OUR PRIVACY AND COOKIES POLICY

How we secure your Personal Data

Our mission is to help children form good money habits in a safe and secure environment. This means that your family’s privacy is important to us. Our privacy policy is an opportunity to be transparent with you about the personal data we collect, why we collect it, how we use it and how we protect it.

If after reading this privacy policy you still have questions, please don’t hesitate to contact us on via help@gohenry.co.uk, call us on 0330 100 7676 or write to our Data Protection Officer at goHenry Ltd, Abbey House, 282 Farnborough Road, Farnborough, GU14 7NA.

____________________________

1. How do I consent to these terms?

By requesting access to or using our Services.

By requesting access to or using our Services on or after May 25th 2018, You (as defined below) are agreeing to this privacy policy and our collection, use and sharing of Your Personal Data (as defined below) under this privacy policy (which includes our cardholder terms and conditions, our website and application terms of use, and any other documents referenced in this privacy policy).

If You don’t agree to these policies and would rather stop using our Services, You can of course do so by writing us at help@gohenry.co.uk or directly contacting our Member Services team by phone on 0330 100 7676.

____________________________

2. Who controls my Personal Data?

We do.

For the purpose of the relevant European data protection regulations, including but not limited to the General Data Protection Regulation, the company in charge of Your Personal Data (also known as the data controller) is goHenry Ltd, registered with the UK Information Commissioner’s Office under the number Z2942623.

IDT Financial Services Limited ("IDT") is the issuer of the card associated with our Services. Accordingly, IDT is a joint controller of some of your Personal Data as it relates to, and is required for, the administration and operation of the card. A copy of IDT's privacy policy may be found at http://www.idtfinance.com/privacypolicy.pdf.

____________________________

3. Who does this privacy policy apply to?

To any person, child or adult requesting access to or using our Services.

This privacy policy applies to children and adults who request, access or use our websites (including but not limited to www.gohenry.co.uk); applications for mobile phones or any other devices; communications, services and all related websites, data storage and tools regardless of how You access or use them (collectively, the “Services”), but excluding services that state that they are offered under a different privacy policy.

____________________________

4. Am I still responsible for my child’s use of your Services?

Yes.

As a parent or guardian of a child who has signed up to use our Services (“You”):

  • You are responsible for Your child’s use of our Services, including any subscription fees incurred and purchases made;
  • You are giving us informed consent to collect, use and share Your child’s Personal Data in accordance with the terms of this privacy policy;
  • You are giving us informed consent to contact Your child by email as further set forth under this privacy policy.

____________________________

5. What Personal Data do you collect and why?

We may collect Personal Data automatically, when You give it to us directly, or when we receive it from other sources. We do this to operate effectively and provide You with the best experience with our Services.

Personal Data means any information that can be used directly or indirectly to identify You or a member of Your family. We collect it to operate effectively and provide You with the best experience with our Services.

We may collect Personal Data automatically, when You give it to us directly, or when we receive it from other sources such as our partners (as set forth below) or social media accounts You choose to link to our Services.

The Personal Data we collect depends on the context of Your interactions with our Services, and the choices You make and may include the following:

  • Contact and identification information such as Your name and Your child’s name, Your phone number, email address, postal address, date of birth, identification document numbers, copies of identification documents (for example passport, driving licence, utility bills), personal description, social handles, photographs and other similar contact information.
  • Financial information such as the last four digits and expiry date of Your debit card number,  bank account information, bank sort code, IBAN, payment reason, footprint of your credit history, and other similar financial information;
  • Transaction information such as date, time, amount, currencies used, exchange rate, beneficiary details, details and location of the merchant or ATMs associated with the transaction, IP address of sender and receiver, senders and receivers names and registration information, as well as other similar transaction information;
  • Demographic information such as Your or Your child’s age, gender, nationality, country and other similar demographic information;
  • Security information such as passwords, password hints, security questions and answers and other similar security information;
  • Device and technical information such as IP address, unique device identifiers (such as the IMEI number for phones, the MAC address of the device’s wireless network interface), device functionality (browser type and version, operating system and platform, hardware used, browser plug-in types and versions) and other similar device and technical information;
  • Usage information such as the full uniform resource locators (URLs), information about page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), error reports and performance data (ie: details of the software or hardware related to an error, content of files You were using when an error occurred), troubleshooting and help data plus other similar usage information;
  • Location information such as Your device location which may include a street name and city or GPS- location, ISP or your mobile carrier, the URL of both the site You came from and the one you go to next and other similar location information. We use GPS technology and Your IP address to determine Your location - this may be used when the application is running in the foreground and the background of Your device. This is used to prevent fraud, for instance if your phone is saying that You are based in the UK but Your card is being used to enter into an ATM withdrawal or point of sale purchase in France, we may not allow that transaction to be processed. Please also know that most devices allow You to prevent location information from being sent to us;
  • Any other information You directly provide to us when filling out forms, corresponding with us (ie: email, conversations with Member Services by phone or chat sessions), filling out surveys, providing us with feedback and product reviews and other similar information.

You have choices about the Personal Data we collect. So, when You are asked to provide us with Your Personal Data, You always have the right not to do so. Please note however that if You choose not to provide us with Your Personal Data when prompted, You may not be able to use our Services.

____________________________

Do you use cookies?

Yes we collect data through cookies and similar technologies.

Like all major websites, we use cookies and other similar technologies to provide You with a good experience when You use our website.

It is always possible to block/opt out of cookies via your browser’s cookie settings that allows You to refuse the setting of all or some cookies. Please note however that if You do this You will not be able to use our Services properly. For example You may need to enter information repeatedly, or You might not get personalised content that is meaningful to You as many of our functions are dependent on cookies.

i) Information about our use of cookies

By continuing to use our website, You are agreeing to our use of cookies.

ii) What are cookies?

When You visit our website, our website server sends and stores a unique identifier (called the cookie) on Your device and uses this unique identifier to recognise You when You return to the website or browse from page to page. Cookies allow us to distinguish You from other users of our website and allow us to tailor our content to You. The cookies we use do not hold any Personal Data about You.

iii) What cookies do you use?

While the cookies that we use may change from time to time as we improve and update our Services, they generally fall into the below categories of use:

Cookie typeCookie domainCookie namePurpose
Strictly necessary cookiesgohenry.co.ukPHPSESSID, incap_ses_455_877650, incap_ses_868_877650, incap_ses_869_877650, visid_incap_877650, visid_incap_877651, wp-settings-time-24, incap_ses_869_877650, incap_ses_868_877650, incap_ses_457_877650, incap_ses_455_877650, ghtknThese are cookies that are required for the operation of our Services. They include for example, cookies that enable You to log into secure areas of our Services.
Analytical cookiesgoogle.com, google.co.uk1P_JAR, APISID, APISID, HSID, NID, OTZ, SAPISID, SID, SIDCC, SSID, sourceCodeTime, ki_t, ki_r, SSIDThese are cookies that allow us to to understand how people use our Services so that we can improve them.
apis.google.comOTZ
gstatic.comNID
bing.comSRCHD, SRCHUSR
doubleclick.net_msuuid_529a5t42164
livechatinc.com_ga
gohenry.co.uk__insp_norec_sess, __insp_nv, __insp_slim,__insp_targlpt, __insp_targlpu, __insp_wid, __utma, __utmb, __utmc, __utmt, __utmv, __utmz, _ceg.s, _ceg.u, _ceir, _ga, ki_r, ki_t, optimizelyBuckets, optimizelyEndUserId, optimizelySegments, optimizelyPendingLogEventssourceCodeSession, optimizelyBuckets, _ga, _ceir, _ceg.u, _ceg.s, PHPSESSID
twitter.com_ga, _gid
Functionality cookiesgohenry.co.uk_ATUVC, __lc.visitor_id.6877011, lc_window_state, sourceCodeSession,  signupPromoCode, sourceCodeTime, StorePromoCodeThese are cookies that are used to recognise You when You return to our Services. This enables us to personalise our content for You (remember your preference settings for example).
freegeoip.net_CFDUID
twitter.compersonalization_id
pinterest.com _pinterest_cm
livechatinc.comRecent_window, notification[status_ping], message_text, main_window_timestamp_2, main_window_timestamp_1, main_window_timestamp, lc_window_state, landing_page, __livechat_lastvisit, __livechat_chat, __livechat, __lc_vv, __lc.visitor_id.6877011, __lc.visitor_id.1520
facebook.comfr, pl

