Privacy Policy
Who we are
We are SteadyPay Limited, a business registered at 128 City Road, London, EC1V 2NX. We are registered with the Information Commissioner’s Office, number ZA328200.
If you have a question or concern about this policy or your data protection rights, please contact us by:
Using the messaging service on the app or website; or
Emailing [email protected]
Mark your query “For the attention of the Data Protection Officer”.
Our legal grounds for handling your personal data
The UK’s data protection laws allows us to use your personal data provided we have a lawful basis to do so. This includes sharing it in certain circumstances, as described below.
We consider we have the following reasons (legal bases) to use your personal data:
Performance of contract with you: we need to use your personal data to be able to successfully legally contract with you.
Compliance with our legal obligations: we need to use your personal data so as to comply with certain legislation such as financial crime legislation.
Legitimate interests: we have legitimate interests in using your data to help prevent and detect financial crime, fraud and money laundering, to promote responsible lending, to support our tracing, collection and litigation procedures, and to assist our compliance with the legal and regulatory requirements placed upon us.
Your consent: we may also use your data when you consent to it. You can withdraw this consent at any time, in which case we will cease to use it, unless we have a right and a need to continue processing it for one of the other reasons set out above.
What personal data is collected from you
Data provided by you:
When you apply for our service and throughout the course of our dealings: for example, your name, postal address, previous postal addresses, your email address, your IP address, telephone numbers, date of birth, marital status, dependents, employment details, employment history, bank account information, driving license details, home ownership status and details, your income, your assets and liabilities, details of your proof of identity documentation and proof of address documentation
When you talk to us: for example on the phone or in person including call recordings and voice messages. We may monitor or record calls with you to check we have carried out your instructions, to resolve queries or disputes, to improve the quality of our service, or for regulatory or fraud prevention purposes
In writing: for example letters, proposal forms, survey responses, emails, chat messages and texts
Online: for example when you use our website.
Electronically: for example when you use our app
In financial reviews, for renewals and in any surveys
Data we collect when you use our services:
Transaction data: for example when we deal with or manage your account, when you respond to top-up and repayment notifications
Payment/Pay data: for example, the amount, origin, frequency etc of your wages payments
Usage and profile data: for example, from your use of our website and app. We gather this data from the devices you use, using cookies and other software.
Your location data and configuration information about your mobile phone: we use location data and phone configuration data to supplement information on execution of the credit agreement i.e. when you pressed the “I accept” button we can recognise that you were on a certain phone at this time and location. We also use phone configuration data, such as operating system and network, to help provide fixes and to maintain and upgrade your service.
Data provided by third parties:
Data from persons that may introduce you to us: for example brokers, introducers, financial advisers, agents or other third parties
Data from credit reference agencies: for example Call Credit: for example TransUnion
Data from fraud prevention agencies
Data from account aggregation service providers: for example Salt Edge
Publicly available information: for example, from the land registry, the electoral register, other information available online or in the media, including social media
Data from your representatives where relevant: for example your legal and financial advisers such as lawyers and accountants
Data from your employers and medical data where relevant*
*In certain circumstances we may ask you to provide us with medical information if we determine that this is a requirement for us to enter into or continue the agreement with you. Full details as to the reason for this request and how this information would be used will be given to you at the time should we request such information from you. You will be asked to consent to the provision of this information.
Why personal data is collected by us
We collect personal data from you for many reasons including:
Activity
exercising our contractual rights and obligations
precontractual checks
post contractual checks
customer service
account management
product analysis and development
business development
profiling, statistical and analytics
regulatory and legal requirements
managing risk
business management and operations, including record keeping
recovery of money owed to us
reporting to credit reference agencies and fraud prevention agencies
marketing
research
Legal basis
contract performance
contract performance
legitimate interests
legal duty
consent
legitimate interests
contract performance
contract performance
legitimate interests
legal duty
consent
contract performance
legitimate interests
legal duty
consent
legitimate interests
Legitimate interest
verifying identity
maintaining up to date records
seeking consent where relevant
business efficacy
risk management
business efficacy
risk management
product development
business compliance
business efficacy
risk management
business efficacy
business compliance
risk management
business development
business efficacy
brand management
From time to time we may contact you to ask for your consent to use your personal data for other purposes. Your personal data may also be used for other purposes where required or permitted by law. When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. In order to process your application, we may supply your personal information to credit reference agencies (CRAs) in which case they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. When CRAs receive a search from us they may place a search footprint on your credit file that may be seen by other lenders and used to assess applications for finance from you and members of your household. The CRA may also share your personal information with other organisations.
