1.1 When you apply for a product or service from us, you’ll be asked for personal information and data that is needed to process your application. We’ll take great care to protect your privacy.
1.2 In this policy we’ll provide details of how you can also help guard yourself against online fraud. We also set out, as data controller, how we’ll act in relation to your data and how we’ll use such data.
1.3 Web security is very important to us, so we take great care to protect you. Please see below for details of how you can also help to guard yourself against online fraud. We ask that you remember the following:
Keep yourself safe online:
- Never reveal your password to anyone or write it down
- Don’t use a password that could be easily guessed by someone else
- Change your password immediately if you suspect someone else could know it
- Log off when you’ve completed your transaction
- Keep your devices updated with current anti-virus software, the latest browser versions and operating systems.
- Don’t send us any confidential account information by email or via social media
- Treat emails you receive with caution. Remember that we’ll never ask you to disclose your personal or account information to us by email
- We recommend you regularly visit the Financial Fraud Action website to keep up-to-date with tips to protect yourself from the latest scams
1.4 Your Username and Password
On registering a Cashplus Account with us, you’ll have a username and password which must be used to access certain restricted parts of our website. Your username and password are used by us to identify you, so they’re very important. You’re responsible for all information posted on our website by anyone using your username and password. Any breach of security of a username and password should be notified to us immediately.
1.5 Our system security
Our systems operate on 256-bit secure encryption. Look for the padlock symbol in your browser status bar. Encryption makes your information unreadable to anyone who might intercept it. In addition, Transport Layer Security (TLS) is used to connect your browser to our secure servers. A team of independent security experts regularly test our website. Your Online Servicing session will time out if you remain inactive for more than 15 minutes. Your Cashplus Account login will be locked out after three failed access attempts. You’ll need to contact us to reset your account. We’ll verify your identity before disclosing confidential information over the phone or resetting your password. Despite our best endeavors, we can’t always guarantee the website will be fault free and we don’t accept liability for any errors or omissions.
1.6 Transport Layer Security (TLS)
Transport Layer Security (TLS) is a commonly used method of managing the security of messages transmitted across the Internet and is used by us to connect your computer to our secure server. You can tell that TLS is in use if our website URL in the search bar starts with https:// and/or a lock icon is displayed within your browser. If you have problems getting to secure mode, install one of the latest browsers and try the website again.
1.7 Browser Use
Our website has been designed to work with a variety of the latest browsers across Mobile, Tablet and Desktop devices.
If you’re using an older browser such as Internet Explorer 10, you may have difficulty viewing webpages and not be able to apply for a card or access your account information. Your security could also be weakened. To make an application online, we recommend that you upgrade to the latest versions.
“Plug-ins” are additional software programs required by some websites to make them work properly. An example is Flash Player from Adobe. Our website doesn’t need any plug-ins to work effectively, however you’ll need a PDF reader such as Adobe Acrobat Reader to download certain documents, such as Terms and Conditions.
1.9 Network Protection
Most organisations have what is known as a "firewall” to protect their networks and their computers. A firewall is a secure server through which all communication passes and which protects the organisation’s computers from unauthorised access by filtering the information getting in and out. Depending on how the firewall is set up, access to another secure server may be denied.
It’s possible that due to the set-up of firewalls, certain networks may restrict access to our website.
You also consent to any additional cardholders and delegated authorities, previously agreed when you set up your account having access on your account to relevant statement information including account balance information through the Cashplus Mobile App.
IMPORTANT: Additional Cardholders must have permission from the Primary Cardholder before downloading and using the Cashplus Mobile App.
1.11 Using the Cashplus Mobile App
You can use our Cashplus Mobile App to view and access your eligible Cashplus Accounts. Use of the Cashplus Mobile App is in accordance with these conditions and you’ll need to register to use the service.
You’ll be responsible for all instructions given by you or anyone acting with your authority whilst using the Cashplus Mobile App. Please note this includes any errors or instructions sent by someone other than yourself so please don’t leave your device unattended while you’re logged-in to the App.
