Privacy notice

Zopa Privacy Notice

This Privacy Notice is the standard data protection Privacy Notice for Zopa Limited and Zopa Bank Limited. When we mention "Zopa", "we", "us" or "our", we mean whichever one of Zopa Limited or Zopa Bank Limited that processed your personal information.

This Privacy Notice provides details of what information we collect from you, what we do with it, who we share it with and your rights in relation to it.

Last updated: 9 May 2019

1. The information we collect about you

The types of personal data that we collect and process about you may include, but is not limited to the following:

Personal DataExamples

Contact and ID

  • Name
  • Address
  • Date of birth
  • Telephone numbers
  • Email Address

Financial

  • Credit worthiness
  • Financial history
  • Bank account details
  • Incomings and outgoings
  • Tax status

Special Category

  • Physical health
  • Mental health
  • Criminal convictions

Operational

  • Complaints
  • Log ins
  • Data subject access request
  • Correction requests

This information may come from:

  • You, when you use our lending platform; e.g. when you apply for a loan (including if your application is declined) or ask us to provide you with a personalised rate
  • The way you use your account, our website and online services
  • Your interactions with us, including information you may voluntarily share with us
  • Credit reference agencies (who may check the information against other databases – public and private – to which they have access) or fraud prevention agencies
  • Various third parties and other publicly available sources, e.g. we may buy or rent marketing lists from third parties, which contain the contact details of individuals (including you) to whom we can send marketing materials

2. Using your information

The UK's Data Protection law allows us to use your personal information provided we have a legal basis for doing so. In accordance with the law, we use your personal data when one or more of the following reasons are met:

  • To perform our contractual obligations under our agreement with you
  • To comply with a law that we are subject to as a financial institution
  • We (or a third party) have a legitimate interest in using your information which isn't outweighed by your interests, rights and freedoms
  • You have given us your consent

We've set out in the table below how we use your personal data and the legal basis for using it:

How we may use your informationLawful basis for processing

To onboard and serve you as a customer:

  • Verify your identity and any other information you've provided us
  • Prevent or detect attempted fraud, money laundering or other crime in your name
  • Assess your eligibility to our products and services
  • Assess your credit worthiness, to determine whether you can afford a product you requested; or afford to add more to an existing product
  • Manage your account(s) with us
  • Receive service messages about your account
  • Improve the relevance of marketing messages we may send you
  • Process payments that are paid to you or by you

To perform our contractual obligations under our agreement with you:

  • To respond to your queries
  • To allow you to use our lending platform
  • To allow us to provide the services or financing you've requested

To comply with laws and regulations:

  • UK/EU anti-money laundering laws and regulations
  • UK/EU/UN sanctions (which prohibit us from providing products to certain individuals)
  • Rules and regulations imposed by the Financial Conduct Authority and HMRC

Legitimate interest:

  • Protecting our customers from unnecessary risks
  • Preventing fraud and money laundering to protect our business
  • Ensuring we and investors who lend money via our platform earn a reasonable rate of return
  • Protecting us and our customers against harm to our collective rights and interests

You have given us your consent.

To improve our business and products:

  • Prepare statistical reports from information about you, other customers and non-customers to help us manage our business better, for example improving our risk models
  • Analyse, assess and improve our services to customers, and for training and monitoring purposes
  • Create a profile of our existing customers to target new customers
  • Communicate with our third parties to help them understand, improve and fulfil on marketing activities (including supporting behaviour advertising techniques, e.g. use of cookie data)

Legitimate interest:

  • Developing and marketing new products and services our customers (and prospect customers) will find useful
  • Protecting our customers from unnecessary risks
  • Ensuring we and investors who lend money via our platform earn a reasonable rate of return
  • Protecting us and our customers against harm to our collective rights and interests

To protect our business:

  • To establish, exercise or defend legal claims against us
  • To trace and take appropriate action against you should you fail to repay your loan

To perform our contractual obligations under our agreement with you:

  • To fulfil mutually agreed contract obligations between us and our customers.

