Tembo Privacy Policy

Your privacy is really important, which is why protecting your personal data is our top priority. This privacy policy explains how we collect, use, and protect your personal data. That includes data you give us when you visit our website, sign up for a Tembo account, or buy one of our products or services. This also includes data we collect from you or from other sources when we provide our services. We’ll also explain your privacy rights, and how the law protects you. When we use the words ‘we’, ‘us’, ‘our’, or ‘Tembo’ in this policy, we’re talking about Tembo Money Ltd. And when we say ‘you’ or ‘your’ we’re talking about our customers. Please read the following information carefully to understand Tembo's practices regarding Your Information.

Who we are and get in touch

For the purposes of the data protection legislation, the data controller is Tembo.

If you have any questions about your data, including exercising your legal rights, you can get in contact with us at: 

Tembo Money Ltd, 18 Crucifix Lane, SE1 3JW

Email: hello@tembomoney.com

Telephone: 020 3386 9333

If you have a complaint about anything to do with your data, we take this seriously. You can read our Complaints Procedure here. We’ll investigate and get back to you as soon as we can.

We’re registered with the Information Commissioner’s Office (ICO) with registration number ZA795944. The ICO is an independent organisation that protects people’s data and privacy rights. If you have a complaint, we’d love the chance to help you first, but you can also complain to the ICO at any time.

We are Tembo Money Ltd, a company registered in England and Wales under company number 12631312. We are authorised and regulated by the Financial Conduct Authority (FCA), under firm reference number 952652.. You can check this on the Financial Services Register by visiting the FCA website. You can find more details about how we're regulated in our Terms of Business.

Updates to this document

Amendments and updates to this policy may be made from time-to-time. Any revisions will be posted on this page and where appropriate, notified to you by email, so you will always be aware of what information we collect and how we use that information. If you’d like a copy of a previous version, please email us at hello@tembomoney.com.

Information we collect 

We collect, use, store and transfer personal data. Personal data is any information which can (or could be used to) identify you. It doesn't include data which is not possible to relate to a specific person (anonymous data).

As a mortgage and protection broker it is important we have the right information about you in  order to make a tailored, and suitable recommendation. This ensures we can select from the widest range of available products to give you the right option for your circumstances. 

We collect, use, store, and transfer different types of personal data and they can be grouped as follows: 

Tembo may collect and process the following information about you:

• Identity Data includes first name, maiden name, last name, marital status, title, date of birth, gender, address and employment history, and citizenship.
• Contact Data includes address, email address and telephone numbers.
• Financial Data includes bank account details and bank statements, your income and outgoings, credit history including details of any history of bankruptcy or county court judgements, mortgages and protection products held, and payment/ direct debit details.
• Special Category/Sensitive Data which includes physical and mental health conditions, racial / ethnic origin, and biometric data 
• Criminal Offence Data includes information about criminal offences and convictions.
• Transaction Data includes details about the products and services you have bought from us
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Profile Data includes your username, password, and feedback and survey responses.
• Usage Data includes information about how you use our website, products and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us, and our business partners and your communication preferences.
• Job Application Data includes data submitted throughout the recruitment process i.e. name, email address etc.
• Employment Data includes any personal information you provide to Tembo as part of the recruitment process or throughout your employment at Tembo should you be a permanent employee, contractor, or 3rd party provider

Special category data and Vulnerable Customers

At Tembo, we give special levels of care to those customers we might consider to be vulnerable. This is to ensure these customers are not disadvantaged when using our services. This is in line with regulations set out by the Financial Conduct Authority. If we think you’re vulnerable, we might record that information to help us give you the right service. That information could be special category data. That’s data that’s likely to be more sensitive – things like physical and mental health conditions.

When companies process special category data, they have to have “legal basis” to use it, which means a legal reason from the UK GDPR. The legal basis we rely on is "legal obligation” (we have to process your data because the law or regulations require us to).

Alongside that, companies also have to meet one of the legal conditions in Article 9 of the UK GDPR. The conditions we rely on are “substantial public interest," “regulatory requirements” and “support for individuals with a particular disability or medical condition.” In plain English, that means we use this data to make sure we support you in the right way. For example, you might tell us that you’re deaf, and that you prefer us not to call you on the phone. We’ll use this information to support you using online chat.

Technical Data

As explained above, we will collect Technical Data as part of your journey with us. For each of your visits to our website, we may automatically collect the following information:

• technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number; and
• our website may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. 

The information collected is stored and is used for aggregated and statistical reporting, and is not shared with anybody else. Additionally, the processing of this data enables the betterment of our service to you. 

