Last updated: October 2022
This privacy notice is to let you know how Fronted gathers and processes your personal information.
This notice provides you with information regarding your rights and obligations and explains how, why and when we collect and process your personal data.
We take personal data seriously. Anything containing personally identifiable information is kept safe and we have put in place appropriate technical and other security measures to protect it.
We need to collect certain types of information to allow us to make a decision on your request for financial products. We also need to comply with legal and regulatory requirements relating to anti-fraud, anti-money laundering, know your customer and responsible lending obligations.
We will only collect the information we need to be able to provide you with the service you have requested. You need to make sure that the information you provide is accurate, complete and not misleading. Your personal information may need to be disclosed when we are obliged to by law, for purposes of national security, taxation, defence of a legal claim or criminal investigations.
Who are we?
We are Fronted Holding Ltd and all subsidiaries. Our registered office is at Fronted, The Fisheries, 1 Mentmore Terrace, London, E8 3PN. We are registered in England and Wales under company number 12278750. We are registered on the Information Commissioner’s Office (ICO) Register under numbers: ZB268231 and ZB268239.
We can be contacted:
by post at Fronted, The Fisheries, 1 Mentmore Terrace, London, E8 3PN;
by email at firstname.lastname@example.org
What data do we collect?
Here is the top-line summary of the data we collect.
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
- consent: where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
We’ll break down the information further in the next sections. To use our full range of services and products, we will collect some or all of the following information:
Device & Website Usage Data
Data collected about your use of our app and website (together known as Site). Information about your device, network, and Site activity.
We collect personal information about you when you access our Site, register with us, contact us, send us feedback, purchase products or services via our Site, post material to our Site and complete customer surveys or participate in competitions.
We collect this personal information from you either directly, or indirectly, such as your browsing activity while on our Site.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data through forms or by corresponding with us through Site, chat, phone, email or otherwise. This includes personal data you provide when you:
- create an account on our Site;
- enquire about our products;
- request marketing to be sent to you;
- give us feedback or contact us.
We may also request a scan of an identity document if this is required for “know your customer” or anti-money laundering purposes.
To make it clear, here are the definitions and uses of
– “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
Account & Profile Data
Data about you as a customer, prospect or subscriber. Terms are as per the below:
- Customer is a person who has successfully received a Fronted Deposit or Fronted deposit transfer
- Prospect is a person who has applied for a Fronted Deposit or Fronted deposit transfer
- Subscriber is a person who is interested in Fronted and its related products
Data includes details such as your name, email address, address and product interests.
How Do We Use Your Personal Information
We may use your information to:
Deliver our products and services.
We use information to fulfil our contracts with you, and to deliver our products and services effectively. This allows us to:
Improve our products and services.
- Your use of our product and service means we can create insights which will assist us in improving our products and services.
Market our products and services.
- We only send what is relevant to you, including communication about products and services and advertising our products and services to you.
Prevent fraud and abuse.
- This includes identifying unusual or suspicious interactions with our Site and payment systems.
Comply with local laws and regulations.
- This includes maintaining accurate financial records as required by local laws and regulations.
How we’ll communicate with you:
Once you’ve registered with us, we’ll use your information to communicate with you using a combination of chat, email, phone, text messages (SMS) and post.
Our use of third parties
We may collect personal information received from other sources such as data from credit reference agencies, open banking data (including name, address, bank account number, sort codes, balance, transactions, overdraft limit and statement information) and results of “politically exposed persons” or sanction checks.
We partner with third-party companies including, but not limited to, Google Ads, LinkedIn and Facebook to provide ad tracking that helps us optimise the relevance of advertisements on the websites.
What third parties we currently use
Google Analytics allows us to see how users are finding out about Fronted and if our use of social or paid campaigns are working to draw users to sign up to our Site.
You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Intercom allows us to communicate with you via the chatbot or emails. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.
You can read more about how Intercom uses your Personal Information here: https://www.intercom.com/legal/privacy. You can also enquire directly to Intercom at email@example.com. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.
MixPanel helps us to understand how visitors navigate through our Site. We use this data when seeing how we can better display and structure information.
You can read more about how MixPanel uses your Personal Information here: https://mixpanel.com/legal/privacy-policy/. You can also opt-out of MixPanel here: https://help.mixpanel.com/hc/en-us/articles/360001113426-Opt-Out-of-Tracking
Amplitude is an analytics tool that helps us to understand how visitors navigate through our Site. We use this data when seeing how we can better display and structure information.
You can read more about how Amplitude uses your Personal Information here: https://amplitude.com/privacy. This tool does not save any personal data and is fully anonymous.
You can read more about how Segment uses your Personal Information and opt-out at: https://segment.com/legal/privacy/ or by emailing firstname.lastname@example.org.
