Privacy, Cookies and Fraud Prevention Policy
Last updated: 4th of August 2020
By visiting www.ocyan.com and using our apps and services you are accepting and consenting to the practices described in this Privacy Notice. The data controller of your information is Ocyan Cloud Technology Limited of 61 Dublin Street, Edinburgh, Midlothian, Scotland, EH3 6NL.
References to our website below include references to our apps.
- The information we collect
- How we use the information
- Who we may share your data with
- What is the legal basis for us using this information?
- Direct marketing and how you can change your preference
- How we protect your information
- How long we keep your information for
- Links to and from third party websites
- Automated Decision Making
- Your rights
- Contact us
- Your right to lodge a complaint with the ICO
- What are cookies?
- More about the cookies we use
- Specific cookies we use
- Turning cookies off
- Contact us
- Further reading
THE INFORMATION WE COLLECT
We collect and process information which:
- you give to us when you register with us, such as your name and contact details
- we obtain from Credit Reference Agencies on your behalf
- we collect about you based on your use of our website or from your mobile device if you are using our app
- we receive from other sources, such as third parties who give us information about you
- is collected from cookies.
We may collect and process the following data about you:
Information you give us. You may give us information about you when you use our services or by communicating with us. This includes information you provide when you participate in discussion boards, answer specific questions on our website, provide us with feedback, participate in surveys, and when you report a problem.
The information you give us may include:
- Email address
- Date of birth
- Phone number
- Residential details
- Employment details
- Address history
- Country of relocation
Information we collect from Credit Reference Agencies on your behalf. If you register to use our services, we will obtain your credit score and credit report from one or more Credit Reference Agencies on your behalf.
Information we collect about you based on your use of our website or apps. Each time you visit our website or use our app we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address, your login information, browser type and version, time zone setting, operating system and platform
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number
Information we receive from other sources. We may receive information about you if you use any of the websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, search information providers, social media) and may receive information from them, such as your credit report information, whether or not you have taken out a product with them, what other products you may have used, and other such details.
Information collected from two-factor authentication. If you opt to enable two-factor authentication for your ClearScore account, we will collect your phone number and use it to provide you with a code via SMS which you can use to enter your account.
Recording telephone calls and other communications. We may monitor or record telephone conversations or other communications between you and us.
HOW WE USE THE INFORMATION
We use information we hold about you to provide our services to you and improve those services, administer your account and communicate with you and to use information on an anonymous basis for research, profiling and analytical purposes.
Information you give to us or we collect from Credit Reference Agencies, Partners or or other third parties on your behalf as part of our services. We will use this information to:
- administer your account and relationship with us and to, communicate with you by telephone, mail, email, text (SMS) message, push notification or other electronic means
- verify your identity as part of our identity authentication process
- provide you with information, products and services
- where you have provided your consent for us to market to you, provide you with information about other products and services we feel may interest you or be best for you
- notify you about changes to our services
- ensure that content from our website is presented in the most effective manner for you and your device
- aggregate it on an anonymous basis with other data for data analytical and reporting purposes
- undertake analysis and profiling of your credit information in order to identify and inform you of credit products that we consider are likely to interest you or be suited to your credit circumstances or to enhance our services.
Information we collect about you based on your use of our website. We will use this information:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- to improve the service we offer you such as understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- as part of our efforts to keep our website safe and secure and to prevent fraud
- to make recommendations about products or services that may be of interest
Information we receive from other sources. We may combine this information with information you give to us and use this information and the combined information for the purposes set out above.
Recording telephone calls and other communications. We will use telephone recordings or transcripts of communications to check your instructions to us, analyse, assess and improve our services, for training and quality purposes and for the purposes of investigating any complaint you may make, or as evidence in any dispute between you and us.
What we will never do. Rest assured, we will never sell your information to third parties.
WHO WE MAY SHARE YOUR DATA WITH
We may share your data with other members of our group and with other third parties, such as our service providers, advertisers, Credit Reference Agencies, and Fraud Prevention Agencies and Cybercheck Partners.
We may need to disclose your data to others to ensure the smooth provision to you of the products, services and information you request. Your data may be disclosed to the other entities as described below.
These third parties act on our instructions and are processors of your information.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found below.
