Privacy policy

Topics:

  1. Who we are
  2. Introduction
  3. Contact us
  4. Our principles
  5. Customer information about data processing in accordance with UK GDPR
  6. Which data is processed by us and the sources of data
  7. For what purposes and on what legal basis do we process the personal data?
  8. How to complain
  9. Your legal rights
  10. How we use cookies and tracking technology
  11. International transfers
  12. Our security technology
  13. Data retention
  14. Changes to Privacy Policy and your duty to inform us of changes

1. Who we are

Raisin UK is a trading name for the Raisin UK group of companies.

The Raisin UK group of companies are: Raisin Holdings UK Ltd (registered number 10951012); Raisin Platforms Limited (registered number: 11075085) and Raisin Technology Limited (registered number 09902685). Together, they constitute the Raisin UK group of companies (‘Raisin UK’). All are registered in England and Wales. The registered office for each is Cobden House, 12-16 Mosley Street, Manchester, England M2 3AQ. Raisin Platforms Limited is authorised and regulated by the Financial Conduct Authority (FRN: 813894).

Raisin Platforms Limited is the entity through which Raisin UK’s platform services operate. Raisin Platforms Limited is both a data controller and data processor for the purposes specified in this Privacy Notice. Raisin Platforms Limited is also registered as a data controller with the Information Commissioner’s Office under reference: ZA299777.

Any information you provide on our website/app is controlled by Raisin Platforms Limited.

2. Introduction

Raisin UK provides information on its website, www.raisin.co.uk (“our website”) and via our app about deposits and investment products of selected partner banks. In addition, our customers can access the Online Banking System of our service bank.

This Privacy Notice explains how we handle the data we learn about you when you visit our website/app and your rights in relation to how we process this data.

This website/app may include links to third-party websites, plugins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website/app, we encourage you to read the privacy policy of each website that you visit. This Privacy Notice only applies to Raisin UK and our website/app and does not extend to other third-party websites accessed from this website/app.

When you visit our website/app you trust us with your information. By helping you understand our privacy practices, we want to show that we are committed to keeping that trust. This Privacy Notice (together with our Raisin UK Terms & Conditions and any other documents referred to in it), describes how we collect and use your personal data in accordance with the Data Protection Legislation which is defined below.

It is important that you read this Privacy Notice in conjunction with any privacy notice which we may provide on specific occasions so that you are aware of how we are collecting and processing information about you and why we are using such information.

3. Contact us

If you have any questions about this privacy policy or our privacy practices, please contact our Data Protection Officer in the following ways:

Email: dpo@raisin.co.uk

Post: Data Protection Officer

Raisin UK

Cobden House

12-16 Mosley Street

Manchester

M2 3AQ

Phone: 0161 388 2399

4. Our principles

●  The protection of your privacy is very important to us

●  We treat your data responsibly and only process it for specified purposes

●  We are aware of the sensitivity of the data you have entrusted to us

●  We do not process any personal data without a legal basis

●  We will never pass on your data to third parties unless there is a lawful basis to do so

●  We use several well-established measures (such as encryption) to prevent any misuse of your data

●  We follow the principle of data minimisation

5. Customer information about data processing in accordance with the UK GDPR

All personal data that you submit to us will be held in accordance with our responsibilities in compliance with the Data Protection Legislation; defined as, for the periods in which they are in force, the  UK General Data Protection Regulation and all laws giving effect or purporting to give effect to the UK GDPR (such as the Data Protection Act 2018) or any equivalent legislation amending or replacing the UK GDPR.

We will collect and process the information provided by you when you do any of the following (not an exhaustive list):

  • complete forms on our website/app including registrations for a customer account and applications for any of our savings products or any other services;
  • visit our website/app including but not limited to traffic data, location data, web logs and other communication data, whether it is required for our own purposes or otherwise, as well as the resources that you access by using our website/app;
  • provide information to help us investigate your report of any problem with our website/app;
  • you request our assistance to help you navigate around our website/app;
  • provide information upon request so we can respond to your correspondence; and,
  • provide instructions for any transfer to and from your savings products.

We will also process your personal data where we obtain information from you or third parties such as fraud prevention agencies or other organisations, when you register for an account with us or transfer funds into an account held with us, or apply for any of our savings products, or other services which you or they give to us at any time.

6. Which data is processed by us and the sources of data

Personal data is any information that directly or indirectly identifies you and includes your name, address, date of birth, birth place, nationality and marital status and any other information which you provide to us as part of the application process for the purposes of opening and operating your Raisin UK account.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity data - includes name, username, similar identifier, marital status, title, date of birth and gender;
  • Contact data - includes address, email address and telephone numbers;
  • Financial data - includes bank account information;
  • Transaction data - includes details about payments to and from you and details of other products and services that you have entered into via the website/app;
  • Technical data - includes IP address, login data, browser type and version, time zone setting and location, browser plug in types and versions, operating system and platform, and other technology on the devices you use to access the website/app;
  • Profile data - includes your username and password, preferences, products and feedback and survey responses;
  • Usage data - includes information about how you use our website/app, products and services; and
  • Marketing and Communications data - includes your preferences in receiving marketing from us and any third parties and your communication preferences.

