Zopa Privacy Notice

This is the Privacy Notice for Zopa Bank Limited referred to as "Zopa", "we", "us" or "our" in this document.

This Privacy Notice provides details of what information we collect from you, what we do with it, who we share it with and your rights in relation to it.

Last updated: 13 November 2024

Topics

  1. The Information we collect about you

  2. Using your information

  3. Sharing your information

  4. Tools

  5. Credit reference agencies

  6. Fraud prevention agencies

  7. Overseas transfers

  8. Retaining your information

  9. Automated decisions and profiling

  10. Advertising

  11. Consequences of processing

  12. Your rights

  13. How to contact us or make a complaint

  14. Consequences of not providing us with your personal data

  15. Keeping your information safe

  16. Cookies

  17. About Zopa

  18. Changes to this Privacy Notice

1. The information we collect about you

The types of personal data that we collect and process about you will depend on how you interact with Zopa and what Zopa products, if any, you use or have applied for.

It may fall into the following categories but will extend to any data about you that we process, as a result of your interactions with Zopa.

We may also collect ‘special category data’ about you. As this is treated differently under data protection law, there’s a section dedicated to it below.

Personal dataExamples
Contact and ID
  • Name
  • Address
  • Date of birth
  • Telephone numbers
  • Email address
  • Photographic ID (passport, driving licence)
  • Marital status
  • Financial dependants
Financial
  • Outstanding credit commitments
  • Financial history
  • Bank account details
  • Incomings and outgoings
  • Employment status & benefit details
  • Details of any vehicle we have financed
  • Tax status
  • Open banking data (including details of your transactions with other financial institutions)
  • Information about your current accounts with other providers
  • Credit file data (including details of your credit commitments and credit history)
  • Changes in your circumstances which may affect your ability to repay Zopa
Operational
  • Communications between us
  • Complaints
  • Log ins
  • Data subject access requests
  • Correction requests
  • Fraud checks
Marketing and advertising
  • Demographic data about you
  • Unique IDs, and other online identifiers like IP address
Regulatory
  • Immigration status
  • Sanctions status

This information may come from:

  • You, when you want to apply for any of our products e.g. if you apply for a loan or a credit card (including if your application is declined) or ask us to provide you with a personalised rate. As well as getting information directly from you, it can also come from intermediaries like brokers, or price comparison websites that you use.

  • The way you use your account, and our website, app and services

  • Your other interactions with us, including information you share with us

  • Credit reference agencies (who may check the information against other databases – public and private – to which they have access), fraud prevention agencies or third parties that help us to prevent fraud and meet our legal obligations

  • Your financial services providers

  • Our open banking providers

  • Governmental bodies (including the Home Office)

  • Other third parties and other publicly available sources. This may extend to adtech networks where we want to show people adverts for Zopa

2. Using your information

Data protection law requires us to have a legal ground to use your personal data. We rely on one or more of the following grounds to use your personal data:

  • To perform our contractual obligations under our agreement with you

  • To comply with a law that we are subject to as a financial institution

  • We have a legitimate interest in using your information which isn't outweighed by your interests, rights and freedoms

  • You have given us your consent

We've set out in the table below how we use your personal data and the legal basis for using it. We also cover ‘special category data’ in more detail below:

