Last updated: September 2020
This privacy notice is to let you know how Fronted gathers and processes your personal information.
This notice provides you with information regarding your rights and obligations and explains how, why and when we collect and process your personal data.
We take personal data seriously. Anything containing personally identifiable information is kept safe and we have put in place appropriate technical and other security measures to protect it.
We need to collect certain types of information to allow us to make a decision on your request for financial products. We also need to comply with legal and regulatory requirements relating to anti-fraud, anti-money laundering, know your customer and responsible lending obligations.
We will only collect the information we need to be able to provide you with the service you have requested. You need to make sure that the information you provide is accurate, complete and not misleading. Your personal information may need to be disclosed when we are obliged to by law, for purposes of national security, taxation, defence of a legal claim or criminal investigations.
We are Fronted Holding Ltd and all subsidiaries. Our registered office is at Fronted, 81 Rivington Street, London, England, EC2A 3AY. We are registered in England and Wales under company number 12278750. We are registered on the Information Commissioner’s Office (ICO) Register under number: CSN0780570.
by post at Fronted, 81 Rivington Street, London, England, EC2A 3AY;
by email at email@example.com
Here is the top line summary of the data we collect.
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
We’ll break down the information further in the next sections. To use our full range of services and products, we will collect some or all of the following information:
|When information is collected||Why we ask for this||How and why we use your information|
|When you register with us.Contact details: Your name, Email address, Renting information including salary, budget and may include your property agent or landlord’s details.||Legitimate Interest||We ask for this:to create and manage your account with us, to communicate with you about your account, to assess if we can pre-qualify you for a Fronted Deposit. We rely on legitimate interest as the lawful basis for collecting and using your personal information. Our legitimate interests are for you to have a clear understanding of our products and if we can provide our services to you. We will keep this information until:you close your account with us or we close your account.|
|When you interact with the Fronted platform Visiting and browsing the site Interactions with chat bot, email or any other form of communication Clicking through links.||Legitimate Interest||We use this information to improve our platform and product offering. This means customers have a clear understanding of our product. Your details may be shared with third party platforms including Google Analytics, Intercom, MixPanel and Full Story. Personal data will not be kept longer than is viewed as necessary as per GDPR guidelines. All storage of data will be with purpose. We may need to keep personal information due to legal requirements, see more details of this in the ‘Your Rights’ section.|
|When managing products and services including: our existing relationship with you, Keep you updated on products and services, Operate and provide lending services, Handling payments received from and provided to you, Appling charges, fees and interest due on customer accounts.||Contracts and Consent||To ensure that you are kept up to date with our policies when you have signed up as a user. To provide customers with the provided service that they have signed up for.|
|When following regulations and keeping our customer information safe: To detect, investigate, report and seek to prevent financial crime. To control risk for us and our customers. To obey laws and regulations that apply to us. To respond to complaints and resolve them. To meet our business responsibilities of managing our financial position, business capability, planning, communications, corporate governance, audit and all that is outlined in FCA sandbox requirements.||Legal Obligation and Legitimate Interest||When developing our products and services. To comply with regulation and any other legal practices both under FCA and GDPR guidance. To be efficient with our contractual duties.|
|Continuing use of data: To develop and carry out marketing activity. Statistical analysis and research. To improve, guide, manage and develop our products and services.||Legitimate interest and Consent||Developing products and services to promote responsible lending and helping to prevent over-indebtedness. Promoting products to interested parties with similar needs and wants.|
Data collected about your use of our websites. Information about your device, network, and web activity.
We collect personal information about you when you access our website, register with us, contact us, send us feedback, purchase products or services via our website, post material to our website and complete customer surveys or participate in competitions via our website.
We collect this personal information from you either directly, such as when you or indirectly, such as your browsing activity while on our website.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data through forms or by corresponding with us through website chat phone, email or otherwise. This includes personal data you provide when you:
We may also request a scan of an identity document if this is required for “know your customer” or anti-money laundering purposes.
To make it clear, here are the definitions and uses of:
– “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
– When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information including credit card numbers, email address, and phone number.
