Privacy Policy

Topics:

  • Who we are
  • General
  • Our principles
  • Customer information about data processing in accordance with the GDPR
  • Which data is processed by us and what are the sources of data?
  • For what purposes and on what legal basis do we process the personal data?
  • Who is responsible for data processing and who can you contact?
  • IP addresses and Cookies
  • What data protection rights do I have?
  • Am I required to provide my personal data to Raisin UK?
  • Does Raisin UK use automated decision making (including profiling)?
  • How can we change this customer information on data protection?

Who we are

Raisin UK is a trading name for the Raisin UK group of companies.

The Raisin UK group of companies are: Raisin Holdings UK Limited (registered number 10951012); Raisin Platforms Limited (registered number: 11075085) and Raisin Technology Limited (registered number 09902685) together constitute the Raisin UK group of companies (‘Raisin UK’). All are registered in England and Wales. The registered office for each is Withers LLP, Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN. Raisin Technology Limited is an appointed representative of Resolution Compliance Limited (FRN: 574048) which is authorised and regulated by the Financial Conduct Authority.

General

Raisin UK provides information on its website, www.raisin.co.uk (“our website”) about deposits and investment products of selected partner banks. In addition, our customers can access the Online Banking System of our service bank, Starling Bank Limited.

This Privacy Policy explains how we handle the information we learn about you when you visit our website and your rights in relation to how we process this information.

This Privacy Policy only applies to Raisin UK and our website and does not extend to other third-party websites accessed from this website. If you follow a link to a third-party website, please be aware that they will have their own privacy notices and that we do not accept any responsibility or liability for third-party privacy notices. Please check all applicable third-party privacy notices before agreeing to share your personal data.

When you visit our website you trust us with your information. By helping you understand our privacy practices, we want to show that we are committed to keeping that trust. This Privacy Policy (together with our Raisin UK Terms & Conditions and any other documents referred to in it), describes how we collect and use personal information about you in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/670), (‘GDPR’).

It is important that you read this Privacy Policy in conjunction with any privacy notice which we may provide on specific occasions so that you are aware of how we are collecting and processing information about you and why we are using such information.

Our principles

  • The protection of your privacy is very important to us
  • We treat your data responsibly and only process it for specified purposes
  • We are aware of the sensitivity of the data you have entrusted to us
  • We do not process any personal data without a legal basis
  • We will never pass on your data to third parties unless there is a lawful basis to do so
  • We use several well-established measures (such as encryption) to prevent any misuse of your data
  • We follow the principle of data minimisation

Customer information about data processing in accordance with the GDPR

All personal data that you submit to us will be held in accordance with our responsibilities in compliance with the EU Data Protection Legislation; defined as, for the periods in which they are in force, the GDPR, all laws giving effect or purporting to give effect to the GDPR (such as the Data Protection Act 2018) or any equivalent legislation amending or replacing the GDPR.

Raisin Platforms Limited is the entity through which Raisin UK’s platform services operate. Raisin Platforms Limited is both a data controller and data processor for the purposes specified in this Privacy Policy. Raisin Platforms Limited is also registered as a data controller with the Information Commissioner’s Office under reference: ZA299777.

Any information you provide on our website is controlled by Raisin Platforms Limited.

We will collect and process the information provided by you when you do any of the following (not an exhaustive list):

  • complete forms on our website including registrations for a customer account and applications for any of our savings products or any other services;
  • visit our website including but not limited to traffic data, location data, web logs and other communication data, whether it is required for our own purposes or otherwise, as well as the resources that you access by using our website;
  • provide information to help us investigate your report of any problem with our website;
  • you request our assistance to help you navigate around our website;
  • provide information upon request so we can respond to your correspondence; and,
  • provide instructions for any transfer to and from your savings products.

We will also process your personal data where we obtain information from you or third parties such as joint account holders, fraud prevention agencies or other organisations, when you register for an account with us or apply for any of our savings products, or other services which you or they give to us at any time.

