Yoyo Wallet Transparency Statement
Last Updated On: 23rd October 2017
Privacy & Cookies
Where the words "Yoyo Wallet", "we", "us" or "our" are used in this document, they are all references to Yoyo Wallet Limited, incorporated in England and Wales under company registration number 08515940, whose registered office is at 78 Whitfield Street, London W1T 4EZ. Yoyo Wallet Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Ref. 900645) for the issuing of electronic money.
This Transparency Statement is subject to, and should be read alongside, our Consumer Account Terms, of which it forms part. Unless otherwise defined in this Transparency Statement, any capitalised terms have the same meaning as given to them in our Consumer Account Terms.
We treat your information very carefully, and we have written this document to help you understand what information we collect, who has access to it and for what purposes. We have called it a Transparency Statement to emphasise the importance we place on being clear about these points.
You should also know that we are registered as a data controller with the Information Commissioner’s Office under registration number ZA019543, and as such we are required to comply with the Data Protection Act 1998.
We summarise below the types of data that you have agreed to share with various parties, including Merchants, by your acceptance of our Consumer Account Terms. You may withdraw your consent to any data sharing listed below at any time by emailing us at email@example.com, although as some categories of data sharing are essential to the provision of the Yoyo Services or certain aspects of the Yoyo Services, withdrawal of your consent for certain categories will require termination of your Account or that aspect of the Yoyo Services. We encourage you to read the remainder of this policy to understand more about how your data is used.
1. How does Yoyo Wallet collect information about you?
We collect information about you when you access our website ("Site"), register to open an Account, use the Yoyo App to benefit from Yoyo Services, make Transactions at Merchants or when you contact us. This may include information you provide to us or information we obtain or learn, such as information about how you use our Site, the Yoyo App or the device(s) you use to access your Yoyo Services.
2. What information do we hold about you?
Yoyo Wallet may collect, hold or process the following categories of information on customers:
2.1. Personal data: Information that may be used to identify a living individual - your title, full name, postcode, email address, mobile phone number, date of birth - and any other data we receive from a social networking profile that you have elected to use to log-in to a Yoyo App via, our Merchants or other third parties with whom we have arrangements to enable you to link your Account to and/or we provide links to their promotions or offers via a Yoyo App, including any photos and/or ID numbers you may have shared with them and which you may choose to link to your Account, as detailed under "Third party sourced data" below.
2.2. Third party sourced data: Private information that you grant us permission to collect, and public information, from third party apps or websites such as, but not limited to, Student Unions, Banks (and other financial institutions) and Facebook. The first time we request access to private information from a third party source, that app or website will ask your permission to allow us to access the private information. You have the right to revoke the Yoyo Service access to third party apps or websites via your associated accounts with those third party apps or websites.
2.3. Detailed transaction data: Detailed information on transactions you carry out using a Yoyo App to pay for goods or services, or redeem rewards and offers, such as the items that were obtained, the transaction ID, the price paid or discount given, the location and time of the transaction, and the outcome of that transaction.
2.4. Anonymised Yoyo Wallet ID: A unique customer identifier.
2.5. Anonymised customer profile: Location or demographic data and stated preferences (e.g. “Favouriting” a particular Merchant).
2.6. Anonymised purchasing profile: Simplified data on your past purchases - category of product purchased, date of purchase and general location of purchase (e.g. post code area).
2.7. Financial account information: Information that is used to add funds to a customer's Account for example, bank account and sort-code, debit card number and expiry date. For more information on how this information is processed, please see Section 5 (Information storage, access and contact details) of our Transparency Statement below.
2.9. Surveys: Information that you have opted to provide to us in response to customer research and satisfaction surveys.
2.10. NUS Extra: If the functionality is available, Yoyo Wallet may allow you to link an 'NUS Extra' membership card issued to you by the National Union of Students (NUS) to your Account. If you choose to do this, we will communicate your NUS Extra membership card number (which you will provide to us) to the NUS and the NUS will then tell us the name of the academic institution you attend and provide us with a copy of your NUS Extra membership card photograph for us to digitalise and display within the Yoyo App. By choosing to link your NUS Extra membership card in this way you give us permission to provide and receive this information to and from the NUS.
3. What third parties have access to this information and why?
3.1. Personal data:
3.1.1. Where you have registered through, and are using, the Yoyo App, we do not share your personal data with Merchants.
3.1.2. Where you have registered through, and are using, a Merchant branded version of the Yoyo App
18.104.22.168. We may share your name, email address and mobile number with the relevant Merchant for the Merchant to use for marketing of its own products and services.
22.214.171.124. We may also share your wider account data (including transactions) with the relevant Merchant to assist with any migration of users of the Merchant branded app to a new wallet provider in place of Yoyo Wallet for that Merchant.
