Privacy Policy

This is the AppyFinance Limited (“AppyFinance”, “we”, “us” or “our”) general/customer privacy notice. If you have engaged with us in an employment-related capacity, our employee privacy notice is more appropriate for you.

We (and our subsidiary and affiliate companies) are committed to protecting the privacy and security of your personal information. It is important that you read this notice, together with any privacy notice we may provide on specific occasion when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

1. Overview and purpose

This privacy notice summarises the information that we collect, store and use about our customers and potential customers, why and how it is used, your rights in regard to this data, as well as the protections in place to safeguard it.

There is no need for you to take any action.

We are a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.    We are required under data protection legislation to notify you of the information contained in this Privacy Notice.   

In addition, where your personal information is processed by any other company in the AppyFinance group for their own independent purposes, that entity will be independent controllers of your personal information.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.  

This notice applies to all our customers and potential customers.

2. Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice.  The DPO is responsible for the upkeep, amendment and modification of this document.  If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Data Protection Officer (contact details are at the end of this privacy notice).

You also have the right to make a complaint at any time to the Information Commissioners Office, the UK supervisory authority for data protection issues. 

3. The information we collect 

Personal data or personal information means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data). We collect, store and use the following categories of personal information about you for the purposes described in this notice:

• Personal detailssuch as your name and title, gender, date of birth and contact details;
• Contact details such as your home address, telephone and email addresses;
• Identification information – such as national ID/passport, immigration status and documentation, visas, social security numbers (US only), national insurance numbers;
• Health information– such as information about short- or long-term disabilities or illnesses that may be relevant for any insurance cover you are looking to obtain;
• Financial information– such as your banking details, credit or debit card number or other payment details, as well as details of your income and assets/liabilities;
• Other information you choose to share with us – such as hobbies, social preferences, etc; and
• Equality and diversity information (where authorised by law and consent provided voluntarily) – such as information regarding gender, age, nationality, religious belief, sexuality and race (stored anonymously for equal opportunities monitoring purposes).
  
  

Sensitive personal information

To the extent authorised by local laws, we may collect and process a limited amount of personal information falling into special categories, sometimes called ‘sensitive personal information’. This term means information relating to:

• health-related details, including any special dietary requirements and any reasonable adjustments that we may be required by law to make to your working arrangements;
• information revealing racial or ethnic origin;
• judicial information, including the results of criminal or police records checks which can include details of offences, alleged offences and sentences and information from other intelligence sources (subject to relevant local laws and record retention periods);
• marital status and next of kin; and
• political opinions or contributions, religious beliefs or other similar beliefs and sexual orientation, should you choose to provide any such information to us.
  
  

4. Consent

By accepting this privacy policy, you consent to us using your data under the legal bases in point 6 and for the reasons outlined in point 7.

Some of the grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

5. How we collect information 

We collect your personal information from a variety of sources, but in most circumstances directly from you through your use of the AppyFinance website and/or AppyFinance mobile application.

We may also obtain some information from third parties, e.g. credit reference agencies.

6. Legal basis for processing your data 

We collect, store and process your personal information for the following legal bases:

• The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, prior to entering into such a contract; for example collecting your name and address details in order to assist you in applying for a financial product or service;
• The processing is necessary for compliance with certain legal obligations to which we are subject, for example, disclosing information to local tax authorities; and
• The processing is necessary for the legitimate interests pursued by us.

7. How we use your personal data

In line with the above legal bases, we collect, store and process your personal data for the following purposes:

Tailoring content

• To enable us to tailor the content presented to you when you use the AppyFinance website or mobile application, and to prioritise the order in which that content is provided to you

Identifying products and services which may be of relevance to you

• To identify products, services and offers which may be of interest or relevance to you and to inform you of those products, services and offers

 

Assisting you in applying for products and services

• To assist you in completing the application process for financial products and services by passing your information to product providers and/or pre-populating initial application forms from those product providers

Account maintenance

• To help maintain your account and to contact you in the event of any problems with your use of or access to the AppyFinance website or mobile application

Responding to legal and regulatory requests

• To enable us to comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorised by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection and tax), whether within or outside your country.

8. Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.  Please note we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is permitted or required by law.

9. Data retention 

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.

In specific circumstances we may store your personal information for longer periods so that we have a record of your dealings with us in the event of a complaint or challenge, or we believe there is a prospect of litigation relating to your personal information or dealings.

We protect personal data within an Information Security Management System which complies with ISO27001.

10. DATA SHARING

For the above purposes, your personal information may be transferred within or outside of the jurisdiction where you are resident, either within AppyFinance or to third parties, including, but not limited to:

• any holding company, parent, subsidiary or affiliate of AppyFinance; and
• certain third parties including suppliers and service providers to whom AppyFinance may disclose personal information when required by law or court order, or as requested by any government or regulator or law enforcement authority or agency.

We may also disclose your personal information to a third party where it is necessary to do so in order to protect or pursue our legitimate interests (ensuring this is proportionate and limited to that information which is strictly necessary in the circumstances). This may include, but is not limited to, disclosure to a party with whom AppyFinance is in negotiation for the sale or transfer of a business, assets or services. We will take appropriate steps to ensure that the recipient of personal information in such circumstances puts in place an adequate level of protection for such personal information in accordance with applicable legal requirements.

Where we transfer personal information internally within AppyFinance or to any third party between different jurisdictions, including, but not limited to, transfers outside of the European Economic Area (EEA) including the USA, and to other jurisdictions that have not been deemed to offer adequate protection, for the purposes outlined in this document, we will take appropriate steps to ensure that there is an adequate level of protection for personal information in place in accordance with applicable legal requirements.

11. YOUR RIGHTS AS A DATA SUBJECT

You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the end of this document. These rights include:

• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
• the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) to do so;
• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to us;
• the right to request that we correct your personal data if it is inaccurate or incomplete the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we must retain it;
• the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we must refuse that request;
• the right to lodge a complaint with the applicable data protection regulator in the country where the relevant AppyFinance entity is located if you think that any of your rights have been infringed by us. If you are not sure which part of AppyFinance is using your data or which is the relevant data protection regulator, you can ask us to clarify this using the contact details in the end of this document; and
• when we are processing on the grounds of legitimate interest, you have the right to object to the processing and we must stop unless we have an overriding reason which will be communicated to you.

You will not have to pay a fee where you request access to the personal data we hold about you, (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

12. Contact details

Main contact: John Drabble, Head of Compliance and Data Protection Officer

Email: [email protected]

Address: Appy Finance Limited, 78 York Street, London, W1H 1DP