Subprocessors. We may share your information with the following subprocessors:
|Amazon Web Services, Inc.||Cloud Service Provider|
|Credit Kudos Limited||Data Aggregator Provider|
|Emailage Limited||Fraud Prevention Tool Provider|
|Segment.io, Inc.||Data Segregation Tool Provider|
Group company. We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
Selected third parties. We may also share your information with selected third parties including:
- Credit Reference Agencies, to obtain your credit score and credit report on your behalf and to provide our services to you (please see “Credit Reference Agencies” below for more detail)
- Fraud prevention agencies, to prevent crime and trace those responsible (please see “Fraud Prevention Agencies” below for more detail)
- Product providers, such as our business partners who offer you credit cards, loans, car finance, mortgages, insurance, pensions, investments and other related products, to:
- assess if you are an existing customer and for fraud prevention purposes
- conduct analysis to provide you with better products and services in the future, and for segmentation purposes
- pre-fill an application form with the product provider
- assess your probability of being accepted for a product
- Cybercheck Partners, to obtain details of any recorded cybersecurity incidents affecting your nominated email account.
Credit Reference Agencies. If you register to use our services we will obtain on your behalf, in accordance with our Terms, copies of your credit report and credit score from designated Credit Reference Agencies. In order to provide these services to you, we will share your information with such Credit Reference Agencies.
The information which we provide to the CRA may be supplied by them to other organisations such as Fraud Prevention Agencies and used by those organisations for the purposes of checking identity, preventing fraud, tracing and collection of debt. The CRA may also use the data to undertake statistical analysis.
If you choose to apply for a product, the lender will undertake a full credit check and provide you with further privacy information for that product. More information about each CRA and what it does with personal data is available here.
Fraud Prevention Agencies. We will share your personal information with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
WHAT IS THE LEGAL BASIS FOR US USING THIS INFORMATION?
We make we have appropriate legal bases on which to collect, use and share data about you. If you have any questions about the lawful bases upon which we collect and use your personal data, you can contact our Data Protection Officer.
Our lawful bases may include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (such as delivering our core services to you) and our own legitimate interests.
Performance of a contract. We need you to give us the information you provide, and to collect information about you from the Credit Reference Agencies, Partners or other third parties in order for us to provide you with our services as agreed in our contract with you. We cannot provide our services to you without collecting the information you give us because we need certain information from you to be able to seek your credit report and score and to show suitable financial offers to you and to provide our other services to you.
For other types of information (such as the information we collect based on your use of the website and information we receive from our sources about you), we process this information for the purposes of providing our services to you as agreed in our contract and for the purpose of to enable us to:
- provide a secure website to our customers; and
- analyse our users’ behaviour and preferences, and information collected from users’ devices in order to have information required to be able to improve the services we provide to our customers and the user experience on our website.
Consent. We will always seek your consent to process certain types of information where we are legally required to do so. You have the right to withdraw or decline your consent at any time.
Legitimate interests. We may process your personal data for the purposes of our legitimate interests or for the legitimate interests of our product providers or other suppliers provided that such processing does not outweigh your rights and freedoms. As an example, we may process your personal data to:
- display tailored product offers to you
- comply with laws that apply to us
- provide you with our service, including for the purpose of quality control and analysis
- protect you and us from fraud or other threats
- conduct analysis, segmentation and profiling of your data in order to provide you with direct marketing communications
- improve our service and manage our customer relationships
Where we rely on legitimate interests, you have the right to object at any time.
DIRECT MARKETING AND HOW YOU CAN CHANGE YOUR PREFERENCE
We offer you the opportunity to receive marketing information from us. You can opt out easily of receiving marketing from us at any time.
We will normally send direct marketing by email if we have your email address, but may choose to contact you via other methods, such as push notifications to your devices.
You may receive the following types of communications from us:
- Product recommendations – we’ll get in touch with personalised, timely product recommendations that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like.
- Content communications – we’ll send you content such as tips, research, features and news, coaching programmes on how to keep on top of your money and other related content. You can unsubscribe from these at any time and we will never spam your inbox.
- Core communications – we will send you your credit report every month, alerts whenever there is a change to your credit report, security alerts pertaining to your Ocyan Data account, significant changes which may impact our service and other such related content. These communications are an intrinsic part of owning a Ocyan Data account and cannot be opted-out of.
If you would like us to stop sending direct marketing to you, we offer simple ways to do this. Whenever you receive direct marketing you will be given an option to unsubscribe. You may also update your preferences here.
You can also tell us that you do not wish to receive any more marketing communications at any time by writing, with your full name, address and other contact details (to enable us to find your records), to:
Data Protection Officer
Ocyan Cloud Technology Limited 61 Dublin Street, Edinburgh, Midlothian, Scotland, EH3 6NL
HOW WE PROTECT YOUR INFORMATION
We take the security of your data very seriously and use strict procedures to protect it. Whenever we transfer personal data outside of the UK/ European Economic Area, we ensure that appropriate safeguards are in place to protect the data.
All information you provide to us is stored on our secure servers.
We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.
HOW LONG WE KEEP YOUR INFORMATION FOR
While your account remains active, we keep your information for no longer than is necessary depending on the purpose for which we are using it.
