Yoyo Wallet Transparency Statement
Last Updated On: 3rd March 2017
Privacy & Cookies
Where the words "Yoyo Wallet", "we", "us" or "our" are used in this document, they are all references to Yoyo Wallet Limited, incorporated in England and Wales under company registration number 08515940, whose registered office is at 78 Whitfield Street, London W1T 4EZ. Yoyo Wallet Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Ref. 900645) for the issuing of electronic money.
This Transparency Statement is subject to, and should be read alongside, the Yoyo Consumer Account Terms, of which it forms part. Unless otherwise defined in this Transparency Statement, any capitalised terms have the same meaning as given to them in our Consumer Account Terms.
We treat your information very carefully, and we have written this document to help you understand what information we collect, who has access to it and for what purposes. We have called it a Transparency Statement to emphasise the importance we place on being clear about these points.
You should also know that we are registered as a data controller with the Information Commissioner’s Office under registration number ZA019543, and as such we are required to comply with the Data Protection Act 1998.
The Yoyo Wallet data matrix
We summarise below the types of data that you have agreed to share with various parties, including Merchants, by your acceptance of the Yoyo Consumer Account Terms. You may withdraw your consent to any data sharing listed below at any time by emailing us at firstname.lastname@example.org - although as some categories of data sharing are essential to the provision of the Yoyo Services or certain aspects of the Yoyo Services, withdrawal of your consent for certain categories will require termination of your Account or that aspect of the Yoyo Services. We encourage you to read the remainder of this policy to understand more about how your data is used.
How does Yoyo Wallet collect information about you?
We collect information about you when you access our website ("Site"), register to use a Yoyo App or when you contact us. This may include information you provide to us or information we obtain or learn, such as information about how you use our Site or the device(s) you use to access your Yoyo Services.
What information do we hold about you?
Yoyo Wallet will hold or process the following categories of information on customers:
- Personal data: Information that may be used to identify a living individual - your title, full name, postcode, email address, mobile phone number, date of birth - and any other data we receive from a social networking profile that you have elected to log-in to a Yoyo App via, our Merchants or other third parties with whom we have arrangements to enable you to link your Account to and/or we provide links to their promotions or offers via a Yoyo App, including any photos and/or ID numbers you may have shared with them and which you may choose to link to your Account, as detailed under "third party sources" below
- Third party sources: If you elect to link your Yoyo Wallet account with third party platforms or services, such as memberships of Student Unions, social media accounts such as Facebook, or other third party services, then additional information about you may be provided to us by the relevant third parties for the purposes of linking, for use, and/or through sign-in. These will be communicated to you when you request we make the relevant link.
- Detailed transaction data: Detailed information on transactions you carry out using a Yoyo App to pay for goods or services, or redeem rewards and offers, such as the items that were obtained, the transaction ID, the price paid or discount given, the location and time of the transaction, and the outcome of that transaction
- Anonymised Yoyo Wallet ID: A unique customer identifier
- Anonymised customer profile: Location or demographic data and stated preferences (e.g. “Favouriting” a particular Merchant)
- Anonymised purchasing profile: Simplified data on your past purchases - category of product purchased, date of purchase and general location of purchase (e.g. post code area)
- Financial account information: Information that is used to add funds to a customer's Account for example, bank account and sort-code, debit card number and expiry date. For more information on how this information is processed, please see the Security section of our Transparency Statement below
- Surveys: Information that you have opted to provide to us in response to customer research and satisfaction surveys.
- NUS Extra: If the functionality is available, the Yoyo Wallet may allow you to link an 'NUS Extra' membership card issued to you by the National Union of Students to your Account. If you choose to do this, we will communicate your NUS Extra membership card number (which you will provide to us) to the NUS and the NUS will then tell us the name of the academic institution you attend and provide us with a copy of your NUS Extra membership card photograph for us to digitalise and display within the Yoyo App.
What third parties have access to this information and why?
