Customer Privacy Notice for Personal Account Users in the UK and EEA

Effective 01 May 2023

CUSTOMER PRIVACY NOTICE

We’re committed to protecting and respecting your privacy.

Tonio will:

always keep your personal data safe and private
never sell your personal data
allow you to manage and review your marketing choices at any time

1. About us

Tonio Limited is a Private limited Company organized and existing under the laws of the UK, having its registered office at Suite 3 G & H, Docklands Business Centre, 10-16 Tiller Road, London, E14 8PXE 1 4 8 P X, UNITED KINGDOM (Hereinafter – “Tonio”)

2. Why do I need to read this notice?

Tonio collect your personal data when you use:

our website at tonio.co.uk
any of the services available to you

Tonio may also collect your personal data from other people or companies. Tonio explain how this can happen in more detail below.

When Tonio say ‘personal data’, Tonio mean information which:

Tonio know about you
can be used to personally identify you (for example, a combination of your name and postal address)

This notice explains what information Tonio collect, how Tonio use it, and your rights if you want to change how Tonio use your personal data.

Tonio may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.

If you have concerns about how Tonio use your personal data, you can contact [email protected]

3. What personal data do you collect about me?

The table below explains what personal data Tonio collect and use.

Type of personal data	Details
Information you give us	Tonio collect information you provide when you: ﬁll in any forms correspond with us respond to any of our surveys open an account or use any of our services take part in online discussions or promotions speak with a member of our social media or customer support teams (either on the phone or Telegram or Whatsapp or email) enter a competition or share information with us on social media contact us for other reasons Tonio will collect the following information: your name, address, and date of birth your email address, phone number and details of the device you use (for example, your phone, computer or tablet) your Tonio username (this is random and is automatically assigned to you when you ﬁrst join but you will be able to change it) your registration information details of your bank account, including the account number, sort code and IBAN details of your Tonio debit cards and credit cards (or other debit or credit cards you have registered with us) including the card number, expiry date and CVC (the last three digits of the number on the back of the card) copies of your identiﬁcation documents (for example, your passport or driving licence) and any other information you provide to prove you are eligible to use our services your country of residence, tax residency information, and tax identiﬁcation number records of our discussions, if you contact us or Tonio contact you (including records of phone calls) your image in photo or video form (where required as part of our Know-Your-Customer (KYC) checks, to verify your identity if you contact us when logged out of your Tonio account, or where you upload a photo to your Tonio account) information about other people (such as a joint account holder, your spouse or family) when Tonio ask you to give us this information to enable us to comply with our obligations under KYC, anti-money laundering laws and to assist with fraud monitoring If you give us personal data about other people (such as a joint account holder, your spouse or family), or you ask us to share their personal data with third parties, you conﬁrm that you have brought this notice to their attention beforehand.
Information collected from your use of our products and services	Whenever you use our website Tonio collect the following information: technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, a unique device identiﬁer (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use information about your visit, including the links you’ve clicked on, through and from our website or app (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page information on transactions and your use of Tonio products (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneﬁciary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received, details of device used to arrange the payment and the payment method used information stored on your device, including if you give us access to contact information from your contacts list. The Tonio app will regularly collect this information in order to stay up to date (but only if you have given us permission)
Information from others	Tonio collect personal data from third parties or other people, such as credit reference agencies, ﬁnancial or credit institutions, oﬃcial registers and databases, as well as joint account holders, fraud prevention agencies and partners who help us to provide our services. This includes your credit record, information about late payments, information to help us check your identity, information about your spouse and family (if applicable in the context of an application for credit that you make) and information relating to your transactions. When you ask us to, we’ll also collect personal data from accounts you hold with third party ﬁnancial institutions (when you create a linked account by activating Open Banking in the Tonio app). If you apply for our credit products, when you allow us, Tonio may use this information for credit checks to improve your experience.
Information from social media	Occasionally, we’ll use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when Tonio conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).
Information from publicly available sources	Tonio collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes.

4. What is your legal basis for using my personal data?

Tonio must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

Keeping to our contracts and agreements with you
Tonio need certain personal data to provide our services and cannot provide them without this personal data.
Legal obligations
In some cases, Tonio have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws Tonio must hold certain information about our customers).
Legitimate interests
Tonio sometimes collect and use your personal data because Tonio have a legitimate reason to use it and this is reasonable when balanced against your human rights and freedoms.
Substantial public interest
Where Tonio process your personal data, or your sensitive personal data (sometimes known as special category personal data), to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.
Consent
Where you've agreed to us collecting your personal data, or sensitive personal data, for example when you tick a box to indicate you’re happy for us to use your personal data in a certain way.

