This TABBit privacy statement was published on the 19th of December 2023.

This Privacy & Cookie Policy is provided by TabbX Limited (Company Number: 15060167) being a company incorporated in England and Wales with registered offices located at 124 City Road, London, England, EC1V 2NX, (TABBx, we, us, our) the creators of the TABBit app (App) for use of our products and services including our App and website www.tabbit.uk (Services).

This Privacy & Cookie Policy relates to your use of the Services only.

The Services may link to or rely on other apps, websites, APIs or services owned and operated by us or by certain trusted third parties to enable us to provide you with Services. These other apps, websites, APIs or services may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other apps, websites or services, please consult their privacy policies as appropriate. For more information see the section ‘Who we share your personal data with’ below.

Privacy & Cookie Policy

Definitions

Those defined in our Terms and Conditions available here https://tabbit.uk/terms-n-conditions/

Introduction

We are committed to protecting and respecting your privacy and to providing transparent information regarding the use of your data.

We are in registered with the Information Commissioner's Office (the ICO), with the registration number being "ZB604773".

We act as the Data Controller and Processor for our Services as defined in UK GDPR.

Use of Our Online Services.

Your use of TABBx Services is governed by our Terms and Conditions availability here: https://tabbit.uk/terms-n-conditions/

Personal Data we collect about you

When you engage with our Services, we process personal identifying information (“PII”) that you provide to us. PII is that information as defined by UK GDPR but excluding data in special categories. We do not process data in special categories. PII may include Cookies.

As well as PII we process your financial data and information from our Third Parties and Open Banking Partners to which you give us access (“Financial Data”), this may include but is not limited to:

• The name of your banks
• The sort codes and accounts numbers of your bank accounts
• The International Bank Account Number (IBAN) of your bank accounts
• The details of transactions in your bank accounts
• The PII of payees with whom you have transacted.

This Privacy Policy applies to both your PII and your Financial Data, which we refer to in this policy as “Your Data”.

We will collect and use the following personal data about you:

Category of personal data	Further information about the type of personal data we collect
Identity and contact information. When you request information from us e.g. when you fill out a contact form or otherwise contact us to express an interest in the Services, we may ask you to provide identity and contact information.	Your name, email address and phone number.
Account, personal and financial information: When you use our Services, such as by downloading our App, creating an Account, or making a Payment	Your name, email address, phone number Your bank, including bank account number Photographs (while such data may not always be personal data as defined at law in all cases we will assume it is and treat it in accordance with this policy as if it were)
Analytics. With your consent, when you use our Services	With your consent, we may use cookies and other analytical tools to identify your preferences.
Usage data. When you access our Services, we automatically collect certain information about your device and usage.	Usage data may include information about how you access and use our Services, including device information, browser information, information about your network connection, online identifiers such as cookie data and your IP addresses, your preferences, interests, time of use and other usage and technical information regarding your interaction with the Services (while such data may not always be personal data as defined at law in all cases we will assume it is and treat it in accordance with this policy as if it were).
Social media information. When you engage with us via social media.	Your username, name, and any other personal data which is publicly available or which you share with us.
Customer feedback and comments. When you engage with us via any comment or forum functionality on our website.	Your name and any views, opinions, suggestions or other information you choose to share with us when sending a message through the Services.

 

If you do not provide personal data we ask for where it is required, it may prevent us from providing services and/or the Services to you.

We collect and use Your Data for the purposes described in the section ‘How and why we use your personal data’ below.

Agreement

As per our Terms of Use you grant us and our Open Banking Partners and Third Parties a non-exclusive licence to process Your Data for the sole purpose of using our Services.

How and why we use your personal data

We process PII data to:

• Register you.
• Authenticate you.
• Uniquely identify you to us.
• Contact you.
• Prevent or mitigate fraud or malicious use.
• Provide the Services, including but not limited the App functionality, i.e.:
  • Name and/or email address to identify you to your Payers;
  • Name, phone number and/or email address to identify you to other Service Users; and
  • Device identifiers to assist solving Service errors or improving Service performance.

We process your PII and Financial Data to provide the functionality described in our Terms of Use, including but not limited to:

• As a Payee, we use your bank account sort code and number to identify into which bank account a payment request should be made.
• As a Payer, we use your bank account sort code and number to identify from which bank account a payment request should be made.
• We use your sort codes and accounts numbers from which to read transactions.
• If you ask, we use your transaction details to:
  • Track receipt of payment requests; and
  • Aggregate with others as shared expenses.

