Jump to section

1. Who are we?
2. Why do we have this privacy policy?
3. Our Service
4. How do we collect your personal information?
5. What personal information do we collect about you?
6. How do we use your personal information?
7. Purposes for which we use your personal information
8. How long do we keep your personal information for?
9. Who do we share your personal information with?
10. Automated Decision Making
11. What are your legal rights?
12. Is your personal information transferred outside the EEA and/or the UK?
13. Data Security
14. Complaints and contact details of our data protection officer
15. How we use cookies
16. Changes to this privacy policy

1. Who are we?

We (Digitonomy Limited) are a credit broker, authorised and regulated by the Financial Conduct Authority (FRN 690249). thimbl. is one of our trading styles, and we host the thimbl.com website. We are based in Chester, and our registered office is at the Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN. Our registered company number is 08385135. We are registered with the Information Commissioner's Office with registration number ZA007309.

2. Why do we have this privacy policy?

The purpose of this privacy policy is to give you a clear explanation about how we use the personal information we collect from you when you use our website to apply for the thimbl. credit card or the thimbl. loan (the "thimbl. Product(s)"). It is important that you read it in full to understand the information we need to collect from you, how we will use it and how you can access, update and delete your personal information. It should be read together with our Terms and Conditions.

If you click on a link that takes you to a third-party website that is not ours, we will not be responsible for how they use your personal information. You should read their privacy policy to understand how they may use your personal information. This privacy policy only explains how we will process your personal information.

“Personal information” in this policy means any information that we collect that could identify you such as for e.g. your name, address and online identifiers like your IP address.

3. Our Service

We work with Vanquis Bank Limited ("Vanquis Bank") to provide the thimbl. Products, and you can apply for these through our website.

• We are a data controller in relation to the personal information you give to us on this website and we store it in a UK data centre.
• We share the personal information you have given to us on our application form with Equifax Limited who are a credit reference agency ("CRA") to carry out a soft search on you. This enables us to check your identity and eligibility for the thimbl. Product you are applying for.
• We then share the information you gave to us with Vanquis Bank, who issue and administer the thimbl. Products. Vanquis Bank will review your information to carry out an initial eligibility assessment which will involve an automated decision being made about you in the form of a soft search. Please see section 10 for more information about this and what rights you may have as a result.
• Vanquis Bank are a separate data controller when they receive and process your information in this way.
• If Vanquis Bank consider that they may be able to provide you with a thimbl. Product, you will be re-directed to their website to complete your application.
• Before completing and submitting your application for a thimbl. Product on Vanquis Bank’s website, you should read their privacy policy to satisfy yourself how they will process your personal information. We are not responsible for the way in which they do this. You can view Vanquis Bank's privacy policy here.
• Vanquis Bank will review the information you provide to them via their website to assess your application and decide whether they can provide you with a thimbl. Product. If successful, Vanquis Bank will then process your personal information for the purposes of providing and administering your thimbl. Product.
• If Vanquis Bank are not able to provide you with a thimbl. Product, we may present you with an alternative option to apply for a different financial product or service such as a loan, credit card or alternative credit solutions.
• To do this, we will need to share your personal information with Creditec Limited (another member of our group of companies) who will carry out a further soft search on you via Equifax Limited to check your eligibility for alternative products and services. (To understand in more detail how Creditec use your personal information, you can read their privacy policy here.)
• Loans: If Vanquis Bank were not able to provide you with the thimbl. loan product, you will either be presented with a results table displaying either other potential loan options that you may be eligible for, or alternatively the option to apply for other products and services that we think may be suitable.
• Credit Cards: If Vanquis Bank were not able to provide you with the thimbl. credit card, then in order to find other credit cards that you may be eligible for, Creditec will carry out further eligibility checks with our providers of pre-screening and eligibility checking services (HD Decisions - an Experian business, Madison CF UK Limited, trading as 118 118 Money and Capital One (Europe) plc) and certain members of our panel of credit card issuers, (who may then also contact CRAs). We refer to these firms as our "Providers."
• Pre-screening means Providers use your information to carry out a soft search on you. This is a pre-application check of your credit record and will not have any impact on your credit rating. (Please see point 10 below for more information about this and what rights you may have as a result).
• Providers will also use their internal databases, scoring methods and knowledge of acceptance criteria to determine your likelihood of being accepted, ("Eligibility Checks").
• The results of these searches, along with your personal information will then be shared with our panel of financial services firms (“Partners.”)
• You will then be presented with those credit cards (or alternatively loans, if we were unable to find you a credit card) that you may be eligible for and will have the opportunity to apply directly with a Partner. If you do this, your information will be shared with that Partner, and you will be re-directed to their website to complete your application.
• The Partner will provide you with their terms and conditions for the credit card you are applying for, and if you decide to complete your application, they will also carry out their own identification and validation checks (including fraud prevention procedures, affordability and credit application checks), in accordance with their own criteria. Any full credit check, (also known as a "hard" search) carried out by any of the Partners will be visible on your credit file to any other lender in the future.
• Before completing and submitting any application on one of Our Partner’s sites, you should read their privacy policy to satisfy yourself how they will process your personal information. We are not responsible for the way in which any of our Partners may do this.
• For each thimbl. Product, we (and/or Creditec) will stay in contact with you about your enquiry (for eg by emailing or texting your results to you, or confirming any "next steps"), and we may also contact you about other products and services (roviding you have given us your consent to do this) using the contact details you have given to us.

