At Token we are fully committed to protecting and respecting your privacy. This Policy explains how we collect personal information about people who use our services, how we use the data and the conditions in which we may disclose it to others, and how we keep it secure.
We may change this policy from time to time, so please make sure that you check this page occasionally just to make sure that you are still happy with it. By using our services and consenting to Token processing your data, you are agreeing to the conditions below. We are the data controller for the purposes of the data that we collect from our website and for the performance of our
If you have any questions, please email the following address email@example.com or by writing to The Data Protection Officer, 15 Bishopsgate, London EC2N 3AR.
Who are we?
When we say ‘we’ we mean that we are Token.io Ltd (London - UK) and Token, Inc. (San Francisco - USA). Token was started to create an open banking platform that allows a global ecosystem of banks, bank customers and developers to move money and information securely, instantaneously and without friction across the globe. Money and transaction information move as a unit instantly, securely, and at a low cost. This goal is achieved through groundbreaking innovation, attention to detail and a passion for customer success. We are also registered as a Data Controller with the ICO and our registration number is ZA314995 and as Payment Initiation Service Provider and Account Information Service Provider with the Financial Conduct Authority and our reference number is 795904.
How do we collect data from you?
We collect information about you from different places including:
- directly from you when you use any Token service – but only once you have explicitly consented to your information being shared with us
- from a third party (such as your bank) acting on your behalf, where you have given your explicit consent for your information being shared with Token
- from other organisations (such as Linkedin) where you have already explicitly consented to your information being shared
- from publicly available sources (such as Google)
- when we generate it ourselves using any of the above sources
We’ll only collect your information in line with relevant regulations and laws, and this may relate to any of our services that you use, or have used in the past. You’re responsible for making sure you give us accurate and up to date information.
What type of information do we collect from you?
We will only collect the data that you need us to collect in order to provide the services that you asked for. We will not collect any data from you that is not needed to fulfill those services.
How is your information used?
We may use your information to:
- Initiate payments/refunds for goods or services.
- Provide information to you allowing you to benefit from other services.
- Carry out any contractual obligations between us.
- Seek your views and comments on the service that we are providing.
- Notify you of any changes to our services.
We review our data retention periods regularly and we are legally obliged to retain some personal information as part of our statutory requirements. We will only hold your personal information in our systems for as long as is necessary for the relevant activity, or as long as is set out in any contract you have agreed with us.
Our legal basis for processing personal data is:
For the performance of a contract with You;
For the purpose of furthering Token.io Ltd legitimate interests, including providing better products, services, websites and applications.
Who has access to your information?
We will not sell or rent your information to any third parties. We will not share your details to anyone for marketing purposes.
Third Party service providers working on our behalf:
We may pass your information to our third party service providers, agents, subcontractors and any other associated organisations for the purpose of completing tasks and providing services to you on our behalf (for example processing a payment or transferring money as you requested). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service that you need, and we have contracts in place that requires each third party provider to keep your information secure and not to use it for their own direct marketing purposes or any other purpose. We will not release your information to third parties beyond those that we have such a contractual relationship with - unless you have specifically requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. In such circumstances, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Third Party Product Providers we work in association with:
If you have any questions regarding secure transactions, please contact us at: firstname.lastname@example.org.
What are Your choices?
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our products and services, then you can opt out by ticking the relevant box on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us at: email@example.com.
How you can access and update your information
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org, or write to us at: The Data Protection Officer, 15 Bishopsgate, London EC2N 3AR. Alternatively, you can telephone +44 203 934 6664. You have the right to ask for a copy of the information Token hold about you and you can contact us at email@example.com where we will provide you with the details you have requested. Before we release any confidential data to you we will, of course, need to verify your identity first.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as name, address, email, mobile/cell number or bank details) is encrypted and we utilize secure web-based data collection technology, including industry standard SSL, with 2048-bit RSA keys, facilitating up to 256-bit AES encrypted sessions. We utilise appropriate measures to safeguard data against unauthorised access, disclosure, alteration, or destruction. These measures may include, among others, encryption, physical access security, auditing, and other appropriate technologies.
When you are on a secure page, a lock icon will appear on the web browsers such as Microsoft Internet Explorer or Safari. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may make use of additional information about you when it is available from external sources to detect and reduce criminal activity, including fraud risk.
Cookies and Cookie Types
Cookies are small text files that are stored on your computer by websites you visit. They allow the website to do things such as keep track of your preferences as you move around the site so that the website can personalise pages for you and store little bits of information about your visit for use on future visits. Cookies stay on your computer for varying amounts of time depending on their type and the parameters the website sets whilst creating them.
Cookies come in three different types. The cookies themselves vary very little between the types but their effect and use is different.
First Party Cookies
First party cookies are created by the website you are visiting. They can only be read and used by that website.
Third Party Cookies
Third party cookies are not set by the website you are visiting. They are set by a different organisation whose features are being used by the website you are visiting. This is common practice if sites use analytical systems supplied by a third party (as most are) to track the usage and load on their website. These may also be created by embedded content in the web page, a YouTube video for instance, as these need their own cookies to work.
These enable a website to track your use throughout the site, storing choices you have made and any information you have provided. They are a type of first party cookie that only remain stored on your computer until you close your browser when they are then deleted.
Each browser has settings which allow you to elect not to allow websites to store cookies on your machine. As each browser is a little different, we advise you to check your browser's help functionality for this option or search for instructions that are specific to your browser.
If you choose to disable cookies, some aspects of this website may not function as intended.
Transferring your information outside of European Economic Area (“EEA”)
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing and/or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken and we remain compliant with the General Data Protection Regulation, with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EEA in order to provide you with those services.
Our web site may also use a website recording service. This product may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Data collected is for Token’s internal use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in April 2018.