Privacy Policy

1. Introduction

1.1       When you apply for a product or service from us, you’ll be asked for personal information and data that is needed to process your application. We’ll take great care to protect your privacy.

1.2       In this policy we’ll provide details of how you can also help guard yourself against online fraud. We also set out, as data controller, how we’ll act in relation to your data and how we’ll use such data.

1.3       Web security is very important to us, so we take great care to protect you. Please see below for details of how you can also help to guard yourself against online fraud. We ask that you remember the following:

Keep yourself safe online:

• Never reveal your password to anyone or write it down
• Don’t use a password that could be easily guessed by someone else
• Change your password immediately if you suspect someone else could know it
• Log off when you have finished using any of our services
• Keep your devices updated with current anti-virus software, the latest browser versions and operating systems.
• Don’t send us any confidential account information by email or via social media
• Treat emails you receive with caution. Remember that we’ll never ask you to disclose your personal or account information to us by email
• We recommend you regularly visit the Financial Fraud Action website to keep up-to-date with tips to protect yourself from the latest scams

1.4          Your Username and Password

On registering a Cashplus Bank Account with us, you’ll have a username and password which must be used to access certain restricted parts of our website. Your username and password are used by us to identify you, so they’re very important. You’re responsible for all information posted on our website by anyone using your username and password. Any breach of security of a username and password should be notified to us immediately.

1.5           Our system security

Our systems operate on 256-bit secure encryption. Look for the padlock symbol in your browser status bar. Encryption makes your information unreadable to anyone who might intercept it. In addition, Transport Layer Security (TLS) is used to connect your browser to our secure servers. A team of independent security experts regularly test our website. Your Online Banking session will time out if you remain inactive for more than 15 minutes. Your Cashplus Bank Account login will be locked out after multiple failed access attempts. You’ll need to contact us to unlock your account. We’ll verify your identity before disclosing confidential information over the phone or resetting any account details. Despite our best endeavours, we can’t always guarantee the website will be fault free and we don’t accept liability for any errors or omissions.

1.6          Transport Layer Security (TLS)

Transport Layer Security (TLS) is a commonly used method of managing the security of messages transmitted across the Internet and is used by us to connect your computer to our secure server. You can tell that TLS is in use if our website URL in the search bar starts with https:// and/or a lock icon is displayed within your browser. If you have problems getting to secure mode, install one of the latest browsers and try the website again.

1.7          Browser Use

Our website has been designed to work with a variety of the latest browsers across Mobile, Tablet and Desktop devices.

If you’re using an older browser such as Internet Explorer 10, you may have difficulty viewing webpages and not be able to apply for a card or access your account information. Your security could also be weakened. To make an application online, we recommend that you upgrade to the latest versions.

1.8          Plug-ins

“Plug-ins” are additional software programs required by some websites to make them work properly. An example is Flash Player from Adobe. Our website doesn’t need any plug-ins to work effectively, however you’ll need a PDF reader such as Adobe Acrobat Reader to download certain documents, such as Terms and Conditions.

1.9          Network Protection

Most organisations have what is known as a "firewall” to protect their networks and their computers. A firewall is a secure server through which all communication passes and which protects the organisation’s computers from unauthorised access by filtering the information getting in and out. Depending on how the firewall is set up, access to another secure server may be denied.

It’s possible that due to the set-up of firewalls, certain networks may restrict access to our website.

1.10        Cashplus Bank App Terms of Use

By downloading and using the Cashplus Bank App or providing information to us, you accept and understand that we will use and transfer your information as set out below and in this overall privacy policy page. It should also be taken in conjunction with the Cashplus Bank Account Terms and Conditions.

Any additional cardholders and delegated authorities, previously agreed when you set up your account will have access, through your account, to relevant statement information including account balance information.

IMPORTANT: Additional Cardholders must have permission from the Primary Cardholder before downloading and using the Cashplus Bank App.

1.11        Using the Cashplus Bank App

You can use our Cashplus Bank App to view and access your eligible Cashplus Bank Accounts. Use of the Cashplus Bank App is in accordance with these conditions and you’ll need to register to use the service.

You’ll be responsible for all instructions given by you or anyone acting with your authority whilst using the Cashplus Bank App. Please note this includes any errors or instructions sent by someone other than yourself so please don’t leave your device unattended while you’re logged-in to the App.