4. How do we collect your personal information?

We collect personal information from you in the following ways:

4.1 Information you give us:

• Information you give us when you complete any online forms on our website to use Our Service.
• Information you provide when corresponding with us by phone, email or other means. This includes information you might give us when applying for a thimbl. Product, or if you need to ask us a question, report a problem with our site or if you otherwise contact us.

4.2 Information we collect from you:

• Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

4.3 Information we receive from third parties.

• Pre-Screening and Eligibility Check data we receive from Providers.
• Information about your credit and financial situation from CRAs when a soft search is carried out upon you ("CRA Information").
• The outcome of any full applications that are made for a financial service or product you make as a result of using Our Service from Partners and from any third-party service providers we work with.

5. Personal information we collect from you:

In order to provide Our Service, the following personal information about you is collected:

Identity information: this includes your first and last name, and your date of birth.

Contact information: this includes your address; telephone number(s), and your email address.

CRA information: this includes information about your financial status and eligibility for the products and services we offer.

Financial information: : this includes details of your income and expenditure.

Employment information: this includes your employment status; the name of your employer; your job title, and the time you have been in your current job.

General information: this includes your home owner status, your relationship status and the number of any dependents you may have.

Marketing and communications information: this includes your preferences in receiving marketing information about other similar products and services.

Technical information: this includes your internet protocol (IP) address used to connect your computer to the internet; your browser; time zone setting; your operating system and platform; the source of your enquiry (for example Google, Facebook, Bing etc) and the device that you are using. We also collect information about your visit to our site including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including the date and time); page response times; download errors; lengths of visits to certain pages; page interaction information (such as scrolling; clicks and mouse-overs); methods used to browse away from the page, and, if you visited our site from a search engine, the address of that search engine and the search term you used.

Please note: it is your responsibility to check and ensure that any information you provide is correct, complete and accurate. If you fail to provide your personal information where requested, you may not be able to complete your application.

6. How do we use your personal information?

We will only collect and use your personal information when the law allows us to. Most commonly, we will use it in the following circumstances:

Where it is necessary for our legitimate Interests (or those of a third party): we may process your personal information for the legitimate interests of our business (or those of a third party) in providing you with a thimbl. Product, providing these interests do not override your privacy in any way. Our legitimate interests for processing your personal information are:

• The interests of our company in conducting, managing and improving our business. This includes enabling you to apply for a thimbl. Product, (or an alternative financial service or product if you are declined) and providing you with that information by email, SMS or automated message. Using your personal information in this way is an essential part of us being able to provide Our Service to you.
• To improve the services, we provide. To achieve this, we will use your personal information to customise certain features of the services we provide and for market research purposes. We are dedicated to constantly finding ways to improve our business and using your personal information in these ways enables us to achieve this.

