Tabeo | Privacy Policy

Privacy Policy

  1. INTRODUCTION

    1. This Privacy Notice relates to two companies

      1. Tabeo Broker Limited (“Tabeo Broker”) is a limited liability company registered in England and Wales, number 10416530. Its registered office address is C/O Fox Williams, 10 Finsbury Square, Finsbury, London EC2A 1AF. Tabeo Broker is authorised and regulated by the Financial Conduct Authority with permission number 777539. It is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA260247.

      2. Tabeo Limited (“Tabeo Ltd”) is a limited liability company registered in England and Wales, number 10363602. Its registered office address is C/O Fox Williams, 10 Finsbury Square, Finsbury, London EC2A 1AF. It is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA260299.

    2. When we mention “Tabeo”, “we”, “us” or “our” in this Privacy Notice, we are referring to either Tabeo Broker or Tabeo Ltd depending on which Tabeo Service is being provided.

    3. Tabeo Ltd and Tabeo Broker each works with healthcare professionals and other businesses registered with them (“Merchants”) and consumers who purchase, or intend to purchase, goods or services from Merchants (“Customers”).

    4. For Merchants, Tabeo Broker provides Merchants with loan servicing where the Merchant itself will provide credit to customers (“Loan Servicing”) and provides payment services to allow Merchants to take payments directly from their Customers (“Payment Services”), and Tabeo Ltd offers Merchants certain marketing services (“Px Suite”).

    5. For Customers, Tabeo Ltd arranges subscription services for Customers (“Subscriptions”).

    6. For both Merchants and Customers, Tabeo Broker connects Merchants and Customers with lenders so Customers can access credit (with or without interest) when purchasing goods or services from Merchants (“Finance”).

    7. The provision of Finance and Payment Services by Tabeo Broker, and the provision of Subscriptions or Px Suite by Tabeo Ltd, are together referred to in this Privacy Notice as the “Products”. The Products are provided via our mobile application, www.tabeo.co.uk, app.tabeo.co.uk, merchant.tabeo.co.uk, leads.tabeo.co.uk and any other platform we may develop from time to time for the purpose of providing the Products (together, the “Apps”).

    8. Where reference is made in this Privacy Notice to Finance, Payment Services, or the Finance element of the Products, Tabeo Broker is the controller of your data. Where reference is made in this Privacy Notice to Subscriptions, or the Subscriptions element of the Products, Tabeo Ltd is the controller of your data. Tabeo Ltd is also the controller which is responsible for administering the Apps.

    9. At Tabeo, we are committed to protecting your privacy. This Privacy Notice applies to all users of our Apps, including our customers and prospective customers, and Merchants. This Privacy Notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please read this Privacy Notice to understand our practices regarding your personal data and how we will treat it.

  2. CONTACT US

    If you have any questions about this Privacy Notice or your information, or wish to exercise any of your rights as described in this Privacy Notice, you can contact us as follows:

    By post:

    FAO Data Protection and Security Officer

    Tabeo Limited and Tabeo Broker Limited

    Victoria Spaces

    25 Wilton Road

    London

    SW1V 1LW


    By email:
    [email protected]

  3. DATA PROTECTION PRINCIPLES

    1. Anyone processing personal data must comply with the principles of processing personal data as follows:

      1. Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.

      2. Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

      3. Data minimization – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

      4. Accuracy – data must be accurate and, where necessary, kept up to date.

      5. Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

      6. Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

    2. This Privacy Notice describes the personal data that we collect, and explains how we comply with these principles.

  4. WHAT INFORMATION DO WE COLLECT?

    Technical information we collect

    1. You can browse our Apps as a guest without giving us any information, and we won’t know who you are. However, even if you are a guest, please bear in mind that we may:

      1. record your approximate location and device used during a chat session on our Apps, together with any other information you choose to provide to us;

      2. record the areas of our Apps which you visit and at what times;

      3. record information about your activities when using our Apps; and

      4. collect information about your computer, such as which browser you are using, your network location, your operating system, your IP address and the type of connection you are using (e.g. broadband, ADSL etc.),

      (referred to as “Technical and Usage Data”).

    2. We collect the information above (except the information described in section 4.1a)) by using cookies and other tracking technologies (“Cookies”). Cookies are very small text files that are stored on your device when you visit some websites. Please click here to access our Cookie Policy which explains what Cookies we use on our Apps.

    3. We collect the information at 4.1(a) above through our partner FullStory. This information is stored by Intercom on our behalf and processed according to our instructions pursuant to our GDPR-compliant services agreement with Intercom.