5. How do you use my personal data?

Explore the ways in which Tonio may use your personal data using this table:

What Tonio use your personal data for	Our legal basis for using your personal data
Providing our services Whenever you apply for or use a product or service, we’ll use your personal data to: check your identity, and the identity of joint account holders (as part of our KYC process) decide whether or not to approve your application meet our contractual and legal obligations relating to any products or services you use (for example, making payments into and out of your Tonio account) help you understand your spending behaviour, how you use Tonio products and services, and to help you save money (for example, by providing you with product usage and spending insights) recover debt and exercise other rights Tonio have under any agreement with you provide you with customer support services. Tonio may record and monitor any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our services, and for training and quality control purposes	Keeping to contracts and agreements between you and us Legitimate interests (Tonio need to be eﬃcient about how Tonio meet our obligations and Tonio want to provide you with good products and services) Legal obligations
Protecting against fraud Tonio use your personal data to check your identity to protect against fraud, keep to ﬁnancial crime laws and to conﬁrm that you’re eligible to use our services. Tonio also use it to help us better understand your ﬁnancial circumstances and manage fraud risks related to your Tonio account.	Legitimate interests (to develop and improve how Tonio deal with ﬁnancial crime and meet our legal responsibilities) Legal obligations
Marketing and providing products and services that might interest you Tonio use your personal data to do the following: to personalise your website experience and marketing messages about our products and services so they’re more relevant and interesting to you (where allowed by law). This may include analysing how you use our products, services and your transactions if you agree, provide you with information about our partners’ promotions or offers which Tonio think you might be interested in if you agree, allow our partners and other organisations to provide you with information about their products or services measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you ask your opinion about our products or services Remember, you can ask us to stop sending you marketing information by adjusting your marketing choices	Legitimate interests (to send direct marketing, ensure our direct marketing is relevant to your interests, develop our products and services, and to be eﬃcient about how Tonio meet our legal and contractual duties) Consent (where we’re legally required to get your consent to send you direct marketing about our products or services, or partners’ promotions or offers, or for you to receive marketing from other organisations)
To keep our services up and running Tonio use your personal data to manage our website (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device. Tonio also use your personal data to: verify your identity if you contact our customer support or social media teams allow you to take part in interactive features of our services tell you about changes to our services help keep our website and the Tonio app safe and secure	Keeping to contracts and agreements between you and us Legitimate interests (to be eﬃcient about how Tonio meet our obligations and keep to regulations that apply to us and to present content as effectively as possible for you) Consent (where required by law)
Helping with social interactions Tonio use your personal data to help with social interactions through our services, or to add extra functions in order to provide a better experience. For example, if you give us permission, we'll use the contacts list on your phone so you can easily make payments to, or message, your contacts using the Tonio app.	Legitimate interests (to develop our products and services and to be eﬃcient in meeting our obligations) Consent (to access information held on your phone, for example, contacts in your contacts list, to track you when you have location services switched on)
Preparing anonymous statistical datasets Tonio prepare anonymous statistical datasets about our customers’ spending patterns: for forecasting purposes to understand how customers use Tonio Website to comply with governmental requirements and requests These datasets may be shared internally or externally with others, including third-party companies. Tonio produce these reports using information about you and other customers. The information used and shared in this way is never personal data and you will never be identiﬁable from it. Anonymous statistical data cannot be linked back to you as an individual. For example, some countries have laws that require us to report spending statistics and how money enters or leaves each country. We’ll provide anonymised statistical information that explains the broad categories of merchants that Tonio customers in that country spend their money with. We’ll also provide information about how Tonio customers top up their accounts and transfer money. However, Tonio won’t provide any customer-level information. It will not be possible to identify any individual Tonio customer.	Legitimate interests (to conduct research and analysis, including to produce statistical research and reports) Legal obligations
Improving our products and services Tonio use your personal data to help us develop and improve our current products and services. This allows us to continue to provide products and services that our customers want to use.	Legitimate interests (to understand how customers use our products so Tonio can develop new products and improve the products Toniocurrently provide)
Meeting our legal obligations, enforcing our rights and other legal uses Tonio use your personal data: to share it with other organisations (for example, government authorities, law enforcement authorities, tax authorities, fraud prevention agencies) to recover debts from you (for example, where you hold a credit product with us or have a negative balance in your account) if this is necessary to meet our legal or regulatory obligations to identify and support vulnerable customers by analysing your behaviour in the Tonio app, customer support communications and through transactions (for example, Tonio will try to identify whether you are potentially vulnerable so Tonio can provide you with enhanced support. Identifying and supporting vulnerable customers is a legal requirement for us in some countries) in connection with legal claims to help detect or prevent crime Sometimes, we’re legally required to ask you to provide information about other people. For example, Tonio might ask you to explain: your relationship with a joint account holder or somebody who pays money into your Tonio account how somebody got the money in the ﬁrst place to pay it into your Tonio account	Legitimate interests (for example, to protect Tonio during a legal dispute) Substantial public interest (if Tonio process your sensitive personal data to keep to legal requirements that apply to us) Legal obligations

