Logo
Calculator
LoginGet a mortgage

Tembo Privacy Policy

Your privacy is really important, which is why protecting your personal data is our top priority. 

This privacy policy explains how we collect, use, and protect your personal data. That includes data you give us when you visit our website, sign up for an account, or buy one of our products or services. This also includes data we collect from you or other sources when we provide our services. We’ll also explain your privacy rights and how the law protects you.

Navigating this Privacy Policy

This Privacy Policy contains information relating to both Tembo Money Limited and Nude Finance Limited. This Privacy Policy has, therefore, been split into three sections:

  • Section 1 - Tembo Money Limited: This section explains how Tembo Money Limited collects, uses and protects your personal data to provide mortgage and insurance-related services to you. 
  • Section 2 - Nude Finance Limited: This section explains how Nude Finance Limited collects, uses and protects your personal data to provide ISA Savings-related services to you. 
  • Section 3 - Cookie Policy: This section explains how we use cookies on our website, www.tembomoney.com. 

Where we will refer to ourselves as ‘we’, ‘us’, or ‘our’, we refer to either Tembo Money Limited (where we do so in section 1) or Nude Finance Limited (where we do so in section 2) or both (where we do so elsewhere).

Section 1 - Tembo Money Limited

Who we are and get in touch

For the purposes of the data protection legislation, the data controller is Tembo.

If you have any questions about your data, including exercising your legal rights, you can get in contact with us at: 

Tembo Money Ltd, 18 Crucifix Lane, SE1 3JW

Email: hello@tembomoney.com

Telephone: 020 3386 9333

If you have a complaint about anything to do with your data, we take this seriously. You can read our Complaints Procedure here. We’ll investigate and get back to you as soon as we can.

We’re registered with the Information Commissioner’s Office (ICO) with registration number ZA795944. The ICO is an independent organisation that protects people’s data and privacy rights. If you have a complaint, we’d love the chance to help you first, but you can also complain to the ICO at any time.

We are Tembo Money Ltd, a company registered in England and Wales under company number 12631312. We are authorised and regulated by the Financial Conduct Authority (FCA), under firm reference number 952652.. You can check this on the Financial Services Register by visiting the FCA website. You can find more details about how we're regulated in our Terms of Business.

Updates to this document

Amendments and updates to this policy may be made from time-to-time. Any revisions will be posted on this page and where appropriate, notified to you by email, so you will always be aware of what information we collect and how we use that information. If you’d like a copy of a previous version, please email us at hello@tembomoney.com.

Information we collect 

We collect, use, store and transfer personal data. Personal data is any information which can (or could be used to) identify you. It doesn't include data which is not possible to relate to a specific person (anonymous data).

As a mortgage and protection broker it is important we have the right information about you in  order to make a tailored, and suitable recommendation. This ensures we can select from the widest range of available products to give you the right option for your circumstances. 

We collect, use, store, and transfer different types of personal data and they can be grouped as follows: 

Tembo may collect and process the following information about you:

  • Identity Data includes first name, maiden name, last name, marital status, title, date of birth, gender, address and employment history, and citizenship.
  • Contact Data includes address, email address and telephone numbers.
  • Financial Data includes bank account details and bank statements, your income and outgoings, credit history including details of any history of bankruptcy or county court judgements, mortgages and protection products held, and payment/ direct debit details.
  • Special Category/Sensitive Data which includes physical and mental health conditions, racial / ethnic origin, and biometric data 
  • Criminal Offence Data includes information about criminal offences and convictions.
  • Transaction Data includes details about the products and services you have bought from us
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username, password, and feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us, and our business partners and your communication preferences.
  • Job Application Data includes data submitted throughout the recruitment process i.e. name, email address etc.
  • Employment Data includes any personal information you provide to Tembo as part of the recruitment process or throughout your employment at Tembo should you be a permanent employee, contractor, or 3rd party provider

Special category data and Vulnerable Customers

At Tembo, we give special levels of care to those customers we might consider to be vulnerable. This is to ensure these customers are not disadvantaged when using our services. This is in line with regulations set out by the Financial Conduct Authority. If we think you’re vulnerable, we might record that information to help us give you the right service. That information could be special category data. That’s data that’s likely to be more sensitive – things like physical and mental health conditions.

When companies process special category data, they have to have “legal basis” to use it, which means a legal reason from the UK GDPR. The legal basis we rely on is "legal obligation” (we have to process your data because the law or regulations require us to).

Alongside that, companies also have to meet one of the legal conditions in Article 9 of the UK GDPR. The conditions we rely on are “substantial public interest," “regulatory requirements” and “support for individuals with a particular disability or medical condition.” In plain English, that means we use this data to make sure we support you in the right way. For example, you might tell us that you’re deaf, and that you prefer us not to call you on the phone. We’ll use this information to support you using online chat.

Technical Data

As explained above, we will collect Technical Data as part of your journey with us. For each of your visits to our website, we may automatically collect the following information:

  • technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number; and
  • our website may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. 

