Close

Privacy Statement

TABLE OF CONTENTS
loading...

OakNorth Privacy Statement

Effective as of February 19, 2020

At OakNorth, we respect your concerns about privacy. This Privacy Statement (“Privacy Statement”) explains our privacy practices for the activities about how your data (provided by you directly, through third parties, or which is automatically generated) is collected, used, shared, transferred, and protected as a result of your interaction with www.oaknorth.com (“website”) and use of the OakNorth Platform (“Platform”), OakNorth business loan products and related services (collectively the “services”).

A reference to “OakNorth” is a reference to OakNorth UK Ltd and its subsidiaries and affiliates thereof (collectively “we,” “us,” “our,” or the “company”) involved in the collection, use, sharing, or other processing of personal data. “OakNorth” shall not include OakNorth Bank plc, please refer https://www.oaknorth.co.uk/ to access OakNorth Bank plc’s privacy notice and related policies.

OakNorth is the controller of your personal data as described in this Privacy Statement, unless specified otherwise. This Privacy Statement does not apply to the extent we process personal data in the role of a data processor or service provider on behalf of our Platform customers, including where we offer such customers cloud-based credit analysis and credit monitoring and the preparation of reports, models and other information. For privacy information related to an OakNorth Platform customer or a customer affiliate who uses the OakNorth Platform as the controller, please contact our customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Statement.

Processing Activities Covered

This Privacy Statement applies to the processing of personal data collected by us when you:

  • Visit our website;
  • Visit our branded social media pages;
  • Visit our offices;
  • Receive communications from us, including emails, phone calls, texts or fax; or
  • Use our Platform and services as an authorized user (i.e., as an employee of one of our customers who provided you with access to our services) where we act as a controller of your personal data.

Our website and services may contain links to other websites, applications, and services maintained by third parties. The privacy practices of other services or of social media platforms are governed by their privacy statements, which you should review to better understand their practices.

Changes to This Privacy Statement

We reserve the right to make changes to this Privacy Statement from time to time. The most updated version of this statement will be posted on our website.

Information We Collect

Although the purpose of our website and services is for use by businesses, and not intended for use by individuals in their personal capacity, OakNorth may collect personal information in the course of business.

Depending upon the way in which you use our website and services, the personal data we collect directly from you may include identifiers, professional or employment-related information, commercial information, and Internet activity information. We collect such information in the following situations:

  • When you interact with our website, including submitting an inquiry though the website, we may ask you to provide your name, company name, e-mail address, and phone number. It is your decision to use the website, and, as such, any provision of this personal information is completely voluntary;
  • When you apply to become a team member on our careers page, we may collect personal information such as your name, email address, physical address, social media profile, phone number, compensation expectations, or work history. You also have the option to upload a resume that may include additional personal information;
  • In order to access information regarding a business loan, you may be required to provide your name, company name, e-mail address, phone number, and financing objective. We note that it is your decision to use the website and to access information regarding a business loan. Providing this information does not constitute a loan application;
  • If you express an interest in obtaining additional information about our services; request customer support (including accessing the Help feature or OakNorth Academy Portal); use our ‘Contact Us’ or similar features; or download certain content, we may require that you provide contact information, such as your name, job title, company name, phone number, and email address;
  • If you interact with our website or emails, we automatically collect information about your device and your usage of our websites or emails;
  • If you use and interact with our services, we gather certain information automatically about your device and usage of our services and store it in log files; and
  • If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and date of arrival.

If you provide us or our service providers with any personal data relating to other individuals, you represent that you have the authority to do so and acknowledge that it may be used in accordance with this Privacy Statement. If you believe that your personal data has been provided to us improperly or want to exercise your rights relating to your personal data, please contact us by using the "Contact Information" provided below.

We may also collect information about you from other sources including third parties (such as another individual at your organization who may provide us with your business contact information for the purposes of obtaining services). We may combine this information with personal data provided by you. This helps us to update and expand our records and improve our services.

Device and Usage Data We Process

We use common information-gathering tools, such as tools for gathering usage data, cookies, and similar technologies to automatically collect information that may contain personal data as you navigate our website, Platform, or services.

We gather certain information automatically when individual users visit our website. This information may include identifiers, commercial information, and Internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the website. This information is used to analyze overall trends, help us provide and improve our services, offer a tailored experience for service users, and secure and maintain our website and Platform.

We also gather certain information automatically as part of your use of our Platform. This information may include identifiers, commercial information, and Internet activity information such as IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, searches and other actions you take, operating system and system configuration information and date/time stamps associated with your usage. This information is used to maintain the security of the services for our customers, to: provide necessary functionality; improve performance of the services; assess and enhance customer and user experience of the services; review compliance with applicable usage terms; identify future development opportunities of the services; assess capacity requirements; identify customer opportunities; and, for the security and protection of OakNorth generally (in addition to the security of our products and services). Some of the device and usage data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers (where we act as a processor).