Other Data 

As part of our fact find, we may require information about criminal convictions and offences that you may have, for example for fraud detection. We also collect specific Special Categories of Personal Data about you to provide you with advice for your protection needs (i.e. details about your ethnicity and information about your health).

We collect data relating to the number of dependents as this affects our affordability calculations to provide you with the most appropriate recommendation. However, we'll only ask for further data relating to dependents if specifically requested as part of an application to be submitted to a lender. This data will be treated sensitively and we won't use this data for marketing purposes or creating personality or user profiles.

If you’re making a joint application, we’ll also collect some of this information about the person you’re applying with, like your partner or Booster. Make sure you have their agreement before you give us their data.

If you’re applying for a company buy-to-let mortgage, we’ll collect some of this information about the people you have a financial link with. For example, the directors or certain employees of your company. Make sure you have their agreement before you give us their data

How is your personal data collected and what is it used for?

Here’s how we might collect personal data on our website, over live chat, on the phone, or from other companies and places.

Data you give us 

You may give us your data (for example, identity or financial data) by filling in forms or by corresponding with us by post, SMS, phone, email or otherwise. This includes personal data you provide when you:

• sign up for our services;
• speak to an adviser or any other Tembo team member, (whether through email, live chat or telephone);
• speak to an adviser;
• create an account on our website;
• subscribe to our newsletter;
• request marketing to be sent to you;
• give us some feedback;
• submit a job application;
• commence work with Tembo as an employee, contractor or 3rd party provider

Data we automatically collect

Our website automatically collects technical data – things like the equipment you’re using, as well as a record of what pages you’re visiting. We collect this personal data by using cookies, server logs and other similar technologies. You can view our Cookie Policy for greater detail.

Data from another source

As part of collating mortgage and protection recommendations, we work closely with third parties to obtain data relating to you including but not limited to credit reference agencies, search information providers, product vendors, and financial institutions and we may receive financial and credit information about you from them.

• Analytics providers (based both outside and inside the UK) which are services that help us understand how people use the website, like GA4, and Full Story. We collect this whenever you use our website.
• Social media accounts such as Google or Facebook, that you use to log into Tembo
• Public sources such as Companies House or the Electoral Register to verify information you’ve told us 
• Identify verification is performed using Onfido, which is an ID and anti-money laundering check service. This data helps us confirm your identity as part of your mortgage or protection application.
• Credit reference agencies, like Experian, which are the companies who hold your credit history and credit report. We may collect this when you apply for a Tembo product or service
• New home builders or developers, as a legitimate interest of the builder in order to assess affordability for the property
• Enquiries you perform on third-party mortgage sourcing websites

In addition to using GA4 for website analytics, we use Google Signals, another Google product offerering. It collects visitation information via Google advertising cookies, and identifies and associates it with Google information from the accounts of users signed-in Google accounts, who have consented to this association for the purpose of ad personalisation. This Google information focuses on Cross Device Reports and may include end user location, search history, YouTube history and data from sites that partner with Google. It is used to provide aggregated and anonymous insights into the user's cross-device behaviours. Such data may be accessed or deleted via Google My Activity. In addition, users can opt out of Google Analytics Advertising Features through their Google Ads Settings, Ad Settings for mobile apps, and the Network Advertising Initiative's consumer opt-out. For more information, see Google Privacy controls. 

Information submitted via a job application

If you submit a job application to us, we will collect all the data submitted in the application form to process your application successfully. The data we will collect may include information shared in a CV, covering letter, job application questions and/or notes made by the hiring manager during the interview process. We mayl also use 3rd parties to complete the necessary background checks, passing required information to them in accordance with our regulatory requirements. Previous employers will be contacted to request references as appropriate.

Employment Data

Additional information will be collected from you at the start of, and throughout your employment term, for example your next of kin details. Tembo may request additional information from you throughout your employment in line with any changes to applicable laws and regulations.

How we use your data 

We use your data for one or more the reasons we’ve listed below. We will only use your personal data when the law allows us to. Most commonly, we'll use your personal data in the following circumstances:

Consent - you’ve told us it’s OK to use your data for a specific reason.

Contract - you’ve agreed to a contract with us, and we need to use your data to carry out that contract. For example, we’ll use your income data to run affordability checks to determine the mortgage most suitable for you. 

Legal obligation - we have to process your data because the law or regulations require us to. For example, we need to get proof of your identity to meet our anti-money laundering responsibilities.