How we may use your informationLawful basis for processing
To onboard and serve you as a customer:
  • Verify your identity and any other information you've provided us, including your financial situation
  • Prevent or detect attempted fraud, money laundering or other crime in your name
  • Assess your eligibility for our products and services
  • Assess your credit worthiness, to determine whether you can afford a product you requested; or afford to add more to an existing product
  • Provide information to credit reference agencies in connection with your account(s) (see section 5 below for more details)
  • Manage your account(s) with us
  • Receive service messages about your account
  • Improve the relevance of marketing messages we may send you
  • Process payments that are paid to you or by you
  • Verify your employment status, including by contacting your employer
  • Monitor your repayment record and any events relevant to your ability to repay Zopa
  • Provide information to other financial services providers to enable the transfer of funds direct to Zopa (including to confirm the details on your account match those given by the person attempting to send you money)
  • Provide information to other financial services providers as part of dealing with fraud claims (including APP fraud)
To perform our contractual obligations under our agreement with you:
  • To respond to your queries
  • To allow you to use our services
  • To allow us to provide the services or financing you've requested
  • To use Open Banking features
To comply with laws and regulations:
  • UK/EU anti-money laundering laws and regulations
  • UK/EU/UN sanctions (which prohibit us from providing products to certain individuals)
  • Rules and regulations imposed by the Financial Conduct Authority and HMRC
Legitimate interest:
  • Protecting our customers from unnecessary risks
  • Ensuring we earn a reasonable rate of return
You have given us your consent.
  • To get your full credit file from a credit reference agency to give you insights and analysis
To improve our business and products:
  • To develop new products and services both in-house and in conjunction with our partners.
  • Prepare statistical reports (including through anonymisation and aggregation of data) using information about you, other customers and non-customers to help us manage our business better, for example improving our risk models
  • Analyse, assess and improve our services to customers, and for training and monitoring purposes
  • Profile our existing customers to enable us to more accurately target new customers (see section 9 below for more details)
Legitimate interest:
  • Developing and marketing new products and services our customers (and prospective customers) will find useful
  • Protecting our customers from unnecessary risks
  • Ensuring we and investors who lend money via our platform earn a reasonable rate of return
  • Protecting us and our customers against harm to our collective rights and interests
  • Helping us to get new customers for Zopa products
  • To help our partners improve their products using anonymised/aggregated data
To protect our business:
  • To establish, exercise or defend legal claims against us
  • To trace and take appropriate action against you should you fail to repay any money we've lent you (including by getting in touch using any contact details you have provided to us)
Legitimate interest:
  • Protecting our investors from unnecessary risks
  • Preventing fraud and money laundering to protect our business
  • Ensuring we and investors who lend money via our platform earn a reasonable rate of return
To comply with laws and regulations:
  • Complying with your data subject rights
  • Provide HMRC a yearly report on savings products and ISA subscriptions
  • Obtain details about immigration status and share details of applicants and current account holders with the Home Office
  • Prevent or detect fraud, money laundering or other crime
  • Regulatory and statutory reporting
  • Internal and External audit purposes
To comply with laws and regulations:
  • UK Data Protection law
  • Immigration Acts
  • Finance Act 2011
  • UK/EU anti-money laundering laws and regulations
  • UK/EU/UN sanctions (which prohibit us from providing products to certain individuals)
  • Rules and regulations imposed by the Financial Conduct Authority and HMRC
To provide an enhanced service:
  • Refer you to credit brokers/other lenders if we're unable to offer you a loan or credit card
  • Send you marketing messages on behalf of Zopa
Legitimate interest:
  • To inform you of a new business activity we are undertaking
  • To inform you of a new product we are offering
  • To help grow our business
You have given us your consent:
  • For example, you subsequently opt back into marketing after initially opting out
To display advertising to you across the web and on social media platforms
We will process your data so that we can show you adverts for Zopa, including through providing personal data to Facebook and other social media platforms. We may do this as a result of you visiting the Zopa website or if we think you might be interested in seeing these ads. See Advertising below for more details.
You have given us your consent
  • where cookies or similar technologies are used.
Legitimate interests
  • where your data is sent to social media sites to allow better targeting
Third Party Marketing:
  • Send you marketing messages on behalf of third parties
You have given us your consent

Non-Zopa customers

We may process and hold your personal data where you are not a current Zopa customer or have not applied for a Zopa product, but have interacted financially with a current Zopa customer, for example sent or received a payment from a Zopa customer through one of our products, financially linked, through joint accounts, loans etc. This includes where we and other banks operate “Confirmation of Payee”, so if a Zopa customer wants to send you money, we’ll get your banking provider to verify your details and also any cases where Zopa receive a fraudulent payment from your account, in which case, we will work with your banking provider to compensate you where required.

We may also hold your data if you interact with Zopa’s website or social media posts/accounts. 

