NewDay Technology Ltd, trading as Deko (“we”, “us” or “our”), is a company incorporated in England and Wales with company number 08812602. Our registered office is 7 Handyside Street, London, N1C 2DA.
This policy (together with our Cookie Policy, Terms of Service and Security Statement sets out the basis on which your personal data will be processed by us when you:
For the purpose of data protection laws, we are a data controller and we are registered as a controller with the Information Commissioner’s Office under number ZA779737. We are committed to maintaining the privacy and protection of all personal data that we process in connection with our business.
This policy addresses how we process personal data as a controller. There may be instances where we process personal data as a processor on behalf of another business that you have a relationship with. Where this is the case, the other business is responsible for the way in which your personal data is processed and their privacy policy will prevail.
If you have any questions regarding our privacy policy, please contact us (our contact details are set out in section 13).
1.1 We will collect and process the following personal data about you.
1.2 Information you give us: This is information about you that you give us when filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. It includes information provided when you use our services to apply for credit, register for our newsletter and when you report a problem with our website. The information you give us may include names, addresses, email addresses and phone numbers.
1.2.1 We may allocate a unique reference number to you and/or your application, which we may use as a reference number to track data or other information with lenders or merchants.
1.3 Online Information we collect: With regard to each of your visits to our website we will automatically collect the following information:
1.3.1 technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform;
1.4 We do not generally process any special categories of personal data, meaning personal data revealing:
1.4.1 racial or ethnic origin;
1.4.2 political opinions; religious or philosophical beliefs or trade union membership;
1.4.3 genetic or biometric data that uniquely identifies you; or
1.4.4 data concerning your health, sex life or sexual orientation.
1.5 We do not collect data relating to criminal convictions or offences or related security measures.
There may be circumstances where you provide us with special category personal data which is relevant to your dealings with us. Where this is the case, we may record and process this data subject to your explicit consent.
Sections 1.1 – 1.3 below explain how and why we process your personal data, as well as the legal basis on which we carry out this processing.
2.1 Retail Consumers
2.1.1 To facilitate your application for credit: Where you apply for a credit product in connection with a purchase from a merchant, or otherwise, as a credit broker, we collect and process some of your personal data in order to introduce you to the relevant lender. The information we collect is limited only to your IP address and email address.
Once you arrive on the lender’s credit application form, any personal data you provide will be recorded and processed by the relevant lender and subject to the terms of their privacy policy. Such processing is necessary in order to take steps, at your request, prior to entering into a contract with a lender for credit and this forms the legal basis for the processing. If you do not wish to provide us with your personal data in this way, we will be unable to provide you with our credit brokerage services.
2.1.2 To improve your customer experience: From time to time we may conduct data and system analytics, including research to optimise our technology and improve our products and/or services.
We may also liaise with potential new lending partners and provide them with anonymised transaction datasets so that they can make an initial assessment of whether there are available opportunities for them to work with us. The legal basis on which we process any personal data in these circumstances is our legitimate interest to enhance our internal processes and enrich the products and/or services we can offer you in the future. In each case, we will only use anonymised and/or aggregated data from which individuals’ identities cannot be determined.
2.1.3 To make our website better: We may process your personal data in order to provide you with a more tailored user experience. We may also use your personal data to make sure our website is displayed in the most effective way for the device you are using. This processing means that your experience of our site will be more tailored to you. We also use various cookies to help us improve our website (more details are set out in our Cookies Policy) and share your personal data with the third party analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will also process personal data for the purposes of making our website more secure, to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
The legal basis on which we process personal data in these circumstances is our legitimate interest to provide you with the best customer experience we can, and to ensure that our website is kept secure.
2.1.4 To provide customer services to you: We may process your personal data in order to provide various supporting customer services to you (such as where you contact us with a question in connection with a product or service and/or request certain information from us). The legal basis on which we process your personal data in these circumstances is the performance of our obligations to assist you in entering into a credit agreement. If you do not provide us with the personal data we request from you for customer services purposes, we may not be able to fully answer your queries.