Legitimate interest - we or one of our partners might use your data because we or they might have a legitimate interest to do that. Sometimes that interest is to do with benefitting Tembo or our partners, and sometimes it’s to benefit wider society. One example of legitimate interest for processing your data might be to try to detect and prevent fraud. Another might be to improve our products and services. Or, we might process your data to recover any money you owe us.

Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw consent at any time by contacting us at hello@tembomoney.com.

We've set out below a detailed description of the ways we use your personal data, and which of the legal bases we rely on to do so.

An introduction 

The purpose we use your data: We use your identity and contact data to register you as a new customer and manage your Tembo account.

The legal basis: Contract

Submitting your mortgage

The purpose we use your data: We use your identity, contact, financial, transaction, marketing and communications, special category, and criminal offence data to help you with your mortgage. Things like finding the right mortgage for you and managing the mortgage applications we make on your behalf. We’ll also use this information to monitor your mortgage and let you know when you could get a better deal.

The legal basis: Contract. Legal obligation (for special category data, we also rely on “substantial public interest”, “regulatory requirements,” and “support for individuals with a particular disability or medical condition”). Legitimate interest (in this case, to recover any money you owe us and to develop and grow our business)

Keep you up to date

The purpose we use your data: We use your identity, contact, profile, transaction and marketing and communications data to manage our relationship with you. This includes things like asking you to leave a review or take a survey. It also includes telling you when your mortgage deal is about to end, and for legal and regulatory reason

The legal basis: Contract. Legal obligation. Legitimate interest (keep our records updated, see how customers use Tembo and review our standards of service, to contact you again as your mortgage deal ends)

Work with others

The purpose we use your data: We use your identity, contact and financial data to talk to other companies or anyone else that helps you with the whole mortgage and home-buying journey. That could include solicitors, conveyancers, surveyors, valuers, other lenders, and other brokers

The legal basis: Contract. Legal obligation.

Handle your complaints

The purpose we use your data: We use your identity, contact and marketing and communications data to manage complaints, take action to put things right, and answer your questions. We can also use financial, transaction, special category data and criminal offence data when it relates to the complaint you’ve made

The legal basis: Legal obligation. Legitimate interest (investigate complaints, improve our standards and try to prevent future complaints)

Ask for feedback

The purpose we use your data: We collect your identity, contact, profile, technical and usage data when you complete a survey or take part in user testing

The legal basis: Contract. Legitimate interest (to understand how customers use Tembo and develop our services and business)

Keep the site running

The purpose we use your data: We use your identity, contact and technical data to manage and protect our business and our website. That includes things like troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

The legal basis: Legitimate interest (to run our business, including our admin and IT services, keep it secure, and prevent fraud)

Improvements

The purpose we use your data: We use your technical and usage data to analyse and test our systems, and improve our website, products and services, marketing, customer relationships and experiences

The legal basis: Legitimate interest (keep our website updated, and develop our business and marketing strategy)

Send your marketing 

The purpose we use your data: We use your identity, contact, profile, usage, technical and marketing and communications data to suggest services you might like. We’ll use your data to decide what you might find useful or like us to send you. You can unsubscribe from marketing by hitting ‘Unsubscribe’ in the bottom of any marketing email, or by emailing hello@tembomoney.com

The legal basis: Legitimate interest (grow Tembo and develop what we offer – for example, we might use your data to send you personalised marketing campaigns). Consent

Record our communications

The purpose we use your data: We use your identity, contact, profile, usage, transaction, marketing and communications data to monitor or record any communications between you and us. That includes live chat and phone calls. We do this to check your instructions to us, analyse and improve our services, and to help us train staff. We also do it for quality assurance purposes (which means to help us prevent mistakes or problems from happening)

The legal basis: Contract. Legal obligation. Legitimate interest (develop and improve our systems, train our people, and give our customers a high standard of service)

Fraud prevention

The purpose we use your data: We use your identity, contact, profile, usage, financial, transaction, marketing and communications data to prevent fraud. We carry out checks on your identity and documents, and look at your financial transactions to detect fraud and money laundering

The legal basis: Contract. Legal obligation. Legitimate interest (fraud and ID checks protect our and others’ businesses as well as you)

Processing of a job application 

The purpose we use your data: We use your identity and contact data to carry out various checks as part of a successful job application at Tembo including vetting/background and right to work checks

The legal basis: Consent. Legitimate interest - for Tembo to assess and validate a candidate suitability and capability to carry out the duties assigned to the prospective role

Affordability checks 

We may access your credit history and relevant financial information in order to provide this information to the product or service providers to enable them to assess the basis on which you may be eligible for the mortgage you have made enquiries about. We will share these details with the prospective product or service providers to enable us to provide you with the details of the products available to you and the details of the relevant lenders and brokers.

