Privacy Policy

This Privacy Policy applies to all individuals who supply personal data to us and sets out how we use your personal data in relation to the supply of our Services (we provide services to help build your Loal credit score in order to improve your prospects of obtaining credit with us, and we provide credit, subject to status, all through our mobile app (the App)). This privacy policy sets out how we use your personal data as a data controller in relation to the Services through the App, and through your use of the App.

Who we are?

We are Loal (trading name of Oakam Ltd) (hereafter referred to as “Loal” “we”, “us” and “our”) a company incorporated and registered in England and Wales with company number 05878249 and its registered office address is at 86-90 Paul Street, London, England, EC2A 4NE (“Loal”). Oakam Ltd trading as Loal is authorised and regulated by the Financial Conduct Authority under firm reference number 678734. We are the data controller of your personal data for the purposes of the UK General Data Protection Regulation. Our data protection officer can be reached at privacy@loal.app.

What personal data do we collect?

We may collect and use the following information about you:

  • Information you share with us. This is the information about you or relating to you that is voluntarily shared by you on our App. Information you share with us may include, without limitation, your name, identification number, address, email address, marital status, information on dependants, nationality, residential status, employment status, financial information, telephone number, information about your device, your browsing records, the comments you make on our Service, as well as account and billing details, details of any existing loans or finance arrangements that you wish to display in the App, any lists you create, and photos, videos and voice recordings as accessed with your prior consent through your device settings you turn on.

Information you share with us also includes any postings that you make on the Service, including any postings from others that you re-post, location data and log data associated with such postings, and information about you (including location data and log data) that others who are using our Service share about you. Information you share on any postings with us will remain publicly available on the App for so long as you or a user that has shared such information retains it.

  • Information you share from your social networks. If you choose to link our Service to your social network or public forum account (including without limitation Facebook, Twitter or Google account), you may provide us or allow your social network to provide us with information from your social network or public forum accounts, including your social media login details. This data may include your use of our Service on such public forums and/or social networks. For further information as to how and for what purpose the social network provider processes your data, please see their privacy policies.
  • Information on your device. We automatically collect certain data from you, including IP address or other unique device identifiers such as Google advertising ID, Android ID, Identifier for Advertising, mobile carrier, time zone and locale setting, operating system and platform, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, Bluetooth signals, International Mobile Equipment Identity, International Mobile Subscriber Identity, data from device settings, information you allow us to receive through device settings you turn on, such as access to your GPS location, photos, videos and voice recordings and other information on your device.
  • Behavioural information we collect about you. We also collect information regarding your use of the Services, e.g. your comments on our Service or any other content that you posted on or through the Service, views and interactions on the App. In addition, we may link your contact or subscriber information with your activity on our Service across all your devices using your email or social media log-in details, engagement (including without limitation likes, shares, comments, repeated views) and related users based on your behaviour. Finally, we collect opt-ins and communication preferences.
  • Location data. We may collect and process information about your location, including location information based on your SIM card, IP address or mobile device location settings, and if activated on your mobile device, by use of a Global Positioning System (GPS). We may use such information to provide you with location-based services, such as features, notifications, marketing, or other content that is influenced by your location. If you do not wish to share your GPS location with us, you can switch off GPS functionality on your mobile device.
  • Metadata. When you post content, including images, text and audio to our Service, you automatically upload certain metadata that is connected to the content. In essence, metadata describes other data and provides information about your content that will not always be evident to the viewer. In connection with your content, the metadata can describe how, when and by whom the piece of content was collected and how that content is formatted. It further includes information such as your account name that enables other users to trace back the content to your user account. Metadata will further consist of additional data that you chose to provide with the content, e.g. any hashtags used to mark keywords to the comments.
  • Information from third parties. We may receive information if you use any of the websites we operate or other services we provide. We may also receive information from third parties (such as advertising networks and analytics providers) and from other sources, including business directories and other commercially or publicly available sources.

If you apply for loan with us, we will check any records about you held by credit references agencies (CRAs). CRAs provide us with public information and share credit and fraud prevention information, including information about previous loan applications and the conduct of your loan accounts.

If you apply for a loan with us, we also undertake checks with fraud prevention agencies (such as Cifas), who provide us with personal information for the purposes of preventing fraud and money-laundering, and to verify your identity, before we make a decision about your application.

We may collect your Open Banking data (including name, address, bank account number, sort code, balance, overdraft limit and statement information) to increase the level of your information on the App used to build your Loal Trust Level and in order to perform affordability assessments if you apply for a loan from us. This information, with your consent, is collected and provided to us by Credit Kudos in accordance with their terms of business and privacy notice.

