We ask that you read this Privacy Policy, which was last updated on the date set out below,   carefully as it contains important information on who we are, how and why we collect, store, use, transfer and share personal information, your rights in relation to your personal information, and how to contact us and the regulatory authorities (Information Commissioner’s Officer and Financial Conduct Authority as referred to below) in the event you have a complaint. This Privacy Policy should be read alongside, and in addition to our consumer/user Terms and Conditions and any separate product or service agreement entered into between us from time to time. 

Whenever we refer to the ‘law’ under this Privacy Policy we are referring to those laws as set out below (amended from time to time). Where we have used but haven’t explained the meaning of a defined term in this Privacy Policy, that defined term has the same meaning as set out under the DPA (as defined below) and our consumer/user Terms and Conditions. When we refer to ‘information’ or ‘data’ under this Privacy Policy we refer to your personal information as defined below.

This Privacy Policy is divided into the following sections:

  • Who we are
  • Personal information we collect
  • Where we collect personal information
  • How we use your personal information
  • Who we share your personal information with
  • How long we keep your personal information
  • Transfer of your information out of the EEA
  • Cookies and similar technologies
  • Your rights
  • How to contact us and How to complain
  • How to withdraw your consent
  • Credit Reference Agencies

 

Who we are

In this Privacy Policy reference to us, our, we, or OneBanks are to Unified Financial Limited (Co. No. SC648489). We are a PSD agent under firm ref no: 936544 as an authorised agent and nominee of Sentinel Limited t/a Nuapay which is an Authorised Payment Institute (API) licensed and authorised by the Financial Conduct Authority (FCA) in the United Kingdom (UK) under ref no: FRN624067. We are also registered with the Information Commissioner’s Office (ICO)under registration number ZA933926.

 

We collect, process, use and are responsible for certain personal information about you. When we do so, we are regulated under the UK version of the General Data Protection Regulation (EU) 2016/679 (UKGDPR) which applies in the UK, having been incorporated into and forming part of the Data Protection Act 2018 (together ‘the DPA’).

We are responsible as a Data Processor and in some instances a Data Controller of that personal information for the purposes of those laws. If you have any queries about this Privacy Policy or how we or we collect, store or use your information, please contact us by email at info@onebanks.co.uk

Personal information we collect

Below is a list of the types of personal information that we may collect and use when you apply for, or use, any of our products or services.

Type of personal information

Description

Contact

Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you

Transactional

Details about the transactions you carry out and the payments to and from your accounts with us

Contractual

Details about the products or services we provide to you

Locational

Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card.

Behavioural

Details about how you use products and services via our Platform from us and other organisations 

Technical

Details on the devices and technology you use

Communications

What we learn about you from communications between us.

Public and third-party records

Details about you that are in public records, such as the Electoral Register, and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies (see below for more information).

Usage data

Other data about how you use our products and services

Documentary data

Details about you that are stored in documents in different formats, or copies of them. This could include things like (without limitation) your passport, driver’s licence, photographs or birth certificate.

Consents

Any permissions, consents or preferences that you give us

 

Where we collect personal information

This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf.

  • When you register for a OneBanks account
  • When you talk to us on the phone
  • When you use our website or mobile app
  • In emails, web chats and letters
  • In surveys
  • If you take part in our competitions or promotions

 

Data we collect when you use our products or services

  • Payment and transaction data
  • Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).
  • We also use cookies and other internet tracking software to collect data while you are using our website or mobile app (or any other device) (as described in more detail below).