2.2 Retailers, Partner Platforms and Merchants:
2.2.1 In a business-to-business context where you are employed or engaged to work for a retailer, lender or partner platform we may make contact with you to provide or seek information in connection with our products and/or services. The legal basis we rely on for making contact with you and processing your personal data is our shared legitimate interests in doing business together. You are able to exercise your right to object to such contact from us (please see sections 9 and 13).
2.2.2 Where you have expressly opted in to receive marketing communications from us, we will process your personal data to provide you with marketing communications in line with the preferences you have provided.
2.2.3 Where you provide your personal information to us in order to enter into a prize draw at a conference, exhibition or similar event, you will be given the option to opt into our marketing communications. We will process your personal data to provide you with marketing communications in line with the preferences you have provided.
2.2.4 Where we are in the process of entering into a contract with a merchant or partner platform and you are a Director, Owner or controller of that business, we will ask you to provide your personal information to help us verify your identity and undertake screening checks to comply with our legal and regulatory obligations.
2.3 All individuals
2.3.1 Where you have expressly opted in via our website to receive marketing communications from a third party, we will process your personal data by transferring it to the relevant third party. In respect of sections 2.2.2 and 2.2.3, the legal basis on which we process your personal data is your consent. You are not under any obligation to provide us with your personal data for marketing purposes, and you can withdraw your consent to your personal data being processed in this way at any time by contacting us (please see section 12) or, where relevant, by following the unsubscribe link in every marketing communication you receive from us. If you do choose to withdraw your consent, this will not mean that our processing of your personal data before you withdrew your consent was unlawful.
We will transfer your personal data to a third party:
2.3.2 if our business is sold; or
2.3.3 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets (at all times in accordance with all applicable data protection laws); or
2.3.4 if Deko or substantially all of its assets are acquired by a third party, in which case personal data held by Deko about its customers will be one of the assets transferred to the purchaser.
In each case, the legal basis on which we process your data in these circumstances is our legitimate interest to ensure our business can be continued by a purchaser. In such an event, we will assess whether our legitimate interests are outweighed by the risks to your rights and freedoms by us sharing your personal data in this way and only proceed with a data transfer if we believe they are not.
2.3.5 In certain circumstances we may also need to share your personal data if we are under a duty to disclose or share personal data in order to comply with any legal obligation.
3.1 We work with subcontractors, business partners, advertising networks, analytics providers, hosting providers and search information providers who may process personal data on our behalf.
3.2 We are responsible for such third parties’ processing as they do so under our authority. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
3.6 Further information regarding such third parties can be requested by contacting us (please see section 12).
4.1 The details in this policy relating to the third parties in this section are for your information only. We are not responsible for the privacy policies or practices of such third party recipients of your personal data. Please ensure you read any information those third parties provide you about their processing of your personal data and make your own enquiries in respect of them.
4.2 Nobody has a right to receive credit. Credit is subject to: status; telephone contact information; confirmation of name and address; whether or not you already hold credit agreement(s) with the lender; no reasonable suspicion of fraud and is only available to UK residents who are at least 18 (eighteen) years of age and are not legally restricted from obtaining credit. Therefore, to process your application, your personal data may be shared by us with categories of recipients that include lenders, credit reference agencies, other agencies and merchants.
4.3 Lenders: Credit is always granted at the discretion, and subject to the terms of business, of lenders. Where we share your personal data with lenders, this is to introduce you to a relevant lender in order to apply for a credit product
The lender’s privacy policy will set out how and why they process your personal data.
