Privacy policy

About this policy

In order to provide our service to you, we need to receive certain information about you, your financial products and your voting preferences. This policy explains the different services offered by Tumelo. It explains which kinds of information we collect about you, what we do with this information, who we may share your information with and most importantly, your rights in relation to this information. Full Terms of Use are available to view on our website and must be accepted before you begin using our services.  

Who is Tumelo?  

We are Tumelo Limited (“Tumelo”, “we” or “our”), commonly known as Tumelo.  Our mission is to help pension and retail investors create and benefit from a more sustainable investment system.  

  • We are a company registered in England and Wales.  
  • Our registered company number is 11072709.  
  • Our registered office is at 13 Berkeley House, Charlotte Street, Bristol, BS1 5PY.  
  • Our trading office is at Runway East, 101 Victoria Street, Bristol, BS1 6PU.  
  • Our Data Protection Register number is ZA487614. 

What does Tumelo do?

Your pension and investments are used to buy pieces of the biggest companies in the world like Apple, Twitter and Shell. Every year, all of these companies vote on issues that affect how they are run, like climate change and human rights. Because you own pieces of these companies through your pension we believe you should also have a voice.

We partner with investment providers to enable them to show you what companies you own through your pension/investments and to give you a voice on issues you care about. We aim to help you feel more in control of your own financial future and have a positive impact on the world.  

How can I use Tumelo? 

If your investment/pension provider has partnered with Tumelo, you can use our services from within the email, website, portal or app made available by your provider. In most cases, Tumelo's services will be delivered in the branding of your provider marked with "Powered by Tumelo".

Service and marketing emails you may receive in relation to our services may also appear in the branding of your employer or your provider where we have been given permission to do so. We do this to streamline and improve your user experience.

How can I contact you?  

You can email us at hello@tumelo.com  

Or write to Runway East, 101 Victoria Street, Bristol, BS1 6PU. 

Definitions 

Here are some of the more 'technical' words we'll use throughout this policy, and what they mean:

Users: individuals who use Tumelo's services to see the companies they own and/or vote on issues they care about.

Customers: individuals who use Tumelo's services are customers of the investment/pension providers ('providers') we partner with; when talking in respective of those providers we refer to our users as customers.

Data: raw, unorganized facts that need to be processed. 

Information: when data is processed, organised, structured or presented in a given context that makes it useful, we refer to it as information.

Investment/pension provider: a firm who handles your investments and/or your pension. This could be a digital investment platform for example or a human financial advisor. Your provider may have been chosen by your employer to supply a workplace pension for you and your colleagues.

Fund managers: your fund manager is the person or firm responsible for managing a specific fund, usually employed or contracted by your investment/pension provider. They choose individual companies or a group of companies to invest in based on performance, risk and other criteria such as investment themes. Generally speaking, their main goals are to keep your money safe and to help you earn a good return on your investment so that your money grows above the rate of inflation. They are duty-bound to make decisions based on your best interests (this is called Fiduciary Duty).

Shareholder: a shareholder is someone who owns shares in a company. You own a pension, which is used to buy shares in lots of companies. Therefore, we refer to you as a shareholder. It's likely that your provider or fund manager holds the legal right to a shareholder vote, and that you are technically an 'indirect shareholder'. However, since it's your money, we believe you should have a voice too, and that's why we built Tumelo.

Annual General Meeting: an event at a company where issues are raised and discussed by shareholders and management. This is usually where that company votes that you can participate in will occur.

Data controller: a person or firm who (either alone or jointly) determines the purposes for which and the manner in which any personal data is used/processed.

Data processor: Any person or firm who processes personal data on behalf of a data controller.

Data processing: Obtaining, recording, holding and carry out operations on personal data such as:

  • organisation, adaptation or alteration of the information or data;
  • retrieval, consultation or use of the information or data;
  • disclosure of the information or data by transmission, dissemination or otherwise making available;
  • or alignment, combination, blocking, erasure or destruction of the data.

What data do you hold about me?  

We may collect, use, store and transfer the following types of information about you: 

Contact Information:  

  • Your email address.
  • Your first and last name.

Demographic Data:  

  • Your gender.
  • Your date of birth. 

Financial Data:  

  • The financial products that you own and their relative weightings within your portfolio. This will be accurate to the start of the trial period and may be updated periodically throughout.

Usage and Behavioural Data:

  • Information about when and how you use Tumelo's services.

Feedback and Enquiry Data:  

  • Information about you and/or your experience of Tumelo's services that you provide to us via feedback surveys and user interviews.
  • Information about you from emails and letters that you send to us (including any identity data that you provide to us, such as your name and email address).
  • Any conversations between us and any feedback you give to us. 