Direct marketing

When you register with Zopa we'll give you the option to opt-out of receiving different categories of messages from us. These categories relate to letting you know about new products or launches, promoting our existing products, and asking for feedback.

Messages we send can include marketing about Zopa-branded products and any other brands we provide products and services under, including “DivideBuy”.

We only send these messages if there is something worthwhile to tell you about. If you don't want to receive these messages you can log into your account and change your settings.

We’ll still send you messages relating to Zopa products you have where this is necessary to provide you with a good service. There also may be some messages that we're required by law or regulation to send you even if you ask us not to.

Special category data

Data protection law requires us to treat special category data with more care. Special category data includes biometric data (physical, physiological or behavioural characteristics about you), health data, criminal convictions, and any religious or political data.

We’ll only use special category data for the following purposes:

  • detecting and preventing financial crime,

  • verifying your identity through the use of biometric data; and

  • making our services accessible to customers.

Also we’ll only process special categories of information where we’ve obtained your explicit consent or where one of the limited grounds on which we can process special category data applies.

3. Sharing your information

We use and work with a range of third parties as part of running our business. This means that we will share your information with them and they may share your information with us. These third parties include:

  • Credit reference and fraud prevention agencies, to get information about you and provide updates on your financial status

  • Our regulators or government authorities, for example the Financial Conduct Authority, the Financial Ombudsman Service and the police

  • Collection agencies and lawyers to help us collect any money you owe us

  • Third party service providers that help us provide services to you including cloud based service providers, payment processors, and third parties that help us communicate with you (SMS, live chat, email). These service providers include “white label” service providers who use Zopa branding and operate as Zopa to help improve the customer journey. Our main current white label service providers are:

    • Evolution Funding Ltd, who contact our auto loan customers where they have chosen vehicles outside of a dealership in order to run vehicle and seller checks. Evolution Funding Ltd may also act as a finance broker for customers to check if other lenders are able to offer you finance, if we’re unable to help.

    • Paylink Solutions, who provide a budgeting tool that customers can use when they have loan repayment issues.

    • Decision Tech who provides an energy comparison and switching service in our app

    • Motiv Finance, who provide prospective auto loan customers with a catalogue of vehicles available for purchase

  • Companies that help us understand, improve and market our products, and also that help us prevent fraud and criminal activity

  • Retailers that you've purchased goods or services using loans provided by us

  • Financial services providers to facilitate open banking services (like giving you the ability to transfer funds from another bank account to a Zopa product within the Zopa app or to give us access to your transactions)

  • If we are unable to offer you a loan, credit brokers or other lenders who may be able to arrange credit for you

  • If a borrower is unable to repay their borrowings, we, and any third party who takes ownership of their borrowings, may use the services of debt collection agencies and lawyers

  • Motor asset aegistration Services (such as Experian, CDL, AutoTrader and HPI) to advise them of our ongoing financial interest in vehicles we’ve financed for our auto loan customers, so that other participants in the motor industry, including finance providers and consumers can see that we have an interest secured against the vehicle

  • any third party is appointed to handle your affairs (for example a trustee in bankruptcy or someone acting under a power of attorney)

  • potential acquirers of Zopa or its assets including debt held by Zopa (as part of a sale of assets or shares, including as part of an insolvency)

  • financial institutions who have received funds from you fraudulently (for example where you send funds to a bank at the direction of a fraudster).

  • academic institutions, for example to help understand trends in lending

Third parties’ use of data for their own benefit

We use a range of third parties to provide services to us. Most of these third parties will process data only on our behalf to provide services to us.

However, some will make use of your data for their own purposes. Sometimes this is so they can comply with their own legal obligations, other times it’s to improve their own products and services or to troubleshoot issues.

Where data is used to benefit their own services, it will usually be on an anonymised and aggregated basis, meaning that once your data has been used, it will no longer be stored by the third party. One example of this is that third parties may use your personal data to improve their own machine learning models (used to assess risk or predict behaviour) by processing your personal data. Insights derived from your data will remain in the model but the underlying personal data will be anonymised/deleted.

