Tide Logo

Privacy Policy

Hello, we are Tide. We put our customers at the center of our actions. We want to build lasting customer relationships based on transparency and trust. With this Privacy Policy we inform you about how we treat your personal data when you use Tide products and services or visit our website. Our Privacy Policy is divided into the following sections:

  • Who or what is Tide?

  • Tide as Data controller

  • Tide as a Data Processor

  • When Tide acts as a Data Processor

  • List of all personal data we collect

  • Automated decision-making and profiling

  • Where we collect personal data and to whom we share it

  • Information provided by you

  • Information collected and shared with you by others

  • Our most important partners as data controllers

  • Adyen

  • PPS EU SA

  • Disclosure of anonymised data

  • Links to third-party providers and third-party providers of products and services available through the Tide Platform

  • How long we keep your personal data

  • Transfer of your data outside the European Economic Area

  • Cookies and similar technologies

  • Your rights as a data subject

  • This is how you can contact us or file a possible complaint

  • In this way, you can revoke your consent or object to the processing

  • Data security

  • Updates to this Privacy Policy

1. Who or what is Tide?

We are Tide Platform S.A, but you will know us better as Tide. We are a company that respects your privacy and is committed to protecting your personal data. In the coming sections you will learn how we do this.

Your personal data collected by us will be processed by Tide Platform S.A, a company registered in Luxembourg under company number B272663 société anonyme, which is part of the Tide Group.

The Tide Group consists of our headquarters in the UK - Tide Platform Ltd. and other companies worldwide that are under the control of or in joint control with Tide Platform Ltd. ("Tide Group Entities"). Overall, Tide Platform S.A. and the other Tide Group Entities are referred to as "Tide", "we" or "us" in this Policy. We will let you know which Tide or non-Tide company you are entering into a relationship with before you use a product or service available on the Tide Platform. Further information can be found on our Website.

We offer "Tide Products and Services", which means all products, services and information available through our iOS and Android mobile applications, which are available on the App Store and on Google Play ("Our App"), and through our website, which is identified by the following Uniform Resource Locator (URL): www.tide.co/en-de or http://www.tide.co/de-de , including our subdomains ("Our Website"). Our App and our Website together form "the Tide Platform".

1.1 Tide as Data Controller

When you use Tide Products and Services on the Tide Platform, Tide processes certain personal data about you. Tide acts as the Data Controller for this personal data, which means that Tide is responsible for ensuring that your data is processed in accordance with applicable laws for protection of personal data, privacy and electronic communications, including, but not limited to, the EU General Data Protection Regulation ("GDPR") and the German Federal Data Protection Act (BDSG).

If you have any questions about this Privacy Policy or need information about how we or another company of the Tide Group use your data, please contact us by e-mail at support.de@tide.co.

In this privacy Policy, the terms "personal data", "data controller", "data processor", "processing", "data subject" and "profiling" have the meaning assigned to them in the applicable data protection laws mentioned above.

1.2 Tide as a Data Processor

If we process personal data on behalf of third parties (companies or service providers), we may act as a processor (see below).

When Tide acts as a Data Processor

If you use some of the Tide Products and Services, Tide acts as a processor and you as a data controller.

If we act in the role of the processor, we are obliged to conclude a written agreement with you that determines how we will process the personal data you provide us with on your behalf. We will notify you if you use Tide products and services where Tide is acting as a processor, and You must conclude the Tide Data Processing Agreement ("DPA") with us.

2. List of all personal data we collect

We collect personal data for a variety of reasons, including to comply with our legal obligations, to manage and improve our business operations, to establish, exercise or defend our legal claims and - most importantly - to provide you with our services and products.

Below is a list of the types of personal data that we collect and use when you request or use one of the Tide Products and Services.

Processing operation

Data Categories

Purpose

Legal basis

Registration

Registration data

(E-mail address, your name, your date of birth, your telephone number, address (address) and your delivery address (delivery address)

Identification data (e.g. your gender)

Tax data (e.g. your Steuer-ID and your Steuernummer)

Tax data

Passport information

Any consents or preferences that you give us

Setting up the Tide Membership Account and opening a Tide Business Account.

Managing our relationship with you or your company.

Communication about our products and services and those of our business partners.

