Who are we?
We are Okeo Limited (“we”, “our”, “us”) and operate under the name of OKEO. We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO) under reference number ZA568528.
We are committed to protecting and respecting your privacy. We will:
always keep your information safe and private;
never sell your information; and
allow you to manage and review your marketing choices at any time.
Why do I need to read this notice?
We may collect personal information when you use:
our website at www.okeo.co;
the OKEO app; or
any of the services you can get access through the OKEO app or website.
Under data-protection law, we are what is known as the ‘data controller’ of your personal information.
This document explains what information we collect, how we use it, and your rights if you want to change how we use your personal information.
Got a question about something in this policy, or want to contact our Data Protection Officer (DPO)?
Send us an email at email@example.com or write to us at OKEO, 19 Gayhurst Road, London, England, E8 3EH.
The information we hold about you, and how we use it
Information you give us
We may collect information you provide when you:
Fill in any forms;
Correspond with us;
Register to use the OKEO app;
Apply for a card or use any of our services;
Take part in online discussions, surveys or promotions;
Speak with a member of our customer support team (either on the phone or via email);
Enter a competition; or
Contact us for other reasons.
We may collect the following information:
Details you give when you sign up for an OKEO account, like your name, phone number, home address, date of birth (“basic details”).
Identification documents (for example, your passport or driving licence number), copies of any documents you have provided for identification purposes, and any other information you provide so we can set up an account for you.
The log-in credentials and settings you choose for your app and card, so we can give you the services you ask for safely.
Details of your bank account, including the account number, sort code and IBAN.
Details of your debit cards and credit cards, including the card number, expiry data and CVC.
Your profile picture if you add one.
Details about your financial circumstances, to work out how we can provide credit to you.
Information you give us so we can help you.
Records of our discussions, if you contact us or we contact you.
The email address you use when you contact us and the contents of the email (and any attachments)
Answers you give to surveys so we can improve our services.
Public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.
Information we collect when you use the app and our services
We collect this information to give you services in a safe and lawful way, and to keep improving them. This includes:
details on transactions (for example, payments on your card and repayment), including date, time, amount, currencies, details of the merchant or ATMs associated with the transaction, IP address of sender and receiver, and other payment information
details about services from us and our partners that you express interest in
details about how you use our app and your OKEO card
Information we collect from your device
Whenever you use our website or the OKEO app, we may collect the following information:
Technical information, including the IP address used to connect your device to the internet, log-in information, browser type, time-zone setting, operating system, type of device you use, a unique device identifier, mobile network information, your mobile operating system, the type of mobile browser you use, and so on. This is used so we can analyse how our website and app work and solve bugs.
Information about your visit, including the links you clicked on, through and from our site, page response times, download errors, length of visit to certain pages, page interaction information, and methods used to browse away from the page.
Your mobile advertising ID, so we can share it with companies that help us with advertising online. You can reset this ID or limit tracking in ‘Settings’ on your phone.
Your location if you’ve authorised tracking, so we can protect you against fraud.
Information stored on your device, including if you give us access to contact information from your address book, log-in information, photos, videos or other digital content.
Information we get from external sources
When you sign up, we may search your record at:
credit reference agencies to check what credit card product we can offer you.
fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties.
We may also collect information about you from public sources for AML reasons or market research. This includes:
official public records, like the Electoral Register or Companies’ House
information published by the press or on social media.
Our reasons for using your information
European Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.
We need to use your data for a contract we have with you, or to enter into a contract with you. We use details about you to:
consider your application
give you the services we agreed to in line with our terms and conditions
send you messages about your account and other services you use if you get in touch, or we need to tell you about something
exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us
investigate and resolve complaints and other issues
We need to use your data to comply with the law. We:
confirm your identity when you sign up or get in touch
check your record at immigration and fraud prevention agencies
prevent illegal activities like money laundering, tax evasion and fraud
check your credit history and financial circumstances so that we can make responsible decisions when providing your credit card
keep records of information we hold about you in line with legal requirements
adhere to financial laws and regulations (these mean we sometimes need to share customer details with regulators, law enforcement or other third parties)
When it’s in our ‘legitimate interest’. We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn't involve overriding your privacy rights.
check your record at credit reference agencies when you sign up to see what kind of credit card we can offer. We will also check your credit history to help us develop and offer credit products that are tailored to you. Credit reference agencies will not store any of your information that we send them when we use their services for this purpose.
tell you about products and services through the app or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We do this so that we can make sure our marketing is useful. We don’t share any other identifying information about you with social media than your mobile advertising ID (unless you’ve disabled it).
show where you were when you bought something with Google maps (in the OKEO app) and send you travel reports when you’re abroad (we tell this from transaction data, not by tracking your phone)
track, analyse and improve the services we give you and other customers and how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can make our products better and understand how to market them.
protect the rights, property or safety of us, our customers or others
carry out security and maintenance checks to make sure our app, website and other services run smoothly for you
manage OKEO’s business and financial affairs and protect our customers and staff
share information with credit bureaus so we can benefit from up-to-date information when we make decisions, and other companies so they can help us provide our services
Consent. We’ll ask for your consent to:
record any issues you want us to know about, like a gambling addiction or information about your health, so we understand how to best support you
tell you about our products and services, and those of our partners if we think they’re of interest to you. You can unsubscribe from our emails by email or via the app. If you don’t want to see lending promotions, you can opt out in your app ‘Settings’
help protect you against fraud by tracking the location of your phone if you’ve authorised it (iOS)
show your profile picture in the app if you add one
share information about you with companies we work with when we need your permission (see ‘Who we share your data with’ below)
You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of our services.
