1.2. As a data processor we collect information you provide when you
- fill in any forms or online applications;
- correspond with us;
- register to use the Sokin app;
- open a Sokin account or use any of our services;
- take part in online discussions, surveys or promotions;
- speak with a member of our customer support team ;
- contact us for other reasons.
1.3.1. Third-party websites, plug-ins, and apps linked to from this website.
2. Personal Data Sokin Collects And/Or Otherwise Processes About You
2.1. We may hold the following categories of your personal data:
2.1.1. Information you give us: We collect information you provide which includes
- Your name, address, and date of birth;
- Your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
- Your Sokin username, password and other registration information;
- Details of your bank account, including the account number, sort code and IBAN;
- Details of your Sokin cards (or other debit cards you have registered with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card);
- Identification documents (for example, your passport or driving licence), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;
- Records of our discussions, if you contact us or we contact you (including records of phone calls);
- Your image in photo or video form (where required as part of our Know-Your-Client (KYC) checks or where you upload a photo to your Sokin account for onboarding purposes).
- If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties.
2.1.2. Information from your device whenever you use our website or the Sokin mobile app, we may collect the following information:
- Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
- Information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page.
- Information on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used.
- Information stored on your device, including if you give us access to contact information from your contacts list. The Sokin Mobile app will regularly collect this information in order to stay up to date (but only if you have given us permission).
- If you have location services in the Sokin Mobile app switched on, we track your location using GPS technology.
2.1.3. Information from Others
- We collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for due diligence checks, security searches, and KYC purposes.
- We collect personal data from third parties, such as credit-reference agencies, financial or credit institutions, official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services.
- This may include your credit record, information about late payments, information to help us check your identity and information relating to your transactions.
- When you ask us to, we will also collect personal data from accounts you hold with third party banks (and some accounts with third party providers that aren’t banks) so that you can see everything in one place in your Sokin Mobile app. You can create a linked account by activating Open Banking in the app.
2.1.4. Sokin does not collect any ‘special categories of personal data’ (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic data)
3. Purposes For Which Sokin May Use Your Personal Data
3.1. The primary purposes for which Sokin will use your personal data is
3.1.1. To analyse, develop, and improve the use, function, and performance of our products and services. For example, we may process personal data for our own research and development purposes in support of our products and services, such as to enhance the quality of our products, to develop new features and support new functions of our services, and for internal statistical analyses of our products’ and services’ performance.
3.1.2. To manage the security of our sites, networks, and systems, and to operate our business. We may collect usage and systems operations data from our website(s) and/or services platform(s) in order to better manage our operations and/or to help keep our products and services secure (including your information), as well as to investigate and help prevent cyber-attacks or potential fraud, including ad fraud and to detect bots. We may also process personal data in the operation of our day-to-day and overall business, such as when we conduct audits and investigations, as well as for finance, accounting, archiving, and/or insurance purposes.
3.1.3. To comply with applicable laws and regulations. We process personal information as part of our compliance with applicable laws and regulations, in the provision of our products and services.
4. Sokin’s Legal Grounds For Use Of Your Personal Data
4.1. We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.
Keeping to our contracts and agreements with you
4.1.1. We need certain personal data to provide our services and cannot provide them without this personal data.
4.1.2. In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).
4.1.3 We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy.
4.1.4. Where you’ve agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
4.2. You can always object to the use of your data for marketing or for any further use under the grounds of legitimate interests. You can also withdraw your consent at any time. Please refer to Section 5 (Your Choices And Rights Regarding Your Personal Data) below.
5. Your Choices and Rights Regarding Your Personal Data
5.1. Sokin respects that you have the right to have control over your data, so we provide you with multiple choices for managing that control with us.
The rights and choices set out below are applicable only in relation to your personal data which we process as a data controller, and, except for Opt-Outs, do not apply where we process personal data as a data processor on behalf of our clients.
5.2. Marketing opt outs
5.2.1. You can ask us to stop using your personal data for marketing purposes at any time.
5.2.2. In order to exercise your right to opt-out of having your data collected by us through our website, please email us at email@example.com
5.3. Sokin cookies opt outs
5.3.1. Cookies are small text files that are downloaded onto your computer and/or other devices you use to browse the internet and visit a website. Cookies allow us to recognise your device and gather some information about your preferences and past actions, which is then stored in connection with your cookie. The cookies and associated information are used to provide you with a more tailored experience on webpages, including remembering your previous activities on the website, providing you with tailored content based on your previous interactions on that website, and remembering your log-in information (where you choose to allow that).
5.3.2. You can change your default browser settings to be notified whenever a new cookie is dropped on your browser, or even to block cookies all together. Please refer to the Website and Marketing page for further details.
5.4. Accessing Information about You
5.4.1. You have the right to request details about the personal data that we process about you as a data controller. You can obtain this by making a Subject Access Request. To do so, please contact us via email to firstname.lastname@example.org and stating “Subject Access Request” in the subject line and/or in the email body. Please ensure that you provide us with the correct information about you in the email body so we can identify you in our systems.
5.4.2. When you make a Subject Access Request to Sokin, you are entitled to all the information that we may hold on you that we process as a data controller. The information that we provide back to you includes:
- Opt Out Report: which is a report indicating whether you are listed in out existing opt out list (both for offline and online suppression lists).
- Offline Data: which includes offline identifiers (this means personal data such as name, address, email, phone) or attributes (such as demographic data).
