Privacy

This privacy and Data Protection Notice (DPN) is a legal document. Although we have made the language as clear as possible, legal notices must contain what can seem to be complicated terms and phrases. Although a user of the NestEgg service should read this DPN, you may find it useful to read our detailed, but simpler ‘How it works’ guide [link to follow].

Welcome to NestEgg. We are NestEgg Ltd (“us”, “we” or “our) and are known as NestEgg. We will hold information about you if you choose to use the NestEgg broker platform (“NestEgg”).

NestEgg has been designed to help you find loans from affordable credit providers. We are committed to protecting your personal information and to earning our users’ (“you”, “your”, “me”, “my”) trust.

To earn that trust, we aim to be transparent and ensure you understand our privacy practices including the information we collect, why we collect it, how it is used and your choices regarding your personal information. This Notice covers the following areas:

    Add a header to begin generating the table of contents

    1. How does NestEgg work?

    NestEgg uses credit information and Open Banking data to help determine whether you would be accepted by a loan from a panel of lenders, known as credit unions. To help people become aware of these responsible lenders we work in partnership with referring organisations, including banks and other ‘problem spotters’. Users come to NestEgg so they can better understand their options when looking for credit and for information on how to improve the likelihood of being accepted for a loan.

    We assist you to get accepted by responsible lenders by using information you provide to us, information our credit information provider TransUnion where you have chosen to connect your credit report, we can provide you with a red, amber, or green rating on the likelihood you’ll be accepted for a loan. You can then use in combination with our tips to improve the likelihood of being accepted.

    2. Who is responsible for the handling of your personal information?

    NestEgg: We may use your personal information in connection with your request for, referral to, use of, or interest in NestEgg. Where this is the case, we will be the data controller of the information we hold about you.

    NestEgg partner data providers: As noted above, NestEgg is powered by partnerships with credit information and Open Banking. Where these entities use your personal information for their own independent purposes, for example maintaining and updating your credit rating, or making decisions to offer you credit or savings products they will be the party responsible for the safeguarding of your personal information, as independent data controllers. Please see their individual privacy notices for additional information.

    NestEgg partner lenders: NestEgg works with credit unions to provide you with loan facilities. Where these entities use your personal information for their own independent purposes, for example maintaining and updating your accounts, or making decisions to offer you other financial products they will be the party responsible for the safeguarding of your personal information, as independent data controllers. Please see their individual privacy notices for additional information.

    NestEgg partner referring organisations: NestEgg works with referring organisations to provide you with an easy route to finding the NestEgg platform. These referring organisations include banks and other problem spotters. Problem spotters may include money advice organisations, housing providers and government bodies, such as Trading Standards. Where these entities use your personal information for their own independent purposes, for example maintaining and updating your accounts, or making decisions to offer you other financial products they will be the party responsible for the safeguarding of your personal information, as independent data controllers. Please see their individual privacy notices for additional information.

    We may have referring relationships where the referring organisation wishes to collect information about you to assess the impact of the NestEgg service. This may include sharing a specific reference number which the referring organisation use to identify your personally. In these circumstances, they will be the party responsible for the safeguarding of your personal information, as independent data controllers. Please see their individual privacy notices for additional information.

    Our other services: Separate from the NestEgg application we also offer credit decision engine services to lenders, which may involve our processing of your personal information on their behalf. Where we process your personal information for those purposes, our role will be limited to that of a data processor, this means the lender will be the party responsible for the data processing (the “data controller“). In performing those services we will not routinely access your personal data, please see the additional information provided in our business to business services privacy notice and your credit institution’s privacy policy.

    3. What information does NestEgg collect about me?

    To assess which credit unions and loans you may be able to apply for we will ask for the following information:

    • How much you want to borrow. Some lenders have limits on the amount you can apply for. NestEgg displays loans based on the amount you want to borrow.
    • Whether you’re already a member of a credit union. Some credit unions offer better rates for existing members.
    • If you’re a homeowner so we can show you loans available if you own your own home, including on a mortgage.
    • Your postcode. Credit unions, operate a ‘common bond’. Members of a credit union must have something in common. In most cases this means living in a certain area. Your postcode lets us show you all the credit unions you could borrow from. 
    • Your work postcode and employer name, if you have one. There are common bonds based on where you work or who you work for. NestEgg also checks for lower-priced, deals for people working in certain occupations.
    • Any Associations you have. Associations can be another part of a credit union’s common bond. For example, being a member of a Church group or trade union might qualify you for membership and loans.