We will never permit third parties to use your personal data to market to you in their own name unless we have your consent.

Payment processors

Zopa makes use of third parties so we can make payments to and from you. In particular, we use the following third parties who will use data for their own purposes. Where available, we’ve provided a link to their privacy notice so you can understand more about how they use your data:

ClearBank

Product: Current account

Privacy notice: https://clear.bank/privacy-notice

NatWest

Product: Loans, credit cards

Mitek

We use Mitek to help us verify applicants’ identities for our current account product. Their privacy notice at www.hooyu.com/legal/privacy-policy gives details on how they use your information. As part of using Mitek, we’ll obtain your consent on behalf of Mitek to their processing of your personal data.

Twilio

We use Twilio to send SMS messages to you to provide a more secure login experience. In addition to Twilio using data to provide services to Zopa, they also make use of data to for their own purposes, including billing, reconciling invoices with telecommunications carriers, and to troubleshoot and detect problems with the network. More information on Twilio’s practices can be found here: https://www.twilio.com/legal/privacy.

Open Banking

Open Banking is a catch-all term used to describe efforts to make it easier for financial services providers to talk to each other.

Using Open Banking, you can:

  • transfer funds directly from a bank account you hold with another bank from within the Zopa app

  • if you're applying for a loan or credit card, give Zopa access to the transactions on your current account so we can do things like verify your income more quickly

  • give us access to financial transactions with your other financial service providers so we can give you a personalised view of the products and rates we may be able to offer you, provide you with tips and helpful information about your finances and the general economy

If you use Open Banking features, we’ll transfer personal data about you to the other bank. In turn, they’ll transfer data about you back to Zopa. For example, if you want to transfer funds from your other bank to Zopa, we’ll transfer data about the request to your other bank, and your other bank will let us know whether the transfer has been approved by you.

We work with TrueLayer and Bud to help with Open Banking features. They act as the glue between Zopa and other financial services providers. You may be asked to agree to their terms when you use Zopa products and services.

If you withdraw your consent for us to access your Open Banking data, we won’t receive any further Open Banking data from your other financial services providers. However we will retain the Open Banking data we previously accessed before you withdrew your consent (see ‘Retaining your information’ below).

When you give us access to your Open Banking data, the records of your financial transactions that we receive may also include the personal data of other individuals, like the name of the person you have sent a payment to or received a payment from.

If a third party whose data we have captured when accessing your financial transactions, requests we delete their personal data, we'll try to comply with this request.

Google Recaptcha

We use Google ReCaptcha to help keep the site secure and restrict bot activity. Recaptcha works in the background to analyse how visitors are using the site and gives us a risk score, based on how it views a visitor. If we think the visitor is a bot, we may restrict the way it uses Zopa’s site or conduct verification checks that the user is not a bot.

Google’s privacy notice (https://policies.google.com/privacy) and terms (https://policies.google.com/terms) give more details about how your data is used, however Recaptcha will not use any data collected about you for personalised advertising.

4. Tools

We make Tools available in the Zopa app which are generally designed to help you manage your finances. These Tools use your Open Banking data and/or credit file data. You can access these Tools through our mobile app. Our Supplementary data and Tools terms available in the Zopa app provide additional information about the ways our Tools make use of your personal data.

5. Credit reference agencies

If you ask us to provide you with a personalised rate for a loan or credit card, we'll supply your personal data to credit reference agencies (CRAs) and carry out what’s called a 'soft credit search' to get a view of your credit rating.

The CRAs will record our search but other lenders won't be able to see it and it won't affect your credit score.

Associates

When we perform a soft search on you, this will also include a soft credit search of any person that you share financial ties with (a joint current account or a joint mortgage, for example), this person is known as a ‘financial associate’. Beyond using your financial associate’s data for decisioning purposes, we will not use their data for any other purpose (however, it will leave a soft search on their credit file, so you should make them aware before requesting a quote).

CRAs link your records together and these links will remain on your and their files until such time as you or your partner successfully files a request with the CRAs to break that link.