How long we keep your information will depend on the purpose for which we use it. While you are a customer of ours, we will only retain your information for as long as is necessary for those purposes.
After termination of your account, we may continue to use anonymised data (which does not identify individual users) which is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes, for example to gain insights about our users. We may also keep your email address to ensure that you no longer receive any communications from us as well as your name, date of birth and latest address for fraud prevention purposes and for the exercise or defence of a legal claim.
LINKS TO AND FROM THIRD PARTY WEBSITES
If you follow a link to or from our website to a third party website, please be aware that these websites have their own privacy policies.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
AUTOMATED DECISION MAKING
We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know.
Identity verification. We use an automated decision making system to verify the details you provide against those held by third party providers. If you do not pass the check using the automated system, we cannot provide our services to you without being able to verify your identity.
Tailored products and services. We may use your information to predict the probability that you may be accepted for a product, or to determine the best order or manner in which to display products to you.
Tailored communications. We want to make sure we’re only sending you emails that are relevant to you, and so we will use your personal information to determine which content you may be more interested in receiving.
You’ve the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making, please contact us via firstname.lastname@example.org.
You can exercise specific rights with regards to the data that we hold about you.
We will provide you with the necessary tools and contact details to be able to exercise your statutory rights regarding the information that we hold about you. You will be able to:
- Correct your data: you will usually be able to amend any information that we hold about you that is inaccurate or incomplete through the settings in your account.
- Request access to your data: you can ask for access to the personal data that we hold about you so that you can check that we are using your information in accordance with data protection law
- Erase your data: you can ask us to fully or partially delete your personal data where there is no compelling reason for us to keep using it, although we may not be able to continue to provide our services. We may keep your email address to make sure the restriction is respected in future. We also have the right to continue using your information if such usage is necessary for compliance with our legal obligations.
- Download your data or send it to another controller: you can obtain a copy of the data you provided us in a machine-readable format. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
- Object to the use of your data: you can ask that we no longer use your personal data where that use is based on a legitimate interest
- Restrict the use of your data: You have the right to ‘block’ or suppress further use of your information in certain circumstances (for example, where you think the information we are using about you is inaccurate, whilst we verify its accuracy). When usage is restricted, we can still store your information, but may not use it further.
- Right to withdraw consent: If you have given your consent for us to use your information, you have the right to withdraw your consent at any time. This can be done by contacting our Data Protection Officer.
For the exercise of any of your rights, you can also contact us at email@example.com.
YOUR RIGHT TO LODGE A COMPLAINT WITH THE ICO
If you are not satisfied with our response to any complaints you raise with us or you believe our processing of your information does not comply with the data protection law, we suggest you contact our Data Protection Officer. However, you can make a complaint to the Information Commissioner’s Office (ICO) at any time.
Please see the ICO website for further information – https://ico.org.uk/for-the-public/raising-concerns.
If you wish to use our website, but would like us not to set cookies in your browser, you can disable or remove the cookies. Details on how to do this are set out below. Please note that disabling or removing the cookies we or our third party service providers set may impact the functionality and security of our website and our ability to provide our services to you.
We reserve the right to make changes to our Cookies Policy. Any changes we may make to our Cookies Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Cookies Policy. Your continued use of our website is taken as your agreement to any such changes.
WHAT ARE COOKIES?
Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Your web browser (such as Internet Explorer, Mozilla Firefox, Google Chrome or Safari) then sends these cookies back to our website or application on each subsequent visit.
- to recognise your device(s) when you visit our website and to remember if you’ve set any preferences on our website. This enables us to personalise our content for you and greet you by name
- to temporarily store data as part of, for example, customer surveys
- to test new content and evaluate its effectiveness
- to recognise and count the number of visitors to our website and see how you navigate our website when you are visiting it (including tracking page usage and paths used by visitors through our website; and tracking use of our Internet banner advertisements and other links from our marketing partners’websites to our website)
- to improve our website’s usability and keep our services easy to use and up to date
- to allow you to share pages with social networks such as LinkedIn, Facebook and Twitter / to support social media components, like Facebook or Twitter (where our website uses a plugin from these third party platforms)
- to ensure you don’t miss information that is relevant to you (including targeting our website content, targeting our marketing campaigns and direct marketing emails, targeting our Internet banner advertisements on our website and on other websites)
- to analyse use of our website (including for performance and statistical analysis, sales and marketing research). To stop us setting these cookies you will need to set up your browser to reject all cookies (see further below)
We may also combine this web usage data with other information we have collected about you. We store this information so that we have a better and more specific understanding of the way users are using our website, and their preferences and interests, for the purposes set out above.
Cookies may be either “persistent” cookies or “session” cookies, depending on how long they are used.
