Privacy Notice

Bank of Ireland UK Credit Card

We are Jaja Finance Limited better known as “Jaja”. That’s who we mean when we talk about “we” or “us”. Jaja Finance Ltd is a company registered in England (company number 09797750), and our registered office is at 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom and the controller for the purpose of this Privacy Notice.

This document is our Privacy Notice, which we’re required by law to publish. It outlines the type of information that we may collect about you and how we use, store and share that information, clearly and without legal jargon. Please make sure you take the time to read through carefully. The Privacy Notice is referred to as the Privacy Statement within your credit card Terms & Conditions.

1. How we collect your information

Most of the information we collect is provided by you directly when you:

  • apply for a product with us;
  • contact our Customer Service team via webchat or telephone;
  • email us;
  • use our mobile app, online servicing or website; or,
  • use your credit card or make payments to your account

We may obtain additional information if you choose to communicate information to us or use our services in ways other than those listed. As described in the table below, information may also come from other organisations or people, such as credit reference agencies, your bank, open banking platforms and fraud prevention agencies.

We’ll collect information in relation to both you and any others noted on the account.

We feel that it is important that you know what type of information that we collect/trusted parties may collect (re. second category) payment card details and use, so we’ve outlined the main categories and given some examples for you below. This may change from time to time, in which case we will post an updated version of this notice on our website.

 

Category Type of Data Collected

Basic Personal Data

Name, address (including Postcode), date of birth, Account numbers, contact details, employment details, gender, years of residency.

Personal finance information

Bank and payment card details, records of payments and arrears, account information.

Personal Communication Data

Marketing preferences, Telephone recordings, records of chats, emails, letters, IP address, Login times.

Information obtained from sources other than you

Precise address look up, previous addresses, geocoding information, credit score, website usage information.

Dispute information

The circumstances of the debit, details of the merchant involved, details of item that credit relates to, recoveries.

Device information

Location, IP address, error codes and device information

2. How we use your information

As described in more detail in the table below, we will use the information we collect or information your provide to our trusted third parties:

  • to provide our credit card services to you;
  • to help us improve our products and services to ensure they better suit our customers’ needs;
  • to carry out security checks, which helps us protect your account and our systems;
  • to confirm your identity before we provide credit cards to you, so we can prevent identity fraud, money laundering, and other unpleasant activities;
  • to complete an affordability assessment to determine whether you are eligible for credit card or whether you are eligible for a credit limit increase;
  • for colleague training;
  • to communicate with you;
  • to meet our legal obligations and to comply with relevant regulations;
  • to send you selected product information and marketing communications from us and business partners (such as the Bank of Ireland UK), where you have agreed to receive these;
  • where we have a legitimate interest in using your information, for example to protect our business interests; and,
  • to inform you about our products and services that relate to you.

Data Protection Law protects you and your personal information by requiring organisations to justify its use in a Privacy Notice like this. The General Data Protection Regulation as incorporated in the UK (GDPR) specifies six lawful bases for organisations to process personal data.

We’ve summarised the ones relevant to the way we use information at Jaja below.

  • Necessary to fulfil our service/contract – We need to collect, store and process some of your data in order for us
    to be able to provide our service to you. This basis covers things like us storing your contact details so we can
    respond to your queries or remind you that your payment due date is coming up.
  • Consent – Where you agree have given us clear consent for us to process your data for a particular purpose, like
    opting-in to receiving marketing from us. You can withdraw consent at any time, although this might impact your
    service.
  • Legal or Regulatory requirement – Where we are required by law, or by our regulators, to maintain certain records,
    such as our financial accounts for the UK Tax authorities.
  • Legitimate business interest – This is when we do the things that you would expect us to do in the normal course
    of running a business. This could include monitoring use of the website, online servicing or mobile app to prevent
    cyberattack or fraud to keep our customers safe and prevent financial loss.

The table below shows the key processes we perform and the related lawful basis:

 

We process your data: Justified by this Legal Basis

To provide and manage your accounts and our relationship with you.

  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement
  • Legitimate business interest – to ensure that Jaja provides a high standard of service

To give you statements, balances, alerts, and other important information about your service.

  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement.

To handle enquiries and complaints.

  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement
  • Legitimate business interest – to ensure your queries are investigated and resolved to a high standard of service.

To provide our services to you

  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement.

To assess your credit needs and to determine your eligibility for our service.

  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement
  • Legitimate business interest.

To evaluate, develop and improve our services to you.

  • Legitimate business interest – to evaluate, develop or improve our products and user experience.

To protect our business interests and to develop our business strategies.

  • Legitimate business interest – to protect our people, and business strategies
  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement
  • Consent.

To contact you, by post, phone, text, email and other digital methods in order to provide you with servicing, selected product information and marketing communication from us

  • Legal or Regulatory requirement
  • Consent
  • Necessary to fulfil our service/contract.