Vote Data:  

  • Information about how you filter votes; which votes you vote on and how you vote.
    undefined
  • If you invest or have a pension with multiple providers which use Tumelo’s services, then we will hold your data in respect of each provider separately.
  • We will never share personally identifiable information about you with your employer, provider, fund managers or other partners without your explicit prior consent.

Website Data:

As is true of most websites, we also automatically gather information about your computer such as your IP address, browser type, referring/exit pages and operating system. When you visit our hosted-pages, we also use cookies to identify you when you come back to the site.  For more information on the cookies we use, why we use them and more information about cookies generally, please see our Cookie Policy.   

Where did you get this data from?  

The above data is:  

  • Given to us directly by you when you choose to create an account with us, via a magic link.
    undefined
  • Gathered from third-party services such as Google's Web and Traffic Analytics tool and HotJar. We use these services in order to better understand your needs and to optimise our service. These services use cookies and other technologies to collect data on your behaviour and devices.
  • You may share further data or information with us when you fill out your profile page, return a user survey or sign up for our mailing list.

How do you use my data?  

We’ll only use your personal information where we have a valid reason to do so. Below, we’ve set out the ways in which we use your personal information and the reasons we do so. 

We use your data to provide you with a personalised service

We use your information to provide you with:  

  • A list of the companies you own through your pension/investments
  • Associated votes you can vote on;
  • A record of your past votes;
  • A personalised profile page;
  • A personalised notification service.

We use the following information to do this:  

  • Financial Data.
  • Vote Data.
  • Contact Information.

We do this to:  

  • Provide you with personalised transparency, voting and notification services.
  • Ensure your shareholder voice is heard.

We use your data to improve our service for you and other users

We use your information to:  

  • Improve your user experience.
  • Select interesting votes.
  • Create new features.  

We use the following information to do this:  

  • Usage and Behavioural Data.
  • Vote Data.
  • Demographic Data, if you have chosen to provide this data to us.

We do this to:  

  • Understand you better so that we can provide you with an improved service.

We use your data to send you service emails

We use your information to: 

  • Notify you when new votes are available to you.
  • Notify you to about the progress, outcome and/or impact of votes you have participated in.
  • Let you know if our service changes or if this policy changes in an important way.
  • Communicate with you if you have made a request/asked a question/made a complaint with us or to the provider’s customer support team.

We use the following information to do this: 

  • Contact Information.
  • Vote Data.
  • Information you tell us when you contact us/providers.
  • Information you tell us when you give feedback about us.
  • Usage and Behavioural Data.

We do this to: 

  • Alert you about your upcoming votes, your vote results and key achievements of your Tumelo community.
  • Support you to make the most of our service.

You can opt-out of receiving these emails at any time by clicking on the unsubscribe link at the footer of any email you receive from us or via our by emailing privacy@tumelo.com. By unsubscribing from Tumelo's marketing emails, you will not automatically be unsubscribed from marketing emails from your investment/pension provider. To unsubscribe from marketing emails from your provider please go to their emails and/or website.

We use your data to send you marketing emails if you opt-in to receive them 

We only send you marketing emails if you have given us permission to do so by signing up to receive them via our platform, website or a member of our team. Our marketing emails let you in on news such as exciting platform updates, new partnerships and Tumelo's evolving community.

We can only do this with your consent. If you change your mind about this, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of each email or by emailing privacy@tumelo.com.  By unsubscribing from Tumelo's marketing emails, you will not automatically be unsubscribed from marketing emails from your investment/pension provider. To unsubscribe from marketing emails from your provider please go to their emails and/or website.

To comply with our legal duties, we may also need to use your information to investigate activity that we suspect as being contrary to our Terms and Conditions and/or fraudulent in nature.  

We will only use your information for the reasons we have told you about above. If we need to use your information for any other reason, we will let you know and tell you the reason, unless the law stops us from doing so. 

Who do you share my data with?  

We may share your personal data with other organisations so we can:

  • Provide Tumelo's services to you.
  • Improve our service to you.
  • Comply with our legal duties.

Tumelo and our partners (including your investment provider) will not be able to identify you as an individual from the information we share with them. Any information shared will be anonymised and in most cases aggregated except in the instances where you have given explicit consent to be identified (for example, to participate in video/recorded user interviews).

Investment providers

  • We share aggregated and anonymised Vote Data with your provider so they are able to represent your voice at company votes.
  • We share aggregated and anonymised Usage and Behavioural Data about you and other Tumelo users with providers so they can learn more in order to provide you with better customer service and with more personalised product offerings.  

Employers

  • We may share aggregated and anonymised historical Vote Data and/or Usage and Behavioural Data with your employer if Tumelo's services are associated with your workplace pension. We do this in order to improve how your employer designs, selects, delivers and/or communicates your pension plan to suit you.

