Wollit is the trading name of Wollit Ltd (we, us, Wollit). This Policy describes how Wollit and its affiliates acquire, use and manage your personal information in accordance with the Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR) with respect to information relating to you that you or third parties provide to Wollit, including information collected or provided via the Wollit App and the Wollit website http://wollit.com (the App and the Website).
Wollit is a data controller and is registered in the UK with the Information Commissioner’s Office under registration number ZA554988. By visiting and using our App and Website, you acknowledge and agree to the practices described in this Policy.
Personal information we may collect about you
We may collect personal information about you when you submit it via the App or the Website, when you apply for credit from us and if approved, throughout the course of our relationship with you. This information may be given via the App or Website or when you contact us directly, for example through our customer service department, either online, by SMS or by telephone (as our calls may be recorded for training and monitoring purposes).
Bank transaction data
In order to be eligible for a Wollit credit account, you must agree to give us access to see your current bank account (your Account) transactions in real time via an open banking facility operated by our partner, TrueLayer Limited (TrueLayer). Open Banking is the secure way to give us access to your Account transaction data; subject to your granting of permission to your bank it is obliged to enable you to share your Account transaction data with us.
We will view (but do not have the ability to transact) your Account history in order to:
- confirm your income and outgoings you report as part of your application for credit;
- assess your creditworthiness;
- assess your ability to afford the repayments at the point of application and on an ongoing basis for the duration of the loan facility;
- make collection decisions;
- monitor your risk of financial hardship/vulnerability; and
- assess your ability to enter repayment plans.
- Account transaction data is strictly confidential and will not be passed by us or TrueLayer to any third parties. In this Policy, where we refer to sharing your information with third parties, this does not include your Account details or Account transaction data.
Other personal data
In addition to your Account and transaction data identified above, we may collect and process your name, email address, home address, date of birth, employment information and other information such as demographic information when you complete forms, loan applications and/or surveys.
Each time you use the App or visit the Website we may automatically collect information such as:
- details of your usage, including what pages of the Website or App you have visited and whether you have clicked on images or links on those pages (this may be user specific or aggregate); and
- technical information (including the type of device you are using, your IP address, and type of web browser) and cookie information, unless you disable cookies on your device (see under ‘Cookies’ at section below).
- Information we receive from other sources
- We may receive information about you from third parties, for example, your credit history from Credit Reference Agencies (CRAs) (see under section 4 below for more information).
- We may also view any records about you which are in the public domain (for example electoral roll or social media accounts). We do not seek or knowingly collect any personal data about children under 18 years of age.
How we use your personal information
We use your information in various ways, such as:
- to process your loan application and assess your creditworthiness;
- verifying your identity to comply with anti-money laundering legislation;
- checking your credit record to enable us to consider and underwrite your application to borrow;
- for administrative purposes, for example to process payments via direct debit, otherwise make collections, trace you where necessary, update/maintain our records, prevent fraud and money laundering and enforce our loan terms and conditions;
- to communicate with you by telephone, email, SMS, social media or post using the details you have provided in relation to your application/agreement with us or we have obtained from publicly-available sources;
- to enhance your experience of our App and Website and of our services, for example by conducting statistical analysis or for editorial or feedback purposes for our introducer affiliates; and
- to provide you with marketing communications from us (subject to the consents you provide to us which you can withdraw by opting out at any time).
Disclosure of your information
We may share your information with selected third parties including:
- Service Providers: we contract with service providers to perform certain functions on our behalf. Examples include database providers who assist in identity verification and site analysis providers. Their access is limited only to the personal data needed to perform the functions carried out on our behalf as our agent, and only for the purpose of performing those functions; and
- Credit Reference Agencies: in order to process your application, we will perform credit and identity checks on you with one or more CRAs. Where you take out a credit agreement with banking services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your credit account;
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link. More information about CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN) available at https://www.transunion.co.uk/legal/privacy-centre
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- To our professional advisers where required to advise us from time to time and always subject to a duty of confidentiality;
- To other members of our group where required for management information and forecasting purposes; and
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, this includes exchanging information with other companies and organisations for the purposes of fraud prevention.
Processing your data
We process your data using automated and manual decision-making software. This software is used to underwrite your loan. Our automated decision-making systems include, but is not limited to, the following inputs:
- Credit model algorithms
- Affordability algorithms
- Enrolment and employment verification
- Anti-fraud and anti-money laundering databases
- Other data sources that provide inputs that show your creditworthiness, affordability or fitness to receive credit
The use of automated decision-making software is a requirement to enter into a loan agreement with us. You have the right to request that we do a manual review of the results of any automated decision rendered.
We use your personal information for a variety of reasons, upon different legal bases including:
- For the performance of our agreement with you or to take steps at your request prior to entering into an agreement with you. This is necessary for us to lend to you. If you do not provide such information we will be unable to provide you with a loan;
- Where necessary for our legitimate interests, for example in managing and monitoring our App and Website operation, preventing fraud and for our business compliance purposes; and
- Where necessary in order to comply with a legal obligation, for example making reports to our regulatory authority or to law enforcement agencies.
Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example if we ask you to complete a customer survey. Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us using the details set out below.
- Direct Marketing – when you provide your information to us for the purposes of obtaining a quote or making an application for credit we will advise you that we may contact you by telephone, SMS, email or by post to provide you with information about similar products and services that we may provide. We give you the opportunity to change your consent preferences for receiving such marketing communications when you provide your information to us and at any time afterwards in the following ways:
- Via email: Click the “Unsubscribe” link in any email communication and submit your email address on the next screen or email us at email@example.com
- Via telephone: Call us on 0203 885 1311.