Marketing: we will only contact you in response to a request or communication from you or if you have given us your consent to send you information about products and services we believe you will be interested in. Any such contact may be by email, text message, push notifications, social media or other electronic means. We will not send unsolicited marketing communications to you about any other types of products or services.

Third-party marketing: we will not share your personal information with any company outside our company for their marketing purposes.

Cookies: you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Change of purpose: we will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Where we need to comply with a legal or regulatory obligation: we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. Purposes for which we use your personal information

We have set out below, in a table format, a description of the ways your personal information could be used by us, and which of the legal bases we rely on to do so. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.

8. How long do we keep your personal information for?

Unless required by law to keep your personal information for a different period of time, we will keep it for no longer than 12 months from the date you last used Our Service or until you ask us to delete it. Please note that if you ask us to delete your personal information it may still remain on our backup systems for legal or other regulatory reasons.

9. Who do we share your personal information with?

When you use Our Service, your information will be shared with the following third parties or categories of third party:

• Vanquis Bank who issue and administer the thimbl. Product.
• Equifax Limited, a CRA to carry out a soft search on you so that we can check your identity and eligibility for the thimbl. Product, and/or for an alternative financial product or service should you be declined. As a result, they provide information about you, and anyone you may have a financial association with (e.g. a joint mortgage or joint bank account). Equifax will record a footprint on your credit file that we have requested. This search footprint will be visible only to you and will not affect your credit score.
• For more information about how Equifax may use your personal information, you can read the Credit Reference Agency Information Notice here, or you can ask Equifax for a copy. You can also read Equifax’s privacy policy here.
• Creditec Limited, a company within our group so that using their credit matching platform technology, they can carry out a soft search on you and help to match you with an alternative financial service or product if you are declined for a thimbl. Product. To understand how they will process your personal information, please read their privacy policy here.
• Providers: if you are declined for a thimbl. credit card, your personal information will be shared with our Providers of Pre-screening and Eligibility Checking services to check your eligibility for other credit cards. Please note that the following privacy notices will apply to the relevant third party's handling of your data, alternatively details can be found on their individual websites:
  • HD Decisions Limited (an Experian business) Privacy Notice (provider of eligibility scoring across a range of our Partners and their products)
  • Capital One (Europe) plc Privacy Notice (provider of eligibility scoring for Capital One products)
  • Madison CF UK Limited trading as 118 118 Money Privacy Notice (provider of eligibility scoring for 118 products)
• Partners: to help you find a suitable alternative financial product or service if you are declined for a thimbl. Product. Partners comprise financial services firms who (where required), are authorised and regulated by the Financial Conduct Authority to provide consumer credit lending and broking, secured loans, credit information services, e-money issuance and payment services and can offer a range of alternative financial products and services including, for example, a range of credit reporting tools.
• Other companies who enable us to provide our credit broking services or who provide services to us, for example IT Service Providers (who provide for e.g. technology platforms or other IT services including data storage), and Communication providers (who provide for e.g. email and text services for customer contact and marketing purposes).
• Broadcasting networks (such as TV and radio stations), media buying and advertising networks, and social media companies (such as Facebook, Google and SnapChat) so that we can present relevant advertisements to you.

These third parties help us to provide Our Service. In order that they can do this, we may need to let them process your personal information. Where relevant, we will make sure that they keep the information secure and in accordance with our instructions, the UK General Data Protection Regulation 2016 (“UK GDPR”) and other UK privacy legislation.

We will also share your personal information when we have your consent, or where we are obliged to do so for a legal or regulatory reason, for e.g. to prevent or detect crime, for compliance monitoring or to enforce or apply our Terms and Conditions and other agreements.

Finally, we may also share your personal information with any third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy policy.

10. Automated Decision Making

An automated decision is one where a computer or system is used to assess the information you provide to make a decision about you. We do not make automated decisions about you, however, Vanquis Bank may do this when we share your personal information with them so that they can make an assessment of your eligibility for the thimbl. Product you are applying for. An example of this is the soft search that is carried out upon you by Vanquis Bank when you make your application. Similarly, our Partners may also do this if you are declined for a thimbl. Product and your personal information is shared with our Partners so that they can make an assessment of your eligibility for an alternative product or service.

