AccountScore Privacy Policy

This privacy policy sets out the basis on which Accountscore Limited (with its registered office at AccountScore, Floor 32, Euston Tower, 286 Euston Road, London, NW1 3DP (referred to in this policy as we, our or us) collects and uses your personal information. Our privacy policy also provides information about your rights.

We are also registered with the Information Commissioner's Office with registration number ZA180426.

This notice covers the following:

1 What is Personal Information?

2 What information do we collect from you?

3 How do we use your information?

4 What is the legal basis that permits us to use your Personal Information?

5 What happens if you do not provide information that we request?

6 Who will we disclose your information to?

7 How do we use your IP address and cookies?

8 Where do we store your Personal Data?

9 How long will we keep your Personal Information for?

10 When will we make changes to our Privacy Policy?

11 How can you contact us?

12 Your Rights

Summary

When you use our service and by visiting www.accountscore.co.uk, we will collect the following information from you:

- Your internet banking details, including your personal identification number(s) and security password(s); and

- A record of your transactions as revealed in your online bank account history.

Please note that for the service to be provided to you:

- Our third party supplier, referred to as "Yodlee" will send your online Bank Account history to us.

- We will display your Bank Account history to your proposed lender, debt advisor or financial services provider.

- We may review your Bank Account and Bank Account history on a regular basis, if we have your permission to do so.

- Your proposed lender, debt advisor or financial services provider will use your Bank Account history to decide if they should lend you money or give you credit (as applicable).

- Please note that we cannot make payments or transfer funds to third parties or otherwise use your Bank Account in any way. We will only be able to read your Bank Account history.

1 What is Personal Information ?

Personal information is any information that tells us something about you. This could include information such as your name, contact details and bank account details.

2 What information do we collect from you?

2.1 We will collect and process the following information about you:

2.1.1 As part of our service, you will enter your personal identification number(s) and security password(s) ("Internet Banking Credentials") for your online bank account ("Bank Account"). This will enable us to report on your record of transactions as revealed in your Bank Account history (your "Transaction Data"), to your proposed lender, debt advisor or financial services provider, as applicable ("Approved Provider").

2.1.2 Your Internet Banking Credentials are encrypted in transit and stored securely for a very short period on our servers before being transferred to Yodlee, Inc ("Yodlee"). Your Internet Banking Credentials will not be stored on our database and will be deleted during your session. However, your encrypted Internet Banking Credentials will be stored by Yodlee on their servers in a secure environment.

2.1.3 You may provide us with information by filling in forms on www.accountscore.co.uk (our "Site"). This may include your name, address, email address and telephone number(s). It may also include your date of birth, residential status, the length of time at your address, employment details and financial information.

2.1.4 We may also ask you for information when you report a problem with our Site.

2.1.5 We may hold a record of correspondence if you contact us or we contact you.

2.1.6 You may provide us with information in surveys that we ask you to complete.

2.1.7 Transaction Data.

2.1.8 Proof of identification or details to confirm or verify your identity, address, Bank Account or payment card.

2.1.9 Details of your visits to our Site (including traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise) and the resources that you access.

2.1.10 Information from third parties, which may include your employer or a referee.

2.1.11 Any other information you voluntarily provide.

2.2 We will collect the following information from you, which will include your name, surname and mobile telephone number. We will use this information to contact you about registration with consents.online. Consents.online is a new service that will enable you to take advantage of open banking products and services.

3 How do we use your information?

3.1 Where you provide us with your Internet Banking Credentials, the following process will be undertaken to access, use and retrieve your Transaction Data:

3.1.1 Yodlee will collate and send the Transaction Data to us; and

3.1.2 We modify the way in which your information is displayed and represented to your Approved Provider (including via a dashboard on our Site) based on the Transaction Data.

3.2 In order to provide our service to you and to carry out our obligations to your Approved Provider:

3.2.1 We may view and monitor your Bank Account(s) and the balances on your Bank Account(s) from time to time;

3.2.2 We may copy Transaction Data from your Bank Account(s) from time to time;

3.2.3 We may store copied Transaction Data on our servers and Yodlee may store the Transaction Data on its servers; and

3.2.4 We will report certain information to your Approved Provider so your Approved Provider can make credit scoring, lending and collecting decisions (as applicable) based on your Transaction Data.

