Tappily (a trading name of Indigo Michael Ltd) are committed to protecting
and respecting your privacy at all times.
This policy sets out the basis on which any personal data we collect from you,
or that you provide to us when you use or make an application to use the facility,
visit our website
or otherwise communicate
with us will be processed. In this policy, we will also outline the lawful basis
for processing your data, why we wish to collect the data, and what your rights
are in regard to the data.
Please read the following carefully to understand our views and practices regarding
your personal data and how we will treat it.
The data controller of the personal data we collect from your or that you provide to
us is Indigo Michael Limited. Registered office 10 Brick Street, Mayfair, London,
W1J 7HQ Registered number: 07721420
INFORMATION WE MAY COLLECT ABOUT YOU
We will use your personal data for some or all of the reasons set out in this policy.
Examples of the personal data we use for the facility may include:
Bank transaction data
You are responsible for the accuracy of any information you provide to us.
If the data is inaccurate or incomplete, you have the right to request it to
be corrected (see Your Rights below).
As part of the application, you give us consent to access, view,
represent and copy up to 366 days of your online banking transaction
history from your chosen bank account, and subsequently on a daily basis
thereafter. This will include the transaction history of any joint accounts
you hold, and the joint account holder name.
Indigo Michael is approved by the Financial Conduct Authority (FCA) to
perform Account Information Services (AIS) as a regulated activity under
licence number 918778.
Other personal data
Facility application data - your name, address, email address, date of birth,
telephone numbers, residential status, time at address, employment details and
financial information including income and expenditure.
Correspondence, or a record of it, if you should contact us or we contact you
and recordings of telephone calls between us.
Voluntary surveys that we use for research purposes, should you choose to respond to them.
Credit reference and fraud prevention data pertaining to you and any financial associates.
Publicly available information including, but not limited to, electoral roll,
county court judgements, bankruptcy and insolvency information.
Proof of identification or details required to confirm or verify your identity, address,
bank account or payment card.
Details of your visits to our website (including, but not limited to, traffic data, location
data, IP address,
weblogs and other communication data, whether this is required for our own billing purposes or
and the resources that you access.
Information from third parties in respect of you which may include information from a lead
broker, if you have applied to them for a loan and they pass your information to us.
Personal data about other named individuals as required. You must have their authority to
agreed on their behalf.
We may also ask you for information when you report a problem with our website.
In some circumstances we may also collect and process special categories of
personal information such as health data. This is to help ensure that our
services are accessible and so that we can identify vulnerability and offer
appropriate levels of support where required.
HOW WE USE YOUR INFORMATION
We will only use your personal data where we have a lawful basis to use it.
We will only use your data where it is necessary for us to perform our contract
with you (for example, to fulfil your loan agreement), or in a way which might
reasonably be expected as part of running our business and which does not materially
impact your interests, rights or freedoms. Please get in touch with us using the contact
details provided at the end of this policy if you would like further information about this
We may sometimes need to use data to comply with our legal obligations (for example to pass
on details related to fraud). In other instances, we will ask for your consent to use your
data, for example, where you sign-up to receive marketing from us or consent to use accessing
your online banking transaction history.
Further details of how we use your personal information and the legal bases we rely on are provided
How we use your Information
We will use your Bank Transaction Data to assess your credit worthiness,
and to make on-going lending and collecting decisions.
You consent for us to access and process bank data.
We will use the financial information you provide to us
(e.g. income and expenditure) to ascertain your ability to
meet prospective repayments in an affordable and sustainable manner.
Compliance with legal obligations
If you consent to us accessing and processing your Bank Transaction
Data, we will use bank transaction data about your joint accounts,
including the name of the joint account holder, to to verify your
identity, help make our lending decisions and prevent fraud and/or
Compliance with legal obligations
To provide and manage your facility and our relationship with you.
Performance of a contract
We will use the information provided to us by credit reference and
fraud prevention agencies to verify your identity, help make our
lending decisions, prevent fraud and/or money laundering and to
manage accounts once we begin our relationship.
We will search credit reference and fraud prevention agencies for information
on all applicants. If you give us false or inaccurate information
and we identify fraud, details may be passed to credit reference and
fraud prevention agencies.
Compliance with legal obligations
To communicate with you by telephone, email, SMS or post using the
details you have provided in relation to your application/agreement
Performance of a contract
To help us analyse and improve our business, to develop marketing
strategies, to develop products and improve our customer services to you.
Where it’s in our legitimate interests to improve business and our service to
To keep you informed about products and services you hold with us.
