1.1. We value your privacy. We want to be accountable and fair to you and transparent about how we collect and use your personal data.
1.2. This privacy notice tells you what to expect when we collect and use personal data about you. It applies to all users of our website www.hellopillar.com and the Pillar mobile app.
1.4. Any changes we make to this privacy notice will be posted on this page, and we will notify you by email if there are any significant changes.
1.5. This privacy notice applies only to the personal data that we collect in relation to our services only. Our website may contain links to and from third party websites. For example, we may link to and from the websites of lenders, credit reference agencies, our partners, advertisers or affiliates. We can’t be responsible for personal data that these third parties collect, store and use through their website without our involvement. You should always read the privacy notice of each website you visit carefully and before you submit any personal data to them.
2.1. We are Affinitech Limited. We own and operate the personalised financial essentials website, www.hellopillar.com, and the Pillar app. We provide a range of services to help you better understand and improve your financial situation and also provide a range of credit products.
2.2. Affinitech Limited is a company registered in England (No. 13637649). Our trading address and registered office address is Co-Foundry, 11-13 Cowgate, Peterborough, United Kingdom, PE1 1LZ.
2.3. Affinitech Limited is an Appointed Representative of CREATIVE FINANCE CORP LTD which is registered in England and Wales (Company Registration Number- 09463062). Creative Finance Corp Limited is authorised and regulated by the Financial Conduct Authority (Reference number: 702435) in respect of:
2.3.1. Credit broking
2.3.2. Providing credit information services
2.3.3. Consumer credit lending
2.4. Data protection law applies to our collection and use of personal data and Affinitech Limited is the controller of that personal data (ICO Registration Number ZB261170).
2.5. If you have any questions about this privacy notice, please contact us or email us at firstname.lastname@example.org. If you wish to contact our Data Protection Officer you can email them at email@example.com, or you can write to them at Affinitech Limited, Co-Foundry, 11-13 Cowgate, Peterborough, United Kingdom, PE1 1LZ.
2.6. Please note that our partner, Transact Payments Limited (“TPL”), is the issuer of your payment card and is the independent Data Controller for the personal data which you provide to us in relation to processing undertaken to enable you to use the card. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. TPL’s registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and its registered company number is 108217.
3.1. Personal data means any information about an individual from which that person can be identified. It does not include data where the person's identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you. In this privacy notice we’ve used the following definitions to refer to some of this data:
3.2. Account data includes:
3.2.1. the basic information you provide when you sign up to use our services (e.g. first name, last name, date of birth, postcode, address details, residential status, employment status, annual income, phone number, email address and password);
3.2.2. any additional ‘affordability information’ you give us (e.g. marital status, additional household income, monthly rent or mortgage cost, how many people depend on you financially, monthly cost of childcare and dependent support); and
3.2.3. any information you give us about your job (e.g. job title, industry and/or company name).
It’s vital that you keep your account data accurate and up to date, because inaccurate personal data will produce inaccurate results. You can update your information in the Pillar app, and we sometimes will give you a nudge to do so when you log in. If you’re not sure how to update your information, please contact us through the in-app chat functionality.
3.3. Credit report data means information about your credit file given to us by Experian, Equifax or TransUnion (see section 7.1 for more details).
3.4. Credit score data means information about your credit score given to us by Experian, Equifax or TransUnion (see section 7.1 for more details).
3.5. Financial account information - Account balance, overdraft or credit limit, incoming and outgoing transactions, including the amount, data and description of transaction (together, “Transaction Data”) as well as your Account number and sort code.
3.6. Technical and behavioural data means details of your visits to the website including the actual pages you visit, IP address (from which we may derive your location) and details of the resources that you access, as well as your interaction with messages (e.g. whether or not you have opened an email from us). We also capture information about your computer or device including, where available, your operating system and browser type.
3.7. We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We use different methods to collect data from and about you, including:
4.1. Direct interactions. You may give us your personal data by filling in forms or by corresponding with us. This includes personal data you provide when you:
4.1.1. sign up for a Pillar account;
4.1.2. contact us (for example by post, phone, email or via our website or app);
4.1.3. give us feedback; or
4.1.4. enter a competition, promotion or survey.
4.2. Credit reference agencies. The credit reference agencies that we work with will give us eligibility data, credit score data and credit report data.
4.3. Open Banking providers / Account Information Services Providers. We work with Consents Online, An Equifax Company in order for you to provide us with access to your account transaction information. As part of this process you directly provide the information (where prompted to) from your relevant financial provider which is providing access to your account. We may ask for you to instruct us to provide ongoing access to your transaction information. In such circumstances you will be asked every 90 days if you would like to continue sharing your information with the option to stop doing so.
