- Who we are
- Our principles
- Customer information about data processing in accordance with the GDPR
- Which data is processed by us and the sources of data
- For what purposes and on what legal basis do we process the personal data?
- How to complain
- Your data protection rights
- Third party links
- Our security technology
1. Who we are
Raisin UK is a trading name for the Raisin UK group of companies.
The Raisin UK group of companies are: Raisin Holdings UK Limited (registered number 10951012); Raisin Platforms Limited (registered number: 11075085) and Raisin Technology Limited (registered number 09902685) together constitute the Raisin UK group of companies (‘Raisin UK’). All are registered in England and Wales. The registered office for each is Withers LLP, Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN. Raisin Platforms Limited is authorised and regulated by the Financial Conduct Authority (FRN: 813894).
Raisin Platforms Limited is the entity through which Raisin UK’s platform services operate. Raisin Platforms Limited is both a data controller and data processor for the purposes specified in this Privacy Notice. Raisin Platforms Limited is also registered as a data controller with the Information Commissioner’s Office under reference: ZA299777.
Any information you provide on our website is controlled by Raisin Platforms Limited.
Raisin UK provides information on its website, www.raisin.co.uk (“our website”) about deposits and investment products of selected partner banks. In addition, our customers can access the Online Banking System of our service bank, Starling Bank Limited.
This Privacy Notice explains how we handle the information we learn about you when you visit our website and your rights in relation to how we process this information.
This Privacy Notice only applies to Raisin UK and our website and does not extend to other third-party websites accessed from this website.
When you visit our website you trust us with your information. By helping you understand our privacy practices, we want to show that we are committed to keeping that trust. This Privacy
Notice (together with our Raisin UK Terms & Conditions and any other documents referred to in it), describes how we collect and use your personal data in accordance with the Data Protection Legislation which is defined below.
It is important that you read this Privacy Notice in conjunction with any privacy notice which we may provide on specific occasions so that you are aware of how we are collecting and processing information about you and why we are using such information.
3. Our principles
The protection of your privacy is very important to us
We treat your data responsibly and only process it for specified purposes
We are aware of the sensitivity of the data you have entrusted to us
We do not process any personal data without a legal basis
We will never pass on your data to third parties unless there is a lawful basis to do so
We use several well-established measures (such as encryption) to prevent any misuse of your data
We follow the principle of data minimisation
4. Customer information about data processing in accordance with the GDPR
All personal data that you submit to us will be held in accordance with our responsibilities in compliance with the Data Protection Legislation; defined as, for the periods in which they are in force, the General Data Protection Regulation (EU) 2016/670) (‘GDPR’), all laws giving effect or purporting to give effect to the GDPR (such as the Data Protection Act 2018) or any equivalent legislation amending or replacing the GDPR.
We will collect and process the information provided by you when you do any of the following (not an exhaustive list):
complete forms on our website including registrations for a customer account and applications for any of our savings products or any other services;
visit our website including but not limited to traffic data, location data, web logs and other communication data, whether it is required for our own purposes or otherwise, as well as the
resources that you access by using our website;
provide information to help us investigate your report of any problem with our website;
you request our assistance to help you navigate around our website;
provide information upon request so we can respond to your correspondence; and,
provide instructions for any transfer to and from your savings products.
We will also process your personal data where we obtain information from you or third parties such as fraud prevention agencies or other organisations, when you register for an account with us or apply for any of our savings products, or other services which you or they give to us at any time.
5. Which data is processed by us and the sources of data
Personal data is any information that directly or indirectly identifies you and includes your name, address, date of birth, birth place, nationality and marital status and any other information which you provide to us as part of the application process for the purposes of opening and operating your Raisin UK Account.
The customer relationship begins with the initiation of a contract and includes the completion of the contract. You will need to provide us with your personal data if you want to enter into a customer relationship with Raisin UK. We also process personal data which is lawfully obtained from publicly available sources.
The principle purpose of collecting personal data from you through our website is to provide information or services specifically requested by you and so we can comply with our legal obligations. When you complete our online forms, we ask for your personal details and other selected information so that we can deal with your request as efficiently and effectively as possible. If you decide not to provide us with the personal data that we request from you then we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We will never sell, trade, or rent your personal data to others, however, we may share your personal data with selected third parties in the following instances:
- we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets. In such an event, we will ensure that the prospective seller or buyer treats your information as confidential.
- a third party acquires Raisin Platforms Limited or substantially all of its assets, in which case information held by Raisin Platforms Limited about its customers will be one of the transferred assets. In such an event, we will ensure that the third party treats your information as confidential.
- we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your savings products or to protect the rights, property, or safety of Raisin Platforms Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may disclose your information to any member of our group, which means that we may disclose your information to our ultimate holding company and its subsidiaries.
We partner with a number of groups, suppliers and subcontractors in order to provide savings products and to manage your Raisin UK Account. In some cases, they may process personal data, for example, to provide an identity verification check.
We require all third-party service providers, to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- Group companies and subsidiaries of Raisin GmbH
- Partner banks
- Credit reference agencies
- Service bank providers
- Deposit administrators
- Regulators and compliance
- Customer service providers
- Information technology, communications and cloud computing providers
6. For what purposes and on what legal basis do we process the personal data?
- Processing is necessary to perform a contract we have entered with you and/or for taking steps to comply with a request made by an individual with a view to entering into a contract (Article 6(1)(b) of the GDPR).
- We process your personal data when you provide us with pre-contractual information at the point of registering with us. This allows us to carry out our obligations to provide services to you under the platform contract and also so we can carry out other relevant required activities. If it is necessary to enable us to perform our contract with you we may share your personal data with our business partners, suppliers and sub-contractors but only with your consent.
