Privacy Policy

Affinitech Limited (Pillar): Read our privacy policy to know more about how we handle your data.

1. Introduction

1.1.     We value your privacy. We want to be accountable and fair to you and transparent about how we collect and use your personal data.

1.2.     This privacy notice tells you what to expect when we collect and use personal data about you. It applies to all users of our website www.hellopillar.com and the Pillar mobile app.

1.3.     You should also read our Terms of Use and Cookie Policy carefully before you decide to use our services.

1.4.     Any changes we make to this privacy notice will be posted on this page, and we will notify you by email if there are any significant changes.

1.5.     This privacy notice applies only to the personal data that we collect in relation to our services only. Our website may contain links to and from third party websites. For example, we may link to and from the websites of lenders, credit reference agencies, our partners, advertisers or affiliates. We can’t be responsible for personal data that these third parties collect, store and use through their website without our involvement. You should always read the privacy notice of each website you visit carefully and before you submit any personal data to them.

2. Who we are

2.1.     We are Affinitech Limited. We own and operate the personalised financial essentials website, www.hellopillar.com, and the Pillar app. We provide a range of services to help you better understand and improve your financial situation and also provide a range of credit products.

2.2.     Affinitech Limited is a company registered in England (No. 13637649). Our trading address and registered office address is Co-Foundry, 11-13 Cowgate, Peterborough, United Kingdom, PE1 1LZ.

2.3.     Affinitech Limited is an Appointed Representative of CREATIVE FINANCE CORP LTD which is registered in England and Wales (Company Registration Number- 09463062). Creative Finance Corp Limited is authorised and regulated by the Financial Conduct Authority (Reference number: 702435) in respect of:
     2.3.1.     Credit broking
     2.3.2.     Providing credit information services
     2.3.3.     Consumer credit lending

2.4.     Data protection law applies to our collection and use of personal data and Affinitech Limited is the controller of that personal data (ICO Registration Number ZB261170).

2.5.     If you have any questions about this privacy notice, please contact us or email us at help@hellopillar.com. If you wish to contact our Data Protection Officer you can email them at dpo@hellopillar.com, or you can write to them at Affinitech Limited, Co-Foundry, 11-13 Cowgate, Peterborough, United Kingdom, PE1 1LZ.

2.6.     Please note that our partner, Transact Payments Limited (“TPL”), is the issuer of your payment card and is the independent Data Controller for the personal data which you provide to us in relation to processing undertaken to enable you to use the card. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. TPL’s registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and its registered company number is 108217.

2.7.     When you apply for a Pillar card, you agree to TPL’s Cardholder Terms and Conditions and Privacy Policy which are provided to you when you sign up for a card. We encourage you to read the TPL Privacy Policy.

3. What data we collect about you

3.1.     Personal data means any information about an individual from which that person can be identified. It does not include data where the person's identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you. In this privacy notice we’ve used the following definitions to refer to some of this data:

3.2.     Account data includes:

     3.2.1.     the basic information you provide when you sign up to use our services (e.g. first name, last name, date of birth, postcode, address details, residential status, employment status, annual income, phone number, email address and password);

     3.2.2.     any additional ‘affordability information’ you give us (e.g. marital status, additional household income, monthly rent or mortgage cost, how many people depend on you financially, monthly cost of childcare and dependent support); and

     3.2.3.     any information you give us about your job (e.g. job title, industry and/or company name).

It’s vital that you keep your account data accurate and up to date, because inaccurate personal data will produce inaccurate results. You can update your information in the Pillar app, and we sometimes will give you a nudge to do so when you log in. If you’re not sure how to update your information, please contact us through the in-app chat functionality.

3.3.     Credit report data means information about your credit file given to us by Experian, Equifax or TransUnion (see section 7.1 for more details).

3.4.     Credit score data means information about your credit score given to us by Experian, Equifax or TransUnion (see section 7.1 for more details).

3.5.     Financial account information - Account balance, overdraft or credit limit, incoming and outgoing transactions, including the amount, data and description of transaction (together, “Transaction Data”) as well as your Account number and sort code.

