Last updated: October 2022
This privacy notice is to let you know how Fronted gathers and processes your personal information.
This notice provides you with information regarding your rights and obligations and explains how, why and when we collect and process your personal data.
We take personal data seriously. Anything containing personally identifiable information is kept safe and we have put in place appropriate technical and other security measures to protect it.
We need to collect certain types of information to allow us to make a decision on your request for financial products. We also need to comply with legal and regulatory requirements relating to anti-fraud, anti-money laundering, know your customer and responsible lending obligations.
We will only collect the information we need to be able to provide you with the service you have requested. You need to make sure that the information you provide is accurate, complete and not misleading. Your personal information may need to be disclosed when we are obliged to by law, for purposes of national security, taxation, defence of a legal claim or criminal investigations.
We are Fronted Holding Ltd and all subsidiaries. Our registered office is at Fronted, The Fisheries, 1 Mentmore Terrace, London, E8 3PN. We are registered in England and Wales under company number 12278750. We are registered on the Information Commissioner’s Office (ICO) Register under numbers: ZB268231 and ZB268239.
We can be contacted:
by post at Fronted, The Fisheries, 1 Mentmore Terrace, London, E8 3PN;
by email at email@example.com
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
When information is collected
Why we ask for this
How and why we use your information
When you register with us we will need details including:
We ask for this:
— to create and manage your account with us
— to communicate with you about your account. We'll communicate with you via chat, email, phone, SMS and post.
— to assess if you qualify for a Fronted Deposit or Fronted deposit transfer
— to ensure your identity and application is legitimate
We rely on legitimate interest as the lawful basis for collecting and using your personal information.
Our legitimate interests are for you to have a clear understanding of our products and if we can provide our services to you. to confirm your identity, affordability and property details.
We are required to keep this information for a period of 6 years.
When you interact with the Fronted platform
We use this information to improve our platform and product offering.
Your details may be shared with third party platforms including Google Analytics, Amplitude, Sentry, Intercom, MixPanel, and Segment.
Personal data will not be kept longer than is viewed as necessary as per GDPR guidelines. All storage of data will be with purpose.
We may need to keep personal information due to legal requirements, see more details of this in the ‘Your Rights’ section.
When managing products and services including
Contracts and Consent
To ensure that you are kept up to date with our policies when you have signed up as a user.
To provide you with the provided service that they have signed up for.
When following regulations and keeping our your information safe
Legal Obligation and Legitimate Interest
When developing our products and services
To comply with regulation and any other legal practices both under FCA and GDPR guidance.
To be efficient with our contractual duties
Continuing use of data
Legitimate interest and Consent
Data collected about your use of our app and website (together known as Site). Information about your device, network, and Site activity.
We collect personal information about you when you access our Site, register with us, contact us, send us feedback, purchase products or services via our Site, post material to our Site and complete customer surveys or participate in competitions.
We collect this personal information from you either directly, or indirectly, such as your browsing activity while on our Site.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data through forms or by corresponding with us through Site, chat, phone, email or otherwise. This includes personal data you provide when you:
We may also request a scan of an identity document if this is required for “know your customer” or anti-money laundering purposes.
To make it clear, here are the definitions and uses of
– “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
Data about you as a customer, prospect or subscriber. Terms are as per the below:
Data includes details such as your name, email address, address and product interests.
Deliver our products and services.
We use information to fulfil our contracts with you, and to deliver our products and services effectively. This allows us to:
Improve our products and services.
Market our products and services.
Prevent fraud and abuse.
Comply with local laws and regulations.
Once you’ve registered with us, we’ll use your information to communicate with you using a combination of chat, email, phone, text messages (SMS) and post.
We may collect personal information received from other sources such as data from credit reference agencies, open banking data (including name, address, bank account number, sort codes, balance, transactions, overdraft limit and statement information) and results of “politically exposed persons” or sanction checks.
We partner with third-party companies including, but not limited to, Google Ads, LinkedIn and Facebook to provide ad tracking that helps us optimise the relevance of advertisements on the websites.
Google Analytics allows us to see how users are finding out about Fronted and if our use of social or paid campaigns are working to draw users to sign up to our Site.
You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Intercom allows us to communicate with you via the chatbot or emails. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.
You can read more about how Intercom uses your Personal Information here: https://www.intercom.com/legal/privacy. You can also enquire directly to Intercom at firstname.lastname@example.org. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.
MixPanel helps us to understand how visitors navigate through our Site. We use this data when seeing how we can better display and structure information.