Tracking Technologies and Cookies

Cookies are small files that are sent to and stored in your computer by the websites you visit. When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including personal data, about your online activities over time and across different websites. Cookies allow us to track use, infer browsing preferences, and improve and customize browsing experiences.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn off your device. You can control the use of cookies on your device; however, choosing to disable cookies may limit your ability to use some features on our website or Platform.

The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:

Type of Cookies Description Managing Settings
Required cookies Required cookies are necessary for basic website functionality. Examples include: session cookies to transmit the website; authentication cookies; and security cookies. If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the website or Platform and to process your online transactions and requests. As required cookies are essential to operate the website and Platform, there is no option to opt out of these cookies.
Functional cookies Functional cookies enhance functions, performance, and services on the website and Platform. Examples include: cookies used to analyze site traffic or used for market research. Functional cookies may also be used to improve how our website operates and to assist us in providing more relevant communications. These cookies collect information about how our website and Platform are used, including which pages are viewed most often. We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications. For example, we use Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc. You can learn about Google’s privacy practices by going here: https://policies.google.com/technologies/partner-sites. Google Analytics uses cookies to help us analyze how our website and Platform are used, including the number of visitors, the websites from which visitors have navigated, and the pages on our websites to which visitors navigate. This information is used by us to improve our website and services. OakNorth also uses Hotjar’s analytics system to help improve usability and the customer experience. Hotjar may record mouse clicks, mouse movements, and scrolling activity. Hotjar’s privacy notice is available here: https://www.hotjar.com/legal/policies/privacy/. You can choose to opt out of functional cookies when you first visit the website or Platform. Subsequently, you can opt-out of functional cookies by changing your cookie settings and preferences in your browser. Further, to opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here: https://tools.google.com/dlpage/gaoptout?. You can choose to disable the Hotjar cookie here: https://www.hotjar.com/legal/compliance/opt-out/.

Use of Information

We collect and process your personal data for the purposes, interests, and on the bases identified below:

  • Providing our website and services: we process your personal data to perform our contract with you for the use of our website, Platform, and services and to fulfill our obligations under any applicable terms of use and service; if we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to operate and administer our website, Platform, and services and to provide you with content you access and request;
  • Promoting the security of our website and services: we process your personal data by tracking use of our website and services, creating aggregated non-personal data, verifying accounts and activity, investigating unusual activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the services, systems, and applications and in protecting our rights and the rights of others;
  • Providing necessary functionality: we process your personal data to perform our contract with you for the use of our websites and services; if we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to provide you with the necessary functionality required for your use of our websites and services;
  • Managing user registrations: if you use our Platform and services as an authorized user, we process your personal data by managing your user account for the legitimate interest of performing our contract with our customer according to applicable terms of service;
  • Handling contact and user support requests: if you fill out a Contact Us web form or request user support, or if you contact us by other means including via a phone call, we process your personal data to perform our contract with our customer and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
  • Developing and improving our websites and services: we process your personal data to analyze trends and to track your usage of and interactions with our website and services to the extent it is necessary for our legitimate interest in developing and improving our website and services and providing our users with more relevant content and service offerings, or where we have your valid consent;
  • Assessing and improving user experience: we process device and usage data, which in some cases may be associated with your personal data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;
  • Reviewing compliance with applicable usage terms: we process your personal data to review compliance with the applicable usage terms in our customer’s contract to the extent that it is in our legitimate interest to ensure adherence to the relevant terms;
  • Assessing capacity requirements: we process your personal data to assess the capacity requirements of our services the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
  • Identifying customer opportunities: we process your personal data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
  • Registering office visitors: we process your personal data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access;
  • Complying with legal obligations: we process your personal data when cooperating with public and government authorities, courts, or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our website or services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.

If we need to collect and process personal data by law, or under a contract we have entered into with you (or our customer with whom you are affiliated), and you fail to provide the required personal data when requested, we may not be able to perform our services.

Privacy and Sharing of Information

We may share personal information to the following entities and/or for the following reasons:

  • Affiliates/Third Party Service Providers. We do not share your personal data with unrelated third parties. We may share your personal data with affiliates or with third party service providers for the purpose of providing you with information regarding business loans; with our contracted service providers, who provide services such as IT and system administration and hosting, research and analytics, customer support and data enrichment for the services; and pursuant to the legal bases described above; such service providers comprise companies located in the countries in which we operate. If we share personal data, we will require that such affiliates and third-party service providers use the personal data for the limited purpose for which we provide it, maintain reasonable security measures for the protection of such information, and comply with the provisions as outlined in this Privacy Statement;
  • Law Enforcement. Occasionally we may be required by law enforcement or judicial authorities to provide personal information. We will disclose personal data upon receipt of a court order, subpoena, warrant, or other legal process to the extent necessary to meet legal, national security, public interest, or law enforcement obligations. We fully cooperate with law enforcement agencies in identifying those who use our website or services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
  • Customers with Whom You Are Affiliated. If you use our services as an authorized user, we may share your personal data with the affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating unusual activity, or enforcing terms and policies;
  • Professional Advisers. In individual instances, we may share your personal data with professional advisers acting as service providers, processors, or joint controllers - including lawyers, bankers, auditors, and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your personal data; and
  • Third Parties Involved in a Corporate Transaction. If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets, or stock are acquired by third party, with such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of personal data to an unaffiliated third party.