3.6.     Technical and behavioural data means details of your visits to the website including the actual pages you visit, IP address (from which we may derive your location) and details of the resources that you access, as well as your interaction with messages (e.g. whether or not you have opened an email from us). We also capture information about your computer or device including, where available, your operating system and browser type.

3.7.     We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

4. How we collect your data

We use different methods to collect data from and about you, including:

4.1.     Direct interactions. You may give us your personal data by filling in forms or by corresponding with us. This includes personal data you provide when you:
     4.1.1. 
    sign up for a Pillar account;
     4.1.2. 
    contact us (for example by post, phone, email or via our website or app);
     4.1.3. 
    give us feedback; or
     4.1.4.
     enter a competition, promotion or survey.

4.2.     Credit reference agencies. The credit reference agencies that we work with will give us eligibility data, credit score data and credit report data.

4.3.     Open Banking providers / Account Information Services Providers. We work with Consents Online, An Equifax Company in order for you to provide us with access to your account transaction information. As part of this process you directly provide the information (where prompted to) from your relevant financial provider which is providing access to your account. We may ask for you to instruct us to provide ongoing access to your transaction information. In such circumstances you will be asked every 90 days if you would like to continue sharing your information with the option to stop doing so.

4.4.     Automated technologies or interactions. We’ll automatically collect technical and behavioural data as you interact with our website or app. For example, we use cookies and other similar technologies (e.g. pixels) to tell us which area of the website you have visited and which products you have clicked out on. For more information on how we use Cookies and similar technologies, please read our Cookie Policy.

5. How we use your data

5.1. Personalisation

5.1.1.     All of our services are personalised to you. This means that we’ll analyse and profile your personal data to tailor the services we provide to you. This includes using the information that you have given us directly or that we have collected, such as account data, service-specific data or technical and behavioural data, and also information that we have obtained through third parties, such as your credit report data, credit score data, eligibility data, and product application data.

5.1.2.     We’ll use your personal data to personalise the information we show you in your account and that we send to you by email or push notification.

5.1.3.     For example, we’ll use your personal data to tailor:
     5.1.3.1.      The eligibility checks we do for you;
     5.1.3.2.     The information we show you about your free credit report and credit score;
     5.1.3.3.     whether or not we wish to offer you a Pillar credit card;
     5.1.3.4.     where you have agreed to receive marketing from us, the marketing material we send you.

5.1.4.      Pillar will soft search you while your account is live, to provide you with updates and personalised information and offers. For example, Pillar and its partners will soft search your credit file with the credit reference agencies:
     5.1.4.1.     to create and update your free credit report, if you have one; and
     5.1.4.2.    to provide an indication about your eligibility for a Pillar Card.

5.1.5.     See section 5.4 for more details about soft searches.

5.2. Pillar credit cards

5.2.1.     When you sign up for a Pillar account, we may ask Experian to carry out a soft search in order to understand your eligibility for a credit product provided by Pillar.

5.2.2.     Some of these soft searches that we do will leave a ‘footprint’ on your credit file. For more information about soft searches and footprints, see section 5.4 below.

5.2.3.     If you agree to apply for a Pillar credit card after the eligibility check, a hard search will be recorded with the Credit Reference Agencies (CRAs), which may be seen by other lenders. If you agree to the credit terms we offer, we will continue to exchange information about you with CRAs, whilst you have a relationship with us.

5.3. Your credit score and credit report

5.3.1.     When you sign up for a Pillar account, we may use your account data to check whether Experian, Equifax and TransUnion are able to provide you with a free credit report and credit score.

5.3.2.     You will need to successfully pass an authentication process before we can show you your credit report and credit score. If you pass, Experian, Equifax and TransUnion will give us your credit report data and credit score data, and we will show this to you in your account.

5.3.3.     We’ll ask the credit reference agencies for your updated credit report data and credit score data at least every month for as long as you have a live Pillar account. We reserve the right to suspend these monthly searches if your account is deemed as inactive.

