Pave Privacy Policy – Pave

Introduction

Pave is a credit building service provider that helps you build your credit score with Experian, Equifax and TransUnion without interest, APR or a hard credit check. In order to provide our credit building services to you, we process (e.g. collect, record, store, use and share) some of your personal information (also referred to as personal data).

Under UK data protection law, we are required to provide you with information about how we use your personal information to provide our credit building service to you. This is the purpose of this privacy policy.

About Us

Pave refers to Pave Fintech Limited which is a private limited company registered in England and Wales, company number 10780281. Pave Fintech Limited trades as Pave which is authorised and regulated by the Financial Conduct Authority (FRN: 828125). Pave is the data controller in relation to the personal information that it processes in order to provide its credit building services. Being a data controller simply means that Pave, as the credit building service provider, determines the purpose (i.e. the why) and the means (i.e. the how) your personal information is processed in order to provide its credit building service.

Contact Us

Should you have any queries about how we process your personal information, please do not hesitate to reach out to us through any of the following means:

Post:167-169 Great Portland Street, 5th Floor, London, W1W 5PF
Email: team@paveapp.com

How we use your personal information?

What personal information do we process?

Sources of personal information

The purpose(s) of processing your personal information

The legal basis for processing your personal information

We typically process the following personal information in order to provide our credit building service to you:

Your identity information (e.g. full name, date of birth, residential address history for the last 6 months).
Your contact details (e.g. telephone contact number, email address).
Should you connect Open Banking via the Pave App, we will have visibility of 18 months’ worth of your transaction data on the connected account.
We collect your employer details (e.g., employer name) to enable us to accurately categorise inflows as income from your Open Banking transaction data.

We typically collect your personal information directly from you.

We gain visibility of your Open Banking transaction data through your bank provider when you connect an account via the Pave App.

We process your identity information and contact details in order to set up your account with Pave.

We use your email address and telephone contact number as the primary identifier for your account with us.

We use your email address to keep you updated on changes to the existing services you have with us and to notify you about updates to your credit report.

We use your telephone contact number to contact you in emergency situations (e.g. should you miss a payment owed to Pave and are at risk of enforcement action).

We use your identity information to accurately match you against your credit profile held by Experian, TransUnion and Equifax.

We use your Open Banking transaction data to determine your affordability for the Pave overdraft protection product (if applicable) and for features within the app.

We use your email address for marketing purposes, namely, to keep you updated with new products and services.

When we process your personal information (e.g. identity information, contact details) to set up your account with Pave, identify you as the authorised account user, communicate changes/updates to your existing services and contact you in emergency situations or match your credit reports, we rely on the contract legal basis which means that the processing of your personal information is necessary for the performance of the service agreement we enter into with you.

Please note that the above information is necessary to enter into a service agreement with us and you are therefore obliged to provide such information in order to enter into a service agreement with us. Should you not provide the above personal information to us, we will not be able to enter into a service agreement or be able to provide an effective service to you.

Where we use your Open Banking transaction data to determine your Pave overdraft protection affordability, we rely on the contract legal basis.

Where we use your email address for marketing purposes, we rely on the legitimate interests legal basis which means that the utilisation of your email address is necessary for us to pursue our legitimate commercial interests in making you aware of our other products and services that you may be interested in.

International Transfer

UK data protection law requires us to only transfer our customers’ personal information outside of the EEA where there are appropriate arrangements in place in the receiving third country to provide equivalent protection to our customers’ personal information. In the absence of such arrangements, we are prohibited from transferring our customers’ personal information outside of the EEA.

At Pave, we do not transfer our customers’ personal information outside of the EEA. Our service providers such as our product analytics software provider only processes our customers’ personal information in the EEA.

Data Sharing

We share your personal information to the following categories of recipients in the following circumstances:

Regulatory/law enforcement bodies: We would share your personal information with this category of recipients where, for example, we are under a legal or regulatory obligation to do so.
Credit reference agencies (e.g., Experian, TransUnion and Equifax): We ordinarily would share your repayment performance with Pave with credit reference agencies (if applicable under your service with us) to assist build your credit as part of our core service offering.
Service providers: We share your personal information with service providers such as our CRM provider and product analytics software provider as part of our ordinary business operations.
Professional advisers: We may share your personal information with our lawyers, regulatory advisers, accountants and other professional advisers to assist us comply with our legal and regulatory obligations.

Data Storage

We store your personal information for as long as you are our customer in order for us to provide an effective service to you. We continue to store your personal information following cessation of your relationship with us for as long as is necessary for us to be able properly investigate any complaints or legal claims that may arise within the limitation period which normally means that we store your personal information for up to six years following cessation of your relationship with us.

Your Rights

UK data protection law gives you certain rights in relation to your personal information. These are as follows:

Right of access – This is the right for you to request confirmation from us as to whether or not we are processing your personal information, to request a copy of this privacy policy or a copy of the personal information that we process concerning you.
Right to rectification – This is the right for you to obtain from us rectification of any inaccurate personal information we hold concerning you.
Right to erasure – This is the right for you to obtain from us erasure of your personal information in certain circumstances such as, for example, where it is no longer necessary for us to process the personal information.
Right to restrict processing – This is the right for you to request that we limit the way that we process your personal information in certain circumstances such as, for example, where you contest the accuracy of the personal information and request the restriction of processing whilst we verify accuracy.
Right to object – This is the right for you to object to the processing of your personal information based on the legitimate interests legal basis. We rely on the legitimate interests legal basis to process your email address for direct marketing purposes. You have the right to object to this use of your personal information and, if so exercised, we will no longer process your email address for direct marketing purposes.
Right to data portability – This is the right for you to receive a copy of the personal information concerning you that we process in order to fulfil our service agreement with you in a commonly used and machine-readable format (e.g., open formats such as CSV, XML, JSON).

Complaints

UK data protection law gives you the right to lodge a complaint with the Information Commissioner’s Office (‘ICO’) should you be dissatisfied with our processing of your personal information. You can reach out to the ICO through any of the following means:

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Automated Decision-Making

We process some of your personal information such as your Open Banking transaction data to make automated decisions about your eligibility for Pave’s overdraft protection service. Automated decision-making simply means that the decision is made programmatically without any human involvement. Our credit decisioning engine which determines eligibility for our overdraft protection service processes your income and expenditure information to determine your affordability and processes your credit report data to determine your credit risk, and combines the outcome of both assessments to determine your eligibility. Should our credit decisioning engine determine that you are eligible for our overdraft protection service, this will be offered to you otherwise you will be notified that you are ineligible for this service.