Privacy

Last updated: 7th December 2020

Welcome to NestEgg! We are NestEgg Ltd (“us”, “we” or “our) and are known as NestEgg. We will hold information about you if you choose to use the NestEgg mobile application or consumer facing website (“NestEgg”).

NestEgg has been designed to help you to understand your borrow score and spending profile, ultimately to assist you to make savings or to apply for credit or savings accounts now and in the future.
We are committed to protecting your personal information and to earning our users’ (“you”, “your”, “me”, “my”) trust.

To earn that trust, we aim to be transparent and ensure you understand our privacy practices including the information we collect, why we collect it, how it is used and your choices regarding your personal information.
This Notice covers the following areas:

• How does NestEgg work?
• Who is responsible for the handling of your personal information?
• What information does NestEgg collect about me?
• What cookies and similar technologies does NestEgg use?
• Why does NestEgg process my personal information and what are NestEgg’s legal bases for doing so?
• Who does NestEgg share your information with and why?
• How does NestEgg send information outside of my country?
• What are my privacy rights?
• How does NestEgg protect my personal information?
• How long does NestEgg retain my personal information?
• Can this Privacy Notice change?
• How can I contact NestEgg?

How does NestEgg work?

NestEgg is powered by partnerships with credit information, open banking, and credit and saving providers. Users come to us to better understand their credit and savings profile (“Borrow, Spend and Savings Financial Health Indicators”), for information on how to improve their credit profile, and to make applications for credit and savings products based on their existing or improved Financial Health Indicators.

We assist you across three financial health indicators:

1. Borrow: Using information you provide to us, information from your credit union application (where you have been referred to us), and information from our credit information provider TransUnion where you have chosen to connect your credit report, we can provide you with a red, amber, or green rating across distinct areas of your credit profile. You can then use in combination with our tips to improve your ‘borrow score’.
2. Spend: We use a spend indicator to help you to understand your income and expenditure, broken down into easily understand needs, wants, and commitments categories. The spend indicator is powered through a partnership with TrueLayer, who share your personal information with us by linking to your payment service providers (such as a bank or a credit card issuer that maintains an online payment account on your behalf).
3. Savings: Using a combination of information sources from our credit information providers, open banking partnership with TrueLayer, information from your credit union if applicable and answers to NestEgg in app assessments we can provide you with an assessment of your savings profile. You can then set savings goals within NestEgg around regular saving, building a safety net and growing your nest egg.

Who is responsible for the handling of your personal information?

NestEgg – We may use your personal information in connection with your request for, referral to, use of, or interest in NestEgg. Where this is the case, we will be the data controller of the information we hold about you.

NestEgg partners – As noted above, NestEgg is powered by partnerships with credit information, open banking, and credit and saving providers. Where these entities use your personal information for their own independent purposes, for example maintaining and updating your credit rating, or making decisions to offer you credit or savings products they will be the party responsible for the safeguarding of your personal information, as independent data controllers. Please see their individual privacy notices for additional information.

Our other services – Separate from the NestEgg application we also offer credit decision engine services to lenders, which may involve our processing of your personal information on their behalf. Where we process your personal information for those purposes, our role will be limited to that of a data processor, this means the lender will be the party responsible for the data processing (the “data controller“). In performing those services we will not routinely access your personal data, please see the additional information provided in our business to business services privacy notice and your credit institution’s privacy policy.

What information does NestEgg collect about me?

Information you give us

In order for NestEgg to retrieve your credit profile from TransUnion we will ask you to provide us with your:

• Full name
• Date of birth
• Current address
• Previous addresses for the last three years

For NestEgg to retrieve your banking data to populate the Spend Financial Health Indicator we will ask you for:

• Your full name
• Date of birth
• Your bank account log-in details (this is encrypted, not stored and not seen by NestEgg)

For NestEgg to complete and pass on a loan application to a lender we will ask for your:

• Full name
• Date of birth
• Current address
• Previous addresses for the last three years
• Net income
• Employer name and address
• National Insurance Number
• Details of dependent children (whether they are under 18 and in full time education)
• Next of kin details (where a lender provides free life savings insurance)

Where electronic checks fail we may also ask for

• Proof of identity
• Proof of address

You choose to give us certain information when using our services.

This includes:

Account and contact details: When you create an account, you provide us with at least your login credentials, as well as some basic details necessary for the service to work, such as your email address and date of birth.

Customer service: If you contact our customer service team, we collect the information you give us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service.

Assessment questions: If you answer our borrow, spending, or saving assessments, we will retain copies of your responses.

Identity checks: where electronic checks fail we may also ask for your proof of identity and proof of address.

Information we receive from others

In addition to the information you provide us directly, we receive information about you from others, including:

Your credit or savings provider you may be referred to NestEgg by or on recommendation from your existing credit or savings provider. This could be in connection with your membership with them or following an unsuccessful application. In such situations, your credit or savings provider, may provide us with information in connection with their referral, and your use or application for their products. This may include your account and product details, name, address date of birth, phone number and email address.