We don’t charge you for using the Cashplus Mobile App but your mobile operator may charge for some services.
You must only use the Cashplus Mobile App for online account servicing and other intended uses. You must not copy, reproduce or attempt to alter it in any way.
To use the Cashplus Mobile App, small software files similar to Cookies will be stored on your mobile device. These files allow the Cashplus Mobile App to remember choices you make (such as your user name or the region you are in) and provide enhanced, more personal features. These files are used to store your registration information and your acceptance of Terms and Conditions. The information these files collect may be anonymised so they can’t track your browsing activity on other websites. The files are essential to enable you to move around and use the features of the Cashplus Mobile App.
In addition to the above, non-personal data may be collected by your mobile device or app store provider in accordance with their Terms and Conditions which apply to the use of your device and app store account.
The Cashplus Mobile App uses location based services. Data about your location (i.e. GPS signals from your mobile device) or data that can be used to approximate your location, is used to provide features such as the ‘Store Locator’ and for the prevention of fraud and/or money laundering.
1.12 Cashplus Mobile App Service
We aim to ensure a complete service at all times, but the speed and availability of service can’t be guaranteed. The service may be interrupted due to our need to update or maintain our systems or those of third-parties who provide part of the service. In addition, the service may be affected by the network coverage available from your mobile service provider or maintenance and upgrades they perform that affect the availability of your mobile network.
The Cashplus Mobile App can be used all over the world but can only be downloaded if you have a UK App Store or Google Play Account. Just make sure you use a secure Wi-Fi connection and check with your network provider to ensure you don’t experience higher than usual roaming data charges for using the App abroad.
We reserve the right to withdraw the Cashplus Mobile App at any time.
1.13 Use of email and social media
Please note that ordinary email is not secure. Please don’t send us any confidential information via email or social media. We’ll only use email to send you account information, such as your account balance and transaction information or special offers. Marketing preferences can be managed via the Cashplus Mobile App and Online Servicing. We won’t use email to send other confidential information to you. We can’t accept any responsibility for the unauthorised access by a third party and/or the corruption of data being sent by individuals to Cashplus. It’s our policy that if any of our customers are victims of unauthorised access to their accounts, and provided that you’ve not breached our security procedures, acted fraudulently or without reasonable care, we may cover any direct financial loss which you may have suffered.
2. Source of data
We generally collect personal data from the following sources:
2.1 Information that you provide to us or as set out below:
(i) When you apply for our products and services
(ii) When you talk to us on the phone (including recorded calls), web chat, social media or other communication channel
(iii) In emails and letters
(iv) When you use our websites or the Cashplus Mobile App
(v) When you take part in customer surveys
(vi) When you take part in prize draws or other special promotions
2.2 Third parties and external organisations:
(i) Companies that introduce you to us
(ii) Card schemes or associations
(iii) Credit reference agencies
(iv) Comparison websites
(v) Social networks
(vi) Fraud prevention agencies
(viii) Public information sources such as Companies House
(ix) Agents working on our behalf
(x) Market researchers
(xi) Government and law enforcement agencies
(xii) Media outlets
3. The data that we may process
3.1 The data that we may process includes the following:
(i) Your Internet Protocol (IP) address, geographical location, login and browser details, operating system, information accessed and loaded, time spent and pages visited, technical information about your computer or mobile device.
(ii) Data in respect of the use and operation of your account. This data may include your account name, your name, email address and account number, profile pictures, gender, date of birth, relationship status, financial history, educational details and employment details.
(iii) Your contact details, your card details and the transaction details.
4. The purposes for which we may process your personal data:
4.1 We may process your personal data for the following purposes, to enable us to:
(i) determine how you use the Cashplus Mobile App, Online Servicing, our website and also how you use our products and services. The legal basis for this processing is our legitimate business interests, namely so we can monitor the use and effectiveness of our products, services, the Cashplus Mobile App, Online Servicing and the website.