You can read more about how MixPanel uses your Personal Information here: https://mixpanel.com/legal/privacy-policy/. You can also opt-out of MixPanel here: https://help.mixpanel.com/hc/en-us/articles/360001113426-Opt-Out-of-Tracking
Amplitude is an analytics tool that helps us to understand how visitors navigate through our Site. We use this data when seeing how we can better display and structure information.
You can read more about how Amplitude uses your Personal Information here: https://amplitude.com/privacy. This tool does not save any personal data and is fully anonymous.
You can read more about how Segment uses your Personal Information and opt-out at: https://segment.com/legal/privacy/ or by emailing email@example.com.
Sentry allows us to fix and optimise the code that keeps Fronted running. To monitor if there are any errors or ways that we can make your experience smoother, Sentry may collect information including how you interact with Fronted using cookies and monitoring to see that all sensitive information (including financial information) is confidential and encrypted. No private information is stored on Sentry’s servers.
You will be unable to proceed in our application process without opt-ing into the following legitimate uses of your personal data. This protects you from identity theft and allows us to confirm your suitability for a Fronted product and perform our due diligence to prevent fraud.
Yobota is a loan management platform. When you are approved for a Fronted Deposit, Yobota helps us manage your account including (but not limited to) keeping track of your loan repayments, adjusting any details associated with your loan and/or early settlement of your account.
You can read more about how Yobota uses your Personal Information here: https://yobota.xyz/privacy-policy/.
Shufti Pro is an identity verification service provider which is used during the application process to satisfy our Know Your Customer obligations.
You can read more about how Shufti Pro uses your Personal Information here: https://shuftipro.com/privacy-policy.
We work with Modulr to securely send and receive payments.
We share information with Modulr about you and your estate agent that you provide to us. This includes account details of the destination bank account to pay the deposit and repayment data such as payment reference numbers to track repayments.
You can read more about how Modulr uses your Personal Information here: https://www.modulrfinance.com/privacy-policy.
London & Zurich are our direct debit collection & processing service.
We use London & Zurich to set up your Direct Debit mandate. A Direct Debit mandate means we can collect and track your monthly repayments automatically. To set up your Direct Debit mandate we share information including your bank account details, repayment amount and repayment reference number with London & Zurich via Modulr. This is a secure way for you to repay your loan as we don't have to share your information twice, and it is automatically deducted meaning you don't miss any repayments.
You can read more about how London & Zurich uses your Personal Information here: https://www.londonandzurich.co.uk/privacy-cookies/.
GoCardless provides us with a Direct Debit collection and payment processing service. This service enables us to securely send and receive payments.
We share information with GoCardless about you and your estate agent. This includes account details of the destination bank account to pay the deposit and payment data such as your payment reference number to track repayments.
We also use GoCardless to set up your Direct Debit mandate. A Direct Debit mandate means we can collect and track your monthly repayments automatically. To set up your Direct Debit mandate we share information including your bank account details, repayment amount and repayment reference number with GoCardless. This is a secure way for you to repay your loan as we don't have to share your information twice, and it is automatically deducted meaning you don't miss any repayments.
You can read more about how GoCardless uses your Personal Information here: https://gocardless.com/privacy
Google Cloud Platform (GCP) is a suite of cloud computing services. We use Google Cloud Platform software to help run our day-to-day business operations, including but not limited to, running and maintaining our website, managing and processing applications and storing important documentation. It also stores our logs which may contain personal information.
Amazon Web Services (AWS) provides on-demand cloud computing platforms and APIs to businesses. We use select AWS services to process customer data and help manage customer applications and accounts throughout their life-cycle .
Slack is a messaging app for businesses. We use Slack predominantly as a way to communicate internally with other team members. However, we also use their software to alert us internally when significant events happen during your application process and customer life cycle.
Cordless is a cloud call centre software provider. We use Cordless to make and receive calls from new, existing and potential customers. We share and receive information from them, including but not limited to, your contact number, call recordings and call transcripts. Monitoring calls and their content is an important part of our day-to-day business, which is why Cordless is also integrated with other important tools that we use, such as Intercom and Slack.
Twilio is a communication tool which allows businesses to make and receive phone calls and text messages. We use Twilio to send text messages (SMS) to applicants and our customers about important account updates, these are known as ‘service messages’. We share information with them, including but not limited to, your contact number and the content of the message.
Stripe is an online payment processing provider. We use their software to accept payments which helps us set up and manage your account. We share information with them, including but not limited to, your name and relevant payment information.
You can read more about how Stripe uses your Personal Information here: https://stripe.com/gb/privacy
Goodlord is a provider of estate agent software that offers Fronted to its customers for the purpose of spreading the cost of a deposit. When they send customers to Fronted they also share the deposit amount and rent amount that the customer has been quoted.