Data about you as a customer, prospect or subscriber. Terms are as per the below:
Data includes details such as your name, email address, address and product interests.
Deliver our products and services.
We use information to fulfil our contracts with you, and to deliver our products and services effectively. This allows us to:
Improve our products and services.
Market our products and services.
Prevent fraud and abuse.
Comply with local laws and regulations.
We collect personal information received from other sources such as data from credit reference agencies, open banking data (including name, address, bank account number, sort codes, balance, overdraft limit and statement information) and results of “politically exposed persons” or sanction checks.
Google Analytics allows us to see how users are finding out about Fronted and if our use of social or paid campaigns are working to draw users to sign up to our platform.
You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
MixPanel helps us to understand how visitors navigate through our site. We use this data when seeing how we can better display and structure information.
You can read more about how MixPanel uses your Personal Information here: https://mixpanel.com/legal/privacy-policy/. You can also opt-out of MixPanel here: https://help.mixpanel.com/hc/en-us/articles/360001113426-Opt-Out-of-Tracking
Intercom allows us to communicate with you via the chatbot or emails. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.
You can read more about how Intercom uses your Personal Information here: https://www.intercom.com/legal/privacy. You can also enquire directly to Intercom at firstname.lastname@example.org. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.
You can read more about how Full Story uses your Personal Information here: https://www.fullstory.com/legal/privacy/. You can also opt-out of Full Story at email@example.com or by accessing their opt-out service here.
You can read more about how Smart Look uses your Personal Information here: https://help.smartlook.com/en/articles/3244452-privacy-policy/. You can also opt-out of Smart Look at firstname.lastname@example.org or by accessing their opt-out service here.
Sentry allows us to fix and optimise the code that keeps Fronted running. To monitor if there are any errors or ways that we can make your experience smoother, Sendry may collect information including how you interact with Fronted using cookies and monitoring to see that all sensitive information (including financial information) is confidential and encrypted. No private information is stored on Sentry’s servers.
At Fronted we are committed to protecting your data and where possible we use UK based processing. There has been a recent GDPR legislation change in which Privacy Shields are now invalid. Though the UK is not a part of the EU, we are still conscious of US based processing of data and how to ensure our customers are protected.
Fronted are following guidance from the Information Commissioner’s Office (ICO), the UK’s information rights body and the European Data Protection Board (EDPB) that US data processing will only happen where suitable. If there is further authorisation needed, we will add the option onto our website.
We will be working with a regulated AISP and Credit Reference Agency, Credit Kudos and other legitimate agencies. This policy will be updated to reflect how data will be used following our move to trade. We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights.
We may share your personal data with the parties set out below for these purposes:
The personal information we collect about you depends on the particular activities carried out through our website. This is so we can create and manage your account with us, verify your identity, provide our services, customise our website and its content to your particular preferences, notify you of any changes and improve our services.
This information includes (but is not limited to):
This information is recorded by both Fronted and external organisations that may access and use this information to prevent fraud and money laundering. CRAs and FPAs may use your information for statistical analysis. Information held by CRAs and FPAs will be disclosed to us and to other organisations in order to (for example):
If you are to use a Fronted Deposit, we will give details of your loan and how you manage it to the CRAs. If you borrow and do not repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding. Other organisations may see these updates and this may affect your ability to obtain credit in the future.
If you fall behind with your payments and a full payment or satisfactory proposal is not received within 14 Days of a “Notice of Default” being issued then a “Formal Demand” will be issued and a default registered on your Credit File with CRA’s.
This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe.
If you give us false or inaccurate information and we have reasonable grounds to suspect fraud or we identify fraud we may record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention including law enforcement agencies who may then access this information.
Equifax, Experian and TransUnion, the ICO and the major financial services trade associations have developed a common statement, Credit Reference Agency Information Notice (CRAIN). This defines the standards that all three Credit Reference Agencies will apply across all products and services in relation to processing consumer data. You can read the CRAIN here.
We may use systems to make automated decisions using the personal information we have obtained from you and other sources about you or your business. Automating decisions allows us to make consistent, efficient and quick decisions regarding the products and services we offer. These automated decisions can affect the products and services we may offer you now or in the future, or the price that we charge you for them.
