1.1 When you apply for a product or service from us, you’ll be asked for personal information and data that is needed to process your application. We’ll take great care to protect your privacy.
1.2 In this policy we’ll provide details of how you can also help guard yourself against online fraud. We also set out, as data controller, how we’ll act in relation to your data and how we’ll use such data.
1.3 Web security is very important to us, so we take great care to protect you. Please see below for details of how you can also help to guard yourself against online fraud. We ask that you remember the following:
Keep yourself safe online:
- Never reveal your password to anyone or write it down
- Don’t use a password that could be easily guessed by someone else
- Change your password immediately if you suspect someone else could know it
- Log off when you have finished using any of our services
- Keep your devices updated with current anti-virus software, the latest browser versions and operating systems.
- Don’t send us any confidential account information by email or via social media
- Treat emails you receive with caution. Remember that we’ll never ask you to disclose your personal or account information to us by email
- We recommend you regularly visit the Financial Fraud Action website to keep up-to-date with tips to protect yourself from the latest scams
1.4 Your Username and Password
On registering a Cashplus Account with us, you’ll have a username and password which must be used to access certain restricted parts of our website. Your username and password are used by us to identify you, so they’re very important. You’re responsible for all information posted on our website by anyone using your username and password. Any breach of security of a username and password should be notified to us immediately.
1.5 Our system security
Our systems operate on 256-bit secure encryption. Look for the padlock symbol in your browser status bar. Encryption makes your information unreadable to anyone who might intercept it. In addition, Transport Layer Security (TLS) is used to connect your browser to our secure servers. A team of independent security experts regularly test our website. Your Online Servicing session will time out if you remain inactive for more than 15 minutes. Your Cashplus Account login will be locked out after multiple failed access attempts. You’ll need to contact us to unlock your account. We’ll verify your identity before disclosing confidential information over the phone or resetting any account details. Despite our best endeavours, we can’t always guarantee the website will be fault free and we don’t accept liability for any errors or omissions.
1.6 Transport Layer Security (TLS)
Transport Layer Security (TLS) is a commonly used method of managing the security of messages transmitted across the Internet and is used by us to connect your computer to our secure server. You can tell that TLS is in use if our website URL in the search bar starts with https:// and/or a lock icon is displayed within your browser. If you have problems getting to secure mode, install one of the latest browsers and try the website again.
1.7 Browser Use
Our website has been designed to work with a variety of the latest browsers across Mobile, Tablet and Desktop devices.
If you’re using an older browser such as Internet Explorer 10, you may have difficulty viewing webpages and not be able to apply for a card or access your account information. Your security could also be weakened. To make an application online, we recommend that you upgrade to the latest versions.
“Plug-ins” are additional software programs required by some websites to make them work properly. An example is Flash Player from Adobe. Our website doesn’t need any plug-ins to work effectively, however you’ll need a PDF reader such as Adobe Acrobat Reader to download certain documents, such as Terms and Conditions.
1.9 Network Protection
Most organisations have what is known as a "firewall” to protect their networks and their computers. A firewall is a secure server through which all communication passes and which protects the organisation’s computers from unauthorised access by filtering the information getting in and out. Depending on how the firewall is set up, access to another secure server may be denied.
It’s possible that due to the set-up of firewalls, certain networks may restrict access to our website.
Any additional cardholders and delegated authorities, previously agreed when you set up your account will have access, through your account, to relevant statement information including account balance information.
IMPORTANT: Additional Cardholders must have permission from the Primary Cardholder before downloading and using the Cashplus Mobile App.
1.11 Using the Cashplus Mobile App
You can use our Cashplus Mobile App to view and access your eligible Cashplus Accounts. Use of the Cashplus Mobile App is in accordance with these conditions and you’ll need to register to use the service.
You’ll be responsible for all instructions given by you or anyone acting with your authority whilst using the Cashplus Mobile App. Please note this includes any errors or instructions sent by someone other than yourself so please don’t leave your device unattended while you’re logged-in to the App.
