Privacy
Suits Me provide personal accounts to those who face barriers in opening a bank account. The accounts offer all the features you need to manage your money and comes with a mobile app and contactless Mastercard Debit Card.
The Suits Me® website is operated by Suits Me Limited. (Referred as “Suits Me”, “we”, “our”, “us” in this, Privacy Notice). Suits Me® Limited is registered in England and Wales, with registration number: 07349753. The Old Shippon, Moseley Hall Farm, Chelford Road, Knutsford, Cheshire, WA16 8RB. Suits Me® Card is a TA of Suits Me® Limited.
We are registered with the Information Commissioner’s Office (the ICO) with registration number ZA237140. We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal data.
Throughout this policy we refer to Data Protection Legislation which means the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
What Personal Data Do We Collect and When?
The type of personal data that we will collect from you, and you voluntarily provide to us on this website or as part of a service or product we provide to you may include some or all of the following depending on the type of user you are:
Personal Website Visitor, Applicant, and App Download
Individuals that visit, download, and interact with our website or App.
We will use this information for the purposes of processing your application and, if your application is successful, creating and managing your account and providing any products or services.
| Contact Information | Title, First Name, Last Name, Email Address |
| Contact Details | Mobile Number, Country Code, Address |
| Your Details | Date of Birth, Nationality, Preferred Language, Asylum Status |
| ID Type -Mixed Media/ Paperwork | Passport, National Identity Card, Photo Driving Licence; Picture (selfie)
P60, NHS letter or Birth Certificate. Application Registration Card and/or Home Office Letter. TV Licence, Utilities bill or pre-payment meter letter, Tenancy agreement or Court letter. |
| User-Generated Content/Data | Comments, Reviews, Surveys, Free Format Text, Uploaded Files (e.g., images, documents) |
| User Preferences | Marketing Communication Preferences (e.g., newsletter subscriptions), Notification Preferences, Product or Content Preferences |
| Social Media Profiles | Linked Social Media Profiles (if users log in with social media accounts) |
| Website/App Usage Technical Data | Internet protocol (IP) address used to connect your computer to the internet, your login information, the browser type and version, the time zone setting, device language, the operating system and platform, the type of device you use, whether your device uses a virtual private network (VPN), a unique device identifier (for example, your device’s IMEI number, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use |
| Cookies and Tracking Data | Cookies (e.g., session cookies, persistent cookies), User Tracking Information (for analytics and personalisation) |
| Account Usage Details | Transaction History: Purchases, withdrawals, transfers
Balance and Statements: Account balance, statements Account Preferences: Settings, notifications, payment methods Account Activity: Activity frequency and types |
| Card Usage Details | Transaction History: Purchases, cash withdrawals
Card Management: Records of card activity (e.g., freeze card in App) Card Usage Preferences: Contactless payment settings, PIN management Card Activity: Usage frequency and types |
| App Usage Details | Usage: User navigation and interactions
App Preferences: Customisations, notifications, login history App Activity: Feature usage, session history User-Generated Content: Comments, reviews, uploaded files Location (protect against fraud /Advertising i.e., merchants nearby) |
| Email, Chat and Communications Data | Email addresses used for communication – Service related communications e.g., Chat Logs, Contact Form Submissions, Customer Support Interactions. |
| Security and Access Logs | Records of login attempts and account activity. |
Corporate/Partner
You are a Corporate Customer or Partner contracted or entering into contract negotiations with Suits Me®.
| Business Information | Business name and legal structure (e.g., PLC, Limited, Ltd, LLP)
Business registration/company number Business address (physical and mailing) Contact information (phone number, email address) Description of the nature of the business. Industry type (e.g., retail, construction). |
| Ownership and Leadership | Names and contact information of business owners, partners, shareholders, (Beneficial Owners)
Official Government Identification (e.g., Passport, Driving Licence). |
| Know Your Customer (KYC) Documentation | Passport, National Identity Card, Photo Driving Licence, Bank Statements, Photographs and Signatures, Personal and Business Credit History (if applicable).
Additional information or questionnaires to assess the risk associated with the financial activities. |
| Account Data (Employer Portal) | Admin user accounts and credentials.
Permissions and roles for admin users. Login history and activity logs. |
| Email, Chat and Communications Data | Email addresses used for communication – Service related communications e.g., Chat Logs, Contact Form Submissions, Customer Support Interactions. |
| Website/App Usage Data | IP Address, Browser Type and Version, Operating System, Device Information (e.g., device type, screen resolution), Date and Time of Website Visits, Pages Visited on the Website, Clickstream Data (User’s navigational path) |
| Security and Access Logs | Records of login attempts and account activity. |
| Employees listed/referred? | Corporate partners refer employees to our services |
Why and How We use Your Personal Data
We use your personal data to provide the features of the website and App and the services you request
When you use our website or App, we will use your personal data to provide the requested product or service. For example, if you make an enquiry on our website, or participate in an event or promotion, we will use the contact information you give us to communicate with you about the enquiry, event, or promotion. If you contact our customer services, we will use information about you, such as enquiry or payment information, or the service you have purchased to help you resolve a problem or question.