If you opt-out of our use of your information for marketing purposes, we will
process your request as soon as possible. We may take steps to verify your identity
with respect to any such request.
Keeping your information secure
We have measures in place to protect the security and confidentiality of your information and we strive to keep it accurate. We only keep your information for as long as is necessary. We generally keep records of any transactions that you enter into for a minimum of six years. Some of the security measures include:
- We work to protect the security of your personal data during transmission by using Secure Sockets Layer (SSL) software, which encrypts personal data you input;
- We store personal data securely; and
- We transmit personal data in an encrypted format.
We only keep your personal information for as long as is necessary to fulfil the purposes for which we use it. We will normally retain your personal data for 6 years after our last business interaction with you to comply with our regulatory requirements. We will delete all data after 6 years from our last business interaction with you unless we are subject to a legal requirement to retain it for longer.
Your personal information is protected under data protection law and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details shown below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights, we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
- Right of access – subject to certain exceptions, you have the right of access to information that we hold about you upon request. You can exercise this right by making a request in writing, by email or telephone using the contact details in the contact section below.
- Right to rectify your personal information – if you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
- Right to be forgotten – you may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in particular circumstances. It may not therefore be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations or to exercise or defend legal claims.
- Right to restriction of processing – in some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified. You have the right to ask us not to use your information for marketing purposes. We will ask for your consent to use your information for these purposes when we collect it and you can exercise your right to prevent such processing by refusing this at the point of collection or subsequently changing your preferences. You can also exercise the right at any time by contacting us by post or email using the details in section 10 ‘Contact’ below.
- Right to object to processing – you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing (including profiling to the extent it relates to direct marketing) and for the purposes of statistical analysis.
- Right to data portability – you have the right to receive, move, copy or transfer your personal information to a controller which is also known as ‘data portability’. You have the right to this when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means. You should note that this right is different from the right of access (see above) and the types of information you can obtain under the two separate rights may be different.
Cookies are small text files that are created and stored on your browser or the hard drive of your computer by websites that you visit. Cookies are often placed on your computer to enable websites to operate properly, to ‘remember’ who you are, and to monitor website traffic and usage. Cookies are generally only visible to the website that serves them and not to other websites.
Most internet browsers accept cookies automatically. However, you can accept, delete or disable cookies through your browser if you wish. To learn more about controlling the placement of cookies through your browser settings, please review the options available in your internet browser’s ‘Help’ menu.
To ensure that you have maximum control over how cookies are placed on your computer, we also operate a cookie banner which appears when you first visit our Website, but can also always be accessed through the dedicated link at the bottom of the homepage. This enables you to set your preferences with respect to certain cookies used in connection with the operation of the Website. For more detailed information about the specific types of cookies used, please read the section below.
Cookies are used on our Website for different reasons. Sometimes cookies are necessary for the operation of the site, for example to ensure its security, or to ‘remember’ your cookie preference information so that we can make sure those preferences apply to your next visit. Other cookies may serve a different purpose, for example to provide analysis of how the site is used and to improve functionality for users. Unless strictly necessary for the functioning of the site or for the transmission of communications, we will only place cookies where you have previously provided your consent. If you do not provide your consent then you can still access and use our Website, however certain functions or features may be disabled which could negatively affect your user experience.
Our Website uses the following types of cookie:
- Policy read cookie: Cookie_policy_read: this cookie is used to track whether the user has visited the site before so the cookie notification panel does not appear automatically during future sessions.
- Google analytics: _utma; _utmb; _utmc; _utmt; _utmz: these cookies are used to collect anonymous information about how visitors use our Website, including the number of visitors, where they came from and the pages they visited. We use this information to compile reports and to help us improve our Website. Click here for an overview of privacy at Google. Google Analytics’ terms require us to disclose that we use Google Analytics and how it collects and processes data. Please see the site “How Google uses data when you use our partners’ sites or apps” at www.google.com/policies/privacy/partners for more information.
- Intercom: intercom-id-[app_id]; intercom-session-[app_id] The first is an anonymous visitor identifier cookie, as people visit the site you get this cookie. The second cookie is an identifier for each unique browser session. This session cookie is refreshed on each successful logged-in ping, extending it to 1 week from the moment. The user can access their conversation and have data communicated on logged out pages for 1 week, as long as the session isn’t intentionally terminated with ‘Intercom (‘shutdown’)’; which usually happens on logout. https://www.intercom.com/help/en/articles/2361922-intercom-messenger-cookies
If you have any questions about how we treat your personal data and protect your privacy or if you have any comments or wish to seek to exercise any of your rights as outlined above, please contact the data protection officer:
- By telephoning us on 0203 885 1311
- By email to firstname.lastname@example.org
- By post to Wollit Ltd, 2nd Floor, Argyle Works, 29-31 Euston Road, London, NW1 2SD
If you have a complaint about the service provided by Wollit, please contact us and your complaint will be dealt with in accordance with our complaints procedure. You also have the right to complain to your local data protection supervisory authority. If you are in the UK, this is the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone 0303 123 1113. www.ico.org.uk.
Conditions of use and changes to this policy
If you choose to use our App or visit our Website, your usage/visit and any dispute over privacy, is subject to this Policy. We may make changes to the Policy from time to time to reflect changes to our operations or legal or regulatory requirements; if we do so we will make a revised copy available via the App and the Website and notify you of this.