Privacy policy.

Who we are

Retail Money Market Ltd trading as RateSetter (‘RateSetter’, ‘we’ or ‘us’) a ‘data controller’ and gathers and uses certain information about you. This information is also used by RateSetter’s group companies, so in this notice, references to RateSetter include its group companies. When we use your personal information, we are regulated under the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as the ‘controller’ of your personal information under those laws.

Key Summary

To make things easy for you, we have provided a summary of the key terms and areas of the privacy policy below, together with links to further details. This summary is meant to be a quick reference point, but we would still advise that you read all the sections of the policy that are relevant to you.

RateSetter is committed to protecting your personal information when you use our website, products and services. We want you to be confident that your personal information is safe and secure with us.

We will collect personal information about you when you use our services. We will also collect information about the way in which you use our website. The ways in which we may use your personal information are described below.

For certain purposes, we may share your personal information with members of our group, our partners, service providers and regulatory or governmental bodies.

To make enquiries or exercise any of your rights as set out in this privacy policy, please contact us.

1. The ways in which we collect information

We will collect the information below in different ways depending on how you choose to make contact with us.

Direct - where you have come directly to use RateSetter services through our website or customer services:

Information when you apply for any of our products or services
Information when you use any of our online forms
Information you provide or we collect when using our website
Information you provide when communicating with us, whether in writing, via email, SMS or by telephone
Information you provide when completing customer surveys
Information we obtain if you engage with us on social media, including blogs and forums Information when you take part in any promotions

Third Party - where a broker has introduced you to the services of RateSetter or a third party is acting on your behalf and we have authority for them to act:

Information that the third party enters as part of the application process, or on any of our online forms Information the third party provided when using our website
Information the third party provided when communicating with us, whether in writing, via email, SMS or by telephone
Information provided to us on your behalf by your representatives who might engage with us for you

Comparison Sites:

Information you have entered on the comparison site as part of their application process

2. What type of information we collect and store

If you wish to use our full range of services and products, we will collect some or all of the following information:

Personal Information - your name, and date of birth
Contact Information - your address, phone numbers, business name and email address
Employment details - your current and previous employer and income details
Financial information - your bank account number, sort code, bank transactions, your financial status, position and history
Communication Information - your contact details (whether via letter, email, SMS or telephone)
Transactional Information - a record of payments made to or received from RateSetter
Usage Data - other data about how you use our products and services including your IP Address
Contractual Information - details about the services and products we may arrange or set up for you
Social Relationships - friends, family and other relationships
Documentary Data - details held in documents that are provided to us as part of any application or throughout your relationship with RateSetter
Consents - any permissions that you provide us with, this may relate passing details onto third parties or special data due to medical concerns
Sensitive or special information - we will only collect this information where the law says we have to and even then, only where we have your consent
National Identifier - a unique number provided by a government body to determine who you are (e.g. a passport number or national insurance number)
Social Media Information - comments made on blogs and discussion forums in connection with our products and services. We may also collect personal data through your social media accounts, however we will only access your social media data with your explicit consent
Location data - we could use this data for vehicle recovery purposes
Profile and usage data - This includes the profile you create to identify yourself when you connect to our internet and mobile services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software. Please refer to our Cookie policy for further details on what cookies are and how we use them.

2.1 Information we collect from other sources

We will also on occasion obtain information from other sources, to enable us to offer you our products and services and to be able to operate our platform. This will, on occasion, include personal information and will be obtained from:

Companies that introduce you to us
Financial Advisors
Credit Reference Agencies
Behavioural Profilers
Insurers
Retailers
Comparison Websites
Social Networks
Fraud Prevention Agencies
Public Information services such as Companies House
Land Registry
Agents working on our behalf
Government Agencies
Law Enforcement Agencies

We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (devices’ IP addresses captured and stored in an anonymised form), device screen size, device type, Browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in an anonymised user profile. Neither Hotjar nor we will ever use this information to identify individual user or to match it with further data on an individual user. For further details, please see Hotjars privacy policy by clicking on this link.

You can opt out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

3. How we will use your information

The General Data Protection Regulation states that we are only allowed to use personal information if we have a genuine reason to do so. This includes providing it to third parties outside of the RateSetter group.

RateSetter will only use your personal information for one of the following reasons:

To fulfil a contract, we have with you
When it is our legal duty
When you consent to it
When it is in our legitimate interest

A legitimate interest is when we have a business or commercial reason to use your information. We will only use this reason when we think it is in your best interest so that you can have the best possible experience with RateSetter.

Below is a list of all the ways in which we can use your personal information and the reason we rely on to do so.