The above soft search will give us an overall view of your financial health (including your credit score) but not your full credit report. This will help us determine whether your application is likely to be successful and the interest rate we might charge.

Full searches

It's only when you accept our offered quote that we will carry out a full search of your credit report. CRAs will supply to us both public (including electoral register) and credit, financial situation and financial history information and fraud prevention information about you.

We will use your credit file information to:

  • Assess your creditworthiness and whether you can afford the product you want

  • Verify the accuracy of the information you have provided us

  • Prevent criminal activity, fraud and money laundering

  • Manage your account

  • Trace and recover debts

  • Ensure any offers provided to you are appropriate to your circumstances

We'll go on sharing your personal data with CRAs for as long as you are a customer. We will also inform CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. They may also provide this information to other organisations including financial institutions who offer similar products to Zopa.

As a general rule, we'll give you at least 28 days' notice if we decide to file a default on your credit reference file. However, we may not always give you notice beforehand, for example, if we plan to take court action.

As well as the above:

  • we’ll get information from CRAs about changes in your circumstances that might affect your ability to repay us. This is to help us monitor your situation so we can take early action to help you manage your repayments to us. Information we get includes any recent bankruptcies or county court judgments, or any missed payments or significant changes in your debt (including with other lenders), together with scores created by the CRAs relating to your continuing ability to repay your borrowing.

  • we may conduct searches with credit reference agencies to verify any identity and bank account details you provide to us (for example where you are linking a bank account to your savings account). As above this may result in a record of this check being added to your credit file.

  • We may use data from credit reference agencies to supplement data you’ve provided to us for the purposes outlined below in “Automated Decision Making and Profiling” and to help us understand you better, generally, for example, whether you would be interested in other Zopa products.

  • We will share data about your current account usage (including your current balance and funds deposited into the account). CRAs and other lenders may use this data for preventing over-indebtedness, fraud and money laundering, to help with debt recovery and debt tracing and to assist with income and identity verification.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in the Credit Reference Agency Information Notice (CRAIN), which is available from each of the three CRAs-clicking on any of these three links will take you to the CRAIN document:

  1. TransUnion

  2. Equifax

  3. Experian

6. Fraud prevention agencies and Governmental bodies

Fraud prevention agencies

If you give us false or inaccurate information or if we suspect or identify fraud we may record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention including law enforcement agencies.

We can also use any data you give to us or that we collect about you, including where we collect data from you to verify transactions, data obtained from credit reference agencies or from cookies or other online identifiers.

We and other organisations may access and use the above information to investigate and prevent fraud, money laundering or other criminal activity.

Fraud prevention agencies may hold your information for different periods of time, and if you're considered to be a fraud or money laundering risk, your information may be held for up to six years. It may also result in us and others refusing to provide services, financing or employment to you.

You can contact us using the methods available at zopa.com/contact if you'd like to know more about the credit reference and fraud prevention agencies we use. The fraud prevention agency we currently use is Cifas. We use Cifas to help prevent fraud, money laundering and to verify your identity.

Further information about how Cifas process your data can be found on their Fair Processing Notice.

Governmental bodes

We’re under a legal obligation to not provide current accounts to individuals without the right to be in the UK. To enable us to comply with this legal obligation we check the status of applicants for current accounts and also for current account customers on a regular basis after they’ve opened a current account. If the applicant or the customer subsequently does not have the right immigration status, we won’t let them open an account or will close their account, as applicable. We’re also obliged to let the Home Office know.

7. Overseas transfers

We may transfer your personal data to countries outside either the UK or the European Economic Area (EEA), whose personal data protection laws are less strict than in the UK or the EEA.

Where we do so, we will make sure suitable safeguards are in place to protect your personal data, in line with data protection law. The safeguards we use will depend on the circumstances and the third party who we transfer data to, but include the EU Commission’s standard contractual clauses together with the ICO's addendum.

Whenever fraud prevention and credit reference agencies transfer your information outside the UK or the EEA, they will also ensure the transfer takes place in accordance with data protection laws.