  • Contacts information. We may collect contact information from your contact list, address book and your social network to help you and others find people you may know and enable you to link our Service with the contact lists on your device and/or in your account on third party services. We will ask for your consent to access your contact list and address book before doing so. You may at any time allow or disallow us to access your contact list and address book by changing your settings.
  • Other information. We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.
  • Third party services. If you create an account to use our Service by connecting with a third-party service, such as Facebook, Google, Instagram, Whatsapp or Email, we may collect information from such third-party service, including without limitation your third-party service username, gender, profile image, birthday and third-party service contact list.

How do we process personal data?

We may process your personal data for a variety of reasons, as follows:

  • To operate the App and provide the Services, including to:
    • authenticate your access to an account on the App (Account)
    • communicate with you about your Account, the App, the Services, or Loal;
    • allow you to participate in interactive features of our Service, when you choose to do so;
    • personalize the content you receive and provide you with tailored content that will be of interest to you;
    • improve and develop Loal products and services;
    • measure and understand the effectiveness of our recommendations and Services we offer to you and others;
    • provide you with tailored services based on the country settings you have chosen, such as recommendations and other content that is related to the country settings;
    • create an account connection between your Account and a third-party account or platform;
    • perform creditworthiness and other financial standing checks, evaluate applications, and compare information for accuracy and verification purposes;
    • make suggestions and recommendations to you and other users of our Service about goods or services that will interest you or them;
    • allow other users to identify you as a user of the Service and to support the socializing function of the Services;
    • keep your Account and financial information up to date, and to keep your Account secure.
  • To manage our provision of the Services, such as monitoring, analysing, and improving the Services’ performance and functionality. For example, we analyse user behaviour and perform research about the way you use our Services.
  • To manage risk and protect us, the Services and you from fraud by verifying your identity. Loal’s risk and fraud tools use personal data, device Information, technical usage data and geolocation information, from the App to help detect and prevent fraud and abuse of the Services.

We may process your personal data as set out above in reliance on one of the following legal bases:

  • To comply with our obligations, including to comply with all applicable laws and regulations.
  • For the performance of our contract with you, including the provision of the Services;
  • For our legitimate interests, including to:
    • enforce the terms of our Services;
    • manage our provision of the Services, such as monitoring, analysing and improving the Services’ performance and functionality;
    • manage risk and abuse of the Services;
    • prevent fraud and money laundering, and to verify identity, in order to protect our business and to comply with applicable laws;
    • anonymise personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why users use our Services; and
    • conduct business to business marketing; and
    • provide personalised Services (also called interest-based marketing) offered by Loal  on third-party websites and online services. We may use your personal data and other information collected in accordance with this Privacy Policy to provide a targeted display, feature or offer to you on third-party websites.
  • With your consent, including:
    • To market to you about Loal’s products and services and the products and services of unaffiliated businesses. We may also process your personal data to tailor the marketing content and certain Services or Site experiences to better match your interests on Loal’s and other third-party websites.
    • To use tracking technologies to provide a targeted display, feature, Service or offer to you and/or to work with other third-parties such as merchants, advertising or analytics companies to provide these personalised services (also called interest-based marketing).
    • To provide you with location-specific options, functionality or offers if you elect to share your geolocation information through the Services. We will use this information to enhance the security of the Services and provide you with location-based Services, such as advertising, search results, and other personalised (also called interest-based marketing) content.
    • To respond to your requests, for example to contact you about a question you submitted to our customer service team.

To make it easier for you to find and connect with others. For instance, if you let us access your contacts or when your Account profile is public, we can suggest connections with people you may know and help others connect with you. We may also associate information that we learn about you through your and your contacts’ use of the Services, and information you and others provide, to suggest people you may know or may want to transact with through our Services. Social functionality and features designed to simplify your use of the Services with others vary by Service.

You can withdraw your consent at any time and free of charge by contacting us via the App.

How long do we retain personal data?

We retain personal data in an identifiable format for a minimum of six years after you cease using our Services and so long as is reasonably necessary for the purposes for which it was obtained and in accordance with our legal obligations, and will follow our personal data destruction policy and processes thereafter. If your Account is closed, we may take steps to analyse personal data and other information and retain such information without destroying this.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

How we share your information

We may share your personal data or other information about you with others in a variety of ways as described in this section of the Privacy Policy, as follows:

With other members of our group of companies: We may share your personal data with members of our family of entities to, among other things, provide the Services you have requested or authorised, to manage risk, to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage the availability and connectivity of Loal products, Services, and communications.

With other companies that provide services to us: We share personal data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with an aspect of the Services, verify your identity, send you advertisements for our products and services, provide customer support or debt collection services.

