Privacy Policy

Version 1.01
Effective for all customers, starting 13th April 2022

It is important to us that you feel safe when you use services provided by EVERYTHING. Therefore, we are providing all the information about how we use your personal data in this privacy notice.

1. Who is responsible for your personal data?

We are EVERYTHING Technologies Ltd (‘we’, ‘our’, ‘us’) and operate under the business name “EVERYTHING”. We are incorporated in England and Wales and our registered office is at Fourth Floor, 27 Dover Street, London, England, W1S 4LZ. Our company registration number is 13359142. We are registered with the Information Commissioner’s Office (ICO) under number ZB284197.

EVERYTHING is the data controller in accordance with the UK data protection laws (such as EU Regulation 2016/679 as incorporated and amended into UK domestic law (the “UK GDPR”) and the Data Protection Act 2018). If you have any questions regarding the processing of your personal data, please contact our data protection team by writing to support@joineverything.com.

This notice explains what personal information EVERYTHING collects about you and how we use it when you open an account, and use our app, card, platform, or services on www.joineverything.com. This notice also describes your rights in relation to our use of your personal data and how to exercise them.

2. What kind of personal data do we collect and how do we use it? 

Information you give us through the EVERYTHING app

When you apply for an EVERYTHING account

  • Personal details like your name, date and place of birth.
  • Contact details like your home address (and previous addresses), email and phone number.
  • Information about your identity, such as a copy of your ID document, a selfie.
  • Information about your right to live in the UK and your tax residency.
  • Financial details, such as your reason for opening an account with EVERYTHING.

When you sign up for or use our services

  • Details you give us when you sign up for a specific service.
  • Details you give us which we pass to our partners when you let us know you’re interested in their services.
  • Information you give us through EVERYTHING chat.
  • Answers you give to surveys about EVERYTHING and our services.

Information we collect or generate if you get in touch

If you use other ways to get in touch than the EVERYTHING in app chat, we collect the following information so we can answer your questions or take action.

  • The phone number you’re calling from and information you give us during the call (we record all calls).
  • The email address you use and the contents of your email (and any attachments).
  • Public details from your social media profile (like Facebook, Instagram or Twitter, TikTok, Discord etc.) if you reach out to us via these platforms, and the contents of your messages or posts to us.

Information we collect or generate when you use the app and our services

We collect information about how you use the app to help improve features. This includes:

  • details about payments to and from your EVERYTHING account, your activity, and any services that you choose to use
  • details about services from us and our partners that you express interest in
  • details about how you use our app
  • all the countries you're a tax resident in and your Tax Identification Number for each one.

Information we collect from your phone

We collect this information to keep your data safe and to improve features for you. This includes your:

  • mobile network and operating system, so we can analyse how our app works and fix any issues
  • IP address and device ID (we will link your mobile phone number with your device) for security measures and to protect you against fraud
  • mobile ad ID, so we can share it with companies that help us with advertising online (you can reset this ID or limit tracking in ‘Settings’ on your phone)
  • location if you’ve authorised tracking, so we can help protect you against fraud
  • phone contacts who use EVERYTHING, if you activate ‘Friends’, and they do too (we don’t store your full address book).

Information we get from external sources

When you sign up for an EVERYTHING account, we search your record at:

  • credit reference agencies to verify your identity (this is a 'soft search' and won’t impact your credit score).
  • fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties.

For more information about data, we collect from and share with credit reference agencies, see ‘Who we share your data with’ below.

We may also collect information about you from public sources for anti-money laundering reasons or market research.

If you sign up to a service from one of our partners through the EVERYTHING app, they may share details with us about the business relationship.

3. What are our reasons for using your information and on which legal basis? 

Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest, or consent. In this section we explain which one we rely on to use your data in a certain way.

When we need to use your data for a contract we have with you, or to enter into a contract with you.

