V1.0.2 - 29 March 2023
Introduction
Data protection is the fair and proper use of information about people. At Earnr we want you to trust us and that starts with you trusting us to look after your data responsibly. We take your data seriously and as a minimum will comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
This data privacy notice applies to data collection on the Earnr app, the www.Earnr.co.uk website or collected through a link to the website (e.g. Facebook, Google Ads, LinkedIn). This notice also sets out who we are, the information we collect, how we use it, our legal basis for doing so, sharing, storage, processing and security of your data, how long we keep data, your rights, automation and profiling, contacting Earnr, cookies, links and other technologies. If you have any questions, we're happy to chat, so please ask.
Who are we?
The Data Controller is Earnr Limited trading as Earnr, registered in England at 71-75 Shelton Street, London, WC2H 9JQ with company number 13095100 When we refer to the Earnr app, this is a reference to the Earnr finance and tax management app, which is available on the Apple Store and Google Play, and associated website with the home page at www.earnr.co.uk.
The law does not require Earnr to appoint a Data Protection Officer, but you can contact us at the above address or via email [email protected].
1. What information do we collect and how do we use it?
You will be asked to provide us with your information when you:
- fill in forms on our Website or App, or correspond with us by phone, email or otherwise;
- register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
- use the Earnr Services;
- report a problem with our Services; or
- complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).
The information you will be asked to provide to us for these purposes will include your name, date of birth, e-mail address, phone number, national insurance number, payment details and banking and open banking information, or further information required to verify your identity.
2. Information we collect about you.
With regard to each of your visits to our Website or our App we may automatically collect the following information; however, this information cannot be used to identify you:
- device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
- technical information about your computer, including where available, your IP address, operating system and browser type, for system administration and analytical purposes;
- details of your visits to our Website and App, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website and App (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs);
- and information showing us from which app store you downloaded our App.
Information we receive from other sources.
When using our Services, we will be in contact with third parties who may provide us with certain information about you in order to enable your use of the Services.
If when using our Services you input any personal data of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us.
For the avoidance of any doubt, any reference in this privacy policy to your data shall include data about other individuals that you have provided us with.
What legal basis do we have for processing your personal data?
Use of personal information under EU and UK data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
Purpose / activity
Our lawful basis for processing this personal data
Our lawful basis for processing this personal data
To send you updates about our app and services if you have signed-up on our website
Consent
Name, Email
To send communications to you to help you finish your registration with Earnr
Legitimate interests – to help us grow and develop our business and help our customers with the account opening process (which can be a reasonably time-consuming)
Registration Information
To register you as a customer so you can use Earnr
Fulfilling our contract with you
Registration Information
To identify you as a customer and create your Earnr account
Fulfilling our contract with you
Unique Customer Identifier
To communicate with you about your account and the features and benefits of Earnr
Fulfilling our contract with you
Name, Email Address, Mobile Number
To provide the Earnr service as explained in our Terms
Fulfilling our contract with you
Registration Information, Account Information, Transactional Information, Additional Personal Information, Technical Information
To understand our customer base
Legitimate interests - to understand our user demographic, preferences and behaviours so we can improve the relevance of Earnr to individual customers
Transactional Information, Additional Personal Information
To provide customer support and maintain your account
Fulfilling our contract with you
Registration Information, Unique Customer Identifier, Account Information, Transactional Information, Technical Information, Support Information
To monitor and improve the Earnr Service
Legitimate interests - to track the use of Earnr and identify areas where we can improve performance or functionality (business and technical)
Technical Information, Additional Personal Information
To create aggregated market research, from which all personal data is removed
Legitimate interests – so we can keep going as a business and continue to provide a free service, we may provide aggregated market research services, from which all personal data is removed, to other businesses in return for revenue
Account Information, Transactional Information, Additional Personal Information
To comply with regulatory and audit requirements
Legal obligation
Mandatory Information
As part of your Account Information, when we process your banking transactions we may process 'special categories of personal data'. For example, if you have a payment for a membership to a particular political party, this could reveal your political beliefs. Other banking transactions you have made could contain data about your racial or ethnic origin, political opinions, philosophical beliefs or trade union membership, as well as health data or data concerning your sex life or sexual orientation. We will only use this data in strict accordance with the law and where you have made such data available to us and we will never use it for any other purpose (for example profiling or tailoring of our service).
Our legal basis for using your personal data
We consider the legal bases for using your personal data as set out in this Privacy Policy are as follows:
1. Contractual performance: If you download our app and want us to deliver you our services as outlined in our Terms, we can only perform these services if we can process your personal data for this purpose. Therefore, most of our processing of your personal data is necessary to perform the contract we have in place with you.
Please be aware that if you do not want us to process your personal data for most of the purposes set out above, then we cannot deliver our services to you through the Earnr app. Without the use of your data there is no benefit to the Earnr app and so if you don’t wish your personal data to be processed in this way, then you shouldn’t use the Earnr app.
2. Legal obligations: We will also process your personal data where we are under a legal obligation to do so to. For example, to:
- Prevent and detect fraud, money laundering, other crime, and security issues.
- Comply with laws and regulations, as well as any sector-specific mandatory guidelines and regulations.