Sentry allows us to fix and optimise the code that keeps Fronted running. To monitor if there are any errors or ways that we can make your experience smoother, Sentry may collect information including how you interact with Fronted using cookies and monitoring to see that all sensitive information (including financial information) is confidential and encrypted. No private information is stored on Sentry’s servers.
During your application, we use additional third parties
You will be unable to proceed in our application process without opt-ing into the following legitimate uses of your personal data. This protects you from identity theft and allows us to confirm your suitability for a Fronted product and perform our due diligence to prevent fraud.
Yobota is a loan management platform. When you are approved for a Fronted Deposit, Yobota helps us manage your account including (but not limited to) keeping track of your loan repayments, adjusting any details associated with your loan and/or early settlement of your account.
You can read more about how Yobota uses your Personal Information here: https://yobota.xyz/privacy-policy/.
Shufti Pro is an identity verification service provider which is used during the application process to satisfy our Know Your Customer obligations.
You can read more about how Shufti Pro uses your Personal Information here: https://shuftipro.com/privacy-policy.
We work with Modulr to securely send and receive payments.
We share information with Modulr about you and your estate agent that you provide to us. This includes account details of the destination bank account to pay the deposit and repayment data such as payment reference numbers to track repayments.
You can read more about how Modulr uses your Personal Information here: https://www.modulrfinance.com/privacy-policy.
London & Zurich
London & Zurich are our direct debit collection & processing service.
We use London & Zurich to set up your Direct Debit mandate. A Direct Debit mandate means we can collect and track your monthly repayments automatically. To set up your Direct Debit mandate we share information including your bank account details, repayment amount and repayment reference number with London & Zurich via Modulr. This is a secure way for you to repay your loan as we don't have to share your information twice, and it is automatically deducted meaning you don't miss any repayments.
You can read more about how London & Zurich uses your Personal Information here: https://www.londonandzurich.co.uk/privacy-cookies/.
GoCardless provides us with a Direct Debit collection and payment processing service. This service enables us to securely send and receive payments.
We share information with GoCardless about you and your estate agent. This includes account details of the destination bank account to pay the deposit and payment data such as your payment reference number to track repayments.
We also use GoCardless to set up your Direct Debit mandate. A Direct Debit mandate means we can collect and track your monthly repayments automatically. To set up your Direct Debit mandate we share information including your bank account details, repayment amount and repayment reference number with GoCardless. This is a secure way for you to repay your loan as we don't have to share your information twice, and it is automatically deducted meaning you don't miss any repayments.
You can read more about how GoCardless uses your Personal Information here: https://gocardless.com/privacy
Google Cloud Platform
Google Cloud Platform (GCP) is a suite of cloud computing services. We use Google Cloud Platform software to help run our day-to-day business operations, including but not limited to, running and maintaining our website, managing and processing applications and storing important documentation. It also stores our logs which may contain personal information.
Amazon Web Services
Amazon Web Services (AWS) provides on-demand cloud computing platforms and APIs to businesses. We use select AWS services to process customer data and help manage customer applications and accounts throughout their life-cycle .
Slack is a messaging app for businesses. We use Slack predominantly as a way to communicate internally with other team members. However, we also use their software to alert us internally when significant events happen during your application process and customer life cycle.
Cordless is a cloud call centre software provider. We use Cordless to make and receive calls from new, existing and potential customers. We share and receive information from them, including but not limited to, your contact number, call recordings and call transcripts. Monitoring calls and their content is an important part of our day-to-day business, which is why Cordless is also integrated with other important tools that we use, such as Intercom and Slack.
Twilio is a communication tool which allows businesses to make and receive phone calls and text messages. We use Twilio to send text messages (SMS) to applicants and our customers about important account updates, these are known as ‘service messages’. We share information with them, including but not limited to, your contact number and the content of the message.
Stripe is an online payment processing provider. We use their software to accept payments which helps us set up and manage your account. We share information with them, including but not limited to, your name and relevant payment information.
You can read more about how Stripe uses your Personal Information here: https://stripe.com/gb/privacy
Goodlord is a provider of estate agent software that offers Fronted to its customers for the purpose of spreading the cost of a deposit. When they send customers to Fronted they also share the deposit amount and rent amount that the customer has been quoted.
You can read more about how Goodlord uses your Personal Information here: https://www.goodlord.co/privacy-policy
Canopy is a tenant referencing software provider for renters, landlords and estate agents. They offer Fronted to their customers for the purpose of spreading the cost of a deposit. We may share information with them, including but not limited to, whether your application was successful or not, your name and your address.
You can read more about how Canopy uses your Personal Information here: https://www.canopy.rent/legal/privacy-policy
Wagestream is a financial wellbeing management platform. They offer Fronted to their customers for the purpose of spreading the cost of a deposit. We may share information with them, including but not limited to, whether your application was successful or not, your name and your address.
