By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Privacy Policy

Privacy Policy Effective from 1st November 2022

FTFT UK LIMITED (we, our, us) are committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, process, and disclose your information, including personal information, as you use, and access the Orbit. This privacy notice (Notice) is designed to help you understand what kind of personal data we collect, and how we process and use this data. It also sets out your rights in relation to how we look after your personal data.

For the purpose of the General Data Protection Regulation (GDPR) the data controller is FTFT UK LIMITED, registered at Devonshire House, 1 Mayfair Place, London, W1J 8AJ. If you have any further questions, you can reach our Data Protection Officer on dpo@uk.ftft.com.

Highlights from this policy

We process data collected from you, your bank, and third parties, to make Orbit work for you, and comply with regulatory obligations. In short, most importantly we use:

  • Your personal details (names, address, date of birth), to comply with our obligations to know our customer
  • Your bank transaction data (but not your bank logins!) to make Orbit work, that is to give you insights and recommendations and to determine how much to save for you
  • Data about your use of Orbit to help us make Orbit better GDPR gives you the right to see, erase, or challenge the data we hold about you (among other rights).

Our support team can help with this. Read the full privacy policy for further details on how we use your information.

Information we collect about you

You may give us information about yourself by accessing our website www.ftftorbit.com, by using the app service or by corresponding with us by phone, e-mail or otherwise.

Information you give us on sign up

This is information necessary to provide the basic Orbit Service (to fulfil the contract between us) and to comply with regulatory obligations to 'Know Your Customer' (KYC):

  • First and last name
  • Email •Address
  • Date of birth
  • Nationality
  • Source of funds/source of wealth (as may be required during the KYC process)

Certain additional information may be collected depending if you have asked for certain services to be offered or provided to you, e.g. occupation, name of employer.

Information you may provide us upon request

This is information we require to unlock additional features upon your request and to fulfil the associated contract, or information we might request from you to perform our regulatory obligations:

  • Identity documents and address proof — for example, a picture of your passport or driving licence
  • National insurance number — in order to operate an investment account for you
  • Phone number and previous addresses — in order to open an investment account for you

Information we automatically collect from your use of Orbit

When you use Orbit, or visit our website, we automatically collect information, including personal information, about the parts of the Orbit Service you use, and how you use them. This information is necessary for the adequate performance of the contract between us, to enable us to fulfil our regulatory requirements, and given our legitimate interest in being able to provide the Orbit Service:

  • Information about your device — your visits to and use of the site or the Service (including without limitation your IP address, geographical location, browser/platform type and version), internet service provider, operating system
  • Information about your use of the product — in order to operate an investment account for you

Information we receive from third parties

We receive the following personal information about you from our third party service providers who assist us in providing some or all of the Service:  

  • Your bank (through our Aggregation Partners) — bank account number, sort code, balances, and transaction data, in order to fulfil the contract with you
  • Our KYC provider — in order to perform money-laundering checks
  • Public and Commercial Sources — in order to perform our KYC obligations, we might collect information from public sources such as sanctions lists or credit reference agencies

How we use the information we collect from you

To provide and improve the Orbit product — we process the information we collect given our legitimate interest in improving the Orbit Service, and in order to fulfil the contract we have with you:

  • Provide you with access to Orbit, and to enable your interaction with Orbit
  • Provide customer service
  • Provide you with insights, and balance updates (if you've opted into this)
  • Provide you with recommendations for products we feel may be of interest or benefit to you
  • Send you support messages, updates, security alerts, and account notifications
  • To administer our site and the Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

To prevent fraud, and ensure compliance with regulatory obligations — we process the information we collect given our legitimate interest to protect us from fraud, and to comply with our regulatory obligations:

  • Detect fraud
  • To verify your identity, and check it against sanction lists
  • To keep our platform secure

Others we share your data with

Service providers — In order to fulfil the contract we have with you, we use certain trusted service providers. These providers will each handle your personal data in accordance with their own Privacy Policy. The most important service providers are highlighted below:

  • Aggregation Providers (TrueLayer LTD) — We use account aggregation providers to help us to provide the Service by securely accessing your bank account information ("Account Aggregators"). By using the Account Aggregator's service, you agree and grant them permission to aggregate your personal data, which may then be stored outside of your own country subject to constraints provided by GDPR.
  • E-Money Providers (PayrNet Limited) — E-Money Providers help us to provide the Service by providing you with an e-wallet. We will share data with E-Money Providers to fulfil the contract we have with you, and the contract you have with them. E-Money Providers might pass your data on to its own sub-contractors and partners when this data is necessary to fulfil its legal and regulatory obligations as an issuer of electronic money.
  • Payment Services Provider (GoCardless LTD) — GoCardless provides you with a Direct Debit service which is necessary to fulfil the contract we have with you. We will share personal information required to set up a direct debit payment to enable your Orbit Savings.
  • Screening Provider (Comply Advantage) — Orbit will share your personal information (address, names, date of birth, national insurance number if provided), with ComplyAdvantage for sanctions, PEP and adverse media checks.
  • KYC Provider (Onfido LTD) — Orbit will share your personal information (address, names, date of birth, national insurance number if provided), with ShuftiPro LTD in order to verify your identity, and cross-check your identity against sanction list, in order to comply with our regulatory obligations.
  • Investment Provider (Gaudi Regulated Services LTD) — if you choose to sign up to 'Funds' investments, Orbit will share your personal information, with Gaudi Regulated Services LTD in order to fulfil our contract with you, and for Gaudi to provide their services to you and to comply with their regulatory obligations.
  • Customer Services Support (Intercom R&D Unlimited Company) — Data shared with Orbit will be made available on platforms that we use for communication with you though our Customer Support team.
  • Orbit Partners — We also share your information with our partners when you have asked for certain services to be offered or provided to you. The providers include services such as switching broadband, energy, life insurance or taking out a loan.
  • Government Entities — In order to comply with our regulatory obligations to report activity suspected to be money laundering we might share your information with government entities responsible for this. We may be required by the Financial Conduct Authority or the Financial Ombudsman to share personal data with them.

Other Orbit users — in providing a referral programme there is a legitimate interest in sharing your Orbit name with the person who invited you, to let them know the invite was successful and in order to fulfil the invite terms.

Aggregated Data — we may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes. This is not considered personal data under GDPR as it can’t be used to directly or indirectly identify you.

Business Transfers — in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If Orbit Fintech Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

Co-branded and Promotional — From time to time we may work with other partners to offer you co-branded services or promotional offers, and we will share some of your personal data with those partners.

Retention Periods

We generally retain your information for as long as it is necessary for the performance of the contract we have with you, or to comply with our regulatory obligations. If you no longer want us to use your information you can send a request to dpo@uk.ftft.com. Please note that if you request erasure of your personal data, we will keep relevant personal information for at least 5 years to comply with our regulatory obligations.

Your Rights under GDPR

A great thing about the GDPR is that consumers have much more control over how companies like Orbit use your data. See below how you can assert those rights with Orbit.

Getting a copy of your data — you have the right to get a copy of the data we hold about you. This is free of charge. To do this, please reach out at contact@uk.ftft.com, or talk to our support team via the website.

Rectification of inaccurate or incomplete information — you have the right to ask us to update any information we hold which may be inaccurate, and which you can't change yourself through the Orbit service.

Erasure of data or the right to be 'forgotten' — you have the right to ask us to erase personal information we hold on you, and close your Orbit account. If you do this, we might maintain personal information we hold on you which is necessary to comply with our regulatory obligations, or to reduce fraud.

Withdrawing consent, and restricting processing — to withdraw consent or restrict processing you may contact customer support. If you withdraw consent to share your financial transaction data, we will be unable to provide the Orbit Service to you. Some information you have provided us will be retained after you withdraw consent to comply with regulatory obligations.

Lodging complaints — you have the right to lodge a complaint with the Information Commissioner's office for any processing carried out by FTFT. You can contact the ICO ico.org.uk or telephone: 0303 123 1113.

Where we store your data

All information you provide to us is stored on our secure servers. Any transmission of information to our partners (including information to facilitate payments) are encrypted using TLS technology, the current standard in secure communications over the Internet. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Information we deem sensitive (like your bank account number and sort code and your national insurance number if provided) are stored using state-ofthe-art symmetric encryption (AES). We will only send your data outside of the European Economic Area ('EEA') to comply with a legal obligation, or when we work with third parties in providing you the Orbit service. If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or by any instant messaging service we use to provide the Service. Please check back frequently to see any updates or changes to our privacy policy.

It is important that you read the Privacy Policies of our third party service providers and partners.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to dpo@uk.ftft.com.

contact@uk.ftft.com
+44 (0) 333 366 1118
Product
Personal
Business
About us
Get the app
Rewards
Support
FAQ’s
Blog
Career Centre
Contact us
Legal
Term and Condition
Privacy Policy
Cookie Policy
Disclaimer
Copyright © 2022 Orbit. All rights reserved.
back to top