MyBudget Privacy Policy

Last updated 11.08.20


1. Introduction

Welcome to the OpenWrks My Budget Privacy Policy. This document sets out everything you need to know about what type of data we hold about you, why we have it and how we use it. When we say “we”, “OpenWrks”, “us” or “ours” we are talking about OpenWrks, a trading name of Business Finance Technology Group Limited, a company incorporated and registered in England and Wales with company number 09422433 whose registered office is at 45 Wollaton Street, Nottingham, NG1 5FW. When we say “you” or “yours” we are talking about you, our customer or potential customer.

We are the data controller of your information; our data controller registration number is ZA099506. You can check our registration details with the Information Commissioner’s Office (ICO) at ico.org.uk.

2. What information do we collect about you?

We may collect the following types of data about you:

  • Your name & date of birth
  • Your address
  • Your email address
  • Your phone number
  • Your bank statement data
  • Your credit report
  • Technical information about how you use our website/apps
  • Answers to any questions we ask you directly in order to provide our services to you

We get this information from you, your mobile phone, cookies, your bank, credit reference agencies or other third parties such as our partners, service providers, advertising networks, analytics providers, search information providers and social media.

We may also record or monitor telephone conversations or other communications between you and us, which is another source of how we get data about you.

3. How do we use that information

We use this information to provide you with our services, to improve our services to you, to administer your account and to communicate with you. We also use anonymised information collected from all of our customers for research, profiling and analytical purposes.

The list below details exactly how we use the different types of data fields we collect and which lawful basis we rely on (see section 5 for more details).

We require your consent for some details

To share your data with the Company that has introduced you to us, for the purposes of you building a budget, we require your Consent to collect the following fields:

  • Your name & date of birth
  • Your address
  • Your email address
  • Your phone number
  • Your credit report
  • Your bank statement data
  • Technical information about how you use our website/apps
  • Answers to any questions we ask you directly in order to provide our services to you

Performance of a contract (which cannot be opted out of)

We will, in the Performance of a contract (which cannot be opted out of):

  • Store your data on OpenWrks systems to manage your OpenWrks account including calculating your budget. This includes the following fields:
    • Your name & dof birth
    • Your address
    • Your email address
    • Your phone number
    • Your credit report
    • Your bank statement data
    • Technical information about how you use our website/apps
    • Answers to any questions we ask you directly in order to provide our services to you
  • Share your name, address and date of birth with credit reference agencies to obtain information from your credit report
  • Send you core communications such as your budget report, alerts whenever there is a change in your finance report, significant changes which may impact OpenWrks’ service and other such related content

Sharing your data

In the Legitimate interests and soft-opt in rule (meaning you have the chance to opt-out) we will send you content communications such as tips, research, features and news, coaching programmes on how to keep on top of their money and other related content

Anonymised data

We will use anonymised data to improve our services

4. Who may we share your information with?

We may share your data with other members of our group and with other third parties, such as our service providers, advertisers, credit reference agencies and fraud prevention agencies. This is to enable us to provide you with the products, services and information you request. As such, your data may be shared with the third parties listed below. These third parties act on our instructions and are processors of your information.

Credit reference agencies

such as Callcredit, Equifax & Experian (the CRAs)

As part of our services we need to obtain credit information about you and as such we will need to ask the CRAs to provide us with this data. The CRAs will:

  • search their systems using your name, address and date of birth to retrieve information for us;
  • send us your credit information via a secure data transfer known as SOAP API where they match you to their database; and
  • record the request for information we made on your behalf. This will only be visible to you if you obtain a credit report and will be classed as an Unregistered Enquiry. This means that the search will not be visible to any other companies who carry out a credit search on you and will not affect your credit score in any way.

Fraud prevention agencies

such as CIFAS (UK’s Fraud Prevention Service), Crimestoppers and ActionFraud (the FPAs)

In certain circumstances we may be required to provide your data to the FPAs to ensure you are not involved in fraudulent activities. The FPAs will use your data by:

  • running a search against your name, address and date of birth to retrieve information for us;
  • recording any notes we make about actual or potential instances of fraud that we see and making these available to their other members for the purposes of helping to prevent fraud.

Intercom

Intercom provides the technology to enable and store our non-voice consumer communications (web chat, email etc)

Inspectlet

Inspectlet provides the technology to enable web analytics so we can improve how our sites and applications function.

Cloud Based Services

Associated technologies and cloud based services are required to provide OpenWrks services. All data is processed securely, encrypted in transmission and at rest.

Third parties

We may share information about you with third parties that will be joint data controllers of your information. As such, we encourage you to read their respective privacy policies as these will apply. These third parties are:

  • Financial Conduct Authority (the FCA) - The FCA may, as our regulator, require us to share information with them and this information may include your data.
  • Introducing Companies - The company that introduced you to us for the purpose of helping you to build a budget will need to identify you and review your budget in connection with the service they are providing you.

In the majority of the above cases we will obtain your consent before sharing your data with these third parties who also act as data controllers. There may, however, be instances where we are required to share your data and will not obtain your consent beforehand - for example when sharing your information with an Introducing Company using the legal basis of Legitimate Interests.

