CashEuroNet UK, LLC Privacy Policy

On Stride Financial is a trading name of CashEuroNet UK, LLC, organised in the United States, registered in the state of Delaware, registration number: 4339118. Head Office: Fergusson House, 124-128 City Road, London, EC1V 2NJ. Correspondence Address: PO Box 74347, London EC1P 1YZ. Information Commissioner's Office Data Protection registration number: Z9919587. Authorised and regulated by the Financial Conduct Authority, firm registration number 673738. Authorisation can be checked on the Financial Service Register at www.fca.org.uk.

This Privacy Policy describes the privacy practices of CashEuroNet UK, LLC and its affiliated companies with respect to individually identifiable information relating to you ("Personal Data") that you or third parties provide to On Stride Financial, including Personal Data collected or provided on the CashEuroNet UK, LLC websites at www.onstride.co.uk ("Website"). "You" or "Your" means you as a participant in, or as a user of, the Website or a customer of CashEuroNet UK, LLC. "We" or "our" or "us" means CashEuroNet UK, LLC and its affiliated companies.

For the purposes of the General Data Protection Regulation, the data controller is CashEuroNet UK, LLC. CashEuroNet UK, LLC’s data protection officer can be reached via DPO@CashEuroNetUK.co.uk. Questions on this privacy policy or general privacy related questions should be sent to GDPR@onstride.co.uk.

CashEuroNet UK, LLC is a United States based firm operating in the UK. Our employees, operations, and servers are located primarily in the United States. Accordingly, in order to provide our services to you, any Personal Data which you enter on our Website, or any Personal Data we obtain either during the application process or in the course of providing our services, will be transferred to or otherwise processed by us in the United States and may be transferred to other third parties outside the European Union in accordance with this Privacy Policy.

We maintain appropriate safeguards to ensure we properly protect your Personal Data when it is transferred to the United States, sent to us in the United States or that we otherwise obtain. These safeguards are set forth in agreements that include EU-approved standard contractual clauses and in other binding instruments that include equivalent data subject rights and remedies. For more information about data transfer safeguards, please reach out to us at GDPR@onstride.co.uk.

You are free to browse the Website without providing any personal data (although, please see the "Cookies" section below). We use your personal data to provide you with an accurate, customised loan contract. Without this data, we may not be able to offer you a loan. Once you submit an application on our website, we gather data from credit reference agencies and other vendors to confirm identity, check for fraud and evaluate creditworthiness.

In certain circumstances, we may request bank statements as part of the loan decision process. If you choose to log onto your bank account as part of this application process, we will be provided with 60 days of transactions from your bank.

We may also receive your information from third party credit brokers. As part of your application through any of our partners, you should be informed which companies your data will be shared with.

CashEuroNet UK, LLC uses automated decision making as part of our fraud prevention and underwriting process. This process takes into account customer stated data such as income, expenses, employment information (e.g., information you provide us on your application) as well as 3rd party data such as credit reference data or published national household income and expense averages to judge creditworthiness of an applicant and the affordability of the requested loan. Such automation ensures that each customer is treated consistently and is evaluated objectively, and allows us to make fair and responsible lending decisions. For more information about your rights as it relates to automated processing, please see the section on Objection to Automated Decision Making, below.

The basis on which we process your data will depend on the category of data and the purpose for which the processing is necessary. We process your data in accordance with applicable privacy laws, and as follows:

Data Category	Purpose	Legal Basis
Website Browsing Data (e.g. Cookies)	Improving site functionality, Marketing, Account Security	Consent, legitimate business interests, entering into or performance of a contract, compliance with a legal obligation
Application Data (including information you provide us and information we gather from Credit Reference Agencies, and information you provide to third party websites commonly called “credit brokers”)	Verifying & evaluating applicants’ creditworthiness, fraud prevention and identity verification, servicing the contract, creating underwriting & affordability models, marketing to existing customers, storing data in accordance with our retention policy for legal or compliance claims/requests	Entering into or performance of a contract, legitimate business interests, compliance with a legal obligation
Loan History/ Payment Data	Servicing the contract, creating underwriting & affordability models, storing data in accordance with our retention policy for legal or compliance claims/requests	Entering into or performance of a contract, legitimate business interests, compliance with a legal obligation
Communication History	Servicing the contract, storing data up to retention policy for legal or compliance claims/requests	Entering into or performance of a contract, compliance with a legal obligation

More specifically, “legitimate business interests” includes, but is not limited to the following:

• To make lending decisions should you apply for a loan with us in the near future:
• • We utilise customers’ personal data, including information concerning fraudulent activity, loan performance, current loan status, and conversion history in order to make lending decisions.
• To create, improve and monitor our products and services
• • To build loan affordability, credit and fraud models in order to fulfil our obligation as a responsible member of the credit community
  • To monitor business performance including website functionality, product performance, or aggregate trends
• To send you marketing information about similar products or services
• To comply with our legal obligations where we do business outside of the UK (for example, compliance with US anti-bribery/money laundering, securities and other laws, as applicable).

You have the right to withdraw consent previously given to us at any time. If you withdraw your consent this will not impact the legality of our prior processing of your personal data. For more information, contact us at GDPR@onstride.co.uk.

In order to provide you with your requested service, we generally will share Personal Data for four primary purposes:

1. with service providers, to process your data on our behalf for things like:
   • Database storage
   • Marketing communications
   • Debt placement
   • Website analysis

   Their access is limited only to the Personal Data needed to perform the functions carried out on our behalf as our processor, and only for the purpose of performing those functions. Service providers are prohibited from using or disclosing your Personal Data for other purposes.

2. with regulatory, fraud prevention and law enforcement authorities to comply with our obligations under the law;
   • If false or inaccurate information is provided, including in relation to a person's identity and fraud is suspected or identified, details about this information, including customer Personal Data, will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information.
   • We and other organisations may also access and use this information to: prevent and detect crime, fraud and money laundering, for example when: checking details on applications for credit and credit related and other facilities; managing credit and credit related accounts or other facilities; recovering debt; checking details on proposals and claims for all types of insurance; and checking details of job applicants and employees.
   • We and other organisations may access and use from other countries the information recorded by fraud prevention agencies. For further details of the relevant fraud prevention agencies please contact us as described at the end of this Privacy Policy.
3. with credit reference agencies and other vendors to assess creditworthiness, verify your identity and report back on loan performance
   • We use credit reference agencies (CRAs) to assess your application for credit and verify your identity to prevent crime and money laundering.
   • We also use other vendors for purposes of verifying your identity and preventing fraud.
   • We may also, make periodic searches at CRA’s in order to refresh our records and manage your account with us. Information on applications will be sent to CRAs and will be recorded by them.
   • When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. They supply to us both public (including the electoral register) and shared credit and fraud prevention information.
   • Where you borrow from us, we will give details of your account(s) and how you manage it/them to CRAs. If you borrow and do not repay in full and on time, CRA’s will record the outstanding debt. This information may be supplied to other organisations by CRAs to perform similar checks and to trace your whereabouts and recover debts that you owe.
   • Records remain on file for 6 years after they are closed, whether settled by you or defaulted. You can contact the CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They may charge you a small statutory fee for the provision of information.
   • • TransUnion International, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414
     • Equifax PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to www.myequifax.co.uk
     • Experian, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk

     The Credit Reference Agencies have jointly drafted a Credit Reference Agency Information Notice (“CRAIN”) which provides detailed information about how CRA’s use and share data they receive about you. You may view the CRAIN by clicking here:

4. to provide to debt purchasers for the purposes of the collection of an outstanding loan
   • We may use third party firms in connection with the sale or placement of the loans that have not been fully repaid, or in a sale of all or part of the business.

   Other than as set out above, you will receive notice when Personal Data about you may be shared with third parties not described above, and you will have an opportunity prior to such sharing to choose not to allow us to share the Personal Data if your consent is required for us to do so.

You have the following rights as a data subject as it relates to our processing of your Personal Data.

Access

You have the right to access your personal records and information that we hold about you. For access to information provided by you or generated by your activities you may log into your account and choose to download this data. This information will be downloaded in a secure format and be available shortly after download. For a more complete list of data held about you including data obtained from third parties, please email GDPR@onstride.co.uk with your request. Please note that this request may take up to 30 days to complete. In limited instances, certain data may not be provided upon request if that personal data concerns other individuals or if providing it would result in a release of information covered by our trade secrets or intellectual property rights.

Portability

You have the right to access and download (port) your personal records and information. This information is limited to information you have provided to us and certain information generated by your activities with us. To request your data be ported, you may log into your account and choose to download and send this data. This information will be downloaded in a secure format and be available shortly after download. In limited instances, certain data may not be ported upon request if that personal data concerns other individuals or if porting would result in a release of information covered by our trade secrets or intellectual property rights.

Rectification

You have the right to update any outdated or inaccurate data held about you, and to complete any incomplete data held by us. You may update personal details, banking information and employment data by logging into your account or by calling 0800 210 0923.

Objection to Processing

You have the right to object to processing where processing is based solely on our legitimate business interests.

If you are currently receiving marketing communications, you are able to change your preferences at any time by one of the following methods:

• Via email: Click the "Unsubscribe" link in any email communication and submit your email address on the next screen.
• Via the web: Update your contact preferences in your account.
• Via SMS: By following the unsubscribe link in your SMS communication.

If you object to our processing based on our legitimate business interests, please note that the processing shall cease only where your rights outweigh our compelling legitimate grounds for processing. You may request this right by emailing GDPR@onstride.co.uk.

Objection to Automated Decision Making

As noted above, we use automated decision making as part of our fraud prevention, identity verification and underwriting process. You may: request our team manually evaluate your loan application; provide your opinion; or, contest the decision made by this automated processing. You also have the right to object to the automated processing for direct marketing purposes. For automated processing requests, please contact us at Privacy@onstride.co.uk.

Erasure

We will delete or anonymise data when, in accordance with our Data Retention Policy, we no longer need to process it. If we anonymise data, we may continue to use it (in anonymised form) beyond periods specified in our Data Retention Policy. You have the right to request us to delete your data sooner for a number of different reasons, for instance, if it was unlawfully processed and you may do so by sending your request to GDPR@onstride.co.uk. We will review your request and respond within one month.

Restriction of Processing

You have the right to request us to limit the use of your data for a number of reasons, including if you have requested we correct data about you, you have objected to our use of your data, and if you believe your data was processed unlawfully, or if you need us to continue to store your data for legal reasons related to you. Please note that in the event you request restriction, we will continue to store it according to our Data Retention Policy. If you would like to request restriction please email GDPR@onstride.co.uk.

You also have the right to lodge a complaint with the data protection supervisory authority, the Information Commissioner’s Office (“ICO”). ICO may be reached by visiting https://ico.org.uk.

If you have specific concerns about your rights as they pertain to our processing of your Personal Data, you may contact us at GDPR@onstride.co.uk.

We receive and store certain types of information whenever you interact with our Website. For example, like many websites, we use "cookies" to obtain certain types of information when your Web browser accesses our Website and when you login, such as: your name and your email address. Cookies are pieces of information that are transferred to your computer's hard drive via your Web browser. They allow us to provide you with a more convenient and personalised experience by recording information about your preferences.

For information on what cookies we use and how to disable them, please visit our cookie policy found here.

We have measures to protect the security and confidentiality of your Personal Data, and strive to keep it accurate, and only for as long as is necessary. Some of the specific security measures we maintain include:

• We work to protect the security of your Personal Data during transmission by using Secure Sockets Layer (SSL) software, which encrypts Personal Data you input.
• We store Personal Data in a restricted access format.
• We transmit Personal Data in an encrypted format.
• Our networks are secured with certified firewalls in a multi-layered fashion with back-up systems in place.
• Our network related equipments (e.g., firewalls, routers, switches, etc) are secured with a password, and access is limited to authorised network engineers.
• We restrict the access of customer service support staff so that certain Personal Data cannot be viewed (e.g. full bank account number is not revealed, but only a partial number of digits to allow verification).
• It is important for you to protect against unauthorised access to your User ID and to your computer. Be sure to sign off when finished, especially if using a shared computer.

We will only keep the information that is necessary to enable us to provide you with a service that you have requested through this website for as long as it takes us to provide that service and as otherwise described below:

• If you have asked that we do not use your details for marketing purposes, we may still need to keep them to ensure our systems reflect your preferences.
• We will keep other information about you where it is necessary for us to do so to comply with the law, for the defence and/or establishment of legal claims, or where appropriate for legitimate business needs for up to ten years from the end of the relationship.
• Where data is no longer necessary for the above mentioned purposes, we will delete it sooner than ten years, for instance records to payment instruments and communication data.

We do not seek or knowingly collect any Personal Data about children under 18 years of age.

We may change this Privacy Policy by notifying you of the existence and location of the new or revised privacy policy and by posting the changes online at our Website.

Privacy Policy last amended 10 October 2019.

For further questions on your rights, how we process data, or what measures we take to secure your data, please email GDPR@onstride.co.uk.