Who we are
Retail Money Market Ltd trading as RateSetter (‘RateSetter’, ‘we’ or ‘us’) is a ‘data controller’ and gathers and uses certain information about you. This information is also used by RateSetter’s subsidiaries, so in this notice, references to RateSetter include its subsidiaries. When we use your personal information, we are regulated under the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as the ‘controller’ of your personal information under those laws.
RateSetter is committed to protecting your personal information when you use our website, products and services. We want you to be confident that your personal information is safe and secure with us.
We will collect personal information about you when you use our services. We will also collect information about the way in which you use our website. The ways in which we may use your personal information are described below.
We are owned by Metro Bank PLC, so we work closely with companies in the Metro Bank group. We may share certain information with Metro Bank PLC and other group companies (for example, to provide you with products or services, for marketing purposes, for internal reporting, and where we provide services to those companies or they provide services to us).
For certain purposes, we may share your personal information with our partners, service providers and regulatory or governmental bodies. In the event that we, or any parts of our business, are sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business.
1. The ways in which we collect information
We will collect the information below in different ways depending on how you choose to make contact with us.
Direct - where you have come directly to use RateSetter services through our website or customer services:
- Information when you apply for any of our products or services
- Information when you use any of our online forms
- Information you provide or we collect when using our website
- Information you provide when communicating with us, whether in writing, via email, SMS or by telephone
- Information you provide when completing customer surveys
- Information we obtain if you engage with us on social media, including blogs and forums Information when you take part in any promotions
Third Party - where a broker has introduced you to the services of RateSetter or a third party is acting on your behalf and we have authority for them to act:
- Information that the third party enters as part of the application process, or on any of our online forms Information the third party provided when using our website
- Information the third party provided when communicating with us, whether in writing, via email, SMS or by telephone
- Information provided to us on your behalf by your representatives who might engage with us for you
- Information you have entered on the comparison site as part of their application process
2. What type of information we collect and store
If you wish to use our full range of services and products, we will collect some or all of the following information:
- Personal Information - your name, and date of birth
- Contact Information - your address, phone numbers, business name and email address
- Employment details - your current and previous employer and income details
- Financial information - your bank account number, sort code, bank transactions, your financial status, position and history
- Communication Information - your contact details (whether via letter, email, SMS or telephone)
- Transactional Information - a record of payments made to or received from RateSetter
- Usage Data - other data about how you use our products and services including your IP Address
- Contractual Information - details about the services and products we may arrange or set up for you
- Social Relationships - friends, family and other relationships
- Documentary Data - details held in documents that are provided to us as part of any application or throughout your relationship with RateSetter
- Consents - any permissions that you provide us with, this may relate passing details onto third parties or special data due to medical concerns
- Sensitive or special information - we will only collect this information where the law says we have to and even then, only where we have your consent
- National Identifier - a unique number provided by a government body to determine who you are (e.g. a passport number or national insurance number)
- Social Media Information - comments made on blogs and discussion forums in connection with our products and services. We may also collect personal data through your social media accounts, however we will only access your social media data with your explicit consent
- Location data - we could use this data for vehicle recovery purposes
2.1 Information we collect from other sources
We will also on occasion obtain information from other sources, to enable us to offer you our products and services and to be able to operate our platform. This will, on occasion, include personal information and will be obtained from:
- Our group companies
- Companies that introduce you to us
- Financial Advisors
- Credit Reference Agencies
- Behavioural Profilers
- Comparison Websites
- Social Networks
- Fraud Prevention Agencies
- Public Information services such as Companies House
- Land Registry
- Agents working on our behalf
- Government Agencies
- Law Enforcement Agencies
You can opt out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
3. How we will use your information
The General Data Protection Regulation states that we are only allowed to use personal information if we have a genuine reason to do so. This includes providing it to third parties outside of the Metro Bank group.
RateSetter will only use your personal information for one of the following reasons:
- To fulfil a contract, we have with you
- When it is our legal duty
- When you consent to it
- When it is in our legitimate interest
A legitimate interest is when we have a business or commercial reason to use your information. We will only use this reason when we think it is in your best interest so that you can have the best possible experience with RateSetter.
