Our Privacy Policy

Introduction

Raindrop takes your privacy very seriously. This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR) which took effect on 25 May 2018 and was last updated as of the 27 February 2021.

The GDPR promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data we process. Whenever we request data from you that requires your consent, we will ask for it explicitly. To enable this, we make a record of your consent (or otherwise) to the collection and use of such data whenever requested.

If you would like to get in touch about anything in this policy, or about your personal data then please contact us at privacy@myraindrop.co.uk.

1. Who we are

We are Raindrop Technologies Holdings Ltd are a company registered in England (Company no. 12431555) and are committed to protecting your privacy and complying with applicable data protection and privacy laws. This privacy notice (Notice) is designed to help you to understand what kind of personal data we collect and how we process and use such data. It also sets out your rights in relation to how we look after your personal data.

We act as a data controller for the personal data we hold about you. We are an appointed representative of Resolution Compliance Limited and, in relation to our regulated activities, we and Resolution Compliance Limited will act as joint controllers of your personal data.

Our products or services may contain links to a third party’s website or service. Unless that third party is processing your personal data on our behalf, we are not responsible for the privacy policies or practices of such a third party. We recommend that you carefully read the privacy notice for such third parties.

2. Data we collect

As a data controller we collect a variety of data in order to deliver our services. Whenever we collect Personal Information from you, we let you know and you will be able to access the following precise information:

  • data we have collected from you
  • the basis on which we are holding it (e.g. because you gave us consent)
  • what we will do with it
  • how long we will hold it for
  • where it is stored
  • who it might be shared with
  • your rights in relation to the data, and
  • information on how you can access and manage this data


We have provided further detail below about the specific types of data we collect and our reasons for doing so.

2.1 What data do we ask you to provide to us, and why?

We collect your personal data typically when you register for our services, make a purchase, enter a sales promotion or otherwise interact with us. Below are examples of the categories of the data we collect on you.

“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Not all of the following types of data will necessarily be collected from you but this is the full scope of data that we collect and when we collect it from you:

  • Profile/Identity Data: This is data relating to your first name, last name, gender, date of birth.
  • Contact Data: This is data relating to your addresses, email addresses, phone numbers.
  • Company Data: Where you choose to make contributions into a Raindrop pension via a limited company we may collect data on this company such as the name, registered address and registration number.
  • Marketing and Communications Data: This is your preferences in receiving marketing information and other information from us.
  • Financial Data: These are your banking details e.g. your account number and sort code.
  • Company Financial Data: Where you choose to make contributions into a Raindrop pension via a limited company, we will collect the relevant banking details e.g. your business bank account number and sort code.
  • Transactional Data: This is information of details and records of all payments you have made for our services or products.
  • Previous Pension Data: This is data we collect to find and, where relevant, transfer old pensions to and from Raindrop as you may request. This includes previous pension provider names, scheme names, plan reference numbers, old employers, employment dates and previous address history.
  • Technical Data: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.
  • Customer Support Data: This includes feedback, conversation scripts and survey responses.
  • Usage Data: information about how you use our website, products and services.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

We may collect information about criminal convictions and offences to comply with our legal & regulatory obligations when opening a Raindrop pension


2.2 The Legal Basis for Collecting That Data

There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:

  • "Consent": Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
  • "Contractual Obligations": We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
  • "Legal Compliance": We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
  • "Legitimate Interest": We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

On the Raindrop website myraindrop.co.uk

Type of data we collect

What data we collect from you

Why we collect the data

Legal basis for collecting that data

Profile Data
First name
Last name
To allow us to provide content to you when requested as  well as customer support where required
Consent
Contact Data
Email address
To allow us to provide content to you when requested as  well as customer support where required
Consent
Technical Data
IP address
Operating system
Device type
Time Zone & Location
So that we can improve our website and tools that we offer  through it.
Consent; Legitimate Interest
Usage Data
Page visits
Website interactions
To allow us to better understand how you use our website  so that we can continue to improve our products and services.
Consent; Legitimate Interest
Previous Pension Data
Ceding pension providers
Ceding pension plan/ scheme names
Previous address history
Pension plan reference numbers
Old employers
Employment start dates at old employer
Employment end dates at old employers
To provide the service of finding and, where relevant,  transferring old pensions which you have requested from us.
Consent; Contractual

