Privacy Policy

As supporters of online transparency and data protection, we’ve recently reviewed our privacy policy to comply with GDPR. It’s boring as hell. Here’s the gist:

 

THE GIST:

  • The good stuff. We will only use your data to up your experience.
  • Locked down. We’ll protect your data like it’s our own.
  • Straight talking. We’ll always talk your language and have your back – no nonsense, no surprises.
  • No spam. You decide what and how you hear from us.
  • Just the essentials. Your info won’t just hang about – if we don’t need it, we’ll delete it.

 


 

1. Background
This privacy notice lets you know what happens to any personal data that you give to us, or any that we
may collect from or about you. It applies to all products and services, and instances where we collect your personal data.
This privacy notice applies to personal information processed by or on behalf of All Riot ltd.
Use the links below to find out more about how we use your personal information.

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:
• Personal and contact details, such as title, full name, contact details and contact details
history
• Your date of birth, gender and/or age
• Products and services you hold with us, as well as have been interested in and have held
and the associated payment methods used
• Marketing to you and analysing data, including history of those communications,
whether you open them or click on links, and information about products or services we
think you may be interested in, and analysing data to help target offers to you that we
think are of interest or relevance to you
• Insights about you and our customers gained from analysis or profiling of customers

3. What is the source of your personal information?
We’ll collect personal information from the following general sources:
• From you directly, Information generated about you when you use our products and
services
• Business partners or others who are a part of providing your products and services or
operating our business

4. What do we use your personal data for?
We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:
• Assessing an application for a product or service, including considering whether to offer
you the product or service, the price, the risk of doing so, availability of payment method
and the terms
• Managing products and services relating to that the product or service, or application for
one
• Managing any aspect of the product or service
• To improve the operation of our business and that of our business partners
• To follow guidance and best practice under the change to rules of governmental and
regulatory bodies
• To monitor and to keep records of our communications with you and our staff (see
below)
• To administer our good governance requirements of All Riot Ltd such
as internal reporting and compliance obligations
• For market research and analysis and developing statistics
• For direct marketing communications and related profiling to help us to offer you
relevant products and service, including deciding whether to offer you certain products
and service. We’ll send marketing to you by SMS, email, phone, post, social media and
digital channels. Offers may relate to any of our products and services as well as to any
other offers and advice we think may be of interest
• To provide personalised content and services to you, such as tailoring our products and
services, our digital customer experience and offerings, and deciding which offers or
promotions to show you on our digital channels
• To develop new products and services and to review and improve current products and
services
• To comply with legal and regulatory obligations, requirements and guidance
• To provide insight and analysis of our customers both for ourselves and for the benefit of
business partners either as part of providing products or services, helping us improve
products or services, or to assess or improve the operating of our businesses
• To facilitate the sale of one or more parts of our business

5. What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data:
1. Where it is needed to provide you with our products or services, such as:
a) Assessing an application for a product or service you hold with us, including consider whether or not to
offer you the product, the price, the payment methods available and the conditions to attach
b) Managing products and services you hold with us, or an application for one
c) Updating your records, tracing your whereabouts to contact you about your account and doing this for
recovering debt (where appropriate)
d) Sharing your personal information with business partners and services providers when you apply for a product to help manage your product
e) All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, illustrations, requests for transfers of equity, setting up/changing/removing guarantors
f) For some of our profiling and other decision making to decide whether to offer you a product and/or service, particular payment method and the price or terms of this
2. Where it is in our legitimate interests to do so, such as:
a) Managing your products and services relating to that, updating your records
b) To perform and/or test the performance of, our products, services and internal processes
c) To follow guidance and recommended best practice of government and regulatory bodies
d) For management and audit of our business operations including accounting
e) To carry out monitoring and to keep records of our communications with you and our staff (see below)
f) To administer our good governance requirements, such as internal reporting and compliance
obligations
g) For market research and analysis and developing statistics
h) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by SMS, email, phone, post and social media and digital channels
i) Subject to the appropriate controls, to provide insight and analysis of our customers to business
partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our business
j) For some of our profiling and other decision making
k) Where we need to share your personal information with people or organisations in order to run our
business or comply with any legal and/or regulatory obligations
3. To comply with our legal obligations
4. With your consent or explicit consent:

a) For some direct marketing communications
b) For some of our profiling and other decision making
5. When do we share your personal information with other organisations?
We may share information with the following third parties for the purposes listed above:
• Business partners (for example, financial services institutions, insurers), or others who
are a part of providing your products and services or operating our business
• Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the
Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s
Office and under the Financial Services Compensation Scheme
• Other organisations and businesses who provide services to us such as debt recovery
agencies, back up and server hosting providers, IT software and maintenance providers,
document storage providers and suppliers of other back office functions
• Market research organisations who help us to develop and improve our products and
services
6. How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time.

7. Is your personal information transferred outside the UK or the EEA?
We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.

8. What should you do if your personal information changes?
You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.
9. Do you have to provide your personal information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
10. Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person(face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our
communications systems and procedures and for quality control and staff training purposes. This
information may be shared for the purposes described above.
11. For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
• For as long as we have reasonable business needs, such as managing our relationship
with you and managing our operations
• For as long as we provide goods and/or services to you and then for as long as someone
could bring a claim against us; and/or
• Retention periods in line with legal and regulatory requirements or guidance.
12. What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have
incomplete personal information completed
• The right to object to processing of your personal information
• The right to restrict processing of your personal information
• The right to have your personal information erased (the “right to be forgotten”)
• The right to request access to your personal information and to obtain information
about how we process it
• The right to move, copy or transfer your personal information (“data portability”)
• Rights in relation to automated decision making which has a legal effect or otherwise
significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection
laws: https://ico.org.uk/. You can contact us using the details below.
13. Your right to object
You have the right to object to certain purposes for processing, to data processed for direct marketing
purposes and to data processed for certain reasons based on our legitimate interests. You can contact usby going to the Contact Us section of our website to exercise these rights.
14. What are your marketing preferences and what do they mean?
We may use your business or home address, phone numbers, email address and social media or digital
channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.

Contact Us
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the Contact Us section of our website.