We use your personal data to establish you as a Suits Me® customer
If you sign an agreement to become a Suits Me® customer, we will need to collect and verify information about you and other relevant individuals to set up our products and services for you, including to provide you with support and integration to our products and services.
To conduct KYC and Fraud Prevention checks
The personal data we have collected from you at agreement or at contract stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify you or any of your related persons’ identity. If fraud is detected, you could be refused certain services.
When we and/or the fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in verifying your identity and preventing fraud and money laundering, to protect our business and to comply with legal requirements. Such processing is also a contractual requirement of the services requested. We and/or the fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
To Operate, Improve and Maintain our Business, Products and Services
We use the personal data you provide to us to operate our business. For example, when you make a purchase, we use that information for accounting, audits, and other internal functions. We may use personal data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our website and App.
To Protect Our or Others’ Rights, Property or Safety
We may also use personal data about how you use our website, App and services to prevent, detect, or investigate fraud, abuse, illegal use, violations of our Terms of Use, and to comply with court orders, governmental requests, or applicable law.
To Communicate Information About Our Products, Services, Events and for Other Promotional Purposes
When you consent, we will send you marketing communications and news concerning Suits Me® products, services, events, and other promotions. You can opt-out at any time after you have given your consent.
If you are an existing customer of Suits Me® (for example, if you are a service user), we may use the contact details you provided to send you marketing communications about similar Suits Me® products or services, where permitted by applicable law (unless you have opted out).
Service messages – Service messages are vital for keeping you informed about critical updates, essential service information, and changes in our Terms and Conditions (T&Cs).
To Process Transactions and Provide Our Services
In basic terms Suits Me® provides all account holders with a e-money account and a contactless Mastercard® debit card with a secure online money account and free mobile app to manage their finances.
Telephone Recording Including the Use of Omni Channel Call Management
We may record telephone calls you make to our customer contact centre to:
- Check for mistakes
- Train staff
- Prevent, detect, investigate, and prosecute fraud
- Help plan and make improvements to services
We do this in the interests of offering a good service to our customers. If you object to this, you will need to end the call when you are told that calls may be recorded. Alternative methods of communication are available.
We will delete call recordings up to 24 months after the call was made. This ensures that any subsequent investigations can be completed.
Omni channel call management
We use various functions to allow our customers to interact with us in the best possible way. We do this by using automation and virtual assistance to:
- Quickly answer common questions
- Providing a virtual voice enabled assistant instead of a fixed options menu
- Capturing information from you in advance and presenting this to our staff when they speak to you, reducing call times and confirming information needed to answer your query.
- Providing us with call analysis information to help improve the service we provide
If you object to this, you can ask to speak to staff or use an alternative means of contacting us.
Live Chat
As part of our dedication to providing exceptional customer service, we utilise a live chat feature on our website. This feature allows us to offer real-time assistance and support to our customers.
How We Use Live Chat
Our live chat feature is designed to provide you with immediate assistance, answer your questions, and address any concerns you may have regarding our products or services.
During a live chat session, we may collect and store information that you voluntarily provide, such as your name, contact information or other personal details relevant to your inquiry. This information is used solely for the purpose of assisting you and improving our customer service.
We may use data from live chat interactions to analyse trends, identify common customer issues, and enhance our website’s usability and content.
Any information you share during a live chat session is treated with the utmost confidentiality and is subject to the same stringent privacy and data protection policies outlined in this Privacy Policy.
Using Your Personal Data: The Lawful Basis and Purposes
To process your personal data, we rely on certain lawful basis, depending on how you interact with our website, platform, or services.
If we do process your personal data, we may use one or more of the following lawful basis for processing:
As necessary to perform our contract with you for the relevant product, or service, including:
- To take steps at your request prior to entering into it
- To decide whether to enter into it
- To manage and perform that contract
- To assess credit risk
- To update our records; and
- To trace your whereabouts to contact you about your account and recovering debt
As necessary for our own legitimate interests or those of other persons and organisations, including:
- Governance, accounting, managing, and auditing our business operations
- To search at credit reference agencies if you as an individual are over 18 and to confirm your identity
- To monitor emails, calls, other communications, and activities on your account, product, or service
- For market research, analysis and developing statistics
- To send you marketing communications, including automated decision making relating to this
- To identify and contact potential customers using publicly available information and internal insight; and
- To monitor your or their transactions to assess credit risk, and for the detection and prevention of crime.
