Privacy Policy

Othrfund Privacy Policy

Last Updated: March 2025

Introduction

Welcome to Othrfund (“Othrfund,” “we,” “us,” or “our”). We are committed to protecting and respecting your privacy and personal data in compliance with the United Kingdom General Data Protection Regulation (“UK GDPR”), the European Union GDPR (“EU GDPR”), the Data Protection Act 2018 and all other applicable data protection laws. We understand the importance of protecting your personal data and ensuring it is not shared indiscriminately. This Privacy Policy explains how we collect, process and safeguard your personal data, your privacy rights and how the law protects you.

If you are an employee, contractor or job applicant, a separate privacy notice applies to you. This Policy is not intended for children and we do not knowingly collect personal data from individuals under the age of 18.

By using our Services as a prospective or registered borrower, lender or introducer, you acknowledge and agree to the collection, processing and use of your personal data as outlined in this Policy.

We may update this Policy periodically by posting changes on our website. We encourage you to review it regularly to stay informed of any updates. 

Who we are

Othr Ltd is the data controller responsible for your personal data. We are a company registered in the United Kingdom under company number 16299969, with our registered office at: 4th Floor Office, 205 Regent Street, London, W1B 4HB, United Kingdom

For any questions regarding this Privacy Policy or how we process your personal data, you may contact us at: info@othrfund.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns before you approach the ICO.

Personal Data we collect

We may collect and process the following personal data about you or your business:

• Individual information. This includes personal data that relates to your identity (such as your name, email address, phone number, job title, company name) 
• Financial information. This includes financial information about you or your business (such as your bank account, accounting information, transaction history or further information that we collect from you or that has been provided to us).
• Account and profile data. This includes personal data relating to account sign-in facility, your log-in and password details.
• Transaction data. This includes details of any transactions made by you through our Services.
• Communications. This includes any correspondence with you, for example to report a problem or to submit queries, concerns or comments regarding our Services.
• Information technology data. This includes personal data which relates to your use of our Services, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
• Advertising data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences.
• Market research data. This includes personal data which is gathered for the purposes of market research, such as preferences around financial products.

We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated data”). Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information technology data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

We do not collect special categories of personal data (e.g., race, health data) or data related to criminal convictions.

You are under no obligation to provide any personal data to us. However, if you should choose to withhold any requested information, we may not be able to provide you with certain services. An example of this would be where we are unable to provide you with certain products or services as.

Sources of the Data

We collect your personal data from the following sources:

(a) Directly from you

When you use our Services or contact us via telephone, email or instant messaging through our website, we may collect personal data that you provide, including when you:

–        Subscribe to our Services.

–        Complete forms on our website, such as when creating an account.

–        Upload or submit materials to us.

–        Request information about our products, services or marketing content.

–        Participate in surveys or provide feedback.

–        Submit an inquiry or enter a competition.

(b) From third parties

We may also receive your personal data from third parties, including:

–        Lenders or introducers who are authorized to share your information with us.

–        Third-party services or applications (e.g., Xero, QuickBooks) that integrate with our platform.

–        Analytics providers (e.g., Google Analytics) that track website usage.

–        Advertising networks (e.g., Google Ads, LinkedIn) that support targeted marketing.

–        Technical, payment and delivery service providers (e.g., Stripe, GoCardless) that facilitate transactions.

(c) From publicly available sources

We may also obtain personal data from publicly accessible sources, such as:

–        Companies House (for business registration and ownership details).

–        Credit reference agencies (e.g., D&B, Creditsafe) for financial and risk assessments.

Legal basis for processing Personal Data

We process personal data under the following legal bases:

• Performance of a contract: When we need to process your data to fulfill a contract with you.
• Legitimate interest: For business operations, fraud prevention and improving our services.
• Consent: When you opt-in to marketing communications or to access some of the Services. In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in this Policy. You can also tell us not to contact you with information regarding our services by following the unsubscribe instructions on most communications sent to you.
• Legal obligation: When required by law, such as anti-money laundering regulations.

 

How we use your Personal Data

We will use the personal data we hold about you to:

(a) Perform our contractual obligations to you, including:

–        Providing your business with our Services (whether as a lender, borrower or introducer).

–        If you are using our Services on behalf of a borrower (as a lender or introducer), facilitating the provision of necessary information to registered lenders so they can assess the borrower’s eligibility for a financial product.

–        Enabling and managing the relationships between introducers, borrowers and lenders via our platform.

–        Administering and managing your account with us as a borrower, lender or introducer.

(b) Manage our relationship with you, including:

–        Sending you important notices, such as updates to our terms and conditions and policies (including this Privacy Policy).

–        Providing you with important real-time updates on products or services.

–        Sending you the information you have requested.

–        Responding to your inquiries and customer support requests.

–        Requesting your feedback or reviews on our Services.

(c) Manage our business operations and conduct business activities.

(d) Maintain records of service users and their purposes for using our services.

(e) Us data analytics for internal purposes, identify website visitors, enhance page layouts and content and personalize user experiences.

(f) Conduct research on user demographics to improve our offerings.

(g) Provide whitepapers or other relevant information you may find useful or have requested, including details about our services, unless you have opted out of such communications.

(h) Fulfill legal and industry compliance obligations.