In order to find the most suitable product for you we may use the information held at credit reference agencies (CRAs). A CRA is a company that collects personal information from various sources and provides that personal information for variety of uses (including to prospective lenders for the purposes of making credit decisions).

We will combine the information received from other sources with information provided and collected in order to provide you with our services. We will search a CRA who will provide us with information about you to assess creditworthiness and product suitability and check your identity. They will provide us with the publicly held data, including the electoral roll and shared credit performance data. If you have a financial associate their data may also be provided to confirm if you are an existing customer, and as such may be eligible for additional offers. We will use the information provided to us by a CRA to help decide which products may be best for you. It is important to note that there may be other products available from lenders who are not represented by this service.

When the CRA receives a search from us they will place a quotation search footprint on your credit report, whether or not you decide to apply for the product. This search will not affect your ability to gain credit.

The information which we provide to the CRA may be supplied by them to other organisations such as fraud prevention agencies and used by those organisations for the purposes of checking identity, preventing fraud, tracing and collection of debt. The CRA may also use the data to undertake statistical analysis.

If you choose to apply for a product, the lender will undertake a full credit check and provide you with further privacy information for that product.

You can contact any of the CRA's if you wish to obtain a copy of your credit report.

Experian

Consumer Help Service, PO Box 8000, Nottingham NG80 7WF

Telephone: 0844 4818000 or log on to www.experian.co.uk

CallCredit

Consumer Services Team, PO Box 491, Leeds, LS3 1WZ

Telephone: 0870 0601414

Equifax PLC

Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US

Telephone: 0844 335 0550 or log on to www.equifax.co.uk

Security of your information and where we store your information

Tembo take all reasonable steps to ensure that Your Information is treated securely and in accordance with this Privacy Policy.

All information you provide to Tembo is securely stored either on dedicated servers within the United Kingdom or with trusted partners who abide by GDPR legislation as part of Tembo's contractual arrangements.

Once Tembo has received Your Information, Tembo will use strict procedures and security features to try to prevent any unauthorised access.

Who do we share your data with

Tembo may share your information with third parties for specific purposes. We'll always treat your data and privacy with respect. This applies where we need to share this to provide you with the best possible service. Below details the circumstances we may need to share your data: 

CRM (Acre) - we share your data with our customer relationship management system (CRM) in order to manage our interactions with you, and process your applications. 

Electronic identification (Onfido) - we share your data with our ID verification tool in order to verify the information you have given us 

Mortgage lenders - we share your data with a lender to make a mortgage application on your behalf. Mortgage lenders are also data controllers, and will look after your data according to their own privacy policy. It’s worth reading your lender’s privacy policy to see how they use your data

Protection providers - we share your data with protection providers to provide you with details of relevant insurance services/products where applicable

Solicitors/conveyancers - to update the firm of solicitors / conveyancers with whom you are interacting about the progress of your application and confirm your identity / proof of deposit

Estate agents/new home builders - to update the estate agents and home builders with whom you are interacting about the results of affordability checks and progress of your application

Alternative home ownership providers - where we are working with alternative home ownership providers we may share or refer your details

Credit reference agencies - we may use Credit Agencies to complete a soft credit search to assess your eligibility through our CRM platform Acre. This enables Tembo to review your credit position which is needed as part of the mortgage suitability assessment, and comply with regulatory requirements regarding due diligence.

Fraud prevention agencies - we’ll use these to check your identity when you apply for a mortgage, and on an ongoing basis, for example if you remortgage with us. We could also inform them if you give us inaccurate, false or fraudulent information. 

Regulators - in order to uphold our obligations as an FCA regulated firm, we may need to share information with the regulator on an ad hoc basis or as part of regular reporting.

Referencing and pre-employment vetting - your documents and information may be shared internally within the company for the purposes of the recruitment process. Additionally, vetting checks may take place with relevant third parties

Video conferencing platforms - where you opt to communicate via video conferencing we may need to share your user information with the relevant platform. We will ask you to consent to the processing of this data before each call. 

We don't transfer your information to third parties except where explicitly stated in this policy or with your explicit consent. Each party listed above, is either acting as a processor on behalf of Tembo or as a controller in their own right with the purpose of providing services to you.