- Where you are using a Merchant branded version of the Yoyo App, we may share the following information about you with the relevant Merchant: your name, email address and mobile number, for the Merchant to use for marketing of its own products and services, and also your wider account data including transactions, to assist on any migration of users of the branded app to a new wallet provider in place of Yoyo Wallet for that Merchant.
- Detailed transaction data: Transaction data is shared with the Merchants who are receiving payment or providing rewards and offers on that transaction. We do this so that the Merchant can reconcile their point of sale data with Yoyo data, and to allow them to analyse Transactions. If the Merchant is a student union, we may also share this with the NUS if the student union has agreed to Yoyo Wallet doing so, to enable the NUS to analyse the success of NUS brand campaign offers.
- Anonymised Yoyo Wallet ID: We provide Merchants with a unique Yoyo Wallet ID for each customer alongside the transaction data to allow a Merchant to understand the payment, reward and offer behaviour of a particular customer or group of customers. This will also be sent to the NUS when Transaction data is shared with the NUS as outlined in the bullet point above. The Yoyo Wallet ID may also be sent to third parties who provide account funding services to Yoyo Wallet customers to enable them and us to match incoming funds to a Yoyo Wallet customer.
- Anonymised customer profile: Merchants can obtain customer data that is linked to the Yoyo Wallet ID. They may use this to design promotions that are delivered to specific groups of customers and also to understand their own customer base in more detail.
- Anonymous purchasing profile: Retail brands that have products sold by Merchants can obtain reports showing results from analysis conducted using anonymised and aggregated purchasing data to enable them to get a better understanding of the purchasing patterns of their products so they can design more effective promotions and campaigns. They do not get access to the underlying transaction data.
- Financial account information: This information is only held by the funding source provider. Yoyo Wallet does not hold any sensitive financial information about our customers.
- Network, hardware and web: We will not share any of this type of data with third parties other than when required in order to assist with regulatory or criminal enquiries.
- Other uses: We may share your information with third parties, including law enforcement agencies and credit reference agencies as follows:
- for the purpose of fulfilling our obligations under the Consumer Account Terms, or as required by applicable law;
- to assess financial and insurance risks;
- in relation to any breach of, or to enforce, the Consumer Account Terms;
- to recover debt or in relation to your insolvency;
- to develop our services and our systems;
- to prevent and detect fraud or crime;
- in the course of any investigation by us or any third party into any suspected criminal activity; and/or
- regarding information security, the risk of fraud, sector risk and credit risk;
- Regulatory requirements: we may make periodic searches of, and provide information about you to credit reference agencies, fraud prevention agencies to manage and take decisions about their relationship or prospective relationship with you. Such information may be used by credit providers to take decisions about you and your financial associates. We may also review you and your business activities (including without limitation by electronic means) to monitor your compliance with the Consumer Account Terms. Please be aware that a link between you and anyone with whom you have a joint account or similar financial association will be recorded at credit reference agencies, creating a “financial association”. All such associated parties’ information will be taken into account in future applications until you or one of them successfully files a “notice of disassociation” at the credit reference agencies.
What does Yoyo Wallet use your information for?
Yoyo Wallet will use the data it holds on customers in the above categories to:
- Process and manage your application for and use of Yoyo Wallet products and services via a Yoyo App, including your Account and participation in any reward or offer programmes offered by our Merchants.
- Respond to your customer service inquiries.
- Create personalised retailer promotions based on your purchasing preferences and behaviour.
- Communicate with you by email about your orders or purchases, your services, Account, participation in any reward or offer programmes, contest or sweepstakes you have entered, and any requests for information you may submit to us.
- Communicate with you by email about our products, events or for other promotional purposes, including co-branded offers – except where you have expressly opted not to receive such material.
- Communicate carefully targeted third party offers by electronic means except where you have expressly opted not to receive such material.
- Conduct statistical analysis.
- Manage risk by assessing payment and funding risks, identifying, preventing, detecting or tackling fraud, money laundering and other crime and carrying out regulatory checks.
