1 About us
We’re Fea Card Limited (Companies House number: 11620703). We’re the “controller” of the personal data that we collect about you through your use of the Bits website (www.getbits.app) (“Website”) or our Bits app (“App”). Basically - this means we decide the “what”, “why”, “how”, “who” and “where” of the processing.
We take the privacy of your information really seriously. We want to be clear and up-front with you about how we use your personal data. However, if you have any questions at all about this policy, please feel free to contact us using the follow details:
Address: Hallswelle House, 1 Hallswelle Road, London, England, NW11 0DH.
2 Categories of personal data we may collect about you
We may collect identity and contact data about you, for example:
• Your name;
• Your date of birth;
• Your address;
• Your email address;
• Your mobile number;
• Your username and password; and
• Your preferences in receiving electronic marketing from us.
We may also collect the following financial data:
• Your payment card details (though we’ll only ever process this when you sign-up to the Bits service through the App); and
• Details of your bank account transactions (if you have signed up to a Bits service that includes reporting rent payments to Credit Reference Agencies to help improve your credit score).
We may also collect technical and usage data about you, for example:
• Your internet protocol (IP) address;
• Your type of device you use and your operating system;
• The date, times and frequency you access the Website or App; and
• Information about how you use and interact with our Website or App.
We will also process certain data about you that is provided to us by Credit Reference Agencies. Please see Section 10 (Credit Reference Agency Information Notice (CRAIN)), below, for details.
3 How we collect your personal data
We collect your personal data in the following ways:
Data that is given to us by you
• When you register with us and set up an account to receive the Bits service;
• When you request marketing (e.g. news and updates) to be sent to you; and
• If you contact us through the Website, the App email, telephone (or if you’re old school, by post) or through any other means!
Data that we receive from third parties and public sources
We may receive personal data about you from third parties and public sources, as set out below:
• Credit Reference Agencies. Please see Section 10 (Credit Reference Agency Information Notice (CRAIN)), below, for details;
• Analytics providers, such as Google. Please see Section 11 (Cookies), below, for details;
• Your bank, via our open banking partners such as Plaid (if you have signed up to a Bits service that includes reporting rent payments to Credit Reference Agencies to help improve your credit score);
• Regulatory compliance/identity verification services providers, such as NameScan and Veriff;
• Public sources. For example, reviews that you leave about the App on the Apple App Store may be displayed by us on the Website.
Data that is collected automatically
We automatically place cookies that are essential for the operation of the Website. For more information about the cookies we use, please see Section 11 (Cookies), below.
4 How we use your personal data (and our lawful basis)
We may need to process your personal data for the following reasons:
Performance of a contract
When you register with us, set up an account to receive the Bits services and place orders via our App, in each case the lawful basis for processing your personal data is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Compliance with legal obligations
We may also need to process your personal data in order to comply with a legal obligation. For example, we may need to notify you about changes to our Bits Terms and Conditions, or this policy, or maintain internal records for legal, tax or regulatory purposes.
There may be circumstances where we process your personal data where it is necessary for our legitimate interests (and importantly, your interests and fundamental rights don’t override our interests).
Our legitimate interests include: (i) the running of our business (e.g. automatically placing cookies which are “strictly necessary” for the operation of our Website or App); (ii) ensuring network security; (iii) preventing fraud; and (iv) processing data in the context of a business or share sale, reorganisation or restructuring exercise.
Less frequently, we will rely upon consent to process your personal data. We will ask for your consent if we process your personal data in the following situations:
Sending marketing emails to you about our products and services; or
Changed your mind? Withdraw your consent…
You have the right to withdraw your consent at any time.
If you’d like to withdraw your consent to marketing emails, you can do this by:
• Contacting us using the details provided at Section 1 (About us), above; or
• Following the opt-out links on any email marketing message sent to you by us.
If you’d like to withdraw your consent to cookies, please clear your browser cookies. This will allow you to change your consent preferences the next time to access the site.
You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our Website.
