Effective for all customers, starting 13th April 2022
It is important to us that you feel safe when you use services provided by EVERYTHING. Therefore, we are providing all the information about how we use your personal data in this privacy notice.
We are EVERYTHING Technologies Ltd (‘we’, ‘our’, ‘us’) and operate under the business name “EVERYTHING”. We are incorporated in England and Wales and our registered office is at Fourth Floor, 27 Dover Street, London, England, W1S 4LZ. Our company registration number is 13359142. We are registered with the Information Commissioner’s Office (ICO) under number ZB284197.
EVERYTHING is the data controller in accordance with the UK data protection laws (such as EU Regulation 2016/679 as incorporated and amended into UK domestic law (the “UK GDPR”) and the Data Protection Act 2018). If you have any questions regarding the processing of your personal data, please contact our data protection team by writing to firstname.lastname@example.org.
This notice explains what personal information EVERYTHING collects about you and how we use it when you open an account, and use our app, card, platform, or services on www.joineverything.com. This notice also describes your rights in relation to our use of your personal data and how to exercise them.
When you apply for an EVERYTHING account
When you sign up for or use our services
If you use other ways to get in touch than the EVERYTHING in app chat, we collect the following information so we can answer your questions or take action.
We collect information about how you use the app to help improve features. This includes:
We collect this information to keep your data safe and to improve features for you. This includes your:
When you sign up for an EVERYTHING account, we search your record at:
For more information about data, we collect from and share with credit reference agencies, see ‘Who we share your data with’ below.
We may also collect information about you from public sources for anti-money laundering reasons or market research.
If you sign up to a service from one of our partners through the EVERYTHING app, they may share details with us about the business relationship.
Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest, or consent. In this section we explain which one we rely on to use your data in a certain way.
When we need to use your data for a contract we have with you, or to enter into a contract with you.
We use details about you to:
When we need to use your data to comply with the law.
When it’s in our ‘legitimate interest’.
We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which does not involve overriding your privacy rights. This is based on a balancing of interests. When balancing interests, EVERYTHING has determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
Product development and marketing
Security and business management
Companies that give services to us
We’ll ask for your consent to:
You do not have to share information about yourself (except a randomly generated username which is a unique identifier) if you do not want to. But if you do not, you may not be able to use some (or any) of our services.
We may need to process sensitive information about customers that data protection laws call ‘special category’ data. This is information that can, for example, reveal a person’s biometric data (if used for identification purposes) and information concerning a person’s health
Data protection laws say we need a second lawful basis to use special category data. This can be: explicit consent, exercising legal rights in the field of employment, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In this section we explain which lawful basis we rely on to use your special category data in a certain way.
It’s necessary for reasons of substantial public interest
It's necessary to protect your or another person’s vital interests. We may share information about you externally (generally with law enforcement in an emergency), if it is necessary to protect your or another person’s life and you are unable to consent.
We have your explicit consent. We record any issues you want us to know about relating to your health, so we understand how to best support you.
We sometimes use computers to make decisions. We do this for deciding if:
You always have the right to object to an automated decision with legal consequences or decisions which can otherwise significantly affect you. You can ask for a member of the team to review a decision via the in-app chat taking into account any additional information and circumstances that you provide to us. If your application for an EVERYTHING account was rejected, you can ask us to check this decision by emailing email@example.com.
We store your personal data in accordance with current laws, such as money laundering and accounting law (normally 5 years and 7 years, respectively). In addition, we only store your personal data for as long as needed to fulfil the respective purpose of our processing.
Personal data that is important for the contractual relationship between you and us is normally stored for as long as the contractual relationship lasts and thereafter for a maximum of 10 years based on statutes of limitations.
We process the recordings of telephone conversations for a time period of 90 days for quality assurance purposes, but may keep the recordings for up to two years for fraud investigation purposes. We may also retain recordings of outbound calls for up to two years, in order to document what has been decided on the call.
In some cases, the information may need to be stored for a longer period due laws that we must comply with. If you do not enter into an agreement with us, the personal data are normally stored for a maximum of 3 months, but the data may in some cases have to be stored longer, for example, due to money laundering laws, or to protect EVERYTHING from legal claims and to safeguard our legal rights.
The right to obtain information. You have the right to obtain information about how we process your personal data. We do this through this privacy notice, by information on our website, and by answering your questions.
Right to access your data. You may request a copy of your personal data if you want to know what information we possess about you.
Right to data portability. You may request a copy of the personal data concerning you that we process for the performance of a contract with you, or based on your consent, in a machine-readable format.
Right to rectification. You have the right to rectify inaccurate information about yourself, and to make additions to incomplete information.
Right to have your information erased. You have the right to request that your personal data be erased. This applies to information that is no longer necessary to process for the purpose(s) for which it was originally collected, or if you revoke your consent. It is however important to know that the right to have your information erased is not absolute. EVERYTHING is obligated by law to retain certain information even if you request us to erase it and these laws prevent us from immediately erasing certain information.
Right to restrict processing. If you believe that the data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you may request that we restrict the processing of your personal data. You may also request a restriction while you are waiting for our assessment to see if our interest in processing your data outweighs your right not to have this data processed.
Right to oppose the processing of your personal data or to object to our processing. You may object to our processing of your personal data based on our legitimate interest (Article 6(1)(f) GDPR), with reference to your personal circumstances. Furthermore, you may always object to our use of your personal data for marketing purposes.
Right to object to an automated decision that significantly affects you. You have the right to object to an automated decision made by EVERYTHING if this decision entails legal consequences or constitutes a decision that affects you significantly in a similar way.
Right to withdraw one’s consent. In cases where we process your personal data based on your consent, whether implicit or explicit, you have the right to revoke your consent at any time. This means that we will cease the processing, but it does not affect the processing that we have already performed.
Right to lodge a complaint. You have the right to lodge a complaint with your supervisory data protection authority (the ICO), which can be reached using this link: https://ico.org.uk/.
To do any of these things, please contact us through the in-app chat or by emailing firstname.lastname@example.org. If your application for a EVERYTHING account was rejected and you want us to review that decision, please email email@example.com. UK data protection laws give us one month to respond.
We may transfer and store the data we collect from you to organisations outside the UK for example when we use a supplier or subcontractor located outside of the UK.
We ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted in line with applicable UK data protection legislation requirements, such as the UK GDPR, when we transfer your data outside of the UK. These safeguards consist of ensuring that the third country or state at hand is subject to an adequacy decision by UK authorities or by implementing so-called standard contractual clauses originating from the European Commission.
EVERYTHING is committed to protecting and respecting your privacy and personal data. If you have any questions or concerns about this notice, or our practices with regards to your personal data, please contact us at firstname.lastname@example.org or at the address set out at the beginning of this notice.
If you’re still not satisfied with our response, you can refer your complaint to the ICO as stated in the section on your rights above.
We are constantly working to improve our services so that you have a smooth user experience. This may involve modifications of existing and future services. If that improvement requires a notice or consent in accordance with applicable law, you will be notified or given the opportunity to give your consent. It is also important that you read this privacy notice every time you use any of our services, as the processing of your personal data may differ from your previous use of the service in question.