In the Raindrop App app.myraindrop.co.uk

Type of data we collect

What data we collect from you

Why we collect the data

Legal basis for collecting that data

Profile Data
First name
Last name
Date of birth
Gender
To verify your identity and administer your account.
Contractual; Legal
Contact Data
Email address
Residential address
Utility bill, bank statement or other forms of proof of address
To verify your identify and administer your account. To  communicate to you important information regarding your Raindrop account and  pension.
Contractual; Legal
Profile Data
National insurance number
Marital status
Employment status
Target retirement year
To meet our contractual obligation to you when setting up  a Raindrop pension.
Contractual
Company Data
Limited company name
Company registered address
Company registration number
Company directors list
Company shareholders list
To meet our contractual obligation to you when setting up  contributions into your Raindrop pension via a limited company.
Contractual; Legal
Financial Data
Sort Code
Account number
Billing address
To meet our contractual obligation to allow you to make  payments into your pension
Contractual
Company Financial Data
Company sort code
Company account number
Company billing address
To meet our contractual obligation to allow you to make  payments into your pension via your limited company.
Contractual
Transactional Data
Monthly contributions
Payment execution details
Investment choice
Order execution details
To meet our contractual obligations to you when arranging  for the execution of investments in your pension. To meet our legal  obligations around anti money laundering.
Contractual; Legal
Previous Pension Data
Ceding pension providers
Ceding pension plan/ scheme names
Previous address history
Pension plan reference numbers
Old employers
Employment start dates at old employer
Employment end dates at old employers
To provide the service of finding and, where relevant,  transferring old pensions which you have requested from us.
Consent; Contractual
Customer Support Data
Email communications
Chat transcripts
To allow us to support you with any queries you may have  about our service. To help us to improve the service that we offer you via  the Raindrop app and website.
Legitimate Interest
Technical Data
IP address
Operating system
Device type
Time Zone & Location
To allow us to better understand how you use our service  so that we can continue to improve our products and services.
Legitimate Interest
Usage Data
Page visits
Website interactions
To allow us to better understand how you use our app so  that we can continue to improve our products and services.
Legitimate Interest

If you have agreed to being part of user research


We may occasionally reach out to conduct more in-depth research with users. In these cases, we will explicitly ask for your consent to process the following data.

Type of data we collect

What data we collect from you

Why we collect the data

Legal basis for collecting that data

Profile Data
First name
Last name
Date of birth
Gender
To allow us to better understand our users so that we can  continue to improve our products and services.
Consent
Contact Data
Email address
To communicate with you regarding user research which you  have agreed to be part of.
Consent
User Research Data
Survey responses
Interview transcripts and responses
Page visits
Website and app interactions
To allow us to better understand how you use our app so  that we can continue to improve our products and services.
Consent


2.3 Data we collect from third parties


We collect the following data from third parties to fulfil our legal and regulatory requirements.

Type of data we collect

Who we collect this data from

Legal basis for collecting that data

Data relating to  the verification of your identity.
Northrow Limited, registered number 7358038
Legal; Legitimate Interest
Where you have asked us to find an old pension we may use  your previous address history from a third-party to identify you at the  ceding pension provider.
Northrow Limited, registered number 7358038
Consent; Contractual

3. Our other legitimate interests in using your data

Taking into account your interests, we process yourpersonal data for the following purposes:

3.1 To verify your identity and administer your account

We process and use your personaldata to ensure the functionality and security of our products and services, toidentify you and the instructions you give us, and to prevent and detect fraudand other misuses.

3.2 Development of products and services

We process and use your personal data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalise our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customised content and advertising. We may combine personal data collected in connection with your use of a particular product and/or service with other personal data we may hold about you, unless the purpose for which we collected that data is incompatible with amalgamation.

3.3 Communicating with you and marketing

We process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Market purposes may include using your personal data for personalised marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services. When contacting you for the purpose of marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing.  

3.4 Automated decision making and profiling

We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.

3rd parties that we use in respect of identity checking and fraud prevention may offer us an automated result based on your personal data.

These results are only used in part of a manual decision process on whether we wish to offer a Raindrop account to you. It is our right to decide whether to offer an account or not.

3.5 Tracking remuneration due to us or our partners

We use your personal data to ensure that we receive the remuneration or commission due to us from, or payable by us to, any third-party product providers or distributors.

3.6 Business continuity

In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems) or wind down planning to protect your interests. This may involve a transfer of your personal data to a third party (see below).

4.   What personal data do we share with third parties and who are they?

To power our services, we will transfer your personal data to the third parties noted below, or as obligated by law.

As our Principal for regulatory manners, Resolution Compliance Limited is a joint controller of your personal data in relation to our regulated activities.

4.1 Material service providers


We will transfer your personal data to the following third parties who provide us with a material service:

Who we share data with

What data we share

Why we share this data

Northrow Limited (registered number 7358038)
Personal Data
Contact Data
Company Data
Financial Data
To verify your identity and meet our regulatory obligations. We only share your bank details when we verify your identity against your banking provider.
Gocardless Ltd (registered number 07495895)
Personal Data
Financial Data
Company Financial Data
To meet our contractual obligation to allow you to make payments into your pension whether personally or via your limited company.
Seccl Custody Limited (registered number 10430958)
Personal Data
Company Data
Financial Data
Company Financial Data
Contact Data
Transactional Data
To meet our contractual obligation to you when setting up a Raindrop pensionand to meet our regulatory requirements regarding safe-guarding your assets.
Gaudi Regulated Services Limited (registered number06638918) and Gaudi Trustees Limited (registered number 07898388)
Personal Data
Company Data
Financial Data
Company Financial Data
Contact Data
Transactional Data
To meet our contractual obligation to you when setting up and administering a Raindrop pension.
Ceding pension providers and other relevant third parties  required in the service of finding and transferring your old or lost pensions
Personal Data
Contact Data
Profile Data
Previous Pension Data
To provide the service of finding and/or transferring an  old pension we may be required to share data with ceding pension providers and  other relevant third parties to allow them to verify your identity, and otherwise  as required, locate your previous pension.