We use details about you to:

  • consider your application
  • provide you the services we agreed to in line with our terms and conditions
  • send you messages about your account and other services you use if you get in touch, or we need to tell you about something
  • exercise our rights under contracts we’ve entered into with you, like managing, collecting, and recovering money you owe us
  • investigate and resolve complaints and other issues.

When we need to use your data to comply with the law.

We:

  • confirm your identity when you sign up or get in touch
  • check your record at immigration and fraud prevention agencies
  • prevent illegal activities like money laundering, tax evasion and fraud
  • check your record at credit reference agencies (this won’t affect your score) and ask about your reasons for applying for a service, and other details about your financial circumstances so that we can make responsible decisions
  • keep records of information we hold about you in line with legal requirements
  • adhere to financial laws and regulations (these mean we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties)
  • compare information we hold about your account with your tax residency information to make sure we don’t have a reason to doubt it.

When it’s in our ‘legitimate interest’.

We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which does not involve overriding your privacy rights. This is based on a balancing of interests. When balancing interests, EVERYTHING has determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

Product development and marketing

We:

  • check your record at credit reference agencies when you sign up to use certain services (this is a 'soft search' and won’t impact your credit score)
  • tell you about products and services through the app or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We may also exclude ads on this basis. We do this so we can make sure our marketing is useful. That includes instructing platforms to show or not show EVERYTHING adverts to existing customers. We don’t share any other identifying information about you with social media companies than your mobile ad ID (unless you have disabled it)
  • track, analyse and improve the services we give you and other customers and how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can make our products better and understand how to market them
  • use the personal information you share with us and data you create from using the app to suggest EVERYTHING features or products you would find useful. It is in your control in the App if you want us to stop
  • share insights with the public about trends based on data that does not personally identify you
  • do not sell any of this information.

Special features

We:

  • show where you were when you bought something with Google maps (in the EVERYTHING app)
  • give you reports on how you have spent and/or saved money using EVERYTHING
  • personalise your visual experience in the EVERYTHING app.

Security and business management

We:

  • protect the rights, property or safety of us, our customers or others
  • carry out security and maintenance checks to make sure our app, website and other services run smoothly for you
  • manage EVERYTHING’s business risk and financial affairs, and protect our customers and staff
  • share information with credit bureaus and fraud prevention agencies so we can benefit from up-to-date information when we make decisions about accounts and other services. This helps us make responsible decisions and fight financial crime
  • share your name, title and account number with banks and building societies, so that people making payments to you can confirm the name they have for you matches the name we hold in our records. This helps us fight financial crime.

Companies that give services to us

We:

  • share your information with companies that so they can help us provide our services (see ‘Who we share your data with’ below).

Consent.

We’ll ask for your consent to:

  • record any issues you want us to know about so we understand how to best support you. (If the information is sensitive, we need a second lawful basis, see ‘Our reasons for using special category information’ below.)
  • tell you about our products and services, and those of our partners by email or push notification if we think they’re of interest to you. You can unsubscribe from these by email or via the app. (You can use your app ‘Privacy’ to adjust your preferences if you do not want to see certain promotions in the app.)
  • help protect you against fraud by tracking the location of your phone if you’ve authorised it
  • show your profile picture in the app if you add one
  • show your profile picture and name to EVERYTHING contacts in their app if you have turned on ‘Visibility’, provided they’ve stored your phone number in their phone book. (If you pay someone, they will see your name regardless of whether or not you’ve turned on ‘Visibility’. It is our legal duty to show this, so it is not something you can opt out of.)
  • share information about you with companies we work with when we need your permission (see ‘Who we share your data with’ below).

You do not have to share information about yourself (except a randomly generated username which is a unique identifier) if you do not want to. But if you do not, you may not be able to use some (or any) of our services.

‍

4. What are our reasons for using special category information?

We may need to process sensitive information about customers that data protection laws call ‘special category’ data. This is information that can, for example, reveal a person’s biometric data (if used for identification purposes) and information concerning a person’s health

Data protection laws say we need a second lawful basis to use special category data. This can be: explicit consent, exercising legal rights in the field of employment, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In this section we explain which lawful basis we rely on to use your special category data in a certain way.