- Persistent cookies remain on your device after you have closed your browser, and allow a website to remember your actions and preferences. They are activated each time you visit the website where the cookie was generated. Sometimes persistent cookies are used by websites to provide targeted advertising based on the browsing history of the device. They are stored by the browser and remain valid until their set expiry date (unless deleted by the user before the expiry date).
- Session cookies only last for the duration of your visit and are deleted when you close your browser. They facilitate tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality.
Many of the cookies we use are session cookies. For example, they help us to ensure the security of your session, and can also keep you signed in to your ClearScore account while you move between pages.
MORE ABOUT THE COOKIES WE USE
This section describes more about the different types of cookies we use. The cookies are both cookies that we set (first party cookies) and cookies that are managed for us by third parties.
Whether a cookie is a first or third party cookie depends on which website the cookie comes from.
- First party cookies are those set by or on behalf of the website visited. All other cookies are third party cookies.
- Third party cookies: In some cases, some of these cookies are managed for us by third parties, but we don’t allow the third party to use the cookies for any purpose other than those listed above.
- Web analytics services: In order to keep our products and services easy to use and up-to-date, we also use web analytics services to help us understand how people use our website. For example, we can see which parts of our services are most popular, identify when errors occur and test different versions of a page or feature to see which one works best. These web analytics services may be designed and operated by other companies on our behalf. They do this using small invisible images known as “web beacons” or “tracking pixels” that may be included in the digital products and services on our website.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. We use retargeting and online behavioural advertising to market ClearScore which employs targeting cookies to deliver you more targeted advertising.
You can read more about the cookies we and our trusted service providers use below.
By using our website, you agree that we can place both first party and third party cookies and web analytic services on your device.
SPECIFIC COOKIES WE USE
Below is a full list of the cookies we use together with a description of what they are used for, and whether they are ‘first’ or ‘third’ party. Where a cookie is a third party cookie, please visit the providers’ website for more information.
|Cookie||Cookie Name||Session / Persistent||Description|
|Ocyan||consent||Persistent||This is a first party cookie used to record user cookie preferences and stop displaying the banner.|
Third Party cookies – These are third party cookies used to track visitors, collect information about how visitors use our site and improve site performance. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the website from and the pages they visited.
|Cookie||Cookie Name||Session / Persistent||Description|
|Google doubleclick.net||Id or IDE||Persistent||This is a third party cookie used to make advertising more engaging to users and more valuable to advertisers.|
|Google doubleclick.net||DSIS||Persistent||This is a third party cookie used to make advertising more engaging to users and more valuable to advertisers|
|Google Tag Manager||_ga||Persistent||These are third party cookie used for Google Analytics and pay per click tracking|
|Google Tag Manager||_gid||Persistent||These are third party cookie used for Google Analytics and pay per click tracking|
|muc||Persistent||These are third party cookie used for twitter’s advertisement tracking|
|sdsc||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|li_oatml||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|org_tcphc||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|lang||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|UserMatchHistory||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|utag_main||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|lidc||Persistent||These are third party cookie used for Linkedin’s advertisement tracking|
|Cloudflare||_cfduid||Persistent (30 days)||This is a third party cookie used for locally storing certain assets of the site once they are displayed for the first time, which will allow those assets to be displayed quicker in subsequent instances.|
|Segment||__user_id||Persistent||Segment is our App performance analytics provider. We use Segment’s analytics to keep track of application events to optimise the performance and experience.|
TURNING COOKIES OFF
You can reject cookies within your browser, but please note that certain parts of our website may no longer function as expected.
In all modern browsers you may elect to reject cookies and/or enable do not track features, and we provide instructions on how to do this below. Please note however that by doing so parts of our website may no longer function as expected. For example, if you delete cookies any preferences they record will be lost. This includes for example where you have opted out from cookies, as this requires an opt-out cookie to be set.
If your concerns are based around third party cookies, then we recommend you just reject those cookies, rather than all cookies so that we can still provide you with the functionality you expect.
If you do wish to stop your browser from accepting cookies, see the following pages:
- Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
- Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
If you have any questions about our cookies or this Cookies Policy, please contact us on firstname.lastname@example.org.
If you would like to know more about cookies, you can find out more at the links below.
Useful information about cookies can be found at: http://www.allaboutcookies.org The BBC Web Wise guide to cookies: http://www.bbc.co.uk/webwise/guides/about-cookies Information on the ICO cookie guide can be found on the ICO website: https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf A guide to behavioural advertising and online privacy has been produced by the Internet Advertising Bureau which can be found at: http://www.youronlinechoices.com/uk/download-guide
Fraud Prevention Notice
Before we provide you with our services, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed, for example: name, address, date of birth, address, contact details, device identifiers including IP address.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details provided.
CONSEQUENCES OF PROCESSING
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide our services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details provided.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.