We also collect, use and share Aggregated data such as statistical or demographic data for any purpose. This could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

The customer relationship begins with the initiation of a contract and includes the completion of the contract. You will need to provide us with your personal data if you want to enter into a customer relationship with Raisin UK. We also process personal data which is lawfully obtained from publicly available sources.

The principal purpose of collecting personal data from you through our website/app is to provide information or services specifically requested by you and so we can comply with our legal obligations. When you complete our online forms, we ask for your personal details and other selected information so that we can deal with your request as efficiently and effectively as possible. If you decide not to provide us with the personal data that we request from you then we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We will never sell, trade, or rent your personal data to others, however, we may share your personal data with selected third parties in the following instances:

  • we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets. In such an event, we will ensure that the prospective seller or buyer treats your information as confidential.
  • a third party acquires Raisin Platforms Limited or substantially all of its assets, in which case information held by Raisin Platforms Limited about its customers will be one of the transferred assets. In such an event, we will ensure that the third party treats your information as confidential.
  • we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your savings products or to protect the rights, property, or safety of Raisin Platforms Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • we change our service bank and as part of any service bank migration we may disclose your information to a replacement service bank provider.
  • we change our deposit administration services provider and as part of any deposit administration services migration we may disclose your information to a replacement deposit administration services provider.

We may disclose your information to any member of our group, which means that we may disclose your information to our ultimate holding company and its subsidiaries.

We partner with a number of groups, suppliers and subcontractors in order to provide savings products and to manage your Raisin UK Account and we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation. In some cases, they may process personal data, for example, to provide an identity verification check.

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

In particular, we use the services of TransUnion to conduct various searches and checks on our customers and your data will, during the course of our relationship with you, be shared with or obtained from TransUnion. Please refer to their privacy notice which can be found here https://www.transunion.co.uk/legal-information/bureau-privacy-notice. More information about TransUnion’s activities are available at that location.

Categories

●  Group companies and subsidiaries of Raisin GmbH

●  Partner banks

●  Distribution Partners

●  Credit reference agencies

●  Service bank providers

●  Deposit administrators

●  Regulators and compliance software providers

●  Customer service providers

●  Information technology, communications and cloud computing providers

7. For what purposes and on what legal basis do we process the personal data?

  1. To register you as a new customer - processing is necessary to perform a contract we have entered with you and/or for taking steps to comply with a request made by an individual with a view to entering into a contract (Article 6(1)(b) of the UK GDPR) Type of data: Identity, Contact. Lawful basis: performance of a contract with you.
  2. To process and deliver a service - we process your personal data when you provide us with pre-contractual information at the point of registering with us. This allows us to carry out our obligations to provide services to you under the platform contract and also so we can carry out other relevant required activities. If it is necessary to enable us to perform our contract with you we may share your personal data with our business partners, suppliers and sub-contractors but only with your consent. Type of data: Identity, Contact. Lawful basis: performance of a contract with you.
  3. To manage our relationship with you - we may process personal data for the purpose of fulfilling various legal obligations such as carrying out our obligations in respect of the provision of your savings products and the provision of our online services along with verification of your identity including anti-money laundering checks and the use of your personal data for crime and fraud prevention purposes. Type of data: Identity, Contact, Financial, Transaction, Marketing & Communications.  Lawful basis: performance of a contract with you; necessary to comply with a legal obligation;  necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).
  4. Where you have consented to the processing of your personal data for one or more specific purposes (Article 6(1)(a) of the UK GDPR).
  5. To enable you to partake in a prize draw, competition or to complete a survey or to send you postal communications where we believe that the relevant campaign or marketing activity is of legitimate interest to you - Type of data Identity, Contact, Profile, Usage, Marketing & Communications. Lawful basis: Performance of a contract with you; Necessary for our legitimate interests (to study how customers use our products/services, to develop them to grow our business).  In addition where you provide specific and informed ‘opt-in’ consent we will process your personal data for some marketing purposes so you can receive appropriate email communications from us. You may withdraw your consent at any time upon notification to us. There is no requirement upon you to communicate withdrawal of consent in any particular form, i.e. you could make the notification by phone, email or by letter. Where you opt out of receiving marketing communications this will not apply to personal data provided to us as a result of a product or service.
  6. To deliver relevant website/app content and advertisements to you and measure or understand the effectiveness of advertising and to administer and provide our service to you - circumstances may arise where we or a third party may need to process your personal data beyond the performance of our contract. This processing could include testing and optimisation of requirements analysis and direct customer approach; measures to manage the business, to improve services (by way of example, but not limited to the migration of service bank or deposit administration provider) and to recover customers and advertising or market and opinion research. If you decide to exercise your right to object to direct marketing in accordance with Article 21 of the UK GDPR you can withdraw your consent at any time by unsubscribing. Types of data: Identity, Contact, Profile, Usage, Marketing & Communications, Technical. Lawful basis: Necessary for our legitimate interests to define types of customers, to keep our website/app updated and relevant, to develop and build our business and to inform our marketing strategy.
  7. To use data analytics to improve our website/app, products/services, marketing, customer relationships and experiences - we may process your personal data to ensure content from our website/app is presented in the most effective manner for you and your device, so we can process your application for savings products and set up your Raisin UK Account to use our online services, manage your savings products through your Raisin UK Account, provide you with statements and services available through our Raisin UK website/app, including the service which enables you to manage your savings products online, meet our regulatory and reporting obligations, enforce any of our rights against you and also so we can develop and improve our services to you and notify you about changes to our services. Type of data: Technical, Usage. Lawful basis: Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website/app updated and relevant, to develop our business to inform our marketing strategy).
  8. Where you provide it to us, we may also process sensitive or special category data in relation to you. We treat this information securely and process it lawfully under the UK GDPR and DPA 2018.