The information collected is stored and is used for aggregated and statistical reporting, and is not shared with anybody else. Additionally, the processing of this data enables the betterment of our service to you. 

Other Data 

As part of our fact find, we may require information about criminal convictions and offences that you may have, for example for fraud detection. We also collect specific Special Categories of Personal Data about you to provide you with advice for your protection needs (i.e. details about your ethnicity and information about your health).

We collect data relating to the number of dependents as this affects our affordability calculations to provide you with the most appropriate recommendation. However, we'll only ask for further data relating to dependents if specifically requested as part of an application to be submitted to a lender. This data will be treated sensitively and we won't use this data for marketing purposes or creating personality or user profiles.

If you’re making a joint application, we’ll also collect some of this information about the person you’re applying with, like your partner or Booster. Make sure you have their agreement before you give us their data.

If you’re applying for a company buy-to-let mortgage, we’ll collect some of this information about the people you have a financial link with. For example, the directors or certain employees of your company. Make sure you have their agreement before you give us their data.

How is your personal data collected and what is it used for?

Here’s how we might collect personal data on our website, over live chat, on the phone, or from other companies and places.

Data you give us 

You may give us your data (for example, identity or financial data) by filling in forms or by corresponding with us by post, SMS, phone, email or otherwise. This includes personal data you provide when you:

  • sign up for our services;
  • speak to an adviser or any other Tembo team member, (whether through email, live chat or telephone);
  • speak to an adviser;
  • create an account on our website;
  • subscribe to our newsletter;
  • request marketing to be sent to you;
  • give us some feedback;
  • submit a job application;
  • commence work with Tembo as an employee, contractor or 3rd party provider

Data we automatically collect

Our website automatically collects technical data – things like the equipment you’re using, as well as a record of what pages you’re visiting. We collect this personal data by using cookies, server logs and other similar technologies. You can view our Cookie Policy for greater detail.

Data from another source

As part of collating mortgage and protection recommendations, we work closely with third parties to obtain data relating to you including but not limited to credit reference agencies, search information providers, product vendors, and financial institutions and we may receive financial and credit information about you from them.

  • Analytics providers (based both outside and inside the UK) which are services that help us understand how people use the website, like GA4, and Full Story. We collect this whenever you use our website.
  • Social media accounts such as Google or Facebook, that you use to log into Tembo
  • Public sources such as Companies House or the Electoral Register to verify information you’ve told us 
  • Identify verification is performed using Onfido, which is an ID and anti-money laundering check service. This data helps us confirm your identity as part of your mortgage or protection application.
  • Credit reference agencies, like Experian, which are the companies who hold your credit history and credit report. We may collect this when you apply for a Tembo product or service
  • New home builders or developers, as a legitimate interest of the builder in order to assess affordability for the property
  • Enquiries you perform on third-party mortgage sourcing websites

In addition to using GA4 for website analytics, we use Google Signals, another Google product offerering. It collects visitation information via Google advertising cookies, and identifies and associates it with Google information from the accounts of users signed-in Google accounts, who have consented to this association for the purpose of ad personalisation. This Google information focuses on Cross Device Reports and may include end user location, search history, YouTube history and data from sites that partner with Google. It is used to provide aggregated and anonymous insights into the user's cross-device behaviours. Such data may be accessed or deleted via Google My Activity. In addition, users can opt out of Google Analytics Advertising Features through their Google Ads Settings, Ad Settings for mobile apps, and the Network Advertising Initiative's consumer opt-out. For more information, see Google Privacy controls. 

Information submitted via a job application

If you submit a job application to us, we will collect all the data submitted in the application form to process your application successfully. The data we will collect may include information shared in a CV, covering letter, job application questions and/or notes made by the hiring manager during the interview process. We may also use 3rd parties to complete the necessary background checks, passing required information to them in accordance with our regulatory requirements. Previous employers will be contacted to request references as appropriate.

Employment Data

Additional information will be collected from you at the start of, and throughout your employment term, for example your next of kin details. Tembo may request additional information from you throughout your employment in line with any changes to applicable laws and regulations.

How we use your data 

We use your data for one or more the reasons we’ve listed below. We will only use your personal data when the law allows us to. Most commonly, we'll use your personal data in the following circumstances:

Consent - you’ve told us it’s OK to use your data for a specific reason.

Contract - you’ve agreed to a contract with us, and we need to use your data to carry out that contract. For example, we’ll use your income data to run affordability checks to determine the mortgage most suitable for you. 

Legal obligation - we have to process your data because the law or regulations require us to. For example, we need to get proof of your identity to meet our anti-money laundering responsibilities.

Legitimate interest - we or one of our partners might use your data because we or they might have a legitimate interest to do that. Sometimes that interest is to do with benefitting Tembo or our partners, and sometimes it’s to benefit wider society. One example of legitimate interest for processing your data might be to try to detect and prevent fraud. Another might be to improve our products and services. Or, we might process your data to recover any money you owe us.

Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw consent at any time by contacting us at hello@tembomoney.com.

We've set out below a detailed description of the ways we use your personal data, and which of the legal bases we rely on to do so.