Fund managers and other partners

  • We share your aggregated and anonymised Vote Data with fund managers ahead of relevant company votes so that your shareholder voice can be represented.
  • We may also share Vote Data with NGOs, research and government bodies as well as other financial services firms in line with our mission.
  • We may also make aggregated and anonymised Vote Data publicly available on our own website.  
  • We may share anonymised information about your experience of Tumelo's services that you provide to us via feedback surveys and user interviews available to partners include future sales prospects.

Our service providers

  • We may, on a confidential basis, share your data with our own carefully selected sub-processors who are directly involved in delivering our services, such as IT providers and email marketing service providers. 
  • We only allow our sub-processors to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information.
  • We may also share personal information with external auditors for the accreditation and the audit of our accounts. 
  • We never sell or give your personal information to third parties to use for their own purposes without your explicit prior consent.

In exceptional circumstances, we may disclose or transfer your personal information: 

  • If it is required by law.
  • When we (or the provider) believe in that disclosure is necessary to protect our rights, protect your safety or the rights and safety of other third parties, investigate fraud, or respond to a government request.
  • To a third-party buyer or seller in the event that Tumelo is involved in a merger, acquisition, or sale of all or a portion of its assets. 

How long do you hold my data?  

So that you may access and use Tumelo’s services for the duration of your relationship with your provider we will normally hold your data for as long as the provider continues to work with us.

We will hold your personal data for the duration of our pilot with your provider. We will delete personally identifiable data such as

  • Contact Information
  • Demographic Data
  • Financial Data

immediately following the pilot end date, agreed between Tumelo and your provider. We will continue indefinitely to hold anonymised data such as

  • Usage and Behavioural Data
  • Feedback and Enquiry Data
  • Vote Data
  • Website Data

If you signed up to receive marketing emails from us at any point before, during or after the pilot, we will continue to hold your data until you unsubscribe or write to privacy@tumelo.com to ask us to delete it. When it is no longer necessary to retain your personal information, we will delete or anonymise it. 

Where is my data stored?  

Information we hold about you is stored and processed principally in the Tumelo platform.

The platform is hosted in secure data centres within the European Economic Area (EEA). Your information may be shared with our carefully selected sub-processors who are directly involved with the delivery of our services, but such sub-processors shall only process personal information in the EEA and otherwise in countries which have an adequate level of protection from a data protection perspective. 

In the event that the processing of your personal information at any time requires it to be transferred to and/or stored at or accessed from a destination outside the EEA, we will take all steps reasonably necessary to ensure that your data is treated securely, in accordance with this policy and safeguarded in accordance with all applicable legislation. 

How do you keep my data secure?  

We have appropriate security measures to prevent personal information from being accidentally lost, accessed or used unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  

We continually test our systems and are IASME certified. This is a standard defined by the UK National Cyber Security Centre (NCSC) which covers both the Cyber Essentials accreditation and GDPR.  

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we can do so directly and will encourage providers to notify through you in any instances we are unable to communicate with you directly.  

Aspects of Tumelo's services (such as company overview pages) and providers’ websites may include links to third-party websites which may collect your personal information. We have no control over what these websites do with your personal information. Please check the policies on these websites that should tell you what they do with your personal information. 

Do I have the right to reject to data processing?  

You have the right to object at any time to the processing of your personal information. You can make this objection to us by email at privacy@tumelo.com or to the provider in accordance with the procedure set out in their privacy notice which is available on their website. We will also pass any processing objection we receive on to the relevant provider for their consideration. 

What rights do I have over the processing of my data?  

You have a right to access any information we hold about you and request a copy of it, and to ask us to correct your personal information if it’s not correct.

You also have a right to ask us to delete your personal information and request that processing is restricted. This may affect our ability to provide our services to you. We will let you know if this is the case.

With regards to email communications, you have a right to:

  • Ask us to stop using your personal information to send you marketing emails. 
  • Ask us to stop using your personal information to send you service emails.

Please note that if you opt-out of receiving service emails from Tumelo: 

  • You will not be notified via email of upcoming votes available to you or the progress/outcomes of votes you have participated in.
  • You will not be automatically opted-out of any other communications you may receive from your provider.
  • You will need to inform your provider directly if you wish to opt-out of their communications. 
  • You may still receive in-app notifications via your provider unless you chose to switch these off via your mobile preferences.

Any request in regards to your data which is excessive may be subject to a reasonable fee to cover our administrative costs in providing you with the necessary details. We will always discuss this with you before proceeding with your request.

How can I make a complaint?

If you have a complaint, please contact us at hello@tumelo.com and we will do our best to fix the problem quickly.

Changes to this policy  

We’ll keep our privacy policy up to date on both our website and on our platform. If we make any significant changes to it we will notify you by email directly.