1. Policy Statement
“Personal Data” means any information that relates to an identified or identifiable individual, and can include information that you provide to us and that we collect about you when you engage with our Services (e.g. name, address, National Insurance Number, Unique Taxpayer Reference number). “Services” means the products and services that the Company indicates are covered by this Policy which includes Company-provided apps. Our “End User Services” are those services we provide directly to people for their own use. “Sites” means Pie.tax and other websites, apps and online services that we indicate are covered by this Policy. Collectively we refer to Sites and End User Services as “Services”. Depending on the context, “you” means End User or Visitor:When you directly use an End User Service for your personal use (such as signing up to the Pie Money app in your personal capacity), we refer to you as an “End User”.When you visit a Company Site or contact the Company without being a client of Pie Money Limited, we refer to you as a “Visitor” (e.g. you send the Company a message asking for more information on the Service we provide).
3. Personal Data we collect and how we use and share it
All personal data is collected directly from and voluntarily from you as an End User as part of your sign up process or by engaging with our website as a Visitor.
a) End Users
In order to provide the End User Service we are required to collect personal data and we will do so under various circumstances, as provided for by the GDPR legislation. The following are the lawful bases under which we collect personal data:Performance of a contract: When you download and register on our app or website you enter into a contract with us to provide our servicesCompliance with a legal obligation: We are required by law to collect personal data for the prevention of fraud, anti-money laundering and for customer securityConsent: Where required, we will ask for your consent to collect and store your personal data (e.g. your communication and marketing preferences)Legitimate interests: We may collect data to improve the services we provide
Personal Data that we collect about End Users and which lawful bases
Personal details: Name, address, date of birth, National Insurance number, Unique Taxpayer number, email address, phone number, proof of identification documents. This data is collected in order to fulfil our contractual obligations to you as a service provider and also for the purpose of complying with our legal obligations under the Money Laundering Regulations 2017.Business details: Self employed or Sole Traders may be required to provide their trading name, legal status and profession as part of our contractual obligations to you as a service provider and also for the purpose of complying with our legal obligations under the Money Laundering Regulations 2017.Technical data: Device vendor ID, name, make and model, your IP addressTransaction data: Transactional activity of your linked accounts are collected by us as part of the contract for service we provide to you and to comply with our legal obligations under the Money Laundering Regulations 2017.Communication data: We collect data from you through your communications with us in order for us to fulfil our contractual obligations to you as a service provider and to comply with our legal obligations. We may also collect data that you provide to us with your consent, in relation to your marketing and contact preferences, which you may revoke at any time. We do not sell or share your Personal Data with third parties for marketing or advertising their products.Analytical data: In order to improve our service and optimise how we provide you with our services, we may collect data on how you use our app and/or services. This data is collected for our legitimate interest as a Company.
Account Information Services - Truelayer
a) Visitors (website)
In order to provide further information to you as you engage with our website we may collect personal data from you. The following are the lawful bases under which we collect personal data:Consent: Where required, we will ask for your consent to collect and store your personal data (e.g. your communication and marketing preferences)Legitimate interests: We may collect data to improve the services we provide
Personal Data that we collect about Visitors and which lawful bases
Personal details: Name, address, email address, phone number. At the time of interacting with our website and choosing to fill in a form on our website, you may provide these personal details to us with your consent so that we may provide further information on our services to you at the first instance.Communication data: We may also collect data that you provide to us with your consent in relation to your marketing and contact preferences, which you may revoke at any time. We do not sell or share your Personal Data with third parties for marketing or advertising their products.Analytical data: In order to improve our service and optimise how we may provide you with our services, we may collect data on how you use our website. This data is collected for our legitimate interest as a Company.