An introduction 

The purpose we use your data: We use your identity and contact data to register you as a new customer and manage your Tembo account.

The legal basis: Contract

Submitting your mortgage

The purpose we use your data: We use your identity, contact, financial, transaction, marketing and communications, special category, and criminal offence data to help you with your mortgage. Things like finding the right mortgage for you and managing the mortgage applications we make on your behalf. We’ll also use this information to monitor your mortgage and let you know when you could get a better deal.

The legal basis: Contract. Legal obligation (for special category data, we also rely on “substantial public interest”, “regulatory requirements,” and “support for individuals with a particular disability or medical condition”). Legitimate interest (in this case, to recover any money you owe us and to develop and grow our business)

Keep you up to date

The purpose we use your data: We use your identity, contact, profile, transaction and marketing and communications data to manage our relationship with you. This includes things like asking you to leave a review or take a survey. It also includes telling you when your mortgage deal is about to end, and for legal and regulatory reason

The legal basis: Contract. Legal obligation. Legitimate interest (keep our records updated, see how customers use Tembo and review our standards of service, to contact you again as your mortgage deal ends)

Work with others

The purpose we use your data: We use your identity, contact and financial data to talk to other companies or anyone else that helps you with the whole mortgage and home-buying journey. That could include solicitors, conveyancers, surveyors, valuers, other lenders, and other brokers

The legal basis: Contract. Legal obligation.

Handle your complaints

The purpose we use your data: We use your identity, contact and marketing and communications data to manage complaints, take action to put things right, and answer your questions. We can also use financial, transaction, special category data and criminal offence data when it relates to the complaint you’ve made

The legal basis: Legal obligation. Legitimate interest (investigate complaints, improve our standards and try to prevent future complaints)

Ask for feedback

The purpose we use your data: We collect your identity, contact, profile, technical and usage data when you complete a survey or take part in user testing

The legal basis: Contract. Legitimate interest (to understand how customers use Tembo and develop our services and business)

Keep the site running

The purpose we use your data: We use your identity, contact and technical data to manage and protect our business and our website. That includes things like troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

The legal basis: Legitimate interest (to run our business, including our admin and IT services, keep it secure, and prevent fraud)

Improvements

The purpose we use your data: We use your technical and usage data to analyse and test our systems, and improve our website, products and services, marketing, customer relationships and experiences

The legal basis: Legitimate interest (keep our website updated, and develop our business and marketing strategy)

Send your marketing 

The purpose we use your data: We use your identity, contact, profile, usage, technical and marketing and communications data to suggest services you might like. We’ll use your data to decide what you might find useful or like us to send you. You can unsubscribe from marketing by hitting ‘Unsubscribe’ in the bottom of any marketing email, or by emailing hello@tembomoney.com

The legal basis: Legitimate interest (grow Tembo and develop what we offer – for example, we might use your data to send you personalised marketing campaigns). Consent

Record our communications

The purpose we use your data: We use your identity, contact, profile, usage, transaction, marketing and communications data to monitor or record any communications between you and us. That includes live chat and phone calls. We do this to check your instructions to us, analyse and improve our services, and to help us train staff. We also do it for quality assurance purposes (which means to help us prevent mistakes or problems from happening)

The legal basis: Contract. Legal obligation. Legitimate interest (develop and improve our systems, train our people, and give our customers a high standard of service)

Fraud prevention

The purpose we use your data: We use your identity, contact, profile, usage, financial, transaction, marketing and communications data to prevent fraud. We carry out checks on your identity and documents, and look at your financial transactions to detect fraud and money laundering

The legal basis: Contract. Legal obligation. Legitimate interest (fraud and ID checks protect our and others’ businesses as well as you)

Processing of a job application 

The purpose we use your data: We use your identity and contact data to carry out various checks as part of a successful job application at Tembo including vetting/background and right to work checks

The legal basis: Consent. Legitimate interest - for Tembo to assess and validate a candidate suitability and capability to carry out the duties assigned to the prospective role

Affordability checks 

We may access your credit history and relevant financial information in order to provide this information to the product or service providers to enable them to assess the basis on which you may be eligible for the mortgage you have made enquiries about. We will share these details with the prospective product or service providers to enable us to provide you with the details of the products available to you and the details of the relevant lenders and brokers.

In order to find the most suitable product for you we may use the information held at credit reference agencies (CRAs). A CRA is a company that collects personal information from various sources and provides that personal information for variety of uses (including to prospective lenders for the purposes of making credit decisions).

We will combine the information received from other sources with information provided and collected in order to provide you with our services. We will search a CRA who will provide us with information about you to assess creditworthiness and product suitability and check your identity. They will provide us with the publicly held data, including the electoral roll and shared credit performance data. If you have a financial associate their data may also be provided to confirm if you are an existing customer, and as such may be eligible for additional offers. We will use the information provided to us by a CRA to help decide which products may be best for you. It is important to note that there may be other products available from lenders who are not represented by this service.

When the CRA receives a search from us they will place a quotation search footprint on your credit report, whether or not you decide to apply for the product. This search will not affect your ability to gain credit.

