What is FinTrace?
FinTrace is brand owned and operated by Data OD Ltd (Co Reg No. 10183365).
FinTrace is a service used by Banks, Building Societies, Credit Reference Agencies, Pension Companies, eCommerce providers and other service providers who want to contact you with important information or verify your identity.
You may have paid money into a pension scheme that you have forgotten about and the company holding that money wants to contact you about it.
You may have a relative who has passed away and they may have a funeral plan that can be paid out to you as part of their Estate.
You may have inheritance from a relative you do not about and the Estate needs to pay out to you.
You may have borrowed money and the lender needs a new telephone number to contact you on.
You may be using an online website or eCommerce platform that needs to verify your identity including your address and/or telephone numbers and email addresses.
If you do not want your data to be used for the purposes of credit risk and affordability checking, fraud prevention, anti-money laundering checks, identity verification and tracing for debt collection purposes you can request that your data is not processed by emailing and providing the First Name, Surname and Email Address from your loan application.
FinTrace Privacy Notice relating to data shared by the websites listed below:
Last Updated: 17 September 2019
This document provides an overview about how we use and share personal data that we receive and use in connection with our identity verification and tracing services, credit risk and affordability checking, fraud prevention, anti-money laundering, and some of our related services. It covers the following topics:
1. Who we are and how you can contact us
2. What we use personal data for
3. What kinds of personal data we use, and where we get it from
4. What our legal grounds for handling personal data are
5. Who we share the personal data with
6. Where the personal data is stored and sent
7. How long the personal data is kept for
8. Whether the personal data is used to make decisions about you or to profile you
9. Your rights in relation to the personal data we hold about you
10. Who you can complain to if you are unhappy about the use of your personal data
You have the right to object to our use of your personal data. Please see section 9 to find out more.
1. WHO WE ARE AND HOW YOU CAN CONTACT US
FinTrace is a brand operated by Data OD Ltd (trading as DataOnDemand or DataOnDemand.co.uk). We are a UK consumer data aggregator. This means that we gather information about people from different data sources called Network Partners, Data Contributors, Data Partners and Data Disclosers.
The data that is shared with us includes Online Loan Applications, Online Competition Online Entries, Online and Offline Magazine Subscriptions and Public Databases such as the Edited Electoral Roll, the Land Registry and the Energy Performance Certificate register.
We may combine this information to create a Single Search View so we can provide your information to other companies who want to contact you or use this information for purposes such as fraud prevention, in relation to credit referencing, debt collection and identity verification, amongst other purposes where there is a legitimate interest.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Email: using the Subject Line "FinTrace Data Enquiry"
Telephone: 01134 266 550
2. WHAT WE USE PERSONAL DATA FOR
This section explains the purposes for which we use personal data about you.
More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
Providing services to the organisation you are dealing with.
We use your personal data to provide services to the organisation you are dealing with. These services might include, for example, credit risk and affordability checking, fraud prevention, anti-money laundering checks, identity verification, and tracing for debt collection purposes.
If you owe money to one of our clients and have moved without telling them, they may use our services in order to find your new address and other contact details so that they can contact you to arrange repayment.
Providing services to our other clients.
We use personal data to provide services to organisations other than the one you are directly dealing with. For example, if we receive a request for information from a law enforcement agency we may provide access to the data we hold that relates to information the organisation holds about you.
Product or systems development and testing.
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and regulatory purposes.
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
When a Client uses our services they will typically send us information such as:
Identifiers (including your name, date of birth, and current and previous addresses). This helps us to match your information to the other information we hold in our databases.
The purpose for which they are requesting information about you.
Other relevant which could include the nature of a loan application, for example.
When we receive that information, we match it against the other information that we hold in order to find and return additional information about you.
Depending on the service we are providing, this can include information such as your credit history, credit score, any court judgments or insolvency-related events, fraud prevention indicators, and additional contact details and address history including your current address.
It can also include similar kinds of information about people who are associated with you.
4. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are typically pursuing when providing services to our clients are:
Promoting responsible lending and helping to prevent over-indebtedness
Responsible lending means that lenders only sell products that are affordable and suitable for the borrowers’ circumstances. We help ensure this by sharing personal data about potential borrowers, their financial associates where applicable, and their financial history.
A comprehensive range of measures exists in the UK to underpin the balance so that the legitimate interests are not outweighed by the interests, fundamental rights and freedoms of individuals. Further explanation about this balance is set out below.
Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
We provide identity, anti-fraud and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering.
Supporting tracing and collections
We provide services that support tracing and collections where there is a legitimate interest in the client conducting activity to find its customer and to recover the debt, or to reunite, or confirm an asset is connected with, the right person.
Complying with and supporting compliance with legal and regulatory requirements
We have to comply with various legal and regulatory requirements, and our services also help other organisations comply with their own legal and regulatory obligations. For example, many kinds of financial services are regulated by the Financial Conduct Authority or the Prudential Regulation Authority, who impose obligations to check that financial products are suitable for the people they are being sold to. We provide data to help with those checks.
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights and freedoms.
Necessity for compliance with a legal obligation
We sometimes need to use your personal data in order to comply with a legal obligation that we are under. For example, if you submit a request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will normally be legally required to provide that personal data. See section 9 below for details of what requests you can make and how to make them.