- Online Data: this will be data such as your mobile ID, Cookies that we have associated with you and so forth.
Please be aware that we may need you to confirm your identity to ensure that we do not provide your information to someone that may not be you.
5.5. Requesting Information about You to be Rectified
5.5.1. If you feel that we may have processed information about you that is incorrect, or if you wish for us to amend any information about you that may have changed or is out of date in anyway (i.e. you now have a different email address than what you believe we have in our system for you), then please contact us via email to email@example.com and stating “Other Privacy Inquiries or Application of Rights” in the subject line and/or in the email body. Please indicate in the body of the email what information you would like us to correct. When doing this, please state what information we may have in the system for you, and what you would like us to change it to.
5.6. Deleting Information about You
5.6.1. You can request that we delete all personal information that we may have collected about you by contacting us via email to firstname.lastname@example.org and stating “Erasure Request” in the subject line and/or body of the email. Please ensure that you provide us with the accurate email address which the erasure request is linked to in the email body.
Please be aware that Sokin will be required to continue to retain your information in the event that you continue to receive any Sokin products or services.
Please also be aware that Sokin reserves the right to store some information about you in compliance with applicable law (for example, we may retain the information you provide with your request for erasure in order to maintain our suppression lists).
6. Sokin’s Disclosures Of Your Personal Data
6.1. Providing our products and services sometimes results in the need to disclose personal data to our counterparties for example Banking Partners, Card Issuers and other third-party service provides who help us to deliver the products and services you have signed up to receive. Please see below examples of suppliers we normally share your personal data with
- Suppliers who provide us with IT, payment and delivery services
- Our banking and financial-services partners and payments networks, such as Mastercard
- Card manufacturing, personalisation and delivery companies
- Customer-service providers, survey providers and developers
- Communications services providers
6.2. We do not disclose the personal data stored to any counterparties unless it is strictly necessary. We do not allow our third-party service providers to use your personal data for their own purposes, and we only permit them to process your personal data per our instructions for specified purposes in accordance with GDPR.
6.3. Sokin requires all third parties to whom we distribute your personal data to respect the security of your personal data and to treat it in accordance with the law. We make efforts to ensure that the recipients of your data are reputable entities, including by conducting appropriate checks on them. Please be aware that we may also be required to disclose personal data to comply with legal obligations (such as subject to a subpoena or other legal processes), in order to protect both your and our rights, and to ensure your safety, as also discussed in Section 3 (Purposes For Which Sokin May Use Your Personal Data) above. Such instances can include situations where we must respond to government requests, investigate fraud, and even where we respond to public and government authorities outside your country of residence for national security and/or law enforcement purposes.
7. Sokin’s International Transfers Of Personal Data
7.1. Sokin is a global organisation, which means that in the performance of our services we may transfer your data outside the European Economic Area (‘EEA’).
7.2. The UK left the EU on 31 January 2020 and entered a transition period, which will end on 31 June 2021, till end of transition period transfers between UK to EEA remain unrestricted. After Transition period, restricted transfers from the UK to other countries, including to the sea, will be subject to transfer rules under the UK regime. These UK transfer rules broadly mirror the EU GDPR rules, but the UK has the independence to keep the framework under review.
7.3. Whenever we transfer your personal data out of the EEA, we require that a degree of protection similar to the protection that we provide ourselves is afforded to your data. We do this by requiring that at least one of the following safeguards is implemented:
7.3.1. Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
7.3.2. Where we use certain service providers or transfer personal data we may use standard contractual clauses approved by the European Commission that give personal data the same protection it has in Europe.
Should you have any further questions or require further information on the specific mechanism(s) used by us when transferring your personal data out of the EEA, then please contact us via email at email@example.com.
8. Data Security
8.1. Sokin takes protection of your data seriously, and we have implemented appropriate technical, organisational, and physical measures to prevent your personal data from being accidentally lost, altered, disclosed, or used or accessed in an unauthorised way. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
8.2. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data Retention
How Long Sokin Will Use Your Personal Data
9.1. We take various factors into consideration to determine the appropriate retention period for your personal data, including:
- the amount, nature, and sensitivity of the personal data;
- the implications of retaining your personal data on our applicable legal, regulatory, tax, accounting, and/or other necessities and obligations.
- the purpose(s) for which we process your personal data;
- whether we can achieve such purpose(s) through other means; and
the potential risk of harm from unauthorised use or disclosure of your personal data;
9.2. We will generally keep your personal data for six years after our business relationship with you ends or such period as may be required by applicable local laws. We are required to keep your personal data for this long by anti-money laundering and e-money regulatory laws. We may keep your personal data for longer because of a potential or ongoing court claim or another legal reason.
9.3. We will not store your personal data for longer than necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may, however, retain your personal data for a longer period as reasonably necessary for us to deal with a complaint or if we reasonably believe that litigation may be likely with respect to our relationship with you or our use or retention of your personal data.
10. Sokin Contact Details
10.1. If you have any questions about any of our privacy practices, please contact us or our data protection officer in any of the following ways:
By email to Sokin: firstname.lastname@example.org
By post to Sokin:
Plata Capital Limited t/a Sokin, 1st Floor 90 Chancery Lane, London, United Kingdom, WC2A 1EU
10.2. You have the right to make a complaint at any time by contacting the Information Commissioner’s Office (‘ICO’), who is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns directly with you before you approach the ICO and ask that you please contact us first.
1 March 2021, updated and revised to more clearly address your rights and our obligations under GDPR.