- Who we are
- Our principles
- Customer information about data processing in accordance with the GDPR
- Which data is processed by us and what are the sources of data?
- For what purposes and on what legal basis do we process the personal data?
- Who is responsible for data processing and who can you contact?
- IP addresses and Cookies
- What data protection rights do I have?
- Am I required to provide my personal data to Raisin UK?
- Does Raisin UK use automated decision making (including profiling)?
- How can we change this customer information on data protection?
Who we are
Raisin UK is a trading name for the Raisin UK group of companies.
The Raisin UK group of companies are: Raisin Holdings UK Limited (registered number 10951012); Raisin Platforms Limited (registered number: 11075085) and Raisin Technology Limited (registered number 09902685) together constitute the Raisin UK group of companies (‘Raisin UK’). All are registered in England and Wales. The registered office for each is Withers LLP, Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN. Raisin Technology Limited is an appointed representative of Resolution Compliance Limited (FRN: 574048) which is authorised and regulated by the Financial Conduct Authority.
Raisin UK provides information on its website, www.raisin.co.uk (“our website”) about deposits and investment products of selected partner banks. In addition, our customers can access the Online Banking System of our service bank, Starling Bank Limited.
- The protection of your privacy is very important to us
- We treat your data responsibly and only process it for specified purposes
- We are aware of the sensitivity of the data you have entrusted to us
- We do not process any personal data without a legal basis
- We will never pass on your data to third parties unless there is a lawful basis to do so
- We use several well-established measures (such as encryption) to prevent any misuse of your data
- We follow the principle of data minimisation
Customer information about data processing in accordance with the GDPR
All personal data that you submit to us will be held in accordance with our responsibilities in compliance with the EU Data Protection Legislation; defined as, for the periods in which they are in force, the GDPR, all laws giving effect or purporting to give effect to the GDPR (such as the Data Protection Act 2018) or any equivalent legislation amending or replacing the GDPR.
Any information you provide on our website is controlled by Raisin Platforms Limited.
We will collect and process the information provided by you when you do any of the following (not an exhaustive list):
- complete forms on our website including registrations for a customer account and applications for any of our savings products or any other services;
- visit our website including but not limited to traffic data, location data, web logs and other communication data, whether it is required for our own purposes or otherwise, as well as the resources that you access by using our website;
- provide information to help us investigate your report of any problem with our website;
- you request our assistance to help you navigate around our website;
- provide information upon request so we can respond to your correspondence; and,
- provide instructions for any transfer to and from your savings products.
We will also process your personal data where we obtain information from you or third parties such as joint account holders, fraud prevention agencies or other organisations, when you register for an account with us or apply for any of our savings products, or other services which you or they give to us at any time.
1. Which data is processed by us and what are the sources of data?
Personal data is any information that directly or indirectly identifies you and includes your name, address, date of birth, birth place, nationality and marital status and any other information which you provide to us as part of the application process for the purposes of opening and operating your Raisin UK Account and customer portal.
The customer relationship begins with the initiation of a contract and includes the completion of the contract. We also process personal data which is lawfully obtained from publicly available sources.
The principle purpose of collecting personal data from you through this website is to provide information or services specifically requested by you. When you complete our online forms, we ask for your personal details and other selected information so that we can deal with your request as efficiently and effectively as possible.
We will never sell, trade, or rent your personal information to others, however, we may share your personal data with selected third parties in the following instances:
- we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets. In such an event, we will ensure that the prospective seller or buyer treats your information as confidential.
- a third party acquires Raisin Platforms Limited or substantially all of its assets, in which case information held by Raisin Platforms Limited about its customers will be one of the transferred assets. In such an event, we will ensure that the third party treats your information as confidential.
- we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your savings products or to protect the rights, property, or safety of Raisin Platforms Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may disclose your information to any member of our group, which means that we may disclose your information to our ultimate holding company and its subsidiaries.
We partner with the following lists of groups, suppliers and subcontractors in order to provide savings products and to manage your Raisin UK account and customer portal. In some cases, they may process personal data, for example, to provide an identity verification check
- Exceet GmbH
- GB Group
- Group companies and subsidiaries of Raisin GmbH
- Lexis Nexis
- Meteor Asset Management and Meteor Investment Management
- Partner banks which may include: Gatehouse Bank
- Resolution Compliance
- Starling Bank
- Sitel GmbH
2. For what purposes and on what legal basis do we process the personal data?
- Processing is necessary to perform a contract and/or for taking steps to comply with a request made by an individual with a view to entering into a contract (Article 6(1)(b) of the GDPR)
- We process your personal data when you provide us with pre-contractual information at the point of registering with us. This allows us to carry out our obligations to provide services to you under the platform contract and also so we can carry out other relevant required activities. If it is necessary to enable us to perform our contract with you we may share your personal data with our business partners, suppliers and sub-contractors but only with your consent.