Performance of a contract
DISCLOSURE OF YOUR INFORMATION
Subject to applicable data protection law, we may share your personal data with third parties in the
To those who provide a service/act as our agents/give professional advice, to prepare any
communications to you or to assist us in connection with any of our business functions. For
legal service providers, IT service providers and payment processors. These third parties will
subject to contractual or other legal obligations to keep your personal data confidential and
use it for the purpose of providing the service to us. Wherever possible, we will anonymise your
data before it is transferred to these third parties.
To Credit Reference Agencies and Fraud Prevention Agencies (see section 5).
With your consent, to the Vulnerability Registration System (VRS) in order to allow other
and organisations, with which you may already have a relationship, to be aware of your change in
circumstances when, for example, dealing with any repayment issues you may have (see Section 6).
To a third party such as a debt collection agency if repayments are not met as outlined on your
contract for a prolonged period of time (you will be notified prior to the transfer).
In the event that we sell or buy any business or assets, in which case we may disclose your
personal data to the prospective seller or buyer of such business or assets and/or their and our
To other members of our group where required for management information and forecasting purposes
or where they provide services to us.
To law enforcement (such as the police) or other public bodies if there is a legal obligation
and we are formally required to do so.
Some of our group companies and service providers are located in countries outside of the UK and
the EU. For example, our group company Account Technologies US LLC deals with some of our customer
queries and complaints on our behalf.
As a result, it may be necessary for the personal data that we collect from you to be transferred
to or accessed from outside the UK or the EU in order for us to provide our services.
If we do this, we have procedures in place to ensure your data receives the necessary protections.
Where we transfer your personal information to countries deemed to provide an adequate level of
data protection by the European Commission or the UK Government as applicable, we rely on that
decision to transfer your personal information. For transfers to group companies and service
providers outside the UK or the EEA where no adequacy decision applies, we use standard contractual
clauses or other transfer tools provided for in the applicable data protection legislation to
protect your personal information. Any transfer of your personal data will follow applicable laws
and we will treat the information according to the principles set out in this policy.
If you would like further information or a copy of the standard contractual clauses we use,
please get in touch with us using the contact details provided at the end of this policy.
CREDIT REFERENCE AND FRAUD PREVENTION AGENCIES
We use Credit Reference Agencies (CRAs) to assess your application for credit and
fulfil our legal obligations (e.g.e.g. to assess affordability and verify your identity
to prevent money laundering). We may also make periodic searches at CRAs to manage your
account with us.
When CRAs receive a search from us they will place a search footprint on your credit
file that may be seen by other lenders. Information on credit applications and details
of how you manage your account with us will be sent to CRAs and will be recorded by them.
If you borrow and do not repay in full and on time, CRAs will record the outstanding debt.
If false or inaccurate information is provided and fraud is identified, details will be
passed to fraud prevention agencies.
If you tell us that you have a spouse or financial associate, we will link your records
together so you must be sure that you have their agreement to disclose information about
them. CRAs also link your records together and these links will remain on your and their
files until such time as you or your partner successfully files for a disassociation with
the CRAs to break that link.
The information held by CRAs may be supplied by them to other organisations which make
searches of your credit record such as lenders, debt recovery agents, law enforcement
agencies and insurers. Records remain on file for 6 years after they are closed, whether
settled by you or defaulted.
More information about CRAs and, their additional role as fraud prevention agencies,
the data they hold, the ways in which they use and share personal information, data
retention periods and your data protection rights with the CRAs is provided in the
Credit Reference Agency Information Notice (CRAIN) available at
. You can also contact the major CRAs directly:
We are a member of Cifas who allows us to use your data to search the National Fraud Database
for fraud prevention purposes. The personal information we have collected from you will be
shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and
to verify your identity. If fraud is detected, you could be refused certain services, finance,
or employment. Further details of how your information will be used by us and these fraud
prevention agencies, and your data protection rights, can be found in the Cifas full Fair
Processing Notice here:
THE VULNERABLILITY REGISTRATION SERVICE
We are a member of the Vulnerability Registration System (VRS).
The VRS is a service which offers individuals control over the
risk of running up debt or financial stress.
The VRS allows lenders and organisations with which you may
already have a relationship, to be aware of any change in your
circumstances which affects your financial circumstances.
One way of helping you do this is to register with the VRS.
Registration with the VRS would ensure that any lender or
organisation using the service must first check with the register
if you were to apply to them for a loan or other credit or
financial facility, or when dealing with any repayment problems
you may have. Lenders or organisations then know to take your
personal circumstances into account without you having to explain
it to them.