Please contact privacy@zopa.com if you want to know more details about the above safeguards or obtain a copy of the standard contractual clauses and ICO addendum we use to transfer data outside the UK and the EEA.

8. Retaining your information

We will hold your information for as long as you have a relationship with us (a relationship can be where you’ve applied to take out a product with us but were rejected, or you’re an existing customer with us), and for a period of time after our relationship has ended (we’ve declined your application, or you’ve closed your account). How long we’ll keep your information for will depend on the nature of our relationship, the type of information and the purposes for which we hold it.

We’ll retain information that helps us to:

  • comply with legal and regulatory requirements, e.g. anti-money laundering laws and laws that require us to keep details of transactions we’ve been a party to (loan repayments, savings deposits)

  • establish, exercise and defend legal claims

  • prevent and detect fraud

  • pursue our (or a third party’s) legitimate interests, e.g. developing and improving credit risk models to help us make better lending decisions. For example, where you are a Zopa borrower or where your application for a Zopa product was rejected (see the paragraph below these bullet points for more information), we will retain your data for analysis and also provide it to credit reference agencies so they can also use it for the purposes outlined in this bullet point

  • deal with any complaints regarding the services we’ve provided

  • ensure we don’t send marketing to people who have opted out

  • maintain business records for analysis and audit purposes

We think it’s worth specifically mentioning that if you apply for a Zopa product and are rejected, we will keep your data for a period of time from the date you’re rejected. We do this so we can over time get updated credit reference agency data about you and check whether or not we made the right decision. This should be beneficial to some customers, because where we find out we made the wrong decision, we can update our models to make them more accurate.

9. Automated decisions and profiling

We use automated decision-making and profiling to help our business and our customers, including by giving them decisions more quickly, detecting fraud, and helping us to understand our customers better.

Lending Decisions

When you apply for a product where Zopa will provide credit to you, we'll use automated decision-making and profiling to decide whether to offer you a loan or credit card i.e. we may make our decision without any human involvement. This helps us to make quicker lending decisions.

The process works by taking information you've provided when applying for the loan or credit card, any information we already have about you and information we obtain from third parties such as credit reference and fraud prevention agencies to calculate a credit score for you.

This information may include:

  • your address history, your employment history, and the industry sector you work in

  • bank account statements and open banking data (transactions, balances)

  • Your account history with us

  • The number and type of credit agreements you have and how you've used them

  • Whether you've been late making payments

  • Transactions on your current account

  • Whether you've had any court judgments made against you or whether you've been made bankrupt or had an IVA or other form of debt-related arrangement.

Using an automated credit scoring process means we may automatically decide that we are unable to offer you a product, or only offer you a loan or credit limit for a lower amount and/or shorter term that you requested.

As part of our loan decisioning process, we use profiling to make better lending decisions. This works by grouping together applicants who share certain characteristics. This can help us understand the likelihood of whether someone will repay their loan (for example people in some types of jobs, may be more likely to repay their loan in full, compared to others).

Our credit scoring methods are regularly tested to ensure they remain fair, accurate and unbiased.

In addition to the original lending decision, if you’re an existing borrower and we think you may be interested in borrowing additional sums, we’ll also use data about you to make an automatic decision on whether or not you’re eligible for additional lending or an increased credit limit.

Detecting fraud

We use automated processes to detect and help prevent fraud.

We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent activity, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity or our identify verification processes are unable to confirm a match between your identify documents and images/videos of yourself you submit as part of an application process.

If we think there is a risk of fraud we may refuse to proceed with your application, suspend your account and/or refuse you access to it.

Developing and marketing our products and services and finding new customers

We may use automated decision-making and profiling to help us develop products and services that would be of interest to existing and prospective customers, to manage your existing products and services to help you get the best out of them, and to provide you with marketing messages that we think you’ll be interested in (for example, if you have one of our products, we might profile you to understand what other Zopa products we think you might be interested in). This automated decision-making and profiling may mean us making changes to your current products and services or the way we communicate with you.

As part of the above, we may provide your personal data to credit reference agencies to get more data about you to supplement our picture of you.