Below is a list of all the ways in which we can use your personal information and the reason we rely on to do so.
4. Credit Reference Agencies ('CRAs'), and Fraud Prevention Agencies ('FPAs')
We carry out credit and identity checks when you apply for a product or service, for you or your business. We use CRAs to help us with this.
If you use our products or services, from time to time we may also search information that the CRAs have about you, to help us manage those accounts.
To do this, we will supply your personal information to CRAs and FPAs and they will give us information about you in return. This will include information about your financial situation and financial history. CRAs and FPAs will give us publicly available information about you (including information from the electoral register) and privately held information which will include your credit history, your current financial situation, financial history information and fraud prevention information.
When we use your information, and share it with CRAs and FPAs, we do so as a necessary step to assess whether or not we can enter into a contract with you. Where your loan application is approved and you choose to enter into a loan through RateSetter, it will continue to be necessary for us to carry out these checks from time to time to perform the contract we have with you.
We will use the information that we receive from CRAs and FPAs to:
- Help us understand whether or not we think you can afford to take out the loan that you have requested through us
- To assess if we believe you will be able to meet your loan obligations
- Make sure that the offers we are able to provide to you are fair and appropriate to your circumstances and check the information that you have provided to us is accurate
- Meet our legal obligations to help prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Trace and recover debts where we have been unable to make contact with you via any other means that we hold your information (i.e. phone, email, letter)
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders and other similar companies or organisations. When FPAs receive a search from us they will keep a log of the searches that we have carried out but this will not be shared with any CRAs.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you have made them aware how their personal information will be used by us, before you complete the application. In addition, you should both also be aware that CRAs will also link your records together and these links will remain on both of your files until an approved request is received by the CRAs confirming that the financial relationship no longer exists.
We will continue to exchange information about you with CRAs and FPAs while you have a relationship with us. We will also inform the CRAs once you have finished repaying a loan with us. If you borrow money through the RateSetter platform and do not make all your repayments in full and on time this information will be shared with CRAs who will record that information as part of your credit history. It is possible that the CRAs will then share this information with other organisations who have a relationship with them.
If you give us false or inaccurate information or if we suspect or identify fraud we will record this and will also pass this information to FPAs and other organisations involved in crime and fraud prevention, including law enforcement agencies.
We and other organisations may access and use this information in order to prevent fraud, money laundering or other criminal activity. If we, or a FPA, determine that you pose a fraud or money laundering risk, we may refuse to provide our products and services you have requested, or we may stop providing existing services to you.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years and may result in other companies or organisations refusing to provide services, financing or employment to you.
If you have any questions about this, please contact us at [email protected]
The links below will provide you with further information on:
- the identities of the CRAs
- their role as FPAs
- the information they hold about you
- the ways in which they use and share personal information
- the length of time that they will hold on to your information
- your data protection rights
5. Automated Decisions
We sometimes use systems to make automated decisions using the personal information we have obtained from you and other sources about you or your business. Automating decisions allows us to make consistent, efficient and quick decisions regarding the products and services we offer. These automated decisions can affect the products and services we may offer you now or in the future, or the price that we charge you for them.
Below are details of the automated decisions we make which are necessary for entering into, or performance of a contract:
6. International Data Transfers
We will only send your data outside of the European Economic Area ('EEA') to:
- Follow your instructions (e.g. right to portability); or
- Comply with a legal duty; or
- Work with our agents and advisers who we use to help run your accounts and services
If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used within the EEA. We will use one of the following safeguards:
- Transfer it to a non-EEA country with privacy laws that give you the same protection as the EEA; or
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA; or
- Transfer it in accordance to the US EU Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.
Currently we use a company called Zendesk Inc who have staff based outside the EEA, and stores your data in the US. Zendesk Inc and RateSetter have Model Contract Clauses in place to safeguard the transfer of personal data. Zendesk Inc are also certified under the EU-US Privacy Shield framework. When you send an email to RateSetter, you agree to your data being stored and processed in this way.