We don’t charge you for using the Cashplus Bank App but your mobile operator may charge for some services.

You must only use the Cashplus Bank App for online account servicing and other intended uses. You must not copy, reproduce or attempt to alter it in any way.

To use the Cashplus Bank App, small software files similar to Cookies will be stored on your mobile device. These files allow the Cashplus Bank App to remember choices you make (such as your user name or the region you are in) and provide enhanced, more personal features. These files are used to store your registration information and your acceptance of Terms and Conditions. The information these files collect may be anonymised so they can’t track your browsing activity on other websites. The files are essential to enable you to move around and use the features of the Cashplus Bank App.

In addition to the above, non-personal data may be collected by your mobile device or app store provider in accordance with their Terms and Conditions which apply to the use of your device and app store account.

The Cashplus Bank App uses location-based services. Data about your location (i.e. GPS signals from your mobile device) or data that can be used to approximate your location, is used to provide features such as the ‘Store Locator’ and for the prevention of fraud and/or money laundering.

1.12        Cashplus Bank App Service

We aim to ensure a complete service at all times, but the speed and availability of service can’t be guaranteed. The service may be interrupted due to our need to update or maintain our systems or those of third-parties who provide part of the service. In addition, the service may be affected by the network coverage available from your mobile service provider or maintenance and upgrades they perform that affect the availability of your mobile network.

The Cashplus Bank App can be used all over the world but can only be downloaded if you have a UK App Store or Google Play Account. Just make sure you use a secure Wi-Fi connection and check with your network provider to ensure you don’t experience higher than usual roaming data charges for using the App abroad.

We reserve the right to withdraw the Cashplus Bank App at any time.

1.13        Use of email and social media

Please note that ordinary email is not secure. Please don’t send us any confidential information via email or social media. We’ll only use email to send you non-sensitive account information, such as your account balance and transaction information or special offers. Marketing preferences can be managed via the Cashplus Bank App and Online Banking. We won’t use email to send other confidential information to you. We can’t accept any responsibility for the unauthorised access by a third party and/or the corruption of data being sent by individuals to Cashplus Bank. It’s our policy that if any of our customers are victims of unauthorised access to their accounts, and provided that you’ve not breached our security procedures, acted fraudulently or without reasonable care, we may cover any direct financial loss which you may have suffered.

 

2. Your personal data

2.1       General

(i)        Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

(ii)        The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

(iii)      Details of the personal information that will be processed are explained below and include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

(iv)      We, along with, fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

(v)        We process your personal data on the basis that either it is required for the performance of our contract with you or we have a legitimate interest in processing the data. Examples would be preventing fraud, money laundering, to verify identity, to protect our business, and to comply with laws that apply to us. More details on the legal bases used for processing can be found below. 

(vi)      Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

(vii)      As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details below.

 

2.2       Source of data

We generally collect personal data from the following sources:

(i)         Information that you provide to us or as set out below:

a)         When you apply for our products and services

b)         When you talk to us on the phone (including recorded calls), web chat, social media or other communication channel

c)         In emails and letters

d)         When you use our websites or the Cashplus Bank App

e)         When you take part in customer surveys, focus groups or feedback sessions

f)         When you take part in prize draws or other special promotions

 

(ii)         Third parties and external organisations: 

a)          Companies that introduce you to us

b)          Card schemes or associations

c)          Credit reference agencies

d)          Comparison websites

e)          Social networks

f)           Fraud prevention agencies

g)          Public information sources such as Companies House­­­­

h)          Agents working on our behalf

i)           Market researchers

j)           Government and law enforcement agencies

k)          Media outlets

l)           Agents working on your behalf (e.g. a business account applicant providing personal data of other directors, Persons of Significant Control or Beneficial Owners when applying)

 

2.3       The data that we may process

(i)        The data that we may process includes the following:

a)         Your Internet Protocol (IP) address, geographical location, login and browser details, operating system, information accessed and loaded, time spent and pages visited, technical information about your computer or mobile device.

b)         Data in respect of the use and operation of your account. This data may include your account name, your name, email address and account number, profile pictures, gender, date of birth, relationship status, financial history, education details and employment details.

