Last updated 11.08.20
Last updated 11.08.20
We are the data controller of your information; our data controller registration number is ZA099506. You can check our registration details with the Information Commissioner’s Office (ICO) at ico.org.uk.
We may collect the following types of data about you:
We get this information from you, your mobile phone, cookies, your bank, credit reference agencies or other third parties such as our partners, service providers, advertising networks, analytics providers, search information providers and social media.
We may also record or monitor telephone conversations or other communications between you and us, which is another source of how we get data about you.
We use this information to provide you with our services, to improve our services to you, to administer your account and to communicate with you. We also use anonymised information collected from all of our customers for research, profiling and analytical purposes.
The list below details exactly how we use the different types of data fields we collect and which lawful basis we rely on (see section 5 for more details).
To share your data with the Company that has introduced you to us, for the purposes of you building a budget, we require your Consent to collect the following fields:
We will, in the Performance of a contract (which cannot be opted out of):
In the Legitimate interests and soft-opt in rule (meaning you have the chance to opt-out) we will send you content communications such as tips, research, features and news, coaching programmes on how to keep on top of their money and other related content
We will use anonymised data to improve our services
We may share your data with other members of our group and with other third parties, such as our service providers, advertisers, credit reference agencies and fraud prevention agencies. This is to enable us to provide you with the products, services and information you request. As such, your data may be shared with the third parties listed below. These third parties act on our instructions and are processors of your information.
As part of our services we need to obtain credit information about you and as such we will need to ask the CRAs to provide us with this data. The CRAs will:
In certain circumstances we may be required to provide your data to the FPAs to ensure you are not involved in fraudulent activities. The FPAs will use your data by:
Intercom provides the technology to enable and store our non-voice consumer communications (web chat, email etc)
Inspectlet provides the technology to enable web analytics so we can improve how our sites and applications function.
Associated technologies and cloud based services are required to provide OpenWrks services. All data is processed securely, encrypted in transmission and at rest.
We may share information about you with third parties that will be joint data controllers of your information. As such, we encourage you to read their respective privacy policies as these will apply. These third parties are:
In the majority of the above cases we will obtain your consent before sharing your data with these third parties who also act as data controllers. There may, however, be instances where we are required to share your data and will not obtain your consent beforehand - for example when sharing your information with an Introducing Company using the legal basis of Legitimate Interests.
As you will see from the table in section 2 above, we rely on three (3) different lawful bases for processing your data. These are:
We rely on this basis when we need to fulfil our obligations in our customer terms and conditions.
We rely on this basis when we need your permission to pass on your details to a third party where you will need to sign up to that third party’s terms and conditions after selecting a certain product or service on our website or app.
We rely on this basis when we process your personal data for the purposes of our legitimate interests or for the legitimate interests of our product providers or other suppliers, provided that such processing does not outweigh your rights and freedoms. A few examples of when we may rely on this basis are when we need to:
The above list is not exhaustive. Where we rely on legitimate interests, you have the right to object at any time by contacting us at the details listed in section 13.
We may reach out to you directly by email, phone or post for the following purposes:
We’ll get in touch with personalised, timely product recommendations from our third party partners that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like, either by clicking on the unsubscribe button on the email or by telling us (see section 13).
We’ll get in touch with personalised, timely product recommendations from us that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like, either by clicking on the unsubscribe button on the email or by telling us (see section 13).
We’ll send you content such as tips, research, features and news, coaching programmes on how to keep on top of your money and other related content. We rely on the legitimate interests’ legal basis of the need to provide you with information about financial planning matters so that you can keep on top of your repayments and financial affairs. You can unsubscribe from these communications at any time.
We’ll send you key information about our product and services including alerts when a creditor accepts a payment plan we have put forward for you or when a creditor suggests a payment plan to you, when there are changes to your credit information, security announcements regarding the OpenWrks platform and your account and significant changes which may impact our service and other related content. These communications are core to the delivery of our services and cannot be opted-out of.
We protect your information by adhering to internationally recognised Information Security best practices and standards.
We take the security of your data very seriously and use strict procedures to protect it. Whenever we transfer personal data outside of the UK/ European Economic Area, we ensure that appropriate safeguards are in place to protect the data.
All information you provide to us is stored in UK data centres which provide secure cloud infrastructure that are designed by Information Security professionals. We adhere to best practices which among many include defence in depth, security by design, least privilege principles and providing both physical and logical access controls.
We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.
We keep your information for as long as you have an account on the OpenWrks platform. All of your personal data will be removed within six (6) months of you terminating your OpenWrks account. After which point we will only retain anonymised data which cannot identify you and is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes. We may also keep your email address to ensure that you no longer receive any communications from us and your name, date of birth and latest address for fraud prevention purposes and for the exercise or defence of a legal claim.
Yes. We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know.
We use an automated decision making system to verify the details you provide against those held by third party providers. If you do not pass the check using the automated system, we cannot provide our services to you without being able to verify your identity.
We use the financial information you share with us to build your budget and identify what you can afford to pay.
We use an automated decision making system to provide you with useful advice and information on how you can stay on top of your finances and solutions which may enable you to take control of your debt.
We want to make sure we’re only sending you emails that are relevant to you, and so we will use your personal information to determine which content you may be more interested in receiving.
You have the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making, please contact us at the details listed in section 13.
You are able to:
If you wish to exercise any of your rights, please contact us at the details listed in section 13.