Effective 01 May 2023
CUSTOMER PRIVACY NOTICE
We’re committed to protecting and respecting your privacy.
- always keep your personal data safe and private
- never sell your personal data
- allow you to manage and review your marketing choices at any time
1. About us
Tonio Limited is a Private limited Company organized and existing under the laws of the UK, having its registered office at Suite 3 G & H, Docklands Business Centre, 10-16 Tiller Road, London, E14 8PXE 1 4 8 P X, UNITED KINGDOM (Hereinafter – “Tonio”)
2. Why do I need to read this notice?
Tonio collect your personal data when you use:
- our website at tonio.co.uk
- any of the services available to you
Tonio may also collect your personal data from other people or companies. Tonio explain how this can happen in more detail below.
When Tonio say ‘personal data’, Tonio mean information which:
- Tonio know about you
- can be used to personally identify you (for example, a combination of your name and postal address)
This notice explains what information Tonio collect, how Tonio use it, and your rights if you want to change how Tonio use your personal data.
Tonio may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.
If you have concerns about how Tonio use your personal data, you can contact [email protected]
3. What personal data do you collect about me?
The table below explains what personal data Tonio collect and use.
|Type of personal data||Details|
Information you give us
Tonio collect information you provide when you:
Tonio will collect the following information:
If you give us personal data about other people (such as a joint account holder, your spouse or family), or you ask us to share their personal data with third parties, you conﬁrm that you have brought this notice to their attention beforehand.
Information collected from your use of our products and services
Whenever you use our website Tonio collect the following information:
Information from others
Tonio collect personal data from third parties or other people, such as credit reference agencies, ﬁnancial or credit institutions, oﬃcial registers and databases, as well as joint account holders, fraud prevention agencies and partners who help us to provide our services.
This includes your credit record, information about late payments, information to help us check your identity, information about your spouse and family (if applicable in the context of an application for credit that you make) and information relating to your transactions.
When you ask us to, we’ll also collect personal data from accounts you hold with third party ﬁnancial institutions (when you create a linked account by activating Open Banking in the Tonio app). If you apply for our credit products, when you allow us, Tonio may use this information for credit checks to improve your experience.
Information from social media
Occasionally, we’ll use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when Tonio conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).
Information from publicly available sources
Tonio collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes.
4. What is your legal basis for using my personal data?
Tonio must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:
- Keeping to our contracts and agreements with you
Tonio need certain personal data to provide our services and cannot provide them without this personal data.
- Legal obligations
In some cases, Tonio have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws Tonio must hold certain information about our customers).
- Legitimate interests
Tonio sometimes collect and use your personal data because Tonio have a legitimate reason to use it and this is reasonable when balanced against your human rights and freedoms.
- Substantial public interest
Where Tonio process your personal data, or your sensitive personal data (sometimes known as special category personal data), to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.
Where you've agreed to us collecting your personal data, or sensitive personal data, for example when you tick a box to indicate you’re happy for us to use your personal data in a certain way.
5. How do you use my personal data?
Explore the ways in which Tonio may use your personal data using this table:
What Tonio use your personal data for
Our legal basis for using your personal data
Providing our services
Whenever you apply for or use a product or service, we’ll use your personal data to:
Protecting against fraud
Tonio use your personal data to check your identity to protect against fraud, keep to ﬁnancial crime laws and to conﬁrm that you’re eligible to use our services. Tonio also use it to help us better understand your ﬁnancial circumstances and manage fraud risks related to your Tonio account.
Marketing and providing products and services that might interest you
Tonio use your personal data to do the following:
Remember, you can ask us to stop sending you marketing information by adjusting your marketing choices
To keep our services up and running
Tonio use your personal data to manage our website (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device.
Tonio also use your personal data to:
Helping with social interactions
Tonio use your personal data to help with social interactions through our services, or to add extra functions in order to provide a better experience.
For example, if you give us permission, we'll use the contacts list on your phone so you can easily make payments to, or message, your contacts using the Tonio app.
Preparing anonymous statistical datasets
Tonio prepare anonymous statistical datasets about our customers’ spending patterns:
These datasets may be shared internally or externally with others, including third-party companies. Tonio produce these reports using information about you and other customers. The information used and shared in this way is never personal data and you will never be identiﬁable from it. Anonymous statistical data cannot be linked back to you as an individual.
