Warning: Late repayment can cause you serious money problems. For help, go to moneyadviceservice.org.uk
Credit card.
Privacy Policy

Jump to section

  1. Who are we?
  2. Why do we have this privacy policy?
  3. Our Service
  4. How do we collect your personal information?
  5. What personal information do we collect about you?
  6. How do we use your personal information?
  7. Purposes for which we use your personal information
  8. How long do we keep your personal information for?
  9. Who do we share your personal information with?
  10. Automated Decision Making
  11. What are your legal rights?
  12. Is your personal information transferred outside the EEA?
  13. Data Security
  14. Complaints and contact details of our data protection officer
  15. How we use cookies
  16. Changes to this privacy policy

1. Who are we?

We (Digitonomy Limited) are a credit broker, authorised and regulated by the Financial Conduct Authority (FRN 690249). thimbl. is one of our trading styles, and we host the thimbl.com website. We are based in Chester, and our registered office is at the Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN. Our registered company number is 08385135. We are registered with the Information Commissioner's Office with registration number ZA007309.

2. Why do we have this privacy policy?

The purpose of this privacy policy is to give you a clear explanation about how we use the personal information we collect from you when you use our website to apply for the thimbl. credit card. It is important that you read it in full to understand the information we need to collect from you, how we will use it and how you can access, update and delete your personal information. It should be read together with our Terms and Conditions.

If you click on a link that takes you to a third-party website that is not ours, we will not be responsible for how they use your personal information. You should read their privacy policy to understand how they may use your personal information. This privacy policy only explains how we will process your personal information.

“Personal information” in this policy means any information that we collect that could identify you such as for e.g. your name, address and online identifiers like your IP address.

3. Our Service

We work with Capital One (Europe) plc (“Capital One”) to provide the thimbl. Credit Card, and you can apply for it through our website.

  • We are a data controller in relation to the personal information you give to us on this website and we store it in a UK data centre.
  • We share the information you provide via the QuickCheck facility with Capital One, who issue and administer the thimbl. credit card. Capital One will review your information to carry out an initial eligibility assessment. This will involve an automated decision being made about you, known as a soft search. Please see section 10 for more information about this and what rights you may have as a result.
  • Capital One are a separate data controller when they receive and process your information in this way.
  • If Capital One consider that they may be able to provide you with a thimbl. credit card, you will be re-directed to their website to complete your application.
  • Before completing and submitting your application for the thimbl. credit card on Capital One’s website, you should read their privacy policy to satisfy yourself how they will process your personal information. We are not responsible for the way in which they do this. You can view Capital One’s privacy policy here.
  • Capital One will review the information you provide to them via their website to assess your application and decide whether they can provide you with a thimbl. credit card. If successful, Capital One will then process your personal information for the purposes of providing and administering your thimbl. credit card.
  • We will stay in contact with you about your application and about any of our similar products and services (unless you have asked us not to) using the contact details you have given to us.

4. How do we collect your personal information?

We collect personal information from you in the following ways:

4.1 Information you give us:

  • Information you give us when you complete any online forms on our website to apply for the thimbl. credit card.
  • Information you provide when corresponding with us by phone, email or other means. This includes information you might give us when applying for the thimbl. credit card, or if you need to ask us a question, report a problem with our site or if you otherwise contact us.

4.2 Information we collect from you:

  • Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

5. Personal information we collect from you:

If you apply for the thimbl. credit card, we will need to collect the following personal information about you:

Identity information: this includes your first and last name, and your date of birth.

Contact information: this includes your address; telephone number(s), and your email address.

Financial information: this includes details of your bank account; income and expenditure; the amount of money you are looking to borrow; the length and purpose of the loan; the date you are paid each month, and whether you have a debit card.

Employment information: this includes your employment status; the name of your employer; your job title, and the time you have been in your current job.

General information: this includes your home owner status, your marital status and the number of any dependents you may have.

Marketing and communications information: this includes your preferences in receiving marketing information about our similar products and services.

Technical information: this includes your internet protocol (IP) address used to connect your computer to the internet; your browser; time zone setting; your operating system and platform; the source of your enquiry (for example Google, Facebook, Bing etc) and the device that you are using. We also collect information about your visit to our site including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including the date and time); page response times; download errors; lengths of visits to certain pages; page interaction information (such as scrolling; clicks and mouse-overs); methods used to browse away from the page, and, if you linked to our site from a search engine, the address of that search engine and the search term you used.