iv) How can I block cookies?

It is possible to block/opt out of cookies via Your browser’s cookie settings. This allows You to refuse the setting of all or some cookies. You can find more information on: https://www.allaboutcookies.org/manage-cookies/. Please note however that if You do this You will not be able to use our Services properly. For example You may need to enter information repeatedly, or You might not get personalised content that is meaningful to You as many of our functions are dependent on cookies.

v) What happens if I don’t block cookies?

If You continue using our website without changing your settings, we will assume that You are happy to receive all cookies on our website.

vi) Do you use other technology similar to cookies?

Yes. We sometimes use third-party service providers to collect Your interaction with our Services in order to support our marketing, both on our website and elsewhere on the Internet.

This information regarding Your interaction is collected in an anonymous format using what is called a pixel tag (also referred to as web beacons, web bugs, tracking pixels and java tags), which is industry standard technology. None of Your Personal Data will be collected or used during this process. We simply discover the preferences and choices of our customers, so that we can make decisions about where and how to let people know about goHenry.

While the pixel tags we use may change from time to time as we improve and update our Services, they generally fall into the below categories of use:

AdvertisingDouble click, Bing Ads, Twitter Advertising, Facebook Custom Audience, Facebook Pixel, Facebook Impression, Optimizely Logging, Twitter Conversion Tracking
Customer InteractionTrustPilot, LiveChat
Site AnalyticsGoogle Analytics, Optimizely, Twitter Analytics, IP Mappers, GA Audiences, Google Tag Manager, KissInsight.
Social MediaFacebook Connect, Twitter button, Google+ Platform, Pinterest

vii) Does your website include widgets?

Yes. Third parties may set cookies on our website in order to deliver the services that they are providing to us. For example our website includes social media features, such as the Facebook ‘Like’ button and widgets such as the ‘Share this’ button. These features may set a cookie to enable the feature to function properly.  We have no control over these and You should check the relevant third party websites for more information about these.

viii) Do you use third party cookies in connection with your Services?

Yes. Third party cookies are stored by a different domain to the domain of our website.

While the third party cookies on our website may change from time to time as we improve and update our Services, they generally fall into the below categories of use:

Cookie typeCookie domainCookie namePurpose
Analytical cookiesplatform.twitter.com_gaThese are cookies that allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works.
.gstatic.comNID
googleusercontent.comNID
Functionality cookiesplatform.twitter.comPersonalisation_id, frThese are cookies that are used to recognise You when You return to our Services. This enables us to personalise our content for You (remember your preference settings for example)
Livechatinc.comRecent_window, notification[status_ping],mmessage_text, main_window_timestamp_2, main_window_timestamp_1, main_window_timestamp, lc_window_state, landing_page, amplitude_idlivechatinc.com, _ga, __livechat_lastvisit, __livechat_chat, __livechat, __lc_vv, __lc.visitor_id.1520
Targeting cookiesplatform.twitter.comguest_idThese are cookies that record Your visit to our website, the pages You have visited and the links You have followed. We will use this information to make our website and the advertising displayed on it more relevant to Your interests
facebook.comXs, sb, pl, dpr, datr, c_user
Snapchat

ix) Do you respond to Do Not Track signals?