For more information about the cookies we use, please see Section 11 (Cookies), below.
5 If you don’t provide your personal data…
Where we need to collect personal data by law, or under the terms of the contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the Bits service/the contract you have with us. We will notify you if this is the case at the time.
6 Who we may share your data with
We may share your personal data with the following third parties, for the following reasons:
• We may share your personal data with third parties that are "controllers" in their own right, who will be responsible for how they handle your data, how it is protected and how long it is retained. The third party controllers that we share your personal data with may include:
• Stripe: Stripe processes any payments made in the App. You can find more information about how Stripe handle your personal data here.
• Vendors: We need to share your information with the third parties whose goods or services are available for purchase through our App to ensure that you get the goods or services that you've ordered. We will only share the information required by these vendors to manage, complete and provide feedback on your order. You can find more information about how these vendors use your information via the link to relevant vendors' privacy policies on each product page. Those product pages identify the relevant vendor by name so you can see who we are sharing your data with. If you don't want data shared with that third party, please don't place an order with us for their products or services.
• Transaction counterparties: We may share your personal data with other third parties to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other business or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this notice.
• Professional advisors: From time to time, we may need to share your personal data with our professional advisors (for example, organisations that provide us with consultancy, banking, legal, insurance and accounting services); and
• Credit Reference Agencies: We may also need to share your personal data with Credit Reference Agencies. Please see Section 10 (Credit Reference Agency Information Notice (CRAIN)), below, for details.
We may also share your personal data with third parties that are "processors." This means that they will only use your personal data in accordance with our instructions (they have to do what we say). The third party controllers that we share your personal data with may include:
• Service providers: These are necessary for us to be able to provide our services. Service providers might include IT and system administration services providers. For example, Mailchimp is our email marketing service provider;
7 International transfers
Some of the third parties that we need to share your personal data with are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK.
• We may use specific contracts (approved for use in the UK) which give personal data the same protection it has in the UK. Please contact us if you want further information.
8 How long we hold your data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We don’t want to hold your personal data longer than we need to (because keeping data secure ain’t cheap!).
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
9 Your rights
You have the following rights in relation to your personal data:
• Right to access: You can request a copy of the personal data we hold about you and check that we are lawfully processing it.
• Right to rectification: You can ask us to correct your personal data if it is inaccurate or incomplete. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes!
• Right to erasure: In certain circumstances, you can ask us to delete or remove your data from our systems.
• Right to restriction: In certain circumstances, you can ask us to stop using your personal data or limit the ways in which we can use it.
• Right to data portability: You can ask us to move, copy or transfer your personal data where you have provided consent for us to use it or where we used the information to perform a contract with you.
• Right to object: You have the right to object to our use of your personal data where we use it for our legitimate interests.
If you want to flex your rights, please feel free to contact us using the details provided at Section 1 (About us), above.
You also have the right to lodge a complaint with the Information Commissioner's Office (“ICO”), the UK’s data protection regulator. The ICO's contact details can be found on their website at https://ico.org.uk/.
10 Credit Reference Agency Information Notice (CRAIN)
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs): Experian, Equifax, and/or TransUnion. To do this, we will supply your personal information to CRAs and they will give us information about you.
Information we give CRAs will include information from your credit application and about your financial situation and financial history. CRAs will supply us with both public information and information on your shared credit, financial situation and financial history, as well as fraud prevention information.