We don’t charge you for using the Cashplus Mobile App but your mobile operator may charge for some services.
You must only use the Cashplus Mobile App for online account servicing and other intended uses. You must not copy, reproduce or attempt to alter it in any way.
To use the Cashplus Mobile App, small software files similar to Cookies will be stored on your mobile device. These files allow the Cashplus Mobile App to remember choices you make (such as your user name or the region you are in) and provide enhanced, more personal features. These files are used to store your registration information and your acceptance of Terms and Conditions. The information these files collect may be anonymised so they can’t track your browsing activity on other websites. The files are essential to enable you to move around and use the features of the Cashplus Mobile App.
In addition to the above, non-personal data may be collected by your mobile device or app store provider in accordance with their Terms and Conditions which apply to the use of your device and app store account.
The Cashplus Mobile App uses location-based services. Data about your location (i.e. GPS signals from your mobile device) or data that can be used to approximate your location, is used to provide features such as the ‘Store Locator’ and for the prevention of fraud and/or money laundering.
1.12 Cashplus Mobile App Service
We aim to ensure a complete service at all times, but the speed and availability of service can’t be guaranteed. The service may be interrupted due to our need to update or maintain our systems or those of third-parties who provide part of the service. In addition, the service may be affected by the network coverage available from your mobile service provider or maintenance and upgrades they perform that affect the availability of your mobile network.
The Cashplus Mobile App can be used all over the world but can only be downloaded if you have a UK App Store or Google Play Account. Just make sure you use a secure Wi-Fi connection and check with your network provider to ensure you don’t experience higher than usual roaming data charges for using the App abroad.
We reserve the right to withdraw the Cashplus Mobile App at any time.
1.13 Use of email and social media
Please note that ordinary email is not secure. Please don’t send us any confidential information via email or social media. We’ll only use email to send you non-sensitive account information, such as your account balance and transaction information or special offers. Marketing preferences can be managed via the Cashplus Mobile App and Online Servicing. We won’t use email to send other confidential information to you. We can’t accept any responsibility for the unauthorised access by a third party and/or the corruption of data being sent by individuals to Cashplus. It’s our policy that if any of our customers are victims of unauthorised access to their accounts, and provided that you’ve not breached our security procedures, acted fraudulently or without reasonable care, we may cover any direct financial loss which you may have suffered.
2. Your personal data
(i) Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
(ii) The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
(iii) Details of the personal information that will be processed are explained below and include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
(iv) We, along with, fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
(v) We process your personal data on the basis that either it is required for the performance of our contract with you or we have a legitimate interest in processing the data. Examples would be preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. More details on the legal bases used for processing can be found below.
(vi) Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
(vii) As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details below.
2.2 Source of data
We generally collect personal data from the following sources:
(i) Information that you provide to us or as set out below:
a) When you apply for our products and services
b) When you talk to us on the phone (including recorded calls), web chat, social media or other communication channel
c) In emails and letters
d) When you use our websites or the Cashplus Mobile App
e) When you take part in customer surveys, focus groups or feedback sessions
f) When you take part in prize draws or other special promotions
(ii) Third parties and external organisations:
a) Companies that introduce you to us
b) Card schemes or associations
c) Credit reference agencies
d) Comparison websites
e) Social networks
f) Fraud prevention agencies
g) Public information sources such as Companies House
h) Agents working on our behalf
i) Market researchers
j) Government and law enforcement agencies
k) Media outlets
2.3 The data that we may process
(i) The data that we may process includes the following:
a) Your Internet Protocol (IP) address, geographical location, login and browser details, operating system, information accessed and loaded, time spent and pages visited, technical information about your computer or mobile device.
b) Data in respect of the use and operation of your account. This data may include your account name, your name, email address and account number, profile pictures, gender, date of birth, relationship status, financial history, education details and employment details.
c) Your contact details, your card details and the transaction details.
d) Imagery, such as photo identification or photographs that you have provided to us.