Providing the Tide products and services, including improving the use of Tide products and services through a single login.

Development and implementation of marketing or business development activities.

Safeguarding your deposits with us.

The performance of our contract with you. Art. 6 Par.1 lit. b) GDPR.

When it is our legal duty. Art. 6 Par.1 lit. c) GDPR.

Protection of legitimate and overriding interests Art. 6 Par.1 lit. f) GDPR.

Authentication Checks & Money Laundering Prevention

Identification data

Passport information

Location data derived from your IP address or from your postal code. This can also include places where you have used your Tide Card. If you authorise this, location data may also be based on your GPS signal.

Information about you that is contained in publicly available sources, as well as data that we receive from records of third-party companies, e.g. credit reporting or fraud protection agencies.

Data about your criminal record and alleged crimes, data about your health (such as disabilities and special health needs), biometric data (photos or videos of you).

Identification, investigation, reporting and prevention of fraud, money laundering and other crimes.

Assessment of your entitlement to Tide products and services.

Development and implementation of marketing or business development activities.

Protection of your Tide Business Account and funds held with our business partners from malicious actors.

Compliance with laws and regulations that oblige us to verify your identity and the identity of other persons.

Providing the Tide Products and Services.

The performance of our contract with you. Art. 6 Par.1 lit. b) GDPR.

When it is our legal duty. Art. 6 Par.1 lit. c) GDPR.

Protection of legitimate and overriding interests Art. 6 Par.1 lit. f) GDPR.

Art. 9, Part 2 lit. a GDPR,

i.e. if you give your explicit consent.

Art. 9, Part 2 lit. g GDPR,

i.e. when processing is done to pursue a substantial public interest.

Art. 9, Part 2 lit. e GDPR,

I.e. when the data has been made public by you.

Banking and Business Account Management

Identification data

Details about Tide Products and Services you use, or about Tide Products or Services for which you have applied.

Details of the transactions and payments you have made to and from your Tide accounts.

Transactions that you have made with other banks or payment service providers and you have shared with us.

Information about how you use products and services offered on the Tide Platform by other organisations.

Details about the devices and technologies you use, such as your browser settings, IP address, or the selection of cookies/marketing measures.

All categories of data that you provide to us that are defined as "sensitive" under applicable law, including personal data about your political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life or sexual orientation.

Any consents or preferences that you give us.

E-mails, calls, chats, feedback, testimonials or other communications, including file attachments that you have sent or provided to us. Content from the communication between you and Tide.

All data that you provide to us about your employees, business partners, customers or other third parties (e.g. Business Name on an invoice, e-mail address of a Team member, etc.).

Provision of the Tide Products and Services and the products and services of our business partners.

Execution and management of customer payments.

The management of the fees, costs and interest accrued on customer accounts.

Collection and recovery of

the money that is owed to us.

Fulfilling our obligations and exercising our rights under the contracts with you.

To conduct our business efficiently and properly, including managing our financial and legal position, legal capacity, corporate planning and testing.

Evaluation and response to your inquiries, complaints and feedback.

Improving the Tide Products and Services and conducting market or user research.

To tailor Tide Products

and Services to your individual needs and characteristics and ensure that all Tide customers receive good and fair final results.

Understanding of our community and the types of clients we work with.

To conduct our business in an appropriate manner, including the exercise of our social responsibility.

The performance of our contract with you. Art. 6 Par.1 lit. b) GDPR.

When it is our legal duty. Art. 6 Par.1 lit. c) GDPR.

Protection of legitimate and overriding interests Art. 6 Par.1 lit. f) GDPR.

Consent of the data subject Art. 6 Par.1 lit. a) GDPR.

Art. 9, Par. 2 lit. a) GDPR,

i.e. if you give your explicit consent.

Art. 9, Part 2 lit. g GDPR,

i.e. when processing is done to pursue a substantial public interest.

Art. 9, Part 2 lit. e GDPR,

I.e. when the data has been made public by you.

Art. 9, Part 2 lit. c GDPR,

I.e. when this is necessary to protect your or someone else’s vital interests.

Credit checks

The result of the credit checks that we have carried out at credit reference agencies, incl. credit information about you and your company as well as similar data about your creditworthiness.

