We (Digitonomy Limited) are a credit broker, authorised and regulated by the Financial Conduct Authority (FRN 690249). thimbl. is one of our trading styles, and we host the thimbl.com website. We are based in Chester, and our registered office is at the Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN. Our registered company number is 08385135. We are registered with the Information Commissioner's Office with registration number ZA007309.
“Personal information” in this policy means any information that we collect that could identify you such as for e.g. your name, address and online identifiers like your IP address.
We work with Capital One (Europe) plc (“Capital One”) to provide the thimbl. Credit Card, and you can apply for it through our website.
We collect personal information from you in the following ways:
4.1 Information you give us:
4.2 Information we collect from you:
If you apply for the thimbl. credit card, we will need to collect the following personal information about you:
Identity information: this includes your first and last name, and your date of birth.
Contact information: this includes your address; telephone number(s), and your email address.
Financial information: this includes details of your bank account; income and expenditure; the amount of money you are looking to borrow; the length and purpose of the loan; the date you are paid each month, and whether you have a debit card.
Employment information: this includes your employment status; the name of your employer; your job title, and the time you have been in your current job.
General information: this includes your home owner status, your marital status and the number of any dependents you may have.
Marketing and communications information: this includes your preferences in receiving marketing information about our similar products and services.
Technical information: this includes your internet protocol (IP) address used to connect your computer to the internet; your browser; time zone setting; your operating system and platform; the source of your enquiry (for example Google, Facebook, Bing etc) and the device that you are using. We also collect information about your visit to our site including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including the date and time); page response times; download errors; lengths of visits to certain pages; page interaction information (such as scrolling; clicks and mouse-overs); methods used to browse away from the page, and, if you linked to our site from a search engine, the address of that search engine and the search term you used.
Please note: it is your responsibility to check and ensure that any information you provide is correct, complete and accurate. If you fail to provide your personal information where requested, you may not be able to complete your application.
We will only collect and use your personal information when the law allows us to. Most commonly, we will use it in the following circumstances:
Where it is necessary for our legitimate Interests (or those of a third party): we may process your personal information for the legitimate interests of our business (or those of a third party) in providing you with a thimbl. credit card, providing these interests do not override your privacy in any way. Our legitimate interests for processing your personal information are:
Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by submitting your contact details on our website via QuickCheck), and we are marketing other similar services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most customers, this is beneficial as it allows us to tell you about other related products and services that we think would be useful to you alongside the specific one you originally expressed an interest in applying for.
Marketing: we will only contact you in response to a request or communication from you or under the soft opt-in. We will not send unsolicited marketing communications to you about any other types of products or services.
Third-party marketing: we will not share your personal information with any company outside our company for their marketing purposes.
Change of purpose: we will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Where we need to comply with a legal or regulatory obligation: we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We have set out below, in a table format, a description of the ways your personal information could be used by us, and which of the legal bases we rely on to do so. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information.
Type of data
Lawful basis for processing including basis of legitimate interest
To enable you to use QuickCheck to assess your chance of being accepted for a thimbl. credit card and to submit your application form to Capital One.
Necessary for our legitimate interests (to operate our business in providing and improving the service we provide as a credit broker.)
To enable us to communicate with you:
(a) About your application and any of our similar products and services (unless you have asked us not to) using the contact details you have given to us.
(b) About any enquiries or complaints, you may have.
(c) To ask you to complete a survey or provide us with feedback, testimonials or reviews.
(c) Marketing and communications information
(a) Necessary for our legitimate interests (to operate our business by providing the thimbl. credit card, by remaining in contact with you about your enquiry and our similar products and services.)
(b) Necessary to comply with a legal obligation
To enable us to present you with advertisements about the products and services we provide as a credit broker that we believe will be relevant to you and that you will be interested in, we may use your personal information to create a profile of you and your circumstances. These advertisements may be sent directly from us (unless you have asked us not to), or be presented to you via advertising networks and social media companies such as Facebook, Google and Snapchat for e.g.
We believe we have a legitimate interest to profile your personal information in this way. However, you have the right to object if you do not want us to do this. In this case, please contact us by writing to the Customer Services Manager at Digitonomy Limited, Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN, to tell us that you do not want your personal information to be used in this way.
(b) Marketing and communications information
Necessary for our legitimate interests (to provide you with advertisements relating to the products and services we provide as a credit broker either directly or via advertising networks and social media companies.)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer, improve and protect our business and this website (including training, troubleshooting, data analysis, testing, system maintenance, research, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to improve our marketing strategy)
Unless required by law to keep your personal information for a different period of time, we will keep it for no longer than 12 months from the date you last used Our Service or until you ask us to delete it. Please note that if you ask us to delete your personal information it may still remain on our backup systems for legal or other regulatory reasons.
When you apply for the thimbl. credit card, your information will be shared with the following third parties:
These third parties help us to provide the thimbl. credit card. In order that they can do this, we may need to let them process your personal information. Where relevant, we will make sure that they keep the information secure and in accordance with our instructions, the General Data Protection Regulation 2016 (“GDPR”) and other UK privacy legislation.
We will also share your personal information when we have your consent, or where we are obliged to do so for a legal or regulatory reason, for e.g. to prevent or detect crime, for compliance monitoring or to enforce or apply our Terms and Conditions and other agreements.
An automated decision is one where a computer or system is used to assess the information you provide to make a decision about you. We do not make automated decisions about you, however, Capital One may do this when we share your personal information with them so that they can make an assessment of your eligibility for the thimbl. credit card. An example of this is the soft search that is carried out upon you by Capital One when you use QuickCheck.
(Note: a “soft” credit search helps a lender to decide whether or not they may be able to issue you with a credit card. Unlike a “hard” credit search, a soft search is recorded on your credit file, but only you rather than any other lender will be able to see it. A soft search does not therefore affect your credit rating.)
As a result, you have the right to ask Capital One that they do not make a final decision based solely on automated means. You can also object to the automated decision and ask that a person reviews it. To exercise this right, you will then need to contact Capital One directly.
No, we do not transfer your personal information outside the EEA. When we process your personal information, it will take place within the EEA.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We want you to be confident that we are handling your personal information responsibly and in line with good practice. If you are concerned that we are not doing this, you should contact us immediately. We will treat your concern seriously and work with you to try and resolve it.
Please address your correspondence to:
The Data Protection Officer
The Steam Mill Business Centre
Steam Mill Street
We have implemented and use Google Display Network (GDN) Impression Reporting, Demographics and Interest Reporting, Remarketing with Analytics and Segments.
Whilst we cannot control adverts you may see on other websites, you are free to opt-out of or change your settings regarding ad personalisation at any time, by going to your Google Ads Preferences Manager.
Last updated 27/07/2018