No. Some browser have incorporated “Do Not Track” (DNT) features that can send a signal to the websites You visit, indicating You do not want to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, we do not currently respond to browser DNT signals. In the meantime, You can use the range of other tools we provide to control data collection and use.

____________________________

7. How do you use my Personal Data?

We use Your Personal Data to provide You with safer and more reliable Services.

The Personal Data we collect from You is used for the following purposes:

  • To provide You with our Services: we use Your data to process Your account application and authorize Your access to our Services, process Your payments and provide You with any other Services you request from us;
  • To communicate with You: we use Your data to share important news relating to our Services. We offer regular emails including newsletters to let You know about our Services. From time to time we may also contact You to ask Your views on our Services, to fill out a survey, to send You marketing communications such as special offers and updates that we think will be of interest to You. We may contact You through email, notices posted on our website or app, text messages or push notifications. You may always change your communication preferences in your preference settings at any time and choose to hear a bit less or a bit more from us.
  • To conduct research: we use Your data to conduct research for the further development and improvement of our Services;
  • To deliver relevant advertising to You;
  • To help You: we use Your data to investigate and resolve complaints and services issues;
  • To improve the Services offered on our website and make them more secure: we use Your data so we can provide You with the most user-friendly navigation experience we can, and if we think it’s necessary, for security purposes or to investigate possible fraud;
  • To comply with legal and/or regulatory requirements; and
  • To better understand our business: we use aggregate data to generate statistics about our users or the demographic distribution of visitors to our website. Note that aggregate is data combined from several measurements and doesn’t identify You.

____________________________

8. Where do you store my Personal Data?

In Europe, but if we do transfer it outside of Europe we will make sure it is treated securely.

Your Personal Data is transferred to and stored at a destination inside the European Economic Area, and in accordance with strong European data protection regulations, including but not limited to the General Data Protection Regulation.

Please also know that Your Personal Data may also be transferred to, and stored at a destination outside of the European Economic Area. It may also be processed by staff operating outside of the European Economic Area who work for us or for one of our suppliers. Such staff may be engaged in the fulfilment of Your payment order, the processing of Your payment details and the provision of support services. By submitting Your Personal Data, You agree to this transfer, storing and processing at a location outside of the European Economic Area.

Should we transfer, store and process Your Personal Data at a location outside of the European Economic Area, we will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy, and European data protection regulations, including but not limited to the General Data Protection Regulation.

____________________________

9. How long will You retain my Personal data?

Your Personal Data is yours, and it will not be retained by us for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed.

If You choose to close Your account, Your Personal Data will generally stop being visible on our Services within 24h. Your Personal Data may continue to be displayed in the services of others until they refresh their cache.

We retain Your Personal Data after You have closed Your account for the purposes for which it was originally collected, or for which it was further processed. If You want us to delete Your Personal Data completely, You can ask us to do by writing us on help@gohenry.co.uk or calling our Member Services Team on 0330 100 7676.

We will then strive to delete Your Personal Data as soon as reasonably possible. Please note however that we may be required, as a company providing financial services, to retain some of Your Personal Data for up to five years to comply with our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (SI 2017/692). For example we are legally obliged to retain Your Personal Data to resolve future disputes, maintain security, or prevent fraud and abuse. Also, under the E-Money Regulation 2011 You have the right to redeem Your e-money up to six years after termination of Your account. We therefore use this retention requirement as a benchmark for all Personal Data that we receive from You. In order to not hold Your Personal Data for longer than is strictly necessary we will not hold any of Your Personal Data for more than six years after the termination of our business relationship.

____________________________

10. How do you protect my Personal Data?

Your security matters, this is why we have advanced security systems in place.

We know that security is a major concern for You and Your family. To give you peace of mind we have advanced security systems in place. Please know however that although we do our best to protect Your Personal Data we cannot guarantee the security of Your data during transmission of information via the internet, as any such transmission is at Your own risk. Once we have received Your Personal Data, we will use strict procedures and security features to do our best to prevent unauthorised access to Your data.