c)         Your contact details, your card details and the transaction details.

d)         Imagery, such as photo identification or photographs that you have provided to us.

e)         Any documents sent to you by us, such as Proof of Address documents

 

2.4       The purposes for which we may process your personal data:

(i)        We may process your personal data for the following purposes, to enable us to:

a)         determine how you use the Cashplus Bank App, Online Banking, our website and social media pages also how you use our products and services. The legal basis for this processing is our legitimate business interests, namely so we can monitor the use and effectiveness of our products, services, the Cashplus Bank App, Online Banking along with our website and social media pages and communications.

b)         provide products and services and manage the operation of your account. The legal basis for this processing is the performance of a contract between you and us and/or taking steps to enable us at your request, to enter into such a contract.

c)         make enquiries and conduct investigations about the supply of purchased goods and services and keeping records of these transactions. The legal basis for this processing is because we have a legal obligation as well as our legitimate business interests namely to help us detect fraud and crimes generally, to enable us to comply with general regulatory requirements and to resolve any issues and queries that may arise.

d)         perform the requirements that may arise with respect to credit agencies, fraud prevention agencies and for crime prevention generally. Cashplus Bank may take decisions about your application and your account on the basis of automated checks via a credit scoring system which we will undertake from the credit agencies, fraud prevention agencies and internal Cashplus Bank records. Where we use automated decision making, you have a right to appeal if your application is refused. You should also be aware that where we make these checks, credit and fraud prevention agencies may keep a record of them. The legal basis for this processing is our legal obligation to undertake reasonable steps to act prudently, prevent financial crime and fraud. 

e)         measure the effectiveness of our service and conduct customer surveys to enable us to improve our services, the effectiveness of the Cashplus Bank App and the website. The legal basis for this processing is our legitimate business interests namely to enable us to provide you with services and improve the quality of the services generally.

f)          where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure as well as where we have a legal requirement to process such data. The legal basis for this processing is we have a legal obligation, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

g)         if you consent to receiving marketing information (for example, during the application process), we may process your personal data to contact you with details of products and services we think may be of interest to you. If you do not want us to share personal data or to receive such communications you can update your marketing preferences through our Online Banking portal or through Customer Services.

h)         if you consent to using our eligibility checking services we will use the information you provide, along with information provided by third parties, to check the likelihood of you being accepted for a product with us and give you an indication of this. The check will not affect your credit score. The legal basis for this processing will be consent.

i)          we may process any recordings of calls made to us through speech-to-text conversion systems. This is done to allow processing of call transcripts to better prevent fraud and improve analysis in order to identify potentially vulnerable customers. The legal basis of this processing will be legal obligation. As this process could include any call it is possible that sensitive data may be included in this process. We have taken steps to adequately protect this data throughout the process. Our legal basis for processing of sensitive data under GDPR Art. 9 is reasons of substantial public interest, including preventing or detecting unlawful acts, regulatory requirements, preventing fraud and safeguarding of economic well-being of certain individuals.

j)          we may process your data for the purpose of testing new products and services, both internally and with third-party suppliers. Where we do this we will take steps to ensure that your data is sufficiently protected and all legal requirements for any data transfers are complied with. Your data will only be used for testing purposes for the minimum amount of time required to complete those purposes. 

2.5       Consequences of processing

(i)      If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.

(ii)      A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.

 

2.6       Personal data shared with others

(i)        We may disclose your personal data where you have given your consent.

(ii)       We may disclose your personal data to our insurers, product analysis companies and/or professional advisers for insurance purposes, to enable us to manage claims and for any business transactions and enquiries that relate to the analysis of our products and your business generally.

(iii)      We may also share your personal data with processors, agents and advisers who we use to help us run your accounts and services, prevent fraud and collect overdue payments or otherwise recover debt.

(iv)      As indicated above it may be necessary to disclose your personal data to credit reference agencies ("CRAs"), fraud prevention agencies and companies providing fraud management services. The CRAs we use are:

• TransUnion (formerly Callcredit Information Group): https://www.transunion.co.uk/crain
• Equifax Limited: www.equifax.co.uk/crain
• Experian Limited: www.experian.co.uk/crain

We will also add to your records at the CRA details of:

• any agreement entered into with us
• the payments that you make under such agreements
• any default or failure by you to keep the terms of such agreements. CRAs will record the outstanding debt
• any failure by you to tell us about a change of address where a payment is overdue.