Please note: it is your responsibility to check and ensure that any information you provide is correct, complete and accurate. If you fail to provide your personal information where requested, you may not be able to complete your application.

6. How do we use your personal information?

We will only collect and use your personal information when the law allows us to. Most commonly, we will use it in the following circumstances:

Where it is necessary for our legitimate Interests (or those of a third party): we may process your personal information for the legitimate interests of our business (or those of a third party) in providing you with a thimbl. credit card, providing these interests do not override your privacy in any way. Our legitimate interests for processing your personal information are:

  • The interests of our company in conducting, managing and improving our business. This includes enabling you to apply for the thimbl. credit card, and providing you with that information by email, SMS or automated message. Using your personal information in this way is an essential part of us being able to provide our service to you.
  • To enable us to communicate with you about any of our related products and services, (unless you have asked us not to), using the contact details you have given to us. (Our right to do this is known as the “soft opt-in.” This is explained in more detail below.).
  • To improve the services, we provide. To achieve this, we will use your personal information to customise certain features of the services we provide and for market research purposes. We are dedicated to constantly finding ways to improve our business and using your personal information in these ways enables us to achieve this.

Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by submitting your contact details on our website via QuickCheck), and we are marketing other similar services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most customers, this is beneficial as it allows us to tell you about other related products and services that we think would be useful to you alongside the specific one you originally expressed an interest in applying for.

Marketing: we will only contact you in response to a request or communication from you or under the soft opt-in. We will not send unsolicited marketing communications to you about any other types of products or services.

Third-party marketing: we will not share your personal information with any company outside our company for their marketing purposes.

Cookies: you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Change of purpose: we will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Where we need to comply with a legal or regulatory obligation: we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. Purposes for which we use your personal information

We have set out below, in a table format, a description of the ways your personal information could be used by us, and which of the legal bases we rely on to do so. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To enable you to use QuickCheck to assess your chance of being accepted for a thimbl. credit card and to submit your application form to Capital One.

(a) Identity

(b) Contact

(c) Financial

(d) Employment

(e) General

Necessary for our legitimate interests (to operate our business in providing and improving the service we provide as a credit broker.)

To enable us to communicate with you:

(a) About your application and any of our similar products and services (unless you have asked us not to) using the contact details you have given to us.

(b) About any enquiries or complaints, you may have.

(c) To ask you to complete a survey or provide us with feedback, testimonials or reviews.

(a) Identity

(b) Contact

(c) Marketing and communications information

(a) Necessary for our legitimate interests (to operate our business by providing the thimbl. credit card, by remaining in contact with you about your enquiry and our similar products and services.)

(b) Necessary to comply with a legal obligation

To enable us to present you with advertisements about the products and services we provide as a credit broker that we believe will be relevant to you and that you will be interested in, we may use your personal information to create a profile of you and your circumstances. These advertisements may be sent directly from us (unless you have asked us not to), or be presented to you via advertising networks and social media companies such as Facebook, Google and Snapchat for e.g.

We believe we have a legitimate interest to profile your personal information in this way. However, you have the right to object if you do not want us to do this. In this case, please contact us by writing to the Customer Services Manager at Digitonomy Limited, Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN, to tell us that you do not want your personal information to be used in this way.

(a) Identity

(b) Marketing and communications information

Necessary for our legitimate interests (to provide you with advertisements relating to the products and services we provide as a credit broker either directly or via advertising networks and social media companies.)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Necessary to comply with a legal obligation

(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer, improve and protect our business and this website (including training, troubleshooting, data analysis, testing, system maintenance, research, support, reporting and hosting of data) 

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to improve our marketing strategy)

8. How long do we keep your personal information for?

Unless required by law to keep your personal information for a different period of time, we will keep it for no longer than 12 months from the date you last used Our Service or until you ask us to delete it. Please note that if you ask us to delete your personal information it may still remain on our backup systems for legal or other regulatory reasons.

9. Who do we share your personal information with?

When you apply for the thimbl. credit card, your information will be shared with the following third parties:

  • Capital One who issue and administer the thimbl. credit card.
  • Other companies who enable us to provide our credit broking services or who provide services to us, for example IT Service Providers (who provide for e.g. technology platforms or other IT services including data storage), and Communication providers (who provide for e.g. email and text services for customer contact and marketing purposes).
  • Advertising networks and social media companies such as Facebook, Google and SnapChat so that we can present you with relevant advertisements.