5. Legal basis for processing your information

As you will see from the table in section 2 above, we rely on three (3) different lawful bases for processing your data. These are:

Performance of a contract

We rely on this basis when we need to fulfil our obligations in our customer terms and conditions.

Consent

We rely on this basis when we need your permission to pass on your details to a third party where you will need to sign up to that third party’s terms and conditions after selecting a certain product or service on our website or app.

Legitimate interests

We rely on this basis when we process your personal data for the purposes of our legitimate interests or for the legitimate interests of our product providers or other suppliers, provided that such processing does not outweigh your rights and freedoms. A few examples of when we may rely on this basis are when we need to:

  1. display or notify you of tailored product offers for you or recommended payment plans;
  2. provide you with our service, including quality control and analysis;
  3. protect you and us from fraud or other threats;
  4. comply with laws that apply to us
  5. conduct analysis, segmentation and profiling of your data in order to
  6. improve our service and manage our customer relationships.

The above list is not exhaustive. Where we rely on legitimate interests, you have the right to object at any time by contacting us at the details listed in section 13.

6. Direct marketing preference

We may reach out to you directly by email, phone or post for the following purposes:

Product recommendations from third parties

We’ll get in touch with personalised, timely product recommendations from our third party partners that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like, either by clicking on the unsubscribe button on the email or by telling us (see section 13).

Product recommendations from us

We’ll get in touch with personalised, timely product recommendations from us that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like, either by clicking on the unsubscribe button on the email or by telling us (see section 13).

Content communications

We’ll send you content such as tips, research, features and news, coaching programmes on how to keep on top of your money and other related content. We rely on the legitimate interests’ legal basis of the need to provide you with information about financial planning matters so that you can keep on top of your repayments and financial affairs. You can unsubscribe from these communications at any time.

Core communications

We’ll send you key information about our product and services including alerts when a creditor accepts a payment plan we have put forward for you or when a creditor suggests a payment plan to you, when there are changes to your credit information, security announcements regarding the OpenWrks platform and your account and significant changes which may impact our service and other related content. These communications are core to the delivery of our services and cannot be opted-out of.

7. How do we protect your information?

We protect your information by adhering to internationally recognised Information Security best practices and standards.

We take the security of your data very seriously and use strict procedures to protect it. Whenever we transfer personal data outside of the UK/ European Economic Area, we ensure that appropriate safeguards are in place to protect the data.

All information you provide to us is stored in UK data centres which provide secure cloud infrastructure that are designed by Information Security professionals. We adhere to best practices which among many include defence in depth, security by design, least privilege principles and providing both physical and logical access controls.

We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.

Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.

8. How long do we keep your information for?

We keep your information for as long as you have an account on the OpenWrks platform. All of your personal data will be removed within six (6) months of you terminating your OpenWrks account. After which point we will only retain anonymised data which cannot identify you and is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes. We may also keep your email address to ensure that you no longer receive any communications from us and your name, date of birth and latest address for fraud prevention purposes and for the exercise or defence of a legal claim.

9. Do we use Automated Decision Making?

Yes. We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know.

Identity verification

We use an automated decision making system to verify the details you provide against those held by third party providers. If you do not pass the check using the automated system, we cannot provide our services to you without being able to verify your identity.

Building your budget

We use the financial information you share with us to build your budget and identify what you can afford to pay.

Providing useful information

We use an automated decision making system to provide you with useful advice and information on how you can stay on top of your finances and solutions which may enable you to take control of your debt.

Tailored communications

We want to make sure we’re only sending you emails that are relevant to you, and so we will use your personal information to determine which content you may be more interested in receiving.

You have the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making, please contact us at the details listed in section 13.

10. Do we use cookies?

Yes. Please see our Cookie Policy here


11. What are your rights?

You are able to:

  1. request access to your data from us;
  2. ask us to correct the data that we hold on you if it’s incorrect;
  3. object to the use of your data by us;
  4. restrict the use of your data by us;
  5. ask us to erase the data we hold on you;
  6. have your data transferred to you or another third party; and
  7. withdraw your consent regarding processing where we have obtained your consent.

If you wish to exercise any of your rights, please contact us at the details listed in section 13.

12. Changes to this Privacy Policy

We may change any of the terms in this Privacy Policy at any time. The updated Privacy Policy will be posted on this webpage and, where we decide it is appropriate, notified to you by email. However, there may be instances where we don’t email you about a change if, for example, we feel that the changes are minor. So please regularly check this webpage to see any updates or changes to our Privacy Policy.

13. Contact us

You can contact us at any time if you have any questions, complaints or requests regarding this Privacy Policy at [email protected].

14. Complaints to the ICO

You have the right to inform the ICO if you feel we have breached our obligations under this Privacy Policy or if you believe we aren’t processing your information in accordance with data protection law – please see the ICO’s website: ico.org.uk/make-a-complaint for further information. However, we respect your rights and would like the chance to rectify any concerns you may have before you refer the matter to the ICO.


We use cookies to ensure your security on our website.

For more information read our Cookie Policy.