Effective from the 14th DAY of MARCH 2022
For the purposes of the General Data Protection Regulation (GDPR) the data controller is FTFT UK Limited, registered at Devonshire House, 1 Mayfair Place, London United Kingdom, W1J 8AJ. If you have any further questions, you can reach our Data Protection Officer on email@example.com.
Highlights from this policy
We process data collected from you, your bank, and third parties, to make us work for you, and comply with regulatory obligations. In short, most importantly we use:
Your personal details (names, address, date of birth), to comply with our obligations to know our customer
Your bank transaction data (but not your bank logins!) to make our app work, that is to give you insights and recommendations and to determine how much to save for you
Data about your use of the app to help us make your app better
Information we collect about you
You may give us information about yourself by accessing our website www.ftftorbit.com by using the app service or by corresponding with us by phone, e-mail or otherwise.
Information you give us on sign up
This is information necessary to provide the basic Service (to fulfil the contract between us) and to comply with regulatory obligations to 'Know Your Customer' (KYC):
First and last name
Date of birth
Source of funds/source of wealth (as may be required during the KYC process)
Certain additional information may be collected depending on whether you have asked for certain services to be offered or provided to you, e.g. occupation, name of employer.
Information you may provide us upon request
This is information we require to unlock additional features upon your request and to fulfil the associated contract, or information we might request from you to perform our regulatory obligations:
Identity documents and address proof — for example, a picture of your passport or driving licence
Information we automatically collect from your use of the app
When you use the app or visit our website, we automatically collect information, including personal information, about the parts of the Service you use, and how you use them. This information is necessary for the adequate performance of the contract between us, to enable us to fulfil our regulatory requirements, and given our legitimate interest in being able to provide the Service:
Information about your device — your visits to and use of the site or the Service (including without limitation your IP address, geographical location, browser/platform type and version), internet service provider, operating system
Information we receive from third parties
We receive the following personal information about you from our third-party service providers who assist us in providing some or all the Service:
Your bank (through our Aggregation Partners) — bank account number, sort code, balances, and transaction data, to fulfil the contract with you
Our KYC provider — to perform money-laundering checks
Public and Commercial Sources — to perform our KYC obligations, we might collect information from public sources such as sanctions lists or credit reference agencies
How we use the information we collect from you
To provide and improve the product — we process the information we collect given our legitimate interest in improving the Service we provide, and to fulfil the contract we have with you:
Provide you with access to the app and to enable your interaction with us
Provide customer service
Provide you with insights, and balance updates (if you've opted into this)
Provide you with recommendations for products we feel may be of interest or benefit to you
Send you support messages, updates, security alerts, and account notifications
To administer our site and the Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
To prevent fraud, and ensure compliance with regulatory obligations — we process the information we collect given our legitimate interest to protect us from fraud, and to comply with our regulatory obligations:
To verify your identity, and check it against sanction lists
To keep our platform secure
We generally retain your information for as long as it is necessary for the performance of the contract we have with you, or to comply with our regulatory obligations. If you no longer want us to use your information you can send a request to firstname.lastname@example.org. Please note that if you request erasure of your personal data, we will keep relevant personal information for at least 5 years to comply with our regulatory obligations.
Your Rights under GDPR
A great thing about the GDPR is that consumers have much more control over how companies like FTFT UK use your data. See below how you can assert those rights with us.
Getting a copy of your data — you have the right to get a copy of the data we hold about you. This is free of charge. To do this, please reach out to email@example.com, or talk to our support team by firstname.lastname@example.org.
Rectification of inaccurate or incomplete information — you have the right to ask us to update any information we hold which may be inaccurate, and which you can't change yourself through the Service.
Erasure of data or the right to be 'forgotten' — you have the right to ask us to erase personal information we hold on you, and close your personal account. If you do this, we might maintain personal information we hold on you which is necessary to comply with our regulatory obligations, or to reduce fraud.
Withdrawing consent, and restricting processing — to withdraw consent or restrict processing you may contact customer support. If you withdraw consent to share your financial transaction data, we will be unable to provide the Service to you. Some information you have provided us will be retained after you withdraw consent to comply with regulatory obligations.
Lodging complaints — you have the right to lodge a complaint with the Information Commissioner's office for any processing carried out by us at FTFT UK. You can contact the ICO ico.org.uk or telephone: 0303 123 1113.
Where we store your data
All information you provide to us is stored on our secure servers. Any transmission of information to our partners (including information to facilitate payments) are encrypted using TLS technology, the current standard in secure communications over the Internet. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Information we deem sensitive (like your bank account number and sort code and your national insurance number if provided) are stored using state-of-the-art symmetric encryption (AES). We will only send your data outside of the European Economic Area ('EEA') to comply with a legal obligation, or when we work with third parties in providing you the service. If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA.
It is important that you read the Privacy Policies of our third-party service providers and partners.