For example, some countries have laws that require us to report spending statistics and how money enters or leaves each country. We’ll provide anonymised statistical information that explains the broad categories of merchants that Tonio customers in that country spend their money with. We’ll also provide information about how Tonio customers top up their accounts and transfer money. However, Tonio won’t provide any customer-level information. It will not be possible to identify any individual Tonio customer.
Improving our products and services
Tonio use your personal data to help us develop and improve our current products and services. This allows us to continue
to provide products and services that our customers want to use.
Meeting our legal obligations, enforcing our rights and other legal uses
Tonio use your personal data:
Sometimes, we’re legally required to ask you to provide information about other people. For example, Tonio might ask you to explain:
Sometimes, Tonio help you to provide services to customers. For example, Tonio provide payment processing services to you if you use our Tonio Pro product. Where this happens, you’re responsible for deciding if Tonio collect your customers’ personal data and how Tonio should process it on your behalf.
6. Do you make automated decisions about me?
Depending on the Tonio products or services you use, Tonio may make automated decisions about you.
This means that Tonio may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. This is sometimes known as proﬁling. Tonio do this for the eﬃcient running of our services and to ensure decisions are fair, consistent and based on the right information.
Where Tonio make an automated decision about you, you have the right to ask that it is manually reviewed by a person.
- KYC, anti-money laundering and sanctions checks
- identity and address checks
- monitoring your account to detect fraud and ﬁnancial crime
Our legal basis is one or more of the following:
- keeping to contracts and agreements between you and us
- legal obligations
- legitimate interests (to develop and improve how Tonio deal with ﬁnancial crime and meet our legal responsibilities)
7. How do you use my personal data for marketing?
If you sign up to our services, and where national laws allow, we’ll assume you want us to contact you by post, push notiﬁcation, email and text message with information about Tonio products, services, offers and promotions. Where national laws require us to get your consent to send marketing messages, we’ll do so in advance.
Tonio use your personal data to personalise marketing messages about our products and services so they are more relevant and interesting to you (where allowed by law). This may include analysing how you use our services and your transactions.
You can object to proﬁling for direct marketing purposes. You can also adjust your preferences or tell us you don't want to hear from us at any time. Just use the privacy settings in the Tonio app or tap the unsubscribe links in any marketing message Tonio send you.
If you do not want to receive personalised marketing messages, and opt out from receiving them, you will not receive any marketing communications. However, you may still receive generic information about our products and services in the Tonio app.
Tonio won't pass your details on to any organisations outside the Tonio for marketing purposes without your permission.
Our legal basis is:
- consent (where Tonio are required by law to collect your consent); or
- legitimate interests (to send you marketing and to provide information relevant to your interests).
8. What are my rights?
|Your right||What it means|
You have the right to be told how Tonio use your personal data
Tonio provide this privacy notice to explain how Tonio use your personal data.
If you ask, we’ll provide a copy of the personal data Tonio hold about you. Tonio can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. Tonio also won't provide you with any communication we've had with our legal advisers.
You can ask us to correct your personal data if you think it's wrong
You can have incomplete or inaccurate personal data corrected. Before Tonio update your ﬁle, Tonio may need to check the accuracy of the new personal data you have
You can ask us to delete your personal data
You can ask us to delete your personal data if:
Just to let you know, Tonio may not be able to agree to your request. As a regulated ﬁnancial services provider, Tonio must keep certain customer personal data even when you ask us to delete it (we've explained this in more detail below). If you've closed your Tonio account, Tonio may not be able to delete your entire ﬁle because these regulatory responsibilities take priority. We’ll always let you know if Tonio can't delete your personal data.
You can object to us processing your personal data for marketing purposes
You can tell us to stop using your personal data, including proﬁling you, for marketing.
You can object to us processing other personal data (if we’re using it for legitimate interests)
If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object.
However, if there is an overriding reason why Tonio need to use your personal data, Tonio will not accept your request.
If you object to us using personal data which Tonio need in order to provide our services, Tonio may need to close your account as Tonio won’t be able to provide the services.