We will use this information to:
• assess your creditworthiness and whether you can afford to take the product;
• check that the data you provided to us is correct;
• prevent criminal activity, fraud and money laundering;
• manage your account(s);
• trace and recover any debts; and
• ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow from Bits and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you have signed up to a Bits service that includes reporting rent payments to Credit Reference Agencies to help improve your credit score, information about your rental payments and track record as a tenant will be shared with Equifax and Experian. Equifax and Experian will add this information to the credit reference data they hold about you respectively and use it as a controller, in accordance with their fair processing notice (a copy of which can be found using the link below), including to assist organisations to:
• assess and manage any new tenancy agreements you may enter into;
• assess your financial standing to provide you with suitable products or services;
• manage any accounts that you may already hold, for example reviewing suitable products or adjusting your current product in light of your current circumstances;
• contact you in relation to any accounts you may have and recovering debts that you may owe; and
• verifying your identity, age and address, to help other organisations make decisions about the services they offer;
• help prevent crime, fraud and money laundering; and
for both Equifax and Experian to:
• undertake statistical analysis, analytics and profiling; and
• conduct system and product testing and database processing activities, such as data loading, data matching and data linkage; and
for Experian and other organisations to:
• screen marketing offers, where you have an existing relationship with a company, to
make sure they are appropriate to your circumstances;
Please be aware that Equifax and Experian may continue to hold and use your information following termination of your Bits services.
You are eligible for Rent Recognition with Experian only if your name is on the tenancy agreement and you pay rent to the person who owns the property directly or you pay an agent on their behalf. If you pay a housemate and they pay on your behalf or you pay in another way, like in cash, then sadly we cannot recognise these payments yet. We need to see a pattern of payments for you to get the benefit, so we will wait until we see 6 consistent payments before we report to Experian, but once you have reached that mark then you will get the benefit for every payment. You are making a consistent payment if you pay the same rental amount, to the same payee on your rent payment date. When your tenancy changes in any way, you can update these details with us and we will update Experian regarding this so that your rental payments can continue to be recognised.
We will share a few key pieces of data with Experian, they are data to identify you, name, date of birth and address and then the record that you have paid rent. We will continue to exchange information about you with Experian while you have a relationship with us. Experian will hold your rental data for the time limits explained in CRAIN. Rental data falls into the Identifiers (e.g. your name, address, date of birth) and financial account categories (i.e. tenancy account, rental payment information).
We and Experian will ensure that your information is treated in accordance with UK data protection law, so you can have peace of mind that it will be kept secure and confidential and your information will not be used for prospect marketing purposes.
If you would like advice on how to improve your credit history you can access independent and impartial advice from www.moneyadviceservice.org.uk (you can get a copy of your Statutory Credit Report by visiting www.experian.co.uk/consumer/statutory-report).
If you are unhappy with anything relating to Rental Exchange, please contact us on the contact details above. You also have the ability to get in touch with the Information Commissioner’s Office. More information about this can be found using this link here: https://ico.org.uk/concerns/.
If you would like to see more information on these, and to understand how the credit reference agencies each use and share rental data as bureau data (including the legitimate interests each pursues) this information is provided in the links below. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on the CRAIN section of each of their websites:
• Experian – www.experian.co.uk/crain
• Equifax – www.equifax.co.uk/crain
• TransUnion – https://www.transunion.co.uk/crain
What’s a cookie?
A cookie is a small file of letters and numbers that is stored on your browser or the hard drive of your computer, smartphone or other device. Amongst other things, cookies can gather information about your use of the Website/App.
What types of cookies do we use?
• Essential: These cookies enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled.
• Marketing: These cookies are used to track advertising effectiveness in order to provide a more relevant service and deliver better ads to suit your interests. We will always ask for your consent before placing these.
• Functional: These cookies collect data to remember choices users make and given a more personalised experience. We will always ask for your consent before placing these.
• Analytical: These cookies help us to understand how visitors interact with our Website/App, discover errors, and provide better overall analytics. We will always ask for your consent before placing these.
If you’d like to withdraw your consent to cookies, please clear your browser cookies. The next time you access the website you will be able to change your preferences.
You can find more detail about the specific cookies used on our Website/App, and the purposes for which they are used, below:
Wix Platform cookies
Our Website is built using the Wix Platform. The cookies that are used on websites built using the Wix platform (including ours) are listed here (this page also includes information on the type, purposes and duration of those cookies).
Other “third party” cookies
Cookies on our Website/App which are placed by other third parties:
Last Updated: 12th August 2021