Fulfilling our obligations and exercising our rights under the contracts with you, incl. to assess if you’re eligible for particular Tide Products and Services.

Collection and recovery of

the money that is owed to us.

To conduct our business efficiently and properly, including managing our financial and legal position, legal capacity, corporate planning and testing.

The performance of our contract with you. Art. 6 Par.1 lit. b) GDPR.

If it is in our legitimate interest:

Art. 6 Par.1 lit. f) GDPR.

Marketing

Location data derived from your IP address or from your postal code. This can also include places where you have used your Tide Card. If you authorise this, location data may also be based on your GPS signal.

Contact details such as your phone number, email address, corporate registered address, etc.

E-mails, calls, chats, feedback, testimonials or other communications between you and Tide, including file attachments that you have sent or provided to us. Content from the communication between you and Tide.

Any consents or preferences that you give us.

Your usage of Tide Products and Services and products and services offered by our business partners.

Provision of the Tide Products and Services and the products and services of our business partners.

Protecting your Tide Business Account and our business partners funds held in front of malicious actors.

Managing your preferences regarding marketing, automated decision-making and profiling (if these activities are based on your consent), cookies and other relevant data processing activities that you can refuse.

If it is in our legitimate interest:

Art. 6 Par.1 lit. f) GDPR.

Consent of the data subject Art. 6 Par.1 lit. a) GDPR.

3. Automated decision-making and profiling

In order to make quick and coherent decisions, in some cases we also carry out automated individual decisions. This means that in the cases listed below, we analyze some information about you by technical means in order to evaluate your personal circumstances and thus make predictions, classifications or recommendations. In the following cases, for example, we carry out automated decision-making:

● When you apply for a business account on the Tide Platform

● When we offer you credit-related Tide Products and Services

● When we monitor transactions on the Tide Platform to detect and prevent financial crime

If we make automated decisions in these circumstances, you can request a review of such a decision by Tide, express your point of view or challenge the decision by contacting us at dpo@tide.co or via the Tide app.

Tide also performs profiling in order to be able to communicate with you effectively, for example, to send you relevant notifications or updates, depending on what kind of Tide Products and Services you use, what interests you have, etc.

Tide will also use such profiling for targeted or direct marketing purposes (e.g. to place advertisements tailored to your use or your interests in Tide Products and Services or to your Tide business account information or the use of in-app or other app functions).

4. Where we collect personal data and to whom we share it

We will collect personal data about you or your company from other Tide Group Entities and each of these sources:

4.1 Information provided by you

This includes data provided by you or your company, as well as data from people related to your business, or from people working on your behalf:

● When you apply for Tide Products and Services

● When you talk to us on the phone

● When you use our Website or our App

● In emails, web or in-app chats and letters

● In surveys

● When you participate in our contests or promotions

4.2 Information collected and shared with you by others

We collect and share personal data from/with a number of different third parties, including our service partners, such as Adyen N.V. (“Adyen”) and PPS EU S.A. (“PPS”).

Type of third party

Description

Collecting data

Sharing data

Tide Group Entities

Our affiliated companies

Adyen and PPS

Our most important service partners

Credit Reference Agencies (CRAs)

For some Tide Products and Services, we carry out a credit check when you apply for it for your company. We use domestic or international rating agencies to help us with this.

We may share some of your personal data with credit rating agencies. In return, they provide us with data about you, which we process for the same reasons mentioned in this privacy Policy. This data includes information about settled invoices or debts that you did not repay on time and in full.

The identity of the credit rating agencies and the manner in which they use and disclose personal data will be disclosed at TransUnion, Equifax and Experian explained in more detail.

Collection agencies

We may pass on your data to providers of commercial debt collection services if we have to demand repayment of the amounts owed to us.

X

Agencies and service providers for the prevention of financial crime

We share and collect data with financial crime prevention agencies and service providers to prevent fraud and money laundering and to verify your identity. These checks for the purpose of fraud prevention may result in the rejection of Tide Products and Services.

Supporting instruments and operational partners

These include analysts, providers of search engine services, platforms to support the user experience in order to optimise and improve our services, as well as subcontractors that we can use to supplement our customer service resources.

X

Hosting and IT service providers

IT providers, including cloud storage providers, to store your personal data securely.