You can ask us to restrict how Tonio use your personal data
You can ask us to suspend using your personal data if:
You can ask us to transfer personal data to you or another company
If Tonio can, and are allowed to do so under regulatory requirements, we’ll provide your personal data in a structured, commonly used, machine-readable format.
You can withdraw your permission
If you’ve given us the consent Tonio need to use your personal data, you can withdraw it at any time by changing your privacy settings in the Tonio app or sending an email to [email protected]
(Please note, it will have been lawful for us to use the personal data up to the point you withdraw your permission.)
You can ask us to carry out a human review of an automated decision Tonio make about you
If Tonio make an automated decision about you that signiﬁcantly affects you, you can ask us to carry out a manual review of this decision.
Your ability to exercise these rights will depend on a number of factors. Sometimes, Tonio won’t be able to agree to your request (for example, if Tonio have a legitimate reason for not doing so or the right does not apply to the particular information Tonio hold about you).
9. How do I exercise my rights?
To exercise any of your rights set out in the previous section, you can contact us through an email at [email protected].
For security reasons, Tonio can't deal with your request if we’re not sure of your identity, so Tonio may ask you for proof of ID.
If a third party exercises one of these rights on your behalf, Tonio may need to ask for proof that they’ve been authorised to act on your behalf.
Tonio will usually not charge you a fee when you exercise your rights. However, we’re allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
10. Do you share my personal data with anyone else?
People or companies that you transfer money to
Where you make a payment from your Tonio account, we’ll provide the recipient with your details alongside your payment (for example, your name and IBAN). This is because, like all payment institutions, we’re required by law to include certain information with payments.
People or companies that transfer money to you
When you receive a payment to your Tonio account, we’ll provide the payer with your details (for example, your name and IBAN). This is necessary to conﬁrm that the payment has been made to the correct account.
The table below explains which suppliers Tonio normally share your personal data with:
|Type of supplier||Why we share your personal data|
Suppliers who provide us with IT, payment and delivery services
To help us provide our services to you
Our banking and ﬁnancial services partners and payments networks, including Visa and Mastercard
To help us provide our services to you. This includes banking and lending partners, banking intermediaries and international payment service providers
Analytics providers and search information providers
To help us improve our website
Customer-service providers, survey providers and developers
To help us to provide our services to you
Communications services providers
To help us send you emails, push notiﬁcations and text messages
Partners who help to provide our services
We’ll only share your personal data in this way if you’ve asked for the relevant service or if it’s provided as part of our membership plans.
From time to time, Tonio may work with other partners to offer you co-branded services or promotional offers, and we’ll share some of your personal data with those partners. Tonio will always make sure you understand how Tonio and our partners process your personal data for these purposes.
Other ﬁnancial institutions and Tonio customers
Tonio may share your personal data with other ﬁnancial institutions, or Tonio customers, if you ask us to. For example, if you have activated ‘Open Banking’ through an account you hold with another ﬁnancial institution and given them permission, we’ll share data from your Tonio account (such as your balance, payment transactions, account number and sort code) with that ﬁnancial institution.
Tonio may also share your personal data with other ﬁnancial institutions, or Tonio customers, where you do not ask us to. For example, if a payment is made to your account by mistake, Tonio can share your information with the ﬁnancial institution, or Tonio customer, the payment came from. This will help the payer and the other ﬁnancial institution to try and get the payment back themselves.
Other third parties
Tonio may share your personal data with other third parties where necessary to facilitate you receiving payments to your Tonio account.
For legal reasons
Tonio also share your personal data with other ﬁnancial institutions, government authorities, law enforcement authorities, tax authorities, companies and fraud prevention agencies to check your identity, protect against fraud, keep to tax laws, anti-money laundering laws, or any other laws and conﬁrm that you’re eligible to use our products and services.
If fraud is detected, you could be refused certain services by Tonio or other companies.
Tonio may also need to share your personal data with other third party organisations or authorities:
- if Tonio have to do so under any law or regulation
- if Tonio sell our business or credit portfolio
- in connection with criminal or fraud investigations
- to enforce our rights (and those of customers or others)
- in connection with legal claims.