To protect Your and your family’s Personal Data we:

  • Use secure server software to store Your Personal Data;
  • EncryptYour payment transactions;
  • Implement security safeguards designed to protect Your Personal Data such as HTTPS;
  • Use full login and security question controls on our systems;
  • Ensure that Your Personal Data, even when transferred to another country, is treated securely and in accordance with this privacy policy and European data protection regulations, including but not limited to the General Data Protection Regulation;
  • Restrict access of Your Personal Data to those of our employees who need to know Your Personal Data to do their job, and ensure that all our employees sign a confidentiality and data security clause as part of their terms of employment;
  • Follow tight security procedure, such as maintaining physical, electronic and procedural safeguards to protect Your Personal Data from unauthorised access as required under the European data protection laws;
  • Continuously educate and train our employees about the importance of confidentiality and privacy of customer information;
  • Continuously monitor our systems for possible vulnerabilities and attacks; and
  • Regularly review and update our privacy controls and policy.

____________________________

11. Can I also do something to protect my Personal Data?

Yes of course. Follow our quick tips below.

To keep Your information as secure as possible:

  • Protect Your password:
    • Choose a password that is strong and that Your child is unlikely to guess. The password should include a mix of letters, numbers, and symbols;
    • Never reveal Your password to anyone else;
    • Avoid using the same password for several internet sites;
    • Reset Your password every couple of months;
    • Sign out of Your account anytime You leave a shared or public computer
  • Protect Your email: include Your personal contact information only in the designated fields of Your goHenry profile.
  • Protect Yourself from fraudulent messages, scams and phishing:
    • Don’t share Your personal information, such as government issued ID numbers, birth date, credit and debit card or bank numbers with people You don’t know;
    • Use caution when clicking on links contained within messages.
  • Protect Your devices: ensure that Your devices incorporate some form of malware protection.
  • Explain the importance of online privacy to Your children: to help, we’ve drafted a short document explaining data privacy in a way that children may find more digestible. You can find it here

____________________________

12. Will you share my Personal Data?

Yes, we may share Your Personal Data with Your consent or as necessary to provide You with the Services You have requested.

First of all, rest assured that we do not pass Your or Your family’s Personal Data to third parties for marketing purposes without Your permission.

We may however access and disclose Your Personal Data in the following circumstances:

  • When the disclosure is requested by You;
  • When working with our business partners (e.g., banking partners, card processor, issuing bank, payment services provider, risk and security system providers); our suppliers (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development);  and/or our sub-contractors for the performance of any contract we enter into with them or You. For example, companies we have hired to assist in protecting and securing our system and services may need access to Personal Data to provide those functions. Note that such business partners, suppliers and subcontractors will only have access to Your Personal Data as reasonably necessary to perform these tasks on our behalf and will be obligated to not disclose or use it for other purposes;
  • When we sell, merge, or change the control of goHenry or in preparation for any of these events, in which case the prospective buyer will have the right to continue to use Your Personal Data, but only in the manner set out in this privacy policy unless You agree otherwise;
  • When working with advertising and analytics providers: If we decide to engage advertisers to promote our Services, the advertisers and their advertising networks may require anonymised Personal Data to serve relevant adverts to You and others. We will not disclose identifiable information about You to advertisers, but we may provide them with aggregate information about our users. We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant for a subsection of our users. In some instances we may use Your Personal Data we have collected to enable our advertising partners to display their advertisement to their target audience;
  • When required by law, subpoenas, court orders, or other legal process;
  • When we have a good faith belief that such disclosure is reasonably necessary to:
    • Investigate, prevent, or take action regarding suspected or actual illegal activities;
    • Enforce our agreement with You;
    • Investigate and defend ourselves against any third-party claims or allegations;
    • Maintain the security and integrity of our Services;
    • Protect the rights and security of goHenry user’s, personnel, or others.
  • When we are under a legal duty to disclose or share Your Personal Data in order to comply with any legal or regulatory obligation or request such as subpoenas and court orders. We will use our best efforts to notify You about such legal demands when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.