4. More ways we collect, use and share Personal Data
5. Personal Data Sharing
In addition to the ways described above, we share Personal Data in the following ways:Service Providers or Processors: In order to provide Services to our End Users and to communicate, market and advertise to Visitors and End Users regarding our Services, we will rely on others to provide us services. Service Providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our Services, customer service and email. We require such service providers to commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.Corporate Transactions: In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as reorganisation, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Policy.Compliance and Harm Prevention: We share Personal Data as we believe necessary to (i) comply with applicable law, (ii) enforce our contractual rights, (iii) secure or protect the Services, rights, privacy, safety and property of Pie, you or others, including against other malicious or fraudulent activity and security incidents, and (iv) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.Service Providers or Processors: In order to provide Services to our End Users and to communicate
6. Legal bases for processing data
For the purposes of the General Data Protection Regulation, we rely on four legal bases to enable our processing of your Personal Data.a) Performance of a contract We process Personal Data for the purpose of entering into contractual agreements with clients and to perform our contractual obligations for them. Processing includes:Facilitation, creation and management of client accounts to allow clients to avail of our Services; andProcessing Personal Data to HMRC to facilitate submission of client tax returns.b) Compliance with a legal obligation We process Personal Data to verify the identity of individuals in order to comply with fraud monitoring, our prevention and detection obligations, laws associated with the identification and reporting of illegal activity such as Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations, and financial reporting obligations. We are required by law to record and verify a client’s identity for the purpose of complying with legislation to prevent money laundering and financial crimes. We may be required to report our compliance to third parties and submit to third party verification auditsc) Legitimate Interests Where allowed under the applicable law, we rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes for which we have a legitimate interest in processing your data:Detect, monitor and prevent fraud;Mitigate claims, liabilities or other harm to End Users and the Company;d) Consent We may rely on consent to collect and process Personal Data as it relates to how we communicate with you and for the Provision of our Services. When we process data based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn.Detect, monitor and prevent fraud;Mitigate claims, liabilities or other harm to End Users and the Company;
7. Your rights and choices
You may have choices regarding our collection, use and disclosure of your Personal Data:a) Opting out of receiving electronic communications from us If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing communications from us, we retain the right to communicate with you regarding the services you receive (e.g. support and important legal notices).b) Your data protection rights You have the following rights with respect to the Personal Data we control about you:The right to request confirmation of whether the Company processes personal data relating to you and, if so, to request a copy of that Personal Data;The right to request that the Company rectify or update your Personal Data that is inaccurate, incomplete or outdated;The right to request that the Company erase your Personal Data in certain circumstances provided by law;The right to request that we export your Personal Data that we hold to another company, where technically feasible;Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time;Where we process your information based on our legitimate interests, you may also have the right to object to the processing of your Personal Data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object;The right not to be discriminated against for exercising these rights; and/orThe right to appeal any decision by the Company relating to these rights.c) Process for exercising your data protection rightsTo exercise your data protection rights please contact us as described below.
8. Security and Retention
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organisational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorised access, destruction, loss, alteration or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. To help us protect Personal Data, where you have an account or have downloaded our App, we encourage you to use a strong password and ensure access to the device on which you use our App is secured and limited. If you feel that the security of your account or App is compromised, please contact us immediately. We retain your Personal Data as long as we are providing the Services to you, however, even after we stop providing the Services directly to you and even if you close your account or delete the App, we may retain your Personal Data:to comply with our legal and regulatory obligationsto enable fraud monitoring and detectionto comply with our tax, accounting and financial reporting obligationswhere required by any contractual obligations with any third party account information servicesIn cases where we keep Personal Data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
9. International data transfers
We are a business who operates a global team so we may transfer your Personal Data to countries other than your own country. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfers. These transfers are made within the framework of our Binding Corporate Rules for intra-company data transfers in line with GDPR.
10. Updates and notifications
We may change this Policy from time to time to reflect new services, changes in our privacy practices or changes in relevant laws. The “Last updated” date stamp at the bottom of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on our Services or otherwise provide notice of the update as required by law. We may provide you with notifications regarding the Policy or Personal Data by posting on our website, notifying you through the App or by email as provided to us.
11. Contact us
If you have any questions or want to contact the Data Protection Officer, please contact via email at email@example.com. If you contact us by unencrypted email, please note that the Company cannot guarantee the confidentiality of the transmitted information. Unencrypted emails can possibly be read by unauthorised third parties which are outside the control of the Company. You may also contact the Company by sending a letter to: Data Protection Officer c/o PIE MONEY LIMITED Alexandra House The Sweepstakes Dublin 4 D04 C7H2 Ireland This information was last updated on 31st May 2023