3.3 Your Approved Provider will carry out credit scoring, lending and collecting decisions (as applicable) using your Transaction Data at the time of your application. If you have given your Approved Provider permission to do so, your Approved Provider may carry out these types of decisions on a continuing basis thereafter and monitor the balance on your Bank Account from time to time.

3.4 Your Approved Provider will have its own privacy policy, which will explain in further detail how your Approved Provider will use your personal information. Please note that we do not accept any responsibility for this policy.

3.5 We will also use the information you provide to us to improve our service offering. This may include sharing your Transaction Data with the third parties set out in section 6. In these circumstances, we will anonymise your Transaction Data and combine it with other data. You will not be identifiable from the use of such data.

4 What is the legal basis that permits us to use your Personal Information?

4.1 Under data protection legislation, we are only permitted to use your personal information if we have a legal basis for doing so as set out in the data protection legislation. We rely on the following legal basis to use your information:

4.1.1 where we need information to perform the contract we have entered into with you. This includes:

(a) to access, use and retrieve your Transaction Data (following the process set out in section 3) to deliver our services to you; and

(b) to administer the contract we have with you.

4.1.2 where we need to comply with a legal obligation. This includes compliance with our regulatory obligations, to bodies such as the FCA.

4.1.3 where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes:

(a) inviting you to register for our services;

(b) to investigate where you report a problem with our Site;

(c) to verify or enforce compliance with the policies governing our Site and/or applicable laws;

(d) fraud and crime prevention; and

(e) to protect against misuse or unauthorised use of the Site.

4.2 In more limited circumstances we may also rely on the following legal bases:

4.2.1 where we need to protect your interests (or someone else's interests).

4.2.2 where it is needed in the public interest or for official purposes.

5 What happens if you do not provide information that we request?

5.1 We need some of your personal information in order to perform our contract with you. For example, we need to know your Internet Banking Credentials so that we can arrange for your Transaction Data to be provided to your Approved Provider.

5.2 Where information is needed for these purposes if you do not provide it we will not be able to perform our contract with you and provide you with our services. We explain when this is the case at the point where we collect information from you.

6 Who will we disclose your information to?

6.1 We will share your personal information with:

6.1.1 Your Approved Provider, where we are required to do so in order to provide you with our services;

6.1.2 Your Bank and Yodlee (to the extent such information is required in order to provide you with the services); and

6.1.3 Members of the AccountScore group, including AccountScore Holdings Limited and Consents Online Limited.

6.2 We will use third parties from time to time to help us in delivering services to you. Where we use such third parties, we will ensure appropriate safeguards are in place to protect your personal information.

6.3 We will only share your Transaction Data or Internet Banking Credentials with Yodlee for the purpose of providing our service to you.

7 How do we use your IP address and cookies?

7.1 We may collect information about your computer. This may include your IP address, operating system and browser type. This will be for our system administration. We may also report combined information to our advertisers. Please note that this information will not identify you, and this information will only be statistical data about our users' browsing actions and patterns.

7.2 A "cookie" is a small electronic file that collects information about you when you visit our Site. A cookie can identify the pages that are being viewed, and this can assist us to select the pages that you see. Some cookies only exist whilst you are online, but "persistent" cookies remain on your computer, so that you can be recognised as a previous visitor when you next visit our Site. We may use persistent cookies to allow us to collect information about your browsing habits whilst on our Site, so that we can monitor and improve our services.

7.3 By continuing to use our Site, you agree to the use of cookies by us in the manner outlined in this policy and a pop up will appear on the screen when you first access the Site to remind you of this.

7.4 We do not store sensitive information such as your Internet Banking Credentials, account numbers or passwords in persistent cookies. Cookies in themselves do not contain enough information to identify you. We will only acquire a personal identity in relation to your browsing habits after you have provided us with your personal data for the purposes outlined at section 3 above.

7.5 In addition to using cookies, we might also use web tools to collect information about your browsing activities whilst on our Site. In this respect the information that is provided is similar to the information supplied by cookies, and we use it for the same purposes.

7.6 Any information that we acquire about you using cookies or web tools is subject to the same restrictions and conditions as any other information we collect about you in this policy.

7.7 Some of our advertisers may also use cookies or web tools that are set by other people such as advertising agencies, or the businesses to which the advertisements in question relate. If you follow a link to any of these websites, please note that these websites contain their own privacy policies and we do not accept any responsibility for these policies. Please check these policies before you submit any personal data to these websites. We do not have access to any information that might be collected in this way and if you are concerned, you should contact the advertiser for more information.