5. WHO WE SHARE THE PERSONAL DATA WITH
This section describes the types of recipient we can share data with.
Users of our services
We share data with users of our services.
We sometimes use other organisations such as resellers, distributors and agents to help provide our services to clients and may provide personal data to them in connection with that purpose.
We may provide your information to third parties who help us use it for the purposes described in 2. WHAT WE USE PERSONAL DATA FOR. For example, our databases of personal data may be hosted by third parties on our behalf or by a Credit Reference Agency.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Our group companies
In some circumstances we may share your personal data among the members of Data OD Ltd. If we do so, then use of the data by those companies will be governed by this privacy notice.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
6. WHERE THE PERSONAL DATA IS STORED AND SENT
We also send information elsewhere in the world. For example:
Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.
Where a company with a registered address outside the UK operates a UK business or a service on behalf of a UK business.
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
When we receive personal data from a client in order to provide services to them we will keep a copy of that data for a period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from consumers, clients or regulators.
8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
We do not use your personal data to make automated decisions about you.
We provide data and analytics that help our clients make decisions about lending and other matters, but our clients’ own data, knowledge, processes and practices will also generally play a significant role in their decisions – and those decisions will always be for them to make.
Scores and ratings
We do use the data we hold to produce credit, risk, fraud, identity, affordability, screening, collection and insolvency scores and credit ratings. For example, in a credit score, the following factors will usually have an effect:
How long you have lived at your address.
The number and type of credit agreements you have, and how you use those credit products.
Whether you have been late making payments.
Whether you have had any court judgments made against you.
Whether you have been bankrupt or have had an IVA or other form of debt-related arrangement.
The number of credit-related searches that organisations have made against your credit file, for example when you apply for a loan or credit card, or when a debt collection agency requests information about you.
9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are described below. To enquire about exercising these rights, please use the contact details set out in section 1.
YOUR RIGHTS UNDER GDPR
Right to be informed
The name and contact details of our organisation.
We are Data OD Ltd. We own and operate the brand FinTrace. Our Head Office is based in Leeds, West Yorkshire and our trading address can be found at the bottom of this page. Our registered address is 62-66 Deansgate, Manchester, England, M3 2EN. Our Company number is 10183365. To contact us by telephone our main number is 01134 226 550. To contact us by email for general enquiries it is
The purposes of the processing
Tracing for Debt Collection and Asset Repatriation purposes, Credit Risk and Affordability checking, Fraud Prevention, Anti-Money Laundering checks and Identity Verification.
The lawful basis for the processing
The legitimate interests for the processing
Use includes tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.
The categories of recipients of the personal data.
Political: Political Party
Justice: Anti-fraud and theft initiative, Police Authority, Police Commissioner, Police Force, Probation
Land or property services: Estate agency / letting agency, Financial services and advice, Housing association, Property Management, Housing Association
Finance, insurance and credit: Bank and building society, Credit referencing, Debt collection/tracing, Financial Service and advice, Insolvency Practioner, Insurance, Lender, Payment service, Pension
Online Technology and Telecoms: Software developer
Retail and manufacture: Supplier of goods > Catalogue mailorder, Ecommerce (Online retailer), Mail order trader
The details of transfers of the personal data to any third countries or international organisations
Refer to 6. WHERE THE PERSONAL DATA IS STORED AND SENT
The retention periods for the personal data.
Refer to 7. HOW LONG THE PERSONAL DATA IS KEPT FOR
The right to withdraw consent.
You can email us at to withdraw the consent to process your data.
The right to lodge a complaint with a supervisory authority.
You can lodge a complaint with the ICO by emailing
The source of the personal data.
You can request the information in relation to the source of your personal data by emailing MyInfo@DataOnDemand.co.uk.
The details of the existence of automated decision-making, including profiling.
Refer to 8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
Right to access
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully
You can contact us at to confirm if we are processing your data or to request a copy of the data that we hold and any supplementary information that you are entitled to. You can also call us directly on 01134 266 550 with the same request.
Right to rectification
Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
You can contact us at to request to have inaccurate data rectified or to have incomplete data completed. You can also call us directly on 01134 266 550 with the same request.
Right to erasure
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
You can contact us at to request to have your data deleted. You can also call us directly on 01134 266 550 with the same request.
Right to restrict processing
Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.
You can contact us at to request to have your added to our suppression list and removed from our Partners if you wish to withdraw consent. You can also call us directly on 01134 266 550 with the same request.
Right to data portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
You can contact us at uk to request to a copy of the information we hold to be provided to you or another controller. This is supplied in a Excel (.CSV) format and can be sent by email or by post. You can also call us directly on 01134 266 550 with the same request.
Right to object
Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data. The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing.
You can contact us at to request that we stop processing your personal data where you have given consent for marketing. You can also call us directly on 01134 266 550 with the same request.
Rights related to automated decision making including profiling
Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.
You can contact us at uk to request that do not use your personal data to create the models outlined in the section of this page entitled Why do we share your information with Third Parties?. You can also call us directly on 01134 266 550 with the same request.
10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Telephone: 01134 266 550
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.