The information which we provide to the CRA may be supplied by them to other organisations such as fraud prevention agencies and used by those organisations for the purposes of checking identity, preventing fraud, tracing and collection of debt. The CRA may also use the data to undertake statistical analysis.

If you choose to apply for a product, the lender will undertake a full credit check and provide you with further privacy information for that product.

You can contact any of the CRA's if you wish to obtain a copy of your credit report.

Experian

Consumer Help Service, PO Box 8000, Nottingham NG80 7WF

Telephone: 0844 4818000 or log on to www.experian.co.uk

CallCredit

Consumer Services Team, PO Box 491, Leeds, LS3 1WZ

Telephone: 0870 0601414

Equifax PLC

Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US

Telephone: 0844 335 0550 or log on to www.equifax.co.uk

Security of your information and where we store your information

Tembo take all reasonable steps to ensure that Your Information is treated securely and in accordance with this Privacy Policy.

All information you provide to Tembo is securely stored either on dedicated servers within the United Kingdom or with trusted partners who abide by GDPR legislation as part of Tembo's contractual arrangements.

Once Tembo has received Your Information, Tembo will use strict procedures and security features to try to prevent any unauthorised access.

Who do we share your data with

Tembo may share your information with third parties for specific purposes. We'll always treat your data and privacy with respect. This applies where we need to share this to provide you with the best possible service. Below details the circumstances we may need to share your data: 

CRM (Acre) - we share your data with our customer relationship management system (CRM) in order to manage our interactions with you, and process your applications. 

Electronic identification (Onfido) - we share your data with our ID verification tool in order to verify the information you have given us 

Mortgage lenders - we share your data with a lender to make a mortgage application on your behalf. Mortgage lenders are also data controllers, and will look after your data according to their own privacy policy. It’s worth reading your lender’s privacy policy to see how they use your data

Protection providers - we share your data with protection providers to provide you with details of relevant insurance services/products where applicable

Solicitors/conveyancers - to update the firm of solicitors / conveyancers with whom you are interacting about the progress of your application and confirm your identity / proof of deposit

Estate agents/new home builders - to update the estate agents and home builders with whom you are interacting about the results of affordability checks and progress of your application

Alternative home ownership providers - where we are working with alternative home ownership providers we may share or refer your details

Credit reference agencies - we may use Credit Agencies to complete a soft credit search to assess your eligibility through our CRM platform Acre. This enables Tembo to review your credit position which is needed as part of the mortgage suitability assessment, and comply with regulatory requirements regarding due diligence.

Fraud prevention agencies - we’ll use these to check your identity when you apply for a mortgage, and on an ongoing basis, for example if you remortgage with us. We could also inform them if you give us inaccurate, false or fraudulent information. 

Regulators - in order to uphold our obligations as an FCA regulated firm, we may need to share information with the regulator on an ad hoc basis or as part of regular reporting.

Referencing and pre-employment vetting - your documents and information may be shared internally within the company for the purposes of the recruitment process. Additionally, vetting checks may take place with relevant third parties

Video conferencing platforms - where you opt to communicate via video conferencing we may need to share your user information with the relevant platform. We will ask you to consent to the processing of this data before each call. 

The Saga Group - to provide updates on the nature and status of our relationship with you as part of our Saga Mortgages commercial agreement. For market research purposes and to identify customer trends.

We don't transfer your information to third parties except where explicitly stated in this policy or with your explicit consent. Each party listed above, is either acting as a processor on behalf of Tembo or as a controller in their own right with the purpose of providing services to you.

How long do we keep your data

We’ll only keep your data for as long as we need it to do the thing we collected it for. As well as making sure you're always on the most suitable deal for your circumstances, this enables us to adhere to our regulatory requirements, ensure we provide suitable advice, and to answer any questions you may have later down the line. If you don't transact with us, depending on the stage of your application, we may delete your information sooner in accordance with our data retention policy.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Here’s a more detailed breakdown: 

  • Purpose of processing: Successful mortgage or protection applications

Retention: For the full mortgage or protection policy term plus a further 6 years, or for a period of 30 years for historical cases if the original term is not recorded 

  • Purpose of processing: Withdrawn, stalled, incomplete and failed mortgage / protection applications

Retention: 6 years from the date the latest application was started, or 6 years from the application submitted date if application was submitted and subsequently rejected or from creation date if advice has been provided but not pursued

  • Purpose of processing: Customer Profile Data

Retention: 6 years from date of last login if not proceeded to full application

  • Purpose of processing: Affordability checks

Retention: 6 years from Decision In Principle if affordability check does not proceed to a full mortgage application

  • Purpose of processing: Job application data 

Retention: Successful applicant: life of employment plus 6 years after the employment terminates. Unsuccessful candidate: up to one year

  • Retention: Complainant data 

Retention: 6-years from the date the complaint was made

  • Purpose of processing: Retargeting advertising

Retention: 180 Days Google Ads, Youtube. 90 Days Facebook/Instagram, TikTok. Google Analytics retains data for a maximum 14-months.