When using the App, the following categories of Personal Data are processed by us:

• If you enable TABBit to apply cookies and analogous technologies for social media and targeted advertising in the cookie settings, your IP and/or MAC address might also be used for advertising objectives. This facilitates the showcasing of personalized TABBit advertisements on the TABBit website, in the app, and on other platforms, such as websites and apps.
• TABBit transmits the contacts stored on your phone, facilitating effortless payments to your acquaintances through the TABBit application. Naturally, it remains your prerogative not to synchronize your contacts with TABBit, which would imply that identifying which of your phone contacts are TABBit users won't be possible.
• The specifics of your payment request are leveraged to execute the TABBit service and inform you about TABBit functionalities like TABBsplit.
• When you upload a thank-you GIF to your personal appreciation page, it is stored within TABBit, allowing it to be visible to your friends upon the completion of a payment. Removal of the GIF from the app will also result in its deletion from our servers.
• Including a picture on the App is optional. If you opt to, it will be stored in the App enabling its display to your friends. Deleting the image in the App also removes it from our servers. We may review and remove uploaded pictures to filter out inappropriate content, but are not responsible for moderating pictures and you must ensure any Personal Data (including pictures) are in accordance with the App’s Terms of Use.
• Participation in a TABBsplit group permits other members to view your expenditures and name.

Under data protection law, we can only use your PII if we have a proper reason, e.g.:

• where you have given consent
• to comply with our legal and regulatory obligations
• for the performance of a contract with you or to take steps at your request before entering into a contract, or
• for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).

The table below explains additional reasons for when and why we use your PII.

To enforce legal rights or defend or undertake legal proceedings	Depending on the circumstances: to comply with our legal and regulatory obligations in other cases, for our legitimate interests or those of a third party, i.e. to protect our business, interests and rights or those of others
Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or service or other important notices	Depending on the circumstances: to comply with our legal and regulatory obligations in other cases, for our legitimate interests or those of a third party, i.e., to provide the best service to you
Protect the security of systems and data	To comply with our legal and regulatory obligations we may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Operational reasons, such as improving efficiency, training, and quality control or to provide support to you	For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you
Statistical analysis to help us manage our business, e.g., in relation to our performance, customer base, app and functionalities and offerings or other efficiency measures	For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you and improve and develop our app
Updating and enhancing user records	Depending on the circumstances: to perform our contract with you or to take steps at your request before entering into a contract (in this case, the contract means the Terms and Conditions of Use which apply to the Services) to comply with our legal and regulatory obligations where neither of the above apply, for our legitimate interests or those owf a third party, eg making sure that we can keep in touch with our customers about their accounts and new products or functionalities related to the Services and our services
To comply with our legal and regulatory obligations	Depending on the circumstances: to perform our contract with you or to take steps at your request before entering into a contract (in this case, the contract means the Terms and Conditions of Use which apply to the Services) to comply with our legal and regulatory obligations where neither of the above apply, for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about their accounts and new products or functionalities related to the Services and our services
To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary	Depending on the circumstances: to comply with our legal and regulatory obligations in other cases, for our legitimate interests or those of a third party, i.e., to protect, realise or grow the value in our business and assets

 

Location services/data

The Services will request your consent to use location services to precisely identify your location each session (i.e. each time the Services is opened or has been placed in the background for more than 30 seconds). We require access to that data in order to provide you with location specific Services and for security purposes.

If you do not provide your consent, you may use the Services but that some features of the Services will not be available. To withdraw your consent at any time you can turn off the localisation permissions for our app on your device.

The location services in the Services will not operate unless location services/data are generally enabled on your device. You may disable such functionality at any time by turning your device’s location on “off” using the device’s settings app. When you allow your device to use location services/data, data will also be collected by Google in accordance with their Privacy Policy, as this is the map service we integrate to our app.

We exert no control over Google’s Privacy Policy and we therefore recommend that you consult their privacy policy for further information on how Google protect personal data please visit their site - https://policies.google.com/privacy?hl=en-US. For more information see the section ‘Who we share your personal data with’ below.

Marketing

We intend to send you email marketing to inform you of our services such as promotions.

We will always ask you for your consent before sending you marketing communications, except where you have explicitly opted-in to receiving email marketing from us in the past or except where you were given the option to opt-out of email marketing when you initially signed up for your account with us and you did not do so.

You will have the right to opt out of receiving marketing communications at any time by:

• contacting us at support@tabbit.uk
• using the ‘unsubscribe’ link included in all marketing emails you may received from us

We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.

Who we share your personal data with

We routinely share personal data with service providers we use to help us run our business or provide the services or functionalities in the Services, including developers, cloud storage providers and Google, Inc. for Google Maps location functionality. We exert no control over Google’s Privacy Policy and we therefore recommend that you consult their privacy policy for further information on how Google protect personal data - https://policies.google.com/privacy?hl=en-US

We only allow service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above may occasionally also need to share your personal data with:

• external auditors, e.g. in relation to the audit of our accounts and our company —the recipient of the information will be bound by confidentiality obligations
• professional advisors (such as lawyers and other advisors)—the recipient of the information will be bound by confidentiality obligations
• law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations
• other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

We will not share your personal data with any other third party.

