Loot Financial Services Limited is the controller and responsible for your personal data. We’re registered with the Information Commissioner’s Office and our registration number is ZA129167. We have also appointed a data protection officer (DPO) who is responsible for monitoring our compliance with the GDPR.
What information do we hold about you?
- Personal and contact information you submitted to us, including your name, address, date of birth and photographs when you signed up. This also includes documentation you may have submitted and information you may have provided when you corresponded with us.
- Transaction information, including the date, time, amount and currency of your transactions, beneficiary details and locations.
- Usage information, including how you have clicked through, used and navigated our services.
- Technical information, including the IP address you use to access our services, information about your browser, and information about your device (including the type of device and its unique identifier).
- Location information, including location from device GPS and IP address.
- Information you have shared with us relating to a social network or online account, such as Facebook or Twitter.
- Information provided by a third party, such as a third party involved in fraud prevention or identity verification.
What will we do with this information and why?
Below sets out the different ways in which we use this information. It also sets out the reasons we rely on to do so. We may use your information for more than one reason, depending on the specific purpose for which we are using it. Where more than one reason may apply, this is set out below.
Please contact us if you need details about the specific reason we are relying on to process your personal data where more than one reason has been set out below.
|How is the information used?||For what reason(s) is it used?|
Open an account and provide our services to you, which includes verifying your identity and taking fraud prevention measures.
- Perform the contract we have with you;
- Comply with our legal obligations.
Manage our relationship with you, including notifying you about service updates, changes to our terms, and asking you to provide feedback.
- Perform the contract we have with you;
- Comply with our legal obligations;
- As a legitimate interest, understand how our services are used and whether you are satisfied with our services.
To manage and protect our services and website, including troubleshooting, data analysis, testing, system maintenance and support.
- Comply with our legal obligations;
- As a legitimate interest, provide the administration for our services and website.
Analyse data to assess and improve our services, website, customer experience and relationships and marketing.
This includes identifying if any of your telephone contacts are also Loot users (please note that we do not store your telephone contacts).
- As a legitimate interest, understand how our services, website and communications are used so that we can improve them and keep them relevant for you, and to facilitate interactions between users.
To make suggestions and recommendations to you about goods or services that may be of interest to you. Such suggestions and recommendations may be based on the information we hold about you, including your past use of the service.
- As a legitimate interest, for us to develop our products and grow our business.
To deliver relevant website content and advertisements to you and others, which may include on third party platforms, and measure or understand the effectiveness of the advertising we serve to you.
- As a legitimate interest, understand how our services are used, develop them, and grow as a business.
We will only send you marketing by electronic communications if you have opted in. You can change your preferences to opt in and opt out at any time by using the checkboxes/switches found within the profile section of the app.
If you have opted in, we may from time to time send you offers, promotions and news relating to us and/or a third party. However, we will never share your data with third parties for their marketing, unless you have provided express consent for this.
Sharing information with third parties
We will disclose your personal information to certain third parties who we use in order to provide our services to you. These types of third parties are:
- Financial services partners and card manufacturing, so that we can operate your account, create your card and deliver it to you.
- Cloud storage providers to safely and securely store your data.
- Fraud prevention agencies. This is in order to verify your identity, protect against fraud, comply with anti-money laundering laws and to confirm your eligibility to use our products and services.
- Advertisers and analytics providers:
- We use analytics and search engine providers that assist us in the improvement and optimisation of our site.
- Where we engage advertisers to promote our products and services, we will limit the information about identifiable individuals that we disclose. We may provide them with aggregate information about our users (for example, we may inform them that 250 women aged under 25 have clicked on their advertisement on any given day). We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant for a sub-section of our users (for example, women in London). In some instances we may use personal data we have collected from you to enable our advertising partners to display their advertisement to a target audience.
We may also disclose information to a third party where:
- We are under a legal or regulatory duty to disclose your information;
- We need to investigate, enforce or apply the terms and conditions of our agreement; or
- We need to protect the rights, property or safety of Loot, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
How long will we hold your information for?
By law we have to keep certain information about you and your account after your account is closed. We also have to allow customers to redeem any outstanding balance in their account upon closure. In order to comply with these obligations, we will keep your personal information for six years after your account has been closed.
Where and how is your data stored?
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our application, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet in some situations may not be completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
What are your rights?
You can request any of the following rights by contacting us through the app.
- You have the right to request a copy of some or all of the information that we hold about you for free. Please contact us through the app and we will help you with your request.
- You have the right to request that the information we hold about you is erased, although some information may need to be retained by us due to legal and regulatory requirements. Please contact us through the app and we will help you with your request.
- You have the right to ensure that your personal information is accurate and up to date, and any inaccurate information is corrected. Please keep us informed if your personal data changes during your relationship with us. You can do this by contacting us through the app and we will help you with your request.
- You have the right to request that any information we hold about you be provided to another company in a commonly used and machine-readable format, otherwise known as ‘data portability’. Please contact us through the app and we will help you with your request.
- You have the right to object or to restrict the processing of your information, and at any time to withdraw any consent you have provided. You can do this by contacting us through the app and we will help you with your request.
- You have the right at any time to withdraw any consent you have provided. You can do this by contacting us through the app or by using the checkboxes/switches found within the profile section of the app.
- You have the right to object to any decisions based on the automated processing of your personal data, including profiling. You can do this by contacting us through the app and we will help you with your request.
- You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance and we will try to help you.
Changes to this policy
For previous versions of this policy, please contact us through the app.