5.3.4.     We may also offer the feature to allow you to refresh your credit scores and report when you log-in to the app. If so, this feature will be accessible within the Pillar app and will allow you to be provided with an updated credit report and credit score.

5.3.5.     We’ll use your credit report data and credit score data:
     5.3.5.1.     to provide you with your free credit report and credit score; and
     5.3.5.2.     to make our service better and more personalised to you, as explained in this privacy policy.

5.3.6.     For a summary of the different ways in which we use your credit report data and credit score data see section 6. Some of the credit report and credit score searches that we do will leave ‘footprints’ on your credit file. For more information about soft searches and footprints, see section section 5.4.

5.4. Soft searches and ‘footprints’ on your credit report

5.4.1.    Some of our services involve soft searching your credit file. A soft search is like a quick peek at your credit file. Soft searches will not harm your credit rating or affect the way lenders see you, and are not visible to third parties on your credit report.

5.4.2.     You (and only you) may see these soft searches as ‘footprints’ on your credit report in either our name or the name of one of the partners or credit reference agencies that we work with. Soft searches on your credit file will be given different markings, depending on their purpose, such as:
     5.4.2.1. 
    Affordability
     5.4.2.2. 
    Anti-Money Laundering
     5.4.2.3. 
    Consumer Credit File Request
     5.4.2.4. 
    Identity Check
     5.4.2.5.
     Quotation/Preliminary Search

5.4.3.     You may see multiple footprints on your credit file because soft searches will be carried out:
     5.4.3.1. 
    when you first sign up for our services; and
     5.4.3.2. 
    in the background on a monthly basis to refresh your credit report and credit score (we reserve the right to suspend these monthly searches if your account is inactive).

5.5. Hard searches on your credit report

5.5.1.     If you agree to apply for a Pillar credit card after the eligibility check, a hard search will be recorded with the CRAs, which may be seen by other lenders. If you agree to the credit terms we offer, we will continue to exchange information about you with CRAs, whilst you have a relationship with us.

5.6. Keeping in touch

Service messages

5.6.1.     We’ll send you a welcome email when you sign up.

5.6.2.     If you have a free credit report with us, we’ll send you messages as a reminder that we’ve retrieved your credit report and credit score data.

5.6.3.     We may also send you ad hoc service emails from time to time (for example, to contact you about forgotten passwords or to notify you about changes to our services).

5.6.4.     If push notifications are enabled on your device, we may send you service messages by push notification.

5.6.5.     Retrieving your credit report and credit scores from the credit reference agencies are core elements of our account service. We want to make sure that you remember that we are getting this data about you each month, even if you don’t need to log into your account very often. Similarly, other service messages will contain important information about your account or our services.

5.6.6.     Similarly, if you take out a Pillar credit we will be obliged to provide you with service information relating to your ongoing use of the product e.g. transaction notifications as well as statutory documents such as monthly statements.

5.6.7.     Please be aware that you can’t unsubscribe from service messages. If you do not wish to receive service messages, you will need to close your Pillar account, which you can do within the Pillar app.

5.6.8.     We’ll keep refreshing your credit report and credit score (and sending you service messages about them) until you close your Pillar account or we terminate or suspend your account (e.g. for misuse). We reserve the right to suspend these monthly searches if your account is inactive.

5.7. Marketing

5.7.1.     When you sign up for a Pillar account, you can choose not to receive marketing messages. You can also unsubscribe from receiving marketing communications at any time by:
     5.7.1.1.     updating your preferences from within your Pillar app; or
     5.7.1.2.     messaging us through our in app chat messaging service or emailing us at help@hellopillar.com; or
     5.7.1.3.     clicking the unsubscribe link in any marketing email from us; or
     5.7.1.4.     (for push notifications) updating your push notification preferences or settings.

5.7.2.     If you have not opted out of marketing (or if you have otherwise consented to receiving marketing from us) we’ll use your personal data to send you tailored offers or information about our products and services that may be of interest to you. For example, we will use your personal data to provide a marketing communication to you when you may be eligible for a Pillar credit card.

