Privacy – Reflow

Privacy

About Us

At Reflow, we believe in empowering everyone to simplify their banking experience which enables them to live a healthy financial life. Imagine yourself in an open banking environment without the fear of privacy. We respect your privacy and our team is committed to provide you secure environment to work on.

How do we do it? Through the secure processing of your personal data. Your privacy and security are our number one priority, and your data is protected by bank level security. To find out exactly what that means, read on to learn about our data protection principles and how we use your data.

A summary of our data protection principles

Our commitment to you

We strongly protect and secure the personal data we hold about you.
We will only use your personal data for your benefit and to deliver you our services.
We do not sell your data to third parties.
Where we reuse your personal data, we do so to avoid asking you the same data twice;
We may use suppliers to help us deliver our service, but we restrict their use of data to what you allow us to do and bind them to European data protection rules and to strict confidentiality.
Where you enable partners on the reflow platform, they may receive relevant data about you, but only:
With your explicit consent
When it is clear to you what you sent

Your are in control

You decide what banks to connect to your account or not.
You can disconnect a bank at any time to stop data exchange. This will delete all data exchanged.
You have the right to be forgotten: You can delete your account. We will then delete all data we have about you.
You decide what partners to connect and disconnect. If you disconnect a partner any data exchange will stop.
Any data that a partner has received based on your consent, will still be that partner. You should request deletion of that data and your right to be forgotten directly with them. We will help you where we can.
If you don’t want us to personalise your experience or use your data to improve our website, you can always disable this through the Cookie Settings on the website.

Our community

We want to create a relevant experience for you, so the data we collect might be used anonymously in communications such as:
Blog posts and infographics
Emails such as weekly or monthly insights
Social media posts
Campaigns
Our public insights, posts and infographics are always anonymised and aggregated and can never be tracked down to you personally.

What personal data do we use?

What is personal data?

Personal data is any data relating to a person who is identified or who can be identified (such as a name, an identification number, or an online identifier).

Personal data you give us: You may give us personal data about you by filling in forms on, or interacting with, our website, or by corresponding with us by phone, email or otherwise. Examples of personal data include:

name, address, email address and phone number
information about your budgets
personal data about your financial circumstances (e.g. filling out a form to benefit from one of our comparison providers)
information we need to initiate and process the transfer of money on your behalf and send an instruction to your
connected bank(s) (payment initiation services)
content you share with us in our community (Facebook, Twitter etc) or via our social media channels or via our Customer Care
Copies of personal identification documents (such as your Passport, ID, Driver License
Personal information required to identify you and verify the information you give us.

Personal data from connected banks: If you connect one of your banks or use our payment initiation services, we will collect data from your connected banks, such as:

Bank account details, account numbers, information about your transactions,
information identifying the account you have with your connected bank;
information to initiate and process the transfer of money on your behalf
transactions made on those accounts;
your direct debits and standing orders;
As part of your account information, we may collect sensitive personal data:
For example, if you have a payment for a membership to a particular political party, this could reveal your political beliefs.
We will not profile you on the basis of this data and we will not use this data for any other purposes than providing our services as detailed hereunder

Personal data we collect from you

When you use our website we may – ourselves or through our partners – collect information such as:

IP address
device details
your login information
information about each visit you make to the website (such as page response times and length of visit)
location data
info about your use of the website through tracking tools
information we require to comply with our legal and regulatory obligations (such as “Know-Your-Customer” and “Customer Due Diligence”)
information to verify the data you give us
information from your phone (like contact details from your address book) if you use give us consent to use that data
We use well-known advertising platforms such as Facebook and Google to tell you about the reflow.
If you don’t use these platforms we will not collect or process this data
We use tools to improve the user experience of our website and to personalise your experience. Therefore, we perform statistical analyses about the way you use the services (such as information on how you navigate, how much time you spend, how long you visit, and from where you came to our service:
For our website: reflow uses Google Analytics on our website. We don’t use Google Analytics on your transaction data.
If you don’t want this, you can always disable this through the Cookie Settings on the website.

What do we use your personal data for?

Contractual performance: If you want us to deliver you our services, we can only perform these services if we can process your personal data for this purpose.

