Last updated: 06 August 2019
“OpenWrks” is a trading name of Business Finance Technology Group Limited (with company number 09422433) which expression includes its subsidiaries, affiliates and holding company, whose registered office is at: The Poynt, 45 Wollaton Street, Nottingham, NG1 5FW
At OpenWrks, we are committed to maintaining the confidentiality, integrity and security of your personal data as a priority. We employ advanced data protection and security techniques to safeguard you against identity theft and/or other related illicit access, use or disclosure of your personal data. We will use commercially reasonable methods to secure your personal data in our files and systems.
The term “personal data” means any information relating to an identified or identifiable natural person and includes, but is not limited to, such information as your name, address, phone number, fax number, email address, government identification number, location data, certain online identifiers (e.g. IP address, cookies) and financial data, but excludes business contact information.
(i) visitors to our website located at www.openwrks.com and all related subdomains (together making up the “Website”);
(ii) third-party clients who use our application programming interfaces (“APIs”) and any other services, products, tools, features or content as made available by OpenWrks;
(iii) end users who use our Website, mobile applications and any other services, products or content made available by OpenWrks.
By using the Website, APIs or any other services, products, tools, features or content as made available by OpenWrks (collectively, the “Services”), you hereby
(i) acknowledge and confirm that you are at least eighteen (18) years old, and
For the purpose of Data Protection Regulations, the data controller is Business Finance Technology Group Limited. Our data controller registration number is ZA099506. You can check our registration on the Data Protection Public Register by visiting https://www.ico.org.uk/esdwebpages/search.
Below you can find the kind of information we may store, how we get it, use it and how we protect your privacy.
We may collect and process the following data about you:
1.1 Information you give us
You may give us information about you when you use our Website or by communicating with us by email or otherwise. This includes information you provide when you use or register to use our Services inclusive of participating in our discussion boards or social media functions, providing us with feedback, participating in surveys, sending us a query, request or complaint, and when you report a problem with our Services. The information you give us may include but is not limited to, your name, address, email address, phone number, date of birth, and message content (either recordings or transcripts).
1.2. Information we collect from payment services providers (e.g. banks)
As a regulated account information services provider (“RAISP”), regulated by the Financial Conduct Authority (“FCA”), we are trusted to securely connect you to your payment services provider in order for you to retrieve and use your own financial data. We will never store any security or access information used to authorise you when accessing your financial account, including but not limited to username, access number, password, security questions and answers, token/SMS codes or multifactor information. If you grant us permission to access it, we will obtain transactions and other details about your accounts from your payment services provider on your behalf.
1.3. Information we record about you
(i) technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(ii) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us.
A cookie is a data file placed on a device when it is used to access the Services. Cookies and Flash cookies may be used for many purposes, including without limitation remembering you and your preferences and tracking your visits to our Website. Cookies work by assigning a number to the User that has no meaning outside of the assigning website. Cookies can be disabled or controlled by setting a preference within your web browser or on your device. However, if you choose to disable cookies some features of the Services may not function properly or may not be able to customise the delivery of information to you.
1.3.2. Web beacons
Web beacons are images (single-pixel gifs) embedded in a web page or email for the purpose of measuring and analysing website usage and activity. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count Users of the Services, monitor how Users navigate the Services, count how many e-mails that we send are actually opened or how many particular articles or links are actually viewed.
1.4. Information we receive from other sources
We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, search information providers, Credit Reference Agencies) and may receive information about you from them.
We use personal data held about you in the following ways:
2.1. Information you give us, or that we collect from third parties on your behalf as part of our Services
(a) to provide you with the Services that you request from us, including, where you have given consent, to make your financial data securely available to a third-party client that you are a customer of and who referred you to our Services;
(b) to administer your account and relationship with us and to, communicate with you by email, instant messaging, mail, telephone, text (SMS) message or other electronic means;
(c) to verify your identity as part of our identity authentication process;
(d) to provide you with information about other Services we offer that are similar to those that you are already using or have enquired about;
(e) to provide you with information about products or services we feel may interest you;
(f) to validate if you are an existing customer with a product provider (which may affect whether you can be accepted for one of their products) or for fraud prevention purposes. In this instance, the product provider will not have permission to use these data for any other purpose including marketing;
(g) to notify you about changes to our Services;
(h) to ensure that content from our Website is presented in the most effective manner for you and your device;
(i) to aggregate it on an anonymous basis with other data for analytical and reporting purposes;
(j) to check your instructions to us;
(k) to analyse, assess and improve our customer service;
(l) for training and quality purposes;
(m) for the purposes of investigating any complaint you may make, or as evidence in any dispute or anticipated disputes between you and us.
2.2. Information we record about you
(a) to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(b) to build up a picture of your interests so that you don’t miss information relevant to you when you visit our website;
(c) to improve the Services we offer you and to try and ensure that content is presented in the most effective manner for you and for the devices you use to access it;
(d) to enhance your user experience by reducing the duplication of content, features and Services shown to you;
(e) to allow you to participate in any interactive features of our Services we may provide, when you choose to do so;
(f) to inform our performance in keeping our Website safe and secure;
(g) to measure or understand the effectiveness of any advertising we may serve to you and others
(h) to identify and deliver more relevant advertising to you if we choose to do so;
(i) to make suggestions and recommendations to you and others of our Services about products or services that may interest you or them.
2.3. Information we receive from other sources.
We may combine this information with information you give to us and information we record about you. We may use this information and the combined information for the purposes set out in 2.1 and 2.2 depending on the types of information we receive.