5.7.3.     We may occasionally have arrangements in place with third parties that have a direct relationship with you and they may send information to you about us and our services where they are legally permitted to do so.

5.8. Website, app and message analytics

5.8.1.     We use technical and behavioural data:
     5.8.1.1.     for system administration;
     5.8.1.2.     to measure and analyse traffic to our website or app;
     5.8.1.3.     to enable us to analyse behaviour and trends on the website and app; and
     5.8.1.4.     to personalise marketing (for example, if you have not opened marketing emails in a while, we may start sending you less).

Meeting our legal and regulatory obligations

5.8.2.     We and our third-party service providers are required to comply with certain legal and regulatory requirements including:
     5.8.2.1.     complying with our regulatory obligations to the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO); and
     5.8.2.2.     addressing enquiries or complaints from you or from a regulator.

5.8.3.     We may process your personal data to comply with those requirements. For example, the Financial Conduct Authority requires us to provide extra support to consumers that are vulnerable. To help us do this, we may add a ‘vulnerable consumer’ flag to your customer service record, if we consider that you meet the Financial Conduct Authority’s criteria for vulnerability.

5.8.4.     Occasionally, we may be asked to provide certain information to regulators or law enforcement agencies. We’ll comply with these requests where legally required or permitted.

Fraud Prevention

5.8.5.     Pillar and the third parties that we work with (e.g. credit reference agencies) will process and share your data for the purposes of fraud prevention.

6. Our legal process for processing your personal data

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To provide you with your credit score and free credit report as well as a Pillar credit card Account data
Credit report data
Credit score data
Legitimate interest (When you sign up for a Pillar account and we use your account data to check whether the CRAs are able to provide you with a free credit report and credit score)
Performance of a contract with you (when we retrieve your credit report data and credit score data)
To verify your identity and request access to your Transaction Data from your bank or other financial provider.

This will include:

verifying the information you provide with the Credit Reference Information Equifax already hold about you;
disclosing the information to your nominated banking provider, so they can confirm your identity and grant access to your Transaction Data; and
conducting any additional verification checks.
Account data
Transaction data
Account Number and Sort Code
We are required by law to ensure your identity prior to providing services

It is in our legitimate interest to take reasonable steps to help verify your identity.
To send you service messages Account data
Credit report data
Credit score data
Product application data
Service-specific data
Performance of a contract with you
To send you marketing messages or to include or exclude you from targeted advertising Account data
Eligibility data
Credit report data
Credit score data
Marketing data
Technical and behavioural data
Necessary for our legitimate interests (to promote our products and services)
Consent (e.g. where you give opt-in consent to receive email marketing from us or when you opt in to marketing using the preference centre)
Correspondence with you Account data
Product application data
Marketing data
Technical and behavioural data
Any additional personal data that you provide as part of your correspondence
Necessary for our legitimate interests (to ensure customer satisfaction and to answer queries about the service, to monitor trends in queries to improve the services)
To meet legal or regulatory requirements Account data
Credit report data
Credit score data
Eligibility data
Marketing data
Service-specific data
Product application data
Technical and behavioural data
Compliance with a legal or regulatory requirement to which we are subject to comply with
To assist the wider industry with fraud prevention Account data
Product application data
Technical and behavioural data
Necessary for our legitimate interests (as a company working in the financial services industry)
To carry out research and development and business insight Account data
Eligibility data
Credit report data
Credit score data
Marketing data
Product application data
Technical and behavioural data
Transaction data
Service-specific data
Necessary for our legitimate interests (to help us understand our customers, to improve our products and services and to inform our marketing strategy)

7. How we share your personal data with others

7.1.     Credit Reference Agencies

     7.1.1.     In order to process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). We may also carry out further periodic searches at CRAs to allow us to manage your account with us.
     7.1.2. 
    To do this, we will supply your personal information to CRAs. This will include your name, date of birth and residential address. It may also include additional information such as your salary, previous residential addresses and other information you provide as part of your credit application.
     7.1.3.
     The CRAs will match this information to the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history.
     7.1.4. 
    CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, e.g fraud and money laundering;
  • Manage your account(s);
  • Trace and recover any debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.