- Processing is necessary to comply with our legal obligations as a data controller (Article 6 (1)(c) of the GDPR)
- We may process personal data for the purpose of fulfilling various legal obligations such as carrying out our obligations in respect of the provision of your savings products and the provision of our online services, verification of your identity and making financial risk assessments including anti-money laundering checks and the use of your personal data for crime and fraud prevention purposes.
- You have consented to the processing of your personal data for one or more specific purposes (Article 6(1)(a) of the GDPR)
- Where you provide specific and informed ‘opt-in’ consent we will process your personal data for marketing purposes so you can receive appropriate communications from us. You may withdraw your consent at any time upon notification to us. There is no requirement upon you to communicate withdrawal of consent in any particular form, i.e. you could make the notification by phone, email or by letter.
- Circumstances may arise where we or a third party may need to process your personal data beyond the performance of our contract to protect our legitimate interests or a third party. This processing could include testing and optimisation of requirements analysis and direct customer approach; measures to manage the business, to improve services and to recover customers and advertising or market and opinion research. If you decide to exercise your right to object to direct marketing in accordance with Article 21 of the GDPR you can withdraw your consent at any time by unsubscribing or if you have a Raisin UK account by logging into your Raisin UK customer portal.
- We also process your personal data to ensure content from our website is presented in the most effective manner for you and your device, so we can process your application for savings products and set up your Raisin UK account to use our online services, manage your savings products through your Raisin UK account, provide you with statements and services available through our Raisin UK website, including the service which enables you to manage your savings products online, meet our regulatory compliance and reporting obligations, enforce any of our rights against you and also so we can develop and improve our services to you and notify you about changes to our services.
- We do not disclose information about identifiable individuals to our partners, but we may provide them with aggregate information about our users.
3. Who is responsible for data processing and who can you contact?
Responsible for the data processing is:
Data Protection Officer
64 Bridge Street
Tel: +44 1617102390
If you have a query or complaint about how we process your personal data please contact the Data Protection Officer using the above contact details. We will investigate your concerns and take all reasonable steps to resolve the matter promptly. You also have the right to complain to an EU Data Protection Supervisory Authority. That authority should be located where you live, where we are based, or where you feel the issue you wish to complain about took place.
In the UK, the relevant EU Data Protection Supervisory Authority is the Information Commissioner’s Office (ICO). You can contact the ICO through their website: www.ico.org.uk.
4. What data protection rights do I have?
- Right of information (Article 15 of the GDPR): You can request a copy of the personal information that we hold about you and further information about how we process your personal data. This is known as a 'Data Subject Access Request', and we normally have one month to respond to such a request. You can make a Data Subject Access Request by contacting the Data Protection Officer. A Data Subject Access Request will usually be free of charge. We will ask you to provide forms of identification accepted by Raisin UK so we can verify your identity before we can respond to a Data Subject Access Request.
- Right to rectification (Article 16 of the GDPR): If your information is no longer correct you have the right to request that we rectify it. We take reasonable steps to keep your information accurate, complete and current. Please remember that it is your responsibility to tell us about any updates to your information, you may edit your details at any time by logging into your Raisin UK customer portal.
- Right to erasure (Article 17 of the GDPR): In certain circumstances, you have the right to ask us to delete your personal data, for example; if your personal data is no longer necessary for the purpose(s) it was collected for, or your personal data has been processed unlawfully. There are legitimate reasons that we must retain some of your personal data after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for the establishment, exercise of defence of legal claims. We will notify you of any decision to retain or erase your personal information.
- Right to restrict processing (Article 18 of the GDPR): You can request that we restrict our processing of your personal data in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another individual or legal entity or for important public interest reasons. We will inform you prior to the lifting of any restriction.
- Right to object (Article 21 of the GDPR): You can request that we stop processing your personal data where the purpose(s) is based on a ‘legitimate business interest’ and/or the ‘public interest’. We can continue to process your personal data for the establishment, exercise or defence of legal claims if we are satisfied there are compelling legitimate grounds which override your interests, rights or freedoms.
- Right to data portability (Article 20 of the GDPR): You have the right to request that we provide your personal data to you in a portable format and also upon request to transmit your personal data to another data controller.
- Right to complain: If you believe we are processing your personal data in breach of UK or EU data protection law please get in touch with our Data Protection Officer. You also have the right to complain to the appropriate EU data protection supervisory authority. Please see the section, ‘Who is responsible for data processing and who can you contact?’ for further information about how to contact our Data Protection Officer and the appropriate EU data protection supervisory authority.
5. Am I required to provide my personal data to Raisin UK?
You will need to provide us with your personal data if you want to enter into a customer relationship with Raisin UK. This will also assist us to be able to comply with our legal obligations. If you decide not to provide us with the requested personal data we may not be in a position to enter into or execute any contract with you.
