1. Introduction

Welcome to the Octopus Group privacy policy (“Privacy Policy”).

Octopus Group respects your privacy and is committed doing the right thing when it comes to protecting your personal data, including how we collect, use and protect your personal data.  This Privacy Policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. Download a pdf version of the policy here.

Specifically, and in relation to the Octopus Group (as defined below) this Privacy Policy aims to give you information on

  • the types of personal data that the Octopus Group will collect;
  • why the Octopus Group will collect and use your personal data;
  • when and why we will share personal data within the Octopus Group and with other organisations;
  • the rights and choices you have when it comes to your personal data; and
  • why and how it collects and processes your personal data through your use of its website, including any data you may provide through its website when you use any of the services by the Octopus Group of companies or invest in any of their products and to anyone else whwe wouldo contacts or otherwise submits information to any of the Octopus Group of companies.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements any other privacy notices or policies and is not intended to override them.

Please take the time to read this Privacy Policy. If you have any questions about this Privacy Policy or our use of your information you can contact us at [email protected] or on telephone number +44 800 316 2295.

This Privacy Policy may change from time to time and if it does, the up-to-date version will always be available on the Octopus Group websites.  Please note that by continuing to use the Octopus Group websites, you are agreeing to any updated versions of the Octopus Group Privacy Policy.

2. Third party links

The Octopus Group websites may include links to third-party advertisers, affiliates, websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements, notices or policies.  When you leave our website, we encourage you to read the privacy notice of every website you visit.  We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to these websites.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3. Octopus Group and the Data Controller

3.1. Octopus Group

The Octopus group (“Octopus Group”) consists of the parent company, Octopus Capital Limited (a private limited company with registered company number 03981143 and registered office address at 6th Floor, 33 Holborn, London EC1N 2HT) together with a number of subsidiaries (as defined in section 1159 of the UK Companies Act 2006), divisions and affiliates based in the UK as well as overseas.

This Privacy Policy applies to all of those subsidiaries and affiliated companies, irrespective of location or jurisdiction.  In particular, the data controller (as referred to below) is a subsidiary of Octopus Capital Limited.

3.2. Data Controller

The data controller (as defined under European Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) for the Octopus Group is Octopus Investments Limited.  Octopus Investments Limited is registered as a data controller with the UK Information Commissioner’s Office (“ICO”) and our registration number is Z6932923.

This Privacy Policy is issued on behalf of the Octopus Group and the entity which is responsible for processing your data on behalf of the Octopus Group, is Octopus Investments Limited.  Accordingly, “we”, “us” or “our” in this Privacy Policy, refers to Octopus Investments Limited.  Where specifically not in relation to the obligations of the data controller under GDPR, “we”, “us” or “our” may also refer to any of the subsidiaries, affiliates or divisions of the Octopus Group.

Octopus Investments Limited (a subsidiary of Octopus Capital Limited) is registered with company number 03942880 and registered office address at 6th Floor, 33 Holborn, London EC1N 2HT. You have the right to make a complaint at any time to the (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

4. Why we may collect data about you

There are many reasons why we may legitimately collect and process your personal information and data, including:

1. Consent In specific situations, we can collect and process your data with your consent.

2. Contractual obligations We may process your information where it is necessary to either enter into a contract with you for the provision of our products or services or to perform our obligations under that contract or to provide you with advice or guidance in relation to our products or services that are offered by us.

3. Legal compliance If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator

4. Legitimate interest We may process your information in the day to day running of our business, to manage our business and financial affairs and to protect our customers, employees and property.  It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.  In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.

5. How we may obtain your data and information

We may obtain information in several ways which may include:

  1. Information which you give to us;
  2. Information that we receive from third parties – including other companies in the Octopus Group, third parties who provide services to you or us (including via credit reference agencies, fraud prevention agencies or government agencies), and other banks (where permitted by law);
  3. Information that we learn about you through our relationship with you and the way you operate your accounts and/or services, such as the payments made to and from your accounts;
  4. Information that we gather from the technology which you use to access our services (for example an IP address or telephone number;
  5. Information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.

6. What information we may collect and process

We collect and process various categories of personal information and data at the start of, and for the duration of, your relationship with us.  We will limit the collection and processing of data and information to that which is necessary to achieve one or more legitimate purposes as identified in this Privacy Policy.