     7.1.5.     We will continue to exchange information about you with CRA’s while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
     7.1.6.
     We will also provide with the CRAs with information relating to the private rental payments you make each month, you should be aware that these transactions can adversely affect your credit history.
     7.1.7.
     When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
     7.1.8.
     If you are making a joint application, or tell us that you have a spouse (or a financial associate), we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as your spouse (or financial associate) successfully files for a disassociation with the CRAs to break the link.
     7.1.9.
     The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail through the following links:

  • Experian - www.experian.co.uk/legal/crain/
  • TransUnion - www.transunion.co.uk/CRAIN
  • Equifax - www.equifax.co.uk/crain

     7.1.10.     Experian, Equifax and TransUnion’s Privacy Policies can be found through the following links: 

  • Experian - www.experian.co.uk/consumer/privacy.html
  • Equifax - www.equifax.co.uk/public-sector/en_gb
  • TransUnion - www.transunion.co.uk/legal/privacy-centre

     7.1.11.     In addition, we will share information with Equifax’s group company, Consents Online Limited as part of our process of verifying your identity as well as you sharing your Transaction Information with us. Consents Online’s Privacy Policy can be found here: consents.online/Privacy

7.2.     We also operate Pillar’s credit monitoring service (“Pillar Monitor”) in conjunction with the UK credit reference agencies Experian, Equifax and TransUnion (“CRAs”).
     7.2.1. 
    By submitting your details to us, you are consenting to them being passed to the credit reference agencies and to us letting you know every time your Credit Score or report data has been updated.
     7.2.2.
     The CRAs may share the information they collect from us with fraud prevention agencies, including Cifas, who will use it to prevent fraud and money-laundering and to verify your identity. Law enforcement agencies may access and use this information.
     7.2.3.
     If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by the CRAs can be obtained in their privacy policies, found in section 7.1.10. Within the policies will be information on how to contact the CRAs for further information.
     7.2.4.
     The CRAs may access and use the information recorded by fraud prevention agencies from other countries.
     7.2.5.
     More information about your rights in relation to the personal data the CRAs hold and how your details will be used by the CRAs can be found in their Privacy Policies in 7.1.10.

7.3.     The information regarding your rental payments and track record as a tenant, will be shared with the CRAs. The CRAs will add this information to the credit reference data it holds about you and use it as a controller, in accordance with their privacy policies (7.1.10) including to assist organisations to:
     7.3.1.
     assess and manage any new tenancy agreements you may enter into;
     7.3.2.
     assess your financial standing to provide you with suitable products and services;
     7.3.3.
     manage any accounts that you may already hold, for example reviewing suitable products or adjusting your product in light of your current circumstances;
     7.3.4. 
    contact you in relation to any accounts you may have and recovering debts that you may owe;
     7.3.5.
     verifying your identity, age and address, to help other organisations make decisions about the services they offer;
     7.3.6.
     help to prevent crime, fraud and money laundering;
     7.3.7. 
    screen marketing offers to make sure they are appropriate to your circumstances;
     7.3.8. 
    plus, for the CRAs to undertake statistical analysis, analytics and profiling and,
     7.3.9.
     to conduct system and product testing and database processing activities, such as data loading, data matching and data linkage.

7.4.     If you would like to see more information on these, and to understand how the credit reference agencies each use and share rental data as bureau data (including the legitimate interests each pursues) this information is provided in the CRAs’ Credit Reference Agency Information Notice “CRAIN” notices here:

  • Experian - www.experian.co.uk/legal/crain/ 
  • TransUnion - www.transunion.co.uk/CRAIN
  • Equifax - www.equifax.co.uk/crain

7.5.     Please note, you are eligible for the Rent Reporting feature if your name is on the tenancy agreement and you pay rent to the person who owns the property directly or you pay an agent on their behalf. Rent Reporting means we will report your rental payments to the credit reference agencies.