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

8. How to complain

In the UK, the relevant Data Protection Supervisory Authority is the Information Commissioner’s Office (ICO). You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You can contact the ICO through their website: www.ico.org.uk.

If you have a query or complaint about how we process your personal data please contact the Data Protection Officer using the below contact details. We will investigate your concerns and take all reasonable steps to resolve the matter promptly.

Responsible for the data processing is:

Data Protection Officer

Raisin UK

Cobden House

12-16 Mosley Street

Manchester

M2 3AQ

Tel: 0161 388 2399

Email: dpo@raisin.co.uk

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of the below rights please contact our Data Protection Officer.

  1. Right of information: You can request a copy of the personal data that we hold about you and further information about how we process your personal data. This is known as a ‘Data Subject Access Request’, and we normally have one month to respond to such a request. You can make a Data Subject Access Request by contacting the Data Protection Officer. A Data Subject Access Request will usually be free of charge. We will ask you to provide forms of identification accepted by Raisin UK so we can verify your identity before we can respond to a Data Subject Access Request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
  2. Right to rectification: If your information is no longer correct you have the right to request that we rectify it. We take reasonable steps to keep your information accurate, complete and current. Please remember that it is your responsibility to tell us about any updates to your information. We may need to verify the accuracy of the new data that you provide to us. You may also edit your details at any time by logging into your Raisin UK Account or by contacting our Customer Services team.
  3. Right to erasure: In certain circumstances, you have the right to ask us to delete your personal data, for example; if your personal data is no longer necessary for the purpose(s) it was collected for, or your personal data has been processed unlawfully. There are legitimate reasons that we must retain some of your personal data after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for the establishment, exercise of defence of legal claims. We will notify you of any decision to retain or erase your personal data.
  4. Right to restrict processing: You can request that we restrict our processing of your personal data in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another individual or legal entity or for important public interest reasons. We will inform you prior to the lifting of any restriction.
  5. Right to object: You can request that we stop processing your personal data where the purpose(s) is based on a ‘legitimate business interest’ and/or the ‘public interest’. We can continue to process your personal data for the establishment, exercise or defence of legal claims if we are satisfied there are compelling legitimate grounds which override your interests, rights or freedoms.
  6. Right to data portability: You have the right to request that we provide your personal data to you in a portable format and also upon request to transmit your personal data to another data controller. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Right to complain: If you believe we are processing your personal data in breach of UK data protection law please get in touch with our Data Protection Officer.
  8. Rights related to automated decision making including profiling: Raisin UK does not use automated decision making in the course of its business relationship.

How we use cookies and tracking technology

When you visit our website/app, use our services or access our website/app through certain intermediary partners (e.g. affiliates, publishers, distributors) we and our partners may use cookies and other tracking technologies (collectively, “Cookies”) to recognise you, collect statistics, customise your online experiences, provide other online content and advertising, in order to measure the effectiveness of promotions and perform analytics.

We may collect information about your computer for system administration, including where available your IP address, operating system and browser type. This information is statistical data about our users’ browsing actions and patterns and does not identify any individual.

You can set your browser to refuse all or some browser Cookies or to alert you when websites set or access Cookies. If you disable or refuse Cookies, please note that some parts of websites may become inaccessible or not function properly.

For more information on how we use cookies, please visit our Cookie policy page. For more information on how cookies work, visit aboutcookies.org.

11. International Transfers

We share your personal data within the Raisin Group. This will involve transferring your data outside of the UK. Many of our external third parties are based outside of the UK and so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data;
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection as it has in the UK.
  • Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

12. Our security technology

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

The pages on which we collect personal data are encrypted using a 128 bit key and are certified by institutions that are approved for international accredited encryption certification.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and subject to annual data protection training.

For the Online Banking System of our platform, further security measures have been put in place (e.g., use of PIN/transaction password). Unauthorised access is prevented by a firewall system.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

For more information, please contact our Data Protection Officer.

13. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

We are required to keep basic information about our customers (including Contact, Identity, Financial and Transaction data) for at least 5 years after they cease being customers. In some circumstances, you can ask us to delete your data: see your legal rights above for further information.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research and statistical purposes in which case we may use this information indefinitely without further notice to you.

14. Changes to Privacy Policy and your duty to inform us of changes

We keep our Privacy Policy under review and, if necessary, we will adjust this privacy information. If this occurs, we will contact you and give you any notices in connection with this Privacy Notice by using the email address you have given us.

It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.