- Processing is necessary to comply with our legal obligations as a data controller (Article 6 (1)(c) of the GDPR).
- We may process personal data for the purpose of fulfilling various legal obligations such as carrying out our obligations in respect of the provision of your savings products and the provision of our online services, verification of your identity and making financial risk assessments including anti-money laundering checks and the use of your personal data for crime and fraud prevention purposes.
- You have consented to the processing of your personal data for one or more specific purposes (Article 6(1)(a) of the GDPR).
- Where you provide specific and informed ‘opt-in’ consent we will process your personal data for marketing purposes so you can receive appropriate communications from us. You may withdraw your consent at any time upon notification to us. There is no requirement upon you to communicate withdrawal of consent in any particular form, i.e. you could make the notification by phone, email or by letter. Where you opt out of receiving marketing communications this will not apply to personal data provided to us as a result of a product or service.
- Circumstances may arise where we or a third party may need to process your personal data beyond the performance of our contract to protect our legitimate interests or a third party. This processing could include testing and optimisation of requirements analysis and direct customer approach; measures to manage the business, to improve services and to recover customers and advertising or market and opinion research. If you decide to exercise your right to object to direct marketing in accordance with Article 21 of the GDPR you can withdraw your consent at any time by unsubscribing.
- We also process your personal data to ensure content from our website is presented in the most effective manner for you and your device, so we can process your application for savings products and set up your Raisin UK Account to use our online services, manage your savings products through your Raisin UK Account, provide you with statements and services available through our Raisin UK website, including the service which enables you to manage your savings products online, meet our regulatory compliance and reporting obligations, enforce any of our rights against you and also so we can develop and improve our services to you and notify you about changes to our services.
- We do not disclose information about identifiable individuals to our partners, but we may provide them with aggregate information about our users.
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. How to complain
If you have a query or complaint about how we process your personal data please contact the Data Protection Officer using the below contact details. We will investigate your concerns and take all reasonable steps to resolve the matter promptly. You also have the right to complain to an EU Data Protection Supervisory Authority. That authority should be located where you live, where we are based, or where you feel the issue you wish to complain about took place.
In the UK, the relevant EU Data Protection Supervisory Authority is the Information Commissioner’s Office (ICO). You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You can contact the ICO through their website: www.ico.org.uk.
Responsible for the data processing is:
Data Protection Officer
12-16 Mosley Street
Tel: +44 1617102390
8. Your data protection rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
If you wish to exercise any of the below rights please contact our Data Protection Officer at Raisin UK.
- Right of information (Article 15 of the GDPR): You can request a copy of the personal data that we hold about you and further information about how we process your personal data. This is known as a ‘Data Subject Access Request’, and we normally have one month to respond to such a request. You can make a Data Subject Access Request by contacting the Data Protection Officer. A Data Subject Access Request will usually be free of charge. We will ask you to provide forms of identification accepted by Raisin UK so we can verify your identity before we can respond to a Data Subject Access Request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
- Right to rectification (Article 16 of the GDPR): If your information is no longer correct you have the right to request that we rectify it. We take reasonable steps to keep your information accurate, complete and current. Please remember that it is your responsibility to tell us about any updates to your information. We may need to verify the accuracy of the new data that you provide to us. You may also edit your details at any time by logging into your Raisin UK Account or by contacting our Customer Services team.
- Right to erasure (Article 17 of the GDPR): In certain circumstances, you have the right to ask us to delete your personal data, for example; if your personal data is no longer necessary for the purpose(s) it was collected for, or your personal data has been processed unlawfully. There are legitimate reasons that we must retain some of your personal data after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for the establishment, exercise of defence of legal claims. We will notify you of any decision to retain or erase your personal data.
- Right to restrict processing (Article 18 of the GDPR): You can request that we restrict our processing of your personal data in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another individual or legal entity or for important public interest reasons. We will inform you prior to the lifting of any restriction.
- Right to object (Article 21 of the GDPR): You can request that we stop processing your personal data where the purpose(s) is based on a ‘legitimate business interest’ and/or the ‘public interest’. We can continue to process your personal data for the establishment, exercise or defence of legal claims if we are satisfied there are compelling legitimate grounds which override your interests, rights or freedoms.
- Right to data portability (Article 20 of the GDPR): You have the right to request that we provide your personal data to you in a portable format and also upon request to transmit your personal data to another data controller. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to complain: If you believe we are processing your personal data in breach of UK or EU data protection law please get in touch with our Data Protection Officer. You also have the right to complain to the appropriate EU data protection supervisory authority. Please see the section, ‘How to complain’ for further information about how to contact our Data Protection Officer and the appropriate EU data protection supervisory authority.
- Rights related to automated decision making including profiling: Raisin UK does not use automated decision making in the course of its business relationship as referred to in Article 22 of the GDPR. Raisin UK processes your personal data partially automated to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. In order to inform you about products in a targeted manner, we use evaluation tools that enable us to communicate and advertise on demand.
We may collect information about your computer for system administration, including where available your IP address, operating system and browser type. This information is statistical data about our users’ browsing actions and patterns and does not identify any individual.
10. Third-party links
11. Our security technology
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
The pages on which we collect personal data are encrypted with 128 bit and are certified by institutions that are approved for international accredited encryption certification.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
For the Online Banking System of Starling Bank, further security measures have been put in place (e.g., use of PIN/transaction password). Unauthorised access is prevented by a firewall system.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
For more information, please refer to our Security page.
If necessary, we can adjust this privacy information. If this occurs, we will contact you and give you any notices in connection with this Privacy Notice by using the email address you have given us.