1. Which data is processed by us and what are the sources of data?

Personal data is any information that directly or indirectly identifies you and includes your name, address, date of birth, birth place, nationality and marital status and any other information which you provide to us as part of the application process for the purposes of opening and operating your Raisin UK Account and customer portal.

The customer relationship begins with the initiation of a contract and includes the completion of the contract. We also process personal data which is lawfully obtained from publicly available sources.

The principle purpose of collecting personal data from you through this website is to provide information or services specifically requested by you. When you complete our online forms, we ask for your personal details and other selected information so that we can deal with your request as efficiently and effectively as possible.

We will never sell, trade, or rent your personal information to others, however, we may share your personal data with selected third parties in the following instances:

  • we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets. In such an event, we will ensure that the prospective seller or buyer treats your information as confidential.
  • a third party acquires Raisin Platforms Limited or substantially all of its assets, in which case information held by Raisin Platforms Limited about its customers will be one of the transferred assets. In such an event, we will ensure that the third party treats your information as confidential.
  • we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your savings products or to protect the rights, property, or safety of Raisin Platforms Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may disclose your information to any member of our group, which means that we may disclose your information to our ultimate holding company and its subsidiaries.

We partner with the following lists of groups, suppliers and subcontractors in order to provide savings products and to manage your Raisin UK account and customer portal. In some cases, they may process personal data, for example, to provide an identity verification check

  • Exceet GmbH
  • Experian
  • GB Group
  • Group companies and subsidiaries of Raisin GmbH
  • IOMart
  • Lexis Nexis
  • Meteor Asset Management and Meteor Investment Management
  • Partner banks which may include: Gatehouse Bank
  • Resolution Compliance
  • Starling Bank
  • Sitel GmbH
  • Twilio

2. For what purposes and on what legal basis do we process the personal data?

  1. Processing is necessary to perform a contract and/or for taking steps to comply with a request made by an individual with a view to entering into a contract (Article 6(1)(b) of the GDPR)
  2. We process your personal data when you provide us with pre-contractual information at the point of registering with us. This allows us to carry out our obligations to provide services to you under the platform contract and also so we can carry out other relevant required activities. If it is necessary to enable us to perform our contract with you we may share your personal data with our business partners, suppliers and sub-contractors but only with your consent.
  3. Processing is necessary to comply with our legal obligations as a data controller (Article 6 (1)(c) of the GDPR)
  4. We may process personal data for the purpose of fulfilling various legal obligations such as carrying out our obligations in respect of the provision of your savings products and the provision of our online services, verification of your identity and making financial risk assessments including anti-money laundering checks and the use of your personal data for crime and fraud prevention purposes.
  5. You have consented to the processing of your personal data for one or more specific purposes (Article 6(1)(a) of the GDPR)
  6. Where you provide specific and informed ‘opt-in’ consent we will process your personal data for marketing purposes so you can receive appropriate communications from us. You may withdraw your consent at any time upon notification to us. There is no requirement upon you to communicate withdrawal of consent in any particular form, i.e. you could make the notification by phone, email or by letter.
  7. Circumstances may arise where we or a third party may need to process your personal data beyond the performance of our contract to protect our legitimate interests or a third party. This processing could include testing and optimisation of requirements analysis and direct customer approach; measures to manage the business, to improve services and to recover customers and advertising or market and opinion research. If you decide to exercise your right to object to direct marketing in accordance with Article 21 of the GDPR you can withdraw your consent at any time by unsubscribing or if you have a Raisin UK account by logging into your Raisin UK customer portal.
  8. We also process your personal data to ensure content from our website is presented in the most effective manner for you and your device, so we can process your application for savings products and set up your Raisin UK account to use our online services, manage your savings products through your Raisin UK account, provide you with statements and services available through our Raisin UK website, including the service which enables you to manage your savings products online, meet our regulatory compliance and reporting obligations, enforce any of our rights against you and also so we can develop and improve our services to you and notify you about changes to our services.
  9. We do not disclose information about identifiable individuals to our partners, but we may provide them with aggregate information about our users.

