What is FinTrace?
FinTrace is brand owned and operated by Data OD Ltd (Co Reg No. 10183365).
FinTrace is a service used by Banks, Building Societies, Credit Reference Agencies, Pension Companies and other service providers who want to contact you with important information.
You may have paid money into a pension scheme that you have forgotten about and the company holding that money wants to contact you about it.
You may have a relative who has passed away and they have a funeral plan that can be paid out to you.
You may have inheritance from a relative you do not about and the estate needs to pay out to you.
You may have borrowed money and the lender needs a new telephone number to contact you on.
See the Purposes of Processing section of this web page for further explanation and definitions.
Your data will only be shared with an organisation who has an existing contractual relationship with you or with a third-party service provider who is acting on behalf of that organisation. Your data is only shared where there is a legitimate interest to share that data.
If you do not want your data to be used for any of the Purposes of Processing you can restrict the processing by emailing your request to and providing the First Name, Surname, and Email Address from your loan application.
FinTrace Privacy Notice relating to data shared by the websites listed below:
Last Updated: 05 October 2020
This document provides an overview of how we use and share personal data that we receive and use in connection with the Purposes for Processing. It covers the following topics:
1. Who we are and how you can contact us
2. What we use personal data for
3. What kinds of personal data we use, and where we get it from
4. What our legal grounds for handling personal data are
5. Who we share the personal data with
6. Where the personal data is stored and sent
7. How long the personal data is kept for
8. Whether the personal data is used to make decisions about you or to profile you
9. Your rights in relation to the personal data we hold about you
10. Who you can complain to if you are unhappy about the use of your personal data
You have the right to object to our use of your personal data. Please see section 9 to find out more.
1. WHO WE ARE AND HOW YOU CAN CONTACT US
FinTrace is a brand operated by Data OD Ltd (trading as DataOnDemand or DataOnDemand.co.uk). We are a UK consumer data aggregator. This means that we gather information about Individuals from different data sources called Network Partners, Data Contributors, Data Partners and Data Disclosers.
The data that is shared with us includes -
The Post Address File
Online Loan Applications
Online Competition Online Entries
Online and Offline Magazine Subscription Information
Edited Electoral Roll
The EPC Register
Credit Reference Agencies
Property Portal Data
We combine this information to create a Single Search View so we can provide your information to other companies who want to contact you or use this information for the Purposes of Processing.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Email: using the Subject Line "FinTrace Data Enquiry"
Telephone: 01134 266 550
05/10/2020: Please note, we are currently only operating a remote office due to the current COVID19 working guidelines and restrictions, therefore EMAIL is the best method of contact for us.
2. WHAT WE USE PERSONAL DATA FOR
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use can be found in the Purposes for Processing section of this web page.
Providing services to the organisation you are dealing with, e.g. where you currently have a contractual relationship or where you are entering into a contractual relationship with the organisation.
We use your personal data to provide services to the organisation you are dealing with. These services might include, for example, credit risk and affordability checking, fraud prevention, anti-money laundering checks, identity verification, and tracing for debt collection purposes.
Debt Collection, Recovery and Tracing Services
If you owe money to one of our clients and have moved without telling them, they may use our services in order to find your new address and other contact details so that they can contact you to arrange repayment.
Providing Services to our other Clients
We use personal data to provide services to organisations other than the one you are directly dealing with. For example, if we receive a request for information from a law enforcement agency we may provide access to the data we hold that relates to information the organisation holds about you.
Product or Systems Development and Testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and Regulatory Purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or inquiries from you or a regulator about how we have used your personal data.
3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
When a client uses our services they will typically send us information such as:
Identifiers (including your name, date of birth, and current and previous addresses). This helps us to match your information to the other information we hold in our databases.
The purpose for which they are requesting information about you.
Other relevant details such as the nature of your loan application.
When we receive that information, we match it against the other information that we hold in order to find and return additional information about you.
Depending on the service we are providing, this can include information such as additional contact details or address history, recent online and/or offline activity, income and expenditure breakdowns, employment details and information about online activity.
It can also include similar kinds of information about people who are associated with you.
4. OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
A comprehensive range of measures exists in the UK to underpin the balance so that the legitimate interests are not outweighed by the interests, fundamental rights and freedoms of individuals. Further explanation about this balance is set out below.
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights and freedoms.
The legitimate interests we are typically pursuing when providing services to our clients are:
Interest: Supporting tracing and collections
Explanation: We provide services that support tracing and collections where there is a legitimate interest in the client conducting activity to find its customer and to recover the debt, or to reunite, or confirm an asset is connected with, the right person.
Interest: Complying with and supporting compliance with legal and regulatory requirements
Explanation: We have to comply with various legal and regulatory requirements, and our services also help other organisations comply with their own legal and regulatory obligations. For example, many kinds of financial services are regulated by the Financial Conduct Authority or the Prudential Regulation Authority, who impose obligations to check that financial products are suitable for the people they are being sold to. We provide data to help with those checks.
Interest: Promoting responsible lending and helping to prevent over-indebtedness.
Explanation: Responsible lending means that lenders only sell products that are affordable and suitable for the borrowers’ circumstances. We help ensure this by sharing personal data with our Clients about potential borrowers, their financial associates where applicable, and their financial history.