Legitimate interest:

  • Protecting our investors from unnecessary risks
  • Preventing fraud and money laundering to protect our business
  • Ensuring we and investors who lend money via our platform earn a reasonable rate of return

To comply with laws and regulations:

  • Complying with your data processing rights
  • Prevent or detect fraud, money laundering or other crime
  • Regulatory reporting
  • Internal and External audit purposes

To comply with laws and regulations:

  • UK/EU Data Protection law (GDPR)
  • UK/EU anti-money laundering laws and regulations
  • UK/EU/UN sanctions (which prohibit us from providing products to certain individuals)
  • Rules and regulations imposed by the Financial Conduct Authority and HMRC

To provide an enhanced service:

  • Send you marketing messages on behalf of third parties
  • Refer you to credit brokers/other lenders if we're unable to offer you a loan
  • Hold any information relating to your physical and mental health you've given us
  • Send you marketing messages on behalf of Zopa

Legitimate interest:

  • To inform you of a new business activity we are undertaking
  • To inform you of a new product we are offering
  • To help grow our business

You have given us your consent.

When you register with Zopa we'll give you the option to receive our occasional updates. These messages notify you about new features on our website, ask your opinion, and tell you about services you may not be using yet. We only send these messages if there is something worthwhile to tell you about. If you don't want to receive these messages you can log into your account and change your "Details" settings. Simply select what you want to hear about and how.

There may be some messages that we're required by law or regulation to send you even if you ask us not to.

3. Sharing your information

We use third parties to help us perform or improve a range of our business processes so that we can carry on the activities described above. This means that we may have to share your information with third parties and/or they may have to share your information with us. These third parties may include (but are not limited to):

  • Credit reference and fraud prevention agencies
  • Our regulators or government authorities, for example the Financial Conduct Authority, the Financial Ombudsman Service and the police
  • Collection agencies and lawyers to help us collect any money you owe us
  • Third party service providers to support the running of our business: e.g. data storage, transfer and processing services
  • Third parties to help us understand, improve and market our products
  • Retailers from whom you've purchased goods or services using loans provided by us
  • Anyone to whom we may transfer all or part of our assets
  • If we are unable to offer you a loan and if you consent, to credit brokers or other lenders who may be able to arrange credit for you.

We won't disclose customer information to other Zopa customers unless it's necessary to enforce a loan contract between them. If you're an investor on our platform and we give you information about the loan customers you've lent to, you must only use it to discuss your loan contracts with us.

However, we may provide investors with certain transactional information (for example loan amount and repayment details). We will not be responsible for misuse of transactional data by others, but you must inform us promptly if you are the victim of any misuse of that information.

4. Credit reference agencies

When you ask us to provide you with a personalised loan rate we'll supply your personal information to credit reference agencies (CRAs) and carry out a 'soft credit search' to establish your credit rating. This is a preliminary credit check and will give us an overall view of your financial health (including your credit score) but not your full credit report. This will help us determine whether your application will be successful and how much you can borrow and at what interest rate.

The CRAs will record our search but other lenders won't be able to see it and it won't affect your credit score.

It's only when you accept our offered quote that we will carry out a full search of your credit report. CRAs will supply to us both public (including electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your credit worthiness and whether you can afford to take the loan
  • Verify the accuracy of the information you have provided us
  • Prevent criminal activity, fraud and money laundering
  • Manage your account
  • Trace and recover debts
  • Ensure any offers provided to you are appropriate to your circumstances

We'll go on sharing your personal information with CRAs for as long as you are a customer. We will also inform CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. They may also provide this information to other organisations.

We do not provide joint loans, but if you tell us you have a spouse of financial associate, we'll link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging this application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

As a general rule, we'll give you at least 28 days' notice if we decide to file a default on your credit reference file. However, we may not always give you notice beforehand, for example, if we plan to take court action.

If you are an investor or a prospective investor we may conduct searches with credit reference agencies to verify your identity and bank account details.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in the Credit Reference Agency Information Notice (CRAIN), which is available from each of the three CRAs-clicking on any of these three links will take you to the CRAIN document:

  1. TransUnion

  2. Equifax

  3. Experian

5. Fraud prevention agencies

If you give us false or inaccurate information or if we suspect or identify fraud we may record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention including law enforcement agencies.

We and other organisations may access and use this information to prevent fraud, money laundering or other criminal activity.