X

Manufacturers of Tide Cards and shipping service providers

Companies that produce, personalise and send bank cards.

X

Partners and suppliers for payment processing

Financial service providers, including card issuers, payment processors and banking partners, to facilitate payment transactions. These third parties may transfer information about your Tide business account and your transactions to us (with your consent).

Providers of identity verification services such as Jumio and IDnow

We work with third parties to verify the information you provide to us, such as your identity and address.

Partner platforms that offer business services

We work with partners to offer you "add-ons" to the Tide Products and Services, such as invoicing, accounting, payroll for employees, domain registration and accounting.

Providers of social networks and other online platforms

Social media platforms for the purpose of conducting market research, marketing campaigns, targeted marketing, retargeting and to determine the success of our marketing activities.

These platforms check if you have an account with them and show you targeted advertising based on the characteristics they have about you. We may also process public information about you or your business on social network such as Facebook or LinkedIn in order to identify, investigate, report and prevent financial crime or to asses your eligibility for Tide Products and Services.

Public data sources

The Business register and other public data sources.

X

Marketing, Business Development and sales partners

Third parties who support us in generating sales and marketing contacts or in developing and carrying out our marketing activities.

Third-Party Data Services

Data analysis and insight companies that help us, for example, to continuously check the quality of our data, to improve the effectiveness of our crime prevention controls, to generate synthetic data, etc.

X

Law enforcement and judicial authorities

Government, law enforcement agencies, authorities and regulatory bodies when Tide has to comply with its legal obligations.

5. Our most important partners as data controllers

In addition to the above-mentioned ways in which we process and share your personal data, Tide also shares this data with companies that enable us to offer Tide products and services to our customers.

The companies listed below are responsible for the processing of your personal data that has been passed on to them.

This means that you must contact these companies separately from Tide if you wish to exercise any of the rights granted to you by the personal data protection laws applicable to you.

The following describes how and why we share your data with these companies:

5.1 Adyen N.V

Adyen provides the Tide Business Accounts in accordance with the Adyen Terms and Conditions (Tide Business Account Agreement – User Terms).

Who is Adyen and why do they process my data?

Adyen is responsible for the data processing regarding your Tide Business Account and all necessary activities related to the management of the Tide Business Account: you can set up, access and manage your Tide Business Account. Adyen does not use your personal data for marketing purposes and does not pass it on to third parties for marketing purposes.

Which personal data are processed by Adyen?

Adyen processes your personal data in accordance with the Adyen Privacy policy. Please read Adyen’s Privacy Policy to understand how and why Adyen processes your personal data and to learn the details about third parties who have access to this data.

How can I contact Adyen?

You can contact Adyen at dpo@adyen.com or contact the Data Protection Officer of Adyen in writing at the following address:

Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands.

5.2 PPS EU SA

PPS EU SA, is an Electronic Money Institution (“EMI”) with company number 0712.775.202 and registered address at: Avenue Herrmann-Debroux 40-42, 1160 Auderghem (Brussels-Capitale), Belgium, and issues the Mastercard Business Debit Card (the “Tide Card”) linked to your Tide Business Account in accordance with the Tide Card Terms.

Who is PPS and why do they process my data?

PPS is authorised and regulated by the National Bank of Belgium as an Electronic Money Institution. PPS is the data controller in relation to your Tide Card and all necessary activities related to the operation of the Tide Card: you can receive, activate and use your Tide Card. The processing of your personal data is necessary for the performance of your contract for the issuance and operation of the Tide Card, as well as for compliance with the legal and regulatory obligations applicable to PPS. PPS does not use your personal data for marketing purposes and does not pass it on to third parties for marketing purposes.

Which personal data are processed by PPS?

PPS processes your personal data in accordance with the PPS’Privacy Policy. Please read this policy carefully to understand how and why PPS processes your personal data and to find out the details about third parties who have access to this data.

How can I contact PPS?

You can contact PPS at dpo@prepaysolutions.comor contact the Data Protection Officer of PPS in writing:

PPS DATA PROTECTION OFFICER

P.O. Box 3883

Swindon

SN3 9EA.

6. Disclosure of anonymized data

In addition to the data listed above, we pass on some data to other companies outside the Tide Group, but only if the data have been changed in such a way that the identity of any person is not recognizable and they are no longer considered personal data within the meaning of the applicable law (anonymized data).