 

Data from third parties

  • Companies and business partners that introduce you to us
  • Our service partners
  • Our third-party vendors, including (without limitation) those that help us authenticate your identity
  • Credit reference agencies such as (without limitation) Onfido
  • Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)
  • Fraud prevention agencies
  • Other financial services companies (to fulfil a payment or other service as part of a contract [which they have] with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour)
  • Public information sources such as (without limitation) Companies House
  • Third-party agents, suppliers, sub-contractors and advisers
  • Market researchers
  • Firms providing data services
  • Government, law enforcement agencies, authorities and regulatory bodies to help us comply with our legal obligations;

 

How we use your personal information

Below is a list of the ways that we may use your personal information and our reasons for doing so:

What we use your personal information for

Our reasons

Serving you

  • Managing our relationship with you or your business
  • Fulfilling our contract with you
  • Developing and carrying out marketing activities
  • When you consent to it
  • Studying how our customers use products and services from us and other organisations
  • When it is in our legitimate interest:
    1. Keeping our records up to date
    2. Working out which of our products and services may interest you and telling you about them, if you have given consent
    3. Developing products and services, our pricing for them and types of customers that may want to use them
  • Communicating with you about our and our business partners’ products and services
  • When you consent to it

Improving our business

  • Testing new products
  • Improving our products and services
  • Managing how we work with other companies that provide services to us and our customers
  • Developing new ways to meet our customers’ needs and to grow our business
  • Fulfilling our contract with you
  • When it is in our legitimate interest:
    1. Developing products and services, our pricing for them and types of customers that may want to use them
    2. Being efficient about how we fulfil our legal and contractual duties

Managing our operations

  • Delivering our and our business partners’ products and services
  • Making and managing customer payments
  • Managing fees, charges and interest due on customer accounts
  • Collecting and recovering money that is owed to us
  • Fulfilling our contract with you
  • When it is in our legitimate interest:
    1. Being efficient about how we fulfil our legal and contractual duties
    2. Complying with rules and guidance from regulators

Crime prevention and managing risks

  • Identifying, investigating, reporting and preventing fraud, money laundering and other crime.
  • Complying with laws and regulations
  • When it is our legal duty
  • Managing risk for us and our customers.
  • When it is in our legitimate interest:
    1. Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect
    2. Being efficient about how we fulfil our legal and contractual duties
  • Complying with rules and guidance from regulators
  • Investigating and responding to complaints and feedback
  • Fulfilling our contract with you.

Business management

  • Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit
  • When it is in our legitimate interest:
    1. Being efficient about how we fulfil our legal and contractual duties
    2. Complying with rules and guidance from regulators
  • Carrying out our obligations arising from and exercising our rights set out in our contracts
  • Fulfilling our contract with you

 

Who we share your personal information with

Below is a list of the types of third parties that we may share your personal information with. We will only disclose personal information with such third parties for the reasons explained in this Privacy Policy.

Authorities


This means legal or other official bodies that include (without limitation):

  • UK central and local government, and where applicable, any other authorised international government agency
  • HM Revenue & Customs, regulators and other domestic or authorised international tax authorities
  • UK Financial Services Compensation Scheme (FSCS) and other deposit guarantee schemes
  • UK or authorised international law enforcement or fraud prevention agencies (where applicable).

Services
Third-party companies we work with to provide our services and products to you and to run our business.

  • Agents, business partners, suppliers, sub-contractors and advisers.
  • Agents who help us to collect what is owed to us (for example, debt collection agencies)
  • Credit reference agencies (such as Equifax and Experian)
  • Someone linked with you or your business’s product or service.
  • Other financial services companies (for example, without limitation), to help prevent, detect and prosecute unlawful acts, money laundering or fraudulent behaviour)
  • Accountants (if you have one and have provided your consent to us sharing your information with them)
  • Companies you ask us to share your data with
  • If you have a product with benefits such as discount offers, we will share your data with the benefit providers.

 

General business
Third-party companies we use to help grow and improve our business.

  • Companies we have a joint venture or agreement to co-operate with
  • Organisations that introduce you to us
  • Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices)

 

Sharing anonymised data

In addition to the data sharing listed above, we may from time to time share or sell some data to other companies outside Unified Financial Limited, but only when it is anonymised so that no-one’s identity can be known or found out and is no longer considered to be personal information under the law.

 

How long we keep your personal information

We will keep your personal information as long as you are a consumer/user of OneBanks.