CRAs may supply this information to other organisations.

(iv)       Financial transactions relating to your account may be disclosed to our payment services providers. We’ll share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

(v)       In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we’re subject, to protect your vital interests or the vital interests of another natural person or to HM Revenue & Customs, regulators and other authorities.

(vi)       Any information you provide in relation to the Cashplus Bank App is disclosed to our third-party agents who act on our behalf. This is for operational reasons; to provide the Cashplus Bank App to you.

(vii)      We may disclose your personal data with organisations that introduce you to us, any organisations that you ask us to share your personal data with and with market researchers.

(viii)       We may disclose your personal data to our creditors (in the case of insolvency) or potential transferees of our rights and obligations under any agreements you have entered into with us.

(ix)         We may share data about your account including account number, expiration date and account status with other organisations using the Mastercard Automatic Biller Updater service.

(x)         if taking part in the Coronavirus Business Interruption Loan Scheme your data will be shared with the Secretary of State for Business, Energy and Industrial Strategy. The data will be retained by them for 10 years) and may be used by them for:

• for analytical and administrative purposes;
• to contact the relevant Borrower in connection with the CBILS Scheme;
• to make enquiries about a Borrower’s application to CBILS;
• to take up references about the Borrower or its business;
• in order to evaluate the effectiveness of the Scheme;
• to give information relating to the relevant Borrower or Personal Guarantor and that Borrower’s business to any of the Secretary of State for BEIS, any of its agents and Auditors (including BBB, any affiliate of BBB and any of their advisers, agents or contractors) or to any other official involved in running or monitoring the CBILS Scheme

 

2.7      International transfers of your personal data

(i)       We’ll only send your data outside of the European Economic Area (‘EEA’) to:

a)        Follow your instructions

b)        Comply with a legal duty

c)        Work with our processors, agents and advisers who we use to help run your accounts and services

(ii)       If we do transfer information to our agents or advisers outside of the EEA, we’ll make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

a)       Transfer it to a non-EEA country that has received an Adequacy Decision by the EU, evidencing that their privacy laws give the same protection as the EEA. 

b)       Put in place a contract utilising the Standard Contractual Clauses (as created by the EU) with the recipient that means they must protect it to the same standards as the EEA, we will complete a due diligence process to ensure the Standard Contractual Clauses can be utilised effectively in the destination country, and if not will either add to them to mitigate the risk or use another method.

(iii)      Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

 

2.8      Retaining and deleting personal data

(i)       This Section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

(ii)       Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

(iii)       It’s our policy generally to retain your personal data for at least 5 years after our relationship with you ends although this may be extended where there are specific regulatory requirements to do so.

(iv)         We maintain a Data Retention Policy which outlines the maximum retention period for all types of personal data within the business.

 

3. Amendments

3.1       We may update this policy from time to time by publishing a new version on our website.

3.2       We may notify you of changes to this policy through the Online Banking site on our website.

 

4. Your rights

4.1      Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.

4.2      For more information or to exercise your data protection rights, please contact us using the contact details below.

4.3      You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.

 

5. About cookies

5.1        Cookies Policy

A cookie is a text-only string of data, which often includes a random unique identifier that is sent to your computer or mobile phone browser from a website and is stored on your device. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.

We’re committed to ensuring that all site visitors’ privacy is protected and that they have a positive experience on our websites. We use cookies to provide you with the best possible online experience on our websites. However, if you’d like to, you can change your cookie settings at any time. Most cookies are there to support processes and will expire when the browser is closed. Any persistent cookies are to improve user experience.

If cookies are enabled during the course of any visit to our websites, the pages you see, along with a cookie, are stored to your device. On a repeat visit the Cashplus Bank website may check to see, and find, any cookie left there on the last visit to enable us to present personalised features. Cashplus Bank might also look at IP addresses to add general information about the country, city or region in which you’re located, along with your domain (e.g. what internet service provider you use).

Cookies cannot be used by themselves to personally identify you. They can be used for marketing purposes, to create a profile of your engagement with Cashplus Bank websites and if you’ve already given some personal details, to track your activity on our websites. 

