- Who we are
- Personal information we collect
- Where we collect personal information
- How we use your personal information
- Who we share your personal information with
- How long we keep your personal information
- Transfer of your information out of the EEA
- Cookies and similar technologies
- Your rights
- How to contact us and How to complain
- How to withdraw your consent
Who we are
We collect, process, use and are responsible for certain personal information about you. When we do so, we are regulated under the UK version of the General Data Protection Regulation (EU) 2016/679 (UKGDPR) which applies in the UK, having been incorporated into and forming part of the Data Protection Act 2018 (together ‘the DPA’).
Personal information we collect
Below is a list of the types of personal information that we may collect and use when you apply for, or use, any of our products or services.
- Contact: Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you
- Transactional: Details about the transactions you carry out and the payments to and from the bank accounts that are registered with us
- Contractual: Details about the products or services we provide to you
- Locational: Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card
- Behavioural: Details about how you use products and services via our Platform from us and other organisations
- Technical: Details on the devices and technology you use
- Communications: What we learn about you from communications between us.
- Public and third-party records: Details about you that are in public records, such as the Electoral Register, and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as identity verification and fraud prevention agencies such as (without limitation) Onfido.
- Usage data: Other data about how you use our products and services
- Documentary data: Details about you that are stored in documents in different formats, or copies of them. This could include things like (without limitation) your passport, driver’s licence, photographs or birth certificate.
- Consents: Any permissions, consents or preferences that you give us
Where we collect personal information
This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf.
- When you register for a OneBanks account
- When you talk to us on the phone
- When you use our website or mobile app
- In emails, web chats and letters
- In surveys
- If you take part in our competitions or promotions
Data we collect when you use our products or services
- Payment and transaction data
- Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).
Data from third parties
- Companies and business partners that introduce you to us
- Our service partners
- Our third-party vendors, including (without limitation) those that help us authenticate your identity
- Identity verification agencies such as (without limitation) Onfido
- Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)
- Fraud prevention agencies
- Other financial services companies (to fulfil a payment or other service as part of a contract [which they have] with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour)
- Public information sources such as (without limitation) Companies House
- Third-party agents, suppliers, sub-contractors and advisers
- Market researchers
- Firms providing data services
- Government, law enforcement agencies, authorities and regulatory bodies to help us comply with our legal obligations;
How we use your personal information
Below is a list of the ways that we may use your personal information and our reasons for doing so:
What we use your personal information for serving you:
- Managing our relationship with you or your business: Fulfilling our contract with you
- Developing and carrying out marketing activities: When you consent to it
- Studying how our customers use products and services from us and other organisations: When it is in our legitimate interest - keeping our records up to date, working out which of our products and services may interest you and telling you about them, if you have given consent, developing products and services, our pricing for them and types of customers that may want to use them
- Communicating with you about our and our business partners’ products and services: When you consent to it
Improving our business
- Testing new products, Improving our products and services, Managing how we work with other companies that provide services to us and our customers, Developing new ways to meet our customers’ needs and to grow our business: Fulfilling our contract with you, When it is in our legitimate interest: Developing products and services, our pricing for them and types of customers that may want to use them, Being efficient about how we fulfil our legal and contractual duties
Managing our operations
- Delivering our and our business partners’ products and services, Making and managing customer payments: Fulfilling our contract with you, When it is in our legitimate interest: Being efficient about how we fulfil our legal and contractual duties, Complying with rules and guidance from regulators
Crime prevention and managing risks
- Identifying, investigating, reporting and preventing fraud, money laundering and other crime, Conducting ongoing compliance status, Complying with laws and regulations: To fulfil our legal and regulatory obligations, Managing risk for us and our customers, Investigating and responding to complaints and feedback: When it is in our legitimate interest: Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect, Being efficient about how we fulfil our legal and contractual duties, Complying with rules and guidance from regulators, Fulfilling our contract with you
- Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit: When it is in our legitimate interest: Being efficient about how we fulfil our legal and contractual duties, Complying with rules and guidance from regulators
- Carrying out our obligations arising from and exercising our rights set out in our contracts: Fulfilling our contract with you
Who we share your personal information with
This means legal or other official bodies that include (without limitation):
- UK central and local government, and where applicable, any other authorised international government agency
- HM Revenue & Customs, regulators and other domestic or authorised international tax authorities
- UK or authorised international law enforcement or fraud prevention agencies (where applicable).