7.8 List Of Cookies

Cookie

Summary

Persistent/Session

Description

__utma

Google Analytics

Persistent

This cookie is part of Google Analytics and helps us improve your experience by anonymously tracking how users interact with our Site. It is specifically used to track the number of visits to our Site.

__utmc

Google Analytics

Persistent

This cookie is part of Google Analytics and helps us improve your experience by anonymously tracking how users interact with our Site. It is specifically used to check approximately how long you stay on our Site.

__utmz

Google Analytics

Persistent

This cookie is part of Google Analytics and helps us improve your experience by anonymously tracking how users interact with our Site. It is used specifically to track how you arrived at our Site.

_vis_opt_exp*

Visual Website Optimizer

Persistent

This cookie is used to run content experiments so we can improve the effectiveness of our Site.

AcceptCookies

Whether to display cookie message

Persistent

This cookie tells us whether this is your first visit to our Site and, if so, to display our cookie policy banner.

ASP.NET_SessionId

ASP.NET Session ID

Session

This cookie is required to make our Site work by setting an anonymous ID which is used when you navigate the Site.

7.9 Most browsers automatically accept cookies. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting some of our Site features may not work as a result. Our system will automatically issue cookies when you log on to our Site, unless you have adjusted your browser setting to refuse cookies.

7.10 Please note that it is not possible for you to carry your settings between your browsers and devices, so you will need to change these settings for each browser you use.

8 Where do we store your Personal Data?

8.1 All information you provide to us is stored on our secure servers.

8.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site. Please note that any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

8.3 We will retain your information and store it securely for as long as necessary in order to provide services to you or for as long as applicable law or our regulators tell us to (whichever period is longer).

8.4 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

8.5 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9 How long will we keep your Personal Information for?

9.1 As a general rule, we will keep your personal information for the duration in which we are providing the services to you, and for a period of six years thereafter. However, where we have statutory obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.

10 When will we make changes to our Privacy Policy?

10.1 Our privacy policy was last updated on 24 May 2018.

10.2 Our privacy policy will be reviewed and amended from time to time and you should check this page to see our most up to date version of the privacy policy. Any changes we may make to our privacy policy in the future will be posted on this page.

11 How can you contact us?

11.1 Questions, comments and requests regarding this privacy policy are welcomed at:

11.1.1 enquiries@accountscore.com ; or

11.1.2 AccountScore Ltd t/a AccountScore, PO Box 1515, High Wycombe HP11 9JE

11.2 If you have any concerns about the information we hold, please contact us using the above address.

11.3 If you still feel dissatisfied, you can appeal to our Managing Director at the above address.

12 Your Rights

12.1 You have the right to lodge a complaint with the Information Commissioner's Office ("ICO"). You can contact the ICO by writing to them at: Information Commissioner's Office Client Services Team, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or by visiting their website for further information at https://ico.org.uk/.

12.2 You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address set out in section 11. We may make a small charge for this service, and we will inform you of this prior to providing you with your information.

12.3 You can also ask us to:

12.3.1 Provide a copy of the personal data we hold about you in a commonly used and machine-readable format; and

12.3.2 Send your personal data to another data controller (e.g. another service provider).

12.4 We want to ensure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate or incomplete.

12.5 You have the right to request the erasure of the personal data we hold about you in certain circumstances, including where you think the personal data is no longer necessary for the purposes for which we collected it. This is also known as the "right to be forgotten".

12.6 You have the right to ask us if we are processing your personal data. If so, you have the right to access such personal data and obtain certain information about our processing, including the purposes of our data processing and the categories of personal data which we are processing.

12.7 You have the right to ask us if we are processing your personal data. If so, you have the right to access such personal data and obtain certain information about our processing, including the purposes of our data processing and the categories of personal data which we are processing.

12.8 You have the right to object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information.

12.9 You have the right to ask us to restrict the processing of your personal data where you consider that:

12.9.1 personal information is inaccurate

12.9.2 our processing of your personal information is unlawful

12.9.3 where we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim

12.9.4 where you have raised an objection to our use of your personal information

12.10 You have the right not to be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you.

12.11 You have the right to withdraw our consent at any time, where consent is the legal basis for our processing. This will not affect the lawful ness of our processing based on your consent prior to its withdrawal.

If you would like to exercise any of your rights or find out more, please contact us via the methods set out in section 11.