About this policy
In order to provide our service to you, we need to receive certain information about you, your financial products and your voting preferences. This policy explains the different services offered by Tumelo. It explains which kinds of information we collect about you, what we do with this information, who we may share your information with and most importantly, your rights in relation to this information. Full Terms and Conditions are available to view on our website and must be accepted before you begin using our services.
Who is Tumelo?
We are Tumelo Limited (“Tumelo”, “we” or “our”), commonly known as Tumelo. Our mission is to help pension and retail investors create and benefit from a more sustainable investment system.
- We are a company registered in England and Wales.
- Our registered company number is 11072709.
- Our registered office is Greenway Farm, Unit 14, Bath Rd, Wick, Bristol BS30 5RL.
- Our trading office is at Runway East, 1 Victoria Street, Bristol, BS1 6AA.
- Our Data Protection Register number is ZA487614.
What does Tumelo do?
Your pension and investments are used to buy pieces of the biggest companies in the world like Apple, Twitter and Shell. Every year, all these companies vote on issues that affect how they are run, like climate change and human rights. Because you own pieces of these companies through your pension, we believe you should also have a voice.
We partner with investment providers to enable them to show you what companies you own through your pension/investments and to give you a voice on issues you care about. We aim to help you feel more in control of your financial future and positively impact the world.
How can I use Tumelo?
If your investment/pension provider has partnered with Tumelo, you can use our services from within the email, website, portal or app made available by your provider.
Service and marketing emails you may receive in relation to our services may also appear in the branding of your employer or your provider where we have been given permission to do so. We do this to streamline and improve your user experience.
How can I contact you?
Please submit a ticket to our support team.
If you are one of our partners and have a question that we can help you with, please don’t hesitate to contact us at firstname.lastname@example.org.
Or write to Runway East, 101 Victoria Street, Bristol, BS1 6PU.
Here are some of the more 'technical' words we'll use throughout this policy and what they mean:
Users: individuals who use Tumelo's services to see the companies they own and/or vote on issues they care about.
Customers: individuals who use Tumelo's services are customers of the investment/pension providers ('providers') we partner with; when talking in respective of those providers we refer to our users as customers.
Data: raw, unorganised facts that need to be processed.
Information: when data is processed, organised, structured or presented in a given context that makes it useful, we refer to it as information.
Investment/pension provider: a firm that handles your investments and/or your pension. This could be a digital investment platform, for example, or a human financial advisor. Your provider may have been chosen by your employer to supply a workplace pension for you and your colleagues.
Fund managers: your fund manager is the person or firm responsible for managing a specific fund, usually employed or contracted by your investment/pension provider. They choose individual companies or a group of companies to invest in based on performance, risk and other criteria such as investment themes. Generally speaking, their main goals are to keep your money safe and to help you earn a good return on your investment so that your money grows above the rate of inflation. They are duty-bound to make decisions based on your best interests (this is called Fiduciary Duty).
Shareholder: a shareholder is someone who owns shares in a company. You own a pension, which is used to buy shares in lots of companies. Therefore, we refer to you as a shareholder. It's likely that your provider or fund manager holds the legal right to a shareholder vote and that you are technically an 'indirect shareholder'. However, since it's your money, we believe you should have a voice too, and that's why we built Tumelo.
Annual General Meeting: an event at a company where issues are raised and discussed by shareholders and management. This is usually where the company votes that you can participate in will occur.
Data controller: a person or firm who (either alone or jointly) determines the purposes for which and the manner in which any personal data is used/processed.
Data processor: Any person or firm who processes personal data on behalf of a data controller.
Data processing: Obtaining, recording, holding and carrying out operations on personal data such as:
- organisation, adaptation or alteration of the information or data;
- retrieval, consultation or use of the information or data;
- disclosure of the information or data by transmission, dissemination, or otherwise making available;
- or alignment, combination, blocking, erasure or destruction of the data.
What data do you hold about me?
We may collect, use, store and transfer the following types of information about you:
- Your email address.
- Your first and last name.
- Your gender.
- Your date of birth.
- The financial products that you own and their relative weightings within your portfolio.
Feedback and Enquiry Data:
- Information about you and/or your experience of Tumelo's services that you provide to us via feedback surveys and user interviews.
- Information about you from emails and letters that you send to us (including any identity data that you provide to us, such as your name and email address).
- Any conversations between us and any feedback you give to us.
- Information about how you vote. This includes: what you vote on, how you vote, any comments you provide about your voting decision and any vote policies you choose to apply.