Fraud Prevention Agencies may also transfer your personal information outside of the EEA, when this occurs they impose contractual obligations on the companies or organisations that receive your information so that they protect your personal information to the standard required in the EEA. They may also require the companies or organisations who receive that personal information to subscribe to 'international frameworks' intended to enable secure sharing of personal information.
7. Information Security and Third Parties
RateSetter takes the security of your information very seriously. We work hard to protect ourselves and your information from unauthorised access. We also protect against unauthorised disclosure, alteration or destruction of information we hold. In particular:
- We encrypt the transmission of data to our websites using high grade encryption and digital certificates. We constantly review and test our encryption and security measures to ensure they are appropriate
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems
- We restrict access to areas of our systems where personal information is stored to those RateSetter employees, contractors and agents who need to know that information in order for us to be able to carry out our day-to-day business activities. The people who access these areas are subject to strict contractual confidentiality obligations. They may be disciplined or have their contract terminated if they fail to meet the high standards of security and confidentiality that we expect from them
It is also important that you ensure that your information is kept secure when you are online. When using our member's portal, we would advise you to:
- Keep your login details secret
- Sign out of your account when you are not using it
- Maintain good internet security in general
- Tell us immediately if you think your account has been compromised
8. Retention of Data
We will need to keep your personal information for as long as you are a customer of RateSetter, or one of our group companies.
After your relationship with RateSetter ends, we may keep your data for up to 7 years for the following scenarios:
To respond to any queries or complaints
To show that we have acted and treated you fairly
To maintain records according to rules and regulations that apply to us
In some circumstances, we will keep your data for longer than 7 years if we cannot delete it for regulatory or legal reasons. If it is required to extend our retention period, we will continue to ensure that your privacy is protected and we will only use it for the specified reasons.
9. Data Subject’s Rights
You may have some or all of the following rights dependent upon how and why your information was collected and how we are using your information:
- Right to Access - You may have a right to request access to the personal information we hold about you (this is also known as a subject access request);
- Right to Rectification - You can request at any time that we update and correct any out of date or inaccurate personal information we hold about you;
- Right to Erasure - In some circumstances you will be able to request that we remove all personal information we hold about you, if there is no need for us to keep it;
- Right to Restrict Processing and Object to Processing - If we process your data, you can request that we stop or restrict the processing of your personal information;
- Right to Withdraw Consent – You can withdraw your consent at any time by contacting RateSetter. RateSetter will stop processing your personal data as soon as your request to withdraw your consent is received and where consent is the lawful basis for us processing your personal data; and
- Right to Data Portability - You can make a request for us to provide personal information you have supplied to RateSetter to a third party.
There may be regulatory or legal reasons why we cannot satisfy your requests, but we will advise you of this when a request is made.
For further information on each of these rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO).
At RateSetter we respect our visitors, customers and friends and therefore we will never pass your details on to third parties for marketing purposes without your explicit consent. Where you are an existing customer or have previously requested the use of our products or services, we may use your personal information to tell you about relevant products and offers. You can opt out at any time by clicking unsubscribe on any email communications we send to you, alternatively by emailing us, writing to us or by changing your contact preferences within the members area. Please click here for contact details.
If you choose to unsubscribe, we will still provide you with statements, legal notices and other important information such as changes to your existing products and services to meet our legal and contractual obligations to you.
We will use personal information that has been provided from you and obtained from third parties we work with, to provide you with marketing information about other products and services we feel you may be interested in, based on your previous interactions with RateSetter. We may ask you to confirm or update your preferences if you take out any new products or services with us in the future.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. Cookies allow us to distinguish you from other users of the website, helping us to provide you with a good experience when you browse our website and also allowing us to improve our website.
See our Cookies policy, for further information on Cookies and how we use them.
12. Making a complaint and dispute resolution
If you are dissatisfied with any response you receive from us, you may refer your complaint to the ICO. Find out more on their website.
Back To Top
13. Updates to the Policy
14. Contact Us
Email us - If you are a borrower – [email protected] and if you are an investor – [email protected]
Call Us - 020 3142 6226
Write to Us - RateSetter, 6th Floor 55 Bishopsgate, London, England, EC2N 3AS
Please be sure to mark all correspondence for the attention of the Data Protection Officer so that we can get back to you as soon as possible.