Who we are and how to contact us

The Chetwood Group consists of Chetwood Financial Limited and Yobota Limited, details can be found here. The Chetwood Group own various brands including BetterBorrow., LiveLend, SmartSave., Wave, and Yobota.

This privacy notice is issued on behalf of the Chetwood Group, so when we mention "Chetwood", "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the Chetwood Group responsible for processing your data.

To contact your Data Protection Officer, find out more about how we process your personal data or exercise any of your rights (see below), please get in touch.

How we collect your personal data

We’ll collect your personal data in the following ways:

  • Direct - we’ll collect the personal data you entered when you got in touch (this could be via our website, social media, or at an event), when you applied for a job role directly through our website, or enquired about one of our products.
  • Intermediary - we’ll collect the personal data you provided through third parties such as a recruitment agency during the job application process, or from brokers or comparison sites during an application for one of our products.
  • Automated technologies or interactions - as you interact with our websites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
  • Public Sources – we may collect data from publicly available sources, such as Companies House or the Land Registry, when you have given your consent to share information or for instances where the information is made public as a matter of law.
  • Third Parties - We may also collect personal data from other third parties, such as Credit Reference Agencies (CRAs), Fraud Prevention Agencies (FPAs) and our mortgage origination and servicing partners. From time to time, we may acquire databases of business contacts to promote our services. These databases will only be purchased from credible third-party providers, who can provide an assurance of meeting their data protection obligations. We may combine these databases with data from publicly available sources, or information we hold about you, to ensure our records are accurate. We will only contact you when we hold documented evidence of consent to use your personal data. Our third-party providers are required to maintain their databases to ensure that consent is up to date.

The kinds of personal data we collect and process

We’ll collect some or all of the following information about you:

  • Personal data - your name and date of birth
  • Contact and residential information - your address, address history, telephone numbers, email address
  • Sensitive Personal Data – we may collect special categories of personal data. For example, to record any information you want us to know about so we understand how to best support you. This is information could reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data (if used for identification purposes) or information concerning your health, or sexual orientation.
  • Financial information - such as your salary
  • Nationality and citizenship information - your nationality and/or whether you have the permanent right to reside in the UK
  • A unique number or code given to you by a government body to identify who you are, such as a National Insurance number
  • Employment details - your current and past employer history
  • Education history
  • Contact history - records of when and how you’ve contacted us including your IP and MAC address
  • Information about your devices and the technology you use
  • Personal data about your credit history which we’re given by Credit Reference Agencies (see the section on CRAs below)
  • Personal data which we collect from Fraud Prevention Agencies
  • Information about criminal proceedings, outcomes and sentences

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could come from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your website or application Usage Data to calculate the percentage of users accessing a specific website or application feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Why we process your personal data

Data protection laws require us to explain what legal grounds justify us using your personal data (this includes sharing it with other organisations). The laws refer to “processing” of information which includes everything we do with your personal data from its collection, right through to its destruction or deletion when we no longer need it or no longer have a legal ground to process it.

For some processing, more than one legal ground may be relevant (except where we rely on a consent).

Here are the legal grounds that are relevant to us:

Grounds Purpose

Contractual obligation

Where processing of your personal data is necessary for us to perform our contract with you or for taking steps before entering into the contract.

  • Updating your internal records or to contact you
  • Managing our business relationship including enquiries and job role applications
  • Verifying and updating your contact information
  • Addressing any enquiries or complaints we receive from you
  • To enable you to partake in a prize draw, competition or complete a survey.

Consent

Processing of your personal data requires us to obtain your clear consent.

  • When you request and give consent that we share your information with someone else
  • For direct marketing communications by one or more of the Chetwood Group entities and our third parties
  • For some of our processing of special categories of personal data including, for example, your health or if you’re a vulnerable customer so we know how best to support you.

Legal obligation

Processing of your personal data is necessary for us to comply with laws we abide by.