      What information do we get from you?

    4. You may provide us with personal data when you:

      1. use the Apps (e.g. when filling in forms);

      2. enter information onto your Tabeo Account; or

      3. communicate with us whether through the Apps or otherwise.

    5. This information may include but is not limited to:

      1. Biographical information, including your name, your date of birth, your marital status, the number of dependents you have and your address history;

      2. Contact details, including your address, postcode, and other contact information such as email address and telephone/mobile number;

      3. Employment and education information, including your employer, employment history and salary details, education details and education history;

      4. Financial information, including the bank or building society account details and details of debit cards or credit cards used to make payments on the Apps, your spending habits, transaction data, your residential status, the assets you own and impact of COVID-19 on your financial circumstance;

      5. Account details, including your passwords and security question answers;

      6. Identification information, including answers to questions required by third party credit reference agencies for identification purposes; and

      7. IT and communications information, including recordings of telephone calls you make to Tabeo.

    6. You may also provide us with certain information regarding your health when using certain of our services, including:

      1. details regarding the treatment you require; and

      2. photographs and medical consent forms, (“Health Data”).

    7. If you apply for any Products on behalf of another individual, it is not reasonably practicable for us to provide to them the information set out in this Privacy Notice. Accordingly, where appropriate you are responsible for providing this information to any such person.

  5. INFORMATION FROM OTHER SOURCES

    1. We will obtain information about you from publicly available sources and third parties such as healthcare registers, social media platforms, Open Banking and estate agency websites.

    2. We will also check information about you held on our own records and also obtain information from credit reference agencies (https://www.transunion.co.uk/crain) and fraud prevention agencies relating to your personal credit behaviour and personal credit accounts.

    3. Records searched at credit reference agencies about you may be linked to your spouse/partner, members of your household or other persons to whom you are linked financially. For the purposes of any application or your agreement with us, you may be treated as financially linked and you will be assessed with reference to `associated records`.

    4. We work with some Merchants who are private healthcare providers, who may provide us with limited health data about you, in respect of a treatment you have financed or paid for by or through the Products. We may also be provided with such limited health data by such Merchants should they contact us in relation to such finance or payment.

  6. IF YOU FAIL TO PROVIDE PERSONAL DATA

    Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you in relation to the Products. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

  7. WHAT WE DO WITH THE INFORMATION WE COLLECT

    1. As data controller, we will only use your personal information if we have a legal basis for doing so. The purposes for which we use and process your information and the legal basis on which we carry out each type of processing are explained in the table below.

      Type of data Purposes for which we will process the information Legal basis for processing
      Biographical information, contact details, financial information, account details To provide the Apps to you and with any services you request from us through the Apps. Performance of a contract.
      Contact details To send you marketing communications and provide details of the products and services which you may be interested in. Either your consent or, where consent is not required under applicable law, on the basis of our legitimate interests to raise awareness of Tabeo and its product offering.
      Contact details, Technical and Usage Data To deliver to you any administrative notices, alerts and communications relevant to your use of the Products. It is in our legitimate interests to ensure that any changes to our policies, terms and other such technical updates are communicated to you.
      Technical and Usage Data To enrich your experience and interaction with our Apps by allowing you to store your details so that your preferences are retained when you revisit our Apps. Consent
      Technical and Usage Data, IT and communications information, biographical information, account details and identification information To troubleshoot problems, and to help protect you against fraud or other criminal activity. It is in our legitimate interests to carry out such checks to ensure prevention against fraud and other harmful activity and that the Apps are safe and secure.
      Financial information (including credit reference checks), identification information, biographical information, employment and education information To carry out financial and identity checks, fraud prevention checks, regulatory checks and credit checks (including, if you are a Merchant, on your directors, officers and certain controlling shareholders). Performance of a contract or compliance with a legal obligation.
      Account information, biographical information, employment and education information To manage your Tabeo Account and update the records we hold about you from time to time Performance of a contract or compliance with a legal obligation (as applicable).
      Biographical information, contact details, identification information In respect of borrowers, if you do not repay money you have borrowed, to trace your whereabouts and recover debts or enforce a Loan Agreement. It is in our legitimate interests to recover any sums that you owe us.
      Contact details, biographical information, account details For customer service, including answering questions and responding to feedback and complaints. It is in our legitimate interests to respond to you queries and resolve your complaints to maintain our reputation.
      Technical and Usage Data To maintain and administer the Apps, including for the purposes of:
      • Analysing the Apps and mobile application usage and improve our services;
      • Statistical and modelling purposes including lifecycle modelling, stress testing, fraud modelling, product development, statistical analysis, market research and to improve our products and services
      Consent and, if applicable, our legitimate interests to improve our products and services.
      Contact details, financial information To provide you with information about goods or services offered by other companies that we feel may interest you Consent
    2. Depending on the Products you sign up for, we may need to process your Health Data to provide you with our services. Health Data falls within the meaning of “special category data” (sometimes referred to as sensitive data) under data protection laws, which means that it is afforded a higher degree of protection than regular personal data. We will only process your Health Data if we have obtained your explicit consent to do so.

