OakNorth Analytical Intelligence (UK) Limited (“We”, “us”, “our” or “Company”) Registered in England No. 10920067. Registered Office: 57 Broadwick Street, London, W1F 9QS. References to “You” or “Your” is to the applicant who wishes to avail any service or product of the company and/or its clients, and from whom the company and/or its clients shall collect and process the personal data to provide the service and/or product, as well as to previous and current customers of the products and/or services.

You can contact us:

i)  By writing:
OakNorth Analytical Intelligence (UK) Limited
57 Broadwick Street
London
W1F 9QS

ii) By emailing:
You can contact our Data Protection Office by emailing: dpo@oaknorth.ai 

How We Use Your Personal Information

OakNorth Analytical Intelligence will take all reasonable commercial measures in ensuring your information is protected and secured in accordance with all relevant laws and regulatory standards.

1. Before they provide services, products or financing to you, OakNorth Analytical Intelligence’s clients shall collect and process your personal data and will share it with OakNorth Analytical Intelligence to allow OakNorth Analytical Intelligence to undertake credit analysis to assess your eligibility for credit or that of the legal entity you represent.

The personal data collected from you or which we have received from our clients may include your:

Information Obtained Directly from You or OakNorth Analytical Intelligence’s clients

Category of Personal DataSourceRequirementConsequence of Failure to Provide
Contact Information
Financial Information
Identity Information
Tax Residency Information
YouStatutoryIt would not be possible to complete an application for the requested product and/or service.
Employment Status InformationYouContractualIt would not be possible to complete an application for the requested product and/or service.

Information Obtained from Other Sources

Category of Personal DataSourceRequirementConsequence of Failure to Provide
Financial Information
Credit Information
Directorship Information
Shareholding Information
Credit Information
Identity Information
Tax Residency Information
1. Credit Reference Agencies
2. Risk Management Agencies
3. Public Registers
ContractualIt would not be possible to complete an application for the requested product and/or service.

Glossary of Categories of Personal Data

Category of Personal DataIncluded Information
Contact Informationpostal address, email address, telephone number(s)
Identity Informationtitle, name, nationality, gender, age, photograph, signature, electoral roll data, passport
Employment Status Informationemployed, self-employed, student, retired, other
Financial Informationassets, liabilities, income and expenses
Credit Informationcredit history
Transactional Informationdeposits, withdrawals, and payment history of your account(s) with OakNorth Analytical Intelligence’s client
Tax Residency Informationnational insurance / social security number, foreign tax identification number(s), citizenship(s)
Directorship Informationdirectorship role of business
Shareholding Informationbeneficial ownership of business

We will retain your personal data, that you supply in the application form and elsewhere (including identification data, product data, email correspondence, and transactional information) on paper and on computer, and/or other electronic devices for six years after the closing date of your last application to comply with legal and regulatory obligations (including any possible fraud, financial crime and complaints investigations), to retain a reference and audit trail of any discussions, and to preserve a record of account history to facilitate a streamlined customer journey for any future new account applications. OakNorth Analytical Intelligence’s clients and the external agencies they use (fraud prevention, credit reference and risk management agencies) will retain your data for different periods of time, as covered by their Privacy Notice.

We will retain records in accordance with our retention policy and to comply with laws and regulatory requirements. This includes retaining backups of our systems infrastructure for disaster recovering purposes.

2. The information we hold about you may be used for:

Category of Personal DataPurpose for processingLawful basis for processing
Contact Information
Financial Information
Transactional Information
Identity Information
Tax Residency Information
Security Information
Employment Status Information

Directorship Information

Shareholding Information
1. operating, maintaining and administering your loan account(s) application(s) and/or our business
2. providing you with the services and products you have requested
contract
Contact Information
Financial Information
Transactional Information
Identity Information
Tax Residency Information
Security Information
Employment Status Information

Directorship Information

Shareholding Information
1. internal reporting (for business operation purposes) and external reporting (for compliance with any legal and/or regulatory obligations)
2. our confidential research and analysis
3. complying with any other legal and/or regulatory requirements including legitimate requests for information from law enforcement or regulatory bodies/agencies
4. general record keeping requirements as stipulated by laws, regulations, and/or Regulatory Authorities
5. developing the products and services we provide
6. carrying out public registers and commercial databases searches
Legitimate interest

Legal obligation

3. Any personal data you provide to us will be held and processed by us at all times in accordance with the General Data Protection Regulation.

4. We may also use selected third parties to process your information and provide services on our behalf and in some cases, we may need to transfer your information to countries both within and outside the European Economic Area. Where we do this, we will ensure that adequate procedures and safeguards are put in place to protect your personal data at all times and anyone to whom we pass the information provides an adequate level of data protection in accordance with the regulation.

5. We will not disclose information about you to anyone else (other than agents or third parties performing any of the above activities on our behalf) unless we are required by law to do so.

6. When you visit our website, we will set essential cookies on your device, but request your consent to set non-essential cookies. You can find out more about how we use cookies in our Cookie Policy. However, please note that we use Google Analytics who is a third-party web analysis service provided by Google Inc, which uses performance cookies and targeting cookies. The information generated by these cookies about your use of the Website (including your IP address), will be transmitted to and stored by Google Inc on servers in the United States. Google will use the information collected for the purpose of evaluating your use of our Website on our behalf, compiling reports on website activity and providing other services relating to activity and internet usage to us. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser as described above. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB . This creates an opt-out cookie which prevents the further processing of your data. For more information about Google Analytics cookies, please see Google’s help pages and privacy policy. If you prevent these cookies, we cannot guarantee how the Website will perform for you.

How We Use Your Personal Information

We will take appropriate security measures to ensure that your personal data is protected and secured in accordance with the relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR). We will only disclose information about you to third party data processors who shall process your personal data on our behalf (like our service provider and affiliate entities in India and Singapore). We may also disclose information about you to credit reference, fraud prevention, and risk management agencies, or if we are required by law or regulation to do so. We shall ensure that our data processors shall process your data based on our instructions and have appropriate data security measures to protect the personal data.
In some cases, we may need to transfer your information to third parties overseas including our affiliate entities in India and Singapore i.e. outside the European Economic Area. However, we will ensure that adequate procedures and safeguards such as the European Commission Model Contract Clauses, as an example, are in place to protect your personal data at all times and that the affiliate and the third parties are contractually obligated to provide an adequate level of data protection in accordance with the EU data protection laws and regulations.

Impacts of processing

If we determine that you pose a fraud or financial crime risk (which may be based on information provided to us by a fraud prevention or risk management agency), we and/or OakNorth Analytical Intelligence’s client may refuse to provide the services you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us for so long as is permitted by law, and may result in others refusing to provide services, financing or employment to you.

If false or inaccurate information is provided and fraud is identified or suspected, we may pass information to financial and other organisations involved in fraud prevention to protect us and our customers from theft and fraud.

Law enforcement agencies may also access and use this information to detect, investigate and prevent crime. We may provide the law enforcement agencies with information about you or your account which we consider relevant to assist with any investigation of criminal activity.

Your rights

Your personal data is protected by legal rights (where applicable), and may include:

1. The right to be informed
The right to be informed encompasses our obligation to provide ‘fair processing information’ through a privacy notice. It emphasises the need for transparency over how we use personal data.

2. The right of access
You have the right to access your personal data and supplementary information. The right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. The right of access allows you to submit a Data Subject Access Requests (DSARs) for a copy of the personal data that we hold about you.

3. The right to rectification
The GDPR gives you the right to have personal data rectified if it is inaccurate or incomplete.

4. The right to erasure
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. The right to erasure does not provide an absolute ‘right to be forgotten’. You have a right to have personal data erased and to prevent processing in specific circumstances, such as:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
  • When you withdraw consent where consent is based on the points below, without affecting the lawfulness of processing based on consent before such withdrawal.
    • Where you have given consent to the processing of your personal data for one or more specific purposes; or
    • Where you have given explicit consent to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation for one or more specified purposes, except where Union or UK law provide that the prohibition may not be lifted by the data subject.
  • For example, if you provided consent to direct email marketing, you have the right to withdraw this consent.
    • When you object to the processing and there is no overriding legitimate interest for continuing the processing.
    • The personal data was unlawfully processed
    • The personal data has to be erased in order to comply with a legal obligation.
    • The personal data is processed in relation to the offer of information society services to a child.

5. The right to restrict processing
You have the right to ‘block’ or suppress processing of personal data, which will make it restricted, and permit us to store the personal data, but not to further process it. We would retain just enough information about you to ensure that the restriction is respected in future. We will be required to restrict the processing of your personal data in the following circumstances:

Where you contest the accuracy of your personal data. We will restrict the processing until we have verified the accuracy of the personal data.
Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our legitimate grounds override those of the individual.

When processing is unlawful and you oppose erasure and request restriction instead.

If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.

We must inform you when we decide to lift a restriction on processing.

6. The right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The right to data portability only applies to personal data you provided to us, where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.

7. The right to object
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. You must have an objection on “grounds relating to your particular situation” if processing is based on performance of a legal task, our legitimate interests, or research purposes.

8. The right in relation to automated decision making and profiling
Article 22 of the GDPR has additional rules to protect you if we are carrying out solely automated decision-making that has legal or similarly significant effects on you. We will only carry out this type of decision-making where the decision is: necessary for the entry into or performance of a contract, authorised by Union or UK law applicable to us, or based on your explicit consent.

For more information or to exercise your data protection rights, please contact our Data Protection Officer using the contact details above.