- If you invest or have a pension with multiple providers who use Tumelo’s services, then we will hold your data in respect of each provider separately.
- We will never share personally identifiable information about you with your employer, provider, fund managers or other partners without your explicit prior consent.
Where did you get this data from?
The above data is:
- Given to us directly by you when you choose to create an account with us.
- If we are integrated with your provider and you have consented for them to share your personal information with us, sourced through that route.
- Depending on the set up with your provider, provided by you via a magic link. The magic link is a hyperlink contained in the invite email sent to you by your employer or investment/pension provider. This link consists of the web address (URL) of Tumelo's platform as well as an identifier that tells us what financial products you have in your pension. The link has been encoded by your provider, not Tumelo, meaning Tumelo does not know what financial products you hold in your pension until you choose to share that information with us by creating an account. The link does not contain any information about how much you have invested and does not include any other data about you or your financial situation. Your provider has shared aggregated and anonymised information about the financial products that all of their customers own. Tumelo uses the identifier in the magic link to work out which of those financial products you own at the time you create an account so that we only show you the information that is relevant to you personally, including a list of the companies that you are invested in through your pension.
- Shared with us when you fill out your profile page, return a user survey or sign up for our mailing list.
How do you use my data?
We’ll only use your personal information where we have a valid reason to do so. Below, we’ve set out the ways in which we use your personal information and the reasons we do so.
We use your data to provide you with a personalised service
We use your information to provide you with:
- A list of the companies you own through your pension/investments
- Associated votes you can vote on;
- A record of your past votes;
- A personalised profile page;
- A personalised notification service.
We use the following information to do this:
- Financial Data.
- Vote Data.
- Contact Information.
We do this to:
- Provide you with personalised transparency, voting and notification services.
- Ensure your shareholder voice is heard.
We use your data to improve our service for you and other users
We use your information to:
- Improve your user experience.
- Select interesting votes.
- Create new features.
We use the following information to do this:
- Usage and Behavioural Data.
- Vote Data.
- Demographic Data, if you have chosen to provide this data to us.
We use your data to send you service emails
We use your information to:
- Notify you when new votes are available to you.
- Notify you about the progress, outcome and/or impact of votes you, your Tumelo community and/or other shareholders have participated in.
- Let you know if our service changes or if this policy changes in an important way.
- Let you know when you have an opportunity to participate in user testing to improve the services, for you and other customers.
- Communicate with you if you have made a request/asked a question/made a complaint with us or to the provider’s customer support team.
We use the following information to do this:
- Contact Information.
- Vote Data.
- Information you tell us when you contact us/providers.
- Information you tell us when you give feedback about us.
We do this to:
- Alert you about your upcoming votes, your vote results and key achievements of your Tumelo community.
- Support you to make the most of our service.
You can opt out of receiving these emails at any time by changing your preferences on the profile page in the platform. By unsubscribing from Tumelo's emails, you will not automatically be unsubscribed from marketing emails from your investment/pension provider. To unsubscribe from marketing emails from your provider, please go to their emails and/or website.
We use your data to comply with our legal duties
To comply with our legal duties, we may also need to use your information to investigate activity that we suspect as being contrary to our Terms and Conditions and/or fraudulent in nature.
We will only use your information for the reasons we have told you about above. If we need to use your information for any other reason, we will let you know and tell you the reason, unless the law stops us from doing so.
Who do you share my data with?
We may share your personal data with other organisations so we can:
- Provide Tumelo's services to you.
- Improve our service to you.
- Comply with our legal duties.
Tumelo and our partners (including your investment provider) will not be able to identify you as an individual from the information we share with them. Any information shared will be anonymised and in most cases aggregated except in the instances where you have given explicit consent to be identified (for example, to participate in video/recorded user interviews). The only instance where personal details (Scheme name, and name of user) are shared is for Institutional investors voting via our Stewardship platform, as detailed below.
- We share aggregated and anonymised Vote Data with your provider so they are able to represent your voice at company votes.
- We share aggregated and anonymised Usage and Behavioural Data about you and other Tumelo users with providers so they can learn more in order to provide you with better customer service.
- We may share aggregated and anonymised historical Vote Data and/or Usage and Behavioural Data with your employer if Tumelo's services are associated with your workplace pension. We do this in order to improve how your employer designs, selects, delivers and/or communicates your pension plan to suit you.
Fund managers and other partners
- Pension scheme members: We share your aggregated and anonymised Vote Data with fund managers ahead of relevant company votes so that your shareholder voice can be represented.
