logo
InsightsAboutHelp
Terms & Privacy

Privacy Policy

At iwoca Ltd, we're committed to keeping your information private and secure. This notice sets out the personal data we collect and what we will do with it.

If you have any questions about this policy, you can email as at support@iwoca.co.uk or call us on 020 3778 0105. You can also write to us at 247 Tottenham Court Road, London W1T 7QX.

You can also contact our Data Protection Officer by emailing dpo@iwoca.co.uk

The data that we collect

We will collect personal data on anyone who submits an application to iwoca, any additional directors or shareholders of a limited company, any partners of a limited liability partnership and any loan guarantors.

We may collect and process the following personal data about you:

  • Your name, date of birth, residential address, email address and phone number
  • If you take funding from us, your account information such as transaction and repayment history
  • Where you are a sole trader, additional information that helps us to understand your personal ability to afford repayments (such as income and expenditure and number of dependents)
  • Documentary evidence confirming your identity and address (such as a passport, driving licence or council tax bill)
  • Records of communications (e.g. call recordings, emails and chat transcripts)
  • Technical information about your device and website usage (please see our Cookie Policy for more details)
  • Information about your personal finances (including bank statements)
  • Other information that you provide to us voluntarily

This information may have been collected directly from you through your online account or may have been submitted by someone else, such as another director of the company or a broker. We may also obtain information about you from credit reference and fraud prevention agencies, please see the section on data sharing below for more detail.

What we will do with your data

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

Your personal data will be used to prevent fraud and money laundering, and to verify your identity. The personal information that will be processed as part of such checks includes the type of personal data described above.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, in order to protect our business and to comply with laws. Such processing is also a contractual requirement of the services or financing you have requested.

Below is a list of the other ways in which we may use your personal data, the reasons we rely on to do so and what our legitimate interests are.

Processing activityReasonsOur legitimate interests
Where you are a sole trader or a guarantor, conducting personal credit checks as described belowTo fulfill our contract with you
To comply with our legal obligations
For our legitimate interests		Assessing you/your business’ eligibility for credit
Setting up, administering and managing our customers’ accountsTo fulfill our contract with you
To comply with our legal obligations
For our legitimate interests		Effectively managing our relationship with you and your business
Conducting risk modelling and analysisFor our legitimate interestsContinuously improving the services that we provide to you and other customers
Marketing our products and services to you (which you can choose to opt-out from)For our legitimate interestsContinuously improving the services that we provide to you and other customers

In some instances, we may use your data in ways that are not described above. However, we will inform you before doing so.

Data sharing

We may share your personal information with third parties in the following circumstances:

  • We may report to credit reference and fraud agencies as described below
  • In accordance with our legal obligations, we may permit law enforcement agencies to access and use your personal data to detect, investigate and prevent crime
  • We may use the following third party processors to assist us in providing services to you:
    • Providers of software platforms which enable us to provide services to you and your business (such services will include email, data analytics, hosting and data storage)
    • Our contractor, Good Data Lab, which processes some of our applications and helps us make fast decisions
    • Providers of telecommunications and postal mail services
    • Social media sites, for the purposes of conducting market research and running marketing campaigns (it is important to note that when sharing data with these sites, we ensure that your data is only used in accordance with our instructions)
  • If your details were originally passed to iwoca via a third party (such as a referral platform or financial broker) we may report your application outcome and loan status back to that platform; and
  • We may instruct third parties to act on our behalf in order to collect an outstanding debt.

Credit reference agencies

In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (either Equifax, Experian or Callcredit). We may also make periodic searches at credit reference agencies to manage your account with us.

To do this, we will supply your name, date of birth and address history to the credit reference agencies and they will give us information about you. Credit reference agencies will supply to us both public (including electoral register) and shared credit, financial situation, financial history, and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product
  • Verify the accuracy of the data you have provided us
  • Prevent criminal activity, fraud and money laundering
  • Manage your account(s), including conducting ongoing credit checks to ensure that you or your business remains eligible for the agreed credit facility
  • Trace and recover debts

In utilising the data held with credit reference agencies, we must abide by the Principles of Reciprocity by contributing the same level of credit performance data that we receive. As such, we will continue to exchange information about your repayment history with credit reference agencies while you have a relationship with us. We will also inform the credit reference agencies about your settled accounts. If you borrow and do not repay in full and on time, credit reference agencies will record the outstanding debt. This information will be provided to other organisations than run a credit check on you with the credit reference agencies, such as other finance providers.

When credit reference agencies receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

The identities of the credit reference agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share information, data retention periods and your data protection rights with the credit reference agencies are explained in the Credit Reference Agency Information Notice (“CRAIN”). The CRAIN is accessible from each of the three credit reference agencies - clicking on each of these three links will take you to the same CRAIN document:

Identity, fraud and money laundering

Whenever fraud prevention agencies transfer your personal data outside of the EU, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EU. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Good Data Lab, mentioned above, is based in Hyderabad, India. Strict controls are in place to monitor the operations of Good Data Lab and our contract with them includes the EU’s Standard Contractual Clauses which ensure adequate safeguards for your data and privacy rights.