For more information on the recipients of your personal data, please contact us by using the information in the ‘Contact Information’ section below.

User Access and Choice

You may have choices when it comes to the collection, use, and sharing of your personal data. You may choose to “unsubscribe” from e-mail marketing communications, or you can contact us using the ‘Contact Information’ section below to be removed from our e-mail marketing lists.

Links to Third-Party Websites

OakNorth is not responsible for the collection, use, or sharing of your personal data once you leave our website or Platform and follow a link to a third-party website. Please consult each linked website’s privacy policy for a description of how the website collects, uses, and shares your information.

Children’s Information

Our website and services are not intended for children under the age of 13 years old. We do not knowingly collect information from children under the age of 13. If we discover that we have information from a child under the age of 13, we will delete it immediately. If you believe that a child under the age of 13 may have provided his or her information to us, please contact us using the ‘Contact Information’ below.

Cross-Border Transfer of Data

Your personal data may be collected, transferred to and stored by us outside of the jurisdiction in which you reside and by our affiliates and third-parties that are based in other countries. The addresses of our offices where OakNorth and its affiliates are located can be found on our Contact Us page.

Therefore, your personal data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (EEA). We ensure that the recipient of your personal data offers an adequate level of protection, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission, or we will ask you for your prior consent to such international data transfers.

Security of Information

We understand the importance of information security and will take reasonable measures to protect the security and confidentiality of your information. While we follow generally accepted standards to protect personal data, please understand that no measures can guarantee 100% security. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.

Data Retention

We may retain your personal data for a period of six (6) years or as long as required to fulfill our legal obligations. We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed, the potential risk of harm from unauthorized use or disclosure of the personal data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your personal data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

Your Rights

You may have certain rights relating to your personal data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:

  • Access your personal data held by us;
  • Know more about how we processed your personal data;
  • Rectify inaccurate personal data and, considering the purpose of processing the personal data, ensure it is complete;
  • Erase or delete your personal data (also referred to as the right to be forgotten), to the extent permitted by applicable data protection laws;
  • Restrict our processing of your personal data, to the extent permitted by law;
  • Transfer your personal data to another controller, to the extent possible (right to data portability);
  • Object to any processing of your personal data carried out based on our legitimate interests;
  • Opt out of certain disclosures of your personal data to third parties;
  • If you’re under the age of 16, opt in to certain disclosures of your personal data to third parties;
  • Not be discriminated against for exercising your rights described above;
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our websites or in our services; and,
  • Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.

We may also process personal data submitted by or for a customer to our services and Platform. To this end, if not stated otherwise in this Privacy Statement or in a separate disclosure, we process such personal data as a processor on behalf of our customer (and its affiliates) who is the controller of the personal data. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Statement. If your data has been submitted to us by or on behalf of an OakNorth customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the OakNorth customer who submitted your data to us. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.

How to Exercise Your Rights

To exercise your rights, please contact us by using the information in the ‘Contact Information’ section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, considering the complexity and number of requests we receive. If you are an employee of an OakNorth customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.

Your California Privacy Rights

OakNorth does not sell personal data. California law requires businesses to disclose information regarding the rights of California residents pursuant to the CCPA. California residents may also request that we disclose to them the following information covering the preceding 12 months:

  • The categories and specific pieces of personal data we have collected about them;
  • The categories of sources from which the personal data was collected;
  • The business or commercial purpose for collecting personal data;
  • The categories of third parties with which we share personal data; and
  • The categories of personal data about them that we have disclosed for a business purpose and the categories of third parties to which the personal data was disclosed.

California residents are entitled to contact us to request the disclosure of the information. A California resident also has the right to request that we delete any personal data about the California resident that it has collected from the California resident, and that we direct any service provider to delete such personal data from its records. Requests can be submitted to the "Contact Information" outlined below. We will verify the California resident’s identity and place of residence before complying with any such requests.

We will not discriminate against a California resident because the California resident exercised any of their rights under the CCPA.

Contact Information

If you have any questions or concerns about this Privacy Statement, please contact us using the information below:

  1. By Writing:
    OakNorth UK Limited
    Attention: Data Protection Officer
    57 Broadwick Street, London W1F PQS, United Kingdom
  2. By emailing:
    DPO.Platform@OakNorth.com