7. Links to third-party providers and third-party providers of products and services available through the Tide Platform

Occasionally, we will include or offer products or services from our business partners on the Tide Platform at our reasonable discretion. These are independent service providers whose services are made available or advertised to you via the Tide Platform (e.g. for invoicing, accounting, payment processing as well as direct debiting procedures, domain registration, insurance companies and credit providers).

As a customer of Tide, you can decide to use these services. In doing so, your data will be passed on by Tide to the third-party provider in order to facilitate your use of the products or services. Alternatively, we can also forward you directly to the third-party provider's website. The personal data that we share and collect in such cases may vary depending on the type of service.

This includes, for example, the name and contact details of your company, your turnover, information about your employees and their pay slips, billing data, customer data and all other information that the provider needs to provide the product or service you have requested.

Business partners can either act as data processors for Tide or act as independent data controllers. If business partners act as data processors for Tide, they will only use your personal data to provide the Tide products and services you have requested, as described in this Privacy Policy.

On the other hand, if business partners act as independent data controllers, their own independent data protection policies apply when you use their products and services or visit their website. Neither we nor other members of the Tide Group, our directors, officers, a gents, contractors, subcontractors or employees assume any responsibility or liability (regardless of the cause) for the content, activities, data processing and services provided by these data controllers or on their linked websites.

If you would like more information about how these third parties will use your data, you should contact them directly.

8. How long we keep your personal data

We will keep your personal data for as long as you use the Tide Products and Services.

We will also continue processing your personal data for a certain period of time even after the end of your use of the Tide Products and Services. This happens for the following reasons and in accordance with the following retention periods:

  • To respond to inquiries or complaints or to prove whether we have treated you fairly and in accordance with the law, we’d keep all correspondence between you and Tide for the full duration of our business relationship with Tide and for 3 years after termination.

  • To establish, exercise or defend our legal claims, we may keep data your data for up to 10 years.

  • To study customer data as part of our own research, provided that this does not affect your privacy and your right to the protection of personal data

  • In order to comply with the statutory retention obligations or requirements that apply to us, for example we’d need to keep your transactions for 10 years and KYC/identity data for 5 years after the end of your business relationship with Tide.

  • Furthermore, we will keep your data even if certain laws to which Tide is subject require that we may not delete it for legal or regulatory reasons.

For detailed information on how long we keep your data, please feel free to contact support.de@tide.co.

9. Transfer of your data outside the European Economic Area

Although Tide stores the personal data we process in the European Economic Area (EEA) and the United Kingdom, it may be necessary to transfer this data to a location outside the EEA or the United Kingdom and store it there. This is done in cooperation with third parties if this is necessary for the provision or operation of the Tide Products and Services. If we transfer your personal data outside the EEA, we will ensure that it is protected as comprehensively as in the EEA. For this we use one of the following legal protection measures:

  • We transfer data to a non-EEA country with data protection laws if those laws offer the same protection as the European data protection laws (classified as "appropriate" by the EU Commission)

  • We conclude contracts with the data recipient, which protects your data according to the same standards as in the EEA

  • We use the standard contractual clauses for the transfer of personal data to third countries approved by the EU Commission by Implementing Decision (EU) 2021/914.

If we use contractual instruments to transfer your personal data to countries that do not have an "adequacy" status, we ensure that these transfer instruments are additionally supplemented by appropriate guarantees for the protection of your data. In this way, we ensure compliance with the applicable data protection regulations and ensure that your data continues to enjoy the same level of protection as in the EEA.

If you would like more information about the specific mechanism we use when transferring your personal data to countries outside the EEA, please contact us.

10. Cookies and other tracking technologies

We use cookies and other tracking technologies to distinguish you from other users of our products or services when you visit our website or use our app. This is to provide you with a better user experience, to continuously improve our Tide Products and Services, to maintain the security of our Website and App and to present you with relevant advertising content.

A cookie is a small file with letters and numbers that we store in your browser or on the hard drive of your device when you visit our Website or use our App. On each subsequent visit, cookies send data back to the original website or app, or to another website that recognizes this cookie. Further information about the cookies we use can be found in our Cookie Policy.