Fraud prevention agencies may hold your information for different periods of time, and if you're considered to be a fraud or money laundering risk, your information may be held for up to six years. It may also result in us and others refusing to provide services, financing or employment to you.

You can contact us at contactus@zopa.com if you'd like to know more about the credit reference and fraud prevention agencies we use.

6. Overseas transfers

We may transfer your personal information to countries outside the European Economic Area (EEA), whose information protection laws are less strict than in the UK. Where we do so, we will make sure suitable safeguards are in place in accordance with European data protection requirements, to protect the information.

Whenever fraud prevention and credit reference agencies transfer your information outside the EEA, they impose contractual obligations on the recipients of that data to protect your personal information to the standard required in the EEA. They may also require recipients to subscribe to 'international frameworks' intended to enable secure data sharing.

7. Retaining your information

We will hold your information for as long as you have a relationship with us, e.g. you’ve applying to take out a product with us or you’re an existing customer with us. How long we’ll keep your information for once your relationship with us ends, e.g. we’ve declined your application, or you’ve closed your account, will depend on the type of information and the purposes for which we hold it.

We’ll retain information that helps us to:

  • Comply with legal and regulatory requirements, e.g. anti-money laundering laws
  • Establish, exercise and defend legal claims
  • Prevent and detect fraud
  • Pursue our (or a third party’s) legitimate interests, e.g. developing and improving credit risk models to help us make better lending decisions
  • Deal with future complaints regarding the services we’ve provided
  • Maintain records of anyone who has opted out of receiving marketing material from us
  • Maintain business records for analysis and audit purposes

8. Automated decisions

Occasionally we’ll make decisions relating to you by using automated decision making processes, including profiling, and without human involvement. The types of automated decision making include:

Lending Decisions

When you apply for a loan we'll use an automated process to decide whether to lend to you, i.e. we may make our decision without any human involvement. This helps us to make fair and responsible lending decisions.

The process works by taking information you've provided when applying for the loan, any information we already have about you and information we obtain from third parties such as credit reference and fraud prevention agencies to calculate a credit score for you.

This information may include:

  • How long you've lived at your address
  • Your account history with us
  • The number and type of credit agreements you have and how you've used them
  • Whether you've been late making payments
  • Whether you've had any court judgments made against you or whether you've been made bankrupt or had an IVA or other form of debt-related arrangement.

Using an automated credit scoring process means we may automatically decide that we are unable to offer you a loan, or only offer you a loan for a lower amount and/or shorter term that you requested.

Our credit scoring methods are regularly tested to ensure they remain fair, accurate and unbiased.

Detecting fraud

We use automated processes to detect and help eradicate fraud.

We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent activity, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

If we think there is a risk of fraud we may suspend your account and/or refuse you access to it.

Developing and marketing our products and services

We may use automated processing and profiling to help us develop products and services that would be of interest to existing and prospective customers, to manage your existing products and services to help you get the best out of them, and to provide you with marketing messages that we think you’ll be interested in.

This automated decision making and profiling may mean us making changes to your current products and services or the way we communicate with you.

Your rights in relation to automated decision making

See "Your rights" below, for more details about your rights in relation to automated decision making.

You can ask us to reconsider any declined decision by contacting us at contactus@zopa.com or by calling us on 020 7580 6060.

9. Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide you with the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk may be retained by fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us using the details above.

10. Your rights

Right to be provided with certain information

We must provide you with certain information at the time we collect your personal information, including how we use it and the legal basis for doing so, who we share it with, how long we intend to keep it, where we got the information from and your rights in relation to it. You find this information in this Privacy Notice.

Right to access your information

We must provide you with a copy of your information unless providing some or all of it would adversely affect the rights and freedoms of others, or the law allows us not to comply with your request. You can access your personal information by emailing us at contactus@zopa.com or by calling us on 020 7580 6060. We aim to provide you with your information within 30 days.

Right to correction

You can ask us to correct any information which you believe is inaccurate. We'll update your information as soon as we can. You may need to provide supporting evidence before we can deal with your request; e.g. a copy of your marriage certificate if you want to update your name.

Right to erasure (‘right to be forgotten’)

You can ask us to erase your personal information:

  • if you think it's no longer necessary for us to hold your information;
  • if you don't think we have any legitimate grounds for processing it;
  • if you think we're using your personal information unlawfully; or
  • if you think we should delete your personal information because the law requires us to do so.