5.1.1. All of our services are personalised to you. This means that we’ll analyse and profile your personal data to tailor the services we provide to you. This includes using the information that you have given us directly or that we have collected, such as account data, service-specific data or technical and behavioural data, and also information that we have obtained through third parties, such as your credit report data, credit score data, eligibility data, and product application data.
5.1.2. We’ll use your personal data to personalise the information we show you in your account and that we send to you by email or push notification.
5.1.3. For example, we’ll use your personal data to tailor:
22.214.171.124. The eligibility checks we do for you;
126.96.36.199. The information we show you about your free credit report and credit score;
188.8.131.52. whether or not we wish to offer you a Pillar credit card;
184.108.40.206. where you have agreed to receive marketing from us, the marketing material we send you.
5.1.4. Pillar will soft search you while your account is live, to provide you with updates and personalised information and offers. For example, Pillar and its partners will soft search your credit file with the credit reference agencies:
220.127.116.11. to create and update your free credit report, if you have one; and
18.104.22.168. to provide an indication about your eligibility for a Pillar Card.
5.1.5. See section 5.4 for more details about soft searches.
5.2.1. When you sign up for a Pillar account, we may ask Experian to carry out a soft search in order to understand your eligibility for a credit product provided by Pillar.
5.2.2. Some of these soft searches that we do will leave a ‘footprint’ on your credit file. For more information about soft searches and footprints, see section 5.4 below.
5.2.3. If you agree to apply for a Pillar credit card after the eligibility check, a hard search will be recorded with the Credit Reference Agencies (CRAs), which may be seen by other lenders. If you agree to the credit terms we offer, we will continue to exchange information about you with CRAs, whilst you have a relationship with us.
5.3.1. When you sign up for a Pillar account, we may use your account data to check whether Experian, Equifax and TransUnion are able to provide you with a free credit report and credit score. If we are going to do this check, we will make it clear to you in the sign-up terms that are shown to you before you create your account.
5.3.2. You will need to successfully pass an authentication process before we can show you your credit report and credit score. If you pass, Experian, Equifax and TransUnion will give us your credit report data and credit score data, and we will show this to you in your account.
5.3.3. We’ll ask the credit reference agencies for your updated credit report data and credit score data at least every month for as long as you have a live Pillar account. We reserve the right to suspend these monthly searches if your account is deemed as inactive.
5.3.4. We may also offer the feature to allow you to refresh your credit scores and report when you log-in to the app. If so, this feature will be accessible within the Pillar app and will allow you to be provided with an updated credit report and credit score.
5.3.5. We’ll use your credit report data and credit score data:
22.214.171.124. to provide you with your free credit report and credit score; and
5.3.6. For a summary of the different ways in which we use your credit report data and credit score data see section 6. Some of the credit report and credit score searches that we do will leave ‘footprints’ on your credit file. For more information about soft searches and footprints, see section section 5.4.
5.4.1. Some of our services involve soft searching your credit file. A soft search is like a quick peek at your credit file. Soft searches will not harm your credit rating or affect the way lenders see you, and are not visible to third parties on your credit report.
5.4.2. You (and only you) may see these soft searches as ‘footprints’ on your credit report in either our name or the name of one of the partners or credit reference agencies that we work with. Soft searches on your credit file will be given different markings, depending on their purpose, such as:
126.96.36.199. Anti-Money Laundering
188.8.131.52. Consumer Credit File Request
184.108.40.206. Identity Check
220.127.116.11. Quotation/Preliminary Search
5.4.3. You may see multiple footprints on your credit file because soft searches will be carried out:
18.104.22.168. when you first sign up for our services; and
22.214.171.124. in the background on a monthly basis to refresh your credit report and credit score (we reserve the right to suspend these monthly searches if your account is inactive).
5.5.1. If you agree to apply for a Pillar credit card after the eligibility check, a hard search will be recorded with the CRAs, which may be seen by other lenders. If you agree to the credit terms we offer, we will continue to exchange information about you with CRAs, whilst you have a relationship with us.
5.6.1. We’ll send you a welcome email when you sign up.
5.6.2. If you have a free credit report with us, we’ll send you messages as a reminder that we’ve retrieved your credit report and credit score data.
5.6.3. We may also send you ad hoc service emails from time to time (for example, to contact you about forgotten passwords or to notify you about changes to our services).
5.6.4. If push notifications are enabled on your device, we may send you service messages by push notification.
5.6.5. Retrieving your credit report and credit scores from the credit reference agencies are core elements of our account service. We want to make sure that you remember that we are getting this data about you each month, even if you don’t need to log into your account very often. Similarly, other service messages will contain important information about your account or our services.
5.6.6. Similarly, if you take out a Pillar credit we will be obliged to provide you with service information relating to your ongoing use of the product e.g. transaction notifications as well as statutory documents such as monthly statements.