With other financial institutions: We may share personal data with other financial institutions that we have partnered with to jointly create and offer a product. These financial institutions may only use this information to market and offer Loal-related products, unless you have given consent for other uses.

With CRAs and fraud prevention agencies: If you apply for a loan with us, we will perform credit and identity checks on you with one or more CRAs. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will continue to exchange information with you about CRAs while you have a loan account with us, and we will inform CRAs about your settled accounts. If you borrow from us and do not repay in full and on time, provided that there is no genuine dispute about the sum owed, we will register your default with CRAs, and they will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. More information about CRAs, their role as fraud reference agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN) available at https://www.equifax.co.uk/crain/.

The personal information we have collected from you will also be shared with fraud prevention agencies who will use it to prevent fraud and money laundering, and to verify your identity.

With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for Loal’s business purposes or as permitted or required by law, including:

  • if we need to do so to comply with a request from law enforcement authorities, a regulatory body or other government official, or to comply with an applicable law, legal process or regulation. For example, we and fraud prevention agencies enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime;
  • if we believe, in our sole discretion, that the disclosure of personal data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
  • to protect the vital interests of a person;
  • to investigate violations of or enforce a user agreement or other legal terms applicable to any Service;
  • to protect our property, Services and legal rights;
  • to help assess and manage risk and prevent fraud against us, our users and fraud involving use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals, and merchants;
  • to banking partners as required by card association rules for inclusion on their list of terminated merchants;
  • to credit reporting and collection agencies;
  • to anyone to whom we transfer or may transfer our rights and duties under any agreement we may have with you;
  • to companies that we plan to merge with, purchase or be acquired by; and
  • to support our audit, compliance, and corporate governance functions.

With your consent: We also will share your personal data and other information with your consent or direction, including if you authorise an account connection with a third-party account or platform.

In addition, Loal may provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why users use our Services. This data will not personally identify you or provide information about your specific use of the Services. We do not share your personal data with third parties for their marketing purposes without your consent.

Transfer of Data

Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.

The systems and parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection. We will take all reasonably necessary steps, in accordance with EEA and UK data protection law, to ensure that any transfer of your personal data outside of the EEA is made securely, and that there is adequate protection in place in order to protect your personal data. Such transfers will usually be subject to an adequacy decision in respect of the receiving territory, or standard contractual clauses which are contractual protections that have been approved by the EU Commission or the Information Commissioner’s Office. Please contact us for more information about this.

If you make transactions with parties outside the EEA, UK or connect our Service with platforms, such as social media, outside the EEA or UK, we are required to transfer your personal data with those parties in order to provide the requested Service to you.

Security of your data

In order to protect your personal data, we have appropriate organisational and technical security measures in place. We apply suitable and sufficient security procedures in the storage and disclosure of information that you have given to us in order to prevent, as far as possible, any unauthorised access. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach. However, due to the nature of the medium, we are unable to provide any guarantee that information stored by us will not be subject to unauthorised access and any transmission is at your own risk.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

Automated decisions

We may use automated decision-making for decisions concerning credit, and in order to underwrite any loan with us. The use of automated decision-making is a requirement to enter into a loan with us. You have the right to request that we undertake a manual review of the results of the automated decision rendered. Our automated decision-making systems include, but are not limited to, the following inputs:

  • Credit model algorithms
  • Affordability algorithms
  • Anti-fraud and anti-money laundering databases and algorithms
  • Other data sources that provide inputs that show your creditworthiness, affordability or fitness to receive credit

We also use algorithms for automated decision-making based on data automatically collected from your device (see ‘Information on your device’, above), and may conduct profiling, in order to optimise the Services and tailor the Services to your preferences.

We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or loan you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in other third parties refusing to provide services, financing or employment to you.

Your rights

Subject to limitations set out in EEA and UK data protection laws, you have certain rights in respect of your personal data. In particular, you have a right of access, rectification, restriction, erasure, the right to object to processing and the right to data portability. Please contact us by emailing privacy@loal.app or via the App if you wish to exercise these rights. If you wish to complete an access request to personal data that Loal holds on you, please note that photo identity will be required to prove your identity.

If you have an Account, you can review and edit personal data in the Account by logging in and updating the information directly.

If you have any queries or concerns, we hope that we can address these. Please contact us via email at privacy@loal.app, or by post at Loal, Sunley House 3rd Floor, Bedford Park, Croydon, England, CR0 2AP.

You may also lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk, by writing to the Information Commissioner’s Office, Water Lane, Wilmslow, SK9 5AF, or by telephone to 0800 023 4567.