To make or receive any type of payment or transaction

  • Legitimate business interest
  • Necessary to fulfil our service/contract
  • Legal or Regulatory requirement.

To prevent, detect, investigate, and prosecute fraud and alleged fraud, money laundering and other crimes, and to check your identity.

  • Legal or Regulatory requirement
  • Legitimate business interest – to prevent and investigate fraud, money laundering and other crimes.

To monitor, record and analyse any communications between you and us, including phone calls.

  • Legal or Regulatory requirement
  • Legitimate business interest – to prevent and investigate fraud and to improve our service to you.

To transfer your information to or share it with any organisation following a restructure, sale or takeover.

  • Necessary to fulfil our service/contract
  • Legitimate business interest – restructuring or selling part of our business.

To share your information with relevant tax authorities, credit reference agencies, fraud prevention agencies.

  • Legal or Regulatory requirement
  • Legitimate business interest.

To share your information with our partners and service providers.

  • Necessary to fulfil our service/contract
  • Legitimate business interest.

To share your information with Google, X (formerly Twittter), Facebook, LinkedIn and price comparison websites to ensure you receive the most relevant adverts and sponsored content from them or to work with these sites to build lookalike audiences to ensure we can reach new people who are likely to be interested in our business..

  • Consent in respect of the provision of relevant adverts and sponsored content
  • Legitimate business interest.

To make our online advertising content relevant to you and remove adverts that we know aren’t suitable or relevant to our customers.

  • Consent.

Using information in automated Decision-Making

We use automated decision-making, including profiling, as part of our underwriting process.

Underwriting is the process by which a financial provider assesses the risk involved in lending money to each customer, in order to make a decision on whether to provide credit, at what level and at what cost. To do this, each provider will use their own algorithm or internal model, which uses complex mathematical methods of calculating credit worthiness. The algorithm and internal models are Jaja’s confidential intellectual property and as a result, we cannot provide any further details of how they work.

During the application and underwriting process we may share some of the personal data you have provided to us to third parties in order to obtain a credit score for you. This is done in order that we can properly assess the risk to us in lending, and therefore your ability to service a credit arrangement.

If this automated decision making affects your legal status or rights, or has a similarly significant effect on you, you have the right to have the decision reviewed by a suitably qualified member of staff (GDPR article 22).

Using Cookie information

Like most companies we may use cookies on our site. Cookies are small files that collect information about your web browsing behaviour on your device. We can use these to identify whether website visitors are already Jaja customers and make it easier to do things like logging in. For more details on how we use Cookies at Jaja, you can read our Cookie Policy at https://jaja.co.uk/cookies/.

Using information for marketing

Where you have told us that you are happy to receive marketing from us, we may contact you from time to time about other Jaja products or offers that we think may be of interest to you. Depending on your preferences, we may do this using email, mobile app notifications, post, SMS and by telephone using the contact details you have provided to us.

Marketing consents for email and SMS are stored against email addresses and phone numbers respectively. It is important you provide your own contact details for your own account and do not use shared details that may be used for other Jaja Credit Card. If you consent to marketing for a shared email address or phone number then you will be providing marketing consent for any accounts associated with those details, for those specific channels.

If you hold an account with us and decide you no longer want to receive Marketing from us, the easiest way is to change your Marketing Preferences in the More tab in app or online servicing, or by contacting Customer Services.

If you do not hold an account with us and decide you no longer want to receive Marketing from us, you can opt out at any time. You can do this by clicking on the unsubscribe link found in the confirmation email you received when you opted in to receive marketing from Jaja Finance Ltd.

You can also email us at information@jajafinance.com or write to us at our registered address. You will still receive communications from us relating to the servicing of your account.

3. How we share your information

From time-to-time we may need to share your information with third-parties, to ensure we’re able to meet our obligations as a responsible lender and to protect our customers and ourselves against fraud. Jaja will make every effort to protect your personal data, share only with trusted organisations and will not sell on any personal information it holds. For more information about third parties which may receive your personal data, please refer to Section 2 (How we use your information).

Sharing your information with Credit Reference Agencies

There are three main credit reference agencies (CRAs) in the UK, authorised and regulated by the Financial Conduct Authority.

When you apply for a Jaja product, we will carry out credit and identity checks on you with one or more Credit Reference Agencies. We securely send them the data you have provided on your application, and they will give us the information we need about you to make a decision on whether or not we can offer you the product.

Once you have an account with us, we will periodically exchange details about you with CRAs. This could include details of any missed payments, or if you’ve gone over your credit limit. The CRAs may share this information with other organisations when you apply for credit elsewhere so lenders have a complete picture of your credit history on which to make a decision.

Records we share with CRAs will stay on your file for six years after your account is closed, whether you’ve settled the debt or failed to pay it off. If you would like to view or challenge the details held by CRAs, you should contact them directly. There may be a charge to view this information.

  • TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ Phone: 03300247574 (personal credit information only) Website: www.transunion.co.uk;
  • Equifax PLC, Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US Phone: 0844 335 0550 Website: www.myequifax.co.uk; or,
  • Experian, Consumer Help Service, PO Box 8000, Nottingham, NG90 7WF Phone: 0344 481 8000 Website: www.experian.co.uk.

Sharing your information with Fraud Prevention Agencies

We will share your information with fraud prevention agencies (including CIFAS, the UK’s largest fraud database) who will use it to prevent fraud and money laundering. They may share information back with us to confirm your identity.

Fraud prevention agencies may also allow law enforcement agencies to access and use your personal information to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance. Fraud prevention agencies can hold your personal information for different periods of time. If you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.

For more information, please refer to CIFAS https://www.cifas.org.uk/fpn.

Identity Verification

As part of our credit card application, we may ask you to provide personal data directly to our partner, Veriff. They may collect personal information extracted from consensually submitted identification documents. They use facial biometric data extracted from your submitted photos, videos and contact details to verify your identify and protect your and our financial interests.

Once processed, an identify decision is provided back to us.

Open Banking 

As part of our credit card application process, we may also ask you to use Open Banking to connect with our partner, Bud. They may access your account information from other financial institutions following your consent for them to do so. If you give consent for Bud to access this account information, they will share this with us. This data can include information about your account details, transactions and account balances.

Where available, we may use Open Banking information to assess whether we are able to offer you a credit limit increase. If you have not given consent to Bud to access your account information from other financial institutions and provide this to us, we may contact you to ask for permission.

Who else we may share your information with

We may share your information under certain circumstances with:

  • Other finance companies to process payments (such as Visa and Mastercard);
  • Other companies to process transactions (such as Apple Pay and Google Pay);
  • Companies referred to in Section 2 (How we use your information);
  • Other financial institutions and third parties when you make payments towards your account (such as Truelayer). This enables us to process payments quickly and directly through your bank account;
  • Additional cardholders on your account;
  • The companies that make our physical credit cards;
  • Partners that we provide credit cards for;
  • Central Government, Regulators and Tax Authorities; or,
  • Law enforcement.

Transferring your information internationally

Jaja makes every effort to ensure any personal data is processed within the EU and the United Kingdom. On occasion, we, or a service provider, may transmit certain aspects of your personal data outside the UK and European Economic Area (the “EEA”). In such circumstances, we will ensure that such transmissions are carried out securely and in accordance with data protection law, applying the necessary assessments and protections required by applicable data protection laws. For further details on the protections we may apply, including copies of data transfer agreements we rely on, please contact us using the contact details in the ‘Your Rights’ section below.

4. How we store your information

We need to store your information to ensure we can use it for the purposes outlined in this document and in some cases as required by law. We have summarised our records retention policy below to give you an idea of how long we might store your personal data.

 

Type of Information Retention Period

Account information we collect from you or was shared with us from a credit card application or eligibility check you did not accept

  • 3 years after application

Account information we collect from you or was shared with us from a credit card application or eligibility check that was not accepted

  • 3 years after application

Account information (after an account has been opened)

  • 7 years after account termination

 

In some cases we may need to keep personal data longer than the timeframes specified, such as data required in a longrunning dispute or fraud case.

5. Your Rights

Under data protection law (GDPR Article 15-23), you have rights relating to the way your data is used, including:

  • Your right of access – You have the right to ask us for copies of the personal information we hold for you.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances where there is no overriding basis for holding the data.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you feel that your rights are not being protected, you also have the right to complain to the supervising authority.

If you have any questions about how we collect, store or use your information, or would like to see a copy of the information we hold about you, please contact us by sending us an email to information@jajafinance.com or writing to us at Jaja Finance Ltd, 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom.

If you have any concerns about our use of your personal information, you can make a complaint to us. You can find details of how to make a complaint at https://jaja.co.uk/complaints.

If you remain dissatisfied following the outcome of your complaint, or you require more detail, please ask our Customer Services team to refer you to our Data Protection Officer. Jaja want to do all we can to keep your data safe and keep you happy, and we’d be happy to talk through your concerns in more detail.

As referred to above, you also have the right to make a complaint about Jaja to the Information Commissioner’s Office (ICO). You can find further details of how to make a complaint to the ICO online at https://www.ico.org.uk.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

From time to time, we may make changes to this notice and how we use your information in the future. If we do this, we’ll post an updated version of this notice on our website.

You can find the current version of this notice, which explains how we’ll use your information, by visiting our website at https://jaja.co.uk/legal/.

This page was last updated on 29 May 2024.

The Bank of Ireland UK Credit Card is provided by Jaja Finance Ltd. Jaja Finance Ltd is licensed to operate the ‘Bank of Ireland’ brand as the Credit Card issuer for the Bank of Ireland (UK) plc.