You can read more about how Wagestream uses your Personal Information here: https://wagestream.com/privacy-policy/
Tenancy Deposit Schemes
You agree that we may request and receive information about you and your deposit from the licensed deposit protection scheme where your deposit is protected, including but not limited to:
- information to help identify your deposit including your name, email address, full postal address, deposit certificate number and deposit amount
- information about the beginning and end of the tenancy
- information about all individuals listed on the deposit and their contributions
- information about money returned, and any claims for arrears, damages or unpaid bills submitted by the customers landlord with the deposit protection schemes
- any information we may need to exercise our rights as a beneficiary of the deposit.
Landlords are legally required to safeguard their tenants’ deposits with one of the three government-backed deposit protection schemes. The three main deposit protection schemes are:
Deposit Protection Service (DPS)
You can read more about how DPS uses your Personal Information here: https://www.depositprotection.com/privacy-policy/
You can read more about how MyDeposits uses your Personal Information here: https://www.mydeposits.co.uk/privacy-policy/
Tenancy Deposit Scheme (TDS)
You can read more about how TDS uses your Personal Information here: https://www.tenancydepositscheme.com/privacy-policy/
Privacy Shield information
At Fronted we are committed to protecting your data and where possible we use UK based processing. There has been a recent GDPR legislation change in which Privacy Shields are now invalid. Though the UK is not a part of the EU, we are still conscious of US based processing of data and how to ensure you are protected.
Fronted are following guidance from the Information Commissioner’s Office (ICO), the UK’s information rights body and the European Data Protection Board (EDPB) that US data processing will only happen where suitable. If there is further authorisation needed, we will add the option onto our Site.
How we work with Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs)
When you create an account with Fronted, you’ll submit information that allows us to verify your identity, provide our services, customise our website and its content to your particular preferences, notify you of any changes and improve our services. We share your data with service providers, firms, businesses and professional advisors (e.g. lawyers and auditors) to provide you with the right product and services.
We will be working with these legitimate agencies:
- Credit Kudos; a Credit Reference Agency (“CRAs”) and Account Information Service Provider (“AISPs”) that uses Open Banking data
- Equifax; to connect consumer credit ratings and protect consumers against fraud.
- HM Revenue & Customs, regulators and other authorities acting as processors or controllers who require reporting of processing activities in certain circumstances.
We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights.
What information is shared with CRAs and FPAs
This information includes (but is not limited to):
- your name, address and contact details
- date of birth
- bank account and payment details
- information about the services we provide to you
- your account details
- details of any feedback you give us by phone, email, post or via social media
How CRAs and FPAs use your data
This information is recorded by both Fronted and external organisations that may access and use this information to prevent fraud and money laundering. CRAs and FPAs may use your information for statistical analysis. Information held by CRAs and FPAs will be disclosed to us and to other organisations in order to (for example):
- prevent fraud and money laundering and to check and assess applications for credit, credit related facilities or other facilities;
- recover debts that you owe and trace your whereabouts;
- manage credit accounts and other facilities and decide appropriate credit limits;
- verify your identity;
- make decisions on credit and other facilities for you or your business;
- check details on proposals and claims for all types of insurance; and
- check details of job applicants and employees.
Use of CRAs and FPAs during your Fronted Deposit application
When you apply to us for a loan, we will check the following records about you (and others where applicable):
Any records we may already have about you;
- those held by CRAs; and
- those held by FPAs.
- CRAs supply us with public information (including from the electoral register, county court judgments and bankruptcies registers) and shared credit and fraud prevention information, including information about previous applications and the conduct of accounts in your and your financial associate(s)' name(s).
You should be aware that whether or not your loan application is successful, when CRAs receive a search from us they will place a soft search footprint on your credit file that may be seen by other lenders. Large numbers of applications within a short time period may affect your ability to obtain credit. This is applicable whether your application is accepted or declined.
We will send the information that you submit through our website to CRAs. This information will be recorded by them. We and other organisations may access and use this information to prevent fraud and money laundering and CRAs and FPAs may use your information for statistical analysis. Information held by CRAs and FPAs will be disclosed to us and to other organisations as outlined in the previous “Credit Reference and Fraud Prevention Agencies use your data” section.
Use of CRAs and FPAs once you are issued a Fronted credit product
If you are to use a Fronted credit product, we will give details of your loan and how you repay it to the CRAs. If you borrow and do not repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding. Other organisations may see these updates and this may affect your ability to obtain credit in the future.
If you fall behind with your payments and a full payment or satisfactory proposal is not received within 14 Days of a “Notice of Default” being issued then a “Formal Demand” will be issued and a default registered on your Credit File with CRA’s.
This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe.
If you give us false or inaccurate information and we have reasonable grounds to suspect fraud or we identify fraud we may record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention including law enforcement agencies who may then access this information.