    In order for NestEgg to retrieve your credit profile from TransUnion we will ask you to provide us with your:

    • Full name
    • Date of birth
    • Current address
    • Previous addresses for up to the last three years if you’ve moved in the last 12 months

    For NestEgg to retrieve your Open Banking data we will require:

    • Full name
    • Date of birth
    • Your bank account log-in details (this is encrypted, not stored and not seen by NestEgg)

    For NestEgg to complete and pass on a loan application to a lender we will ask for your:

    • Full name
    • Date of birth
    • Current address
    • Previous addresses for the last three years if you’ve moved in the last 12 months
    • Net income

    Each lender may then set up their loan products so that they may ask you some or all of the following:

    • Employer name and address
    • Job title
    • Residential status
    • National Insurance Number (as an alternative look up if you forget your membership number)
    • Details of dependent children
    • Next of kin details (where a lender provides free life savings insurance)
    • Whether you’re paying into a pension and your retirement date (for the purposes of commutation loans)
    • Details of other debts (for consolidation loans)
    • Security questions to set up your account

    To prove your identity:

    • Full name
    • Date of birth
    • Current address
    • Previous addresses for up to the last three years if you’ve moved in the last 12 months
    • Account number
    • Sort code

    Where these electronic checks fail we may also ask for

    • Proof of identity
    • Proof of address

    You choose to give us certain information when using our services.

    This includes:

    Account and contact details: When you create an account, you provide us with at least your login credentials, as well as some basic details necessary for the service to work, such as your email address and date of birth.

    Customer service: If you contact our customer service team, we collect the information you give us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service.

    Identity checks: Where electronic checks fail we may also ask for your proof of identity and proof of address.

    Information we receive from others

    In addition to the information you provide us directly, we receive information about you from others, including:


    Your credit provider: You may be referred to NestEgg by or on recommendation from your existing credit provider. This could be in connection with your accounts with them or following an unsuccessful application. In such situations, your credit provider, may provide us with information in connection with their referral, and your use or application for their products. This may include your account and product details, name, address date of birth, phone number, email address and preferred contact time.

    Credit information providers: We have partnered with consumer credit information providers such as TransUnion, who give us the information necessary to assess your credit profile. Such information includes credit scores, presence on the electoral roll, use of revolving credit, spend on debt per month vs income, missed payments, defaults, county court judgments and insolvencies. Checking your chances for a loan does not impact your credit score.

    Open banking partners: We have partnered with TrueLayer, who are able to provide us with information relating to your income and expenditure this includes:

    • Your personal information: We will retrieve your full name, date of birth, address, email address and phone number
    • Your accounts: We will retrieve details relating to your income and expenditure from your account. We only access high-level summaries of your needs, wants, and commitments spending categories to assess your borrow spend and savings financial health. Although if you choose to apply for a loan using NestEgg the underlying transactional details from TrueLayer will be shared with your chosen credit/savings provider to support your application.
    • Your balance: We will retrieve your account’s current balance
    • Your cards: We will retrieve your card’s balance, transactions and details
    • Your direct debits: We will retrieve your account’s direct debits
    • Your standing orders: We will retrieve your account’s standing orders

    This information is not shared with any lenders, unless you agree to make a loan application.

    New application providers: If you choose to apply to a credit products using NestEgg, we will receive the information your provide in making those applications.

    Information collected when you use our services

    Device information: We collect information from and about the device(s) you use to access our services, including:

    • hardware and software information such as IP address, device ID and type, browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address);

    Usage Information: We collect information about your activity on our services, for instance how you use them (e.g., date and time you logged in, features you’ve been using, searches, clicks and pages which have been shown to you, referring webpage address, advertising that you click on) and how you interact with other users (e.g., users you connect and interact with, time and date of your exchanges, number of messages you send and receive).