Your consent: We rely on your consent to process and use your personal data for the following purposes:

Provide information on your Accounts, such as Insights, Alerts and budget information and an account overview.
Initiate payments on your behalf
Enable you to purchase and use services and products of our partners in the Partner Platform
(Re)Using personal information we have collected to identify you and to verify you identity to validate the data we hold about you and enrich your data. This excludes ID copies.
If you wish to share the copy of the ID document we hold about for other purposes (e.g. because a Partner would need it to enrol you in its products or services) you choose to do so upon your further specific consent at that point in time.
Run competitions that you enter.

Legitimate interest: We use your personal data on the basis of our legitimate interest and to your benefit so that we can:

Create a persona about you, so:
We can give you relevant Insights and suggest relevant Actions for you
Provide you with updates about reflow;
Improve your experience of our service:
Assess the use of the website;
Help us identify people like you that might enjoy the website;
Make a secure connection between your device and the website
Take action if we need to defend our rights under the website terms if you would misbehave or act in deviation of laws or regulations or our website terms
Track and examine the use of the website to prepare reports on its activities and analyse that data
Attract new partners and get you the best deals available from our partners
Perform research and trend analysis to optimise your experience;
Creating content using some personal data will enable us to engage with you in a relevant and human way.
Using and presenting content based on data provides an ideal way to talk to you about the benefits of reflow and its features in an engaging and relatable way and link you back to the benefit of the product
Engage and activate our users by:
Learning from beta services
Re-engaging our users on social media and via email
Providing more detailed information on your spending data. e.g. a weekly or monthly email on personalised insights
Optimize your experience in the Partner Platform by:
Suggesting you partners or products and services in the Partner Platform that might interest you
Based on your interests and our Smart Insights offering you deals or promotions of our partners
Reusing and prefilling data you have provided us with before when you connect a new partner or new product or service in the Partner Platform. We do so to avoid asking you the same data twice and you can always validate and update this data.
We could use your personal data in an anonymised and aggregated form to enrich content in:
Blog posts and infographics
Emails, such as a weekly or monthly insight
Social media posts
Campaigns
This will never contain data or insights or information that can be tracked down to you personally.
We will always use the minimum data required and will process to the minimum extent required.

Legal obligations: We will also process your personal data where we are under a legal obligation to do so to:

Identify you and verify your identity to comply with our Customer Due Diligence and Know-Your-Customer obligations
Prevent and detect fraud, money laundering, other crime, and security issues, and to reduce risks;
Comply with laws and regulations, as well as any sector-specific guidelines and regulations.

Your key rights

Your primary right is the right to stop processing your data (right to object):

The website is designed to put you in control and enables you to withdraw your consent by:
Deleting your account or deleting a connected bank
Disabling a connection with an activated partner.
Disabling tracking your use of the website
Sending us an email with the request to be forgotten if any of the above does not work or if you cannot access your account.
You have the right to ask us not to process your personal data for marketing purposes:
You can always unsubscribe to our emails and campaigns
You have the right to object to us processing information about you where we do so on the basis of a legitimate interest.If we cannot make that work, it could mean that we may not be able to provide any services to you.

This would not invalidate any processing of the personal data prior to your withdrawal of consent.

Your other rights are:

Right of access and data portability: All data that you have provided us is accessible in the your account.

You can request a copy of all personal data you have provided us through the website or via the email-address you have provided us at registration.

If technically possible, we will help you to automatically export this data to other platforms or users.

We can only give you the data we hold ourselves. Any data that a partner holds about you is with that partner. You should request deletion of that data and your right to be forgotten directly with them. We will help you where we can.

Right to rectification: You can control your data through the website. Where you cannot change this data through the website, you have the right to ask us to rectify inaccurate or incomplete personal data which we have about you.

Right to erasure: You have the right to ask us to erase your personal data:

You can delete your reflow account through the website. This will automatically delete all information we have about you.
Be aware that the partners you have activated may still have data about you. You will need to contact them directly in order for them to delete this data.

Right to object to automatic processing: You don’t need to object because we don’t subject you to decisions based solely on automated processing which significantly affect you.

Where do we store your personal data?

Your data is stored in UK: The personal data we collect from you is stored on secure information technology systems located in the United Kingdom.

For the provision of customer support, or as necessary to troubleshoot the issue, we may give access to our systems to suppliers outside of Europe:

This will only be incidental access.
If we give access, we will only do so under European data protection rules, and our suppliers are bound to abide by this.
Partners are bound by the same European data protection rules as we are, but partners could decide to store your data in other countries or parts of the world than we do. That is not in our control and between you and the partners you connect. We recommend you to carefully read their privacy policies.

Protecting your personal data

Security is in our dna

We are committed to ensuring that your personal data including your Account Information and financial details is secure.
In order to prevent unauthorised access to or disclosure of it, we have put in place suitable physical, electronic and operational procedures to safeguard and secure the personal data we collect about you.
In particular, we protect your personal data by deploying SSL and high standard encryption algorithms.
We also ensure that we meet security standards imposed by law that are applicable to the operation of reflow.
We will never ask your PIN or other security credentials.

Help us protect you

To help us protect your personal data, you agree to comply with our security policies and procedures that we notify to you from time to time.
You also agree to take all reasonable steps to prevent the unauthorised or fraudulent use of your User Login or PIN code, or other security credentials.
If you find out or suspect that your User Login, PIN code, or recovery code has been lost, stolen, or someone has used it without your permission, you must tell us as soon as possible.

Providers, regulators and law enforcement

Other than what is described above, we will only share your personal data in a very limited way.

This will happen either where we need to use services we cannot build ourselves or have a duty or legal obligations to disclose it:

Our service providers (including their sub-contractors). This may happen where they help us to run our service or the technology systems that are needed to operate our website and services. This includes:
1. Data storage providers to safely and securely store your data.
2. Aggregation service providers, where necessary in order to retrieve Account Information for use on your behalf.
3. Identification and verification service providers, to help us adhere to our legal obligations to verify your identity and the information you give us.
4. Social Media Platforms via anonymised campaign-IDs so that we can provide relevant content to you on Social Media.
5. Email services e.g. to send you regular updates or communication.
6. Customer relation management to provide you with customer care services.
7. Website analytics to provide you with the best experience.
Regulators in connection with their duties, such as crime prevention or carrying out regulatory oversight of what we do.
Fraud prevention agencies and law enforcement agencies, to prevent and detect fraud, money laundering or other crimes.

How long do we keep your data

We are only allowed to keep your personal data for as long as it’s still necessary for the purpose we initially required it.

But as we are in financial services and bound by strict regulations, this means that we need to retain the data we hold about you for a minimum of 7 years after termination of your reflow account. If (local) regulations require us to retain it longer or delete it sooner, we will follow these retention periods.

If you delete your reflow account or invoke your right to be forgotten, we will use feasible solutions to make it no longer directly available in our systems, like archiving it. This means that in such case we will no longer process your data.

Our contact details

Reflow is registered trade mark of Reflow Zone Limited.
You can exercise any of the rights under this privacy policy or contact us at: hello@reflow.zone

Complaints to the privacy regulator

We are registered as a Data Controller with the ICO and our registration number is ZA501386.

You have the right to complain to the privacy regulator in the country in which you reside, where you work, or anywhere where you believe we might have broken data protection rules.

In the UK, the privacy regulator is the Information Commissioner’s Office (the “ICO”). The ICO can be contacted at:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Email: https://ico.org.uk/global/contact-us/email/

Ready to get started?

hello@reflow.zone Reflow Zone Ltd. 86-90 Paul Street London EC2A 4NE

reflow.zone: © 2019 Reflow Zone Limited. All rights reserved. Reflow, the Reflow logo, and the Diamond Design are the trademarks of Reflow Zone Limited, a company registered in England and Wales (No. 11235853), register office is at 86-90 Paul Street, London EC2A 4NE. Reflow Zone Limited is authorized and regulated by the Financial Conduct Authority reference number 811078.

Payments

Pay From My Bank

Bill Pay

Pay Later

Insights

Data Aggregation

Account Verification

Transaction Categorisation

Spending Analysis

Cash flow Analysis

Solutions

Retail

Financial Services

Accounting Services

Charities

Travel

View all >

Developers

Technology

Open Banking

API Documentation

Demo Application

Status

Bank API Monitoring

Contact

hello@reflow.zone

30 Churchill Place London E14 5RE

Payments Insights Use cases Solutions Developers About us

Home Pay from Bank Account Bill Pay About us hello@reflow.zone

Privacy Policies