3. Who is responsible for data processing and who can you contact?

Responsible for the data processing is:

Data Protection Officer
Raisin UK
64 Bridge Street
Manchester
M3 3BN

Tel: +44 1617102390
Email: dpo@raisin.co.uk

If you have a query or complaint about how we process your personal data please contact the Data Protection Officer using the above contact details. We will investigate your concerns and take all reasonable steps to resolve the matter promptly. You also have the right to complain to an EU Data Protection Supervisory Authority. That authority should be located where you live, where we are based, or where you feel the issue you wish to complain about took place.

In the UK, the relevant EU Data Protection Supervisory Authority is the Information Commissioner’s Office (ICO). You can contact the ICO through their website: www.ico.org.uk.

4. What data protection rights do I have?

  1. Right of information (Article 15 of the GDPR): You can request a copy of the personal information that we hold about you and further information about how we process your personal data. This is known as a 'Data Subject Access Request', and we normally have one month to respond to such a request. You can make a Data Subject Access Request by contacting the Data Protection Officer. A Data Subject Access Request will usually be free of charge. We will ask you to provide forms of identification accepted by Raisin UK so we can verify your identity before we can respond to a Data Subject Access Request.
  2. Right to rectification (Article 16 of the GDPR): If your information is no longer correct you have the right to request that we rectify it. We take reasonable steps to keep your information accurate, complete and current. Please remember that it is your responsibility to tell us about any updates to your information, you may edit your details at any time by logging into your Raisin UK customer portal.
  3. Right to erasure (Article 17 of the GDPR): In certain circumstances, you have the right to ask us to delete your personal data, for example; if your personal data is no longer necessary for the purpose(s) it was collected for, or your personal data has been processed unlawfully. There are legitimate reasons that we must retain some of your personal data after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for the establishment, exercise of defence of legal claims. We will notify you of any decision to retain or erase your personal information.
  4. Right to restrict processing (Article 18 of the GDPR): You can request that we restrict our processing of your personal data in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another individual or legal entity or for important public interest reasons. We will inform you prior to the lifting of any restriction.
  5. Right to object (Article 21 of the GDPR): You can request that we stop processing your personal data where the purpose(s) is based on a ‘legitimate business interest’ and/or the ‘public interest’. We can continue to process your personal data for the establishment, exercise or defence of legal claims if we are satisfied there are compelling legitimate grounds which override your interests, rights or freedoms.
  6. Right to data portability (Article 20 of the GDPR): You have the right to request that we provide your personal data to you in a portable format and also upon request to transmit your personal data to another data controller.
  7. Right to complain: If you believe we are processing your personal data in breach of UK or EU data protection law please get in touch with our Data Protection Officer. You also have the right to complain to the appropriate EU data protection supervisory authority. Please see the section, ‘Who is responsible for data processing and who can you contact?’ for further information about how to contact our Data Protection Officer and the appropriate EU data protection supervisory authority.

5. Am I required to provide my personal data to Raisin UK?

You will need to provide us with your personal data if you want to enter into a customer relationship with Raisin UK. This will also assist us to be able to comply with our legal obligations. If you decide not to provide us with the requested personal data we may not be in a position to enter into or execute any contract with you.

6. Does Raisin UK use automated decision making (including profiling)?

Raisin UK does not use automated decision making in the course of its business relationship as referred to in Article 22 of the GDPR. Raisin UK processes your personal data partially automated to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. In order to inform you about products in a targeted manner, we use evaluation tools that enable us to communicate and advertise on demand.

7. Changes to customer information on data protection

If necessary, we can adjust this data protection information. You can find the latest version of this information at any time on our internet platform.