Credit information providers: We have partnered with consumer credit information providers such as TransUnion, who give us the information necessary to assess your credit profile. Such information includes credit scores, presence on the electoral roll, use of revolving credit, spend on debt per month vs income, missed payments, defaults, county court judgments and insolvencies. Checking your chances for a loan does not impact your credit score.

Open banking partners: We have partnered with TrueLayer, who are able to provide us with information relating to your income and expenditure this includes:

• Your personal information: We will retrieve your full name, date of birth, address, email address and phone number
• Your accounts: We will retrieve details relating to your income and expenditure from your account. We only access high-level summaries of your needs, wants, and commitments spending categories to assess your borrow spend and savings financial health. Although if you choose to apply for a loan using NestEgg the underlying transactional details from TrueLayer will be shared with your chosen credit/savings provider to support your application.
• Your balance: We will retrieve your account’s current balance
• Your cards: We will retrieve your card’s balance, transactions and details
• Your direct debits: We will retrieve your account’s direct debits
• Your standing orders: We will retrieve your account’s standing orders

This information is not shared with any lenders, unless you agree to make a loan application.

New application providers: If you choose to apply to a credit or savings products using NestEgg, we will receive the information your provide in making those applications.

Information collected when you use our services

Device information: We collect information from and about the device(s) you use to access our services, including:

• hardware and software information such as IP address, device ID and type, device-specific and apps settings and characteristics, app crashes, advertising IDs (such as Google’s AAID and Apple’s IDFA, both of which are randomly generated numbers that you can reset by going into your device’ settings), browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address);
• information on your wireless and mobile network connection, like your service provider and signal strength; and
• information on device sensors such as accelerometers, gyroscopes and compasses.

Usage Information: We collect information about your activity on our services, for instance how you use them (e.g., date and time you logged in, features you’ve been using, searches, clicks and pages which have been shown to you, referring webpage address, advertising that you click on) and how you interact with other users (e.g., users you connect and interact with, time and date of your exchanges, number of messages you send and receive).

Geolocation: If you give us your consent, we can collect your precise geolocation (latitude and longitude) through various means, depending on the service and device you’re using, including GPS, Bluetooth or Wi-Fi connections. The collection of your geolocation may occur in the background even when you aren’t using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it.]

What cookies and similar technologies does NestEgg use?

Our website uses cookies to distinguish you from other users of our website. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you use NestEgg or engage with our advertising campaigns we may collect information from you automatically through cookies or similar technologies. This helps us to:

• provide you with a good experience when you browse our website;
• improve our site through the use of third party analytics; and
• to monitor your engagement with our advertising campaigns;

For detailed information on the cookies we use, their purposes and duration, and to change your preferred settings please see our Cookie Declaration. For additional information, visit allaboutcookies.org.

In addition to changing your Cookie Declaration, you can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

The NestEgg website also contains links to other websites. This Notice applies only to NestEgg, so if you click on a link to another website, you should read their privacy policy.

Why does NestEgg process my personal information and what are NestEgg’s legal bases for doing so?

We will only use your personal data if we have a proper reason to process it and the law allows us to do so.

When we process your personal data, this will usually be:

To provide our service/perform our contract

The main reason we process your personal information is to perform the contract that you have with us. For example, to help you to understand and improve your Borrow Score, spending and to set savings goals.

Legitimate interests
We may use your personal information where we have legitimate interests to do so. For example, we analyse users’ behaviour on our services to improve our offerings, for targeted advertising and for administrative, fraud detection and other legal purposes.

Legal obligation
In some cases, applicable laws may require us to process certain information about you.

Consent
We may ask for your consent to use your personal information for certain specific reasons. For example to access your credit information from TransUnion, or to assess your income and expenditure using TrueLayer (where you have requested those functionalities). You may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Notice.

The table below sets out all the ways in which we plan to use your personal data, which of the legal bases we rely on to do so and, where relevant, what the legitimate business interests are. There may be more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us at info@buildanestegg.com if you want to know which specific legal basis we are relying on where more than one is set out in the table below.