As necessary to comply with a legal obligation, including:
- When you or any of your related persons exercise available rights under data protection law and make requests
- For compliance with legal and regulatory requirements and related disclosures
- For establishment and defence of legal rights
- For activities relating to the prevention, detection, and investigation of crime
- To verify your or any of your related persons’ identity, make credit, fraud prevention and anti-money laundering checks; and
- To monitor emails, calls, other communications, and activities on your account, product, or service.
Based on your consent, including:
- When you request us to disclose your or any of your related persons’ personal data to other people or organisations, such as a person or company handling an account or onboarding on your behalf, or otherwise agree to disclosures.
- When we process any special categories of personal data about you or your related persons at your request (e.g., your or any of your related persons’ racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
- To send you marketing communications where we’ve asked for your consent to do so. You are free at any time to change your mind and withdraw your consent.
Sharing of Your Personal Data
We do not sell your personal data.
We may share your personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data (Government bodies and agencies in the UK, e.g., the Financial Conduct Authority, the Information Commissioner’s Office).
- If we need to share personal data to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk).
- Payment systems (e.g., Visa or Mastercard) and correspondent banks, who may transfer such personal data to others, as necessary to operate your service and for regulatory purposes, to process transactions, resolve disputes and for statistical purposes.
- We use data processors who are third parties who provide elements of services for us. We have Data Processing Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processing Agreement. They will hold your personal data securely and retain it for the period we instruct.
- Suits Me® entities for the purposes and under the conditions outlined above. This includes Suits Me® Limited, its subsidiaries, and affiliated companies.
- We may also transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, spin-off, dissolution, or liquidation).
Social Media Buttons
We use plugins on our website from social media networks such as Facebook, LinkedIn, and Twitter (X). You can recognise these plugins by their logos. Our plugins will not collect personal data about you unless you click on these logos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider.
We do not have any influence over which data these providers collect from you. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.
Cookies
We use cookies and similar techniques, such as tags/beacons and JavaScript’s, which are small text files stored on your device. Using cookies is a way for us to make sure that our website is continuously improved, meets your needs and can be used as a tool to optimise our marketing strategy. For us to do this, we place functional cookies to make the website function as well as marketing cookies which help us target the right people and show them advertisements. Some of these cookies track your use of our website and visits to other websites and allow us to show you advertisements when you browse other websites.
Please view our Cookie Policy for more information on our use of cookies.
Rights Under Data Protection Law
The Right to be Informed about our collection and use of personal data
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website privacy notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
Right to Correct Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
You can ask us to restrict processing your data, for example where:
- you’re contesting the accuracy of your personal data.
- we no longer need to process your personal data, but you want us to keep it for use in legal claims.
- you’ve objected to the processing by asking us to stop using your data, but you’re waiting for us to tell you if we have overriding grounds which mean we’re allowed to keep on using it.
If you would like to exercise this right, please contact us as set out below.
Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Where the right doesn’t apply, we’ll let you know why we can’t action your request.
This right may be applied where:
- Personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- The processing was based on your consent which you withdraw (and there are no other legal grounds for processing that data).
- You exercise your right to object and there are no overriding legitimate grounds for the processing.
- There is no lawful reason to retain personal data or if the personal data must be erased to comply with a legal obligation.
If you would like to exercise this right, please contact us as set out below.
Right to Portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller.
If you would like to exercise this right, please contact us as set out below.
Rights in Relation to Automated Decision Making and Profiling
An automated decision is one which we rely on a computer or system to assess the information you provide to us to make a decision about you. This may include:
- Detecting any fraudulent or money laundering activity which may be taking place or there is a risk that it could take place.
- Checking identity and residency statuses
Automated decision making means a decision made solely by automated means, without any human involvement. Profiling means the automated processing of your personal information to evaluate certain things about you. If we do make an automated decision about you, in some cases, you have the right to ask that we do not make our final decision based solely on the automated decision, and you can also object to the automated decision and ask that someone reviews it.
If you would like to exercise this right, please contact us as set out below.