Email service providers

MailChimp
The dispatch of our newsletters and event-related emails is carried out by means of MailChimp, a mail delivery platform of the US company Rocket Science Group, LLC, 675 Ponce de Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our mail recipients are stored on the servers of MailChimp in the USA. MailChimp uses this information for sending and evaluating mails on our behalf. Furthermore, MailChimp can use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and the presentation of the mails or for economic purposes. However, MailChimp does not use the data of our mail recipients to write them or to pass them on to third parties. MailChimp is certified under the US-EU data protection Agreement "Privacy Shield" and undertakes to comply with EU data protection regulations. You can view the privacy policy of MailChimp here.

SendGrid
The despatch of our transactional emails is carried out by SendGrid, a US mail delivery platform (500 1801 California St 80202, USA). The e-mail addresses of our mail recipients are stored on the servers of SendGrid in the USA. SendGrid uses this information for sending and evaluating mails on our behalf. Furthermore, SendGrid can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the mails or for economic purposes. However, SendGrid does not use the data of our mail recipients to write them or to pass them on to third parties. SendGrid is certified under the US-EU data protection Agreement "Privacy Shield" and undertakes to comply with EU data protection regulations. You can view the privacy policy of SendGrid here.

Information about our website

External Links
Links to external webpages are provided on our website for informational purposes only. If it is not obviously recognisable, we will explicitly point out when such links are to external websites. Raisin UK is not responsible for the contents and the design of third-party websites and cannot attest to their correctness, factuality or legality. Our privacy policy does not apply to those websites.

Statistics and tracking services
Below you will find an explanation of the statistics and tracking services used on this website. All these services use so-called "cookies", text files which are stored on your computer and which allow an analysis of the use of the website by you.

IP addresses and Cookies
We may collect information about your computer for system administration, including where available your IP address, operating system and browser type. This information is statistical data about our users' browsing actions and patterns and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a Cookie file. Cookies are very small text files that are stored on your device/computer when you visit some websites. For more information on how cookies work, please visit our Cookie policy page or aboutcookies.org.

Bing Universal Event Tracking
The Web site uses Bing Universal event tracking (a service from Microsoft Inc., one Microsoft Way, Redmond, WA 98052-6399, USA). This service allows us to track the activities of the users of our website, if they have been forwarded to our website via a display of Bing ads. In this case, a cookie is stored on your computer. On our website is a so-called Bing Universal event tracking tag is set. This is a code that, in conjunction with the cookie stored on your computer, stores anonymised data (such as the event type and event category) about your use of the site. This data is transferred to a Microsoft Inc. server in the United States and is stored there for a maximum of 180 days. By using our website, you consent to the processing of the data collected about you by Microsoft in the manner and for the purpose described above. You may oppose participation in the tracking at any time with effect for the future under this link.

Crazy Egg
This website uses the web analytics service Crazy Egg of Crazy Egg Inc. (‘Crazy Egg’) to collect statistical data about the usage of our website. With the help of Crazy Egg’s technology, visitor information is collected and sent to Crazy Egg’s server. With the help of cookies, the technology enables us to determine, analyse and visualise the activities of users when visiting our website. However, in this process, no personal data, such as names, addresses or telephone numbers, is saved by Crazy Egg, and the information collected is not forwarded to third parties. By using this website you agree to the processing of data about you by Crazy Egg in the manner described above and for the above-stated purposes. You can opt out of the collection and storage of data by Crazy Egg at any time by adjusting your browser settings. For guidance on how to do this, click on this link.

Facebook Remarketing
This website uses the so-called Facebook pixel of the social network Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA). When you visit our website, the Facebook pixel is used to establish a direct connection between your browser and the Facebook server. This will give Facebook the information that you have visited this page with your IP address. This allows Facebook to associate the visit to our pages with your user account. The information obtained in this way can be used for the display of Facebook ads or for tracking functions. For more information, see the Facebook privacy statement. By using our website, you consent to the processing of the data collected about you by Facebook in the manner described above and for the aforementioned purpose. If you do not wish to collect data, you can disable it here.