In some circumstances you can ask us to delete your data: see request erasure below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Marketing communications

When you register with Tembo, we ask you whether you would like to receive our communications detailing offers, news and services from Tembo and/or information from third party companies via email and/or via post that we feel may be of interest to you. In order to consent to receive these communications, you will need to opt in during registration or you can opt out of receiving this information by leaving the option box unchecked.

Where you have let us know that you are happy to receive information from us, we may send you communications that include new products, reminders when your products might be due for renewal and opportunities to take part in market research.

To stop receiving Tembo's promotional offers and alerts, please click the link found at the bottom of each email or update your account preferences.

Your rights in relation to your information

You have rights under UK GDPR when it comes to your personal data. We'll be happy to discuss these and how they might apply to you. If you wish to exercise any of the rights set out below, please contact us.

We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we'll notify you and keep you updated as to our progress.

You won't have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to uphold your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  

In summary, you have the right to:

  • Being informed about how we collect and use your data. 
  • Have access to your data that is held by us in order to rectify any inaccuracies on the information held. You have the right to ask us for copies of your personal data, this is also known as a data subject access request - you can do this by emailing us at hello@tembomoney.com;
  • Request the erasure of your Information. You can ask us to delete your information by contacting us via hello@tembomoney.com. Sometimes we might have to keep your data, if laws or regulations tell us to. If we can’t satisfy your request, we’ll let you know the reasons why. 
  • Withdraw your consent. If you’ve given us consent to use your data for a specific reason, you can withdraw this at any time
  • Have personally identifiable information changed. You can ask us to correct your data if it’s not accurate, or add more data to complete it. We’ll let you know when we’ve done that.
  • Lodge a complaint with a supervisory authority. The relevant supervisory authority for the UK is the Information Commissioners Office, and more information can be found at ico.org.uk. For details of our complaints procedure, please see Complaints FAQs;
  • Change your mind about marketing communications. You can unsubscribe to emails you receive using the unsubscribe link, or alternatively email hello@tembomoney.com.
Section 2 - Nude Finance Limited:

Who we are and get in touch

For the purposes of the data protection legislation, the data controller is us, Nude Finance Limited. We’re registered with the Information Commissioner’s Officer under the reference number ZA594655.

If you have any questions about your data, including exercising your legal rights, you can get in contact with us at: 

Nude Finance Ltd, 18 Crucifix Lane, SE1 3JW

Email: hey@getnude.com 

Telephone: 020 3386 9333

If you have a complaint about anything to do with your data, we take this seriously. You can read our Complaints Procedure here. We’ll investigate and get back to you as soon as we can.

We’re registered with the Information Commissioner’s Office (ICO) with registration number ZA594655. The ICO is an independent organisation that protects people’s data and privacy rights. If you have a complaint, we’d love the chance to help you first, but you can also complain to the ICO at any time. To complain to the ICO, you can contact them at ico.org.uk or by telephone at 0303 123 1113.

We are Nude Finance Limited, a company registered in England and Wales under company number 12008146. Nude, Tembo, Tembo Lifetime ISA, Tembo Cash ISA and Tembo LISA are trading names of Nude Finance Limited. We are authorised and regulated by the Financial Conduct Authority (FCA) under firm reference numbers 928010 and 913654. You can check this on the Financial Services Register by visiting the FCA website. 

Updates to this document 

Amendments and updates to this policy may be made from time to time. Any revisions will be posted on this page and, where appropriate, notified to you by email so you will always be aware of what information we collect and how we use that information. If you’d like a copy of a previous version, please email us at hey@getnude.com.

Information we collect 

We collect, use, store and transfer personal data. Personal data is any information which can (or could be used to) identify you. It doesn't include data which is not possible to relate to a specific person (anonymous data).

As an ISA manager, it is important that we have the right information about you so that we can provide our services. This ensures we can provide our services to you, keep your account secure, and protect you from financial crime. 

We collect, use, store, and transfer different types of personal data, and they can be grouped as follows: 

  • Identity Data: When you apply for an account, we’ll ask for your legal name, date of birth, National Insurance number, residential address and ID documents to verify your identity and securely open your account. You may also be asked to provide photographs of documents and a selfie to help us prevent money laundering.
  • Contact Data: When you apply for an account, we record your residential address, email address, and telephone number (only where you have requested a call). We also record your contact details if you get in contact with us either directly or indirectly through surveys and similar activities. 
  • Financial Data: We record bank account name, number and sort code. 
  • Special Category Data: We may record biometric data as well as details of physical and mental health conditions, religious or philosophical beliefs, racial or ethnic origins and sexual orientation if you choose to share that information with us. For more information on how we may use specific category data for vulnerable customers, see the section below. 
  • Criminal Offence Data: We may identify and record information about criminal offences and convictions.
  • Transaction Data: We record details about the products and services you have bought from us, payments into and withdrawals from us, and investments made through us. 
  • Technical Data: When using our website or app, we collect data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or our mobile app. 
  • Usage data: We record information about how you use our app and our products and services. 
  • Marketing and Communications Data: We record your communications with us (live chat in-app, email, phone call), feedback, survey responses, and testimonials, as well as your communication and marketing preferences. 
  • Cookies: We also collect and use information about you that third parties provide. Refer to our Cookie Policy for more information about how we use cookies. 

