We in the Portify group (which covers data controllers Portify Financial Services Limited and Portify Limited), care about your privacy. We collect and process personal information with your privacy in mind.
This policy describes how we collect and use your personal data when you contact us, use our services, and/or become a Portify user. It also outlines your rights and how to exercise them. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
It is important that you read this policy before starting to use our services.
What is personal data?
By personal data, we mean information about you from which you can be identified directly or indirectly such as your name, email address, gender, age, mobile and home telephone number, financial information, and your IP address.
Information we collect from you
We will collect and process the following personal data about you:
- Information you give us: You may give us information about you by filling in forms on our website (the Site), our mobile application (the App), applying for Flex Finance, applying for a job with us, providing services to us, or otherwise by corresponding with us (for example, by e-mail or chat). It includes information you provide when you register to use the App, download or register the App or any services offered through it, use the App, share data via an App's social media functions, or enter a competition, promotion or survey, report a problem with the App, or our Site. Certain personal data is mandatory to be provided to us in order that we can fulfil your request or provide you with the service and we shall make this clear to you at the point of collection of the personal data. All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this and we may also report this. At our request, you shall promptly provide evidence of your identity.
- Information we collect about you and your device automatically: Each time you visit one of our Sites or use one of our Apps we will automatically collect the following information:
- Technical information, including the type of mobile device you use, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting (Device Information); details of your use of the App including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;
How we use your information
- consent (where you choose to provide it, for example for direct marketing or non-essential cookies);
- where required for the performance of our contract with you including our Terms or under any service specific terms you enter into with us, for example for Flex Finance;
- compliance with legal requirements; and
- our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests. Specifically, processing is necessary for our legitimate interests of: (i) fraud investigation; (ii) customer database management; (iii) responding to queries and keep records which may be used to defend or bring legal claims; (iii) analyzing use of our service in order to tailor service offerings for you or to generally help us understand their use and to help improve them.
We use the personal data held about you in the following ways:
- to register you as a user of the App, for correspondence, participating in online surveys and competitions, to help us enhance the App for you and to provide the services to you;
- to allow us to ask security-related questions if you later ask us to reset your password;
- for the purposes of analysing the data and suggesting products or services that may enable you to make savings or consider alternative or additional services to the ones you are currently using;
- to keep a record of correspondence and calls with you for training and regulatory purposes;
- to investigate fraud or potential fraud;
- to allow us to customise your experience of the App and enable us to present your own information to you in a way that we believe is most useful for you (including identifying which transactions are, or are likely to be, work related);
- to assist us in the preparation and filing of tax returns with HMRC, if you should request such a service (further terms are likely to apply);
- to verify your identity and credit worthiness and to manage your repayments if you take the Flex Finance product;
- in anonymised form to allow us to analyse our users’ behaviour as a whole and produce statistics accordingly for use at our discretion, which may include licensing to, or sharing with, third parties).
We do not disclose information about identifiable individuals to our advertisers or third parties but we may provide them with anonymous aggregate information about our users (for example, we may inform them that 100 women aged over 40 have clicked on their advertisement on any given day or the fact that a specific age group tends to have more direct debits on their account than another age group). We may use the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
Disclosure of your information
We may disclose your personal information to any member of our group from time to time, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
We use social media platforms to promote our services and administer and obtain insights from accounts and pages we run on such platforms. In relation to such insights data, both we and the third party platform are controllers of any insights data relating to that page or account. For Facebook fan pages, we are required to enter into a contract with Facebook to reflect joint controllership. You can download this contract here. It contains further details and explanations on the joint controllership with Facebook in the context of fan page insights.
- if we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if Portify or substantially all of Portify's assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request; in order to:
- enforce or apply any contractual terms and other agreements or to investigate potential breaches;
- or protect the rights, property or safety of Portify, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- credit checking company Experian;
- if you have downloaded the App as part of a business benefit, we might share information about you with your employer(s) or the organisation(s) that engages you to provide services that offered you the App as a business benefit;
- we shall provide our service delivery providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
Where we store your personal data
We will store your data on servers based within the UK or European Economic Area (EEA).
Occasionally we may use service delivery partners that are based outside the UK or EEA. Where your personal data is transferred outside the UK or EEA, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data – which is generally undertaken by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties which may certified under that scheme).
We will take all steps reasonably necessary to ensure that we treat your personal data securely. In particular, we shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
All personal data we hold is stored on our secure servers. Data relating to your payment transactions will be securely encrypted using TLS (Transport Layer Security). Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Site or App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the App or our Site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We use the very latest framework releases. We use tried and tested modules, and apply fundamental security considerations to every aspect of software design and development. We also frequently review and externally test our software. We filter identifiable information from server logs, encrypt identifiable information in our secure databases, and we only communicate over encrypted protocols.
Credit Reference Agency Information Notice
In order to process your application, we may perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you are subscribed to Portify Plus and Portify Credit Boost. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail for each of the three CRAs below:
- Experian: www.experian.co.uk/crain
- TransUnion: https://www.transunion.co.uk/legal/privacy-centre
- Equifax: www.equifax.co.uk/crain
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. In particular, you should be aware that these rights are not absolute and may be subject to certain conditions and exemptions. Further information can be found here.
- Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.
- Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
- Right to portability: You can request that we transfer your personal data to another service provider.
- Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information.
- Right to be forgotten/erasure: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws including for example to enforce any debt you owe to us.
- Right to stop receiving marketing information: You can ask us to stop sending you marketing information about our services, but please note we shall continue to contact you with any required service messages.
Please note that you can access much of your data on the App or on the Site itself where you can make corrections, updates or deletions.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
We may send you marketing communications from time to time.
You can choose to no longer receive marketing emails from us by contacting us at firstname.lastname@example.org or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request. If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send you marketing information.
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which the App or the Service are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
Keeping your data
Please know if you have any complaints of any kind. We will do our absolute best to resolve them. If we are unable to do so, remember that you have a right to complain to the UK data protection regulator, the Information Commissioner’s Office.
We will give you at least 30 days’ notice of any material change by sending you an email with details of the change or notifying you of a change when you next start the App.
Our contact details
Portify Limited, trading as Portify and Portify Financial Services Limited, are both British companies registered at 31 Great Sutton Street, London, England, EC1V 0NA.
Portify is committed to protecting and respecting your data and privacy. We have a nominated Data Protection Officer in charge of this. Portify is the responsible entity for processing your personal data noted above and is known as the “controller” under applicable laws. That means that we determine how and why we will use your personal data.
Questions, comments and requests regarding these terms are welcomed. You can reach us and the Data Protection Officer on email@example.com.