    3. If you have provided your consent to any of the processing referred to above, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.

  8. WHO DO WE SHARE YOUR INFORMATION WITH?

    1. We may aggregate your personal data in such a manner that it is anonymised (i.e. you can no longer be identified from it) and disclose this to advertisers and other third parties.

    2. We may share your personal data when there is a legitimate reason to do so, for example:

      1. with Merchants so that they can contact you in relation to the relevant Products you are using with them. Please note that Merchants are independent controllers of your personal data and Tabeo shall in no way be responsible for their misuse of your data;

      2. with vendors and other third parties performing services on our behalf who will only use the information to provide that service (such as our IT service providers who help us to provide the Apps);

      3. with other members of our corporate group;

      4. if we sell any of our business or assets, we may disclose your personal data to the prospective buyer for due diligence purposes and our legal advisers; and

      5. if we are acquired by a third party, personal data held by us about you will be disclosed to the third-party buyer.

    3. We will also add to your record with the credit reference agencies details of our Agreement with you, the payments you make under it, and any default or failure to keep to the terms.

    4. In some circumstances, we may have to disclose your personal data by law, because a court or the police or other law enforcement agency has asked us for it.

    5. We will not sell or disclose your data to any third party other than as set out in this Privacy Notice.

      What if you’re a borrower under any of the Products?

    6. We may share a borrower’s personal data with third parties for the purposes of:

      1. checking details on applications for Care Plans, credit and other facilities;

      2. collecting money owed by the borrower under any Loan Agreement; and

      3. recovering debts owed by the borrower.

    7. In addition, we may disclose a borrower’s personal data to:

      1. credit reference and fraud prevention agencies to perform similar checks, trace your whereabouts and recover debts you owe. This may include details of your loans on the Apps, how you manage them and any amounts outstanding; and

      2. debt collection agencies and other legal representatives if required to enforce the terms of any Loan Agreement.

      What do credit reference and fraud prevention agencies do?

    8. This section of the Privacy Notice explains how your personal data will be used by credit reference and fraud prevention agencies. We consider that this use of your personal data is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. It is also in part necessary for compliance with legal obligations to which we are subject.

    9. When a credit reference agency receives a search from us they will:

      1. make an administrative call with regard to your credit file without leaving a “footprint” on your credit score;

      2. place a credit search “footprint” on your credit file once you have entered into a Loan Agreement. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future; and

      3. link together the previous and subsequent names advised by you, of anyone that is a party to the account.

    10. Credit reference agencies will supply the following information to us:

      1. information about your credit file, including your credit score;

      2. information about you, such as previous applications for credit and similar personal credit information in your name, payment history (including any missed payments), and details of any financial sanctions imposed by the United Kingdom government which are applicable to you;

      3. public information such as County Court Judgments (CCJs) and bankruptcies;

      4. electoral register information on you;

      5. your address history, including how long you have lived at each address;

      6. information about people linked to your credit file; and

      7. fraud prevention information.

    11. Credit reference agencies will keep records of outstanding debt on file for six years after they are closed, whether settled by you or defaulted.

    12. The information which we and other organisations provide to the credit reference agencies and fraud prevention agencies about you may be supplied by such parties to other organisations and used by them to:

      1. prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities;

      2. check the operation of credit and credit-related accounts;

      3. verify your identity if you apply for additional Products;

      4. make decisions on credit and credit related services about you;

      5. manage your personal account(s);

      6. trace your whereabouts and recover debts that you owe;

      7. conduct other checks to prevent or detect fraud; and

      8. undertake statistical analysis and system testing.

    13. If false or inaccurate information is provided by you and fraud is identified we will record this and details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

      1. checking details on applications for credit and credit related or other facilities;

      2. managing credit and credit related accounts or facilities;

      3. recovering debt;

      4. checking details on proposals and claims for all types of insurance; and

      5. checking details of job applicants and employees.