3.1.3. As a fraud prevention measure, we send your full name and postcode to payment service providers when you link a debit or credit card to your Yoyo Account. We do this to ensure that your personal details match with the card-holders and that you are the legitimate card holder
3.2. Third party sourced data: We do not share personal data received from third party sources with Merchants other than as stated in Section 3.1.2 above.
3.3. Detailed Transaction data:
3.3.1. Transaction data is shared with the Merchants who are receiving payment or providing rewards and offers on that Transaction. We do this so that the Merchant can reconcile their point of sale data with Yoyo data, and to allow them to analyse Transactions. We only send this information with your Anonymised Yoyo Wallet ID – never your personal data.
3.3.2. If the Merchant is a student union, we may also share this with the NUS if the student union has agreed to Yoyo Wallet doing so, to enable the NUS to analyse the success of NUS brand campaign offers.
3.4. Anonymised Yoyo Wallet ID:
3.4.1. We provide Merchants with a unique Yoyo Wallet ID for each customer alongside the Transaction data to allow a Merchant to understand the payment, reward and offer behaviour of a particular customer or group of customers.
3.4.2. This will also be sent to the NUS when Transaction data is shared with the NUS as outlined in Section 3.3.2 above.
3.4.3. The Yoyo Wallet ID may also be sent to third parties who provide payment services to Yoyo Wallet customers to enable them and us to match incoming funds to a Yoyo Wallet customer.
3.5. Anonymised customer profile: Merchants can obtain customer data that is linked to the Yoyo Wallet ID. They may use this to design promotions that are delivered to specific groups of customers and also to understand their own customer base in more detail.
3.6. Anonymous purchasing profile: Retail brands that have products sold by Merchants can obtain reports showing results from analysis conducted using anonymised and aggregated purchasing data to enable them to get a better understanding of the purchasing patterns of their products so they can design more effective promotions and campaigns. They do not get access to the underlying Transaction data.
3.7. Financial account information: This information is only held by the payment service provider. Yoyo Wallet does not hold any sensitive financial information about our customers. For more information on how this information is processed, please see Section 5 (Information storage, access and contact details) of our Transparency Statement below.
3.8. Network, hardware and web: We will not share any of this type of data with third parties other than when required in order to assist with regulatory or criminal enquiries.
3.9. Other uses: We may share your information with third parties, including law enforcement agencies for any of the following:
3.9.1. For the purpose of fulfilling our obligations under the Consumer Account Terms, or as required by applicable law or payment method rules.
3.9.2. To assess financial and insurance risks.
3.9.3. In relation to any breach of, or to enforce, the Consumer Account Terms.
3.9.4. To recover debt or in relation to your insolvency.
3.9.5. To develop our services and our systems.
3.9.6. To prevent and detect fraud or crime.
3.9.7. To respond to requests from courts, law enforcement agencies and other public, governmental or regulatory authorities or agencies.
3.9.8. In the course of any investigation by us or any third party into any suspected criminal activity.
3.9.9. Regarding information security, the risk of fraud, sector risk and credit risk.
3.9.10. To protect our rights, privacy and property, and that of our customers.
3.10. We may also share your information with:
3.10.1. Our service providers who help us provide the Yoyo Services. Service providers help us with things like payment processing, website hosting, data analysis, information technology and related infrastructure, customer services, email delivery and anti-fraud services. These third parties are authorised to use your information only as necessary to provide their services and we take appropriate steps to ensure that third parties protect your information.
3.10.2. Third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). We shall endeavour to ensure such third parties are bound by confidentiality obligations in relation to such information.
4. What does Yoyo Wallet use your information for?
4.1. Yoyo Wallet will use the data it holds on customers in the above categories to:
4.1.1. Process and manage your application for and use of Yoyo Wallet products and services via a Yoyo App, including your Account and participation in any reward or offer programmes offered by our Merchants.
4.1.2. Respond to your customer service inquiries.
4.1.3. Create personalised retailer promotions based on your purchasing preferences and behaviour.
4.1.4. Communicate with you by email about your orders or purchases, your services, Account, participation in any reward or offer programmes, contest or sweepstakes you have entered, and any requests for information you may submit to us.
4.1.5. Communicate with you by email about our products, events or for other promotional purposes, including co-branded offers – except where you have expressly opted not to receive such material.
4.1.6. Communicate carefully targeted third party offers by electronic means except where you have expressly opted not to receive such material.
4.1.7. Conduct statistical analysis.
4.1.8. Manage risk by assessing payment and funding risks, identifying, preventing, detecting or tackling fraud, money laundering and other crime and carrying out regulatory checks.
4.1.9. Facilitate the negotiation of any merger, sale of company assets, financing, acquisition or divestiture of all or a portion of our business.
4.1.10. Comply with any applicable law, regulation or governmental request (e.g. tax authorities) and to protect our rights or property, or the security or integrity of the Yoyo Services.