You can read more about how Goodlord uses your Personal Information here: https://www.goodlord.co/privacy-policy
Canopy is a tenant referencing software provider for renters, landlords and estate agents. They offer Fronted to their customers for the purpose of spreading the cost of a deposit. We may share information with them, including but not limited to, whether your application was successful or not, your name and your address.
You can read more about how Canopy uses your Personal Information here: https://www.canopy.rent/legal/privacy-policy
Wagestream is a financial wellbeing management platform. They offer Fronted to their customers for the purpose of spreading the cost of a deposit. We may share information with them, including but not limited to, whether your application was successful or not, your name and your address.
You can read more about how Wagestream uses your Personal Information here: https://wagestream.com/privacy-policy/
You agree that we may request and receive information about you and your deposit from the licensed deposit protection scheme where your deposit is protected, including but not limited to:
Landlords are legally required to safeguard their tenants’ deposits with one of the three government-backed deposit protection schemes. The three main deposit protection schemes are:
You can read more about how DPS uses your Personal Information here: https://www.depositprotection.com/privacy-policy/
You can read more about how MyDeposits uses your Personal Information here: https://www.mydeposits.co.uk/privacy-policy/
You can read more about how TDS uses your Personal Information here: https://www.tenancydepositscheme.com/privacy-policy/
At Fronted we are committed to protecting your data and where possible we use UK based processing. There has been a recent GDPR legislation change in which Privacy Shields are now invalid. Though the UK is not a part of the EU, we are still conscious of US based processing of data and how to ensure you are protected.
Fronted are following guidance from the Information Commissioner’s Office (ICO), the UK’s information rights body and the European Data Protection Board (EDPB) that US data processing will only happen where suitable. If there is further authorisation needed, we will add the option onto our Site.
When you create an account with Fronted, you’ll submit information that allows us to verify your identity, provide our services, customise our website and its content to your particular preferences, notify you of any changes and improve our services. We share your data with service providers, firms, businesses and professional advisors (e.g. lawyers and auditors) to provide you with the right product and services.
We will be working with these legitimate agencies:
We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights.
This information includes (but is not limited to):
This information is recorded by both Fronted and external organisations that may access and use this information to prevent fraud and money laundering. CRAs and FPAs may use your information for statistical analysis. Information held by CRAs and FPAs will be disclosed to us and to other organisations in order to (for example):
When you apply to us for a loan, we will check the following records about you (and others where applicable):
Any records we may already have about you;
You should be aware that whether or not your loan application is successful, when CRAs receive a search from us they will place a soft search footprint on your credit file that may be seen by other lenders. Large numbers of applications within a short time period may affect your ability to obtain credit. This is applicable whether your application is accepted or declined.
We will send the information that you submit through our website to CRAs. This information will be recorded by them. We and other organisations may access and use this information to prevent fraud and money laundering and CRAs and FPAs may use your information for statistical analysis. Information held by CRAs and FPAs will be disclosed to us and to other organisations as outlined in the previous “Credit Reference and Fraud Prevention Agencies use your data” section.
If you are to use a Fronted credit product, we will give details of your loan and how you repay it to the CRAs. If you borrow and do not repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding. Other organisations may see these updates and this may affect your ability to obtain credit in the future.
If you fall behind with your payments and a full payment or satisfactory proposal is not received within 14 Days of a “Notice of Default” being issued then a “Formal Demand” will be issued and a default registered on your Credit File with CRA’s.
This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe.
If you give us false or inaccurate information and we have reasonable grounds to suspect fraud or we identify fraud we may record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention including law enforcement agencies who may then access this information.
Equifax, Experian and TransUnion, the ICO and the major financial services trade associations have developed a common statement, Credit Reference Agency Information Notice (CRAIN). This defines the standards that all three Credit Reference Agencies will apply across all products and services in relation to processing consumer data. You can read the CRAIN here.
We may use systems to send you automated communications or to make automated decisions using the personal information we have obtained from you and other sources about you. Automating decisions allows us to make consistent, efficient and quick decisions regarding the products and services we offer. These automated decisions can affect the products and services we may offer you now or in the future, or the price that we charge you for them.
We will ensure that you are aware of when automated decisions are being made. You have the right to ask that a human review an automated decision, to express your point of view and to contest an automated decision. To do this, please contact our support team.
Currently we use automation in the following areas:
How Automation occurs
Applying for a Fronted Deposit
When you apply for a Fronted Deposit, from your salary, rent and other details, we automatically calculate what deposit range we could offer you.
When applying for a Fronted Deposit, we use Credit Reference Agency (CRA) data to assess your details. Fronted uses the credit score produced from the details provided in your application, to help us make responsible lending decisions that are fair, informed and consistent.