It’s necessary for reasons of substantial public interest

We:

  • use facial recognition technology to identify people who use our services in the EVERYTHING app. We do this because it is necessary for reasons of substantial public interest to prevent or detect unlawful acts
  • record information about your health if it’s necessary to help you as a vulnerable customer (for example, when you contact customer service and you need extra support due to particular circumstances).

It's necessary to protect your or another person’s vital interests. We may share information about you externally (generally with law enforcement in an emergency), if it is necessary to protect your or another person’s life and you are unable to consent.

We have your explicit consent. We record any issues you want us to know about relating to your health, so we understand how to best support you.

5. Who do we share your data with?

Companies that provide services to us

‍Here we mean companies that help us provide services you use and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using an identifier rather than your name).

  • Know Your Customer (KYC) service providers that help us with identity verification or fraud checks like Onfido
  • Cloud computing power and storage providers like Amazon Web Services (AWS) and Snowflake
  • Website hosting providers like AWS and Webflow
  • Analytics providers and search information providers (Mixpanel, Google Analytics)
  • Companies that help us with marketing and advertising (Facebook Audience Network, Facebook Advertising, Google AdSense, TikTok, Snapchat, Google Ads Remarketing and Facebook Remarketing)
  • Communications services providers that help us stay in touch with you like Intercom and Sendgrid
  • AllPay that produce our EVERYTHING cards
  • Card networks, like MasterCard
  • Companies that help us with functionality and infrastructure optimisation (Kickofflabs)
  • Companies that allow you to connect your financial data (Plaid)
  • Companies that help us with customer support (OnePilot)
  • Companies that help us with functional analytics (to help us solve technical issues with the app for instance)

Fraud prevention agencies

‍When you apply for an account, we check your record with fraud prevention agencies (FPAs) like Cifas. During the application process and after you become a customer, we may share information about you with them to help prevent fraud and money laundering when it’s in our ‘legitimate interest’. If we detect fraud, we may stop activity on your account or block access. Other organisations may use information we share with FPAs about fraud to refuse their services, finance or employment. For more information about the details we collect from and share with Cifas and how they’ll use your data, see Cifas’ Fair Processing Notice.

Anyone you give us permission to share it with

We tell you in the app when we need your consent to share your data with:

  • companies that introduce their own services via the EVERYTHING app
  • other apps
  • people you have asked to represent you, like solicitors.

Law enforcement and other external parties

We may share information about you with:

  • authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons
  • the police, courts or dispute resolution bodies if we have to
  • other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment
  • any other third parties where necessary to meet our legal obligations.

We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.

6. When do we make automated decisions?

We sometimes use computers to make decisions. We do this for deciding if:

  • we can give you an EVERYTHING account based on your age, residency, nationality, and other circumstances, like the results of anti-money laundering and sanctions checks
  • we need to take action, like freeze a transaction or account, because we suspect fraud or money-laundering against EVERYTHING or a customer. Our computers decide this based on patterns in our data, like an account or policy being used in a way that fraudsters work
  • our services and products, or those of companies we work with, are suitable for you so that we can tailor our marketing.

You always have the right to object to an automated decision with legal consequences or decisions which can otherwise significantly affect you. You can ask for a member of the team to review a decision via the in-app chat taking into account any additional information and circumstances that you provide to us. If your application for an EVERYTHING account was rejected, you can ask us to check this decision by emailing support@joineverything.com.

7. How long do we store your information?

We store your personal data in accordance with current laws, such as money laundering and accounting law (normally 5 years and 7 years, respectively). In addition, we only store your personal data for as long as needed to fulfil the respective purpose of our processing.

Personal data that is important for the contractual relationship between you and us is normally stored for as long as the contractual relationship lasts and thereafter for a maximum of 10 years based on statutes of limitations.