Sometimes, Tonio help you to provide services to customers. For example, Tonio provide payment processing services to you if you use our Tonio Pro product. Where this happens, you’re responsible for deciding if Tonio collect your customers’ personal data and how Tonio should process it on your behalf.

6. Do you make automated decisions about me?

Depending on the Tonio products or services you use, Tonio may make automated decisions about you.

This means that Tonio may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. This is sometimes known as proﬁling. Tonio do this for the eﬃcient running of our services and to ensure decisions are fair, consistent and based on the right information.

Where Tonio make an automated decision about you, you have the right to ask that it is manually reviewed by a person.

Opening accounts:

KYC, anti-money laundering and sanctions checks
identity and address checks

Detecting fraud:

monitoring your account to detect fraud and ﬁnancial crime

Our legal basis is one or more of the following:

keeping to contracts and agreements between you and us
legal obligations
legitimate interests (to develop and improve how Tonio deal with ﬁnancial crime and meet our legal responsibilities)

7. How do you use my personal data for marketing?

If you sign up to our services, and where national laws allow, we’ll assume you want us to contact you by post, push notiﬁcation, email and text message with information about Tonio products, services, offers and promotions. Where national laws require us to get your consent to send marketing messages, we’ll do so in advance.

Tonio use your personal data to personalise marketing messages about our products and services so they are more relevant and interesting to you (where allowed by law). This may include analysing how you use our services and your transactions.

You can object to proﬁling for direct marketing purposes. You can also adjust your preferences or tell us you don't want to hear from us at any time. Just use the privacy settings in the Tonio app or tap the unsubscribe links in any marketing message Tonio send you.

If you do not want to receive personalised marketing messages, and opt out from receiving them, you will not receive any marketing communications. However, you may still receive generic information about our products and services in the Tonio app.

Tonio won't pass your details on to any organisations outside the Tonio for marketing purposes without your permission.

Our legal basis is:

consent (where Tonio are required by law to collect your consent); or
legitimate interests (to send you marketing and to provide information relevant to your interests).

8. What are my rights?

Your right	What it means
You have the right to be told how Tonio use your personal data	Tonio provide this privacy notice to explain how Tonio use your personal data.
	If you ask, we’ll provide a copy of the personal data Tonio hold about you. Tonio can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. Tonio also won't provide you with any communication we've had with our legal advisers.
You can ask us to correct your personal data if you think it's wrong	You can have incomplete or inaccurate personal data corrected. Before Tonio update your ﬁle, Tonio may need to check the accuracy of the new personal data you have provided.
You can ask us to delete your personal data	You can ask us to delete your personal data if: there's no good reason for us to continue using it you gave us consent (permission) to use your personal data and you have now withdrawn that consent you have objected to us using your personal data Tonio have used your personal data unlawfully the law requires us to delete your personal data Just to let you know, Tonio may not be able to agree to your request. As a regulated ﬁnancial services provider, Tonio must keep certain customer personal data even when you ask us to delete it (we've explained this in more detail below). If you've closed your Tonio account, Tonio may not be able to delete your entire ﬁle because these regulatory responsibilities take priority. We’ll always let you know if Tonio can't delete your personal data.
You can object to us processing your personal data for marketing purposes	You can tell us to stop using your personal data, including proﬁling you, for marketing.
You can object to us processing other personal data (if we’re using it for legitimate interests)	If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object. However, if there is an overriding reason why Tonio need to use your personal data, Tonio will not accept your request. If you object to us using personal data which Tonio need in order to provide our services, Tonio may need to close your account as Tonio won’t be able to provide the services.
You can ask us to restrict how Tonio use your personal data	You can ask us to suspend using your personal data if: you want us to investigate whether it’s accurate our use of your personal data is unlawful but you don’t want us to delete it Tonio no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim you have objected to us using your personal data (see above), but Tonio need to check whether Tonio have an overriding reason to use it.
You can ask us to transfer personal data to you or another company	If Tonio can, and are allowed to do so under regulatory requirements, we’ll provide your personal data in a structured, commonly used, machine-readable format.
You can withdraw your permission	If you’ve given us the consent Tonio need to use your personal data, you can withdraw it at any time by changing your privacy settings in the Tonio app or sending an email to [email protected] (Please note, it will have been lawful for us to use the personal data up to the point you withdraw your permission.)
You can ask us to carry out a human review of an automated decision Tonio make about you	If Tonio make an automated decision about you that signiﬁcantly affects you, you can ask us to carry out a manual review of this decision.