The exception to this is within Online Banking and our Online Application site - where we must securely identify you and track your usage to protect your account. However, the cookies themselves don’t contain any personal or identifiable information.

5.2        We use the following cookies on our websites:

Session cookies	These are temporary cookies that remain in the cookie file of your browser until you close the browser. They enable information to be maintained across pages of our site pursuant to providing you with a better experience. These cookies can’t personally identify you and they’ll expire when you close down your browser.
Persistent cookies	These remain in the cookie file of your browser for much longer (though how long will depend on the life time of that specific cookie). These cookies help Cashplus Bank recognise you as a unique visitor (just a randomly generated number) when you return to our website and to allow us to tailor content or advertisements to match your preferred interests or to avoid showing you the same adverts repeatedly. On some of our sites, as with session cookies, they also enable information to be maintained across pages of our site and avoid you having to re-enter information.
Google Analytics	Google Analytics cookies collect and store information on how visitors are interacting with our website. For example, what webpages are visited most often, how long for, and what device you use to visit these pages. We use these cookies to ensure areas of our website are working correctly and that we’re providing users with relevant information. No identifiable information can be stored in or obtained from these cookies. Learn more about Google Analytics Cookies and Privacy
Google Ad-Preferences	Google sets a cookie on your browser that anonymously captures your interests allowing their advertising partners to present products and services on their websites that are relevant to you. Google are in full control of these cookies. You can change your Google Ad-Preferences or find out more about Google Ad-Preferences by visiting: www.google.com/ads/preferences/
Amazon Ad tracking	Amazon pixels collect and store information on visitors who have interacted with our website after clicking on an advert on Amazon. The code will place an anonymous cookie on your browser, which will only be used for tracking which clicks converted to applications. Cookies are collected anonymously, under a privacy safe domain "amazon-adsystem" and do not comingle with Amazon's retail data. You can find out more at https://www.amazon.co.uk/gp/help/customer/display.html?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&nodeId=201149560.   You are able to opt out of receiving interest-based ads from Amazon by visiting https://www.amazon.co.uk/adprefs or by visiting http://www.youronlinechoices.com/uk/
Remarketing cookies	Cashplus also uses third-party remarketing tracking cookies, including the Google Adwords tracking cookie. By placing cookies in your web browser, we are able to display adverts to you across the internet, such as on the Google Content Network (GCN) or Equifax Digital Hub, based on past visits to our website. This allows us to make special offers and continue to market our services to those who have shown interest. No identifiable information is collected through Google’s or any other third-party remarketing system that we use. Cookies served by Equifax are held on our website. Equifax is a consumer credit reporting agency. These cookies will be used to serve adverts to visitors based upon the websites they’ve been to previously. Click here for more information about Equifax and how to disable this cookie
Third Party Cookies	Additional authorised Third Parties serve cookies via our sites, under our direct control. These are used for the following purpose: To compile anonymous, aggregated statistics that allow us to understand how visitors use our site and to help us improve the structure of our website. We can’t identify you personally in this way.

 

5.3        Control cookie settings

Most browsers will have a default ‘medium’ cookie setting, allowing 1^st party cookies but blocking 3^rd party cookies. You can change your cookie settings, and remove specific cookies, via your browser through the following paths:

• Internet Explorer: Tools > Internet Options > Privacy
• Firefox: Tools > Options > Privacy
• Google Chrome: Settings > Privacy > Content Settings

5.4   You may opt out of the use of cookies for cross-site user tracking and activities such as remarketing, by enabling 'Do No Track' in your browser's settings.

5.5   Blocking all cookies will have a negative impact upon the usability of many websites.

5.6   If you block cookies, you'll not be able to use all the features on our website.

 

6. Our details

6.1     This website is owned and operated by Advanced Payment Solutions Ltd (APS), with Cashplus Bank as the trading name.

6.2     APS is registered in England and Wales under registration number 04947027, and our registered office is at Cottons Centre, Cottons Lane, London SE1 2QG. Please note that this is a registered address only and that Cashplus Bank doesn't conduct any business from this location.

 

7. Data protection officer

7.1     Our data protection officer's contact details are: [email protected]. You can contact us to exercise any of your rights in relation to the processing of your data and on any matters that are covered by this policy generally.