercise any of your rights as described in this Privacy Notice or under data protection laws, you can contact us:
Tabeo, The Directors
25 Wilton Road
London, SW1V 1LW
Anyone processing personal data must comply with the principles of processing personal data as follows:
Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimization – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy – data must be accurate and, where necessary, kept up to date.
Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
This Privacy Notice describes the personal data that we collect, and explains how we comply with these principles.
You can browse our Apps and mobile application as a guest without giving us any information, and we won’t know who you are. However, even if you are a guest, please bear in mind that we may:
record your approximate location and device used during a chat session on our webApps, together with any other information you choose to provide to us;
record the areas of our Apps which you visit and at what times;
record information about your activities in using our Apps; and
collect information about your computer, such as which browser you are using, your network location, your operating system, your IP address and the type of connection you are using (e.g. broadband, ADSL etc.).
We collect the information at 4(a) above through our chat provider, Intercom. This information is stored by Intercom on our behalf and processed according to our instructions pursuant to our GDPR-compliant services agreement with Intercom.
We get personal data from you when you fill in forms on our Apps and mobile application, enter information onto your Tabeo Account or when you communicate with us whether face to-face, by phone, letter, e-mail, chat, app or otherwise. This information may include but is not limited to:
contact information – including your name, address, postcode, and other contact information such as email address and telephone/mobile number;
your date of birth;
your marital status and the number of dependents you have;
your residential status and address history;
your education details and history;
your employer, employment, employment history and salary details;
financial information including the bank or building society account details and details of debit cards or credit cards used to make payments on the Apps and mobile application;
your passwords and security question answers; and
answers to questions required by third party credit reference agencies for identification purposes.
We will obtain information about you from publicly available sources and third parties such as social media platforms and estate agency websites.
We will also check information about you held on our own records and also obtain information from credit reference agencies (https://www.transunion.co.uk/crain) and fraud prevention agencies about you relating to your personal credit behaviour and personal credit accounts.
Records searched at credit reference agencies about you may be linked to your spouse/partner, members of your household or other persons to whom you are linked financially. For the purposes of any application or this agreement you may be treated as financially linked and you will be assessed with reference to `associated records`.
We work with some Merchants who are private healthcare providers, who may provide us with limited health data about you, in respect of a treatment you have financed or paid for by or through the Products. Health data is a special category of personal data. We may also be provided with such limited health data by such Merchants should they contact us in relation to such finance or payment.
If any of the Products we provide to you include a subscription or care plan, we do track which services a customer has received under such subscription or care plan, and provide this data to the Merchant which provided such services.
We do not collect the following Special Categories of Personal Data about you: details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We also do not collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you in relation to the Products. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We use your information to:
provide the services you request from us online on the Apps;
provide you with information that you request from us
make our Apps and mobile application available to you and to identify and provide details of the products and services which you may be interested in;
allow you to participate in interactive features of our service, when you choose to do so;
deliver to you any administrative notices, alerts and communications relevant to your use of the Products;
enrich your experience and interaction with our Apps by allowing you to store your details so that your preferences are retained when you revisit our Apps;
to troubleshoot problems, and to help protect you against fraud or other criminal activity;
to check details on applications for credit and credit related and other facilities;
to manage your Tabeo Account and update the records we hold about you from time to time;
(in respect of borrowers) if you do not repay money you have borrowed, to trace your whereabouts and recover debts or enforce a Loan Agreement; and
for customer service, including answering questions and responding to feedback and complaints.
We consider that this use of your personal data is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
We use your information to carry out financial and identity checks, fraud prevention checks, regulatory checks and credit checks (including, if you are a Merchant, on your directors, officers and certain controlling shareholders), including by using scoring methods and/or other automated decision-making system. We consider that this use of your personal data is necessary for compliance with legal obligations to which we are subject.
Where it is in our legitimate interest in maintaining and administering the Apps and mobile application and marketing and developing the Products do so, we use your information:
analyse Apps and mobile application usage and improve our services;
contact you from time to time to inform you about new features; and
for statistical and modelling purposes including lifecycle modelling, stress testing, fraud modelling, product development, statistical analysis, market research and to improve our products and services.
Where you have consented to receive it we will use a borrower’s information to provide you with information about goods or services offered by other companies that we feel may interest you. You can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences at any time by contacting us in accordance with the “Contacting us” section above.
We may aggregate anonymised information based on your personal data and disclose this to advertisers and other third parties.
We may share your personal data when there is a legitimate reason to do so, for example:
with Merchants so that they can contact you in relation to the relevant Products you are using with them;
with companies and other third parties performing services on our behalf who will only use the information to provide that service;
with other members of our corporate group;
if we sell any of our business or assets, we may disclose your personal data to the prospective buyer for due diligence purposes and our legal advisers; and
if we are acquired by a third party, personal data held by us about you will be disclosed to the third-party buyer.
We will also add to your record with the credit reference agencies details of our Agreement with you, the payments you make under it, and any default or failure to keep to the terms.
In some circumstances, we may have to disclose your personal data by law, because a court or the police or other law enforcement agency has asked us for it.
We will not sell or disclose your data to any third party other than as set out in this Privacy Notice.
What if you’re a borrower under any of the Products?
We may share a borrower’s personal data with third parties for the purposes of:
checking details on applications for Care Plans, credit and other facilities;
collecting money owed by the borrower under any Loan Agreement; and
recovering debts owed by the borrower.
In addition, we may disclose a borrower’s personal data to:
credit reference and fraud prevention agencies to perform similar checks, trace your whereabouts and recover debts you owe. This may include details of your loans on the Apps, how you manage them and any amounts outstanding; and
debt collection agencies and other legal representatives if required to enforce the terms of any Loan Agreement.