Transferring your personal data out of the UK

At this point in time, we do not transfer your personal data outside of the UK. If this changes, we would comply with applicable UK laws designed to ensure the continued protection and privacy of your personal data. Any updated destinations to which we send your personal data, would be indicated in the present section and notified to you in accordance with the section on ‘Change to this privacy policy’ below.

Furthermore, under UK data protection laws, we can only transfer your personal data to a country outside the UK where: the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR; there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or a specific exception applies under relevant data protection law. Accordingly, if we were to start transferring your personal data from the UK to: 

• The EEA: we would rely on the adequacy finding granted by the UK to the EU under the Withdrawal Agreement to do; for any transfers from the EU to the UK, we would rely on the adequacy regulation granted to the UK under the Adequacy Decision.
• Any country located outside the UK/EEA: we would rely an appropriate safeguards under the UK GDPR, such as by including the relevant Standard Contractual Clauses in our data processing agreements

In the event we could not or choose not to continue to rely on either of those mechanisms at any time we would not transfer your personal data outside the UK unless we could do so on the basis of an alternative mechanism or exception provided by UK data protection law.

Cookies

A cookie is a small text file which is placed onto your device (e.g. your smartphone or other electronic device) when you use our Services. When we use cookies on our Services, you will always be informed by a pop-up within the Services.

Cookies help us to recognise you and your device and allow us to store some information about your preferences or past actions, including your location data (for more information, please see our Privacy Policy).

For example, we may monitor how many times you use our Services, which parts of the Services you go to, location data. This information helps us to understand use of the Services by our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.

For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.

For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.

Consent to use cookies

We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to allow you to remain logged-in to the Services as you navigate within the Services and use the Services functionalities).

You can withdraw any consent to the use of cookies or manage any other cookie preferences by using the tool made available to you within the Services itself. You can then adjust sliders or untick boxes as appropriate to reflect your choice. It may be necessary to refresh or restart the Services for the updated settings to take effect.

Our use of cookies

The table below provides more information about the cookies we use and why:

The cookies we use	Name	Purpose	Whether cookie is essential for us to provide you with a service that you have requested and whether we will seek your consent before we place the cookie
CookieYes	cookieyes-consent	CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.	Yes essential
Universal Analytics (Google)	_ga_*	Google Analytics sets this cookie to store and count page views.	No, will therefore request your consent before placing this cookie.
Universal Analytics (Google)	_ga	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.	No, will therefore request your consent before placing this cookie.

 

How to turn off all cookies and consequences of doing so

If you do not want to accept any cookies, you may be able to change your device settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our Services and of other Services you use on your device. For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.

Consent

We can access your Financial Information (including any Personal Data) with your explicit consent.

How Can I Withdraw My Consent?

If you change your mind after granting consent, you can revoke it by contacting us at the address or email address indicated in the contact information above.

Deletion of Personal Data

We are committed to retaining your Personal Data only for the necessary duration. Your Personal Data will be deleted promptly when it is no longer required for the provision of our Services to you or upon the conclusion of the Terms of Service. To request the deletion of your data, please contact us via the live chat feature within the app, utilize the delete function available in your profile settings page, or send us an email at support@tabbit.uk. Your data will be deleted within 30 days of your request.

Please be aware that, as a services provider, we must retain certain customer personal data even if you request its deletion. If you have closed your TABBit account, it may not be possible to delete your entire file due to these regulatory obligations, which take precedence. Typically, we will retain your personal data for seven years following the termination of our business relationship with you or for any period required by applicable local laws.

Securing Your Personal Information

We prioritize the security of your personal information and have implemented suitable physical, technical, and administrative protocols to safeguard your personal data from unauthorized access, use, or disclosure, as mandated by the laws of England.

Upon receipt of your User Information, we employ stringent measures and security mechanisms to prevent unauthorized access, including encryption of any Personal Information transmitted to our banking partner. Additionally, we have a contractual agreement with our banking partner that mandates them to implement appropriate measures for safeguarding the security of the Personal Information we share with them.

Your Rights

Subject Access Requests

You have the right to request access to any personal data we have collected about you. To do so, please email us at privacy@tabbit.uk and provide the following details in your subject access request:

• Your name
• Your address
• The period of data you would like access to

Making a Complaint to a Regulatory Authority

If you are unhappy with our service and wish to make a formal complaint, you have the right to contact the Information Commissioner's Office at www.ico.org.uk.

Changes to this privacy policy

We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via the Services or by other means, such as email.

How to contact us

You can contact us by email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

• support@tabbit.uk