Last updated July 2022.
1. Who we are
Nooli UK Limited (company number 10360526) (“Nooli”) is the parent company of a group of companies. In the UK, these companies are:
Loqbox Technology UK Limited (company number 07916178)
Loqbox Savings Limited (company number 10583182)
DDC Financial Solutions Limited (company number 07586243)
Loqbox Trustee UK Limited (company number 13063076).
Nooli and its UK subsidiaries are private limited companies registered at Henleaze Business Centre, Henleaze, Bristol, England, BS9 4PN.
This Privacy Notice applies whether you visit our website, loqbox.com/en-gb/ (“site”) or purchase our products or services and it applies to all personal data processing activities of Nooli and its subsidiaries, together the Nooli UK group. References to “we” and “us” in this notice refer to Nooli and its UK subsidiaries.
We comply with the EU law retained version of the General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 (the “Data Protection Legislation”). If any of these laws are replaced or superseded, we will also comply with that.
This Privacy Notice addresses where we act as Controllers in respect of personal information that we process in connection with our business.
We respect individuals’ right to privacy and to the protection of their information. The purpose of this Privacy Notice is to explain the information we collect, how we use and share it, how to manage your marketing preferences and a confirmation of your rights. It is important that you read this Privacy Notice when we are collecting or processing personal data about you so that you are aware of how and why we are using your personal data.
We may update this Privacy Notice from time to time, and we will publish the latest version on our site and would encourage you to visit our site regularly to stay informed of how we use your data.
If you have any questions regarding this Privacy Notice, please contact us at email@example.com.
2. The information we collect and use
Personal data means any information which relates to an individual and can be used for the purposes of identification, either directly or indirectly, typically through the use of an identifier.
We collect, process and use the following kinds of personal data at the start of, and during, your relationship with us including the purposes set out below:
Identity, contact and financial data – title, first name, last name, date of birth, email address, telephone number, residential address and some bank account details and partial debit card details. The purpose of collection and processing of this data is so we can register you as a customer, so you can use our services and so we can contact you about any customer service issue.
Technical information – including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, and your operating system and platform. The purpose of the processing of this data is to support your access to our site.
Marketing data – first name, last name, email address, telephone number. The purpose is to provide you with marketing and promotional material.
Usage and cookies information – information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number. The purpose is to understand how you use our site, in order to improve and develop the services we provide, and better inform our marketing strategies.
We do not seek to collect or process special categories of information about you such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
3. How we collect your information
Your information is made up of personal data we collect and hold about you and your transactions with us, and includes:
Information you give us;
Information we receive from third parties, including third parties who provide services to us and our commercial partners, typically your name and contact details;
Information we learn about you through our relationship with you and the way you operate your products;
Information that we gather from the technology which you use to access our services.
We also receive information from other sources, including information about you if you use any of the other websites we operate or the other services we provide.
Please note that if you do not agree to provide us with information we request, it may not be possible for us to continue to operate your account and/or provide products and services to you.
4. How we use your information
We will only use and share your information where it is necessary for us to carry out our lawful business activities. The lawful bases for processing your data include as described below, and, in some cases, there may be more than one lawful basis for processing your information:
A. Contractual obligation
We may process your information where it is necessary to enter into a contract with you for the provision of our products and services or to perform our obligations under that contract. This may include:
registering you as a customer and providing and administering those products and services and connecting you with our panel of commercial partners based on changes to your credit score as a result of being a Loqbox member, which includes providing you access to their financial and credit products and services; processing your payments for our products; communicating with you about the products and services you receive from us and any changes to the products or services provided to you, dealing with complaints and managing your account.
B. Legal obligation
When you apply for a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal data about you. This may include processing to:
confirm your identity;
perform checks to detect and prevent financial crime;
investigate and resolve complaints;
establishment and defence of our legal rights;
share data with credit reference agencies and fraud prevention agencies;
comply with legal and regulatory requirements.
C. Legitimate interests
We may process your information where it is in our legitimate interests to do so as an organisation and without prejudicing your interests or fundamental rights and freedoms. This may include processing to:
make suggestions and recommendations to you about goods and services that may be of interest to you;
deliver relevant content to you via our site or directly, for example, through email or SMS;
protect the security of our business, including information security, network security and business continuity;
monitor the performance and effectiveness of our products and services;
send you marketing communications relating to products or services that we believe may be of interest to you;
managing and maintaining our relationship with you;
enable us to create custom audiences and lookalike audiences.
5. How we use and share your information with other Group companies
Your information may be shared with and processed by other Nooli UK group companies and may be used in the ways described in section 4 above.