We process the recordings of telephone conversations for a time period of 90 days for quality assurance purposes, but may keep the recordings for up to two years for fraud investigation purposes. We may also retain recordings of outbound calls for up to two years, in order to document what has been decided on the call.

In some cases, the information may need to be stored for a longer period due laws that we must comply with. If you do not enter into an agreement with us, the personal data are normally stored for a maximum of 3 months, but the data may in some cases have to be stored longer, for example, due to money laundering laws, or to protect EVERYTHING from legal claims and to safeguard our legal rights.

8. Your rights

The right to obtain information. You have the right to obtain information about how we process your personal data. We do this through this privacy notice, by information on our website, and by answering your questions.

Right to access your data. You may request a copy of your personal data if you want to know what information we possess about you.

Right to data portability. You may request a copy of the personal data concerning you that we process for the performance of a contract with you, or based on your consent, in a machine-readable format.

Right to rectification. You have the right to rectify inaccurate information about yourself, and to make additions to incomplete information.

Right to have your information erased. You have the right to request that your personal data be erased. This applies to information that is no longer necessary to process for the purpose(s) for which it was originally collected, or if you revoke your consent. It is however important to know that the right to have your information erased is not absolute. EVERYTHING is obligated by law to retain certain information even if you request us to erase it and these laws prevent us from immediately erasing certain information.

Right to restrict processing. If you believe that the data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you may request that we restrict the processing of your personal data. You may also request a restriction while you are waiting for our assessment to see if our interest in processing your data outweighs your right not to have this data processed.

Right to oppose the processing of your personal data or to object to our processing. You may object to our processing of your personal data based on our legitimate interest (Article 6(1)(f) GDPR), with reference to your personal circumstances. Furthermore, you may always object to our use of your personal data for marketing purposes.

Right to object to an automated decision that significantly affects you. You have the right to object to an automated decision made by EVERYTHING if this decision entails legal consequences or constitutes a decision that affects you significantly in a similar way.

Right to withdraw one’s consent.  In cases where we process your personal data based on your consent, whether implicit or explicit, you have the right to revoke your consent at any time. This means that we will cease the processing, but it does not affect the processing that we have already performed.

Right to lodge a complaint. You have the right to lodge a complaint with your supervisory data protection authority (the ICO), which can be reached using this link: https://ico.org.uk/.

To do any of these things, please contact us through the in-app chat or by emailing support@joineverything.com. If your application for a EVERYTHING account was rejected and you want us to review that decision, please email support@joineverything.com. UK data protection laws give us one month to respond.

9. Where do we store or send your data?

We may transfer and store the data we collect from you to organisations outside the UK for example when we use a supplier or subcontractor located outside of the UK.

We ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted in line with applicable UK data protection legislation requirements, such as the UK GDPR, when we transfer your data outside of the UK. These safeguards consist of ensuring that the third country or state at hand is subject to an adequacy decision by UK authorities or by implementing so-called standard contractual clauses originating from the European Commission.

10. How do we use cookies and other types of tracking technology?

To provide a tailored and smooth experience, we use cookies and similar tracking technologies in our multiple interfaces, such as our website, the app. You can find information about the tracking technology that we use, and information about how you accept or decline the tracking technology, in each interface.

11. How to make a complaint

EVERYTHING is committed to protecting and respecting your privacy and personal data. If you have any questions or concerns about this notice, or our practices with regards to your personal data, please contact us at support@joineverything.com or at the address set out at the beginning of this notice.

If you’re still not satisfied with our response, you can refer your complaint to the ICO as stated in the section on your rights above.

12. Changes to this policy

We are constantly working to improve our services so that you have a smooth user experience. This may involve modifications of existing and future services. If that improvement requires a notice or consent in accordance with applicable law, you will be notified or given the opportunity to give your consent. It is also important that you read this privacy notice every time you use any of our services, as the processing of your personal data may differ from your previous use of the service in question.