(ii) provide products and services and manage the operation of your account. The legal basis for this processing is the performance of a contract between you and us and/or taking steps to enable us at your request, to enter into such a contract.
(iii) make enquiries and conduct investigations about the supply of purchased goods and services and keeping records of these transactions. The legal basis for this processing is because we have a legal obligation as well as our legitimate business interests namely to help us detect fraud and crimes generally, to enable us to comply with general regulatory requirements and to resolve any issues and queries that may arise.
(iv) perform the requirements that may arise with respect to credit agencies, fraud prevention agencies and for crime prevention generally. Cashplus may take decisions about your application and your account on the basis of automated checks via a credit scoring system which we will undertake from the credit agencies, fraud prevention agencies and internal Cashplus records. Where we use automated decision making, you have a right to appeal if your application is refused. You should also be aware that where we make these checks, credit and fraud prevention agencies may keep a record of them. The legal basis for this processing is our legitimate business interests namely to enable us to provide you with services.
(vi) measure the effectiveness of our service and conduct customer surveys to enable us to improve our services, the effectiveness of the Cashplus Mobile App and the website. The legal basis for this processing is our legitimate business interests namely to enable us to provide you with services and improve the quality of the services generally.
(vii) where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure as well as where we have a legal requirement to process such data. The legal basis for this processing is we have a legal obligation, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
5. Personal data shared with others
5.1 We may disclose your personal data where you have given your consent.
5.2 We may disclose your personal data to our insurers and/or professional advisers for insurance purposes, to enable us to manage claims and for any business transactions and enquiries that relate to your business generally.
5.3 We may also share your personal data with agents and advisers who we use to help us run your accounts and services and collect overdue payments. As indicated above it may be necessary to disclose your personal data to credit reference agencies and fraud prevention agencies. The credit reference and fraud agencies we use are:
- Callcredit Information Group
- Equifax Limited
- Experian Limited
5.4 Financial transactions relating to your account may be disclosed to our payment services providers. We’ll share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
5.5 In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we’re subject, to protect your vital interests or the vital interests of another natural person or to HM Revenue & Customs, regulators and other authorities.
5.6 Any information you provide in relation to the Cashplus Mobile App is disclosed to our third-party agents who act on our behalf. This is for operational reasons; to provide the Cashplus Mobile App to you.
5.7 We may disclose your personal data with organisations that introduce you to us, any organisations that you ask us to share your personal data with and with market researchers.
6. International transfers of your personal data
6.1 We’ll only send your data outside of the European Economic Area (‘EEA’) to:
(i) Follow your instructions
(ii) Comply with a legal duty
(iii) Work with our agents and advisers who we use to help run your accounts and services
6.2 If we do transfer information to our agents or advisers outside of the EEA, we’ll make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
(i) Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
(ii) Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website.
(iii) Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.
7. Retaining and deleting personal data
7.1 This Section 7 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
7.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.3 It’s our policy generally to retain your personal data for 6 years after our relationship with you ends although this may be extended where there are specific regulatory requirements to do so.
8.1 We may update this policy from time to time by publishing a new version on our website.
8.2 We may notify you of changes to this policy through the Online Servicing site on our website.
9. Your rights
9.1 You’ve the right to ask us about your personal data that we process. You can ask for access to the data as well as other information including the reasons for processing, categories of data and recipients of data.
9.2 You can ask us to rectify any inaccurate or incomplete data.
9.3 If you consider that it’s no longer necessary to process your data, you can ask us to erase this data.
9.4 You can also ask us to restrict the use of your personal data where you think the data is inaccurate, if it has been processed unlawfully, processing is no longer relevant but you want us to keep the data for use in legal matters and issues or where you’ve asked us to stop processing the data and you’re waiting for our response. Where we restrict processing, we’ll not process or share your data in any other way except if you give consent, for legal claims, to protect the rights of others or for an important public interest reason.