(i) Detect and prevent fraud, cybercrime and other illegal activities and support introducers, lenders, regulators, trade bodies and law enforcement agencies in such efforts.

(j) Investigate and respond to third-party claims or allegations.

(k) Enforce our terms of use, terms and conditions and agreements with third parties. 

Retention and deletion of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. The retention period depends on:

• The duration of your relationship with us.
• Legal or regulatory obligations requiring data retention.
• Business needs (e.g., dispute resolution, fraud prevention).
• Approximate retention periods:
  • User accounts: Retained as long as the account remains active.
  • Transaction data: Retained for at least 6 years to comply with financial regulations.
  • Marketing data: Retained until you withdraw consent.

If you wish to request the deletion of your data, please contact us at info@othrfund.com.

Your rights as a Data subject

Under the UK GDPR, you have the following rights:

(a) Right to access: Request a copy of your personal data.

(b) Right to rectification: Request corrections to inaccurate data.

(c) Right to erasure: Request deletion of your data under certain conditions.

(d) Right to object: Object to processing based on legitimate interests.

(e) Right to restrict processing: Request limited processing in certain circumstances.

(f) Right to data portability: Receive a copy of your data in a structured format.

(g) Right to withdraw consent: Withdraw marketing consent at any time.

To exercise any of these rights, please contact info@othrfund.com.

Data sharing and third parties

We do not sell or share your personal data for marketing purposes. However, we may share your data with third-party service providers for essential business operations, including:

We ensure that any third parties handling personal data comply with strict data protection obligations.

We may share your personal data with:

(a) Our group companies, affiliates, and third-party data processors who assist in carrying out our business operations. This may include lenders or introducers registered with us to assess a borrower’s suitability for financial products. Any such disclosure will solely be for processing personal data as outlined in this Policy. Once disclosed, the lender’s or introducer’s privacy notice will govern their processing of the data.

(b) Our PR agency and customer feedback providers, including sharing aggregate, non-identifiable statistics about website visitors or service users to describe our services to reputable third parties and for other lawful purposes.

(c) Legal and regulatory authorities that request personal data or in cases where reporting a potential or actual breach of law or regulations is required.

(d) External professional advisers such as accountants, bankers, insurers, auditors, and lawyers.

(e) Law enforcement agencies, courts, or other relevant parties, when necessary to establish, exercise, or defend legal rights.

(f) Third parties involved in the prevention, investigation, detection, or prosecution of criminal offenses or enforcement of penalties.

(g) Third parties considering or proceeding with acquiring some or all of our assets or shares, merging with us, or receiving a business transfer (including in cases of reorganization, dissolution, or liquidation).

If we receive personal data from a third party (e.g., an introducer or lender providing borrower details), the party providing such data must:

–        Ensure they are authorized to disclose the personal data.

–        Obtain the necessary consent from the individual and provide a copy of such consent to us, allowing us to collect, use, and disclose the data as described in this Policy.

–        Inform the individual about the details in this Policy, including our identity, contact information, how we collect and use personal data, their rights regarding access and complaints, and any consequences of not providing the data.

(h) Digital advertising and communication platforms (e.g., Google Analytics, LinkedIn Ads, MailChimp) for targeted advertising, audience segmentation, and profiling.

(j) Cloud hosting providers (e.g., AWS, Google Cloud) to store your data securely.

(k) Authorized employees and managers, who are subject to strict confidentiality obligations when handling your personal data.

Cookies and tracking technologies

We use cookies and similar technologies to enhance user experience, analyze website traffic and deliver personalized content. By using our website, you consent to the use of cookies in accordance with our Cookies Policy.

International Data transfers

Your personal data may be transferred, stored, and processed on secure servers within the European Economic Area (EEA) as part of our information processing activities. Additionally, your data may also be transferred, stored, or processed outside the EEA. In such cases, we will ensure that:

(a) Appropriate safeguards are in place, such as binding corporate rules or the approved EU model contractual clauses between us and the recipient. You may request a copy of these safeguards by contacting us using the details provided in this Policy.

(b) The transfer is made to a country that offers an adequate level of data protection, as determined by the European Commission, or to certain U.S. organizations under the Privacy Shield framework (as per Article 45 of the GDPR or its equivalent under English law).

(c) The transfer falls under one of the permitted exceptions outlined in Article 49(1) GDPR (or its English law equivalent), such as explicit consent, necessity for contract performance, or legal claims.

Security measures

We implement robust security measures to protect personal data from unauthorised access, loss or misuse. These measures include encryption, access controls and regular security audits.

We prioritise the security of all personally identifiable information associated with our users. To safeguard personal data under our control, we have implemented security measures designed to:

–        Maintain the confidentiality, integrity, availability, and resilience of our processing systems and services.

–        Ensure timely restoration of access to personal data in the event of a physical or technical incident.

These security measures are regularly reviewed and enhanced as needed, and access to personal data is strictly limited to authorized personnel. While we cannot guarantee that data loss, misuse, or alteration will never occur, we take all reasonable steps to prevent such incidents.

However, no method of data transmission is 100% secure and we cannot guarantee absolute security.

Data breach notification Policy

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities within 72 hours, as required under UK GDPR.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy as needed. We will notify users of significant changes by posting a notice on our website. Your continued use of our platform after such updates constitutes acceptance of the revised policy.

For any questions or concerns, please contact us at info@othrfund.com.