Equifax, Experian and TransUnion, the ICO and the major financial services trade associations have developed a common statement, Credit Reference Agency Information Notice (CRAIN). This defines the standards that all three Credit Reference Agencies will apply across all products and services in relation to processing consumer data. You can read the CRAIN here.
Use of Automation
We may use systems to send you automated communications or to make automated decisions using the personal information we have obtained from you and other sources about you. Automating decisions allows us to make consistent, efficient and quick decisions regarding the products and services we offer. These automated decisions can affect the products and services we may offer you now or in the future, or the price that we charge you for them.
We will ensure that you are aware of when automated decisions are being made. You have the right to ask that a human review an automated decision, to express your point of view and to contest an automated decision. To do this, please contact our support team.
Currently we use automation in the following areas:
Your data rights and preferences
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
We are committed to ensuring that your information is secure. Appropriate security measures are in place to protect against loss, misuse or alteration of information collected from you, including measures to prevent, as far as possible, access to our databases by parties other than Fronted.
Retention of Data
We will retain your personal data for as long as we are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than six years from the end of our relationship with you. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims.
We may also retain data for longer periods for statistical purposes, and if so we will anonymise this.
Why do we collect and store data?
We will need to keep your personal information for as long as you are a customer. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
How long do we store your data?
After your relationship with Fronted ends, we may keep your data for up to 6 years for the following scenarios:
- To respond to any queries or complaints
- To show that we have acted and treated you fairly
- To maintain records according to rules and regulations that apply to us
In some circumstances, we will keep your data for longer than 6 years if we cannot delete it for regulatory or legal reasons. If it is required to extend our retention period, we will continue to ensure that your privacy is protected and we will only use it for the specified reasons.
For research or statistical purposes, we may anonymise your personal data. This data will no longer be identified with you and we may keep this information indefinitely without further notice to you.
How can you amend your marketing preferences?
Both when you enter our site or sign up as a user, we will confirm that you have opted into our services. Any electronic marketing communications we send you will include clear instructions to follow should you wish to unsubscribe at any time.
You may also amend your contact preferences by emailing us at email@example.com.
As a data subject, you have a number of rights:
- the right to be informed about the collection and use of your personal data;
- the right to access the personal data we hold about you (Subject Access Request);
- the right to rectify inaccurate personal data or complete it if it is incomplete;
- the right to erasure and have your personal data deleted;
- the right to request restriction of or suppression of your personal data;
- the right to obtain and make use of your personal data for your own purposes across different services ("portability");
- the right to object to the processing of your personal data in certain circumstances; and
- rights related to automated decision-making including profiling.
Your data protection rights are subject to certain restrictions and conditions and financial organisations are required to retain a range of your information for legal and regulatory reasons including responsible lending and the prevention of financial crime.
Fronted is required to keep a record of the information reported to the Credit Reference Agencies about you and will therefore retain repayment information regarding your loan for six years from the date that the loan is settled/closed. If your account is recorded as defaulted, the data is kept for six years from the date of the default. This may be extended where we require this to bring or defend legal claims.
If you think that any of the personal data we hold about you is wrong or incomplete you have the right to challenge it.
We will not make a charge for handing your rights request, unless we consider it to be manifestly unfounded or excessive involving a disproportionate effort (particularly if this is a repeated request). If you would like to exercise any of the rights outlined above, you can make it in writing by emailing firstname.lastname@example.org and we will respond within 30 days.
We will assess your request and if we decide not to act upon it or place certain restrictions on it, we will inform you of our reasons for this.
You have the right to complain to us and to the data protection regulator, the Information Commissioner’s Office. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. You can find details on how to report a concern at: https://ico.org.uk/make-a-complaint/
International Data Transfers
We will only send your data outside of the European Economic Area ('EEA') to:
- Follow your instructions (e.g. right to portability); or
- Comply with a legal duty; or
- Work with our agents and advisers who we use to help run your accounts and services
Some of our third parties, as referenced in the ‘Third Parties’ section, are based outside the EEA, and store your data as per the Standard Contractual Clauses (SCC) outlined in GDPR. Transfer it to a non-EEA country with privacy laws that give you the same protection as the EEA as per Standard Contractual Clauses (SCC). You can find out more about data protection on the European Commission Justice website here. When you send an email to Fronted, you agree to your data being stored and processed in this way.
Fraud Prevention Agencies may also transfer your personal information outside of the EEA, when this occurs they impose contractual obligations on the companies or organisations that receive your information so that they protect your personal information to the standard required in the EEA. They may also require the companies or organisations who receive that personal information to subscribe to 'international frameworks' intended to enable secure sharing of personal information.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you would like to know how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online.
How do we link to other sites?
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at: email@example.com.
v2.6 – Last Updated: October 2022