7.6.     If you pay a housemate and they pay on your behalf or you pay in another way, like in cash, then sadly we cannot recognise these payments yet. We need to see a pattern of payments for you to get the benefit, so we may wait until we see six consistent payments before we report them but once you have reached that mark then you will get the benefit for every payment.

7.7.     We will consider you to be making consistent payments if you pay a rental amount, to the same payee on your rent payment date. If your tenancy changes in any way, you can update these details with us and we will update the CRAs regarding this so that your rental payments can continue to be recognised.

7.8.     We and the CRAs will ensure that your information is treated in accordance with UK data protection law, so you can have peace of mind that it will be kept secure and confidential and your information will not be used for prospect marketing purposes.

7.9.     If you are unhappy with anything relating to rent reporting, please contact us via the contact details in 2.5. You also have the ability to get in touch with the Information Commissioner’s Office. More information about this can be found using this link here: ico.org.uk/concerns/.

7.10.     Payment Services Providers

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/

7.11.     Fraud Prevention and Financial Crime Agencies

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by reading CIFAS’ Privacy Policy (www.cifas.org.uk/fpn), Jumio’s (www.jumio.com/legal-information/privacy-notices/)  as well as Comply Advantage’s policy (complyadvantage.com/privacy-notice/).

7.12.     Marketing and advertising agencies

     7.12.1.     We share a limited amount of your personal data with companies that help us with marketing and advertising, namely:

  • your marketing preference data (i.e. whether or not you have agreed to receive marketing from us);
  • your technical and behavioural data (e.g. cookie and pixel data); and/or
  • your email address (in a protected format).

     7.12.2.     The marketing and advertising companies with whom we share your personal data include service providers who provide platforms and systems that we use to help us serve marketing and advertising (i.e. Facebook).
     7.12.3.     Some of this information is gathered through cookies and other similar technologies on our website and app. For more information about how we use cookies please see our Cookie Policy.
     7.12.4.     In some cases, these third parties will also use the data that they collect for their own purposes, for example they may aggregate your data with other data they hold and use this to inform advertising related services provided to other clients.

7.13.     Sharing your data with our Principal Firm

     7.13.1.     We work with and are an appointed representative of Creative Finance Corp Limited to provide our services to you. This requires us to share your personal data with Creative Finance Corp Limited, so that Creative Finance Corp Limited can meet its regulatory obligations as the regulated principal.

7.14.     Other third parties

     7.14.1.     We may share your personal data with:

  • the Financial Conduct Authority, the Information Commissioner’s Office or any other legal, regulatory or governmental body that we are required to disclose information to;
  • our suppliers of technical and support services, insurers, logistic providers, and cloud service providers; these include Google Cloud Platform (GCP) and Intercom instant messaging service
  • the analytics and search engine providers that assist us in the improvement and optimisation of our website and services.

     7.14.2.     We may share your personal data with potential suppliers and partners if we want to trial those suppliers and partners to see if they can help us improve our services. For example, we may share your personal data with potential suppliers and partners to test the efficacy of their systems. We’ll only do this where we need to use real rather than dummy or anonymous data for the test to be effective. Some of these trials will involve soft searching your file and may leave footprints on your credit file.
     7.14.3.     We may consider corporate transactions such as a merger, acquisition, reorganisation or asset sale. We may share information with third parties in relation to that transaction. If we are acquired in whole or part, customer personal data may be one of the assets transferred.
     7.14.4.     We may disclose or share your personal data with third parties (e.g. professional advisors or public bodies) if it is necessary to:

  • enforce or apply our terms of use and other agreements; and
  • protect the rights, property or safety of our staff, customers or other people.

     7.14.5.     This includes exchanging information with other companies and organisations for the purposes of identity verification and validation, fraud protection and credit risk reduction.