- Institutional investors (this only applies to investors using our Stewardship Platform for voting):To facilitate voting and communication between institutional investors and fund managers, we also share the scheme name you are voting on behalf of, and the name of the person who placed the vote (likely you).
- We may also share Vote Data with NGOs, research and government bodies as well as other financial services firms in line with our mission.
- We may also make aggregated and anonymised Vote Data publicly available on our own website.
- We may share anonymised information about your experience of Tumelo's services that you provide to us via feedback surveys, HotJar feedback submissions, emails with Tumelo’s research team, and user interviews available to partners including future sales prospects.
Our service providers
- We may, on a confidential basis, share your data with our own carefully selected sub-processors who are directly involved in delivering our services, such as IT providers.
- We only allow our sub-processors to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information.
- We may also share personal information with external auditors for the accreditation and the audit of our accounts.
- We never sell or give your personal information to third parties to use for their own purposes without your explicit prior consent.
In exceptional circumstances, we may disclose or transfer your personal information:
- If it is required by law.
- When we (or the provider) believe in that disclosure is necessary to protect our rights, protect your safety or the rights and safety of other third parties, investigate fraud, or respond to a government request.
- To a third-party buyer or seller in the event that Tumelo is involved in a merger, acquisition, or sale of all or a portion of its assets.
How long do you hold my data?
So that you may access and use Tumelo’s services for the duration of your relationship with your provider we will normally hold your data for as long as the provider continues to work with us.
We will hold your personal data for the duration of our pilot with your provider. We will delete personally identifiable data such as:
- Contact Information
- Demographic Data
- Financial Data
This will be done immediately following the pilot end date, agreed between Tumelo and your provider. We will continue indefinitely to hold anonymised data such as:
- Usage and Behavioural Data
- Feedback and Enquiry Data
- Vote Data
- Website Data
Where is my data stored?
Information we hold about you is stored and processed principally in the Tumelo platform.
The platform is principally hosted in sub-processors' secure data centres within the European Economic Area (EEA). Your information may be shared with our carefully selected sub-processors, who are directly involved with the delivery of our services. Such sub-processors shall only process personal information in countries which have an adequate level of protection from a data protection perspective. Some of these sub-processors are outside of the EEA, namely the USA. Wherever possible, Tumelo ensures that sub-processors store data within the EEA.
In the event that the processing of your personal information at any time requires it to be transferred to and/or stored or accessed from a destination outside the EEA, we will take all steps reasonably necessary to ensure that your data is treated securely, in accordance with this policy and safeguarded in accordance with all applicable legislation.
How do you keep my data secure?
We have appropriate security measures to prevent personal information from being accidentally lost, accessed or used unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We continually test our systems and are IASME certified. This is a standard defined by the UK National Cyber Security Centre (NCSC) which covers both the Cyber Essentials accreditation and GDPR.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we can do so directly and will encourage providers to notify through you in any instances we are unable to communicate with you directly.
Aspects of Tumelo's services (such as company overview pages) and providers’ websites may include links to third-party websites which may collect your personal information. We have no control over what these websites do with your personal information. Please check the policies on these websites that should tell you what they do with your personal information.
Do I have the right to reject to data processing?
You have the right to object at any time to the processing of your personal information. You can make this objection to us by contacting our support team or to the provider in accordance with the procedure set out in their privacy notice which is available on their website. We will also pass any processing objection we receive on to the relevant provider for their consideration.
What rights do I have over the processing of my data?
You have a right to access any information we hold about you and request a copy of it, and to ask us to correct your personal information if it’s not correct.
You also have a right to ask us to delete your personal information and request that processing is restricted. This may affect our ability to provide our services to you. We will let you know if this is the case.
With regards to email communications, you have a right to:
- Ask us to stop using your personal information to send you marketing emails.
- Ask us to stop using your personal information to send you service emails.
Please note that if you opt-out of receiving service emails from Tumelo:
- You will not be notified via email of upcoming votes available to you or the progress/outcomes of votes you have participated in.
- You will not be automatically opted-out of any other communications you may receive from your provider.
- You will need to inform your provider directly if you wish to opt out of their communications.
- You may still receive in-app notifications via your provider unless you choose to switch these off via your mobile preferences.
Any request in regards to your data which is excessive may be subject to a reasonable fee to cover our administrative costs in providing you with the necessary details. We will always discuss this with you before proceeding with your request.
How can I make a complaint?
If you have a complaint, please contact our support team and we will do our best to fix the problem quickly.
Changes to this policy