Your rights in relation to automated decision making

See "Your rights" below, for details about your rights in relation to automated decision making.

You can ask us to reconsider any declined decision by contacting us using the methods available at zopa.com/contact.

10. Advertising

Like most businesses, we use advertising to let people know about our services and products. Our use of advertising can involve the use of ad networks which enable potential advertisers to bid for the right to show advertising to you across the web. Part of this process involves the use of a range of data about you (location, gender, preferences and interests) to allow better targeting of adverts so you hopefully see adverts relevant to you. However, it will mean that data about you is shared with a large number of third parties (ad network operators and potential bidders).

As a result, you may see adverts for Zopa across the web. This includes where you have visited our website (because we think that because you visited the Zopa website previously you may be interested in Zopa products).

If you see an advert for Zopa and also if you interact with the advert and come to Zopa’s website, we’ll also measure the effectiveness of adverts, including by seeing how long you spend on our site. We also use tools to help us attribute app installations to a particular marketing campaign so we can make better use of our advertising spend in future.

We’ll set various cookies as part of the above. More information on this can be found in our cookies policy. In addition to the cookies set on our site, third party sites will also set cookies. You should be given the opportunity to refuse consent to the use of cookies when you visit third party sites that display advertising (along with any other cookies that aren’t necessary for the site to operate).

In addition to cookies and similar technologies used by Zopa as part of advertising to you across the internet, if you are an existing customer of Zopa, we may also send your contact details to social media sites. We do this so we can find out if you’re also a member of those sites and if so, advertise our products to you through those sites. For example, we use Facebook’s Custom Audiences for this purpose. When we provide contact details to Facebook, they will only use this data for the purpose of determining whether you’re on Facebook.

11. Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide you with the services or financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk may be retained by fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us using the details above.

In connection with current accounts, as a result of the above Home Office checks, you may be refused a current account or lose your current account if your immigration status changes.

12. Your rights

Right to be provided with certain information

We must provide you with certain information at the time we collect your personal information, including how we use it and the legal basis for doing so, who we share it with, how long we intend to keep it, where we got the information from and your rights in relation to it. You find this information below.

Where we rely on your consent to use your personal data (for example with some of the Tools we make available in the Zopa app, or for the use of biometric data for verifying your identity), you can withdraw that consent at any time and we’ll stop any further processing of the data linked to your consent (we may retain the same data on a different legal basis however).

Right to access your information

You can ask for a copy of the personal data we hold about you (and other information relating to it) unless providing some or all of it would adversely affect the rights and freedoms of others, or the law requires us not to comply with your request. You can make a request to access your personal data by contacting us using the methods available at zopa.com/contact. We aim to provide you with your data within 30 days.

Right to correction

You can ask us to correct any personal data we hold about you which you believe is inaccurate. We'll update your information as soon as we can. You may need to provide supporting evidence before we can deal with your request e.g. a copy of your marriage certificate if you want to update your name.

Right to erasure (‘right to be forgotten’)

You can ask us to erase your personal data:

  • if you think it's no longer necessary for us to hold your information;

  • if you don't think we have any legitimate grounds for processing it;

  • if you think we're using your personal data unlawfully; or

if you think we should delete your personal data because the law requires us to do so.

Right to restrict processing

You can ask us to stop using your personal data:

  • if you think it's inaccurate

  • if you think it's illegal for us to use it

  • if you don't want us to destroy it because you need it for legal proceedings

  • if you've told us we don't have a legitimate reason for using it and we're considering your request

Notification obligation

You can ask us to notify everyone to whom we've given your personal data whenever we amend, delete or agree to restrict our use of it.

Right to data portability

If we're using your information on the basis of your consent or because we need it to carry out our contractual obligations to you, you can ask us to give you your personal data in a structured, commonly used and machine-readable format or have it transmitted to another data controller.

Right to object

You have a right to object whenever we are using personal data on the basis of our legitimate interests (section 2 contains the ways in which we rely on legitimate interests to use your personal data). This includes where we use your personal data for direct marketing purposes, including profiling.