9.5 You may ask us to stop processing your personal data for marketing purposes.
9.6 You have the right to complain to a regulator and to appeal if your complaint isn’t upheld. In the UK you can contact the Information Commissioner’s Office and the website is https://ico.org.uk/.
10. About cookies
10.1 Cookies Policy
A cookie is a text-only string of data, which often includes a random unique identifier that is sent to your computer or mobile phone browser from a website’s computer and is stored on your device. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
If cookies are enabled during the course of any visit to our websites, the pages you see, along with a cookie, are stored to your device. On a repeat visit the Cashplus website may check to see, and find, any cookie left there on the last visit to enable us to present personalised features. Cashplus might also look at IP addresses to add general information about the country, city or region in which you’re located, along with your domain (e.g. what internet service provider you use).
Cookies cannot be used by themselves to personally identify you. They can be used for marketing purposes, to create a profile of your engagement with Cashplus websites and if you’ve already given some personal details, to track your activity on our websites.
The exception to this is within Online Servicing and our Online Application site - where we must securely identify you and track your usage to protect your account. However, the cookies themselves don’t contain any personal or identifiable information.
10.2 We use the following cookies on our websites:
These are temporary cookies that remain in the cookie file of your browser until you close the browser. They enable information to be maintained across pages of our site pursuant to providing you with a better experience.
These cookies can’t personally identify you and they’ll expire when you close down your browser.
These remain in the cookie file of your browser for much longer (though how long will depend on the life time of that specific cookie). These cookies help Cashplus recognise you as a unique visitor (just a randomly generated number) when you return to our website and to allow us to tailor content or advertisements to match your preferred interests or to avoid showing you the same adverts repeatedly.
On some of our sites, as with session cookies, they also enable information to be maintained across pages of our site and avoid you having to re-enter information.
Google Analytics cookies collect and store information on how visitors are interacting with our website. For example, what webpages are visited most often, how long for, and what device you use to visit these pages.
We use these cookies to ensure areas of our website are working correctly and that we’re providing users with relevant information. No identifiable information can be stored in or obtained from these cookies.
Learn more about Google Analytics Cookies and Privacy
Google sets a cookie on your browser that anonymously captures your interests allowing their advertising partners to present products and services on their websites that are relevant to you. Google are in full control of these cookies.
You can change your Google Ad-Preferences or find out more about Google Ad-Preferences by visiting: www.google.com/ads/preferences/
Amazon Ad tracking
Amazon pixels collect and store information on visitors who have interacted with our website after clicking on an advert on Amazon. The code will place an anonymous cookie on your browser, which will only be used for tracking which clicks converted to applications. Cookies are collected anonymously, under a privacy safe domain "amazon-adsystem" and do not comingle with Amazon's retail data. You can find out more at https://www.amazon.co.uk/gp/help/customer/display.html?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&nodeId=201149560.
Third Party Cookies
Additional authorised Third Parties serve cookies via our sites, under our direct control. These are used for the following purpose:
To compile anonymous, aggregated statistics that allow us to understand how visitors use our site and to help us improve the structure of our website. We can’t identify you personally in this way.
10.3 Control cookie settings
Most browsers will have a default ‘medium’ cookie setting, allowing 1st party cookies but blocking 3rd party cookies. You can change your cookie settings, and remove specific cookies, via your browser through the following paths:
- Internet Explorer: Tools > Internet Options > Privacy
- Firefox: Tools > Options > Privacy
- Google Chrome: Settings > Privacy > Content Settings
10.4 Blocking all cookies will have a negative impact upon the usability of many websites.
10.5 If you block cookies, you’re not be able to use all the features on our website.
11. Our details
11.1 This website is owned and operated by Advanced Payment Solutions Ltd (APS), with Cashplus as the trading name.
11.2 APS is registered in England and Wales under registration number 04947027, and our registered office is at 6th Floor, One London Wall, London EC2Y 5EB.
12. Data protection officer
12.1 Our data protection officer's contact details are: [email protected]. You can contact us to exercise any of your rights in relation to the processing of your data and on any matters that are covered by this policy generally.