e) Any documents sent to you by us, such as Proof of Address documents
2.4 The purposes for which we may process your personal data:
(i) We may process your personal data for the following purposes, to enable us to:
a) determine how you use the Cashplus Mobile App, Online Servicing, our website and social media pages also how you use our products and services. The legal basis for this processing is our legitimate business interests, namely so we can monitor the use and effectiveness of our products, services, the Cashplus Mobile App, Online Servicing along with our website and social media pages and communications.
b) provide products and services and manage the operation of your account. The legal basis for this processing is the performance of a contract between you and us and/or taking steps to enable us at your request, to enter into such a contract.
c) make enquiries and conduct investigations about the supply of purchased goods and services and keeping records of these transactions. The legal basis for this processing is because we have a legal obligation as well as our legitimate business interests namely to help us detect fraud and crimes generally, to enable us to comply with general regulatory requirements and to resolve any issues and queries that may arise.
d) perform the requirements that may arise with respect to credit agencies, fraud prevention agencies and for crime prevention generally. Cashplus may take decisions about your application and your account on the basis of automated checks via a credit scoring system which we will undertake from the credit agencies, fraud prevention agencies and internal Cashplus records. Where we use automated decision making, you have a right to appeal if your application is refused. You should also be aware that where we make these checks, credit and fraud prevention agencies may keep a record of them. The legal basis for this processing is our legal obligation to undertake reasonable steps to act prudently, prevent financial crime and fraud.
e) measure the effectiveness of our service and conduct customer surveys to enable us to improve our services, the effectiveness of the Cashplus Mobile App and the website. The legal basis for this processing is our legitimate business interests namely to enable us to provide you with services and improve the quality of the services generally.
f) where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure as well as where we have a legal requirement to process such data. The legal basis for this processing is we have a legal obligation, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
g) if you consent to receiving marketing information (for example, during the application process), we may process your personal data in order to contact you with details of products and services we think may be of interest to you. If you do not want us to share personal data or to receive such communications you can update your marketing preferences through our Online Servicing portal or through Customer Services.
h) if you consent to using our eligibility checking services we will use the information you provide, along with information provided by third parties, to check the likelihood of you being accepted for a product with us and give you an indication of this. The check will not affect your credit score. The legal basis for this processing will be consent.
i) we may process any recordings of calls made to us through speech-to-text conversion systems. This is done to allow processing of call transcripts in order to better prevent fraud and analysis in order to identify potentially vulnerable customers. The legal basis of this processing will be legal obligation. As this process could include any call it is possible that sensitive data may be included in this process. We have taken steps to adequately protect this data throughout the process. Our legal basis for processing of sensitive data under GDPR Art. 9 is reasons of substantial public interest, including preventing or detecting unlawful acts, regulatory requirements, preventing fraud and safeguarding of economic well-being of certain individuals.
2.5 Consequences of processing
(i) If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
(ii) A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
2.6 Personal data shared with others
(i) We may disclose your personal data where you have given your consent.
(ii) We may disclose your personal data to our insurers and/or professional advisers for insurance purposes, to enable us to manage claims and for any business transactions and enquiries that relate to your business generally.
(iii) We may also share your personal data with processors, agents and advisers who we use to help us run your accounts and services, prevent fraud and collect overdue payments or otherwise recover debt.
(iv) As indicated above it may be necessary to disclose your personal data to credit reference agencies ("CRAs"), fraud prevention agencies and companies providing fraud management services. The CRAs we use are:
- TransUnion (formerly Callcredit Information Group): https://www.transunion.co.uk/crain
- Equifax Limited: www.equifax.co.uk/crain
- Experian Limited: www.experian.co.uk/crain
We will also add to your records at the CRA details of:
- any agreement entered into with us
- the payments that you make under such agreements
- any default or failure by you to keep the terms of such agreements. CRAs will record the outstanding debt
- any failure by you to tell us about a change of address where a payment is overdue.
CRAs may supply this information to other organisations.
(iv) Financial transactions relating to your account may be disclosed to our payment services providers. We’ll share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
(v) In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we’re subject, to protect your vital interests or the vital interests of another natural person or to HM Revenue & Customs, regulators and other authorities.