Third-party companies we work with to provide our services and products to you and to run our business.
- Agents, business partners, suppliers, sub-contractors and advisers.
- Someone linked with you or your business’s product or service.
- Other financial services companies (for example, without limitation), to help prevent, detect and prosecute unlawful acts, money laundering or fraudulent behaviour)
- Accountants (if you have one and have provided your consent to us sharing your information with them)
- Companies you ask us to share your data with
- If you have a product with benefits such as discount offers, we will share your data with the benefit providers.
Third-party companies we use to help grow and improve our business.
- Companies we have a joint venture or agreement to co-operate with
- Organisations that introduce you to us
- Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices)
Sharing anonymised data
In addition to the data sharing listed above, we may from time to time share or sell some data to other companies outside Unified Financial Limited, but only when it is anonymised so that no-one’s identity can be known or found out and is no longer considered to be personal information under the law.
How long we keep your personal information
We will keep your personal information as long as you are a consumer/user of OneBanks Hub.
We may keep your personal information for up to 5 years after you stop being a consumer/user. The reasons we may do this are:
- To respond to a question or complaint, or to show whether we gave you fair treatment
- To study customer data as part of our own research
- To comply with legal rules that apply to us about keeping records. For example, the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to retain certain data for a minimum of 5 and a maximum of 10 years.
We may also keep your data for longer than 5 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.
Transfer of your information out of the EEA
The personal data that we hold will be stored in the UK or the European Economic Area (EEA), but may also be transferred to, and stored at, a destination outside the UK or EEA, with and by third parties, to help us provide our products or run our services. If we do transfer your personal information outside the UK or EEA, we will make sure that it is protected to the same extent as in the UK and EEA. We’ll use one of these legal safeguards:
- Transfer it to a non-UK or non-EEA country with privacy laws that give the same protection as those under the UK or the EEA.
- Put in place a contract and Standard Contractual Clauses with the recipient that means they must protect it to the same standards as the UK and EEA.
Cookies and other tracking technologies
We may use the following cookies:
- Strictly necessary cookies required for the operation of our products or services (including, for example, cookies that enable you to log into secure accounts and use interactive features);
- Analytical/performance cookies that allow us to recognise and count the number of visitors and users and see how they use the products or services (e.g. (without limitation) to help us improve the way our products or services work or are provided, by ensuring that users are finding what they are looking for easily);
- Functionality cookies to help us recognise you when you return to our website (this enables us to e.g. (without limitation) personalise our content for you, greet you by name and remember your preferences, such as choice of language or region).
- Targeting cookies to record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our products and services and the information displayed on it, which we reasonably think is more relevant to your interests. We may also share this information with third parties for this purpose.
Under the UK GDPR/ DPA, you are entitled to the following rights:
- question any information about you that you think is incorrect and have us take reasonable steps to correct it for you.
- to be told about how we process your information.
- require the erasure of personal information concerning you in certain situations
- access personal information and copies (free of charge) concerning you collected by us in the course of our relationship with you
- object at any time to processing of personal information concerning you for e.g. (without limitation) direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or which similarly may significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise, restrict our processing of your personal information in certain circumstances
- The right to move, copy or transfer your personal data.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the UKGDPR / DPA.
If you would like to exercise any of those rights, please contact us at:
How to contact us and how to complain
We hope that our Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your information. You can write to our DPO at firstname.lastname@example.org and mark for the attention of the DPO.
Additionally you may complain to the Information Commissioner’s Officer at https://ico.org.uk/make-a-complaint/
Information Commissioner's Office
How to withdraw your consent
You can withdraw your consent to our processing of your information at any time. Please contact us if you want to do so.
This will only affect the way we use information when our reason for processing your information is that you have provided your consent to that use. See the section ‘Your Rights’ about your right to restrict use of your information.
If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.