We may also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. The CRAs we use and information on how it uses your personal data is available at:
From time to time we may provide your information to our partners, third parties and customer service agencies for research and analysis purposes so that we can monitor and improve the services we provide. We may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services.
From time to time we may contact you about our other goods or services that may be of interest to you.
When personal data is shared
Your personal data may be used by our partners, brokers, agents, sub-contractors, lawyers and by any of our or their subsidiary or associated companies before, during and after your agreement with us.
We may also use organisations to perform tasks on our behalf including information technology service providers, account aggregation service providers, payment services providers, auction houses, repossession agents, banks and transportation companies who we will then be sharing your personal data with and who may also process and retain your data both before, during and after your agreement with us.
Any of these third parties may contact you by post, e-mail or telephone (or as required) to ask you for your feedback and comments on our services. They may also use your personal data to communicate with you on any matter relating to the management and conduct of your account or agreement with us. We may also share your personal data with CRAs, fraud prevention agencies, law enforcement agencies, regulators and other authorities, the UK Financial Services Compensation Scheme, the Financial Ombudsman Scheme, any agent that you have given us authority to communicate with and persons you ask us to share your data with, companies that we introduce you to, market researchers tracing and debt recovery agencies and customer service agencies for the purposes set out above. These agencies and firms may also share your personal data with others.
If, in the future, we sell, transfer or merge all or part of our business or assets, including the acquisition of other businesses, we may share your data with other parties. We will only do this if they agree to keep it safe and private and to only use it in the same ways as set out in this notice.
Bank integration
We use a third party, Salt Edge Limited, to link to your bank account. Salt Edge Limited will ask for your consent for read-only access to your account and to transmit your account information to us. We need this information to determine when you are due a top-up, when you can make a repayment, and to administer our service as set out in the contract. The link to your account ends when you terminate the contract or decide not to enter the contract. Your account login details cannot be seen by Salt Edge or by us, and all information is protected with multiple encryption layers. Please refer to Salt Edge’s Terms of Service and Privacy Policy for more information.
Continual Payment Authority
We use a third party, Judo Pay, to manage a continual payment authority so that subscription payments and top-up repayments can be automatically collected from your debit card account. We share information on you that is needed to setup a continual payment authority. You will be asked to confirm and approve this information.
When personal data is transferred outside the European Economic Area (EEA)
Whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We do not currently share your personal data with anyone outside of the EEA.
Consequences
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
If you fail to provide us with data we require, this may delay or prevent us from entering into a contract with you and or complying with our obligations. Depending on the importance of the data, it may mean that we are entitled to terminate an agreement with you.
If you have any questions about the above, please contact us on the details in section 1.
What choices and rights you have
Your personal data is protected by legal rights, which include your right to:
object to our controlling and processing your personal data;
object to our sharing of your personal data with others or with certain organisations;
request that your personal data is erased or corrected or that its processing be restricted;
request access to your personal data and for it to be given to you in a portable format;
request that we transfer your personal data to another lender;
request that we confirm what personal data we currently control and/or process in relation to you.
For more information or to exercise your data protection rights please, please contact us on the details in section 1.
There may be reasons why we need to keep or use your data, but please tell us if you think we should not be processing your data.
If you are unhappy about how your personal data has been used, you may raise a complaint. Our complaints procedure is available on our website. You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data. You can contact them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, on 0303 123 1113 or by email to [email protected]. See also https://ico.org.uk/global/contact-us/.
How long personal data is kept
We will retain your personal data throughout the duration of your agreement and or as long as you are a customer with us. We may retain your personal data beyond this date for the purposes mentioned above and will in any case at all times retain your personal data for the minimum period required by law. We may also retain your data to deal with any disputes, to maintain records and to show we have dealt with you fairly.
We may also retain your data for research and statistical purposes in which case we will ensure it is kept private and used only for these purposes.
Data about live and settled accounts is kept on credit files for six years from the date they’re settled or closed. If the account is recorded as defaulted, the data is kept for six years from the date of the default.
Cookies
To find out how we use cookies, please see our cookies policy.
Direct marketing
We can only use your personal information to send you marketing information if we have your consent or a legitimate interest. A legitimate interest will usually be a commercial reason which cannot be used unfairly against you.
Version: 2.1
Date: June 2022