Special category data and Vulnerable Customers

We give special levels of care to those customers we might consider to be vulnerable. This is to ensure these customers are not disadvantaged when using our services. This is in line with regulations set out by the Financial Conduct Authority. If we think you’re vulnerable, we might record that information to help us give you the right service. That information could be special category data. That’s data that’s likely to be more sensitive – things like physical and mental health conditions.

When companies process special category data, they must have a “legal basis” to use it, which means a legal reason from the UK GDPR. The legal basis we rely on is "legal obligation” (we have to process your data because the law or regulations require us to). Alongside that, companies must also meet one of the legal conditions in Article 9 of the UK GDPR. The conditions we rely on are “substantial public interest," which are to meet “regulatory requirements” and “support for individuals with a particular disability or medical condition.” In plain English, that means we use this data either to meet our legal requirements or to make sure we support you in the right way.

How is your personal data collected, and what is it used for? 

Here, we explain how we might collect personal data on our app, website, over live chat, on the phone, or from other companies and places.

Data you give us 

You may give us your data (for example, identity or contact data) when you register or log on to the app, when you choose to use a service via the app when you enter information into calculators, request marketing be sent to you, complete questionnaires, surveys or provide feedback, transfer products to us, upload documentation, communicate with us by in-app chat, email, phone or post, or make an enquiry.

Data we automatically collect

Our website and app automatically collect technical data – things like the equipment you’re using and your usage and activity in the app. We collect this personal data using cookies, server logs, and similar technologies. 

Data from third parties/public sources:

Whilst providing our ISA manager services, we work with third parties who may provide us with data relating to you. These include business partners, technical, payment and delivery service providers, tracking and analytics providers (including Google), search information providers and credit reference agencies. Some specific information from third parties includes:

  • bank account number and sort code from banks you connect;
  • identity data from public sources such as Companies House and the Electoral Register, and other entities based inside and outside the UK; and
  • third-party providers and public sources to secure information related to financial crime, fraud, sanctions and politically exposed persons.

We may also collect other information about your use of the tembomoney.com website. See Section 1 for further information. 

How we use your data

We use your data for one or more of the reasons we’ve listed below. We will only use your personal data when the law allows us to. Most commonly, we'll use your personal data in the following circumstances:

Consent - You’ve told us it’s OK to use your data for a specific reason. Where we rely on consent as a legal basis for processing your personal data, you can withdraw consent at any time by contacting us at hey@getnude.com.

Contract - You’ve agreed to a contract with us, and we need to use your data to carry out that contract. For example, we’ll use your financial data so that you can make withdrawals from your account. 

Legal obligation - We have to process your data because the law or regulations require us to do so. For example, we need to confirm your identity to meet our anti-money laundering responsibilities.

Legitimate interest - We may use your data where we have a legitimate interest. These may be our interests or the interests of third parties. Before relying on a legitimate basis to use your data, we will balance our interests against your interests, rights and freedoms. One example of our legitimate interest in processing your data is to detect and prevent fraud. Another is to improve our products and services or to recover any money you owe us.

Below, we've provided a detailed description of the ways we use your personal data and which of the legal bases we rely on to do so.

Purpose and Type of Data Processed 

To register you as a customer - We use your identity, contact, financial, technical and usage data to register you as a customer, manage your account and maintain records of your relationship with us. 

Legal Basis: Consent, Contract.

To provide our services to you - We use your identity, contact, financial, transaction, technical, and marketing and communications data to process and deliver our products and services to you, including responding to any enquiries you send us and processing any deposits or withdrawals.

Consent, Contract, Legitimate Interest (to improve and develop our services). 

To detect, investigate and prevent financial crime - We use your identity, contact, usage, financial, transaction, and criminal offence data to confirm your identity and prevent financial crime. 

Legal Basis: Contract. Legal obligation. Legitimate interest (fraud and ID checks protect our business and others’ businesses as well as you).

To manage our relationship - We use your identity, contact, and marketing and communications data to keep you updated on any changes to your account or our services, including notifying you about changes to terms & conditions and this privacy notice. 

Legal Basis: Contract, Legal Obligation.

To handle your complaints - We use your identity and contact data to respond to complaints, take action to put things right, and answer your questions. We may also use financial, usage, transaction, special category data, criminal offence, and marketing and communications data when it relates to the complaint you’ve made.

Legal Basis: Legal obligation. Legitimate interest (investigate complaints, improve our standards and try to prevent future complaints)

To record our communications - We use your identity, contact,  usage, transaction, marketing and communications data to monitor or record any communications between you and us, including emails, live chat and phone calls. 

Legal Basis: Contract. Legal obligation. Legitimate interest (develop and improve our systems, train our people, and give our customers a high standard of service).