4.2 Generic service providers


We may transfer your personal data to third parties who control or process personal data on our behalf to enable the efficient technical and logistical provision of our services. These service providers supply us with cloud data storage, data security services, customer relationship management software, and support ticketing services. We may substitute a technical or logistical service provider from time to time. Such parties are generally not permitted to use your personal data for any other purposes than for what your personal data was collected, and we require them to act consistently with applicable laws and this Notice as well as to use appropriate security measures to protect your personal data.

4.3 Event driven transfers


We may transfer your personal data to third parties in certain events where is it necessary to protect your, or our, legitimate interests. This includes the cessation, sale or transfer of our business; civil or criminal legal, or regulatory, proceedings; or insurance claims.

4.4 Ancillary service providers


With your consent and to allow us to provide other services that you have requested from us we may share your data with ancillary service providers such as accountants or financial planners. We will only do this with your consent and if you have requested this service.

4.5 Pension finding and transfer requests


With your consent and to allow us to provide the service of finding or transferring an old pension that you have requested from us we may share your data with relevant ceding pension providers. We will only do this with your consent and if you have requested this service.

4.6 International transfers 


Our products and services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred outside the country where you use our services, including to countries outside the European Economic Area (EEA). We will only transfer data in such circumstances if the level of data protection in that jurisdiction is deemed adequate, or if there are appropriate safeguards in place to protect your privacy.  

5. How long do we keep personal data?

We will only keep your personal data for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. In general, we will delete redundant account information within 14 days of our relationship ending. However, we are obliged to keep certain records of our relationship to comply with the FCA’s rules, in which case we will instead restrict access through our archiving processes. Subject to any actual or potential legal claim, the maximum time that we envisage retaining any of your information is seven years, after which time it will be destroyed.

Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. If you do notify us that you no longer wish to receive marketing information we will keep an encrypted version of your contact information to ensure we respect your wishes.

6. How do we keep your personal data secure?

We keep your data secure:

  • by following internal policies of best practice and training for staff
  • by restricting access to personal data and preventing unauthorised access, use, destruction or disclosure
  • by conducting privacy impact assessments in accordance with the law and our business policies
  • by encrypting personal data
  • by using Secure Socket Layer (SSL) technology when information is submitted to us online
  • by managing third party risks through security reviews and contracts

In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we shall also inform you.

7. Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

7.1 Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or opened an account with us and you have not opted out of receiving that marketing.

7.2 Third-party marketing

We will getyour express opt-in consent before we share your personal data with any thirdparty for marketing purposes.

7.3 Opting out

You can ask us or third parties to stop sending you marketing messages at any time by letting us know through the Contact Us section of our website or by following the optout links on any marketing message sent to you. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of for other purposes.

8. Cookies

A cookie is a small piece of code, sent from a website sends to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service. You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website.

The types of cookies we use are:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

We do not have any control over the use of cookies by third parties, including our partners and affiliates. To manage cookies from third party websites you will need to visit their site to adjust your settings.

For more information on our use of cookies you can view our cookie policy here.

9. Third party links

This website may include links to third-party websites,plug-ins and applications. Clicking on those links or enabling thoseconnections may allow third parties to collect or share data about you. We donot control these third-party websites and are not responsible for theirprivacy statements. When you leave our website, you should read the privacynotice of every website you visit.

10. Your rights

You have the following rights over your data, depending on the basis on which it is held:

  • Right to be informed. This Privacy Policy constitutes our informing you of how we use your personal data and your rights
  • Right of access. You have the right to understand how we process your personal data and on which legal basis as provided in this Privacy Policy. You also have the right to request access to your personal data.
  • Right to rectification. You have the right to correct any incorrect personal data we store about you. You can change your own personal data in most cases or else speak with our Customer Support team.
  • Right to erasure. Also known as the right to be forgotten, you may ask for your personal data to be deleted. Please note that this will constitute an account closure in most cases. We are legally obliged to retain data however even after an account closure – see How long do we keep personal data?
  • Right to restrict processing. You have the right to restrict our processing of your personal data.
  • Right to data portability. You have the right for your personal data to be exportable in easy to use, open formats such as CSV.
  • Right to object to processing of your personal data in certain circumstances, and
  • Rights related to automated decision-making i.e. where no humans are involved, and profiling i.e. where certain personal data is processed to evaluate an individual – see Automated decision making and profiling

11. Changes to our privacy policy and control


We may change this privacy policy from time to time. When we do, we will let you know by changing the date on this policy and notifying you of significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.

12. Contact us

We are Raindrop and our address is Runway East, London Bridge, 20 St Thomas Street, London SE1 9RS, UK. You can contact our Data Protection Officer at privacy@myraindrop.co.uk.