    4. What cookies and similar technologies does NestEgg use?

    Our website uses cookies to distinguish you from other users of our website. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you use NestEgg or engage with our advertising campaigns we may collect information from you automatically through cookies or similar technologies. This helps us to:

    • provide you with a good experience when you browse our website;
    • improve our site through the use of third party analytics; and
    • to monitor your engagement with our advertising campaigns;

    For detailed information on the cookies we use, their purposes and duration, and to change your preferred settings please see our Cookie Declaration. For additional information, visit allaboutcookies.org.

    In addition to changing your Cookie Declaration, you can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

    The NestEgg website also contains links to other websites. This Notice applies only to NestEgg, so if you click on a link to another website, you should read their privacy policy.

    5. Why does NestEgg process my personal information and what are NestEgg’s legal bases for doing so?

    We will only use your personal data if we have a proper reason to process it and the law allows us to do so.

    When we process your personal data, this will usually be to provide our service/perform our contract
    The main reason we process your personal information is to perform the contract that you have with us. For example, to refer you to a lender.

    Legitimate interests
    We may use your personal information where we have legitimate interests to do so. This includes analysing users’ behaviour on our services to improve our user experience. It also includes analysing the credit behaviours of our users, anonymously, for the purposes of improving credit assessment and demonstrating social impact to stakeholders. We may use a subset of anonymised information to demonstrate the effectiveness of referral arrangements with referring organisations.

    Legal obligation

    In some cases, applicable laws may require us to process certain information about you.

    Consent
    We may ask for your consent to use your personal information for certain specific reasons. For example, to access your credit information from TransUnion, or to assess your income and expenditure using TrueLayer (where you have requested those functionalities). You may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Notice.

    The table below sets out all the ways in which we plan to use your personal data, which of the legal bases we rely on to do so and, where relevant, what the legitimate business interests are. There may be more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us at info@nestegg.ai if you want to know which specific legal basis we are relying on where more than one is set out in the table below.
    1. To provide the service
    This includes: Creating and managing your account; Assessing and providing you with information relating to your credit profile Tailoring our services and advice to you; Customer support; Facilitating your applications with credit providers; and Communicating with you about our services. Full name, Date of birth Current address, Previous addresses, Your bank account log-in details (this is encrypted, it is not stored or accessible to NestEgg). Net income. Each lender may configure their loan products to collect additional information such as Employer name and address, Job title, Residential status, National Insurance Number, Details of dependent children. To provide our service and legitimate business interests including providing services you have requested, to communicate with you, keep our records up to date. Consent: we ask for your consent when you sign up to optional aspects of our service which involve the sharing of your information with third parties.
    2. To ensure a consistent experience across your devices
    We use your information to link the various devices you use so that you can enjoy a consistent experience of our services. We do this by linking devices and browser personal information, such as when you log into your account on different devices. Device, usage and geolocation information. Including technical information such as your IP address relating to your browser and device (please see section 4 (Cookies) for additional information); Consent, for the use of functional cookies and similar technologies to improve your user experience. Our legitimate business interests include recognising our users to improve their experience across devices.
    3. To improve our services
    To conduct research and analysis of users’ behaviour to improve our services and content and to develop new features and services. Device, usage and geolocation information. Feedback in your communications with us. Consent for the use of analytics cookies and similar technologies to improve your user experience and services. For non-cookie derived information our legitimate interests are to improve your user experience and NestEgg services.
    4. To prevent, detect and fight fraud or other illegal or unauthorized activities
    We perform personal information analysis to understand and design countermeasures against fraud. We retain personal information related to fraudulent activities to prevent recurrence. Device, usage and geolocation information. Where required by applicable laws, and as necessary to ensure legal compliance, or to assist law enforcement. Our legitimate business interests are to prevent fraud or other illegal activities.
    5. To ensure legal compliance
    To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our terms and conditions. Any information in section 3, only to the extent it is strictly necessary. Processing is necessary for compliance with a legal obligation to which we are subject; Our legitimate business interests to establish, exercise or defend legal claims.

    6. Who does NestEgg share your information with and why?

    We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including personal information hosting and maintenance, and analytics. The default position is to share data without your personal information.

    We may also provide aggregated (anonymised) information to third parties as detailed below.

    A list of these third parties is available on request.