4.2. If you opt out of receiving promotional communications from our Merchants, or from us we may still send you non-promotional communications such as emails about your Account or our ongoing business relationship with you.
5. Information storage, access and contact details
5.1. We hold personal data about you at our own premises and with the assistance of third-party service providers who may store and transmit such data outside of the European Economic Area (EEA).
5.2. Your personal data may also be processed by staff operating outside the EEA who work for us or one of our service providers. Such staff may be engaged in among other things, the provision of your support services.
5.3. However, any such data transfer will be made only to a country that the European Commission has decided is country which ensures an adequate level of protection, or if we have otherwise provided for other appropriate safeguards to legitimise such data transfers. Whenever we share your data with third parties, we will take all reasonable steps to ensure that your privacy rights continue to be protected under the applicable data protection legislation. By sharing your personal data with us and interacting with the Yoyo Services, you agree to the storing, processing and/or transfer described in Sections 5.1 – 5.3.
5.4. If data is transferred to a third country where appropriate safeguards need to be put in place we would be happy to provide information pertaining to such safeguards on request. You can contact us for this information (firstname.lastname@example.org).
5.5. We take reasonable measures, including administrative, technical and physical safeguards, to protect your personal data from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.
5.6. We do not store customer card details, and apply information security practices to keep card data safe as it is in transit through the Yoyo App.
5.6.1. Whenever you enter your card information into the Yoyo App, those details are encrypted and passed directly to our payment service provider ("PSP").
5.6.2. Upon receiving your information, our PSP sends us a token (consisting of random letters and numbers).
5.6.3. The token (not your card details) is then used to effect payments for the products or services you purchase through the Yoyo App.
5.6.4. To ensure the required level of payment security, we will always use a PCI DSS-compliant payment gateway to store, process and transmit your Payment Card data.
5.6.5. We reserve the right to change our payments gateway at our sole discretion, provided any such payment gateway meets this security compliance level.
5.7. We will retain information about you after the closure of your Account for as long as is permitted for legal, regulatory or fraud prevention purposes, and this may include our retaining your transaction data for up to 6 years.
6. Your rights
6.1. You have the right to request a copy of the personal data we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out. Please note that, in accordance with the Data Protection Act 1998, a £10 admin fee is applicable. For further information, please contact us by emailing email@example.com with the subject "Data subject access request".
6.2. Also in accordance with the Data Protection Act 1998, you have the right to correct, restrict our use of or ask us to delete your personal data. Please use the above email address to ask any questions relating to your privacy rights or to request the correction, restriction or deletion of your personal data.
6.3. You can also write to us at Yoyo Wallet Limited, 78 Whitfield Street, London W1T 4EZ, marked for the attention of Customer Support (Data Protection).
6.4. The Information Commissioner’s Office regulates data protection and privacy matters in the UK and you have the right to make a complaint to the Information Commissioner’s Office at any time about the way that we use your information.
7. Cookies Policy
7.1.1. Performance Cookies: Our Site collects system-related information, such as the type of internet browser and operating system you use, the website from which you have come to our Site, the duration of individual page views, paths taken by visitors through the Site, and other general information and your IP address (the unique address which identifies your computer on the internet) which is automatically recognised by our web server. This information is collected for system administration and to report aggregate information to our subcontractors and partners to enable them to provide services to us. It is statistical data about our users' browsing actions and does not, of itself, contain any personal data. It is often not possible to identify a specific individual from this information, although for example we may be able to identify if it relates to a specific individual in conjunction with other information in our control.
7.1.2. Functionality Cookies: Our Site also deploys functionality cookies, which are also used when registered users access private sections of our Site. These cookies are used to facilitate the log in process. In this case, we may be able to identify that your login details have been used.
7.2. You can control how cookies are placed on your device and remove existing cookies. All you have to do is change your web browser settings. Most web browsers offer users controls, to give you the option to delete or disable cookies. You can usually find out how to do so by referring to the ‘Help’ option on the menu bar of your browser, or by visiting the browser developer's website. This will usually tell you how to prevent your browser from accepting new cookies; notify you when you receive new cookies; and disable cookies altogether. Please note that disabling or restricting cookies may affect the functionality of the Site and may stop you accessing private areas of the Site.
7.3. You can also learn more about cookies by visiting http://www.allaboutcookies.org/ which includes additional useful information on cookies and how to block them on different types of browsers and mobile devices.
8. Updating our Transparency Statement
8.1. We may update this Transparency Statement from time to time. When we do so, we will post the new version on our Site and change the date at the top of the policy.
8.2. We encourage you to check the date of our Transparency Statement when you visit the Site for any updates or changes. We will notify you of any modified versions of the Transparency Statement that might materially affect the way we use or disclose your personal data.