You can block or disable cookies by changing the settings of your website browser. This allows you to refuse the setting of all or some cookies. Alternatively, you can also do this via the banner on our website or on the "Cookie settings" page in the footer of our website. All browsers offer tools that allow you to control the handling of cookies, such as accept, reject or delete. Usually these settings are accessible in the "Settings", "Preferences" or "Options" menu of your browser. If you have any difficulties, you can look up in the "Help" function or contact the browser provider directly. However, please note that if you set your browser to block or disable all cookies (including important cookies), you may not be able to access all or parts of the Tide Platform that require the use of cookies.

11. Your rights as a data subject

According to the Federal Data Protection Act and the EU General Data Protection Regulation (EU-DSGVO), you have the following rights:

  • You have the right to question any personal data concerning you and you can take appropriate stPPS to correct it if you consider it to be incorrect.

  • You have the right to information about how we process your data.

  • In certain situations, you have the right to request the deletion of the personal data concerning you.

  • You have the right to access the personal data we process free of charge (if reasonable) and to receive copies of this data collected in the course of our customer relationship with you.

  • You can object to the processing of your personal data at any time, for example for direct marketing.

  • You can object to automated decisions that have legal effects on you or can influence you in a significant way at any time.

  • In certain situations, you have the right to object to the further processing of your personal data by us.

  • Otherwise, we may restrict the processing of your personal data under certain circumstances.

  • You have the right to transfer, copy or transfer your personal data to another service provider, provided that this is appropriate and proportionate.

If you would like to exercise your rights, please contact us at support.de@tide.co, use the chat function of our app or send us a written message to:7, Avenue Gaston Diderich, L-1420, Luxembourg

12. This is how you can contact us and file a complaint:

You can contact our DPO in writing: By e-mail: dpo@tide.co

Or by post: 7, Avenue Gaston Diderich, L-1420, Luxembourg

In addition, you have the right to complain to the data protection authority. You can consult this list to find out which data protection authority is competent for processing your complaint.

13. In this way, you can revoke your consent or object to data processing:

You have the right to revoke your consent to the processing of your data at any time. In this case, you can contact us by e-mail at support.de@tide.co.

Please note that the withdrawal of your consent will only affect the way we use your data if our basis for data processing is your consent. Further information on your rights can be found in the section "Your rights", in particular your right to restrict the use of your data.

In addition, you have the opportunity to opt out of certain forms of data processing that we carry out, such as:

  • Marketing activities, including email, telephone and SMS marketing.

  • Social media and targeted marketing, including retargeting and curated audiences.

  • The collection of non-essential cookies on our website. However, please note that you cannot opt out of "necessary" cookies as described above.

  • Non-essential profiling and automated decision-making, including activities for marketing purposes.

If you withdraw your consent and/or unsubscribe, there is a possibility that we may no longer be able to offer you certain Tide Products and Services. If this is the case, we will inform you accordingly. You will then have the option to give us your consent again if you wish to access the Tide Products and Services.

14. Data security

We have taken appropriate security measures to ensure that your personal data is not accidentally lost, used, modified, disclosed or accessed in an unauthorized manner. We use both technical and organizational security measures to ensure the protection of your personal data. These measures include, in particular:

  • The pseudonymisation and encryption of personal data wherever possible

  • Ensuring the constant confidentiality, integrity, availability and resilience of our systems for processing your personal data through role-based access controls, obligations to the confidentiality of our employees, regular data backups and similar measures

  • The use of tools that allow us to quickly restore access to your personal data in the event of technical malfunctions

  • The use of secure and verified communication channels, such as the app functionality of our app

  • The establishment of a procedure for the regular review, evaluation and evaluation of the effectiveness of our technical and organizational security measures

In addition, we limit access to your personal data to employees, agents, contractors and other third parties who absolutely need this data to perform their business tasks. They process your personal data only on the basis of the "need-to-know" principle and in accordance with our instructions. In addition, they treat your personal data as strictly confidential.

We have also established procedures for dealing with alleged personal data breaches and will notify you and the relevant supervisory authorities of such a breach if required by law.

15. Updates to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time to ensure that it is correct and complies with applicable data protection regulations. We recommend that you check this Privacy Policy occasionally for updates.

This Privacy Policy was last updated on November 21, 2024.