For More Information About Your Data Protection Rights
The Information Commissioner’s Office (ICO) regulates data protection matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as Suits Me® are available publicly.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
Third Party Processors and Service Providers
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
| Service | Description |
|---|---|
| Card Issuers or Financial Partners | Entities assisting us in issuing and managing the debit card, which can be in collaboration with other financial institutions. |
| Card Networks | KYC-related information, may be shared with these networks as part of identity verification and transaction processing. |
| KYC Providers | To conduct KYC verification, we engage KYC service providers to verify customer identities. Your personal data will be shared with these providers for identity verification purposes. |
| Anti-Fraud Services | To prevent fraudulent transactions, including those involving KYC verification, we may share your personal data with anti-fraud services to assess transaction risk and enhance security measures. |
| Financial Institutions | Personal data is shared with banks, financial institutions, for fund transfers, reconciliation, and financial reporting. |
| Digital Marketing Providers | We periodically appoint digital marketing agents to conduct marketing activity on our behalf. Personal data may be shared with these providers for marketing activities. |
| E-commerce Platforms | E-commerce platforms may have access to personal data for the purpose of enabling seamless payment processing and integration. |
| Security Vendors | These trusted experts employ advanced cybersecurity measures, such as intrusion detection, threat monitoring, and malware scanning, to protect your personal data from unauthorised access and cyber threats. |
| Calendar Scheduling | To enhance your user experience and streamline scheduling, we collaborate with calendar scheduling platforms. These platforms enable you to manage appointments, events, and meetings efficiently. |
| Customer Support Platform | We work with dedicated customer support platforms. They assist in addressing your queries, resolving issues by securely managing and accessing relevant customer data. |
| Printers | Printers who print the letters, statements and information packs that we send to you. |
| Analytics and Advertising | To improve our products and provide you with relevant content and advertisements, we collaborate with analytics and advertising partners. They analyse user behaviour, preferences, and demographics to personalise your experience and deliver targeted ads. |
| Communication Providers | Communication providers (e.g., telephone line providers, email and text service providers). |
How Long We Keep Your Information
We will keep your personal data for 6 years after you stop being a Suits Me customer in line with regulatory requirements and our legal obligations. We are obligated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (amended-2019) (SI 2017/692) to retain personal data about you and your transactions with us for at least 5 years.
We will retain your personal information for as long as necessary to fulfil the purposes for which it was collected and as required by applicable laws and regulations.
The specific retention period may vary depending on the type of data and the purpose for which it was collected.
FCA Supervised Regulations
As an authorised electronic money institution and adhering to the Electronic Money Regulations 2011 we must maintain relevant records and keep them for at least five years from the date on which the record was created.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. Platforms, systems, and facilities in which personal data are processed are protected by secure network architectures that contain firewalls and intrusion detection devices.
Our commitment to security and safeguarding your data includes the following key aspects:
Encryption: All data transmitted between your device and our systems is encrypted using industry-standard encryption protocols, such as Secure Socket Layer (SSL) technology. This ensures that your payment details remain confidential and secure during transmission.
Data Storage: We store your personal data in secure, access-controlled environments with robust security measures in place. We only utilise data centres and cloud infrastructure that adheres to industry-leading security standards.
Access Control: Access to your personal data is restricted to authorised personnel who require it for legitimate purposes, such as processing payments and providing customer support. Access is granted on a need-to-know basis, and strict authentication mechanisms are in place.
Cyber Essentials: Cyber Essentials level of certification within the cyber essentials scheme, a UK government backed, industry supported scheme, to help organisations demonstrate operational security against common online threats.
Incident Response Plan: In the event of a security incident or data breach, we have a well-defined incident response plan in place. Our goal is to minimise any potential impact and notify you promptly if your data is affected.
Third-Party Security: When we engage with third-party service providers or partners, we assess their security practices to ensure they meet our high standards for protecting your data.
Regular Security Audits: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security vulnerabilities in our systems. This proactive approach helps us stay ahead of emerging threats.
Where We Store Your Personal Information and International Data Transfers
We securely store the personal data we collect about you within the United Kingdom. However, there may be instances where your data is transferred to or stored in a location outside of the UK.
When we transfer your data to third-party service providers situated outside the UK, we take every necessary step to ensure that your data receives a level of protection comparable to what it receives within the UK and EEA. This is achieved through one of the following safeguards:
- We exclusively transfer your personal data to countries that have been recognised by the UK as providing an adequate level of protection for personal data.
- In cases where we engage specific service providers, we implement specific data protection contracts, known as Standard Contractual Clauses, approved by the UK. These contracts not only grant your personal data the same protections it receives in the UK but also incorporate additional security measures as needed.
Please contact us if you want further information when transferring your personal data out of the UK.
Contact Us
If you would like to exercise one of your rights as set out above, or if you have any questions about this policy, you can contact us by using the ‘Contact us’ facility on the Website or App or in the following ways:
By post at:
Suits Me LimitedThe Old Shippon,
Moseley Hall Farm,
Chelford Road,
Knutsford,
Cheshire,
WA16 8RB
By email: privacy@suitsmecard.com
By telephone: 03330 151 858