Legal
Privacy Policy
How Outfund (MTL Financial Ltd) looks after your personal data.
Last updated: 26 July 2023
Outfund is the trading name of MTL Financial Ltd. Outfund respects your privacy and is committed to protecting your personal data. This privacy policy will tell you how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you in accordance with the UK General Data Protection Regulation (GDPR) and the EU General Data Protection Regulation (EU GDPR).
Outfund is a data controller and is registered in the UK with the Information Commissioner's Office (the ICO) under registration number ZA318997. By visiting and using our website, you acknowledge the practices described in this policy.
1. Important information and who we are
Purpose of this privacy policy
This privacy policy aims to give you information on how MTL collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our marketing emails, submit an application for a product or service, or use this website. This website is not intended for children and we do not knowingly collect data relating to children. It is important that you read this privacy policy together with any other privacy or fair processing policy we may provide on specific occasions, so that you are fully aware of how and why we are using your data.
Controller
Outfund is the controller and responsible for your personal data (collectively referred to as Outfund, "we", "us" or "our" in this privacy policy). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy.
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our DPO:
- Full name of legal entity: MTL Financial Limited
- Email address: dpo [at] out.fund
- Postal address: 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes to the privacy policy
We keep our privacy policy under regular review. This version was last updated on 26 July 2023. It is important that the personal data we hold about you is accurate and current; please keep us informed if your personal data changes during your relationship with us.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. The data we collect about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you, grouped as follows:
- Identity Data — first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data — physical address, billing address, email address and telephone numbers.
- Documentary evidence confirming identity and address, income and expenditure details, tax and accounting information, driving licence or utility bill.
- Financial Data — bank account and payment card details.
- Technical Data — IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Profile Data — your username and password to our platform and third-party platforms (including bank, payment processor and digital marketing accounts), applications, products or services requested, interests, preferences and feedback.
- Usage Data — information about how you use our website, products and services.
- Marketing and Communications Data — your marketing and communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data, which is not considered personal data in law as it does not directly or indirectly reveal your identity. We may also collect certain Special Categories of Personal Data, including details about criminal convictions and offences. Where we need to collect personal data by law, or to provide services to you, and you fail to provide it when requested, we may not be able to perform the contract we have or are trying to enter into with you.
3. How is your personal data collected?
We use different methods to collect data from and about you, including through:
- Direct interactions — when you apply for products or services, create an account, subscribe to our service or publications, request marketing, or give us feedback or contact us.
- Automated technologies — as you interact with our website we automatically collect Technical Data using cookies and similar technologies (see our Cookie Policy).
- Third parties or publicly available sources — analytics providers (e.g. Google), credit reference agencies (e.g. TransUnion, Experian), data aggregators (e.g. Moody's Analytics), social media (e.g. LinkedIn), and public sources such as Companies House and the Electoral Register.
4. How we use your personal data
We will only use your personal data when the law allows us to — most commonly to provide you with a revenue share facility or services, where it is necessary for our legitimate interests (or those of a third party), or where we need to comply with a legal obligation. Generally we do not rely on consent as a legal basis, although we will obtain your consent before sending third-party direct marketing. You can withdraw consent to marketing at any time by contacting us.
Below is a description of the ways we plan to use your personal data and the legal bases we rely on:
| Purpose / activity | Type of data | Lawful basis |
|---|---|---|
| To register you as a new customer | Identity; Contact | Provision of services to you; compliance with our legal obligations |
| To process your application and deliver our services (including a revenue share facility) | Identity; Contact; Financial; Transaction; Marketing & Communication | Performance of a contract; our legitimate interests; managing the relationship between you and potential lenders |
| To manage our relationship with you (e.g. notifying you of changes, requesting reviews) | Identity; Contact; Profile; Marketing & Communications | Provision of services; legal obligation; our legitimate interests (keeping records updated, studying use of our products) |
| To administer and protect our business and website | Identity; Contact; Technical | Our legitimate interests (IT, security, fraud prevention, reorganisation); legal obligation |
| Conducting personal credit checks | Identity; Contact; Financial | Assessing your eligibility for credit |
| To use providers of software platforms, contractors and potential lenders | Identity; Contact; Financial | To process applications, assess financial status, check repayment history and make decisions on your application |
| To deliver and measure relevant content and advertising | Identity; Contact; Profile; Usage; Marketing & Communications; Technical | Our legitimate interests (developing services, growing our business, informing our marketing strategy) |
| To use data analytics to improve our website, products and services | Technical; Usage | Our legitimate interests (keeping our website relevant, developing our business) |
The personal information we collect may be shared with fraud prevention agencies to prevent fraud and money laundering and to verify your identity. We use cookies to distinguish you from other users — see our Cookie Policy. Our website includes embedded products from social media companies (such as Facebook, X/Twitter, LinkedIn and YouTube); your personal data may be collected by and/or shared with them in accordance with their policies and this policy. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can opt out of marketing at any time via the "Unsubscribe" link in any email, by updating your preferences in your account, or by emailing marketing [at] out.fund.
5. Disclosures of your personal data
We may share your personal data with internal third parties within our group, external third parties (service providers, professional advisers, regulators and finance providers on our panel of lenders), specific third parties, and parties to whom we may sell, transfer or merge parts of our business. We require all third parties to respect the security of your personal data and to treat it in accordance with the law, and we only permit them to process it for specified purposes and in accordance with our instructions.
6. How we keep your information secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to those who have a business need to know. Core measures include storing personal data in an encrypted database, transmitting it in an encrypted format, and securing our networks with certified firewalls in a multi-layered fashion with redundancy. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where legally required.
7. Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period we consider the amount, nature and sensitivity of the data, the potential risk of harm, the purposes of processing and applicable legal requirements. Details of retention periods are available in our retention policy on request. In some circumstances you can ask us to delete your data, or we may anonymise it for research or statistical purposes.
8. Your legal rights
Under certain circumstances you have rights under data protection laws in relation to your personal data:
- Request access to your personal data;
- Request correction of your personal data;
- Request erasure of your personal data;
- Object to processing of your personal data;
- Request restriction of processing of your personal data;
- Request transfer of your personal data; and
- Withdraw consent at any time where we rely on consent.
If you wish to exercise any of these rights, please contact us at dpo [at] out.fund. You will not usually have to pay a fee, although we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive or excessive. We may need to request specific information to confirm your identity. We try to respond to all legitimate requests within one month.
9. Glossary
Lawful basis
Legitimate Interest means the interest of our business in conducting and managing it to give you the best service and most secure experience, balanced against any impact on you and your rights. Performance of Contract means processing necessary for a contract you are party to (or to take steps before entering one). Comply with a legal obligation means processing necessary for compliance with a legal obligation we are subject to.
Third parties
External third parties include service providers acting as processors (in and outside the EU) providing IT, CRM and system administration services; professional advisers (auditors and insurers); HM Revenue & Customs, regulators and other authorities; and finance providers on our panel of lenders to whom we refer applications.
For any questions about this policy, contact our Data Protection Officer at dpo [at] out.fund.