6. Does Raisin UK use automated decision making (including profiling)?
Raisin UK does not use automated decision making in the course of its business relationship as referred to in Article 22 of the GDPR. Raisin UK processes your personal data partially automated to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. In order to inform you about products in a targeted manner, we use evaluation tools that enable us to communicate and advertise on demand.
7. Changes to customer information on data protection
If necessary, we can adjust this data protection information. You can find the latest version of this information at any time on our internet platform.
Email service providers
Information about our website
Statistics and tracking services
Below you will find an explanation of the statistics and tracking services used on this website. All these services use so-called "cookies", text files which are stored on your computer and which allow an analysis of the use of the website by you.
IP addresses and Cookies
Bing Universal Event Tracking
The Web site uses Bing Universal event tracking (a service from Microsoft Inc., one Microsoft Way, Redmond, WA 98052-6399, USA). This service allows us to track the activities of the users of our website, if they have been forwarded to our website via a display of Bing ads. In this case, a cookie is stored on your computer. On our website is a so-called Bing Universal event tracking tag is set. This is a code that, in conjunction with the cookie stored on your computer, stores anonymised data (such as the event type and event category) about your use of the site. This data is transferred to a Microsoft Inc. server in the United States and is stored there for a maximum of 180 days. By using our website, you consent to the processing of the data collected about you by Microsoft in the manner and for the purpose described above. You may oppose participation in the tracking at any time with effect for the future under this link.
This website uses the web analytics service Crazy Egg of Crazy Egg Inc. (‘Crazy Egg’) to collect statistical data about the usage of our website. With the help of Crazy Egg’s technology, visitor information is collected and sent to Crazy Egg’s server. With the help of cookies, the technology enables us to determine, analyse and visualise the activities of users when visiting our website. However, in this process, no personal data, such as names, addresses or telephone numbers, is saved by Crazy Egg, and the information collected is not forwarded to third parties. By using this website you agree to the processing of data about you by Crazy Egg in the manner described above and for the above-stated purposes. You can opt out of the collection and storage of data by Crazy Egg at any time by adjusting your browser settings. For guidance on how to do this, click on this link.
This website uses the so-called Facebook pixel of the social network Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA). When you visit our website, the Facebook pixel is used to establish a direct connection between your browser and the Facebook server. This will give Facebook the information that you have visited this page with your IP address. This allows Facebook to associate the visit to our pages with your user account. The information obtained in this way can be used for the display of Facebook ads or for tracking functions. For more information, see the Facebook privacy statement. By using our website, you consent to the processing of the data collected about you by Facebook in the manner described above and for the aforementioned purpose. If you do not wish to collect data, you can disable it here.
AdWords Remarketing is a remarketing and behavioural targeting service from Google Inc. that links the activity that takes place on our website to the AdWords Network and the DoubleClick cookie to display interest-based recommendations. Cookies and usage data are collected. By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. If you do not wish to receive interest-based recommendations, please disable the saving of cookies in the appropriate setting of your browser.
LinkedIn website retargeting
LinkedIn website retargeting is a remarketing and behavioural targeting service from LinkedIn Corporation that connects the activity on our website to the LinkedIn network to display interest-based recommendations. To do this, this website uses the so-called LinkedIn insight tag. This tag deposits a cookie in the web browser of visitors to our website. We also receive aggregated and anonymous reports from LinkedIn about ad activity and information about how you interact with our website. The LinkedIn insight tag allows you to collect meta data such as IP address, timestamp, and events (such as visited page). All data is encrypted. The LinkedIn browser cookie is stored in your browser until the cookie is deleted or expires (the cookie has a six-month validity period from the time the user's browser last loaded the Insight tag). By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. You can opt out of the analysis of your usage behaviour through LinkedIn and the display of interest-based recommendations. To do this, click the "Decline on LinkedIn" checkbox (for LinkedIn members) or "Decline" (for other users) at this link.
Our website uses the analysis service Snowplow of Snowplow Analytics Ltd, London, EC2A 4RQ, United Kingdom). Snowplow collects information about the use of our website by using a tracking pixel and cookies. Data collection and processing is carried out at any time without reference to persons. In particular, no full IP addresses are stored. By using our website, you agree to the processing of the data collected about you by Snowplow in the manner and for the purpose described above.
Intermediary Partners (affiliates, publisher)
When accessing our website through certain intermediary partners with whom we cooperate, cookies are set by these intermediary partners. The cookies remain stored beyond your current visit to our website. However, no personal data are collected, but only anonymous identification numbers for the purpose of assigning the reference to the respective intermediating partner.
Our Security Technology
The pages on which we collect personal data are encrypted with 128 bit and are certified by institutions that are approved for international accredited encryption certification.
For the Online Banking System of Starling Bank, further security measures have been put in place (e.g., use of PIN/transaction password). Unauthorised access is prevented by a firewall system.
For more information, please refer to our Security page.