Your ability to exercise these rights will depend on a number of factors. Sometimes, Tonio won’t be able to agree to your request (for example, if Tonio have a legitimate reason for not doing so or the right does not apply to the particular information Tonio hold about you).

9. How do I exercise my rights?

To exercise any of your rights set out in the previous section, you can contact us through an email at [email protected].

For security reasons, Tonio can't deal with your request if we’re not sure of your identity, so Tonio may ask you for proof of ID.

If a third party exercises one of these rights on your behalf, Tonio may need to ask for proof that they’ve been authorised to act on your behalf.

Tonio will usually not charge you a fee when you exercise your rights. However, we’re allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.

If you’re unhappy with how we’ve handled your request, you can complain to your local data protection authority. In the United Kingdom, this is the ICO (website).

10. Do you share my personal data with anyone else?

People or companies that you transfer money to

Where you make a payment from your Tonio account, we’ll provide the recipient with your details alongside your payment (for example, your name and IBAN). This is because, like all payment institutions, we’re required by law to include certain information with payments.

People or companies that transfer money to you

When you receive a payment to your Tonio account, we’ll provide the payer with your details (for example, your name and IBAN). This is necessary to conﬁrm that the payment has been made to the correct account.

Suppliers

The table below explains which suppliers Tonio normally share your personal data with:

Type of supplier	Why we share your personal data
Suppliers who provide us with IT, payment and delivery services	To help us provide our services to you
Our banking and ﬁnancial services partners and payments networks, including Visa and Mastercard	To help us provide our services to you. This includes banking and lending partners, banking intermediaries and international payment service providers
Analytics providers and search information providers	To help us improve our website
Customer-service providers, survey providers and developers	To help us to provide our services to you
Communications services providers	To help us send you emails, push notiﬁcations and text messages

Partners who help to provide our services

We’ll only share your personal data in this way if you’ve asked for the relevant service or if it’s provided as part of our membership plans.

From time to time, Tonio may work with other partners to offer you co-branded services or promotional offers, and we’ll share some of your personal data with those partners. Tonio will always make sure you understand how Tonio and our partners process your personal data for these purposes.

Other ﬁnancial institutions and Tonio customers

Tonio may share your personal data with other ﬁnancial institutions, or Tonio customers, if you ask us to. For example, if you have activated ‘Open Banking’ through an account you hold with another ﬁnancial institution and given them permission, we’ll share data from your Tonio account (such as your balance, payment transactions, account number and sort code) with that ﬁnancial institution.

Tonio may also share your personal data with other ﬁnancial institutions, or Tonio customers, where you do not ask us to. For example, if a payment is made to your account by mistake, Tonio can share your information with the ﬁnancial institution, or Tonio customer, the payment came from. This will help the payer and the other ﬁnancial institution to try and get the payment back themselves.

Other third parties

Tonio may share your personal data with other third parties where necessary to facilitate you receiving payments to your Tonio account.

For legal reasons

Tonio also share your personal data with other ﬁnancial institutions, government authorities, law enforcement authorities, tax authorities, companies and fraud prevention agencies to check your identity, protect against fraud, keep to tax laws, anti-money laundering laws, or any other laws and conﬁrm that you’re eligible to use our products and services.

If fraud is detected, you could be refused certain services by Tonio or other companies.

Tonio may also need to share your personal data with other third party organisations or authorities:

if Tonio have to do so under any law or regulation
if Tonio sell our business or credit portfolio
in connection with criminal or fraud investigations
to enforce our rights (and those of customers or others)
in connection with legal claims.