To make improvements - We use your identity, contact, marketing and communications, transactions, technical, financial and usage data to analyse and improve our services, to help us train staff and for quality assurance. We also use this data to develop and administer our business, products, services, features, app and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting.

Legal Basis: Legal Obligation, Legitimate Interest (for running our business, provision of administration and IT services, and network security)

To monitor usage - We use your identity, contact, marketing and communications, transactions, technical, financial and usage data to monitor traffic patterns and app usage to understand IT performance, make improvements and protect our business and customers.

Legal Basis: Legitimate Interest (for monitoring and understanding IT performance for stability and improvement and ensuring the integrity and security of the systems we use)

To personalise experiences - We use your identity, contact, transactions, technical, financial and usage data to use data analytics, including profiling, to personalise your experience of the app with more relevant screens, features, products or in-app messages and send more relevant communications or present more relevant marketing. We will also use this information to improve our app, website, products, services, marketing, customer relationships and experiences. We use this data to exclude you from some marketing if it is not relevant to your circumstances.

Legal Basis: Legitimate Interest (to define types of customers for our products and services, to keep our website and app updated and relevant, to develop our business and to inform our marketing strategy)

To send marketing and other communications - We use your identity, contact, usage, technical and marketing and communications data to send communications to you and suggest services you might like. We’ll use your data to decide what you might find useful or like us to send you. You can unsubscribe from marketing by hitting ‘Unsubscribe’ at the bottom of any marketing email or by emailing hey@getnude.com

Legal Basis: Consent, Legitimate interest (grow Tembo and develop what we offer – for example, we might use your data to send you personalised marketing campaigns). 

For competitions & feedback - We collect your identity, contact, technical, usage, and marketing and communications data when you complete a survey or participate in user testing. We also use your identity, contact, and financial data to enable you to participate in competitions.

Legal Basis: Contract, Consent, Legitimate Interest (to understand how customers use our services so we can develop our services and business)

To Allow Gifts from Non-Customers - We use your identity and financial data to facilitate non-customer gift deposits. 

Legal Basis: Contract. Consent. 

To cooperate with Regulators - We may use your identity, contact, usage, transaction, technical, usage and financial data to provide information to comply with requests from the regulator, ombudsman services and other relevant institutions.

Legal Basis: Legal obligation. 

Security of your information and where we store your information

We take all reasonable steps to ensure that Your Information is treated securely and in accordance with this Privacy Policy. All information you provide to us is securely stored either on dedicated servers within the United Kingdom or with trusted partners who abide by GDPR legislation as part of our contractual arrangements. Once we have received your information, we use strict procedures and security features to try to prevent any unauthorised access.

Who do we share your data with

We may share your information with third parties for specific purposes. This applies where we need to share this to provide you with the best possible service. We'll always treat your data and privacy with respect. Below are details of the circumstances in which we share your data and with whom:

  • Group Companies (Tembo Money Limited) - We may share your information within the Tembo Money Group to provide or offer you our range of products or services.
  • Payment Service Providers (GoCardless Ltd) - GoCardless Lltd provides payment services, allowing you to make payments to us including direct debris. Your personal data may be shared with GoCardless to facilitate their payment services.
  • KYC/Screening Provider (Onfido Ltd) - We will share your personal information (address, name, date of birth, national insurance number if provided) with Onfido Ltd to verify your identity and cross-check your identity against the sanction list, complete PEP and adverse media checks to comply with our regulatory obligations.
  • Administrators (Quai Investment Services Ltd) - We will share your personal information with Quai to fulfil our contract with you and for them to provide services to you and us and comply with their regulatory obligations.
  • Investment Administrators (Winterflood Securities Ltd) - Where you invest in a Stocks and Shares LISA, we will share your personal data with Winterflood who provide dealing and custody services for investments. 
  • Customer Services Support (Intercom R&D Unlimited Company) — Data shared with us may be made available on platforms that we use for communication with you through our Customer Support team.
  • Promotional Content Services (Peaberry Software Inc, Mailjet Inc, Typeform SL) - We may share your contact information with promotional content creation and management services to prepare and send marketing materials and surveys to you as well as manage our referral programmes. 
  • Management platforms - We may share your information with third-party management platforms to store data and files, manage user permissions, ensure data security, create documentation, and facilitate other routine business operations. 
  • Government and Regulatory Bodies - We may share your data with government and regulatory bodies to validate the information you’ve provided to us, satisfy legal and regulatory requirements and communicate with law enforcement or relevant authorities to prevent financial crime.
  • Financial institutions - We may share your information with financial institutions, either those we collaborate with or represent to provide you access to specific products and services or those you've requested we interact with on your behalf (such as for processing transfers).
  • Your Representatives - We may share information with individuals or representatives where you have given your authorisation so they can obtain information on your account.
  • Other Businesses - In the event of a business or asset sale or purchase, your personal data may be shared with the potential buyer or seller, or if we transfer or delegate our rights and obligations in line with our terms and conditions.