3. Legitimate interest: Where neither 1. nor 2. apply, we use your personal data on the basis of our legitimate interest, or the legitimate interests of others. Our legitimate interests are to:
- understand our user demographic, preferences and behaviours so we can improve the relevance of Earnr to individual customers;
- track the use of the Earnr app and website and identify areas where we can improve performance or functionality (business and technical);
- keep going as a business and continue to provide a free service, which means we may provide aggregated market research services, from which all personal data is removed, to other businesses in return for revenue;
- to help us grow and develop our business and help our customers with the account opening process;
- operate our website and app generally;
- carry out marketing, market research and business development;
- provide services to our customers;
- invest in and roll out new services to benefit our existing customers and to attract new customers;
- and for business purposes.
4. Consent: If we rely on your consent for us to use your personal data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at [email protected] and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our app and associated services to you.
When do we share personal data?
We will always treat personal data confidentially but sometimes we need to share it to deliver our service to you. We might disclose or share it with third parties which supply services to us or which process information on our behalf, for example, to provide the Earnr email updates or when we personalise our market research questionnaires.
We rely on Plaid Inc (“Plaid”) to provide us with a portal through which you can authorise Plaid to share your open banking information with us. Once we receive such information, we shall process such personal data in accordance with this privacy policy. We are not responsible for, and take no liability for, the acts and omissions of Plaid. Plaid’s privacy policy shall apply to their processing https://plaid.com/legal/#privacy-statement.
We manage our email content and lists using third-party processors called Intercom and Webflow and we use Typeform for market research surveys. We reserve the right to change suppliers and not seek new consent. We only work with third parties that take their data protection obligations seriously and satisfy our requirements and promise to you. For example, third parties that are regulated by UK or EU data protection law or meet international data standards. We will not sell your data. When we share data with third parties it is only to provide the service that you have consented to. Except in the situations required by law or other regulation, Earnr will not pass, disclose, rent or sell your personal information (other than any personal information which is already publicly available) to any third party without your prior written consent.
How does Earnr work with partners and advisors?
Earnr may give you the opportunity to obtain advice from a third party such as an accountant or tax advisor. This may be an existing advisor or one that has partnered with Earnr. Earnr will be explicit what information will be shared, and you will be invited to give permission for that third party to have the access that you are comfortable with.
Where do we store and process personal data?
When we share your information with third parties located outside of the UK which process information on our behalf (for example, email update services) we ensure that they adhere to minimum standards. This is supported by contractual clauses or data transfer agreements. For example, if we transfer data outside the UK or the European Economic Area, we use data processor suppliers that have subscribed to the EU-US Privacy Shield Framework and ensure that data governance is controlled by contractual clauses or data transfer agreements. These third parties may have incidental access to your information, but we will ensure that they keep your information secure and do not use it for their own purposes. We have ensured and will continue to ensure that all the services we use are compliant with applicable laws.
How do we secure personal data?
Your data is stored using trusted third-party specialist providers. Your data is protected by a password login that is only shared with those that need the data to provide our service and the data is backed up using secure servers.
How long do we keep your personal data for?
We will keep your personal data for as long as you subscribe to the Earnr app or the Earnr newsletter. We will clean the list at least twice a year to permanently remove all email addresses that have unsubscribed over the last six months. We will keep anonymised market research and usage data for as long as it is useful to inform the product design and features and marketing of the Earnr app and always subject to the requirements of UK law or contractual obligations.
Your rights in relation to personal data
Under the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at [email protected].
You have the following rights in relation to your personal data:
Right to Rectification:
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
Right to erasure / ‘Right to be forgotten’:
Asking us to delete all of your personal data will result in Earnr deleting your personal data without undue delay (unless there is a legitimate and legal reason why Earnr is unable to delete certain of your personal data, in which case we will inform you of this in writing).
Right to restriction of processing:
You have the right to ask us to stop processing your personal data at any time.
Right to data portability:
You have the right to request that Earnr provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.
Right to complain:
You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK (see www.ico.org.uk). Although we encourage our customers to engage with us in the event they have any concerns or complaints.
Right to object to discussions based solely on automated processing:
You have the right to not be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significant effects and to obtain human intervention, to express your point of view or contest the decision.
Earnr will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use Earnr Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.
Aggregation of personal data
Earnr also makes use of anonymised data for the purposes of improving the Earnr app and ensuring that it is relevant to users. This includes the use of aggregated personal data from a user cannot be identified.
Use of profiling and automated decision-making
Profiling’ means the automated processing of personal data to evaluate certain personal aspects. Earnr may use profiling to make suggestions to you. This includes the option of taking advanced insights and recommendations based on people similar to you. This will require you to authorise the sharing of your data for such matching purposes. We may also give you further options in respect of your data. Earnr will make automatic decisions based on information that you provide to Earnr. This will include tax deductions that you are entitled to. Earnr does not use profiling for automated decision-making.
Where we store or send your data
We may store the data we collect from you outside the UK, or transfer it to organisations outside the UK. When we do this, we make sure that your data is protected and that:
- The Information Commissioner (ICO) has deemed the country or organisation to provide an adequate level of protection for personal data; or
- We've agreed specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
How to contact us
If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint you can contact us at the above address or by email at [email protected]
Linking to other websites / third-party content
Where we link to external sites and resources from our website this does not constitute endorsement and Earnr takes no responsibility for any linked website
Change to this policy
Any changes we make to our privacy policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We therefore encourage you to review it from time to time to stay informed of how we are processing your information.Data protection is the fair and proper use of information about people. At Earnr we want you to trust us and that starts with you trusting us to look after your data responsibly. We take your data seriously and as a minimum will comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.