ekko Privacy notice
Enviroconomy Ltd (referred to as “ekko”, “we”, “us” or “our” in this notice) respects your privacy and is committed to protecting your personal data. This privacy notice explains what personal data we collect, what we do with it, who we share it with, how long we keep it for and what legal rights you have.
- The personal data we hold about you
Your identity and contact data
This includes personal information about you (for example your name, date of birth, residential address, nationality, passport number) and your contact details.
In most cases the information is provided by you during the set up and management of ekko services, in the form of identity documents, your selfie and any other personal data you have shared with us. In some cases, it may be provided by a third party where you have given your consent for them to share it with us.
We may be provided with additional identity and contact data by third parties that we use to perform due diligence (for example, fraud prevention agencies). In addition, we may source identity and contact data from publicly available sources such as Companies House and Electoral Registers.
Banking and service data
This is information about your ekko account, related debit cards and any other products and services that you have obtained from us. It includes things like bank account numbers, account balances and information about transactions. The information is generated as you use our services and in some cases, it is shared with us by the organisations we use to provide our banking services.
Where you have linked your ekko account to one of our partner services we may hold banking data for these services. This will only be when you have provided your consent for us to do so.
Information you permit us to access on your phone
This is information stored on your phone that you explicitly permit us to access (for example, your address book, photos and geolocation data).
This is information about the phone you use (for example the browser version, time zone settings, phone operating system, IMEI number, IP address and other technical settings). This information is collected automatically when you use the ekko app.
Special category data
This is information that is considered more sensitive by regulators and includes your race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health and sexual orientation. With the exception of the selfie and photo ID that you provide so we can verify your identity, we do not process this category of data. However, it is possible that we may hold special category data when it is included on documentation that you have given us (for example your ID document). When this is the case, we will only process this information in strict accordance with the law.
- What do we do with your personal data
We only use your personal data in order to provide great banking services and where there is a lawful basis to do so.
To fulfil our contract with you, we will use your personal data to:
Administer and provide our banking and other related services (for example, account top-ups, payments, direct debits, standing orders and international transfers, as well as additional account benefit services).
To develop and provide a high-quality user experience through the ekko app.
To fulfil our legal obligations we will use your personal data to:
Verify your identity when you apply for a ekko account.
Check applications against certain fraud prevention and sanctions databases.
Implement measures to identify and prevent financial crime (for example, money laundering, fraud and terrorist financing).
To make responsible lending decisions.
We utilise the latest technology to make automated decisions for the verification of identities and the identification of financial crime. If you are rejected or negatively affected on the basis of an automated decision or automated profiling, you will be notified about this and you have the right to appeal.
It is in our legitimate interests to use your personal data to:
Keep you informed of the status of the ekko services you use.
Provide a world class customer service experience.
Check applications against certain fraud prevention databases.
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, in order to protect our business and to comply with the laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you.
As part of this processing of your personal data, decisions may be made by automated means. If you are rejected or negatively affected on the basis of an automated decision or automated profiling, you will be notified about this and you have the right to appeal.
Where it is necessary for our legitimate interests, we will use your personal data to:
- Undertake analysis on our customers to better understand how to improve our products and services. This may involve us processing your data or working with third parties (in which case we will not directly identify you or any other customers) to help better profile our customers and improve how we market our products. We will ensure that appropriate safeguards are put in place with such third parties so that your data is kept secure. See below for more information about processing by third party advertising partners for ekko analytics purposes.
With your consent, we will use your personal data to:
- Invite you to participate in market research activities (such as focus groups, interviews and surveys).
- Provide you with information about third party products and services that we think you may like.
- Market our products.
- Operate our Hub (where you may choose to take advantage of a wide range of our partners’ products and services).
You may withdraw your consent to receive marketing messages at any time by setting your preferences in the ekko app settings, or by following the opt-out link contained in marketing emails.
- Who we share your personal data with
We will share your personal data with organisations and partners that enable the ekko services you use. This includes:
Group companies, affiliates and branches of Enviroconomy Limited.
Organisations that help us to verify your identity.