4. Credit Reference Agencies ('CRAs'), and Fraud Prevention Agencies ('FPAs')

We carry out credit and identity checks when you apply for a product or service, for you or your business. We use CRAs to help us with this.

If you use our products or services, from time to time we may also search information that the CRAs have about you, to help us manage those accounts.

To do this, we will supply your personal information to CRAs and FPAs and they will give us information about you in return. This will include information about your financial situation and financial history. CRAs and FPAs will give us publicly available information about you (including information from the electoral register) and privately held information which will include your credit history, your current financial situation, financial history information and fraud prevention information.

When we use your information, and share it with CRAs and FPAs, we do so as a necessary step to assess whether or not we can enter into a contract with you. Where your loan application is approved and you choose to enter into a loan through RateSetter, it will continue to be necessary for us to carry out these checks from time to time to perform the contract we have with you.

We will use the information that we receive from CRAs and FPAs to:

Help us understand whether or not we think you can afford to take out the loan that you have requested through us
To assess if we believe you will be able to meet your loan obligations
Make sure that the offers we are able to provide to you are fair and appropriate to your circumstances and check the information that you have provided to us is accurate
Meet our legal obligations to help prevent criminal activity, fraud and money laundering
Manage your account(s)
Trace and recover debts where we have been unable to make contact with you via any other means that we hold your information (i.e. phone, email, letter

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders and other similar companies or organisations. When FPAs receive a search from us they will keep a log of the searches that we have carried out but this will not be shared with any CRAs.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you have made them aware how their personal information will be used by us, before you complete the application. In addition, you should both also be aware that CRAs will also link your records together and these links will remain on both of your files until an approved request is received by the CRAs confirming that the financial relationship no longer exists.

We will continue to exchange information about you with CRAs and FPAs while you have a relationship with us. We will also inform the CRAs once you have finished repaying a loan with us. If you borrow money through the RateSetter platform and do not make all your repayments in full and on time this information will be shared with CRAs who will record that information as part of your credit history. It is possible that the CRAs will then share this information with other organisations who have a relationship with them.

If you give us false or inaccurate information or if we suspect or identify fraud we will record this and will also pass this information to FPAs and other organisations involved in crime and fraud prevention, including law enforcement agencies.

We and other organisations may access and use this information in order to prevent fraud, money laundering or other criminal activity. If we, or a FPA, determine that you pose a fraud or money laundering risk, we may refuse to provide our products and services you have requested, or we may stop providing existing services to you.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years and may result in other companies or organisations refusing to provide services, financing or employment to you.

If you have any questions about this, please contact us at [email protected]

The links below will provide you with further information on:

the identities of the CRAs
their role as FPAs
the information they hold about you
the ways in which they use and share personal information
the length of time that they will hold on to your information
your data protection rights

CallCredit CRAIN

Equifax CRAIN

Experian CRA

5. Automated Decisions

We sometimes use systems to make automated decisions using the personal information we have obtained from you and other sources about you or your business. Automating decisions allows us to make consistent, efficient and quick decisions regarding the products and services we offer. These automated decisions can affect the products and services we may offer you now or in the future, or the price that we charge you for them.

Below are details of the automated decisions we make which are necessary for entering into, or performance of a contract:

6. International Data Transfers

We will only send your data outside of the European Economic Area ('EEA') to:

Follow your instructions (e.g. right to portability); or
Comply with a legal duty; or
Work with our agents and advisers who we use to help run your accounts and services

If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used within the EEA. We will use one of the following safeguards:

Transfer it to a non-EEA country with privacy laws that give you the same protection as the EEA; or
Put in place a contract with the recipient that means they must protect it to the same standards as the EEA; or
Transfer it in accordance to the US EU Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.

Currently we use a company called Zendesk Inc who have staff based outside the EEA, and stores your data in the US. Zendesk Inc and RateSetter have Model Contract Clauses in place to safeguard the transfer of personal data. Zendesk Inc are also certified under the EU-US Privacy Shield framework. When you send an email to RateSetter, you agree to your data being stored and processed in this way.

Fraud Prevention Agencies may also transfer your personal information outside of the EEA, when this occurs they impose contractual obligations on the companies or organisations that receive your information so that they protect your personal information to the standard required in the EEA. They may also require the companies or organisations who receive that personal information to subscribe to 'international frameworks' intended to enable secure sharing of personal information.

