About this privacy notice
Aperidata Limited is committed to protecting your personal information and respecting your privacy.
This notice sets out the basis on which we collect and use personal information about you. Please read this carefully to understand how we will handle your personal information. If you have any questions the please do contact us using the details below.
This notice is provided in a layered format so you can click though to specific areas set out below.
- Who we are and what we do.
- The information we collect about you.
- How we use your personal information.
- Sharing your information.
- Data security and retention.
- Your rights.
1. Who we are and what we do.
We are Aperidata Limited and we are the controller responsible for your personal information (referred to as we, us or our in this notice)
We enable businesses to better understand their customers. We do this by collecting information about individuals and businesses using Open Banking and other data sources. If you give us your consent, we will obtain information about your financial history, which we will then share with our business customer so that they can better understand you and make an assessment of your financial position. This may include allowing them to make informed decisions about your application for their products or services. In this notice, we call these our Business Services.
We are authorised and regulated by the Financial Conduct Authority to carry out services as a credit reference agency and a credit information service provider. We are also authorised to provide open banking services as an Account Information Service Provider.
We are not responsible for any decisions about you which are made by our business customer, including any decisions on applications for their products or services you may make. You should contact the organisation you have applied to if you would like more information about how any application was handled and how they use your personal information.
If you have any questions about this privacy notice, please contact us at:
- Email address: email@example.com
- Postal address: Aperidata Limited, Regus House, Herons Way, Chester Business Park, Chester, Cheshire, CH4 9QR
We keep this privacy notice under regular review. This version was last updated on 5th May 2023. Changes to this notice will appear on this page and, where appropriate, will be notified to you.
2. The information we collect about you
We may collect, use and store different kinds of personal information about you:
- We will ask you to provide some personal information directly to us (Consumer Data). For example, we may ask you to fill in a form with your name, contact details and other relevant information.
- If you give us your consent, we will use Open Banking to access your bank accounts and obtain information about your financial history (Account Data). This includes your account details, regular payments, account transactions, statements, account features and your contact details. You will be asked to give your consent for each bank account separately. If you choose not to consent, we will not be able to access your account and no information will be collected. We will access your account at the point you give your consent. in accordance with the Open Banking rules. Unless we specifically tell you otherwise, we will collect Account Data for a period of up to 48 months ending on the date we access the account.
The information we collect will include sensitive financial information about you.
We do not knowingly collect any ‘special categories of personal data’ about you (this means information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) and we do not collect any information about criminal convictions and offences.
It is important that the personal information we hold about you is accurate and up to date. Please tell us if your personal information changes during our relationship with you.
3. How we use your personal information
We will use your personal information to provide our services.
For Business Services, we calculate aggregated credit information to enable our business customer to better understand you and make an assessment of your financial position. We do this by collecting Consumer Data, Account Data and sharing it with our business customer.
We will only collect Account Data via Open Banking where you provide us with your explicit consent. You will need to give your consent for each bank account that we wish to access. For Business Services, we will then share this information with our business customer. This information can only be used by them for the specific purposes of:
- Making an assessment of your financial position.
- Assessing your eligibility for any products or services you may have applied for.
We will also anonymise your personal information so that it is no longer identifiable to you. We then use this anonymised information to carry out analyses to improve our services.
We do not use any automated decision-making about you.
In accordance with data protection law, we must always have a valid lawful basis for collecting and using your personal information. We will ask for your consent to in order to collect the Account Data and, where relevant, to share it with our business customer.
We will also use your personal information because it is in our legitimate interests in order to run our business, and we do not believe that your interests and fundamental rights override those interests. This includes anonymising the information so that it no longer identifies you.
We may use your personal information where we need to do so in order to comply with our legal or regulatory obligations. This may apply where we need to retain information for regulatory purposes in accordance with FCA rules.
4. Sharing your information
As part of our Business Services, we will share your personal information (including Consumer Data and Account Data) with our business customer with whom you have a relationship. We will always ask for your consent before sharing Account Data.
We may be required by law to share information about you with our regulator or where requested by law enforcement agencies for crime prevention or detection purposes.
In order to deliver our services, we engage suppliers to provide IT and data hosting services. These suppliers act as data processors on our behalf and we have put in place appropriate contractual protections to ensure that your personal information is kept secure and that they only process your information strictly in accordance with our instructions.
Other than as set out in this notice, we will not share your information with other third parties.
5. Data security and retention
All personal information you provide to us is stored securely in our systems. Once we have received your information, we will use strict procedures and security features to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
In accordance with data protection law, we will retain your personal information for no longer than is necessary. It may be necessary to retain information where we continue to have a business relationship with you, or where we are under a specific regulatory obligation to retain information for a certain number of years. We will generally hold Account Transaction Data that we collect about you for the period of our relationship with you and then a further 1 year. We will will also hold any Credit Reference data we derive about you from for the period of our relationship with you and then a further 6 years. This is to ensure that we have appropriate records and to comply with our regulatory requirements.
In some circumstances you can ask us to delete your information. See the ‘Your rights’ section of this notice for further information.
We may transfer and store your personal information on servers located outside the UK but inside the European Union. Transfers of personal information to the European Union are authorised on the basis of adequacy regulations made by the UK government under data protection law.
6. Your rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal information. Please note that not all of these rights are available all of the time, and are subject to certain restrictions.
You have the right to:
- Request access to your personal information.
- Request correction of any incomplete or inaccurate data we hold about you corrected, although we will need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal information in certain circumstances.
- Object to processing of your personal information in certain circumstances.
- Request restriction of processing of your personal information in certain circumstances.
- Request the transfer of your personal information to you or to a third party in a structured, commonly used, machine-readable format. Note that this right only applies in limited circumstances.
- Withdraw you consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You can exercise any of these rights at any time by contacting us using the details set out in the ‘Who we are’ section of this notice. Please note, however, that we may not always be able to comply with your request. If this is the case, we will tell you why.
If you are unhappy with the way we have responded to your request or how we have otherwise used your personal information, please contact us to give us an opportunity to resolve your issues.
You also have the right to make a complaint to the Information Commissioner’s Office, the UK’s independent regulator for data protection issues. More details of how to do so can be found at www.ico.org.uk/make-a-complaint
Your rights in respect of your credit file
If you exercise your right to access your personal information and you believe that any of the information we have sent you is wrong and that you are likely to suffer detriment because it is wrong, you can ask us to correct it or remove it from our file. You will need to write to us and explain why you think the information is wrong.
If you write to us, we have to reply in writing within 28 days. Our reply will tell you whether we have corrected the information, removed it from our file or done nothing. If we tell you that we have corrected the information, we will give you a copy of the corrected information.
If our reply says that we have done nothing, or if we fail to reply within 28 days, or if we correct the information but you are not satisfied with the correction, you can write your own note of correction and ask for it to be included on our file. To do this, you will need to write to us within 28 days of receiving our reply. We will either include your note of correction or, if we disagree, ask the Information Commissioner to decide whether or not the note of correction should be included.
If you are dissatisfied with how we have handled your request to correct your credit file, you can complain to the Information Commissioner’s Office.
Visitors to our website
If we want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Links to the other websites
We keep our privacy notice under regular review.