(vi) Any information you provide in relation to the Cashplus Mobile App is disclosed to our third-party agents who act on our behalf. This is for operational reasons; to provide the Cashplus Mobile App to you.
(vii) We may disclose your personal data with organisations that introduce you to us, any organisations that you ask us to share your personal data with and with market researchers.
(viii) We may disclose your personal data to our creditors (in the case of insolvency) or potential transferees of our rights and obligations under any agreements you have entered into with us.
(ix) We may share data about your account including account number, expiration date and account status with other organisations using the Mastercard Automatic Biller Updater service.
(x) if taking part in the Coronavirus Business Interruption Loan Scheme your data will be shared with the Secretary of State for Business, Energy and Industrial Strategy. The data will be retained by them for 10 years) and may be used by them for:
- for analytical and administrative purposes;
- to contact the relevant Borrower in connection with the CBILS Scheme;
- to make enquiries about a Borrower’s application to CBILS;
- to take up references about the Borrower or its business;
- in order to evaluate the effectiveness of the Scheme;
- to give information relating to the relevant Borrower or Personal Guarantor and that Borrower’s business to any of the Secretary of State for BEIS, any of its agents and Auditors (including BBB, any affiliate of BBB and any of their advisers, agents or contractors) or to any other official involved in running or monitoring the CBILS Scheme
2.7 International transfers of your personal data
(i) We’ll only send your data outside of the European Economic Area (‘EEA’) to:
a) Follow your instructions
b) Comply with a legal duty
c) Work with our processors, agents and advisers who we use to help run your accounts and services
(ii) If we do transfer information to our agents or advisers outside of the EEA, we’ll make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
a) Transfer it to a non-EEA country that has received an Adequacy Decision by the EU, evidencing that their privacy laws give the same protection as the EEA.
b) Put in place a contract utilising the Standard Contractual Clauses (as created by the EU) with the recipient that means they must protect it to the same standards as the EEA, we will complete a due diligence process to ensure the Standard Contractual Clauses can be utilised effectively in the destination country, and if not will either add to them to mitigate the risk or use another method.
(iii) Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
2.8 Retaining and deleting personal data
(i) This Section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
(ii) Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
(iii) It’s our policy generally to retain your personal data for at least 5 years after our relationship with you ends although this may be extended where there are specific regulatory requirements to do so.
(iv) We maintain a Data Retention Policy which outlines the maximum retention period for all types of personal data within the business.
3.1 We may update this policy from time to time by publishing a new version on our website.
3.2 We may notify you of changes to this policy through the Online Servicing site on our website.
4. Your rights
4.1 Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
4.2 For more information or to exercise your data protection rights, please contact us using the contact details below.
4.3 You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.
5. About cookies
5.1 Cookies Policy
A cookie is a text-only string of data, which often includes a random unique identifier that is sent to your computer or mobile phone browser from a website and is stored on your device. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
If cookies are enabled during the course of any visit to our websites, the pages you see, along with a cookie, are stored to your device. On a repeat visit the Cashplus website may check to see, and find, any cookie left there on the last visit to enable us to present personalised features. Cashplus might also look at IP addresses to add general information about the country, city or region in which you’re located, along with your domain (e.g. what internet service provider you use).
Cookies cannot be used by themselves to personally identify you. They can be used for marketing purposes, to create a profile of your engagement with Cashplus websites and if you’ve already given some personal details, to track your activity on our websites.
The exception to this is within Online Servicing and our Online Application site - where we must securely identify you and track your usage to protect your account. However, the cookies themselves don’t contain any personal or identifiable information.
5.2 We use the following cookies on our websites:
These are temporary cookies that remain in the cookie file of your browser until you close the browser. They enable information to be maintained across pages of our site pursuant to providing you with a better experience.
These cookies can’t personally identify you and they’ll expire when you close down your browser.