6. Sharing your information with third parties
We may share your information with anyone outside the Nooli UK group under the following circumstances:
we have your permission;
where required for your product or service;
with third parties providing services to us, including commercial partners and service providers, such as for the purposes of securing payments, fulfilling orders, marketing and optimising our services;
with any third party that purchases, or to which we transfer, all or substantially all of our assets and business;
with credit reference agencies (See section 9 for more details about Credit Reference Agencies);
with law enforcement agencies, regulators, courts, government authorities, and or fraud prevention agencies or other third parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
7. Your rights
We want to make sure you are aware of your rights in relation to the personal data we process about you, and these are described below. You have a:
right to access your personal data held by us;
right to have inaccurate personal data rectified;
right to have certain personal data erased where you believe it is no longer necessary for us to process it, where you have objected, where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation;
right to request that we restrict processing of your personal data, if you believe that any of the information that we hold about you is inaccurate;
we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or we are not using your information in a lawful manner;
right to receive certain personal data in a portable format (we will provide .csv readable on Microsoft Excel or equivalent);
right to object to processing where the lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
right to complain to the Information Commissioner’s Office (ICO), the UK data protection regulator (they can be contacted via their website www.ico.org.uk);
right to object to direct marketing, which can be done by opting-out of direct marketing via the communication itself.
Where you make a request in respect of your rights we will require proof of identification. We may also ask that you clarify your request.
Please note that in some cases if you do not agree with the way we process your information we may not be able to provide, or to continue to provide, a product or service to you.
If you wish to exercise any of these rights or have any questions about them, please contact us at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
8. How long we keep your information
We keep and maintain records to help us best serve our members, for example, in order to investigate and resolve queries relating to your products, and in line with legal and regulatory requirements.
We will keep records of members and their transactions for a period of six years after your relationship with Nooli ends. This period may change based on changes in our business or our legal and regulatory obligations.
9. Credit Reference Agencies
Nooli will share information with Credit Reference Agencies (CRAs) about how you manage your finance agreement including your account balance, payments into your account, the regularity of payments being made, and any arrears or default in making payments, while you have a relationship with us. This information will be made available to other organisations (including fraud prevention agencies and other financial institutions) so that they can take decisions about you, your associates and members of your household.
When CRAs process your information, they do so on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify identity, to protect their business and to comply with laws that apply to them.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Notification (“CRAIN”) at https://www.transunion.co.uk/legal/privacy-centre?#pc-credit-reference.
For any further information about the CRAs and how your information is used by them, including requests for a copy of your information held by them, please find their contact details below:
Credit reference agency
Post: TransUnion Information Group Limited, One Park Lane, Leeds, West Yorkshire LS3 1EP.
Phone:0330 024 7574
Post: Equifax Limited, Customer Service Centre PO Box 10036, Leicester, LE3 4FS.
Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
Phone: 0333 321 4043 or 0800 014 2955
Post: Experian Limited, PO BOX 9000, Nottingham, NG80 7WF
Web Address: https://ins.experian.co.uk/contact
Phone: 0344 481 0800 or 0800 013 8888
A. Fair Processing Notice from Experian
Not only will we be able to work with you more closely to manage your existing tenancy agreement, your track record as a tenant will enable Experian to use the information supplied to them to assist other landlords and organisations to:
· assess and manage any new tenancy agreements you may enter into;
· assess your financial standing to provide you with suitable products and services;· manage any accounts that you may already hold, for example reviewing suitable products or adjusting your product in light of your current circumstances;
· contact you in relation to any accounts you may have and recovering debts that you may owe;
· verifying your identity, age and address, to help other organisations make decisions about the services they offer;
· help to prevent crime, fraud and money laundering;
· screen marketing offers, where you have an existing relationship with a company, to make sure they are appropriate to your circumstances;
· for Experian to undertake statistical analysis, analytics and profiling,
· and for Experian to conduct system and product testing and database processing activities, such as data loading, data matching and data linkage.
If you would like to see more information on these, and to understand how the credit reference agencies each use and share rental data as bureau data (including the legitimate interests each pursues) this information is provided in this link: www.experian.co.uk/crain (Credit Reference Agency Information Notice (CRAIN)). (For a paper copy, please get in touch with us or with Experian using the contact details in this letter).
10. Transferring information overseas
In the event that we transfer information to countries outside of the United Kingdom and European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
The UK government has assessed a country as providing adequate protection for individuals’ rights and freedoms for their personal data and therefore adequacy regulations cover such a transfer;
the transfer has been authorised by the relevant data protection authority; and/or
we have entered into a contract with the organisation with which we are sharing your information (on terms approved under UK GDPR) to ensure your information is adequately protected.
We strive to protect your personal data and our products and services from unauthorised access. This includes use of various security measures to protect your personal data held by or on behalf of us and ongoing review of our information collection, storage and processing practices.
Subject to the uses described in this Privacy Notice, we will endeavour to treat all of your personal data in strict confidence and endeavour to take all reasonable steps to keep your personal data secure once it has been transferred to our systems. However, the internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us responsible for any breach of security unless this is due to our failure to ensure we have appropriate technical and organisational measures in place as required by GDPR and Data protection legislation.
If you link to another website from our site then your personal data will be governed by its Privacy Notice or Policy. We recommend that you always read any such Privacy Notice or Policy before interacting with a new website to ensure you understand how your personal data will be used.
12. Contact us
If you have any questions regarding this Privacy Notice or the way we use your personal data, please contact us at email@example.com.