Interest: Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
Explanation: We provide identity, anti-fraud and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering.
Interest: Necessity for compliance with a legal obligation
Explanation: We sometimes need to use your personal data in order to comply with a legal obligation that we are under. For example, if you submit a request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will normally be legally required to provide that personal data. See section 9 below for details of what requests you can make and how to make them.
5. WHO WE SHARE THE PERSONAL DATA WITH
This section describes the types of recipients we can share data with.
Users of our services
We share data with users of our services.
We sometimes use other organisations such as resellers, distributors, and agents to help provide our services to clients and may provide personal data to them in connection with that purpose.
We may provide your information to third parties who help us use it for the purposes described in 2. WHAT WE USE PERSONAL DATA FOR. For example, our databases of personal data may be hosted by third parties on our behalf or by a Credit Reference Agency.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Our group companies
In some circumstances we may share your personal data among the members of Data OD Ltd. If we do so, then use of the data by those companies will be governed by this privacy notice.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
LexisNexis Risk Solutions UK Ltd, Global Reach, Dunleavy Drive, Cardiff, CF11 0SN
Experian Ltd, The Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham
6. WHERE THE PERSONAL DATA IS STORED AND SENT
Within the United Kingdom and to the United States of America
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
The data is stored until the Individual requests that the processing of the data is restricted.
When we receive personal data from a data contributor in order to provide services we will keep a copy of that data for a period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from consumers, clients or regulators.
8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
We do not use your personal data to make automated decisions about you.
We provide data and analytics that help our clients make decisions about lending and other matters, but our clients’ own data, knowledge, processes and practices will also generally play a significant role in their decisions – and those decisions will always be for them to make.
9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are described below. To enquire about exercising these rights, please use the contact details set out in section 1.
YOUR RIGHTS UNDER GDPR
Right to be informed
The name and contact details of our organisation.
We are Data OD Ltd. We own and operate the brand FinTrace. Our Head Office is based in Leeds, West Yorkshire and our trading address can be found at the bottom of this page. Our registered address is 62-66 Deansgate, Manchester, England, M3 2EN. Our Company number is 10183365. To contact us by telephone our main number is 01134 226 550. To contact us by email for general enquiries it is
Purposes of Processing
Address Validation and Verification
Authentication and Fraud Prevention
Contact Data Validation and Verification
Complying with and supporting compliance with legal and regulatory requirements
Customer Identity Verification
Digital Identity and Fraud Prevention
Helping prevent and detect crime and fraud; anti-money laundering; and Identity Verification
Mobile and Digital Identity Authentication
Non-discoverable Offline Data Footrpints
Promoting Responsible lending and helping to prevent over-indebtedness.
Supporting tracing and collections
The lawful basis for the processing.
Legitimate Interest or Consent, where appropriate.
The legitimate interests for the processing.
Use includes tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery, and asset reunification.
The categories of recipients of the personal data.
Political: Political Party
Justice: Anti-fraud and theft initiative, Police Authority, Police Commissioner, Police Force, Probation
Land or property services: Estate agency / letting agency, Financial services and advice, Housing association, Property Management, Housing Association
Finance, insurance, and credit: Bank and building society, Credit referencing, Debt collection/tracing, Financial Service and advice, Household Utility Provider, Insolvency Practioner, Insurance, Lender, Payment service, Pension,
Online Technology and Telecoms: Software developer
Retail and manufacture: Supplier of goods > Catalogue mailorder, Ecommerce (Online retailer), Mail order trader
The details of transfers of the personal data to any third countries or international organisations.
The data is shared with named recipients in the United Kingdom and the United States of America.
The retention periods for the personal data.
We retain the permission to hold the data for trace and analysis purposes until we are advised by the Data Subject that they no longer want us to process their data.
The right to withdraw consent.
You can email us at to withdraw the consent to process your data.
The right to lodge a complaint with a supervisory authority.
You can lodge a complaint with the ICO by emailing
The source of the personal data.
You can request the information in relation to the source of your personal data by emailing .
Right to access
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully
You can contact us at to confirm if we are processing your data or to request a copy of the data that we hold and any supplementary information that you are entitled to. You can also call us directly on 01134 266 550 with the same request.
Right to rectification
Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
You can contact us at to request to have inaccurate data rectified or to have incomplete data completed. You can also call us directly on 01134 266 550 with the same request.
Right to erasure
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
You can contact us at to request to have your data deleted. You can also call us directly on 01134 266 550 with the same request.
Right to restrict processing
Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.
You can contact us at to request to have your added to our suppression list and removed from our Partners if you wish to withdraw consent. You can also call us directly on 01134 266 550 with the same request.
Right to data portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
You can contact us at uk to request to a copy of the information we hold to be provided to you or another controller. This is supplied in a Excel (.CSV) format and can be sent by email or by post. You can also call us directly on 01134 266 550 with the same request.
Right to object
Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data. The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing.
You can contact us at to request that we stop processing your personal data where you have given consent for marketing. You can also call us directly on 01134 266 550 with the same request.
Rights related to automated decision making including profiling
Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.
You can contact us at uk to request that do not use your personal data to create the models outlined in the section of this page entitled Why do we share your information with Third Parties?. You can also call us directly on 01134 266 550 with the same request.
10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Telephone: 01134 266 550
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at , by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.