Our privacy policy (including use of cookies)
This privacy notice was last revised on 20 May 2023.
This notice ("the Privacy Notice") applies to all information we collect, use and process about you as a customer in relation to the products/services you receive from us.
"Cushon", "Better With Money" and "Creative" are trading names of the group of companies owned by Cushon Holdings Limited ("the Cushon Group"). Cushon Holdings Limited is a company registered in England and Wales with company number 14213564.
More information about the Cushon Group can be found on our website at www.cushon.co.uk.
In this notice, references to "we", "us" or "our" are references to one or more companies in the Cushon Group. Our address is 250 Bishopsgate, London, England, EC2M 4AA and our Data Protection Officer can be contacted at dpo@cushon.co.uk.
Depending on the products or services you receive from us, one or more of the below Cushon Group companies will be the relevant data controller in respect of personal information that we process about you in connection with our business (including the products and services that we provide):
Cushon Group Limited - a company registered in England and Wales with company number 10967805
Cushon Money Limited - a company registered in England and Wales with company number 11112120
Better with Money Limited - a company registered in England and Wales with company number 09943881
Creative Benefit Solutions Limited - a company registered in England and Wales with company number 06293305
Creative Auto-Enrolment Limited - a company registered in England and Wales with company number 08554978
Please check the terms and conditions of your product or service to confirm who the relevant data controller will be.
In some situations, Cushon MT Limited (a company registered in England and Wales with company number 12366412) and Cushon MT NI Limited (a company registered in Northern Ireland with company number NI040179) act as data processors on behalf of the Trustees of the Master Trusts. The privacy notice of the Trustees, in their capacity as data controller, can be found here.
We respect individuals' rights to privacy and to the protection of personal information. As a provider of savings products, we hold certain information about you and this is your personal data. Personal data means information about a living individual who can be identified by that information (either by itself or when it is combined with other information).
We are required by law to give you specified information about the personal data we hold about you, how we use it, and the safeguards that are in place to protect it. This Privacy Notice is designed to give you that information.
We currently collect and process various categories of personal data and confidential information at the start of, and for the duration of, your relationship with us and beyond (subject to appropriate retention periods set out at section 5 below). We will limit the collection and processing to information necessary to achieve one or more legitimate purposes as identified in this Privacy Notice.
Personal data processed by us may include:
Basic customer information such as name and address, date of birth, contact details, nationality, the fact that you are our customer;
Financial information, including account and benefits information;
Information about your employment;
Information about your financial circumstances;
Information about your use of our app or website;
Background checks; and
Information about your communications with us.
We may also process certain special categories of personal data (including details about your race or ethnicity or information about your health) where strictly necessary for completing specific activities related to our services. We will only process special categories of personal data where we've obtained your explicit consent or are otherwise lawfully permitted to do so.
Where permitted by law we may process information about criminal convictions, criminal offences, related security details, alleged offences including unproven allegations, spent or previous convictions, or other details provided in relation to a criminal reference check or similar. We process this information for specific purposes, such as detecting and preventing fraud and financial crime, where it is in the wider public interest (for example, to protect customers' economic wellbeing), or to make our services accessible to customers or for reporting of complaints for regulatory purposes.
Most of the personal information we process is provided to us directly by you.
We also receive personal information about you indirectly, from the following sources in the following scenarios:
Your employer when enrolling you for employment-related benefits; and
Identity and background checks providers.
We use the information that you have given for the purpose of:
Provision and management of accounts;
Provision and management of the Cushon website and app;
Supply of products and services, including personalisation;
Calculating, securing and paying benefits;
Sending newsletters, providing resources, and maintaining a blog;
Responding to communications;
Marketing;
Market research;
Prevention and detection of fraud or other criminal activities; and
Website analytics.
We may share this information with:
Your employer;
NatWest Group plc and members of its group;
Third-party suppliers (or potential suppliers), who provide services on our behalf;
Purchasers and potential purchasers of our businesses, including joint venture partners;
Law enforcement and investigative authorities;
Courts, regulators, government bodies and similar organisations as required by law (such as the FCA, PRA, HMRC or Health & Safety Executive or local equivalents);
Corporate auditors and legal or other advisors; and
Professional advisors.
We will not share your information with other third parties unless:
We have your permission;
Where required, whether directly or indirectly, for your product or service, which could include in relation to your welfare or accessibility requirements;
With law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory or trade bodies;
Where required for a proposed or actual sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business where such data is shared with a third party it is done under strict duties of confidentiality; and
Where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed in this Privacy Notice.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting the Data Protection Officer at dpo@cushon.co.uk.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a legitimate interest.
Further details of all the processing activities are included in the Schedule or Processing Activities at Schedule A.
Automated processing
We do not generally make decisions based solely on automated decision-making within the meaning of UK GDPR. In the event that we rely solely on automated decision-making that could have a significant impact on you, we will provide you an opportunity to express your views and will provide any other safeguards required by law.