Who we share your data with
Companies that give services to us. Here we mean companies that help us provide services you use, and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name).
companies that make our OKEO cards
card producers and networks, like MasterCard
Know Your Customer (KYC) and Anti-Money Laundering (AML) service providers that help us with identity verification or fraud checks
credit reference agencies
cloud computing power and storage providers
our business intelligence and analytics platform provider
companies that help us with functional analytics (to help us solve technical issues with the app for instance)
companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time)
software companies that we use for emailing you
companies that help us with customer support (like our subsidiaries)
companies that offer benefits or rewards through special programmes you sign up to via the app
companies that print written statements and notices
companies that manage our CCTV and security if you visit our offices
Anyone you give us permission to share it with. We tell you in the app when we need your consent to share your data with:
other customers you want to set up joint OKEA cards accounts with
people you’ve asked to represent you, like solicitors
Law enforcement and other external parties. We may share your details with:
authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons
the police, courts or dispute resolution bodies if we have to
other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment
any other third parties where necessary to meet our legal obligations
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
Information provided to credit reference agencies
We may need to carry out credit checks when you apply for any of our credit products and to also help ups develop and offer credit products tailored to you.
These checks of your credit history (credit insights) mean that when you apply for credit products, or we suggest credit products to you through the OKEO app, we can better understand your financial circumstances and repayment history, and can tailor our credit products to your needs. These credit insights do not leave any ‘footprint’ (trace) whatsoever on your credit record held by the credit-reference agency. If you do not want us to carry out credit insights, please contact us through the OKEO app or by emailing firstname.lastname@example.org. However, this may mean we are unable to provide certain products to you.
Some of the searches we make when you apply for a credit product leave a 'soft footprint' on your credit history. This means that the search will be registered on your credit file but will not be visible to others if they search your credit history. This means that you will be able to see this footprint but other people won't – more information here. A soft footprint will not affect your credit rating. If you apply for credit, we will provide more information about this in the application form.
Some of our third-party providers, such as fraud-prevention agencies, may also use credit-reference agencies to help us check your identity and prevent fraud. These searches also only leave a soft footprint credit history. We do not accept joint account holders, but credit-reference agencies may sometimes link your credit record with that of anyone else who is financially connected to you.
Due to the international nature of our services, we use credit-reference agencies and fraud-prevention agencies in the UK and overseas.
Sometimes you may have a right to see your personal records held by credit-reference and fraud-prevention agencies. If you would like details of the credit-reference and fraud-prevention agencies we use, please contact us by sending an email to email@example.com.
When we make automated decisions
We sometimes use computers to make decisions. We do this for things like deciding what credit product we can offer you based on information we hold about you, and information we get from credit reference agencies. This includes details on whether you’ve kept up to date with payments on any credit accounts, and if you’ve been to court. You can ask for a member of the team to review a decision.
We also use automated checks to make decisions about applications for OKEO cards. But we never reject an application unless a member of staff has reviewed it first.
How we protect your personal information
We store your information on our secure servers.
Any payment transactions carried out by us or our payment-processing providers will be encrypted.
If you use a password for the OKEO app or our website, you will need to keep this password confidential. Please do not share it with anyone.
Unfortunately, providing information online is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee that all information you provide through the OKEO app or our website will be secure. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
When you use our services, which include social networking, chat room or forum features, do not share any personal information that you don't want to be seen, collected or used by other users, as this information will become publicly available.
How long we keep your information
We keep most of your data as long as you’re using OKEO, and for 6 years after that to comply with the law and if we face a legal challenge. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to. To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
You have a right to:
access the personal data we hold about you, or to get a copy of it
ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else
make us correct inaccurate data
ask us to delete, 'block' or suppress your data, though for legal reasons we might not always be able to do it
say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances
withdraw any consent you’ve given us
ask a member of staff to review a computer-made (automated) decision
To do any of these things, please contact us through the app or by emailing firstname.lastname@example.org. EU data protection laws, like the GDPR, give us one month to respond.
Where we store or send your data
We may transfer and store the data we collect from you to organisations outside the European Economic Area (‘EEA’). When we do this, we make sure that your data is protected and that:
the European Commission says the country or organisation has adequate data protection, or
we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
If you’d like a copy of the relevant data protection clauses, please get send an email to email@example.com
How to make a complaint
If you have a complaint about how we use your personal information, please contact us through the app or send an email to firstname.lastname@example.org and we’ll do our best to fix the problem. You can also reach our Data Protection Officer in these ways.
If you’re still not happy, you can refer your complaint with a data protection supervisory authority in the EU country you live or work, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
Changes to this policy
We’ll post any changes we make to our privacy notice on this page and if they’re significant changes we’ll let you know by email.