(Note: a “soft” credit search helps a lender to decide whether or not they may be able to issue you with a credit card. Unlike a “hard” credit search, a soft search is recorded on your credit file, but only you rather than any other lender will be able to see it. A soft search does not therefore affect your credit rating.)

As a result, you have the right to ask Vanquis Bank (or a particular Partner) that they do not make a final decision based solely on automated means. You can also object to the automated decision and ask that a person reviews it. To exercise this right, you will then need to contact Vanquis Bank (or should you be declined for a thimbl. Product, our Partner) directly.

11. What are your legal rights?

• Right to Object - because we carry out certain profiling of your personal information to enable us to present you with relevant advertisements, you can object to this processing (including any direct marketing that we carry out) by sending us a message via our contact us page or by writing to the Customer Support Manager at Digitonomy Limited, Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN. We will action any request you make promptly, although this will mean that we will not be able to help you find the financial product or service that you asked us to search for.
• Right of Access - you can ask us at any time to confirm whether we hold your personal information, and if so you can access it by writing to us at: Data Subject Access Request Department, Digitonomy Limited, Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN or by sending us a message via our contact us page.
• Right to rectification - if we hold personal information about you that is inaccurate, you can ask us to correct it, and we will do this as quickly as possible.
• Right to erasure - if you have provided us with consent to process your personal information or if it is no longer necessary for us to hold your personal information bearing in mind the reason why you provided it to us, you can ask us to delete it. If you ask us to do this, we will delete your personal information as soon as possible although this will mean that we may not be able to help you find the financial product or service that you asked us to search for.
• Right to restrict our use of your information - you can ask us to restrict our processing of your personal information if you think for example that the personal information you gave us is inaccurate. This may mean that you are unable to complete your application for a thimbl. Product or any alternative product or service should your application for a thimbl. Product be unsuccessful.
• Right to complain to the Information Commissioner’s Office (ICO) - we will try to resolve any complaint that you may have in relation to data protection issues. If you are not happy with our final response you have the right to have your complaint dealt with by the ICO. Details of how you can do this are in section 14 - “Complaints and contact details of our data protection officer.”

12. Is your personal information transferred outside the European Economic Area ("EEA") and/or the UK?

Although we do not routinely transfer personal information outside the UK, we may sometimes need to do this where any of our Partners or third-party suppliers are either based outside the EEA and/or the UK, or where they use data processors based outside the EEA and/or the UK. Where this is the case, we will make sure that they agree to: keep your personal information secure; apply the same levels of protection as we are required to apply to information held in the UK, and to use it only for the purpose of providing Our Service. We will do this by putting in place appropriate safeguards and protections as stated under UK law, for example using a data-transfer agreement incorporating certain standard model protection clauses.

13. Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Complaints and contact details for our data protection officer

We want you to be confident that we are handling your personal information responsibly and in line with good practice. If you are concerned that we are not doing this, you should contact us immediately. We will treat your concern seriously and work with you to try and resolve it.

Please address your correspondence to:

The Data Protection Officer

Digitonomy Limited

The Steam Mill Business Centre

Steam Mill Street

Chester

CH3 5AN.

15. How we use cookies

We have implemented and use Google Display Network (GDN) Impression Reporting, Demographics and Interest Reporting, Remarketing with Analytics and Segments.
We use these services to help us improve our site and our advertising, including who sees the adverts and the content within them. We and other third parties, such as Google, use first party and third-party cookies to help us show relevant adverts to you. Due to these cookies, you may see adverts on other websites promoting thimbl. More information about cookies and how they are used can be found in our cookie policy.

Whilst we cannot control adverts you may see on other websites, you are free to opt-out of or change your settings regarding ad personalisation at any time, by going to your Google Ads Preferences Manager.

16. Changes to this Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page.

Please check back frequently to see any updates or changes to our privacy policy. However, if any significant change that we make affects the way that we are able to use your personal information (meaning that it would be unlawful for us to continue to use it), then we will do our best to communicate this to you.

Last updated 24/08/2023