What do credit reference and fraud prevention agencies do?
This section of the Privacy Notice explains how your personal data will be used by credit reference and fraud prevention agencies. We consider that this use of your personal data is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. It is also in part necessary for compliance with legal obligations to which we are subject.
When a credit reference agency receives a search from us they will:
make an administrative call with regard to your credit file without leaving a “footprint” on your credit score;
place a credit search “footprint” on your credit file once you have entered into Loan Agreement. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future; and
link together the previous and subsequent names advised by you, of anyone that is a party to the account.
Credit reference agencies will supply the following information to us:
Information about your credit file, including your credit score;
information about you, such as previous applications for credit and similar personal credit information in your name, payment history (including any missed payments), and details of any financial sanctions imposed by the United Kingdom government which are applicable to you;
public information such as County Court Judgments (CCJs) and bankruptcies;
electoral register information on you;
your address history, including how long you have lived at each address;
information about people linked to your credit file; and
fraud prevention information.
Credit reference agencies will keep records of outstanding debt on file for six years after they are closed, whether settled by you or defaulted.
The information which we and other organisations provide to the credit reference agencies and fraud prevention agencies about you may be supplied by credit reference agencies and fraud prevention agencies to other organisations and used by them to:
prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities;
check the operation of credit and credit-related accounts;
verify your identity if you apply for additional Products;
make decisions on credit and credit related services about you;
manage your personal account(s);
trace your whereabouts and recover debts that you owe;
conduct other checks to prevent or detect fraud; and
undertake statistical analysis and system testing.
If false or inaccurate information is provided by you and fraud is identified we will record this and details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
checking details on applications for credit and credit related or other facilities;
managing credit and credit related accounts or facilities;
checking details on proposals and claims for all types of insurance; and
checking details of job applicants and employees.
Please contact us if you want to receive details of the relevant fraud prevention agencies.
We and other organisations may access and use the information about you recorded by fraud prevention agencies from other countries.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that it is safe and protected in a manner that is consistent with how your personal data would be protected by us in the EEA. This can be done in several ways, for instance:
the country that we send the data to might be approved by the European Commission;
the recipient might have signed up to a contract based on “model contractual clauses" approved by the European Commission, obliging them to protect your personal data; or
where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
We would like to provide you with information about our new products, services, promotions, special offers and other information which we think you may find interesting.
If you have registered with us or have previously asked us for information on our products or services, provided you have given us your consent, we may send you information on our range of products and services by phone, email, SMS and/or to your Tabeo Account.
If you decide at any time that you no longer wish to receive marketing phone calls, emails, SMS or messages from us, please contact us using the details in the ‘Contacting Us’ section above.
We will always give you an opportunity to unsubscribe from receiving any marketing from us in each communication we send to you.
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
legal obligations - laws or regulation may set a minimum period for which we must keep your personal data
We will hold your data for 6 years after the end of our relationship with you. For example 6 years after your loan is terminated, or your application is declined, or at any point we have contact with you regarding your application or agreement. Your data is held for this long for statistical and modelling purposes including lifecycle modelling, stress testing and fraud modelling.
If you provide us with your personal data but do not enter into a Loan Agreement, Care Plan or other Product, then we will only hold your data for a maximum of 12 months from the date such data was received.
You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“subject access request”);
You also have the right to receive your personal data in a structured and commonly used format so that it can be transferred to another data controller ("data portability").
We want to make sure that your personal data is accurate and up to date. You have the right to ask us to correct or remove information you think is inaccurate.
You have the right to object at any time to our processing of your personal data for direct marketing purposes.
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
In certain circumstances, you have the right to:
request the erasure of your personal data (“right to be forgotten”);
restrict the processing of your personal data to processing to which you have given your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of others.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
You can exercise any of your rights as described in this Privacy Notice and under data protection laws by contacting the Data Protection Officer.
Save as provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee (subject to any limits imposed by applicable law) taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
If you feel that you would like to make a complaint regarding our use of your personal data, you have the right to take your complaint to the Information Commissioner’s Office (“ICO”). You can report a concern with the ICO by following this link https://ico.org.uk/concerns/ or by calling them on 0303 123 1113.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Apps and mobile application; any transmission is at your own risk.
Where appropriate, we use pseudonymisation and / or encryption to protect your information.
Where data processing is carried out on our behalf by a third party, we will endeavour to ensure that appropriate security measures are in place including to prevent unauthorised disclosure of personal data.
The Apps and mobile application make use of third party solution providers either via direct sourcing of data or via use of third party applications. Your use of those applications is subject to their own privacy policies, which may be amended from time to time. Our current third party solution providers include but are not limited to:
We may review and, if appropriate, update this Privacy Notice from time to time. We will place notice of any such amendments on our Apps and mobile application. Please visit our Apps and mobile application for the most recent version of this Privacy Notice.
This Privacy Notice was last reviewed and updated on 17 September 2018.
Tabeo LTD, incorporated in England & Wales (registration number 10363602), with its registered office at C/O Shs, Fifth Floor, The Terrace, 76 Wardour Street, London, England, W1F 0UR; and Tabeo Broker Limited, incorporated in England & Wales (registration number 10416530), with its registered office at C/O Shs, Fifth Floor, The Terrace, 76 Wardour Street, London, England, W1F 0UR. Tabeo Broker Limited is authorised and regulated by the Financial Conduct Authority and entered on the Financial Services Register, reference number 777539.
©Tabeo Ltd, all rights reserved. By visiting our website you agree to our Cookies policy.