- Facilitate the negotiation of any merger, sale of company assets, financing, acquisition or divestiture of all or a portion of our business.
- Comply with any applicable law, regulation or governmental request (e.g. tax authorities) and to protect our rights or property, or the security or integrity of the Yoyo Services.
If you opt out of receiving promotional communications from our Merchants, or from us we may still send you non-promotional communications such as emails about your Account or our ongoing business relationship with you.
Information storage, access and contact details
We will retain information about you after the closure of your Account for as long as is permitted for legal, regulatory or fraud prevention purposes, and this may include our retaining your transaction data for up to 6 years.
You have the right to request a copy of the personal data we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out. Please note that, in accordance with the Data Protection Act 1998, a £10 admin fee is applicable. For further information, please contact us by emailing email@example.com with the subject "Data subject access request".
Also in accordance with the Data Protection Act 1998, you have the right to correct, restrict our use of or ask us to delete your personal data. Please use the above email address to ask any questions relating to your privacy rights or to request the correction, restriction or deletion of your personal data.
We take reasonable measures, including administrative, technical and physical safeguards, to protect your personal data from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction. We hold personal data about you at our own premises and with the assistance of third-party service providers who may store and transmit such data outside of the European Economic Area. Whenever we share your personal data with third parties, we will take all reasonable steps to ensure that your privacy rights continue to be protected under the applicable data protection legislation. By sharing your personal data with us and interacting with the Yoyo Services, you agree to the storing, processing and/or transfer described in this section.
We do not store customer card details, and apply information security practices to keep card data safe, for example whenever you enter your card information into a Yoyo App, those details are encrypted and passed directly to our payment service provider ("PSP"). Upon receiving your information, our PSP sends us a token (consisting of random letters and numbers). The token (not your card details) is then used to effect payments for the products or services you purchase through the Yoyo App. To add additional security the token changes at frequent intervals regardless of whether or not you are on-line. To ensure the required level of payment security, we will always use a PCI DSS-compliant payment gateway to store, process and transmit your Payment Card data. We reserve the right to change our payments gateway at our sole discretion, provided any such payment gateway meets this security compliance level.
- Performance Cookies: Our Site collects system-related information, such as the type of internet browser and operating system you use, the website from which you have come to our Site, the duration of individual page views, paths taken by visitors through the Site, and other general information and your IP address (the unique address which identifies your computer on the internet) which is automatically recognised by our web server. This information is collected for system administration and to report aggregate information to our subcontractors and partners to enable them to provide services to us. It is statistical data about our users' browsing actions and does not, of itself, contain any personal data. It is often not possible to identify a specific individual from this information, although for example we may be able to identify if it relates to a specific individual in conjunction with other information in our control.
- Functionality Cookies: Our Site also deploys functionality cookies, which are also used when registered users access private sections of our Site. These cookies are used to facilitate the log in process. In this case, we may be able to identify that your login details have been used.
You can control how cookies are placed on your device and remove existing cookies. All you have to do is change your web browser settings. Most web browsers offer users controls, to give you the option to delete or disable cookies. You can usually find out how to do so by referring to the ‘Help’ option on the menu bar of your browser, or by visiting the browser developer's website. This will usually tell you how to prevent your browser from accepting new cookies; notify you when you receive new cookies; and disable cookies altogether. Please note that disabling or restricting cookies may affect the functionality of the Site and may stop you accessing private areas of the Site.
You can also learn more about cookies by visiting http://www.allaboutcookies.org/ which includes additional useful information on cookies and how to block them on different types of browsers and mobile devices.
Updating our Transparency Statement
We may update this Transparency Statement from time to time. When we do so, we will post the new version on our Site and change the date at the top of the policy.
We encourage you to check the date of our Transparency Statement when you visit the Site for any updates or changes. We will notify you of any modified versions of the Transparency Statement that might materially affect the way we use or disclose your personal data.