We may keep your personal information for up to 10 years after you stop being a consumer/user. The reasons we may do this are:

  • To respond to a question or complaint, or to show whether we gave you fair treatment
  • To study customer data as part of our own research
  • To comply with legal rules that apply to us about keeping records. For example, the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to retain certain data for a minimum of 5 and a maximum of 10 years.

We may also keep your data for longer than 10 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.

Transfer of your information out of the EEA

The personal data that we hold will be stored in the UK or the European Economic Area (EEA), but may also be transferred to, and stored at, a destination outside the UK or EEA, with and by third parties, to help us provide our products or run our services. If we do transfer your personal information outside the UK or EEA, we will make sure that it is protected to the same extent as in the UK and EEA. We’ll use one of these legal safeguards:

  • Transfer it to a non-UK or non-EEA country with privacy laws that give the same protection as those under the UK or the EEA.
  • Put in place a contract and Standard Contractual Clauses with the recipient that means they must protect it to the same standards as the UK and EEA.

 

Cookies and other tracking technologies

We may use cookies to distinguish you from other users of our products or services. This helps us to provide you with a good experience, and also allows us to improve our products or services. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device when you visit our website. Cookies send information back to the originating website on each subsequent visit, or to another website which recognises that cookie. Cookies also make it easier for you to log in and use our website.

We may use the following cookies:

  • Strictly necessary cookies required for the operation of our products or services (including, for example, cookies that enable you to log into secure accounts and use interactive features);
  • Analytical/performance cookies that allow us to recognise and count the number of visitors and users and see how they use the products or services (e.g. (without limitation) to help us improve the way our products or services work or are provided, by ensuring that users are finding what they are looking for easily);
  • Functionality cookies to help us recognise you when you return to our website (this enables us to e.g. (without limitation) personalise our content for you, greet you by name and remember your preferences, such as choice of language or region).
  • Targeting cookies to record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our products and services and the information displayed on it, which we reasonably think is more relevant to your interests. We may also share this information with third parties for this purpose.

You can block or disable cookies either by choosing which cookies to accept within our cookie settings, or by activating the setting on your website browser that allows you to refuse the setting of all or some cookies. All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the ‘settings’, ‘preferences’ or ‘options’ menu of the browser you are using, but you could also look for a ‘help’ function or contact the browser provider. However, if you set your settings to block or disable all cookies (including essential cookies) you may not be able to access all or parts of our Platform for which we require the use of cookies. 

 

Your rights

Under the UK GDPR/ DPA, you are entitled to the following rights:

  • question any information about you that you think is incorrect and have us take reasonable steps to correct it for you.
  • to be told about how we process your information.
  • require the erasure of personal information concerning you in certain situations
  • access personal information and copies (free of charge) concerning you collected by us in the course of our relationship with you
  • object at any time to processing of personal information concerning you for e.g. (without limitation) direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or which similarly may significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise, restrict our processing of your personal information in certain circumstances
  • The right to move, copy or transfer your personal data.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the UKGDPR / DPA.

If you would like to exercise any of those rights, please contact us at:

info@onebanks.co.uk

(+44)0 7936 899 278

How to contact us and how to complain

We hope that our Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your information. You can write to our DPO at matthew.lamb@thedataguardians.co.uk

How to withdraw your consent

You can withdraw your consent to our processing of your information at any time. Please contact us if you want to do so.

This will only affect the way we use information when our reason for processing your information is that you have provided your consent to that use. See the section ‘Your Rights’ about your right to restrict use of your information.

If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.

Credit Reference Agencies

We carry out identity checks when you sign up to the service. We use Onfido to help us with this.

If you use our products or services, from time to time, we may also search or use information that the CRAs have, to help us manage those accounts and to comply with our legal and other obligations. We will also share your personal information with CRAs and they will give us information about you for the same reasons stated in this Privacy Policy. This information may include (without limitation) information about settled accounts or any debts not fully repaid on time. We will continue to share your personal information with CRAs for as long as you are a customer.

 

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to ensure that it remains accurate. Please check back from to time to time for updates.

This Privacy Policy was last updated on 4th March 2021.