    With NestEgg Partners

    As further detailed in section 1 (How does NestEgg work?) NestEgg is powered by partnerships with credit information, open banking, and credit providers. As such, it will be necessary to share limited amounts of your personal information with our partners in order to access the insights, or services they provide.

    For example, it will be necessary to share your personal information with:

    • Transunion to access information relating to your credit profile;
    • TrueLayer to access information relating to your income and expenditure;
    • Credit providers when you apply to their products using NestEgg.
    • In corporate transactions

    We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.

    When required by law

    We may disclose your personal information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.

    To enforce legal rights

    We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

    With your consent or at your request

    We may ask for your consent to share your personal information with third parties. In any such case, we will make it clear why we want to share the information.

    Anonymised data

    We may use and share anonymised data (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioural personal information, geolocation in de-identified form), as well as personal information in an aggregated, hashed, non-human readable form, under any of the above circumstances. We may combine this information with additional anonymised data or personal information in hashed, non-human readable form collected from other sources.

    We share this information with stakeholders for the purpose of research and policy development – this will never include personal information.

    7. How does NestEgg send information outside of my country?

    When we send your personal information outside of your country we have in place adequate safeguards to do so. This includes EU standard contract clauses approved by the UK and European Commission or other suitable safeguard to permit personal information transfers from the UK and European Economic Area (“EEA”) to other countries.

    8. Credit Reference Account Information Notice (CRAIN)

    In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history.

    We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

    For the purposes of a ‘soft credit check’ (button: check my chances) this is carried out jointly by NestEgg and your chosen lender. No ‘footprint’ is left for other lenders to see. However, as the data subject you will see this search footprint in the name of both NestEgg and your chosen lender. This does not impact your credit score.

    When you apply for a loan (button: apply now) a hard credit check is carried out.

    When we check your account this leaves a footprint on your credit file.

    NestEgg Ltd processes this data on behalf of your chosen lender. NestEgg provides an automated ‘decision.’ NestEgg Ltd is not responsible for making decisions. NestEgg does not see your personal information. Our software makes a recommendation to the chosen lender.

    When you apply for a loan up to five searches may appear on your credit file.  For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.

    Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.

    Some of these footprints will be in the name of NestEgg and others in the name of your chosen lender.

    Lenders (not NestEgg) also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.

    Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

    The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

    They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.

    9. What are my privacy rights?

    In certain circumstances, if you are an UK or EEA resident, you may exercise the rights available to you under applicable data protection laws as follows:

    • If you wish to access, correct, update or request deletion of your personal information.
    • You can object to processing of your personal information, profiling and use of solely automated decision making, ask us to restrict processing of your personal information or request portability of your personal information.
    • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
    • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

    If you choose to apply for a credit product using NestEgg, your profile and the information we hold about you may be subject to solely automated decision making to assess your eligibility for the product in question. This means a decision as to your eligibility for a product, may on occasion be made without human involvement. If you have applied for a product, and would like further information about this assessment, including asking for a person to review a decision please contact us at info@nestegg.ai

    If you would like to exercise any of these rights in relation to the information we hold about you, please contact us. Our contact details can be found in section 12 of this Notice. We will consider and respond to your request in accordance with the relevant law.

    10. How does NestEgg protect my personal information?

    We have implemented, and will maintain current, reasonable physical, technical, and organisational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal information, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.

    11. How long does NestEgg retain my personal information?

    We will only keep your personal information for as long as is necessary for us to do so for the reasons we collected it for in the first place which is delivering NestEgg services.

    Generally, we will keep your personal information for as long as you are a NestEgg user. After this, we will delete your personal information following 12 months of inactive account status, unless it is necessary to keep that information for a longer period (of up to 6 years or longer where the law says we have to), as may be the case when necessary to:

    • communicate with you about any questions or complaints you may have after you have stopped using NestEgg; or
    • comply with the rules on accounting, reporting or any other law.

    If you want further information on how long we keep your personal information, please contact us using the details in section 12 of this policy.

    12. Can this Privacy Notice change?

    This Notice may be amended from time to time. We will post any changes we may make on this page and, where appropriate, notify you via e-mail. When amendments are made, we will update the “last updated” date at the top of this Notice.

    13. How can I contact NestEgg?

    If you have any questions or comments, please contact us at info@nestegg.ai