____________________________

13. What are my rights regarding my Personal Data?

Your Personal Data is Yours and You can always access it, edit or delete it. Just contact us to request this.

i) You can ask us to view, rectify or delete Your Personal Data

If You wish to exercise any of Your rights, as listed below, please contact us on via help@gohenry.co.uk or call our Member Services Team on 0330 100 7676. We will be happy to help (unless we are prohibited by law from doing so). No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature. Here are Your rights:

  • View Your Personal Data
  • Object to the processing of Your Personal Data
  • Object to automated decision making and profiling
  • Restrict the processing of Your Personal Data
  • Rectify Your Personal Data
  • Erase Your Personal Data

Upon successful verification of Your identity, You are entitled to obtain the following information about Your own Personal Data:

  • The purpose of the collection, processing, use and storage of Your Personal Data
  • The categories of Personal Data stored about You
  • The recipients or categories of recipients to whom Your Personal Data has been or may be transmitted, along with the location of those recipients
  • The envisaged period of storage for Your Personal Data or the rationale for determining the storage period
  • The use of any automated decision-making and/or profiling

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, we will notify You and keep You updated.

ii) You can close Your account

You can always choose to close Your account by writing us on help@gohenry.co.uk or calling our Member Services Team on 0330 100 7676.

If You choose to close Your account with us, Your Personal data will generally stop being visible on our Services within 24h. Your Personal Data may continue to be displayed in the services of others until refresh their cache.

We retain Your Personal Data after You have closed Your account for the purposes for which it was originally collected, or for which it was further processed. If You want us to delete Your Personal Data completely, You can ask us to do by writing us via help@gohenry.co.uk or calling our Member Services Team on 0330 100 7676.

We will then strive to delete Your Personal Data as soon as reasonably possible. Please note however that we may be required, as a company providing financial services, to retain some of Your Personal Data for up to five years to comply with our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (SI 2017/692). For example we are legally obligated to retain Your Personal Data to resolve future disputes, maintain security, or prevent fraud and abuse. Also, under the E-Money Regulation 2011 You have the right to redeem Your e-money up to six years after termination of Your account. We therefore use this retention requirement as a benchmark for all Personal Data that we receive from You. In order to not hold Your Personal Data for longer than is strictly necessary we will not hold any of Your Personal Data for more than six years after the termination of our business relationship.

iii) You can ask us to stop sending You promotional communications

We usually like to send our customers special promotional communications such as newsletters, offers and updates that we think will be of interest to them.

When You sign-up You will have the choice to choose to receive promotional communications from us by clicking the opt-in button.  That opt-in covers both you and the children that you add to your goHenry account.

In line with the General Data Protection Regulations (GDPR) we store that consent for you and your children separately.  Until your child reaches the age of 13, you can update his or her preferences. Once your child turns 13, he or she can also update their own preferences.

You (or your child if they are over 13) can always update Your preferences later by either logging into Your account or by contacting us at:

Please remember that we will always continue to send important Service information to You.

____________________________

14. What happens if my Personal Data is compromised?

We always strive to be transparent with You. So if we notice that Your Personal Data is compromised, we will take the following responsive action:

  • Notify You via email within 7 business days
  • Notify the users via in-site notification within 7 business days

____________________________

15. How can I explain this privacy policy to my child?

Take a look at our document explaining Data Privacy to children.

We believe that children should also understand the importance of online safety and privacy, so we’ve explained it more simply here.

____________________________

16. Will I hear from you if you make changes to this privacy policy?

Yes, and your continued use of our Services after we publish or send a notice to You means that You are consenting to the updated privacy policy.

Finally, we also wanted to let you know that this policy will evolve over time as we grow and we will post any changes to this page, so feel free to check it from time to time. And don’t worry, if we’re making major changes, we will notify You via email or in-app notifications. Your continued use of our Services after we publish or send a notice about our changes to this privacy policy means that You are consenting to the updated privacy policy.

____________________________