We’re committed to protecting your personal and financial privacy. This policy describes the information we collect, how we use it and your rights to control it.
Introduction and Summary
- how and when we collect your personal data,
- what information we collect;
- why we use your personal data; and
- your rights to control your personal data.
How and when do we collect your information and what do we collect?
If you engage with us in any way, we may collect the following information about you through the methods of contact you choose to use at the point of engagement:
- information you provide through our website;
- information you provide through communications with us, whether in writing (including by letter or email) or on the telephone (including by way of recorded calls) or online chat;
- information we obtain through your engagement with us on social media, including on blogs, forums and through Facebook and Twitter; and
- information provided on your behalf by your representatives or agents (“Agents”) who engage with us on your behalf in the ways described above.
From time to time, we may obtain information from outside sources to help us carry out our business functions. This includes:
- information and reports from credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers and tracing agents;
- commercial and marketing databases; and
- public records and other publicly available information sources.
If you wish to become a client you will need to provide us with the following information, which we may also collect from third parties:
- your personal details (including name, date of birth, current and previous postal addresses);
- your contact information (including phone and e-mail details);
- your business name and contact information;
- financial information (including bank account details);
- information you provide in our registration or onboarding processes (including certain personal data, identity verification, contact details and financial information about directors, partners, members, shareholders, beneficial owners and guarantors);
- information you provide in your dealings with us;
- fraud prevention information; and
- passwords and security question answers.
In addition to the personal and financial information you submit or we collect, we may also collect information about your computer (including, where available, your IP address, operating system and browser type), your interaction with the marketplace and our website, and email performance data. We use this information for several reasons, including marketing, marketplace administration and service improvement. Our Cookies Policy describes these processes in more information.
We also collect and retain:
- copies of our correspondence with you as well as other data relating to your activities on the marketplace;
- details about visitors to our website for the purposes of aggregating statistics or reporting purposes and calculating referral fees; and
- comments made on blogs and discussion forums in connection with the marketplace.
We may receive personal data (such as medical information or criminal records). Where relevant, we will hold and process this data to allow us to make decisions about you and your accounts with us (or with which you are connected). This may involve us sharing your sensitive personal data with Agents. We will process sensitive personal data only in accordance with the requirements of applicable privacy law.
If you provide information about other people (for example, if you represent a borrower and you provide information about directors, partners, members, shareholders or beneficial owners other than yourself) then you confirm:
- by providing information about other people, that you have all relevant permissions and authority (i) to make all those disclosures, (ii) to act on their behalf and (iii) in relation to partners, members, shareholders or beneficial owners of borrowers, to allow us to make credit checks at credit reference agencies in respect of those persons.
Using your information
We collect, store and use your personal data:
- to inform you of developments and activity and of changes to our products and services;
- to develop and improve our services, products and business, including analysing and improving our credit risk models and our customer service offering;
- to transfer money;
- to carry out mandatory or other regulatory checks;
- to comply with our legal and regulatory obligations;
- to carry out statistical analysis and market research and testing;
- to contact you (including by SMS and e-mail) with products and services which we believe may interest you (at all times taking into consideration your rights at law including your right to opt-out from receiving marketing from us);
- to open accounts with us and to manage and maintain those accounts;
- to verify your identity and the other information you have provided to us, including your bank account information and (if relevant) the identity of your business associates;
- to update the records we hold about you from time to time;
- to provide services; and
- for the prevention and detection of fraud or other illegal or criminal activity.
We will not keep your personal data for longer than is necessary for the purposes for which it was collected and is processed and for the purposes of satisfying our legal, accounting or regulatory reporting requirements. These requirements generally permit us to retain records for a period of six years after the end of any relationship (i.e. the date on which we no longer provide services). We may retain data for longer than this in certain circumstances, for example in the event of an ongoing dispute.
Disclosing your information
We may disclose your personal data to:
- to companies in our group and our affiliates;
- to our suppliers, sub-contractors and third party data processors (including card payment and direct debit payment processors, marketing and data analytics service providers, collection agents, tracing agents, insolvency practitioners, professional advisers and persons who provide us with the following services from time to time: identification and fraud check; marketing; technology; marketplace support; and back-up and business continuity);
- with any third party you have asked us to share your personal data with, including social media sites if you have asked us to connect with your social media account;
- to credit reference and fraud prevention agencies (see sections 6 and 7 below for more information on this);
- if we are unable to provide you with credit and if you consent, to third parties who may be in a position to arrange credit for you;
- to a third party if it acquires all or part of our business or assets in connection with the acquisition, or to a successor in interest in the unlikely event of our insolvency, winding up or liquidation;
- If we are required to do so by applicable law and regulation, governmental, tax or regulatory body or law enforcement agency;
- if you are represented by an Agent, to your Agent; and
- to any other person with your prior consent to do so.
Third parties who process your personal data on our behalf are only permitted to process your personal data in accordance with our instructions and we will take steps to ensure that the transfer and any ongoing processing by those third parties are carried out securely and in accordance with applicable privacy laws.