We will ensure that you are aware of when automated decisions are being made. Currently all customer interactions will be reviewed manually by an underwriter. This data will then be used to help move towards more automated decisions and communication.
Currently we use automation in the following areas:
|Decision||How Automation occurs|
|Fronted Deposit estimate||When you apply for a Fronted Deposit, from your salary, rent and other details, we automatically calculate what deposit range we could offer you.|
|Audience grouping||We may group customers with similar characteristics e.g. living with roommates. This is so we can tailor messaging and products to your needs.|
|Detecting Fraud||We use analytics to alert us if there are discrepancies or there is usual activity.|
|Opening Accounts||Both when you sign up for an account or connect your details, automation occurs when creating your user profile. Before proceeding, all information is manually checked by an underwriter.|
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
We are committed to ensuring that your information is secure. Appropriate security measures are in place to protect against loss, misuse or alteration of information collected from you, including measures to prevent, as far as possible, access to our databases by parties other than Fronted.
We will retain your personal data for as long as we are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than six years from the end of our relationship with you. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims.
We may also retain data for longer periods for statistical purposes, and if so we will anonymise this.
We will need to keep your personal information for as long as you are a customer.
After your relationship with Fronted ends, we may keep your data for up to 6 years for the following scenarios:
In some circumstances, we will keep your data for longer than 6 years if we cannot delete it for regulatory or legal reasons. If it is required to extend our retention period, we will continue to ensure that your privacy is protected and we will only use it for the specified reasons.
Both when you enter our site or sign up as a user, we will confirm that you have opted into our services. Any electronic marketing communications we send you will include clear instructions to follow should you wish to unsubscribe at any time.
You may also amend your contact preferences by emailing us at email@example.com.
As a data subject, you have a number of rights:
Your data protection rights are subject to certain restrictions and conditions and financial organisations are required to retain a range of your information for legal and regulatory reasons including responsible lending and the prevention of financial crime.
Fronted is required to keep a record of the information reported to the Credit Reference Agencies about you and will therefore retain repayment information regarding your loan for six years from the date that the loan is settled/closed. If your account is recorded as defaulted, the data is kept for six years from the date of the default. This may be extended where we require this to bring or defend legal claims.
If you think that any of the personal data we hold about you is wrong or incomplete you have the right to challenge it.
We will not make a charge for handing your rights request, unless we consider it to be manifestly unfounded or excessive involving a disproportionate effort (particularly if this is a repeated request). If you would like to exercise any of the rights outlined above, you can make it in writing by emailing firstname.lastname@example.org.
We will assess your request and if we decide not to act upon it or place certain restrictions on it, we will inform you of our reasons for this.
You have the right to complain to us and to the data protection regulator, the Information Commissioner’s Office. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. You can find details on how to report a concern at: https://ico.org.uk/make-a-complaint/
We will only send your data outside of the European Economic Area ('EEA') to:
Some of our third parties as referenced in the ‘Third Parties’ section, are based outside the EEA, and stores your data as per the Standard Contractual Clauses (SCC) outlined in GDPR. Transfer it to a non-EEA country with privacy laws that give you the same protection as the EEA as per Standard Contractual Clauses (SCC). You can find out more about data protection on the European Commission Justice website here. When you send an email to Fronted, you agree to your data being stored and processed in this way.
Fraud Prevention Agencies may also transfer your personal information outside of the EEA, when this occurs they impose contractual obligations on the companies or organisations that receive your information so that they protect your personal information to the standard required in the EEA. They may also require the companies or organisations who receive that personal information to subscribe to 'international frameworks' intended to enable secure sharing of personal information.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you would like to know how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at: email@example.com.
v2.0 – Last Updated: September 2020
Fronted is a trading name of Fronted Holding LTD. We are registered in England and Wales (Company Number 12278750). Our registered office address is 81 Rivington Street, London, EC2A 3AY. We are part of the FCA regulatory sandbox - Cohort 6. The regulatory sandbox allows firms to test innovative offerings in a live environment. More information on the FCA's regulatory sandbox can be found here.
Made with ❤️ and ☕️ in London