When sharing your personal data with other 3rd party processors as described above, this data may be may stored on databases outside of the EU. In such cases, we will impose contractual obligations on them in order to protect your data to the standard required in the EU and ensure that your data and privacy rights are not infringed. This may also involve requiring third parties to subscribe to recognised international frameworks intended to enable secure data sharing, for example the Standard Contractual Clauses, or, where the personal data is transferred to the USA, the Privacy Shield certification program.

Standard Contractual Clauses and confirmation of Privacy Shield certification are available on request.

Automated Decisions

We may also automatically decide whether or not to lend to you or your business, how much to lend, at what interest rate and under what terms.

You have rights in relation to automated decision making, such as the right to request human intervention or challenge a decision in certain circumstances. If you want to know more, please contact us using the contact details above.

Retention

The period for which we may retain data about you will depend on the purposes for which the data was collected, whether you have requested deletion of the data, and whether we have any legal obligation to retain the data (for example, for regulatory compliance). We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected. For example, we will typically keep your data for up to 10 years after you last had an active account or product with us, or after you made or started an application. We may keep your personal data for a longer period where it is necessary for legal, regulatory or operational purposes.

Protecting your data

We implement, and regularly review, technical and organisational measures designed to protect personal data that we process from unauthorised disclosure, use, alteration or destruction. For example, we limit staff access to personal data and enforce two-factor authentication.

Your rights

Your personal data is protected by legal rights, which include your right to:

  • Object to, or request a restriction of, our processing of your personal data (for example, you can request that we don’t use your personal data for purposes of direct marketing)
  • Request that your personal data is erased or corrected
  • Request access to your personal data
  • Obtain and reuse certain personal data for your own purposes
  • For more information or to exercise your data protection rights, please contact us using the contact details above.

You also have a right to complain to the Information Commissioner’s Office, which is the UK regulator which upholds rights in relation to individual’s personal data.

Changes to this notice

We may update this notice (and any supplemental privacy notice), from time to time. We will notify of the changes where required by law to do so.

Last modified - May 2018

Job candidates

At iwoca, we’re committed to keeping your information private and secure. This notice sets out the personal data we collect and what we will do with it. This notice is applicable to all candidates applying for, or enquiring about, a role within iwoca. If you have any questions about this policy, you can email us at talent@iwoca.co.uk or write to us at iwoca Ltd, 247 Tottenham Court Road, London W1T 7QX. You can also contact our Data Protection Officer by emailing dpo@iwoca.co.uk.

The personal data we collect

We will collect personal data on anyone who submits a CV to us or applies for a role at iwoca. We may collect and process the following personal data about you:

  • Your name, date of birth, residential address, email address, phone number and nationality.
  • Your CV and any supporting documentation (such as proof of qualifications).
  • Any other information you voluntarily provide to us.

This information may have been collected directly from you or may have been submitted by someone else, such as a recruitment agency.

We may also process technical information about your device and website usage (please see our Cookie Policy for more details) as well as internal records concerning:

  • Your communications with us (e.g. emails)
  • Interview notes
  • Any test or assessment results

We may also collect and process publicly available information about your career experience and qualifications from sources such as LinkedIn.

What we will do with your data

The personal information you provide us will only be used for the purposes of assessing your suitability for a role within iwoca, conducting interviews and managing the recruitment process. This is on the basis that we have a legitimate interest in ensuring that we have the right talent to help drive the business.

Data transfers outside the European Union

The software providers mentioned above may store data on databases outside of the EU. In such cases, we will impose contractual obligations on them in order to protect your data to the standard required in the EU and ensure that your data and privacy rights are not infringed. This may also involve requiring third parties to subscribe to recognised international frameworks intended to enable secure data sharing, for example the Standard Contractual Clauses, or, where personal data is transferred to the USA, the Privacy Shield certification program.

Standard Contractual Clauses and confirmation of Privacy Shield certification are available on request.

How long will we retain your information for?

The period for which we may retain data about you will depend on the purposes for which the data was collected, whether you have requested deletion of the data, and whether any legal obligations require the retention of the data (for example, for legal or regulatory compliance). We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected.

For example, if your application is unsuccessful, we will typically keep your data for up to 18 months from the date of your last communication with us. For successful applicants, we will typically keep your data for up to 10 years after your employment has ended. We may keep your personal data for a longer period where it is necessary for legal, regulatory or operational purposes.

Automated decisions

As part of assessing your application, decisions may be made by automated means. This means we may automatically decide not to proceed with your application due to your ineligibility to work in the UK.

Your rights

Your personal data is protected by legal rights, which include your right to:

  • Object to, or request a restriction of, our processing of your personal data
  • Request that your personal data is erased or corrected
  • Request access to your personal data
  • Obtain and reuse certain personal data for your own purposes

For more information or to exercise your data protection rights, please contact us using the contact details above.

You also have the right to complain to the Information Commissioner's Office, which is the UK regulator which upholds rights in relation to individuals’ personal data.

We may update this notice (and any supplemental privacy notice), from time to time. We will notify of the changes where required by law to do so.