Organisations that help us to provide our banking service. This includes:
Prepay service providers.
PrePay Solutions (PPS) which is a separate independent Data Controller in relation to data processed in connection with your ekko card and all necessary activities relating to the operation of the ekko card including: allowing you to receive, activate and use your ekko card; making and receiving payment transactions, meeting legal requirements regarding your ekko account and ekko card; answering your requests and providing information to you. The PPS privacy notice is available on its website: https://www.pps.edenred.com/pages/privacy.
Payment service providers and technical and non-technical processors.
The providers of our IT and cyber security services.
Organisations that provide our customer service tools.
Any organisations that enable the ekko services that you use.
To fulfil our legal obligations, we may share your personal data with:
Government and law enforcements agencies the in the pursuit of financial crime prevention and in the fight against terrorism.
Fraud prevention agencies and providers of due diligence services.
Any organisation that we are legally required to do so.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Where you have provided your consent, we may share your personal data with:
Organisations that provide marketing and advertising services. Organisations that provide services in the ekko app. Anyone you give us explicit permission to do so. To provide a truly borderless banking service we partner with and use service providers that are based outside the European Economic Area. We will only partner with organisations that meet the EU Commission’s data privacy requirements and where a contractual agreement is in place to protect our customers’ personal data in accordance with the EU GDPR requirements.
In all cases, we will only share the personal data that is absolutely necessary to provide our services, fulfil our obligations to you and to fulfil any legal or regulatory requirements.
Processing by third party advertising partners for ekko’s analytics purposes
Our third party advertising partners will process your data (which will not directly identify you or any other customers) in order to provide advertising related services for us such as marketing analytics and marketing and performance optimisation but also for their own additional purposes. The table below provides a link to each partner’s privacy notice in case you want to learn more about what they do with your data.
How to opt out of processing by third party advertising partners You can opt-out of ads tracking by adjusting your device settings. Do this by going into your phone’s device settings and opting out from there.
If you are on iOS, go to Settings > Privacy > Tracking and move the toggle to switch off.
If you are on Android, go to settings > Google > Ads > Opt out of ads personalisation and switch off by tapping the toggle on your screen to grey/off.
- How long we keep your personal data
We hold our customers’ personal data for six years following the ending of our business relationship unless:
The law requires us to hold your personal information for a longer period, or delete it sooner. You exercise your right to have your personal data erased from our systems (where it applies). We have a legitimate reason to keep it (for example, helping us to respond to queries or complaints, to show that we have given you fair treatment, in the fight against financial crime). Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
- Your rights
Your rights under the EU General Data Protection Regulation (GDPR) include:
The right to access personal data we hold about you
You may request access to all the personal data we hold about you. This is known as a ‘subject access request’.
The right to have your personal data erased from our systems
You may request that we delete some or all of the personal data that we hold about you. This may not always be possible, as we are required by law to keep some information.
Other rights provided by the GDPR
If you believe that any of the personal data we hold about you is inaccurate, you have the right to have it updated (for example, you may wish to update your personal or contact details).
You may object to, or request that we restrict the processing of your personal data (for example, you may withdraw your consent for marketing at any time).
You may ask that we provide a copy of your personal data in a structured, commonly used and machine-readable format. You can request that we provide this to you directly, or that we transfer the data to third party of your choosing.
Where we have used technology to make an automated decision, or to evaluate your suitability for a ekko service, you have the right to challenge the decision directly with a member of our customer service team.
To exercise any of these rights, simply submit a request to the customer service team by emailing firstname.lastname@example.org. We will aim to fulfil all requests within one calendar month.
- Making a complaint
If you are unhappy about our management or use of your personal data you are entitled to make a complaint. We would prefer that complaints are emailed to email@example.com.
If we fail to resolve your complaint to your satisfaction, you may pursue your complaint via the Information Commissioner’s Office. Details of how to do so can be found at https://ico.org.uk/make-a-complaint/
If you have any questions or would like to know more, don’t hesitate to contact our Data Protection Officer at firstname.lastname@example.org, or write to us at Kemp House 160 City Road, London EC1V 2NX.