Your information is securely stored and encrypted both in transit and at rest. It may only be accessed on a need-to-know basis for the purposes set out in this Privacy Notice.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, and the applicable legal or regulatory requirements. We will then dispose your information through secure deletion, if held in electronic format, or secure destruction, if held in physical format.
We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce the records as evidence, if they are needed.
We will store your personal data mainly in the UK or European Economic Area (EEA). In extremely limited circumstances we transfer personal data to third countries (e.g. USA).
When we do send personal data abroad, we do so using appropriate safeguards. This includes standard contractual clauses approved for use by the UK Information Commissioner's Office ("ICO"), eventually supplemented with additional measures. We can also use other suitable safeguards, such as adequacy decisions or approved Binding Corporate Rules from our vendors, to permit personal data transfers from the United Kingdom or the European Economic Area ("EEA") to other countries, in accordance with the applicable laws.
You can request further information regarding international data transfers of your personal data by contacting us using the contact details included below in this Privacy Notice.
Under data protection law, you have rights including:
You right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You can exercise your rights at any time by contacting us using the contact details included below in this Privacy Notice.
We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another individual). The reason for rejection of the request will be communicated within one calendar month after the request is made.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We try to respond to all legitimate requests within one calendar month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
As you interact with our website, we will automatically collect data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. Please see our cookie notice below for further information on how we use cookies and similar technology.
This Cookie Notice was last revised on May 2023.
This notice ("the Cookie Notice") applies to all information we collect, use and process about you while browsing our website or accessing your personal account with us.
"Cushon" is a trading name of the group of companies owned by Cushon Holdings Limited ("the Cushon Group"). Cushon Holdings Limited is a company registered in England and Wales with company number 14213564.
More information about the Cushon Group can be found on our website at www.cushon.co.uk.
In this notice, references to "we", "us" or "our" are references to one or more companies in the Cushon Group. Our address is 250 Bishopsgate, London, England, EC2M 4AA and our Data Protection Officer can be contacted at dpo@cushon.co.uk.
Depending on how you use of our website, one or more of the below Cushon Group companies will be the relevant data controller in respect of personal information that we process about you in connection with our website:
Cushon Group Limited - a company registered in England and Wales with company number 10967805
Cushon Money Limited - a company registered in England and Wales with company number 11112120
Better with Money Limited - a company registered in England and Wales with company number 09943881
Creative Benefit Solutions Limited - a company registered in England and Wales with company number 06293305
Creative Auto-Enrolment Limited - a company registered in England and Wales with company number 08554978
We respect individuals' rights to privacy and to the protection of personal information. As you interact with our website, we will automatically collect data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies.
This Cookie Notice contains information regarding what type of cookies we might place on your device when browsing our website and how we use them. You can find further information on how we process your personal data in our Privacy Notice.
A cookie is a small piece of data (text file) that a website stores on your device in order to remember information about you, such as your language preference or login information. Cookies are not stored on your device unless you provide your consent. Those cookies are set by us and called first-party cookies. We also use third-party cookies - which are cookies from a domain different from the domain of the website you are visiting - for advertising and marketing purposes.
We use cookies and other tracking technologies for different purposes, including providing and improving our services, ensuring our website is secure, and recognising you when you visit our website. Additionally, some cookies might collect information about your browsing history or purchasing behaviour when you access our website, including information about pages viewed, products purchased, and your journey around the website.
We do not use cookies to collect or record information such as your name, address, or contact details.
UK privacy regulations require that your consent is obtained for the use of all cookies except those that are necessary for the site to provide you with information and services you request (so-called "strictly necessary cookies").
Below in section 5 of this Cookie Notice is a detailed list of the cookies that may be used by our site if you choose to allow cookies.
We use the following cookies:
Necessary cookies. These cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
Analytics cookies. This is a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our site is used and to improve our website and the products and services offered through it.
Communication cookies. These cookies enable us to offer immediate support if you need it. The webchat service use cookies to gather the required information.
Marketing cookies. These cookies are to help us improve the relevancy of personalised advertising campaigns you receive. If this box is unchecked, you will still see adverts but they may not be relevant to your interests.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire at a point between 30 minutes and two years from the date they are downloaded to your device.
Before cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those cookies. By giving your consent to the placing of cookies you are enabling us to provide the best possible experience and service to you.
You may, if you wish, deny consent to the placing of cookies. However, certain features of our website may not function fully or as intended when consent is denied.
Certain features of our website depend on strictly necessary cookies to function. Your consent will not be sought to place these cookies, but it is still important that you are aware of them. You may still block these cookies by changing your internet browser's settings. Please be aware that our website may not work properly if you do so.
You can choose to delete cookies on your computer or device at any time, however you may lose any information that enables you to access our website more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
You can also choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. For further details, please consult the help menu in your internet browser.
This Cookie Notice may be amended from time to time, the latest version of the Cookie notice will always be available on our website.
We may update this Privacy Notice periodically. Where we do this we will inform you of the changes, and the date on which the changes take effect, and publish the updated Privacy Notice on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it.
If you have questions regarding your privacy and rights, please contact us:
Email: help@cushon.co.uk
Address: 250 Bishopsgate, London, England, EC2M 4AA