    14. Please contact us if you want to receive details of the relevant fraud prevention agencies.

    15. We and other organisations may access and use the information about you recorded by fraud prevention agencies from other countries.

  9. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

    1. The personal data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom (“UK”) and European Economic Area (“EEA”). It may also be processed by staff operating outside of the UK and EEA who work for our affiliates or for one of our suppliers.

    2. Where we transfer your personal data outside the UK and the EEA, we will ensure that it is safe and protected in a manner that is consistent with how your personal data would be protected by us in the UK. This can be done in several ways, for instance:

      1. the country that we send the data to might be approved by the European Commission or UK government as having in place an adequate level of protection for personal data; or

      2. the recipient might have signed up to a contract based on model contractual clauses approved by the European Commission or the ICO, obliging them to protect your personal data.

      3. where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.

    3. In other circumstances the law may permit us to otherwise transfer your personal data outside the UK and the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

  10. MARKETING AND COMMUNICATIONS

    1. We would like to provide you with information about our new products, services, promotions, special offers and other information which we think you may find interesting.

    2. If you have registered with us or have previously asked us for information on our products or services, provided you have given us your consent, we may send you information on our range of products and services by phone, email, SMS and/or to your Tabeo Account.

    3. If you decide at any time that you no longer wish to receive marketing phone calls, emails, SMS or messages from us, please contact us using the details in the ‘Contacting Us’ section above.

    4. We will always give you an opportunity to unsubscribe from receiving any marketing from us in each communication we send to you.

  11. DATA RETENTION

    1. How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

      1. the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and

      2. legal obligations - laws or regulation may set a minimum period for which we must keep your personal data

    2. We will hold your data for 6 years after the end of our relationship with you. For example 6 years after your loan is terminated, or your application is declined, or at any point we have contact with you regarding your application or agreement. Your data is held for this long for statistical and modelling purposes including lifecycle modelling, stress testing and fraud modelling.

    3. If you provide us with your personal data but do not enter into a Loan Agreement, Care Plan or other Product, then we will only hold your data for a maximum of 12 months from the date such data was received.

  12. YOUR RIGHTS

    1. In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

      1. Right of access. You have the right to obtain access to your personal information.

      2. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.

      3. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.

      4. Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.

      5. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.

      6. Right to object. You have a right to object to any processing based on our legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the “unsubscribe” link set out in any marketing communication you receive.

      7. Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent but without affecting the lawfulness of processing based on consent before its withdrawal.

    2. Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.

  13. EXERCISING YOUR RIGHTS

    1. You can exercise any of your rights as described in this Privacy Notice and under data protection laws by contacting the Data Protection and Security Officer.

    2. Save as provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee (subject to any limits imposed by applicable law) taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

    3. Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.

  14. COMPLAINTS

    If you feel that you would like to make a complaint regarding our use of your personal data, you have the right to take your complaint to the Information Commissioner’s Office (“ICO”) or other applicable data protection supervisory authority. Where you have the right to take your complaint to the ICO, you can report a concern with the ICO by following this link https://ico.org.uk/concerns/ or by calling them on 0303 123 1113.

  15. SECURITY

    1. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Apps; any transmission is at your own risk.

    2. Where appropriate, we use pseudonymisation and / or encryption to protect your information.

    3. Where data processing is carried out on our behalf by a third party, we will endeavour to ensure that appropriate security measures are in place including to prevent unauthorised disclosure of personal data.

  16. LINKING

    1. The Apps make use of third party solution providers either via direct sourcing of data or via use of third party applications. Your use of those applications is subject to their own privacy policies, which may be amended from time to time. Our current third party solution providers include but are not limited to:

      1. TransUnion: we use TransUnion for payment data, analytics, credit software and other business services. TransUnion collects personally identifiable information when you use a link to send TransUnion an email. If, in that email or any attachment to the email, you voluntarily provide TransUnion with personally identifiable information, TransUnion will collect and store that personal data. You can learn more about TransUnion and read its privacy policy at www.transunion.co.uk/legal/privacy-centre.

      2. Stripe: we use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at stripe.com/privacy .

  17. UPDATES TO THIS PRIVACY NOTICE

    1. We may review and, if appropriate, update this Privacy Notice from time to time. We will place notice of any such amendments on our Apps and mobile application. Please visit our Apps and mobile application for the most recent version of this Privacy Notice.

    2. This Privacy Notice was last reviewed and updated on 07 January 2021.

Country