  • Confirming your identity and undertaking checks with Fraud Prevention Agencies (FPAs). See the section on FPAs below
  • Prevention, detection, and investigation of crime, which may include processing of sensitive categories of personal data, such as use of facial recognition technology to identify you
  • Assessing your affordability when applying for a product
  • Carrying out monitoring and maintaining records
  • Complying with laws that apply to us
  • Responding to enquiries and requests for information by any of our Regulators
  • For establishment, defence and enforcement of our legal rights
  • When sharing your information with other organisations, for example, law enforcement agencies and courts
  • To otherwise meet our obligations under all laws and regulations based on law which apply to our business activities

Legitimate interests

Where processing your personal data is necessary for your individual legitimate interests or the legitimate interests of a third party including their commercial interest or the broader interests of society.

  • Administering and managing your account
  • Updating your contact details
  • Recovering debt
  • Testing the performance of our products, services and internal processes
  • Adhering to the guidance and best practice of Governmental or regulatory bodies such as the Financial Conduct Authority, Prudential Regulation Authority, or the Information Commissioner's Office
  • Gathering analytics and profiling to monitor and predict market trends
  • Monitoring, reviewing, and improving the content and appearance of our website
  • For management and audit of our business operations
  • To carry out searches through third parties such as credit reference agencies (see the section on CRAs below)
  • To carry out monitoring and keep records
  • To administer good governance requirements
  • For market research, analysis, and development of statistics
  • To enable you to partake in a prize draw, competition or complete a survey
  • As part of our automated decision making
  • Where we share your information with other people or other organisations. For example, the intermediary who introduced you to us, financial institutions and trade associations, debt recovery agencies and market research organisations

Vital interests

Where processing of your personal data is necessary to protect someone’s vital interests including protecting someone’s life.

  • Processing of special categories of personal data. For example, about your health if it's necessary to protect your economic well-being if you're at risk, and seeking consent would be unreasonable or negatively impact our ability to help you
  • To fulfil our legal obligation and regulatory requirements

Public interests

Where processing is necessary “for the performance of a task carried out in the public interest” or “in the exercise of official authority”.

  • Processing of special categories of personal data, for example about your health if it's necessary to protect your economic well-being if you're at risk and seeking consent would be unreasonable or negatively impact our ability to help you.

How we share your data

We may share your personal data with the parties set out below for the purposes set out in the table above:

  • Other parties in the Chetwood Group, details of which can be found here.
  • External Third Parties including service providers who provide business administration services to us, professional advisors, regulators and other authorities.
  • External third parties if it's necessary to protect your or another person's life or if they need to know you’re a vulnerable customer, for example social services, your carer or relatives and anyone who has power of attorney over your affairs.
  • Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). See sections on CRAs and FPAs below.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How we use Credit Reference Agencies (CRAs)

In order to process a product application, we'll perform credit and identity checks on you with one or more credit reference agencies (CRAs).

CRAs collect and maintain information about customers' financial behaviour.

CRAs use information from:

  • Electoral register
  • Credit information
  • Public information such as County Court Judgments, decrees and bankruptcies

Chetwood uses soft searches, also known as 'quotation searches', to work out whether you're approved for our products. We'll only register a full search once you've set up your Direct Debit and given us permission to do so. When CRAs receive a full search from us they will place a search footprint on your credit file that may be seen by other credit providers.

When we carry out a full credit search on you when you apply for a product, Fraud Prevention Agencies (see the section on FPAs below) will keep a log of the searches that we've carried out.

We'll also inform the CRAs about your settled accounts. If you borrow and don't repay in full and on time, CRAs will record any outstanding debt and they may share this information with other organisations.

This is explained in more detail by following the links below:

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your rights can be found at: https://gocardless.com/legal/privacy.

How we use Fraud Prevention Agencies (FPAs)

The personal data we've collected from you will be shared with fraud prevention agencies (and CRAs) who will use it to:

  • Prevent fraud
  • Prevent money-laundering
  • Verify your identity

If fraud is detected, you could be refused certain services, finance, or employment.

Further details on how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by following the links below:

We'll continue to exchange information about you with CRAs and FPAs while you have a relationship with us.

We'll use this information to:

  • Help us understand whether you can afford to take any product you've applied for
  • Check the accuracy of the data you have provided to us
  • Prevent criminal activity, fraud and money laundering
  • Manage your account(s)
  • Trace and recover debts
  • Ensure any offers provided to you are appropriate to your current circumstances

Using credit scoring and other automated decision making

When you apply for a product, an automated system known as credit scoring may be used to decide if we can approve your loan. It's a system widely used by credit providers to help make fair and informed decisions on lending.

Credit scoring takes account of information from three sources.

  • The information you provide on your application
  • Information provided by CRAs
  • Information that may already be held about you at Chetwood

A credit scoring system helps us lend responsibly as it considers information from these sources, to make an overall assessment of your application.

You have the right to ask that the decision is not made based solely using a credit scoring system.

How we monitor your personal data

This means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages and other communications.

Some of our monitoring may be to do the following:

  • Comply with regulatory rules
  • Comply with self-regulatory practices
  • Procedures relevant to our business
  • To prevent or detect crime
  • To have a record of what we have discussed with you and actions agreed with you
  • To protect you and to provide security for you
  • For quality control and staff training purposes

Where we store your personal data

We’re based in the UK and will generally store your personal data in the UK & Republic of Ireland, but we may transfer your personal data abroad.

If your information is processed within the EEA it is protected by European data protection standards. If your information is transferred outside the EEA, we’ll make sure that suitable safeguards are in place before we transfer the information.

How long will we keep your personal data?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Unless we explain otherwise to you, we’ll hold your personal data from the end of your relationship with us for the following periods and reasons:

  • Up to 6 years - to respond to any queries or complaints
  • Up to 10 years - to maintain records according to rules and regulations that apply to us

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Applicants

If you apply unsuccessfully for a job or a product, we'll hold your personal data only for as long as is necessary to deal with any queries you may have.

Your rights

Here are your rights under data protection laws. There may be reasons why you can’t exercise your rights, but we’ll always tell you if this is the case and explain in more detail when your request is made.

  • Right to be Informed – the right to know we’re processing your personal data
  • Right to Access - the right to request access to the personal data we hold about you
  • Right to Rectification - the right to request we update and correct any out of date or inaccurate personal data we hold about you
  • Right to Erasure (‘The Right to be Forgotten’) - the right to request that we remove all personal data we hold about you, if there is no need for us to keep it
  • Right to Restrict Processing - the right to request we restrict the processing of your personal data
  • Right to Object to Processing - the right to request we stop processing your personal data
  • Right to Data Portability - the right to request us to provide personal data you’ve supplied to a third party
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

If you want to contact us to exercise these rights, get in touch with us on our website.

If you wish to exercise any of these rights against the CRAs, the FPAs, or an intermediary, you’ll need to contact them directly as they’re data controllers in their own right.

What should you do if your information changes?

Get in touch with us as soon as possible if your information changes so we can update our records.

Marketing

If you opt in to receive our marketing communications, we’ll use your personal data to contact you and provide you with product details and offers that are relevant to you.

You can change your preferences at any time by contacting us, or updating them online on the relevant brand website, such as at livelend.co for LiveLend customers, betterborrow.co.uk for BetterBorrow customers, smartsavebank.co.uk for SmartSave customers, and in the Wave app, for Wave customers.

IP Addresses

When you visit our website, regardless of whether you log in or not, our web servers automatically take note of your domain name, IP address and details about your device. These details reveal nothing personal about you. We use this information to investigate abuse of our website and its users, and to co-operate with law enforcement. We also share this information with third parties.

Cookies

We use cookies to give you the best possible experience on our websites. Cookies are text files stored on your computer, mobile or tablet, when you visit websites. Take a look at our Cookie Policy to find out more.

Complaints

If you’re not happy with any aspect of the way that we process your information or fulfil our obligations, you have the right to complain to the Information Commissioner’s Office who enforce data protection laws. They can be found at: https://ico.org.uk/.

Changes to our Privacy Policy

From time to time, we update our policy to reflect changes we’ve made for our customers. This Privacy Policy was last updated in August 2022.

The Chetwood Group

The Chetwood Group is made up of:

  • Chetwood Financial Limited (company number 09964966 of Ellice Way, Wrexham Technology Park, Wrexham, LL13 7YT); and
  • Yobota Limited (company number 09949171 of Bentima House, 168-172 Old Street, London, United Kingdom, EC1V 9BP).

Chetwood Financial Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, under registration number 740551. Authorisation can be checked on the Financial Services Register at www.fca.org.uk.

Chetwood Financial Limited is registered with the Information Commissioner's Office, under registration ZA218401.

Yobota Limited is registered with the Information Commissioner's Office, under registration ZA223498.