How long do we keep your data

We’ll only keep your data for as long as we need it to do the thing we collected it for. As well as making sure you're always on the most suitable deal for your circumstances, this enables us to adhere to our regulatory requirements, ensure we provide suitable advice, and to answer any questions you may have later down the line. If you don't transact with us, depending on the stage of your application, we may delete your information sooner in accordance with our data retention policy.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Here’s a more detailed breakdown: 

• Purpose of processing: Successful mortgage or protection applications
  Retention: For the full mortgage or protection policy term plus a further 6 years, or for a period of 30 years for historical cases if the original term is not recorded 
• Purpose of processing: Withdrawn, stalled, incomplete and failed mortgage / protection applications
  Retention: 6 years from the date the latest application was started, or 6 years from the application submitted date if application was submitted and subsequently rejected or from creation date if advice has been provided but not pursued
• Purpose of processing: Customer Profile Data
  Retention: 6 years from date of last login if not proceeded to full application
• Purpose of processing: Affordability checks
  Retention: 6 years from Decision In Principle if affordability check does not proceed to a full mortgage application
• Purpose of processing: Job application data 
  Retention: Successful applicant: life of employment plus 6 years after the employment terminates. Unsuccessful candidate: up to one year
• Retention: Complainant data 
  Retention: 6-years from the date the complaint was made

In some circumstances you can ask us to delete your data: see request erasure below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Marketing communications

When you register with Tembo, we ask you whether you would like to receive our communications detailing offers, news and services from Tembo and/or information from third party companies via email and/or via post that we feel may be of interest to you. In order to consent to receive these communications, you will need to opt in during registration or you can opt out of receiving this information by leaving the option box unchecked.

Where you have let us know that you are happy to receive information from us, we may send you communications that include new products, reminders when your products might be due for renewal and opportunities to take part in market research.

To stop receiving Tembo's promotional offers and alerts, please click the link found at the bottom of each email or update your account preferences.

Cookies

Our website uses cookies to distinguish you from other users. This helps Tembo to provide you with a good experience when you browse our website and also allows Tembo to improve the website.

Like most websites, we use cookies and weblog files to track site usage and trends. A cookie is a small data file, typically of letters and numbers, downloaded to a device when a user accesses a certain website. You can remove or block cookies using settings in your internet browser, but in some cases doing so may impact your ability to use our website. For more information about cookies you can visit All About Cookies.

The only cookies we use are 'analytical cookies' and those that save you the user time by prefilling fields when you revisit our site. They allow us to count the number of visitors and identify which pages are being viewed or used with the sole purpose of analysing data about webpage traffic and to improve our website in order to tailor it to our customer's needs. We only store personally identifiable information in cookies in situations where this is needed for you to navigate between individual webpages, avoiding the need for you to re-enter the same information. This record is deleted when you leave our website.

Google Analytics

We use Google Analytics to help analyse use of our website. This analytical tool collects standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for this website. To opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout.

We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google statistical analytics tool. Google will not associate your IP address with any other data held by Google. Neither ourselves nor Google will link, or seek to link, an IP address with the identity of a computer user.

Content distributed through our website sharing features and/or third party integrations may result in your personal identifiable information being available on external websites. By your direct initiation of these features you are consenting to the use the sharing of this information.

Your rights in relation to your information

You have rights under UK GDPR when it comes to your personal data. We'll be happy to discuss these and how they might apply to you. If you wish to exercise any of the rights set out below, please contact us.

We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we'll notify you and keep you updated as to our progress.

You won't have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to uphold your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  

In summary, you have the right to:

• Being informed about how we collect and use your data. 
• Have access to your data that is held by us in order to rectify any inaccuracies on the information held. You have the right to ask us for copies of your personal data, this is also known as a data subject access request - you can do this by emailing us at hello@tembomoney.com;
• Request the erasure of your Information. You can ask us to delete your information by contacting us via hello@tembomoney.com. Sometimes we might have to keep your data, if laws or regulations tell us to. If we can’t satisfy your request, we’ll let you know the reasons why. 
• Withdraw your consent. If you’ve given us consent to use your data for a specific reason, you can withdraw this at any time
• Have personally identifiable information changed. You can ask us to correct your data if it’s not accurate, or add more data to complete it. We’ll let you know when we’ve done that.
• Lodge a complaint with a supervisory authority. The relevant supervisory authority for the UK is the Information Commissioners Office, and more information can be found at ico.org.uk. For details of our complaints procedure, please see Complaints FAQs;
• Change your mind about marketing communications. You can unsubscribe to emails you receive using the unsubscribe link, or alternatively email hello@tembomoney.com.

Last updated: July 2023