Right to human intervention

When you apply for a product involving credit we'll use automated decision-making to decide whether to offer credit to you. If we decline your application, you can ask one of our underwriters to review our decision.

We may not always be able to comply with your requests

There may be occasions when you wish to exercise one of your rights and we're unable to agree to your request, e.g. because we have compelling grounds for using your information, or because we need to keep your information to comply with a legal obligation.

Making requests to exercise your rights

You can send us your request by contacting us using the methods available at zopa.com/contact.

How to stop receiving marketing messages

If you no longer want to receive marketing messages you can log into your account and change your "Profile" settings. If you need help with this, please get in touch using the methods available at zopa.com/contact.

13. How to contact us or make a complaint

If you have any further questions about privacy at Zopa, or if you are unhappy with how we've handled your information you can contact us at:

The Data Protection Officer (DPO)

Zopa Cottons Centre 47-49 Tooley St London SE1 2QG

Or by email at: privacy@zopa.com

If you are still unsatisfied you can refer your concerns to the Information Commissioner's Office, the body that regulates the handling of personal data in the UK, at:

Information Commissioner's Office

Wycliffe House, Water Lane, Wimslow, SK9 5AF

Tel: 0303 123 1113 Website: www.ico.org.uk

14. Consequences of not providing us with your personal data

You don't have to provide us with your personal data. However, we need your information partly because the law requires us to ask for certain details about you (for example, so we can verify your identify) and partly so that we can provide products and services to you.

This means that if you don't provide us with the information we ask for, we'll not be able to open an account for you.

15. Keeping your data safe

We take your privacy seriously and take every reasonable measure to keep your information secure. We monitor our systems 24/7 and continually work to improve the security of your personal data and our systems.

16. Cookies

We use cookies and similar technologies, which store small amounts of information on your computer or device, for a number of different purposes. You can find more details about this in our Cookie Policy, which forms part of this Privacy Notice.

17. About Zopa

Zopa Bank Limited is a company incorporated in England & Wales under company registration number 10627575. Our registered office at 1st Floor, Cottons Centre, 47-49 Tooley Street, London SE1 2QG. We’re registered with the Information Commissioner with registration number Z879078. We’re also authorised and regulated by the Financial Conduct Authority and entered on the Financial Services Register under firm registration number 800542.

18. Changes to this Privacy Notice

We'll regularly review this Privacy Notice. If we make any changes, we'll post the updated policy on this page.

Recent updates:

4 November 2024 Information about sharing of current account information to credit reference agencies (and our use of it)

26 September 2024 Added additional information relating to current account product, including additional data sources and processing activities (Home Office and immigration screening) and third party controllers (Mitek, ClearBank)

28 September 2023 Gave more information about reject referencing

24 May 2023 Added some information related to the acquisition of DivideBuy

2 March 2023 Provided more detail about our use of open banking data

22 June 2022 Updated to reflect wind-down of the peer to peer business

12 April 2022 Provided more detail about how your data is used when you use Open Banking features

26 March 2021 Provided more detail on a new white label provider and a few additional areas where we provide data to third parties

26 June 2020 Provided more detail on the use of profiling in credit risk analysis, white label providers used by Zopa, and ongoing monitoring of people we lend to.

11 March 2020 Provided more detail about the third parties that we can disclose data to, more information into how data about financial associates is dealt with, and special category data.

12 November 2019 Provided more detail on use of data in relation to online advertising and the third parties we can disclose your data to.

21 August 2019 Provided more detail about Zopa's fraud prevention measures, including our use of Cifas. Additional cosmetic changes following an internal review.

9 May 2019 Change from ‘Privacy Policy to ‘Privacy Notice’. Full revision of the document with enhancements to the information we collect about you, how we process your data, retaining your information and automated decisions.

4 December 2018 We extended the policy to cover Zopa Financial Services Limited, which will launch as a bank next year.

1 December 2018 We added details of how our company is now structured and regulated now that we have a banking licence.

23 November 2018 Added contact details for our Data Protection Officer (DPO).