Last Updated: 15th February 2022
We are Tred Earth Limited, a company registered in England and Wales with company number 12348719 and our registered address is: Avenue HQ, 10-12 East Parade, Leeds, West Yorkshire, England, LS1 2BH, trading under the brand name Tred (referred to as “Tred“, “we“, “us“, “our” in this notice). We are registered with the UK’s data protection regulator (The Information Commissioner’s Office or “ICO”) as a Controller of personal data under number ZA787057.
This policy applies to the information we gather when you visit our website at https://www.tred.earth (the “Website“), use our mobile application (the “App“) and more generally, when you use any of our services (the “Services“, which include the Website and App), as well as any related services, waiting lists, sales, surveys, marketing or events. In this privacy notice we seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. If there are any terms in this privacy notice that you do not agree with, please discontinue your use of our Services immediately.
We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or how we treat your personal information, please contact us at email@example.com. You can also contact our Data Protection Officer, Claire Pratt at: firstname.lastname@example.org
- HOW WE COLLECT YOUR DATA
We may collect, use, store and transfer the following different kinds of personal data about you:
Account data, ID data, transaction data, financial data, usage and device data, marketing and communications data, banking data and carbon impact data.
We explain the kind of information that is included within these categories of data below.
1.1 Personal information you disclose to us
In Short: We collect personal information that you voluntarily provide directly or otherwise give us express permission to use when you register/apply on the App or for any of the Services, ask for information about our Services, when you use our Services, when you voluntarily take part in testing or surveys, when you invest in Tred or when you contact or provide further information to us.
- “Account data” includes information you provide to use our services, such as names, phone numbers, email addresses, passcodes, UK residency status and delivery or home addresses.
- Information you provide when you interact with us, such as free text information you include in queries, feedback, survey responses, user testing responses, complaints, or any other direct interaction we have with you.
- “ID data” includes information you provide to confirm your identity, such as a copy of your photo ID document (passport or driving licence) and the information contained on it including your date of birth, address and the document reference number, your photograph on the ID document and a scanned image of your face. It may also include additional data we may request from you to prove your identity such as proof of address documents, utility bills, bank statements and other documents we specifically request which you then provide to us.
- “Marketing and communications data” includes your preferences in relation to marketing, such as the way in which you prefer to be contacted or any opt-outs you notify us of from time to time.
- “Carbon impact data” includes information about your carbon footprint and related activities. This could reveal that your carbon footprint is higher or lower than average or that you consume certain carbon heavy products or make impactful choices e.g., being vegetarian. Because this data might be linked to you, and it relates to your activities, we treat it as personal data whilst it is possible to trace it back to you.
- “Banking data” includes identifying information about other accounts you link to your Tred account by open banking. This could mean partial card numbers, bank or account names you input to help you identify which linked accounts you have in your Tred account.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information in order to ensure that we hold the most up to date information about you.
1.2 Information sent to us when you use our services
In short: We will collect transaction data from the business who issue your Tred Debit card and any Open Banking connections you voluntarily make through our app. This is to ensure we can categorise your spending and calculate your carbon footprint for you in our app.
1.3 Information automatically collected
In Short: Some information is collected automatically when you visit our website, use our App or any of our services through cookies or similar technologies. This information is primarily needed to maintain the security and operation of our Website and App, for troubleshooting and for our internal analytics and reporting purposes.
- “Usage data” We automatically collect certain information about how and when you use our services so that we can maintain security of our services and for internal reporting and analytic purposes. This information includes from which URL you arrived at our site (website only), which pages or our website/app you visit, for how long, and which links you click.
- “Device data”. We collect device data such as information about your computer, phone, tablet or other device you use to access the website and app including information about your Operating system and a partial IP address (or proxy server). Depending on the method of interaction used, this device data may include the following information:
- Website only: Browser type and version
- App only: Mobile device ID, model and manufacturer, language preferences, hardware model, internet service provider and/or mobile carrier, phone network, type of mobile used and device name.
1.4 Information we receive from other sources including third parties
In addition to the third parties we expressly name above, we will receive personal data about you from various other third parties as set out below:
- “Contact, financial and transaction data” from providers of payment services whom we make you aware of at the time of requesting payment from you.
2. HOW WE USE YOUR DATA
In Short: We process your information for specific purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent and we may decide to use your data where its closely related to one of the purposes below. We will always contact you to let you know in advance if we decide to process data for a new purpose that is unrelated to the below listed purposes, or where we think you won’t expect us to process data for that new purpose.
We use the information we collect or receive for the following Purposes in bold text below and on the legal basis we’ve underlined:
- To facilitate account creation and login process. We use your Account and ID Data to create your unique account and to have means of checking who you are, verifying your device and email address and contacting you. We need this information to perform our Services as agreed with you under our contract and to comply with our legal obligations (including those of our third parties who are subject to certain regulations).
