Effective from 19th July 2021
Important information and who we are
At Peach (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the DPA 2018 and all other mandatory laws and regulations of the United Kingdom.
The individuals from which we may gather and use data can include:
and any other people that the organisation has a relationship with or may need to contact.
Who is Your Data Controller
Peach is your Data Controller and is responsible for your Personal Data. We are not obliged by the GDPR to appoint a data protection officer and have not voluntarily appointed one at this time. Therefore, any inquiries about your data should either be sent to us by email at email@example.com or sent in a letter to International House, 24 Holborn Viaduct, London, EC1A2BN, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Highlights from this policy
We process data collected from you, your bank, and third parties, to provide Peach services, and comply with regulatory obligations. Most importantly we use:
- Your personal details(names, address, date of birth), to comply with our identification verification processes with Equifax
- Your bank transaction data (no login credentials)to provide Peach services and allow you to track your accounts
- Data about your use of Peach to help us improve your experience with our product
We only share your data with other companies to fulfill our contract with you, or comply with regulations:
- Account Aggregation Providers(Moneyhub Financial Technology Ltd) — who securely connect your bank accounts to Peach
- Credit Information Providers(Equifax Ltd) — who securely connect mortgages, credit cards and personal loans data via your credit report to Peach
- Other selected service providers (subject to GDPR rules)
Information we collect about you
You may give us information about yourself by accessing our website peachapp.com (site), by using the app service or by corresponding with us by e-mail or otherwise.
Information you give us on account creation
This information is necessary to provide the basic Peach service (to fulfil the contract between us) and to comply with any regulatory obligations:
- First and last name
- Date of birth
Information we automatically collect from your use of Peach
When you use Peach, or visit our website, we automatically collect information, including personal information, about the parts of the Peach you use, and how you use them. This information is necessary for the adequate performance of the contract between us, to enable us to fulfill our regulatory requirements, and given our legitimate interest in being able to provide the Peach service:
- Information about your device— your visits to and use of the site or the Service (including without limitation your IP address, geographical location, browser/platform type and version), internet service provider, operating system
- Information about your use of the product— length of visit, page views, website navigation and search terms that you use, referral source/exit pages
Information we receive from third parties
We receive the following personal information about you from our third-party service providers who assist us in providing some or all of the Service:
- Your bank(through our Aggregation Partners) — bank account number, sort code, balances, and transaction data, in order to fulfill the contract with you
- Your credit information (through Equifax)— credit report file including account information, outstanding balance, 12-month payment history, repayment details and linked associates
How we use the information we collect from you
To provide and improve the Peach product — we process the information we collect given our legitimate interest in improving the Peach experience, and in order to fulfil the contract we have with you:
- Provide you with access to Peach, and to enable your interaction with Peach
- Provide customer service
- Provide you with insights (historical/forecast balances and performance trends)
- Provide you cash flow modeling tools based on your target financial plan
- Send you support messages, updates, security alerts, and account notifications
- To administer our site and the Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
To prevent fraud, and ensure compliance with regulatory obligations — we process the information we collect given our legitimate interest to protect us from fraud and to comply with our regulatory obligations:
- Detect fraud
- To keep our platform secure
Others we share your data with
- Aggregation Providers (Moneyhub Financial Technology Ltd)— We use account aggregation providers to help us to provide the Service by securely accessing your bank account information (“Account Aggregators”). By using the Account Aggregator’s service, you agree and grant them permission to aggregate your personal data, which may then be stored outside of your own country subject to constraints provided by GDPR.
- Credit Information Provider (Equifax Ltd)— Equifax helps us to provide the Service by securely accessing your credit report to retrieve your mortgages, credit cards and loans details. By using the Credit Information Provider’s service, you agree and grant us permission to access your personal information held by Equifax. This process leaves what is known as a ‘soft footprint’ on your credit file but it does not have any effect on your credit rating. If you would like to understand how the credit reference agencies use and share data (including the legitimate interests they pursue) please click the following link: equifax.co.uk/crain
Peach referral users — in providing a referral programme there is a legitimate interest in sharing your name and email address with the person you are inviting or who invited you to the Peach service, to let them know the invite was successful and in order to fulfill the invite terms.
Peach-linked users — in providing the ‘linked user’ functionality there is a legitimate interest in sharing your account information with the person you are choosing to connect to. Consent is controlled by you at the account level, and permissions can be amended or revoked immediately at any time from the app settings. When sharing permissions are removed, linked users will cease to have visibility of your account information, including historical data they were previously able to see.
Aggregated Data — we may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes. This is not considered personal data under GDPR as it can’t be used to directly or indirectly identify you.
Business Transfers — in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If Horizon Technology Ventures Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
We generally retain your information for as long as it is necessary for the performance of the contract we have with you, or to comply with our regulatory obligations. If you no longer want us to use your information you can send a request to firstname.lastname@example.org. Please note that if you request the erasure of your personal data, we may need to keep relevant personal information for at least 5 years to comply with our regulatory obligations.
Your Rights under GDPR
A great thing about the GDPR is that consumers have much more control over how we use your data. See below how you can assert those rights with Peach.
Getting a copy of your data — you have the right to get a copy of the data we hold about you. This is free of charge. To do this, please reach out to email@example.com.
Rectification of inaccurate or incomplete information — you have the right to ask us to update any information we hold which may be inaccurate, and which you can’t change yourself through the Peach service.
Erasure of data or the ‘right to be forgotten’ — you have the right to ask us to erase the personal information we hold on you and close your Peach account. If you do this, we might maintain the personal information we hold on you which is necessary to comply with our regulatory obligations or to reduce fraud.
Withdrawing consent, and restricting processing — to withdraw consent or restrict processing you may contact customer support. If you withdraw consent to share your financial transaction data, we will be unable to provide the Peach service to you. Some information you have provided us will be retained after you withdraw consent to comply with regulatory obligations.
Lodging complaints — you have the right to lodge a complaint with the Information Commissioner’s office for any processing carried out by Peach. You can contact ICO ico.org.uk or telephone: 0303 123 1113.
Where we store your data
All information you provide to us is stored on our secure cloud servers. Any transmission of information to our partners (including personal data) are encrypted using TLS technology, the current standard in secure communications over the Internet. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. Information we deem sensitive (like your bank account number and sort code if provided) are stored with the appropriate technical and operational security measures in place. We will only send your data outside of the European Economic Area (‘EEA’) to comply with a legal obligation, or when we work with third parties in providing you the Peach service. If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA.