Privacy policy.

VERSION 1.2 UPDATED ON 03 OCTOBER 2018

Who are we?

Data OD Ltd (trading as DataOnDemand or DataOnDemand.co.uk) are a UK consumer data aggregator. This means that we gather information about people from different data sources called Network Partners, Data Contributors, Data Partners and Data Disclosers .

The data that is shared with us includes Online Loan Applications, Online Competition Online Entries, Online and Offline Magazine Subscriptions and Public Databases such as the Edited Electoral Roll, the Land Registry and the Energy Performance Certificate register.

We combine this information to create a Single Customer view so we can provide your information to other companies who want to contact you about their products and services. These other companies are called Third Parties and we share your information with them.

Our Data Collection Practices

Data OD Ltd is a leader in the marketing services industry, so we adopt and implement best practices and diligently seek to follow all laws governing the acquisition, compilation and distribution of consumer data. These practices include careful screening of data sources, ongoing internal audits, and appropriate consumer notice and choice.

We are signatories of the Your Data Matters register https://ico.org.uk/your-data-matters/

Why do we process your information?

We process your information to share with Third Parties for Marketing and Tracing activities.

These companies my bring to your attention information about Products and Services that may be of interest to you and include such things that may help you save money, borrow money, reduce debt, increase earnings, improve your credit rating, improve your health and fitness, create more value for money, get better results and create benefits for you and your family.

These companies may contact you where they have a lawful reason, which may include these organisation’s own legitimate interest.  Use includes tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.

Why do we share your information with Third Party Controllers?

We only share your information for Marketing if you have given explicit consent. This means that you have made a positive action to opt-in and agree to Third Party Parties contacting you directly or passing on your information to a Sub Processor to contact you. A Sub Processor may be a Call Centre who are employed by a Telecoms or Utility company to inform you about Products and Services that may be of benefit to you, for example.

We share your information for Tracing purposes where there is a lawful reason.

When you have registered, applied or made an entry on a Data Contributor’s website or app you will have been given the option to agree to third party marketing by the channel/s that you specified. Typically, you will have four options to choose from which are Telephone, SMS (Text Message), Email or Post.

You can select one or all options depending on your preferences. Your ability to process a loan application, enter a competition draw or subscribe to a magazine is not affected if you choose to decline and opt-out of sharing your information with Third Party Controllers.

How do we process your information?

Your information is processed to:

Supply to your data to Third Party Controllers

Ensure accuracy by combining data and insights from multiple Data Contributors

Restrict marketing communications for consumers registered with MPS or TPS

Update the data using Equifax’s DisConnect product to identify people who have moved home or are deceased

Remove your data from our database and Third Party Controller databases

Respond to your requests for information

Update and correct the accuracy of the data

Combine data from multiple Data Contributors and publicly available databases to make assumptions using combined data to create marketing profiles.

Provide you with marketing information about products and services that are listed in the Privacy notice on Data Contributor’s websites.

Create marketing profiles using information provided in your application i.e. Loan Purpose, Marital Status or Employment Industry, for example.

To maintain a suppression file of data that has withdrawn consent for Third Party Controllers

Enrich your information by appending information available from Government ‘Open’ data e.g. Land Registry (http://www.gov.uk/government/organisations/land-registry/about) or the EPC Register (http://www.epcregister.com/) to create marketing profile

Create marketing categories derived from information you have provided including Demographics – age, gender, marital status, number of children, occupation Behavioural and lifestyle – hobbies, sporting activities, travel preferences, high-tech equipment users and purchasing behaviour, Property Information – property type, property value and tenure and Life events – consumers who have recently moved home or had a baby, Transactional – expenditure, income, Automotive – Make and Model of Vehicle

Derive information pertaining to individual customers such as Gender, Marital status, Actual and estimated age range, Estimated income, Education level, Household status (head of household, spouse, elderly parent, young adult), Lifestyle interests (e.g. product ownership, interests and hobbies, travel, charities supported etc)

Derive information pertaining to Households such as Property type, whether a household rents or owns a home, The estimated value of a home, Length of residence, Number of adults, Telephone number, Presence of children, Estimated Household income

To create Custom Audiences on Facebook and Google Platforms.

Use includes tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.

Third party controllers may contact you by email, SMS, telephone or post depending on the level of consent you have given.

How do you withdraw your consent for marketing?

Withdrawing consent is simple.

You can visit TMPS here The Marketing Preference Service provided by Data OD Ltd.

TMPS is an online preference dashboard that allows you to manage your marketing consent.

Using the TMPS dashboard is the fastest way to withdraw consent for marketing.

Alternatively, you can email MyInfo@DataOnDemand.co.uk with your request to withdraw your consent. Please include your First Name, Surname, [Mobile, Landline or Email] and Postcode so we can identify you and remove your information from the database.

We aim to respond to your email within 14 days of receipt.

It can take up to 28 days to remove your information from all Third Parties once the request has been processed.

If you continue to receive marketing messages after your request to withdraw your consent please contact us directly.

Alternatively, you can call us on 01134 266550.

Our office opening hours are Monday to Friday between 9:00am and 5:00pm.

More useful information to manage your marketing preferences below:

Postal Marketing – You can opt out of postal marketing by registering with the Mail Preference Service (MPS) at http://www.mpsonline.org.uk/. This is an industry wide service that is administered by the Direct Marketing Association and recognised by the Information Commissioner.

Telephone Marketing – You can opt out of all telemarketing activity by registering their details with the Telephone Preference Service (TPS) at http://www.tpsonline.org.uk/. The TPS is similar to the MPS but is administered by the Information Commissioner.

Email Marketing – Unlike Postal or Telephone channels, there is no industry-wide service to opt out of email marketing. Therefore consumers should always review privacy policies and marketing opt-in check boxes when registering for services or purchasing products online. Where unwanted email marketing is received, consumers should unsubscribe or use spam filters to prevent future communications.

Online Advertising – Marketing data is widely used to inform the advertising that is displayed when browsing online. Whilst digital marketers generally do not know the identity of the individual viewing a page, they are able to understand their likely characteristics based on their browsing behaviour or location in order to display a more relevant advert. If you would prefer not to receive targeted advertising in this way, there are a number of options available:

Cookies – are small files used by websites to recognise returning visitors and tailor content or advertising more effectively. Declining cookies when visiting websites will prevent those sites from displaying targeted advertising, whilst all modern browsers have a setting to clear cookies, which will delete all cookie data stored from previous website visits.

More information about the use of cookies for online advertising, together with further opt-out options can be found at http://www.youronlinechoices.com/uk/

Mobile devices – cookies used for advertising do not generally work on mobile devices, however, advertisers can still recognise returning visitors both when browsing online and when using apps through the use of an ‘Advertising ID’. The Advertising ID is created by the mobile device, but can be reset at any time, thereby deleting all data held against it. Instructions on resetting Advertising ID’s will vary by device but can be found here for Apple devices, or here for Android devices.

What information do we aggregate?

When you register your information with our Data Contributors you may provide any of the data fields listed below. We aggregate this information and process it by combining data to create a Single Customer View.

 

Categories of Data Types of Data
Banking Card type, Sort code
Pension Do you have a pension, Pension income
Employment Employer name, Employment industry, Job Title, Length of employment – Years and Months
Contact Information First Name, Surname, Postcode, House Name, Street, Town/City, Country, Home Phone, Mobile Phone, Employer Phone Number, Email
Demographic Gender. Marital status, number of dependants
Property Homeowner status, Time at Address – Years and Months
Digital IP Address, Device Type
Financial Loan amount, Loan purpose, Length of loan, Monthly income, How are you paid, How often are you paid, Next pay date, Rental/mortgage payments, Other expenses, Utilities/Bills, Transport, Food, Other income, Lender Decision

 

In addition to the Data Fields that you may input during an application, entry or submission we may also combine data from the publicly available databases listed below at an Individual level, relating to you, or a household level, relating to your household.

Publicly Available Databases

The Land Registry

http://www.gov.uk/government/organisations/land-registry

The EPC Register http://www.epcregister.com/

Electoral Roll http://www.gov.uk/electoral-register

Combining data

The information you give us may be combined with other information about you that is obtained from other sources. The combination is usually undertaken with a view to enhancing an existing database with more information. For example:

If you are already a customer of a third party, that third party might wish to add an e-mail address you give us to the customer records that it holds about you, and use that email address to maintain their relationship with you and/or to offer you goods and services that are similar to those you have previously purchased.

The information you give us may be compared with data available elsewhere to verify your identity or validate the information you have provided (for example in the context of anti-fraud measures).

Anonymised information about you may be combined with information about your devices (or cookies deployed on your devices) to improve the relevance of advertising material on websites you visit.

We may also use data acquired from Facebook that has been collected from websites and applications that allow you to connect with them using your Facebook profile. You can manage you privacy settings on Facebook here http://www.facebook.com/about/privacy

Who do we share your information with?

We may share your information with Third Party Controllers or Sub Processors. Your data may also be shared with future companies promoting the Products and Services listed below in The categories of recipients of the personal data. Your data may be shared with companies, service providers and or Government agencies, including the Police, who validate of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.

How can you access the information we hold about you?

You must make a Subject Access Request (SAR) to access information that we hold about you.

You must contact us directly to make a SAR.

In order for us to process your request it is our responsibility to identify you and be satisfied that you are the individual whom the data relates to. You cannot make a SAR on behalf of someone else unless you have the required written authority or demonstrable Power of Attorney.

The simplest way to make a SAR is to email us at SubjectAccessRequest@DataOnDemand.co.uk or alternatively you can write to us at Data Protection Officer, Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB.

With any SAR you must include the following information –

First Name

Surname

Full Address

The channel from which you have received marketing communication e.g. Telephone Number, Email Address or Postal Address

A copy of a recent Utility bill (or similar) that verifies your address

When have received the information outlined above we will contact you to process your SAR.

For more information and advice on what you are entitled to then please carefully read the information from the UK Supervisory Authority here http://ico.org.uk/for-the-public/personal-information/

Our security measures

We are aware of the importance of safeguarding the information under our control and endeavour to take all reasonable steps to protect it. All data collected through from our data contributors is stored on secure servers, and we have stringent security and confidentiality procedures covering the storage and disclosure of such information in accordance with the Data Protection Act 1998.

However, providing information and transacting over the internet has inherent security risks, and we cannot be held responsible for any breach of security which is outside our reasonable control or not due to our negligence or wilful default.

Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Your rights under GDPR

Right to be informed

The name and contact details of our organisation. We are Data OD Ltd. Our Head Office is based in Leeds, West Yorkshire and our trading address can be found at the bottom of this page. Our registered address is 62-66 Deansgate, Manchester, England, M3 2EN. Our Company number is 10183365. To contact us by telephone our main number is 01134 226 550. To contact us by email for general enquiries it is hello@dataondemand.co.uk
The purposes of the processing. We process your information to share with Third Parties for Marketing and Tracing activities. More information can be found above under the header ‘Why do we process your information?’
The lawful basis for the processing. Where you have given explicit Consent for marketing, that is the lawful basis for processing. Where there is a Legitimate Interest for sharing your data, that is the lawful basis for processing.
The legitimate interests for the processing. Use includes tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.
The categories of recipients of the personal data. Charitable and voluntary: Local Charity
Charitable and voluntary: National Charity
Transport and leisure: Accomodation provider
Transport and leisure: Aviation
Transport and leisure: Bar and Restaurant
Transport and leisure: Enertainment Provider
Transport and leisure: Haulage
Transport and leisure: Holiday provider and service
Transport and leisure: Leisure centre and gym
Transport and leisure: Passenger transport
Political: Politcal Party
Education and childcare: Academy and free school
Education and childcare: Careers service
Education and childcare: Childminder
Education and childcare: Community school
Education and childcare: Further education
Education and childcare: Higher education
Education and childcare: Maintained school
Education and childcare: Nursey, playgroup and After School Club
Education and childcare: Private school
Education and childcare: Training company
Education and childcare: Tutor
Marketing: Direct marketing provider > Business specialist in direct marketing, List broking
Marketing: Marketing provider > Lead Generator, Marketing Agency
General Busines: Business advice and consultancy, Dating agency, Market research, Motor Trade, Not for profit, Private investigator, Recruitment agency, Secruity, Supplier of services, Vetinary services
Justice: Anti-fraud and theft initiative, Police Authority, Police Commissioner, Police Force, Probation
Land or property services: Building and property construction, Estate agency / letting agency, Financial servcies and advice, Housing association, Property Management, Housing Association
Finace, insurance and credit: Bank and building society, Claims Management, Credit referencing, Debt collection/tracing, Financial Service and advice, Insolvency Practioner, Insurance, Lender, Payment service, Pension
Media: TV station /radio
Online Technology and Telecoms: Infrastructure and hardware provider, Service provider, Social media, Software developer
Health: Dentist, General practioner, Healthcare and pharaceuticals, Optician, Pharmacist
Retail and manufacture: Supplier of goods > Catalogue mailorder, Ecommerce (Online retailer), Mail order trader, Petrol retailer, Retail / Wholesale
The details of transfers of the personal data to any third countries or international organisations The data is shared with named recipients in the United States of America and Norway.
The retention periods for the personal data. We retain the permission to hold the data for marketing, trace and analysis purposes until we are advised by the Data Subject that they no longer want us to process their data. The maximum amount of time we will hold the data for suppression purposes is six years.
The right to withdraw consent. Refer to the section on this page entitled ‘How do you withdraw your consent for marketing?’
The right to lodge a complaint with a supervisory authority. You can lodge a complaint with the ICO by emailing casework@ico.org.uk
The source of the personal data. You can request the information in relation to the source of your personal data by emailing SubjectAccessRequest@DataOnDemand.co.uk. More information can be found above under the header ‘How can you access the information we hold about you?’
The details of the existence of automated decision-making, including profiling. Refer to the section on this page entitled ‘Why do we share your information with Third Parties?’

Right to access

The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully. You can contact us at MyInfo@DataOnDemand.co.uk to confirm if we are processing your data or to request a copy of the data that we hold and any supplementary information that you are entitled to. You can also call us directly on 01134 266 550 with the same request. More information can be found above under the header ‘How can you access the information we hold about you?’

Right to rectification

Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data You can contact us at MyInfo@DataOnDemand.co.uk to request to have inaccurate data rectifed or to have incomplete data completed. You can also call us directly on 01134 266 550 with the same request.

Right to erasure

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. You can contact us at MyInfo@DataOnDemand.co.uk to request to have your data deleted. You can also call us directly on 01134 266 550 with the same request.

Right to restrict processing

Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data. You can contact us at MyInfo@DataOnDemand.co.uk to request to have your added to our suppressio list and removed from our Partners if you wish to withdraw consent. You can also call us directly on 01134 266 550 with the same request.

Right to data portability

The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller. You can contact us at MyInfo@DataOnDemand.co.uk to request to a copy of the information we hold to be provided to you or another controller. This is supplied in a Excel (.CSV) format and can be sent by email or by post.You can also call us directly on 01134 266 550 with the same request.

Right to object

Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data. The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing. You can contact us at MyInfo@DataOnDemand.co.uk to request that we stop processing your personal data where you have given consent for marketing.You can also call us directly on 01134 266 550 with the same request.

Rights related to automated decision making including profiling

Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them. You can contact us at MyInfo@DataOnDemand.co.uk to request that do not use your personal data to create the models outlined in the section of this page entitled Why do we share your information with Third Parties?. You can also call us directly on 01134 266 550 with the same request.

How to contact us

If you have any comments or queries about this Privacy Policy, please email us at hello@dataondemand.co.uk or call us on 01134 266 550.