Social media and advertising companies
When Tonio use social media for marketing purposes, your personal data (limited to only your name, email address and app events) may be shared with the social media platforms so that they can check if you also hold an account with them. If you do, Tonio may ask the advertising partner or social media provider to:
- use your personal data to send our adverts to you, because Tonio think that you might be interested in a new Tonio product or service
- not send you our adverts, because the marketing relates to a service that you already use
- send our adverts to people who have a similar proﬁle to you (for example, if one of our services is particularly useful to people with similar interests to the ones on your social media proﬁle, we may ask our advertising partner or social media partner to send our adverts for that service to those people)
Tonio may share your personal data with our advertising partners in the ways described above, but the personal data is hashed before Tonio send it, and the social media platform Tonio share it with is only allowed to use that hashed personal data in the ways described above.
Our legal basis is:
- legitimate interests (to ensure Tonio’s advertising is as effective as possible)
You can contact us at any time, by emailing [email protected], if you don’t want us to share your personal data for advertising purposes.
Remember you can also manage your marketing preferences directly with any social media provider that you have an account with.
Where you ask us to share your personal data
Where you direct us to share your personal data with a third party, Tonio may do so. For example, you may authorise third parties to act on your behalf (such as a lawyer, accountant or family member or guardian under a power of attorney). Tonio may need to ask for proof that a third party has been validly authorised to act on your behalf.
11. Will my personal data go outside the United Kingdom or Europe?
As Tonio provide an international service, Tonio may need to transfer your personal data outside the United Kingdom or European Economic Area (EEA) to help us provide our services.
For example, if you make an international payment, we’ll send funds to banks outside of the United Kingdom or EEA. Tonio might also send your personal data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing support services.
Tonio may send your personal data outside of the United Kingdom or EEA to:
- keep to global legal and regulatory requirements
- provide ongoing support services
- credit reference agencies, fraud prevention agencies, law enforcement authorities
- enable us to provide you with products or services you have requested
If Tonio transfer your personal data to another country that doesn’t offer a standard of data protection equivalent to the United Kingdom or EEA, Tonio will make sure that your personal data is suﬃciently protected. For example, we’ll make sure that a contract with strict data protection safeguards is in place before Tonio transfer your personal data. In some cases, you may be entitled to ask us for a copy of this contract.
If you would like more information, please contact us by sending an email to [email protected].
12. How do you protect my personal data?
Tonio recognise the importance of protecting and managing your personal data. Any personal data Tonio process will be treated with the utmost care and security. This section sets out some of the security measures Tonio have in place.
Tonio use a variety of physical and technical measures to:
- keep your personal data safe
- prevent unauthorised access to your personal data
- make sure your personal data is not improperly used or disclosed
Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. Tonio have detailed security and data protection policies which staff are required to follow when they handle your personal data.
While Tonio take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, Tonio cannot guarantee it will be secure during transmission by you to our app, a website or other services. Tonio use HTTPS (HTTP Secure), where the communication protocol is encrypted through Transport Layer Security for secure communication over networks, for all our app, web and payment-processing services.
If you use a password for the Tonio app or our website, you will need to keep this password conﬁdential.
Please do not share it with anyone.
When you use our public services, which includes our social network accounts and the Tonio Community forum, do not share any personal data that you don't want to be seen, collected or used by other customers, as this personal data will become publicly available.
13. How long will you keep my personal data for?
We’ll generally keep your personal data for five years after our business relationship with you ends, or such period as may be required by applicable local laws.
We’re required to keep your personal data for this long by anti-money laundering and e-money laws. Tonio may keep your personal data for longer because of a potential or ongoing court claim, or for another legal reason.
14. How will you keep me updated about how you use my personal data?
If Tonio change the way Tonio use your personal data, we’ll update this notice and, if appropriate, let you know by email, through the Tonio app or through our website.
Tonio also use pixels or web beacons in the direct marketing emails that Tonio send to you. These pixels track whether our email was delivered and opened, and whether links within the email were clicked.
They also allow us to collect information such as your IP address, browser, email client type and other similar details. Tonio use this information to measure the performance of our email campaigns, and for analytics. You can control whether you receive direct marketing emails through the privacy settings in the Tonio app.