We ensure that all third-party Data Processors adhere to the highest security standards regarding your personal information and process it in compliance with the law. These Data Processors are not permitted to use your data for any purpose other than what we instruct them to do and must only use it for the specified tasks under our direction.


How long do we keep your data

We will only keep your personal data for as long as necessary for the purposes we collected it, including satisfying any legal requirements. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

If you no longer want us to use your information, you can send a request to hey@getnude.com. If you request that we erase your data, we will comply with your request in accordance with our requirements to do so but will maintain the personal information necessary to comply with our regulatory obligations or to prevent financial crime. 

Keeping your information safe 

We keep your data safe by locking it up with enterprise-level encryption. 

Internally, we only give access to the people who need access to your data, not anyone else. It’s held strictly on a need-to-know basis. Some data is anonymised (meaning it can’t be clearly linked back to you). 

As a regulated financial institution, we must retain some data for a specified period, even after you’ve closed your account. We’ll keep this data safe and secure and only allow access for specific and limited purposes. As a general rule, we will aim to delete or anonymise data which we no longer need for regulatory purposes or to offer you an account. 

In order to keep your data in the app secure, you need to keep your login credentials confidential. That means you can’t share them with anyone else or store them where someone else could find them. 

Storing your data 

We try to keep your data within the UK and European Economic Area (EEA) wherever possible. However, where it is allowed under data protection laws, it may be transferred outside of the UK and EEA. This would only happen if the people who work for us or third parties we work with outside of the EEA need to process the data. It’s also sometimes necessary for third parties we utilise to offer you our products and services to have their servers located in the United States, for example.

Marketing communications

When you register with us, we ask you whether you would like to receive our communications detailing offers, news, and services from us and/or information from third-party companies via email and/or post that we feel may interest you. To consent to receive these communications, you will need to opt in during registration or opt out of receiving this information by leaving the option box unchecked.

Where you have let us know that you are happy to receive information from us, we may send you communications that include new products, reminders when your products might be due for renewal and opportunities to participate in market research.

To stop receiving promotional offers and alerts, please click the link at the bottom of each email or contact us at hey@getnude.com.

External links and third-party websites 

We cannot accept responsibility or liability for the content held on third-party sites. Please refer to the third party’s terms of use and privacy and cookie policies before using and/or providing any information to or via their sites or apps, as they may process your personal data for their own purposes. 

Your rights in relation to your information

You have rights under UK GDPR when it comes to your personal data. We'll happily discuss these and how they might apply to you. If you wish to exercise any of your rights, please contact us.

We try to respond to all legitimate requests within 30 days. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we'll notify you and keep you updated on our progress.

You won't have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to uphold your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In summary, you have the right to:

  • Be informed about how we collect and use your data. 
  • Have access to your data that is held by us in order to rectify any inaccuracies on the information held. You have the right to ask us for copies of your personal data, this is also known as a data subject access request - you can do this by emailing us at hey@getnude.com;
  • Request the erasure of your Information. You can ask us to delete your information by contacting us via hey@getnude.com. Sometimes we might have to keep your data if laws or regulations tell us to. If we can’t satisfy your request, we’ll let you know the reasons why. 
  • Withdraw your consent. If you’ve given us consent to use your data for a specific reason, you can withdraw this at any time.
  • Have personally identifiable information changed. You can ask us to correct your data if it’s not accurate, or add more data to complete it. We’ll let you know when we’ve done that.
  • Lodge a complaint with a supervisory authority. The relevant supervisory authority for the UK is the ICO, and more information can be found at ico.org.uk. For details of our complaints procedure, please see Complaints FAQs;
  • Change your mind about marketing communications. You can unsubscribe to emails you receive using the unsubscribe link, or alternatively email hey@getnude.com.

Section 3 - Cookie Policy

Cookies

Our website uses cookies to distinguish you from other users. This helps Tembo to provide you with a good experience when you browse our website and also allows Tembo to improve the website.

Like most websites, we use cookies and weblog files to track site usage and trends. A cookie is a small data file, typically of letters and numbers, downloaded to a device when a user accesses a certain website. You can remove or block cookies using settings in your internet browser, but in some cases doing so may impact your ability to use our website. For more information about cookies you can visit All About Cookies.

The only cookies we use are 'analytical cookies' and those that save you the user time by prefilling fields when you revisit our site. They allow us to count the number of visitors and identify which pages are being viewed or used with the sole purpose of analysing data about webpage traffic and to improve our website in order to tailor it to our customer's needs. We only store personally identifiable information in cookies in situations where this is needed for you to navigate between individual webpages, avoiding the need for you to re-enter the same information. This record is deleted when you leave our website.

Google Analytics

We use Google Analytics to help analyse use of our website. This analytical tool collects standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for this website. To opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout.

We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google statistical analytics tool. Google will not associate your IP address with any other data held by Google. Neither ourselves nor Google will link, or seek to link, an IP address with the identity of a computer user.

Content distributed through our website sharing features and/or third party integrations may result in your personal identifiable information being available on external websites. By your direct initiation of these features you are consenting to the use the sharing of this information.

Last updated: October 2024