To support the delivery of our Services, we may engage and use data processors (“Subprocessors”) with access to certain personal information. This page provides important information about the identity, location and role of each Subprocessor we use.
What is a Subprocessor?
A subprocessor is an external service or provider that is enlisted to deliver our service to you. As part of that service delivery, we may be required to share personal information we have collected about you with these providers.
How do we protect your information?
We take the privacy and security of your personal data very seriously and have strict processes in place to ensure this information is shared securely and only when necessary.
Personal information: We employ Secure Socket Layer (SSL) technology for the collection, storage and processing of all data. All accounts are accessed via secure login with one-way hashing of all passwords. We do not access or share any data unless required by law or with your permission to help resolve system problems.
Payments: All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. We do not store this information ourselves.
whitelabelcrowd.fund also requires that any third-party services or subprocessors, that we use as part of delivering this service to you, meet the requirements and obligations under GDPR, as well as those requirements of the local authority.
We have established Data Processing Agreements (DPA’s) with all of our providers, to ensure your personal information is collected, stored and processed in a legal/lawful manner.
Third parties (Suppliers and Subprocessors)
We list suppliers and sub-processors in relevant sections, to give you a greater understanding of how these services access your information.
whitelabelcrowd.fund uses the following organisations to store/host/collect Personal Information, or provide other infrastructure that helps with the delivery of the Service.
|3CX||VoIP provider (telecoms)|
|Amazon Web Services Inc,||Hosting|
|CrazyEgg Inc.||Usability tracking service|
|Hubspot Inc||Customer relationship management|
|Microsoft Inc||Information management services|
|Rocket Sciences Group (Mailchimp)||Email marketing service|
|Nourish||Email marketing service|
|TrueLayer||Open Banking service provider|
Infrastructure Subprocessors – Service Data Storage
whitelabelcrowd.fund uses the following organisations to store/host/collect Personal Information, or provide other infrastructure that helps with the delivery of the Service. These are secure environments that are controlled by the whitelabelcrowd.fund team and are protected by Data Processing Agreements:
|Amazon Web Services Inc,||Hosting|
|Hubspot Inc||Customer relationship management|
|Microsoft Inc||Information management services|
We are part of a global group of companies and, in order to support our business in the most efficient manner possible, we share infrastructure and functions across our business internationally. This means that we may transfer your personal data to, or your personal data may be accessible in, any location in which we do business. If your information is transferred to or accessible in a country which is not considered by the European Community to adequately protect personal data (such as the USA), we will always take steps to ensure that your information is protected and that those transfers comply with applicable privacy laws.
We may transfer your information to other countries, including those outside the European Economic Area, either for storage purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas. We will always take steps to ensure that your information is protected and that those transfers comply with applicable privacy laws.
False information and Fraud Prevention Agencies (“FPAs”)
If you give us false or inaccurate information or if we suspect or identify fraud we may record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention including law enforcement agencies.
We and other organisations may access and use this information in order to prevent fraud, money laundering or other criminal activity (for example, by checking details on credit applications, managing credit and recovering debt). We also use FPAs to screen job applicants and employees.
Please contact us if you want to receive details of the relevant fraud prevention agencies.
You may, at any time:
- exercise your right to request access to certain personal data records we hold about you (a subject access request), by emailing firstname.lastname@example.org with the subject line “subject access request”;
- request that we update and correct any out-of-date or inaccurate personal data we hold about you by emailing us at email@example.com, and also log-in to your whitelabelcrowd.fund account and make changes yourself;
- contact us to register your preferences for how we contact you;
- opt out of any marketing communications that we may send you by emailing us at firstname.lastname@example.org, by calling us on 020 7193 0441, by writing to our Data Protection Officer at 10-12 E Parade, Leeds LS1 2BH or by following the link on any email marketing you have received or by following the appropriate opt-out procedures that we include on all marketing materials; and
- exercise your right to object to our continued processing or your right of erasure, neither of which is a guaranteed or absolute right. We will consider all requests of this nature and consider any compelling legitimate grounds to continue processing, for example, our need to continue to process your personal data in connection with any legal or regulatory requirements to which we are subject; and
- tell us if you have changed your mind about us referring you to a third-party broker or lender.
Security and other Third Parties
We do our best to safeguard the personal data that you provide to us, but we accept no liability if communications are intercepted by third parties or incorrectly delivered or not delivered.
If we transfer your information to third parties we will take steps to ensure that the transfer and any ongoing processing by those third parties are carried out securely and in accordance with applicable privacy laws.
You also have a responsibility to ensure that your information is kept secure. If you are a member of our marketplace, you must:
- keep your login details secret;
- log out of your account when not using it;
- maintain good internet security (for example, be careful when using public WiFi or shared access internet connections); and
- tell us immediately if you think your account has been compromised.
You can contact us at email@example.com or by calling us on 020 7193 0441. Alternatively, you can write to us at 10-12 E Parade, Leeds LS1 2BH. Please be sure to mark all correspondence for the attention of our Data Protection Officer so that we can get back to you quickly.