5.6.7. Please be aware that you can’t unsubscribe from service messages. If you do not wish to receive service messages, you will need to close your Pillar account, which you can do within the Pillar app.
5.6.8. We’ll keep refreshing your credit report and credit score (and sending you service messages about them) until you close your Pillar account or we terminate or suspend your account (e.g. for misuse). We reserve the right to suspend these monthly searches if your account is inactive.
5.7.1. When you sign up for a Pillar account, you can choose not to receive marketing messages. You can also unsubscribe from receiving marketing communications at any time by:
126.96.36.199. updating your preferences from within your Pillar app; or
188.8.131.52. messaging us through our in app chat messaging service or emailing us at firstname.lastname@example.org; or
184.108.40.206. clicking the unsubscribe link in any marketing email from us; or
220.127.116.11. (for push notifications) updating your push notification preferences or settings.
5.7.2. If you have not opted out of marketing (or if you have otherwise consented to receiving marketing from us) we’ll use your personal data to send you tailored offers or information about our products and services that may be of interest to you. For example, we will use your personal data to provide a marketing communication to you when you may be eligible for a Pillar credit card.
5.7.3. We may occasionally have arrangements in place with third parties that have a direct relationship with you and they may send information to you about us and our services where they are legally permitted to do so.
5.8.1. We use technical and behavioural data:
18.104.22.168. for system administration;
22.214.171.124. to measure and analyse traffic to our website or app;
126.96.36.199. to enable us to analyse behaviour and trends on the website and app; and
188.8.131.52. to personalise marketing (for example, if you have not opened marketing emails in a while, we may start sending you less).
Meeting our legal and regulatory obligations
5.8.2. We and our third-party service providers are required to comply with certain legal and regulatory requirements including:
184.108.40.206. complying with our regulatory obligations to the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO); and
220.127.116.11. addressing enquiries or complaints from you or from a regulator.
5.8.3. We may process your personal data to comply with those requirements. For example, the Financial Conduct Authority requires us to provide extra support to consumers that are vulnerable. To help us do this, we may add a ‘vulnerable consumer’ flag to your customer service record, if we consider that you meet the Financial Conduct Authority’s criteria for vulnerability.
5.8.4. Occasionally, we may be asked to provide certain information to regulators or law enforcement agencies. We’ll comply with these requests where legally required or permitted.
5.8.5. Pillar and the third parties that we work with (e.g. credit reference agencies) will process and share your data for the purposes of fraud prevention.
8.1.1 All the information that you give us is stored on secure servers. The internet is not a secure medium, but we’ve put in place various security procedures to protect your information. We use firewalls to block unauthorised traffic to the servers. We host your information on Google’s Cloud Platform (GCP) which is secure and can only be accessed by ourselves. We use industry-standard encryption technology to ensure that all your personal and transactional information is encrypted before transmission to certain lenders or third-party service providers. Our security policies are in place to safeguard your privacy from unauthorised access or improper use. We’ll continue to enhance our security as and when new technology becomes available.
8.2.1. You’re responsible for keeping your Pillar account password confidential. We ask you not to share a password with anyone. From time to time, we or our service providers may communicate with you by email. You should keep your email account secure. Where possible, you should not provide us with any personal data that we’ve not asked for. If you’re unsure whether we need a certain piece of information, please ask us first before sending it to us.
8.3.1. We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. We may retain personal data where we need to for:
8.3.2. We’ll keep the archived data for no longer than six years following your account closure.
9.1. Data protection law provides you with a number of rights in relation to your personal data (which are summarised below). You can exercise these rights by contacting us via email on email@example.com
9.2. Subject to the requirements of applicable laws and certain limitations or exemption, you have the right to:
9.3. Access to your credit report and corrections
9.3.1. In addition to the rights listed above, you also have the right to obtain your statutory credit report free of charge from Experian. This report contains all the personal data Experian holds about you that is relevant to your financial standing. If you wish to find out how to exercise this right please visit: www.experian.co.uk/consumer/statutory-report
9.3.2. Should you wish to request access to all of the personal data Experian holds about you (not just your credit report) you have the right to do so (as noted above).
9.3.3. Experian wants to make sure that your personal information is accurate and up to date. However, please be aware that as a credit reference agency, much of the information Experian holds about you is received from lenders and banks. Experian is not able to automatically amend this information upon request. Experian must instead follow a set process of informing the relevant lender and seeking their clarity as to the validity of the data. While this process is undertaken, Experian will make a note on your file that a rectification request has been made. For more details on your rights please review the Experian Information Notice at www.experian.co.uk/legal/crain/
9.4. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK data protection regulator. More information can be found on the ICO website at ico.org.uk
10.1. If you have any questions about this privacy notice or our use of your personal data, please contact us through the in app messenger or via email us at firstname.lastname@example.org