7. Information Security and Third Parties

RateSetter takes the security of your information very seriously. We work hard to protect ourselves and your information from unauthorised access. We also protect against unauthorised disclosure, alteration or destruction of information we hold. In particular:

We encrypt the transmission of data to our websites using high grade encryption and digital certificates. We constantly review and test our encryption and security measures to ensure they are appropriate
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems
We restrict access to areas of our systems where personal information is stored to those RateSetter employees, contractors and agents who need to know that information in order for us to be able to carry out our day-to-day business activities. The people who access these areas are subject to strict contractual confidentiality obligations. They may be disciplined or have their contract terminated if they fail to meet the high standards of security and confidentiality that we expect from them

Our website may contain links to other websites operated by third parties. This privacy policy applies only to the personal information that RateSetter collects and we are not responsible for personal information that others may collect, store and use through their websites. You should refer to the privacy policy of the third parties' website for details on how they collect and use your personal information.

It is also important that you ensure that your information is kept secure when you are online. When using our member's portal, we would advise you to:

Keep your login details secret
Sign out of your account when you are not using it
Maintain good internet security in general
Tell us immediately if you think your account has been compromised

8. Retention of Data

We will keep your personal information for as long as is necessary to fulfil the purposes outlined in this privacy policy, unless we are required or permitted by law to retain that information for longer than this.

We will need to keep your personal information for as long as you are a customer of RateSetter, or one of our group companies.

After your relationship with RateSetter ends, we may keep your data for up to 7 years for the following scenarios:

To respond to any queries or complaints
To show that we have acted and treated you fairly
To maintain records according to rules and regulations that apply to us

In some circumstances, we will keep your data for longer than 7 years if we cannot delete it for regulatory or legal reasons. If it is required to extend our retention period, we will continue to ensure that your privacy is protected and we will only use it for the specified reasons.

9. Data Subject’s Rights

You may have some or all of the following rights dependent upon how and why your information was collected and how we are using your information:

Right to Access - You may have a right to request access to the personal information we hold about you (this is also known as a subject access request);
Right to Rectification - You can request at any time that we update and correct any out of date or inaccurate personal information we hold about you;
Right to Erasure - In some circumstances you will be able to request that we remove all personal information we hold about you, if there is no need for us to keep it;
Right to Restrict Processing and Object to Processing - If we process your data, you can request that we stop or restrict the processing of your personal information; and
Right to Data Portability - You can make a request for us to provide personal information you have supplied to RateSetter to a third party

There may be regulatory or legal reasons why we cannot satisfy your requests, but we will advise you of this when a request is made.

For further information on each of these rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO).

10. Marketing

At RateSetter we respect our visitors, customers and friends and therefore we will never pass your details on to third parties for marketing purposes without your explicit consent. Where you are an existing customer or have previously requested the use of our products or services, we may use your personal information to tell you about relevant products and offers. You can opt out at any time by clicking unsubscribe on any email communications we send to you, alternatively by emailing us, writing to us or by changing your contact preferences within the members area. Please click here for contact details.

If you choose to unsubscribe, we will still provide you with statements, legal notices and other important information such as changes to your existing products and services to meet our legal and contractual obligations to you.

We will use personal information that has been provided from you and obtained from third parties we work with, to provide you with marketing information about other products and services we feel you may be interested in, based on your previous interactions with RateSetter. We may ask you to confirm or update your preferences if you take out any new products or services with us in the future.

11. Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. Cookies allow us to distinguish you from other users of the website, helping us to provide you with a good experience when you browse our website and also allowing us to improve our website.

See our Cookies policy, for further information on Cookies and how we use them.

12. Making a complaint and dispute resolution

We hope that we are able to resolve any query or concern that you raise about our use of your information, so please get in touch if you have any questions or issues with this privacy policy or with how we are using your personal information in general.

If you are dissatisfied with any response you receive from us, you may refer your complaint to the ICO. Find out more on their website.

13. Updates to the Policy

We will provide you with disclosures and alerts regarding any material changes to the privacy policy by posting them on our website and if you are an existing client by contacting you through your members area and email address listed in your members account.

This privacy policy was last updated: 30 August 2018

14. Contact Us

If you have any questions or concerns about RateSetter's privacy policy or how we use your personal information, please contact us using the details below: -

Email us - If you are a borrower – [email protected] and if you are an investor – [email protected]

Call Us - 020 3142 6226

Write to Us - RateSetter, 6th Floor 55 Bishopsgate, London, England, EC2N 3AS

Please be sure to mark all correspondence for the attention of the Data Protection Officer so that we can get back to you as soon as possible.

RateSetter is a trading name of Retail Money Market Ltd (Company No. 7075792) and our registered office is at 6th Floor, 55 Bishopsgate, London EC2N 3AS. Authorised and regulated by the Financial Conduct Authority (Ref. 722768).

Loans are subject to status and affordability, the rate and fee you pay will depend on your credit profile. Over 21s only.