4.4.1 Credit reference agencies
One or more of the main credit reference agencies may be used by your lender to assess your application:
TransUnion (formerly Callcredit Ltd)
One Park Lane
PO Box 10036
Leicester
Le3 4FS
www.transunion.co.uk
www.transunion.co.uk/crain
Equifax Ltd
Customer Service Centre
PO Box 10036
Leicester
LE3 4FS
www.equifax.co.uk
Experian Ltd
Consumer Help Services
PO Box 9000
Nottingham
NG80 7WF
www.experian.co.uk
www.experian.co.uk/crain
Credit reference agencies keep a wide range of information. This includes information from the electoral roll (sometimes known as the voters roll) and records of most county court judgments and bankruptcies. They also retain information relating to previous and existing credit and a record of searches made against the file.
Lenders also share information through the agencies providing a history of how punctually payments are being made or have been made. Loan information is usually held on file for six (6) years.
Details of the voters roll may be held for much longer. Information about credit searches is kept for up to two (2) years.
Further information about the credit reference agencies, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with them are explained in more detail within the Credit Reference Agency Information Notice (CRAIN).
4.4.3 Accessing your file: If you wish to see the information contained on an agency file you can do so by writing to the relevant agency. If your file contains information about you which is incorrect (or contains information about other people with whom you have no financial connection) you can request for the applicable information to be corrected, removed or have a note put on the file explaining why you think the information is wrong. The agency will not remove correct information.
4.5 Merchants: Merchants have a legal duty to explain the purposes and legal basis for processing your personal data. Please always refer to the merchant’s privacy policy for such information.
5.1 We do not perform any automated decision making using your personal data. The lender will combine the information you provide to them with information they collect about you in order to make decisions regarding your application. This is an automated process carried out by the lender with the information you provide to them. The decision will contain the contact details of the lender, should you wish to express your view on the decision or to contest the decision.
6.1 The data that we collect from you will be stored in (and will not be transferred out of) the European Economic Area (EEA).
6.2 If we transfer personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
6.2.1 Where we use certain service providers, we may use specific contracts approved by the UK government and Information Commissioner’s Office, which give personal data the same protection it has in the UK.
6.2.2 Where we use providers based in the US, we will conduct a transfer risk assessment and enter into contract addendums that incorporate additional clauses, protections and obligations in line with the the UK’s International Data Transfer Agreement as appropriate.
6.3 If further information on the specific mechanism used by us when transferring your personal data out of the EEA is required, please contact us directly (please see section 12).
7.1 Where you receive credit as a result of our credit brokerage services, we will retain the limited personal data we collect about you for a period of 7 (seven) years after the services performed, to ensure that we are able to assist you should you have any questions or feedback in relation to our products and/or services or to protect, or defend our legal rights.
7.2 Where you apply for credit but your application is unsuccessful, we will retain your personal data for a period of no longer than 16 (sixteen) months from the date of your application.
7.3 Where we have processed your personal data to provide you with marketing communications with consent, we may contact you at least every twelve (12) months to ensure you are happy to continue receiving such communications. If you tell us that you no longer wish to receive such communications, your personal data will be removed from our marketing lists.
7.4 Where we have processed your personal data for any other reason (such as where you have contacted us with a question in connection with our products and/or services), subject to section 7.1, we will retain your data for twelve (12) months from such contact.
7.5 Further details of retention periods for different aspects of your personal data are available in our Data Retention Policy which is available on request (please see section 12).
8.1 We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. In particular, we have taken steps to secure and safeguard the information we collect and transmit with the use of proven and effective security solutions.
8.2 The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8.3 All information you provide to us is stored on secure servers and all our systems are password protected to help ensure there is no unauthorised access to personal data. Where we have given you a password (or where you have subsequently changed that default password and chosen your own password), the password enables you to access certain parts of our website and you are responsible for keeping this password confidential. You must not share your password with anyone.
8.4 Where we need to transfer your personal data to a third party, such as those referred to in sections 3 and 4, we will ensure we apply strict security protocols and robust encryption to protect the data in transit.
Right to object
9.1 You have the right to object to us processing your personal data where we are processing personal data:
9.1.1 based on our legitimate interests (as set out at sections 2.1, 2.2 and 2.3 above). If you ask us to stop processing your personal data on this basis, we will stop processing your personal data unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws; and
9.1.2 for direct marketing purposes. If you ask us to stop processing your personal data on this basis, we will stop. In each case please do so by making contact with us directly (please see section 12).