Social media and advertising companies

When Tonio use social media for marketing purposes, your personal data (limited to only your name, email address and app events) may be shared with the social media platforms so that they can check if you also hold an account with them. If you do, Tonio may ask the advertising partner or social media provider to:

use your personal data to send our adverts to you, because Tonio think that you might be interested in a new Tonio product or service
not send you our adverts, because the marketing relates to a service that you already use
send our adverts to people who have a similar proﬁle to you (for example, if one of our services is particularly useful to people with similar interests to the ones on your social media proﬁle, we may ask our advertising partner or social media partner to send our adverts for that service to those people)

Tonio may share your personal data with our advertising partners in the ways described above, but the personal data is hashed before Tonio send it, and the social media platform Tonio share it with is only allowed to use that hashed personal data in the ways described above.

Our legal basis is:

legitimate interests (to ensure Tonio’s advertising is as effective as possible)

You can contact us at any time, by emailing [email protected], if you don’t want us to share your personal data for advertising purposes.

Remember you can also manage your marketing preferences directly with any social media provider that you have an account with.

Where you ask us to share your personal data

Where you direct us to share your personal data with a third party, Tonio may do so. For example, you may authorise third parties to act on your behalf (such as a lawyer, accountant or family member or guardian under a power of attorney). Tonio may need to ask for proof that a third party has been validly authorised to act on your behalf.

11. Will my personal data go outside the United Kingdom or Europe?

As Tonio provide an international service, Tonio may need to transfer your personal data outside the United Kingdom or European Economic Area (EEA) to help us provide our services.

For example, if you make an international payment, we’ll send funds to banks outside of the United Kingdom or EEA. Tonio might also send your personal data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing support services.

Tonio may send your personal data outside of the United Kingdom or EEA to:

keep to global legal and regulatory requirements
provide ongoing support services
credit reference agencies, fraud prevention agencies, law enforcement authorities
enable us to provide you with products or services you have requested

If Tonio transfer your personal data to another country that doesn’t offer a standard of data protection equivalent to the United Kingdom or EEA, Tonio will make sure that your personal data is suﬃciently protected. For example, we’ll make sure that a contract with strict data protection safeguards is in place before Tonio transfer your personal data. In some cases, you may be entitled to ask us for a copy of this contract.

If you would like more information, please contact us by sending an email to [email protected].

12. How do you protect my personal data?

Tonio recognise the importance of protecting and managing your personal data. Any personal data Tonio process will be treated with the utmost care and security. This section sets out some of the security measures Tonio have in place.

Tonio use a variety of physical and technical measures to:

keep your personal data safe
prevent unauthorised access to your personal data
make sure your personal data is not improperly used or disclosed

Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. Tonio have detailed security and data protection policies which staff are required to follow when they handle your personal data.

While Tonio take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, Tonio cannot guarantee it will be secure during transmission by you to our app, a website or other services. Tonio use HTTPS (HTTP Secure), where the communication protocol is encrypted through Transport Layer Security for secure communication over networks, for all our app, web and payment-processing services.

If you use a password for the Tonio app or our website, you will need to keep this password conﬁdential.

Please do not share it with anyone.

When you use our public services, which includes our social network accounts and the Tonio Community forum, do not share any personal data that you don't want to be seen, collected or used by other customers, as this personal data will become publicly available.

13. How long will you keep my personal data for?

We’ll generally keep your personal data for five years after our business relationship with you ends, or such period as may be required by applicable local laws.

We’re required to keep your personal data for this long by anti-money laundering and e-money laws. Tonio may keep your personal data for longer because of a potential or ongoing court claim, or for another legal reason.

14. How will you keep me updated about how you use my personal data?

If Tonio change the way Tonio use your personal data, we’ll update this notice and, if appropriate, let you know by email, through the Tonio app or through our website.

15. Do you use cookies?

Tonio use cookies to analyse how you use our website. Please read our cookies policy for more information about cookies.

Tonio also use pixels or web beacons in the direct marketing emails that Tonio send to you. These pixels track whether our email was delivered and opened, and whether links within the email were clicked.

They also allow us to collect information such as your IP address, browser, email client type and other similar details. Tonio use this information to measure the performance of our email campaigns, and for analytics. You can control whether you receive direct marketing emails through the privacy settings in the Tonio app.