Google Analytics
This website uses Google Analytics. This is a web analytics service which is provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, text files placed on your computer, to help analyse how customers use this site. Information generated by the cookie about your use of the website (including IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where third parties process the information on Google’s behalf. Google will not associate your IP address with any other data that is held by Google. You may at any time refuse the use of cookies by selecting the appropriate settings in your browser. Please note that if you do this you may not be able to use the full functionality of the website. By using this website, you consent to the processing of your personal data by Google in the manner and for the purposes set out above. You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here. You can also opt out from Google Analytics tracking on this website by clicking on this link.

Google remarketing
AdWords Remarketing is a remarketing and behavioural targeting service from Google Inc. that links the activity that takes place on our website to the AdWords Network and the DoubleClick cookie to display interest-based recommendations. Cookies and usage data are collected. By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. If you do not wish to receive interest-based recommendations, please disable the saving of cookies in the appropriate setting of your browser.

Hotjar
In order to improve the user experience on our website, we use the software Hotjar (hotjar.com, 3 Lyons range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). By using Hotjar we can measure and evaluate the user behaviour (mouse movements, clicks, scrolling, etc) on our internet pages. In order to collect data, Hotjar uses cookies on users' devices and can store data from users such as browser information, operating system, time on the site, etc. More information about data processing by Hotjar can be found here.

Inspectlet
In order to improve the user experience on our website, we use the software Inspectlet (https://www.inspectlet.com). By using Inspectlet we can view user behaviour (mouse movements, clicks, scrolling, etc) on our internet pages. In order to collect data, Inspectlet uses cookies on users' devices and can store data from users such as browser information, operating system, time on the site, etc. More information about data processing by Inspectlet can be found here.

Intercom
For a direct interaction with the visitors of our internet site via chat we use a communication tool of the provider Intercom R&D, Stephens Court, 18-21 Saint Stephens Green, Dublin 2, Ireland. When using the chat function on our internet site, no automatic recording or transmission of personal data of the visitor to intercom is carried out. If the visitor leaves his e-mail address, it will be stored by intercom and may be used in accordance with the privacy policy of Intercom. The privacy policy of intercom can be viewed here.

LinkedIn website retargeting
LinkedIn website retargeting is a remarketing and behavioural targeting service from LinkedIn Corporation that connects the activity on our website to the LinkedIn network to display interest-based recommendations. To do this, this website uses the so-called LinkedIn insight tag. This tag deposits a cookie in the web browser of visitors to our website. We also receive aggregated and anonymous reports from LinkedIn about ad activity and information about how you interact with our website. The LinkedIn insight tag allows you to collect meta data such as IP address, timestamp, and events (such as visited page). All data is encrypted. The LinkedIn browser cookie is stored in your browser until the cookie is deleted or expires (the cookie has a six-month validity period from the time the user's browser last loaded the Insight tag). By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. You can opt out of the analysis of your usage behaviour through LinkedIn and the display of interest-based recommendations. To do this, click the "Decline on LinkedIn" checkbox (for LinkedIn members) or "Decline" (for other users) at this link.

Snowplow
Our website uses the analysis service Snowplow of Snowplow Analytics Ltd, London, EC2A 4RQ, United Kingdom). Snowplow collects information about the use of our website by using a tracking pixel and cookies. Data collection and processing is carried out at any time without reference to persons. In particular, no full IP addresses are stored. By using our website, you agree to the processing of the data collected about you by Snowplow in the manner and for the purpose described above.

Intermediary Partners (affiliates, publisher)
When accessing our website through certain intermediary partners with whom we cooperate, cookies are set by these intermediary partners. The cookies remain stored beyond your current visit to our website. However, no personal data are collected, but only anonymous identification numbers for the purpose of assigning the reference to the respective intermediating partner.

Our Security Technology

The pages on which we collect personal data are encrypted with 128 bit and are certified by institutions that are approved for international accredited encryption certification.

For the Online Banking System of Starling Bank, further security measures have been put in place (e.g., use of PIN/transaction password). Unauthorised access is prevented by a firewall system.

For more information, please refer to our Security page.