In order to provide our service to you, we need to receive certain information about you, your financial products and your voting preferences. This policy explains the different services offered by Tumelo. It explains which kinds of information we collect about you, what we do with this information, who we may share your information with and most importantly, your rights in relation to this information. Full Terms and Conditions are available to view on our website and must be accepted before you begin using our services.
We are Tumelo Limited (“Tumelo”, “we” or “our”), commonly known as Tumelo. Our mission is to help pension and retail investors create and benefit from a more sustainable investment system.
Your pension and investments are used to buy pieces of the biggest companies in the world like Apple, Twitter and Shell. Every year, all these companies vote on issues that affect how they are run, like climate change and human rights. Because you own pieces of these companies through your pension, we believe you should also have a voice.
We partner with investment providers to enable them to show you what companies you own through your pension/investments and to give you a voice on issues you care about. We aim to help you feel more in control of your financial future and positively impact the world.
If your investment/pension provider has partnered with Tumelo, you can use our services from within the email, website, portal or app made available by your provider.
Service and marketing emails you may receive in relation to our services may also appear in the branding of your employer or your provider where we have been given permission to do so. We do this to streamline and improve your user experience.
Please submit a ticket to our support team.
If you are one of our partners and have a question that we can help you with, please don’t hesitate to contact us at partners@tumelo.com.
Or write to Runway East, 101 Victoria Street, Bristol, BS1 6PU.
Here are some of the more 'technical' words we'll use throughout this policy and what they mean:
Users: individuals who use Tumelo's services to see the companies they own and/or vote on issues they care about.
Customers: individuals who use Tumelo's services are customers of the investment/pension providers ('providers') we partner with; when talking in respective of those providers we refer to our users as customers.
Data: raw, unorganised facts that need to be processed.
Information: when data is processed, organised, structured or presented in a given context that makes it useful, we refer to it as information.
Investment/pension provider: a firm that handles your investments and/or your pension. This could be a digital investment platform, for example, or a human financial advisor. Your provider may have been chosen by your employer to supply a workplace pension for you and your colleagues.
Fund managers: your fund manager is the person or firm responsible for managing a specific fund, usually employed or contracted by your investment/pension provider. They choose individual companies or a group of companies to invest in based on performance, risk and other criteria such as investment themes. Generally speaking, their main goals are to keep your money safe and to help you earn a good return on your investment so that your money grows above the rate of inflation. They are duty-bound to make decisions based on your best interests (this is called Fiduciary Duty).
Shareholder: a shareholder is someone who owns shares in a company. You own a pension, which is used to buy shares in lots of companies. Therefore, we refer to you as a shareholder. It's likely that your provider or fund manager holds the legal right to a shareholder vote and that you are technically an 'indirect shareholder'. However, since it's your money, we believe you should have a voice too, and that's why we built Tumelo.
Annual General Meeting: an event at a company where issues are raised and discussed by shareholders and management. This is usually where the company votes that you can participate in will occur.
Data controller: a person or firm who (either alone or jointly) determines the purposes for which and the manner in which any personal data is used/processed.
Data processor: Any person or firm who processes personal data on behalf of a data controller.
Data processing: Obtaining, recording, holding and carrying out operations on personal data such as:
We may collect, use, store and transfer the following types of information about you:
As is true of most websites, we also automatically gather information about your computer such as your IP address, browser type, referring/exit pages and operating system. When you visit our hosted pages, we also use cookies to identify you when you come back to the site. For more information on the cookies we use, why we use them and more information about cookies generally, please see our Cookies Policy.
The above data is:
We’ll only use your personal information where we have a valid reason to do so. Below, we’ve set out the ways in which we use your personal information and the reasons we do so.
We use your information to:
We use the following information to do this:
We do this to:
You can opt out of receiving these emails at any time by changing your preferences on the profile page in the platform. By unsubscribing from Tumelo's emails, you will not automatically be unsubscribed from marketing emails from your investment/pension provider. To unsubscribe from marketing emails from your provider, please go to their emails and/or website.
To comply with our legal duties, we may also need to use your information to investigate activity that we suspect as being contrary to our Terms and Conditions and/or fraudulent in nature.
We will only use your information for the reasons we have told you about above. If we need to use your information for any other reason, we will let you know and tell you the reason, unless the law stops us from doing so.
We may share your personal data with other organisations so we can:
Tumelo and our partners (including your investment provider) will not be able to identify you as an individual from the information we share with them. Any information shared will be anonymised and in most cases aggregated except in the instances where you have given explicit consent to be identified (for example, to participate in video/recorded user interviews). The only instance where personal details (Scheme name, and name of user) are shared is for Institutional investors voting via our Stewardship platform, as detailed below.
In exceptional circumstances, we may disclose or transfer your personal information:
So that you may access and use Tumelo’s services for the duration of your relationship with your provider we will normally hold your data for as long as the provider continues to work with us.
We will hold your personal data for the duration of our pilot with your provider. We will delete personally identifiable data such as:
This will be done immediately following the pilot end date, agreed between Tumelo and your provider. We will continue indefinitely to hold anonymised data such as:
Information we hold about you is stored and processed principally in the Tumelo platform.
The platform is principally hosted in sub-processors' secure data centres within the European Economic Area (EEA). Your information may be shared with our carefully selected sub-processors, who are directly involved with the delivery of our services. Such sub-processors shall only process personal information in countries which have an adequate level of protection from a data protection perspective. Some of these sub-processors are outside of the EEA, namely the USA. Wherever possible, Tumelo ensures that sub-processors store data within the EEA.
In the event that the processing of your personal information at any time requires it to be transferred to and/or stored or accessed from a destination outside the EEA, we will take all steps reasonably necessary to ensure that your data is treated securely, in accordance with this policy and safeguarded in accordance with all applicable legislation.
We have appropriate security measures to prevent personal information from being accidentally lost, accessed or used unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We continually test our systems and are IASME certified. This is a standard defined by the UK National Cyber Security Centre (NCSC) which covers both the Cyber Essentials accreditation and GDPR.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we can do so directly and will encourage providers to notify through you in any instances we are unable to communicate with you directly.
Aspects of Tumelo's services (such as company overview pages) and providers’ websites may include links to third-party websites which may collect your personal information. We have no control over what these websites do with your personal information. Please check the policies on these websites that should tell you what they do with your personal information.
You have the right to object at any time to the processing of your personal information. You can make this objection to us by contacting our support team or to the provider in accordance with the procedure set out in their privacy notice which is available on their website. We will also pass any processing objection we receive on to the relevant provider for their consideration.
You have a right to access any information we hold about you and request a copy of it, and to ask us to correct your personal information if it’s not correct.
You also have a right to ask us to delete your personal information and request that processing is restricted. This may affect our ability to provide our services to you. We will let you know if this is the case.
With regards to email communications, you have a right to:
Please note that if you opt-out of receiving service emails from Tumelo:
Any request in regards to your data which is excessive may be subject to a reasonable fee to cover our administrative costs in providing you with the necessary details. We will always discuss this with you before proceeding with your request.
If you have a complaint, please contact our support team and we will do our best to fix the problem quickly.
We’ll keep our privacy policy up to date on both our website and on our platform. If we make any significant changes to it we will notify you by email directly.