Applying for a Fronted deposit transfer
When applying for a Fronted deposit transfer, we use Credit Reference Agency (CRA) data to assess your details. Fronted uses the credit score produced from the details provided in your application, to help us make responsible lending decisions that are fair, informed and consistent.
We may group you with other customers with similar characteristics e.g. living with roommates. This is so we can tailor messaging and products to your needs.
We use analytics to alert us if there are discrepancies or there is usual activity.
Both when you sign up for an account or connect your details, automation occurs when creating your user profile. Before issuing a loan, all information is manually checked by an underwriter.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
We are committed to ensuring that your information is secure. Appropriate security measures are in place to protect against loss, misuse or alteration of information collected from you, including measures to prevent, as far as possible, access to our databases by parties other than Fronted.
Retention of Data
We will retain your personal data for as long as we are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than six years from the end of our relationship with you. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims.
We may also retain data for longer periods for statistical purposes, and if so we will anonymise this.
Why do we collect and store data?
We will need to keep your personal information for as long as you are a customer. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
How long do we store your data?
After your relationship with Fronted ends, we may keep your data for up to 6 years for the following scenarios:
In some circumstances, we will keep your data for longer than 6 years if we cannot delete it for regulatory or legal reasons. If it is required to extend our retention period, we will continue to ensure that your privacy is protected and we will only use it for the specified reasons.
For research or statistical purposes, we may anonymise your personal data. This data will no longer be identified with you and we may keep this information indefinitely without further notice to you.
How can you amend your marketing preferences?
Both when you enter our site or sign up as a user, we will confirm that you have opted into our services. Any electronic marketing communications we send you will include clear instructions to follow should you wish to unsubscribe at any time.
You may also amend your contact preferences by emailing us at firstname.lastname@example.org.
As a data subject, you have a number of rights:
Your data protection rights are subject to certain restrictions and conditions and financial organisations are required to retain a range of your information for legal and regulatory reasons including responsible lending and the prevention of financial crime.
Fronted is required to keep a record of the information reported to the Credit Reference Agencies about you and will therefore retain repayment information regarding your loan for six years from the date that the loan is settled/closed. If your account is recorded as defaulted, the data is kept for six years from the date of the default. This may be extended where we require this to bring or defend legal claims.
If you think that any of the personal data we hold about you is wrong or incomplete you have the right to challenge it.
We will not make a charge for handing your rights request, unless we consider it to be manifestly unfounded or excessive involving a disproportionate effort (particularly if this is a repeated request). If you would like to exercise any of the rights outlined above, you can make it in writing by emailing email@example.com and we will respond within 30 days.
We will assess your request and if we decide not to act upon it or place certain restrictions on it, we will inform you of our reasons for this.
You have the right to complain to us and to the data protection regulator, the Information Commissioner’s Office. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. You can find details on how to report a concern at: https://ico.org.uk/make-a-complaint/
International Data Transfers
We will only send your data outside of the European Economic Area ('EEA') to:
Some of our third parties, as referenced in the ‘Third Parties’ section, are based outside the EEA, and store your data as per the Standard Contractual Clauses (SCC) outlined in GDPR. Transfer it to a non-EEA country with privacy laws that give you the same protection as the EEA as per Standard Contractual Clauses (SCC). You can find out more about data protection on the European Commission Justice website here. When you send an email to Fronted, you agree to your data being stored and processed in this way.
Fraud Prevention Agencies may also transfer your personal information outside of the EEA, when this occurs they impose contractual obligations on the companies or organisations that receive your information so that they protect your personal information to the standard required in the EEA. They may also require the companies or organisations who receive that personal information to subscribe to 'international frameworks' intended to enable secure sharing of personal information.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you would like to know how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online.
How do we link to other sites?
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at: firstname.lastname@example.org.
v2.6 – Last Updated: October 2022
Fronted is a trading name of Fronted Holding Ltd. We are registered in England and Wales (Company No.12278750), registered office address is Fronted, The Fisheries, 1 Mentmore Terrace, London, E8 3PN. Fronted Loans Ltd (Company No.12307305) is authorised and regulated by the Financial Conduct Authority under a Consumer Credit Licence (FCA No. 933316). Fronted Ltd (Company No.12304059) is authorised and regulated by the Financial Conduct Authority under a Broker Licence (FCA No. 933317).
Fronted Loans Ltd and Fronted Ltd is a wholly owned subsidiary of Fronted Holding Ltd. We are part of the FCA regulatory sandbox - Cohort 6. The regulatory sandbox allows firms to test innovative offerings in a live environment. More information on the FCA's regulatory sandbox can be found here.
Made with ❤️ and ☕️ in London