What we use your information for?	What information we actually use	The reason we use your information
To provide the service
This includes: Creating and managing your account; Assessing and providing you with information relating to your credit profile/borrow score, income and expenditure and savings goals; Tailoring our services and advice to you; Customer support; Facilitating your applications with credit and savings providers; and Communicating with you about our services,	Please see the table provided in section 3 for a full breakdown, of how your personal information is processed in accordance with different aspects of the NestEgg service. Full name Date of birth Current address Previous addresses (for the last three years) Your bank account log-in details (this is encrypted, it is not stored or accessible to NestEgg) Net income Employer name and address National insurance number Details of dependents (whether children they are under 18 and in full time education) Next of kin details (where a lender provides free life savings insurance)	To provide our service/perform our contract; Legitimate business interests – to provide services you have requested, communicate with you, to keep our records up to date; Consent – we ask for your consent when you sign up to optional aspects of our service which involve the sharing of your information with third parties. Please see section 6 (Who does NestEgg share your information with and why) for additional information. You may withdraw your consent at any time, please see section 8 (What are my privacy rights) for additional information.
2. To ensure a consistent experience across your devices
We use your information to link the various devices you use so that you can enjoy a consistent experience of our services. We do this by linking devices and browser personal information, such as when you log into your account on different devices or by using partial or full IP address, browser version and similar personal information about your devices to help identify and link them.	Device, usage and geolocation information. Including technical information such as your IP address relating to your browser and device (please see section 4 (Cookies) for additional information);	Consent, for the use of functional cookies and similar technologies to improve your user experience. Our legitimate business interests to recognise our users and  improve their experience across devices. You may withdraw your consent at any time, please see section 8 (What are my privacy rights) for additional information.
3. To improve our services
To conduct research and analysis of users’ behaviour to improve our services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behaviour); and To develop new features and services (for example, we may decide to build a new interests-based feature further to requests received from users).	Device, usage and geolocation information. Feedback in your communications with us.	Consent for the use of analytics cookies and similar technologies to improve your user experience and NestEgg Services. For non-cookie derived information our legitimate interests to improve your user experience and NestEgg Services. You may withdraw your consent at any time, please see section 8 (What are my privacy rights) for additional information.
4. To prevent, detect and fight fraud or other illegal or unauthorized activities
We perform personal information analysis to better understand and design countermeasures against these activities and retain personal information related to fraudulent activities to prevent against recurrences.	Device, usage and geolocation information.	Where required by applicable laws, and as necessary to ensure legal compliance, or to assist law enforcement; or Our legitimate business interests to prevent fraud or other illegal activities in line with industry best practice.
5. To ensure legal compliance
To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our terms and conditions.	Any information in section 3, only to the extent it is strictly necessary.	Processing is necessary for compliance with a legal obligation to which we are subject; Our legitimate business interests to establish, exercise or defend legal claims.

If you choose to apply for a credit or savings product using NestEgg, your profile and the information we hold about you may be subject to solely automated decision making to assess your eligibility for the product in question. This means a decision as to your eligibility for a product, may on occasion be made without human involvement. If you have applied for a product, and would like further information about this assessment, including asking for a person to review a decision please contact us at info@buildanestegg.com.

Who does NestEgg share your information with and why?

Please note you also have a right to object to profiling, and solely automated decision making as detailed below in section 8 (Privacy Rights).

With our service providers

We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including personal information hosting and maintenance, and analytics.

We may also provide aggregated (anonymised) information to third parties as detailed below.

A list of these third parties is available on request.

With NestEgg Partners

As further detailed in section 1 (How does NestEgg work?) NestEgg is powered by partnerships with credit information, open banking, and credit and saving providers, As such, it will be necessary to share limited amounts of your personal information with our partners in order to access the insights, or services they provide.

For example, it will be necessary to share your information with:

• Transunion to access information relating to your credit profile;
• TrueLayer to access information relating to your income and expenditure;

Credit and Savings providers when you apply to their products using NestEgg.

In corporate transactions

We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

When required by law

We may disclose your personal information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.

To enforce legal rights

We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

With your consent or at your request

We may ask for your consent to share your personal information with third parties. In any such case, we will make it clear why we want to share the information.

Anonymised data

We may use and share anonymised data (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioural personal information, geolocation in de-identified form), as well as personal information in an aggregated, hashed, non-human readable form, under any of the above circumstances. We may combine this information with additional anonymised data or personal information in hashed, non-human readable form collected from other sources.

We share this information with stakeholders for the purpose of research and policy development – this will never include personal information

How does NestEgg send information outside of my country?

When we send your personal information outside of your country we have in place adequate safeguards to do so. This includes EU standard contract clauses approved by the UK and European Commission or other suitable safeguard to permit personal information transfers from the UK and European Economic Area (“EEA”) to other countries.

What are my privacy rights?

In certain circumstances, if you are an UK or EEA resident, you may exercise the rights available to you under applicable data protection laws as follows:

• If you wish to access, correct, update or request deletion of your personal information.
• You can object to processing of your personal information, profiling and use of solely automated decision making, ask us to restrict processing of your personal information or request portability of your personal information.
• If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

If you would like to exercise any of these rights in relation to the information we hold about you, please contact us. Our contact details can be found in section 12 of this Notice. We will consider and respond to your request in accordance with the relevant law.

How does NestEgg protect my personal information?

We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal information, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.

How long does NestEgg retain my personal information?

We will only keep your personal information for as long as is necessary for us to do so for the reasons we collected it for in the first place which is delivering NestEgg services.

Generally, we will keep your personal information for as long as you are a NestEgg user. After this, we will delete your personal information following 12 months of inactive account status, unless it is necessary to keep that information for a longer period (of up to 6 years or longer where the law says we have to), as may be the case when necessary to:

• communicate with you about any questions or complaints you may have after you have stopped using NestEgg; or
• comply with the rules on accounting, reporting or any other law.

If you want further information on how long we keep your personal information, please contact us using the details in section 12 of this policy.

Can this Privacy Notice change?

This Notice may be amended from time to time. We will post any changes we may make on this page and, where appropriate, notify you via e-mail. When amendments are made, we will update the “last updated” date at the top of this Notice.

How can I contact NestEgg?

If you have any questions or comments, please contact us at info@buildanestegg.com.