Right of access
9.2 You have the right to receive confirmation as to whether your personal data is being processed by us, as well as various other information relating to our use of your personal data. You also have the right to access your personal data which we are processing. You can exercise this right by making contact with us directly (please see section 12).
Right to rectification
9.3 You have the right to require us to rectify any inaccurate personal data we hold about you. You also have the right to have incomplete personal data we hold about you completed, by providing a supplementary statement to us. Right to restriction
Right to restrict processing
9.4 You have the right to restrict our processing of your personal data where:
9.4.1 The accuracy of the personal data is being contested by you;
9.4.2 the processing by us of your personal data is unlawful, but you do not want the relevant personal data erased;
9.4.3 we no longer need to process your personal data for the agreed purposes, but you want to preserve your personal data for the establishment, exercise or defence of legal claims; or
9.4.4 we are processing your data on the basis of our legitimate interest (as set out at sections 2.1, 2.2 and 2.3 above) and you:
a) object to our processing on the basis of our legitimate interest under section 9.1.1 above; and
b)want processing of the relevant personal data to be restricted until it can be determined whether our legitimate interest overrides your legitimate interest.
9.4.5 Where any exercise by you of your right to restriction determines that our processing of particular personal data is to be restricted, we will then only process the relevant personal data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.
Right to data portability
9.5 You have the right to receive your personal data in structured, standard machine readable format and the right to transmit such personal data to another controller.
Right to erasure
9.6 You have the right to require we erase your personal data which we are processing where one of the following grounds applies:
9.6.1 the processing is no longer necessary in relation to the purposes for which your personal data was collected or otherwise processed;
9.6.2 our processing of your personal data is based on your consent, you have subsequently withdrawn your consent and there is no other legal ground we can use to process your personal data;
9.6.3 you object to the processing of your personal data as set out in section
9.6.4 the personal data has been unlawfully processed; and
9.6.5 the erasure is required for compliance with a law to which we are subject.
Complaints
9.7 If you have cause to complain about our processing of your personal data, please contact us in the first instance, so that we can look to resolve the matter for you promptly.
You have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”), the supervisory authority for data protection issues in England and Wales. The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
9.8 Exercising your rights: You can exercise your rights by making contact with us directly (please see section 12). You will not generally be charged a fee for exercising any of your data protection rights and we must provide our response within one month of your request.
Our website may, from time to time, contain links to and from the websites or platforms of our partner networks, affiliates and other third parties. Our service connects you to different websites or platforms. If you follow a link to any of these websites or platforms or use our service, please note that you have left our website and these websites and platforms have their own privacy policies and may collect or share personal data about you. We do not accept any responsibility or liability for these policies, websites or platforms. Please check these policies before submitting any personal data to these websites or platforms.
Any changes we make to our privacy policy in the future will be posted on this webpage and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Questions, comments and requests regarding this privacy policy are welcomed.
You can contact us by telephoning our Support team on 0333 220 2520 or by writing to our Data Protection Officer using the email address dpofficer@newday.co.uk or via our postal address 7 Handyside Street, London, N1C 2DA.
This privacy policy was last updated on 1st October 2024.
The following changes have been made to this policy:
2022:
We have introduced Teads cookies to support our marketing communications
We have introduced Heap analytics to help us monitor, analyse and improve our products and services
We have included capturing marketing consent when providing details to enter a prize draw at events
2023:
We have included our new commercial partnership with CCS and that we may need to transfer limited personal data to them to enable reporting and monitoring
We have added that we apply robust security controls to any personal data that we transfer outside of our company’s systems.
2024:
Updated to remove data processing which related to historic Deko credit broking activity, including processing credit applications as this activity no longer takes place.
Updated to amend references to Pay4Later Ltd to NewDay Technology Ltd, effective from 1st October 2024.