- To manage your Tred account. We may use Transaction Data and Carbon Impact Data to calculate your carbon footprint in order to fulfil our contract with you and we may make further use of that information on the basis of the legitimate interest of society as a whole in reducing carbon emissions (for example, statistical, research and educational purposes as described below). By using your Tred Debit Card to make purchases or linking other accounts/cards to your Tred app via Open Banking links, or by providing identifying bank names and partial card numbers to help you identify linked cards, you are directly providing this information to us.
- To respond to your inquiries/offer support. In order to fulfil our contract and other obligations to with you, we may use your Account, Usage, Device, and or Carbon Impact Data and any other relevant information about your Tred account to respond to your inquiries and to try to resolve any potential issues or complaints you might have with the use of our App or Services generally.
- Push Notifications. We may request to send you push notifications (consent) regarding your account or certain features of the App. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
- To protect our business and our users. We may use your information as part of our efforts to keep our App and Services safe and secure generally for all users (for example, for fraud and money laundering/terrorist financing monitoring and prevention). We will check your name on a daily basis against lists of sanctioned individuals and politically exposed people and monitor your transactions to comply with our legal obligations in combatting crime. We are legally (legal obligation) and contractually (contract) obliged to ensure the security of our App and Services and to protect our users, but it’s also in our legitimate commercial interests to provide a safe and secure service generally because if we couldn’t do that, we would likely lose business. Please note that this is not a credit check and will in no way affect your credit score.
- To enforce our terms, conditions and policies in order to protect our business interests (contract and our legitimate interest in protecting our business and acting in its best interests).
- To comply with legal and regulatory requirements (legal obligation) such as carrying out ID Checks including via our third-party providers.
- To update or provide notice to you in connection with our contract.
- To respond to legal requests and prevent harm (legal obligation). If we receive a witness summons or other legal request from a law enforcement agency for example, we may need to inspect the data we hold to determine how to respond. We will consider each request on its merits and judge that against our users right to privacy in each case by limiting the information we share to only that which we consider necessary, and we will record our decision internally in order to create and auditable trail wherever legally possible (legal obligation).
- Fulfil and manage your orders. In order to fulfil your contract with us we may use your selected offsetting choices and Financial Data to fulfil and manage your offsetting orders and membership payments made through the Tred App.
- Administer prize draws and competitions. We may use your information to administer prize draws, incentives and competitions when you elect to participate in our competitions (contract). Where we let you know about competitions, incentives and prizes available to you, this is marketing, and we do this on the basis of our legitimate interest in rewarding and maintaining (and hopefully growing) our customer base unless you’ve opted out of this kind of marketing.
- To send you marketing and promotional communications. We may use the personal information you send to us for our own marketing purposes if this is in accordance with your marketing preferences or if we pass on any third-party marketing on the basis of our legitimate interest in sending you offers as our customer that are closely related to our Services and we think would legitimately be of interest to you. For example, when expressing an interest in obtaining information about us or our Services, subscribing to marketing or otherwise contacting us, we will collect personal information from you, and we will gain some insight into what you are interested in. We will give you the opportunity to opt-out of marketing at the time, and you can always later decide to opt-out of our marketing emails if you change your mind (see the “WHAT ARE YOUR PRIVACY RIGHTS” below).
- To post testimonials. We may post testimonials on our Services (either by directly requesting your permission or from an external review website e.g., Trustpilot) that may contain the name of the person providing the testimonial. By submitting a testimonial for this purpose, we presume this to be with your consent (which you can withdraw at any time).
- Request feedback. We may use your name and mobile number/email address to request your feedback and to contact you about your use of our Services on the basis that we have a legitimate interest in asking users to provide feedback for the purpose of improving and marketing our products and services. We will not contact you if you have opted out of marketing.
- Deliver targeted advertising to you. We may use your Carbon Impact, Account, or Transaction Data to advertise marketplace providers relevant to your interests and to measure its effectiveness. We do this on the basis of our legitimate interest in making sure your experience in using our Services is relevant and productive, and also on the basis of our legitimate interest in marketing further services to you, and in the legitimate interest of society as a whole in presenting you with options when it comes to your carbon footprint.
- To improve our own products and Services generally, including improving customer experience or to inform how we develop new products and services. This means data analysis, identifying usage and general user behavioural trends (such as how many people are offsetting, but this doesn’t involve “profiling” you individually), determining the effectiveness of our promotional campaigns, to evaluate and improve our Services, products and better tailor our marketing and your experience. We may use and store this information in aggregated and anonymised form so that it is not associated with individual end users and does not include personal information but it will initially be based upon a snapshot of your account, transaction, carbon impact, marketing communications and preferences data and we use that data on the basis of our legitimate interest in furthering our business as set out in this paragraph, and on the basis that we make sure you can’t be identified once we’ve aggregated this data so that it doesn’t unfairly prejudice your right to privacy.