7.15.     Transferring data outside of the country

     7.15.1.     We currently transfer some of your personal data to the USA to our chat and messaging provider Intercom. This transfer is done through the recognised transfer mechanism standard contractual clauses.
     7.15.2.     If, in the future, we transfer any more of your personal data outside of the EEA, we’ll take steps necessary to ensure that your data is treated securely and in accordance with this privacy notice and all relevant statutory requirements. This includes using recognised transfer mechanisms that incorporate appropriate safeguards. For example, we use approved standard contractual arrangements to transfer personal data, where appropriate.

8. How we store your personal data

8.1. What we do to keep your personal data safe

8.1.1    All the information that you give us is stored on secure servers. The internet is not a secure medium, but we’ve put in place various security procedures to protect your information. We use firewalls to block unauthorised traffic to the servers. We host your information on Google’s Cloud Platform (GCP) which is secure and can only be accessed by ourselves. We use industry-standard encryption technology to ensure that all your personal and transactional information is encrypted before transmission to certain lenders or third-party service providers. Our security policies are in place to safeguard your privacy from unauthorised access or improper use. We’ll continue to enhance our security as and when new technology becomes available.

8.2. What you can do to keep your personal data safe

8.2.1.     You’re responsible for keeping your Pillar account password confidential. We ask you not to share a password with anyone. From time to time, we or our service providers may communicate with you by email. You should keep your email account secure. Where possible, you should not provide us with any personal data that we’ve not asked for. If you’re unsure whether we need a certain piece of information, please ask us first before sending it to us.

8.3. How long we keep your personal data for

8.3.1.     We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. We may retain personal data where we need to for:

  • the purposes of complying with our legal and regulatory responsibilities;
  • responding to legal and regulatory enquiries;
  • our own required record keeping
  • Answer any queries/complaints you may have;
  • Respond to queries or investigations from the Financial Conduct Authority or Financial Ombudsman Service; or to Respond to legal claims.

8.3.2.     We’ll keep the archived data for no longer than six years following your account closure.

9. What are your rights in relation to personal data

9.1.     Data protection law provides you with a number of rights in relation to your personal data (which are summarised below). You can exercise these rights by contacting us via email on help@hellopillar.com

9.2.     Subject to the requirements of applicable laws and certain limitations or exemption, you have the right to:

  • access your personal data and be provided with certain information in relation to it, such as the purpose for which it is processed;
  • require us to correct any inaccuracies in your personal data without undue delay;
  • require us to erase your personal data (please be aware that the right of erasure under data protection law is not an absolute right as it only applies in relation to one or more specific circumstances);
  • require us to restrict the processing of your personal data;
  • receive the personal data which you have provided to us in a machine readable format, where we are processing it on the basis consent or to comply with a contract with you (please see the above tables) and such processing is automated; and
  • object to a decision that we make which is based solely on automated processing of your personal data.

9.3.     Access to your credit report and corrections

     9.3.1.     In addition to the rights listed above, you also have the right to obtain your statutory credit report free of charge from Experian. This report contains all the personal data Experian holds about you that is relevant to your financial standing. If you wish to find out how to exercise this right please visit: www.experian.co.uk/consumer/statutory-report

     9.3.2.     Should you wish to request access to all of the personal data Experian holds about you (not just your credit report) you have the right to do so (as noted above).

     9.3.3.     Experian wants to make sure that your personal information is accurate and up to date. However, please be aware that as a credit reference agency, much of the information Experian holds about you is received from lenders and banks. Experian is not able to automatically amend this information upon request. Experian must instead follow a set process of informing the relevant lender and seeking their clarity as to the validity of the data. While this process is undertaken, Experian will make a note on your file that a rectification request has been made. For more details on your rights please review the Experian Information Notice at www.experian.co.uk/legal/crain/

9.4.     You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK data protection regulator. More information can be found on the ICO website at ico.org.uk

10. How to contact us

10.1.     If you have any questions about this privacy notice or our use of your personal data, please contact us through the in app messenger or via email us at help@hellopillar.com