These third parties help us to provide the thimbl. credit card. In order that they can do this, we may need to let them process your personal information. Where relevant, we will make sure that they keep the information secure and in accordance with our instructions, the General Data Protection Regulation 2016 (“GDPR”) and other UK privacy legislation.

We will also share your personal information when we have your consent, or where we are obliged to do so for a legal or regulatory reason, for e.g. to prevent or detect crime, for compliance monitoring or to enforce or apply our Terms and Conditions and other agreements.

Finally, we may also share your personal information with any third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy policy.

10. Automated Decision Making

An automated decision is one where a computer or system is used to assess the information you provide to make a decision about you. We do not make automated decisions about you, however, Capital One may do this when we share your personal information with them so that they can make an assessment of your eligibility for the thimbl. credit card. An example of this is the soft search that is carried out upon you by Capital One when you use QuickCheck.

(Note: a “soft” credit search helps a lender to decide whether or not they may be able to issue you with a credit card. Unlike a “hard” credit search, a soft search is recorded on your credit file, but only you rather than any other lender will be able to see it. A soft search does not therefore affect your credit rating.)

As a result, you have the right to ask Capital One that they do not make a final decision based solely on automated means. You can also object to the automated decision and ask that a person reviews it. To exercise this right, you will then need to contact Capital One directly.

11. What are your legal rights?

  • Right to Object - because we carry out certain profiling of your personal information to enable us to present you with relevant advertisements, you can object to this processing at any time. Please see section 7 above for information about how to do this.
  • Right of Access - you can ask us at any time to confirm whether we hold your personal information, and if so you can access it by writing to us at: Data Subject Access Request Department, Digitonomy Limited, Steam Mill Business Centre, Steam Mill Street, Chester, Cheshire, CH3 5AN or by emailing us at help@thimbl.com
  • Right to rectification - if we hold personal information about you that is inaccurate, you can ask us to correct it, and we will do this as quickly as possible.
  • Right to erasure - if you have provided us with consent to process your personal information or if it is no longer necessary for us to hold your personal information bearing in mind the reason why you provided it to us, you can ask us to delete it. If you ask us to do this, we will delete your personal information as soon as possible although this will mean that we may not be able to help you find the financial product or service that you asked us to search for.
  • Right to restrict our use of your information - you can ask us to restrict our processing of your personal information if you think for example that the personal information you gave us is inaccurate. This may mean that you are unable to complete your application for a thimbl. credit card.
  • Right to complain to the Information Commissioner’s Office (ICO) - we will try to resolve any complaint that you may have in relation to data protection issues. If you are not happy with our final response you have the right to have your complaint dealt with by the ICO. Details of how you can do this are in section 14 - “Complaints and contact details of our data protection officer.”

12. Is your personal information transferred outside the European Economic Area (“EEA”)?

No, we do not transfer your personal information outside the EEA. When we process your personal information, it will take place within the EEA.

13. Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Complaints and contact details of our data protection officer

We want you to be confident that we are handling your personal information responsibly and in line with good practice. If you are concerned that we are not doing this, you should contact us immediately. We will treat your concern seriously and work with you to try and resolve it.

Please address your correspondence to:

The Data Protection Officer

Digitonomy Limited

The Steam Mill Business Centre

Steam Mill Street

Chester

CH3 5AN.

15. How we use cookies

We have implemented and use Google Display Network (GDN) Impression Reporting, Demographics and Interest Reporting, Remarketing with Analytics and Segments.
We use these services to help us improve our site and our advertising, including who sees the adverts and the content within them. We and other third parties, such as Google, use first party and third-party cookies to help us show relevant adverts to you. Due to these cookies, you may see adverts on other websites promoting thimbl. More information about cookies and how they are used can be found in our cookie policy.

Whilst we cannot control adverts you may see on other websites, you are free to opt-out of or change your settings regarding ad personalisation at any time, by going to your Google Ads Preferences Manager.

16. Changes to this Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page.

Please check back frequently to see any updates or changes to our privacy policy. However, if any significant change that we make affects the way that we are able to use your personal information (meaning that it would be unlawful for us to continue to use it), then we will do our best to communicate this to you.



Last updated 27/07/2018