- For statistics, research, and educational purposes. We may share anonymised or pseudonymised information (for example, aggregated data) with third party statistical, research and educational institutions. Where we do this, the data we share won’t be personally identifiable, but it will be based upon the information available to us at the time. This means that we don’t need any legal basis to process the data because it is not personal data to which the UKGDPR or EUGDPR applies. This data might be used to produce reports, research papers, white papers or other documents prepared for government consultation, to assist with climate impact analysis or to otherwise support the UK Environment Agency’s objectives from time to time or other social calls to action that are relevant to the data we collect. Our core mission is to improve the information that is available in relation to carbon worldwide, and by using our Services you are helping us further that goal.
3. SHARING YOUR DATA
In Short: We only share information with third parties where a legal basis allows us to do that. We will explain to you in each case which legal basis applies, this might be with your consent, to comply with laws, to provide you with contractual services, to protect you or your rights, or where our legitimate interests, including our own commercial interests, don’t unfairly prejudice your individual rights to privacy and where we have explained that interest to you on an appropriate policy or notice (legitimate interests). See the glossary for more information on each of the legal bases of processing.
More specifically, we may need to process your data or share your personal information in the following situations:
3.1 Identity Checks
Because of the nature of our Services, we use a third-party provider (Jumio) to perform a validity check on the identity document you provide and the live face scan you record. Jumio also use a sub-processor (Comply Advantage) to screen the name on your ID document and year of birth against global Sanctions lists and lists of politically exposed individuals. These are measures we take in order to help us comply with anti-fraud, anti-money laundering and counter terrorist financing regulations that we and third parties we work with may be subject to.
- Jumio act as a processor entirely upon Tred’s instruction. Tred remains the data controller and continue to be responsible for your data and we unsure that Jumio are contractually obliged to process personal data with at least the same degree of protection as we set out in this policy.
- The personal information Jumio collect is transferred to and processed in the United States. Jumio also may subcontract the processing of your data to, or otherwise share your data with, its affiliates or third parties in the United States or countries other than the UK. The data protection laws in these countries may be different from, and less stringent than those in the UK however, Jumio only transfer your personal information to countries where the EU Commission has decided that they have an adequate level of data protection, or where they take measures to ensure that all recipients provide an adequate level of data protection. Jumio do this for example by entering into appropriate data transfer agreements based on Standard Contractual Clauses as approved by the UK or the EU (as applicable) from time to time.
3.2 Card Issuing and Processing
3.3 Business Transfers
We may share or transfer your information in connection with, or during negotiations in anticipation of, any merger, financing, or acquisition of all or a substantial portion of our business to another business. Where your data is subject to a business transfer such as this, that won’t affect the level of protection your personal data receives, and it will still be processed subject to this privacy notice unless we inform you otherwise.
3.4 Verifying your email address and mobile number
You can choose to remove cookies or reject cookies; however, this could affect certain features of our Services.
5. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We have a data retention policy which sets out how long we keep different data for, and we provide this on request if you contact us to ask for it.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We will convert your personal data into anonymous aggregated information, at regular intervals, that we will use indefinitely for statistical and research purposes. Where we create this kind of aggregated information, we make sure that you can’t be identified from that pool of information and so this is no longer classified as “personal data” by law. We may share aggregated datasets with third party researchers and institutions (for example, with universities and environmental groups) for the purposes of further statistical analysis, research and environmental reporting and lobbying generally.
6. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information, but we will promise to do our best to protect your personal information. Transmission of personal information to and from our Services, including your use of Wi-Fi and unsecured network environments, is at your own risk. You should only access the Services within a secure environment.
7. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 13 years of age.
We do not knowingly solicit data from or market to children under 13 years of age. This is the age that the UK government considers that you are old enough to consent to processing of your personal data. By using the Services, you represent that you are at least 13. If we learn that personal information from users less than 13 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 13, please contact us at email@example.com.
8. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: You have rights that allow you access to, and control over, your personal information. You may review, change, or terminate your account at any time.
Under UK data protection laws you have rights which include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; (v) to withdraw consent at any time (where consent is the relevant legal basis we rely on); and (vi) the right to complain to the Information Commissioners Office. In certain circumstances, you may also have the right to object to the processing of your personal information. To make any such a request, please contact firstname.lastname@example.org We will consider and act upon any request in accordance with UK data protection law requirements and timelines.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you have questions or comments about your privacy rights, you may email us at email@example.com
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Contact us at firstname.lastname@example.org
- Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate your account. We will hold your account details for a period allowing you to re-activate and have access to transaction history then delete or completely anonymise all data from our active databases. In some cases, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms and Conditions and/or comply with applicable legal requirements, however this is only when necessary and in compliance with UK GDPR regulations.
Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list — however, we may still communicate with you, for example to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, you may:
- Contact us using the contact information provided.
- Access your account settings and update your preferences.
- CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals when people use our website, however on the Tred app we do as this is a system requirement.
- DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws or whenever we think we can improve it.
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
- HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may contact our Data Protection Officer, Claire Pratt, by email at email@example.com
We may process or share your data that we hold based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests and where we consider that those interests don’t unfairly prejudice your individual rights to privacy.
- Performance of a Contract: Where we have entered a contract with you, we may process your personal information to fulfil the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a witness summons (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or act regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.