Alpha This is a new service – your feedback will help us to improve it.

Menu Search

Fractal Labs

The information on this page is from the privacy notice published by Fractal Labs.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

Organisation information

Description

Open banking service

Registration country

United Kingdom

Registration number

08972946

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

privacy@fractal-labs.com

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank account details

  • Bank transactions

  • Device information

  • Email address

  • Names

  • Telephone number

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Organisations which provide you with access to the platform (such as an employer)

  • Any member of Fractal's group

  • Companies involved in mergers and acquisitions

  • Law enforcement authorities

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Fractal retain personal data for a long as is necessary and relevant to their operations.

The policy contains a clearly formatted table which breaks down personal data into specific categories and outlines the durations for retention of each sort of data.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Specific times are given for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    - "We may use Registration Information to provide you with information regarding products or services, as set out in section 4 below. The legal basis for such processing (and disclosing to third parties, where relevant) is that you have consented for us to do so."

  • Contract

    - "The legal basis for [registration information] processing is for the performance of the contract between you and us."

    - "We use Platform Transaction Information to enable us to analyse your transactions on our Platform and provide you with insights and alerts. The legal basis for such processing is for the performance of the contract between you and us."

    - "We use transaction information and consolidated information to provide you with the account information service and to provide you with insights and alerts. The legal basis for such processing is for the performance of the contract between you and us."

    - "We use Other Data to enable us to analyse your financial information on our Platform and provide you with insights and alerts. The legal basis for such processing is for the performance of the contract between you and us."

  • Legitimate interests

    - "We use Correspondence Information and Survey Information to ensure that content from our Platform is presented in the most effective manner for you and for your computer or mobile. The legal basis for such processing is our legitimate interest."

    - "We use your Session Information to administer our site and for internal operations, including security, troubleshooting, data analysis, continuity, testing, research, statistical purposes. The legal basis for such processing is our legitimate interest."

Observations

Fractal offer a clear breakdown of the individual legal bases used to justify the processing of each type of data.

Security standards

Organisations must ensure that data is stored and processed securely.

Observations

Fractal commit to taking "all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy" but do not offer additional information on how this is achieved beyond stating that transaction information is encrypted.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

This privacy notice does not appear to have this information.

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Observations

Fractal do not offer information on where to direct initial complaints, but do specify contact details for the ICO.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:11 • Download as JSONAPI documentationView on GitHubView on OpenCorporates