By using our Services, you consent to us disclosing your personal information to the following parties:
3.1. Third-Party clients – that you are a customer of, where you have given consent and who referred you to our Services, to allow the third-party client to provide you with Services you have requested;
3.2. Relevant Authorities – including and the police, to prevent crime or when demanded by any applicable law, existing regulation, summons or other legal process;
3.3. Representatives and Advisors – like lawyers and accountants, to help us comply with legal, accounting, or security requirements;
3.4. Credit Reference Agencies, to obtain your credit score and credit report where you have given us explicit consent to do this;
3.5. Other third parties, in the following circumstances:
3.5.1. We sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
3.5.2. OpenWrks or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
3.5.3. In order to comply with any legal obligation; prevent crime; enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of OpenWrks, our customers, or others. This includes exchanging information with relevant authorities such as the police and Fraud prevention agencies.
4.1. We offer you the opportunity to receive information from us. We will normally send direct marketing by email if we have your email address, but may choose to contact you via other methods such as telephone, SMS or mail if we have this information.
4.2. If you would like us to stop sending direct marketing to you, we offer simple ways to do this. Whenever you receive direct marketing you will be told how to unsubscribe.
4.3. You can tell us that you do not wish to receive any direct marketing by sending us an email to firstname.lastname@example.org with your name and we will stop marketing communications to you.
4.4. If you believe any data or information we hold about you is inaccurate or out of date, please let us know by sending us an email to email@example.com.
4.4.1. Where information is solely owned by OpenWrks, we will correct it where appropriate.
4.4.2. If the data in question has been obtained from a third party, where appropriate, we will inform you with whom that data is held and how to contact them in order to resolve.
4.5. To directly change your marketing contact preferences, or to access, correct or change your records, you will need to get in touch with our Data Protection Officer (see “Contact Our Data Protection Officer” below).
5.1. Data storage
All information you provide to us and that we obtain about you is stored on our secure servers.
5.2. Data transmission
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorised access, loss or damage.
5.3. Notice of Security Breach
5.3.1. Nobody is 100% safe from hackers. If a security breach causes an unauthorised intrusion into our systems that materially affects you, then we will notify you of the security breach without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.
5.3.2. Where a breach materially affects a significant number of customers, we are also required to notify relevant regulatory bodies.
5.3.3. We will inform relevant parties of:
(a) the nature of the security breach;
(b) the data that has been, or we reasonably believes to have been, compromised; and
(c) the immediate actions taken by us with respect thereto.
5.3.4. We will later report the measures we’ve taken to mitigate potential adverse effects and prevent continuing or similar security breaches in the future.
6.1. You own your data and you have the right to withdraw consent to the processing of your personal data meaning your personal data will be deleted from our primary production servers.
6.2. Anytime you want your data removed from our systems, you can withdraw consent to the processing of your personal data by contacting us at firstname.lastname@example.org.
6.3. As a result,
6.3.1. your data will be removed permanently from our production servers and further access to your data will be impossible;
6.3.2. any connection(s) we’ve established to your financial account(s) at your payment services provider(s) will be disconnected;
6.3.3. third-party clients you gave consent for us to make your financial data available to will no longer be able to access your data.
6.4. However, we will keep an archived record of your personal data only for use in the following purposes:
6.4.1. anonymised aggregated statistical analytics;
6.4.2. responding to legal disputes;
6.4.3. responding to regulatory enquiries or investigations.
7.1. How long we keep your information will depend on the purpose for which we use it. We will only retain your information for as long as is necessary for those purposes.
7.2. We keep the information that’s needed to provide you the Services that you have requested for as long as it takes us to provide the Services.
7.3. If you have asked us not to use your details for marketing purposes, we may still need to keep them to make sure our systems reflect your preferences.
7.4. Please note that if you withdraw consent to the processing of your personal data, access to our Services will be terminated, but we will create an archived record of your personal data. We will only use this for the following specific purposes:
7.4.1. for the purposes of responding to legal disputes, regulatory enquiries or investigations up to 6 years after termination (unless a longer period is prescribed by law);
7.4.2. for the purposes of anonymised aggregated statistical analytics, we will keep this indefinitely and remove personal data no longer required from the records accordingly.
Our Services may include links to other sites. We make every effort to provide links to high quality, reputable sites. But we are not responsible for their privacy practices, site content or the services they offer. Please always check the privacy policies of any sites we link to.
9.1. You may request a copy of any personal data about you held by us. You will need to make a separate request for each company within the group of affiliated companies whose records you wish to access.
9.2. We will respond within the timeframe defined by Data Protection Regulations.
9.3. The request must be in writing and must contain the following:
9.3.1. Your name and postal address;
9.3.2. A telephone number where you can be reached.
9.4. You must also provide:
9.4.1. A photocopy of your passport or driving licence;
9.4.2. Your signature and the date of the request;
9.4.3. Signed authority from the individual whose data is required if you are applying on their behalf.
9.5. Please send your request to:
Data Protection Officer
Business Finance Technology Group Limited
45 Wollaton Street
10.1. Our aim at all times is to provide you with an excellent service. If you are unhappy with our service for any reason, please contact our Customer Services Team by writing to Customer Services Team, The Poynt, 45 Wollaton St, Nottingham. NG1 5FW or email email@example.com.
10.2. We will aim to resolve your complaint within 48 hours. If we are not able to do so, we will provide you with an acknowledgement. After we have had an opportunity to investigate your concerns, we will issue you with a final response. Depending on the nature of your complaint and if you remain dissatisfied with our response, you may have the right to refer your case to the Financial Ombudsman Service at Exchange Tower, London, E14 9SR; telephone: 0800 023 4 567; email: firstname.lastname@example.org; or website: https://www.financial-ombudsman.org.uk/contact-us. We will advise you if this right of referral applies to you.
10.3. If you are unhappy with any services you have received or obtained from a third-party client or have any complaint regarding any third-party client, you should address your complaint directly to that third-party client. If you require their contact details, please contact Our Customer Services Team who will be happy to assist.