Right to restrict processing

You can ask us to stop using your personal information:

  • if you think it's inaccurate;
  • if you think it's illegal for us to use it;
  • if you don't want us to destroy it because you need it for legal proceedings;
  • if you've told we don't have a legitimate reason for using it and we're considering your request.

Notification obligation

You can ask us to notify everyone to whom we've given your personal information whenever we amend, delete or agree to restrict our use of it.

Right to data portability

If we're using your information on the basis of your consent or because we need it to carry out our contractual obligations to you, you can ask us to give you your personal information in a structured, commonly used and machine-readable format or have it transmitted to another data controller.

Right to object

We may use your personal information to further our legitimate interests; e.g., we may use information about you to improve our marketing messages because we have a legitimate interest in making sure our customers know about new products which could be of benefit to them. We'll always give you a right to object whenever we intend to use your personal information for our legitimate interests.

Right to human intervention

When you apply for a loan we'll use an automated process to decide whether to lend to you. If we decline your application, you can ask one of our underwriters to review our decision.

There may be occasions when you wish to exercise one of your rights and we're unable to agree to your request, e.g. because we have compelling legitimate grounds for using your information, or because we need to keep your information to comply with a legal obligation.

You can send us your request by emailing us at contactus@zopa.com or by calling us on 020 7580 6060.

How to stop receiving marketing messages

If you no longer want to receive marketing messages you can log into your account and change your "Details" settings. If you need help with this, please get in touch with our customer services at contactus@zopa.com.

11. How to contact us or make a complaint

If you have any further questions about data privacy at Zopa, or if you are unhappy with how we've handled your information you can contact us at:

The Data Protection Officer (DPO)
Zopa
47-49, Cottons Centre
Tooley St
London
SE1 2QG

Or by email at: privacy@zopa.com

If you are still unsatisfied you can refer your concerns to the Information Commissioner's Office, the body that regulates the handling of personal information in the UK, at:

Information Commissioner's Office
Wycliffe House,
Water Lane,
Wimslow,
SK9 5AF

Tel: 0303 123 1113
Website: www.ico.org.uk

12. Consequences of not providing us with your personal information

You don't have to provide us with your personal information. However, we need your information partly because the law requires us to ask for certain details about you and partly so that we can offer products and services to you in accordance with our agreement with you. This means that if you don't provide us with the information we ask for, we'll not be able to open an account for you.

13. Keeping your information safe

We take your privacy seriously and take every reasonable measure to keep your information secure. We monitor our systems 24/7 and continually work to improve the security of your personal information and our systems.

We use encryption to ensure the security of your data during transmission.

14. Cookies

We use "cookies", which store small amounts of information on your computer or device to allow certain information from your web browser to be collected. You can find more details about this in our Cookie Policy

15. About Zopa

Zopa Bank Limited is a company incorporated in England & Wales under company registration number 10627575, having its registered office at 1st Floor, Cottons Centre, Tooley Street, London SE1 2QG. It's registered with the Information Commissioner with registration number Z879078. It's also authorised and regulated by the Financial Conduct Authority and entered on the Financial Services Register under firm registration number 800542.

16. Changes to this Privacy Notice

We'll regularly review this Privacy Notice. If we make any changes, we'll post the updated policy on this page.

Recent updates:

9 May 2019 Change from ‘Privacy Notice’ to ‘Privacy Notice’. Full revision of the document with enhancements to the information we collect about you, how we process your data, retaining your information and automated decisions.

4 December 2018 We extended the policy to cover Zopa Financial Services Limited, which will launch as a bank next year.

1 December 2018 We added details of how our company is now structured and regulated now that we have a banking licence.

23 November 2018 Added contact details for our Data Protection Officer (DPO).

1 August 2018. We clarified our responsibility on overseas transfers.

We’re here to help

Monday to Thursday (8am to 8pm), and Friday (8am to 5pm).

We can't take applications over the phone.

UK residents only. Calls may be monitored or recorded.

contactus@zopa.com

020 7580 6060 for loans

020 7291 8331 for investments

We use cookies to give you a better experience. Learn about cookies