More information about the VRS can be found at
In order to register with the VRS, we’ll need to provide them
with some of your personal data. To know more about how this works,
please read the VRS Privacy Notice which you can access at
If you do register with the VRS, lenders/organisations will see your name
and address and the fact that you have registered with the VRS together with
your vulnerability flag so that users of the VRS know to best to treat your
application. A list of current members of the service can be accessed at
By providing your consent when applying for a facility, you are consenting to
the processing of your personal data by VRS and those lenders/organisations
that use the service for the reasons identified above. You can revoke your
consent at any time by contacting VRS and your registration will expire
automatically after 3 months.
PROCESSING YOUR DATA USING AUTOMATED DECISION-MAKING
We use automated decision-making software to underwrite your loan.
Our automated decision-making systems includes but is not limited
to the following inputs:
The use of automated decision-making software is a requirement to
enter into a loan agreement with us. You have the right to request
that we undertake a manual review of the results of the automated
decision rendered by contacting us on 0800 180 8400.
Credit model and affordability algorithms – calculations
to decide credit limits and affordable repayment levels
Anti-fraud and Anti-money laundering databases
Other data sources that provide inputs that show your
creditworthiness, affordability or fitness to receive credit
SECURE STORAGE, TRANSFER AND RETENTION OF YOUR PERSONAL INFORMATION
Unfortunately, the transmission of information via the internet
is not completely secure. Although we will do our best to protect
your personal data, we cannot guarantee the security of your data
transmitted to our website; any transmission is at your own risk.
Once we have received your personal data, we will use strict
procedures and security features to try to prevent unauthorised
access. We ask you not to permit anyone to use your profile.
We will only keep your personal data for as long as we need
to for the reason we collected it, as set out in this privacy
policy. For example, for as long as needed to allow us to fulfil
your loan agreement or to provide any customer services support
you have requested. We may also keep hold of some of your personal
data if we are required to do so for legal purposes, for example,
to meet our legal or regulatory requirements or to prevent fraud
and abuse. For example, we will keep your details of our lending
to you for at least six years after you apply for a loan agreement
with us to allow us to comply with our legal obligations.
Where we have obtained your contact details during the course of
applying for our products and services, we may contact you using
these details by electronic methods including telephone, e-mail,
or SMS with information about similar products and services we
provide, unless you have opted out of receiving such marketing
You may opt-out at any time from receiving any marketing communications
from us by contacting us using the details at the end of this policy.
You may also opt-out of any SMS marketing by following the instruction
in the message itself. Likewise, you can opt-out of any email marketing
by responding to any of our email communications with “remove” in the
subject line, or by sending us an email to firstname.lastname@example.org or
writing to us at Indigo Michael Ltd t/a Tappily, PO Box 1515,
High Wycombe, HP11 9JE. We are not responsible for stopping unwanted
communications from sources beyond our control. If you opt-out of
receiving marketing communications, we will honour such choice once
we have had a reasonable opportunity to process your request.
We reserve the right to take reasonable steps to authenticate your
identity with respect to any such request or other enquiry.
Where you have provided your consent, we may share your personal
information with named third parties for marketing purposes
(for example if we decline your loan application and you agree we
can pass you information to another lender or credit broker who may
be able to assist you in finding a loan).
For the avoidance of doubt, we will never use Bank Transaction Data
or special categories of personal information such as health data
for marketing purposes..
You have rights relating to the way that we use your information and can
make certain choices. For example, you can request:
Where we are relying on your consent (for example, to send you marketing),
you can withdraw your consent at any time.
Access to the personal data we hold about you (commonly known
as a "data subject access request") including a copy of it;
The correction of the personal information that we hold
about you if it is incomplete or inaccurate;
The deletion or removal of personal data we hold about
you where there is no good reason for us continuing to process
it or where you have exercised your right to object to processing (see below);
For our processing of your personal information to be restricted
in certain circumstances, for example if you want to establish its
accuracy or the reason for processing it; and
To obtain a copy of the personal information you’ve provided us
with and to reuse it elsewhere or to ask us to transfer it to a
third party of your choice.
To use any of the rights set out above, or to discuss any other issue
relating to your information, please contact us using the details at
the end of this policy.
If you have any concerns about the way we use your information,
you also have the right to complain to the Information Commissioner's
Office, which regulates the use of personal information in the UK, by
calling 0303 123 1113 or via
www.ico.org.uk/make-a-complaint/. We would, however, appreciate the
chance to deal with your concerns
before you approach the ICO, so please do contact us in the first instance.
From time to time we may make changes to this policy and how we use your
information in the future. If we do this, we’ll post an updated version
of this policy on our website.
From time to time, our website may contain links to third parties. These
third parties have their own privacy policies and we do not accept
responsibility or liability for these policies.
CONTACT & COMPLAINTS
personal data and protect your privacy or if you have any other concerns
please contact the Data Protection Officer at Indigo Michael Ltd
t/a Tappily, PO Box 1515, High Wycombe, HP11 9JE or email to