These remain in the cookie file of your browser for much longer (though how long will depend on the life time of that specific cookie). These cookies help Cashplus recognise you as a unique visitor (just a randomly generated number) when you return to our website and to allow us to tailor content or advertisements to match your preferred interests or to avoid showing you the same adverts repeatedly.
On some of our sites, as with session cookies, they also enable information to be maintained across pages of our site and avoid you having to re-enter information.
Google Analytics cookies collect and store information on how visitors are interacting with our website. For example, what webpages are visited most often, how long for, and what device you use to visit these pages.
We use these cookies to ensure areas of our website are working correctly and that we’re providing users with relevant information. No identifiable information can be stored in or obtained from these cookies.
Learn more about Google Analytics Cookies and Privacy
Google sets a cookie on your browser that anonymously captures your interests allowing their advertising partners to present products and services on their websites that are relevant to you. Google are in full control of these cookies.
You can change your Google Ad-Preferences or find out more about Google Ad-Preferences by visiting: www.google.com/ads/preferences/
Amazon Ad tracking
Amazon pixels collect and store information on visitors who have interacted with our website after clicking on an advert on Amazon. The code will place an anonymous cookie on your browser, which will only be used for tracking which clicks converted to applications. Cookies are collected anonymously, under a privacy safe domain "amazon-adsystem" and do not comingle with Amazon's retail data. You can find out more at https://www.amazon.co.uk/gp/help/customer/display.html?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&nodeId=201149560.
Cashplus also uses third-party remarketing tracking cookies, including the Google Adwords tracking cookie. By placing cookies in your web browser, we are able to display adverts to you across the internet, such as on the Google Content Network (GCN) or Equifax Digital Hub, based on past visits to our website. This allows us to make special offers and continue to market our services to those who have shown interest. No identifiable information is collected through Google’s or any other third-party remarketing system that we use.
Cookies served by Equifax are held on our website. Equifax is a consumer credit reporting agency. These cookies will be used to serve adverts to visitors based upon the websites they’ve been to previously. Click here for more information about Equifax and how to disable this cookie
Third Party Cookies
Additional authorised Third Parties serve cookies via our sites, under our direct control. These are used for the following purpose:
To compile anonymous, aggregated statistics that allow us to understand how visitors use our site and to help us improve the structure of our website. We can’t identify you personally in this way.
5.3 Control cookie settings
Most browsers will have a default ‘medium’ cookie setting, allowing 1st party cookies but blocking 3rd party cookies. You can change your cookie settings, and remove specific cookies, via your browser through the following paths:
- Internet Explorer: Tools > Internet Options > Privacy
- Firefox: Tools > Options > Privacy
- Google Chrome: Settings > Privacy > Content Settings
5.5 Blocking all cookies will have a negative impact upon the usability of many websites.
5.6 If you block cookies, you'll not be able to use all the features on our website.
6. Our details
6.1 This website is owned and operated by Advanced Payment Solutions Ltd (APS), with Cashplus as the trading name.
6.2 APS is registered in England and Wales under registration number 04947027, and our registered office is at 6th Floor, One London Wall, London EC2Y 5EB. Please note that this is a registered address only and that Cashplus doesn't conduct any business from this location.
7. Data protection officer
7.1 Our data protection officer's contact details are: [email protected]. You can contact us to exercise any of your rights in relation to the processing of your data and on any matters that are covered by this policy generally.
Terms and Conditions apply, including applicants being resident in the UK & aged 18+ and, if relevant, businesses being based in the UK. For full website terms including information on Cashplus, Mastercard and use of Trademarks, please see our full legal disclosures at https://www.cashplus.com/legal/. **Credit facilities are provided by Advanced Payment Solutions Ltd (APS) and are subject to the AFL Cashplus e-money account being in good standing and applicants aged 18+. APS is authorised and regulated by the Financial Conduct Authority for consumer credit activities (Registration No. 671140). ♦Calls to 03 numbers cost no more than a national rate call to a 01 or 02 number and will count towards inclusive minutes in the same way as 01 and 02 calls. Calls may be recorded.