The types of personal information and data may include (but is not limited to):

  1. basic personal information, including name and address, date of birth and contact details;
  2. financial information, including account and transactional information and history;
  3. information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
  4. information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
  5. education and employment information;
  6. goods and services provided;
  7. visual images and personal appearance (such as copies of passports or CCTV images); and
  8. online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your banking profile and login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns.

Where permitted by law or to fulfil our regulatory requirements, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.

7. How we use your information

We may use your personal information and/or data to:

  • Administer, operate, facilitate and manage your relationship and/or account with the Octopus This may include sharing such information internally as well as disclosing it to third parties.
  • Contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account;
  • Provide you with information relating to our products and services
  • Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.

If your relationship with us ends, we will continue to treat your personal information, to the extent we retain it, as described in this Privacy Policy.

We do not sell or share your personal information and/or data to third parties for third party direct marketing purposes.

8. Credit Reference Agencies

Through the application process we may share your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other

organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at CRAIN.

9. Disclosure of your information (including outside of the European Economic Area “EEA”)

We may share your personal information within the Octopus Group.

When we share your information with third parties they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data with such third party.  We will only share your personal data in compliance with the applicable data protection laws and regulatory requirements.

We may disclose your information to third parties:

  • When you specifically request this, such as when you submit information to inquire about jobs or submit a job application through the Octopus Group websites;
  • When other products and services within the Octopus Group may interest you provided we have your consent;
  • including buyers or sellers or any of our business or assets in which case;;
  • if we are under a duty to disclose or share your personal data to comply with any legal obligations or regulatory requirements or to protect the rights, property or safety of: (i) the Octopus Group websites, (ii) our customers, or (iii) This includes (but is not limited to) exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may transfer data within Octopus Group and third-party agents so that Octopus can comply with the terms of this Privacy Notice and for the marketing of goods and services within the Octopus Group.

Transfers may be made outside the EEA where we are satisfied that appropriate safeguards are in place over the transferring and processing of such information or data.

We may share some broader statistics and customer profiling information with third parties and within the Octopus Group, but the information or data will be anonymised, so you will not be identifiable from that data. We will not rent or sell your data and/or information details to any other organisation or individual.

10. Storage of your personal data (including outside of the “EEA”)

The data and information that we collect, and process may be transferred to, and stored at, a destination outside of the UK.  We will only do so on the basis that anyone to whom we transfer it to,  protects it in the same way that we would and such entity or person or other third party is subject to the appropriate safeguards.

In the event that we transfer information to countries outside of the EEA, we will only do so where:

  1. the European Commission has decided that the country or the organisation, entity or individual to whom we are transferring to or sharing your data and/or information with, will protect your information adequately;
  2. the transfer has been authorised by the relevant data protection authority; and/or
  3. we have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information (on such terms as approved by the European Commission), to ensure your information is adequately protected. If you wish to obtain a copy of the relevant data protection clauses in such contracts, please contact us at [email protected]

11. Security

We will take all steps reasonably necessary to ensure that your information and/or data is treated securely and in accordance with this Privacy Policy.

We follow strict security procedures as to how your information and/or data is stored and used, and who sees it, to help stop any unauthorised third parties getting hold of it.  Once we have received your information and/or data, we will use strict procedures and security features to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to

protect your information and/or personal data, we cannot guarantee its security completely.   Accordingly, in the case of a security breach we do not accept any liability for the direct or indirect loss, theft or misuse of the any information and/or data that you have provided to us and/or which you have registered on the Octopus Group websites.

12. Your rights

We want to make sure you are aware of your rights in relation to the information and/or data that we process about you.  We have described those rights and the circumstances in which they apply, in the table below

Access – You have the right to get access to the information and/or data that we hold about you.If you would like a copy of the information and/or data that we hold about you please contact us at [email protected] or write to us at Data Protection, 33 Holborn, London, EC1N 2HT
Rectification – You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you.If you believe that any of the information and/or data that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and/or data and to rectify any inaccurate data and/or information that we hold about you. For any rectification requests please call us on +44 800 316 2295 or email us at [email protected]
Erasure – You have a right to request that we delete your information and/or data.You may request that we delete your information and/or data, if you believe that:
• we no longer need to process your information and/or data for the purposes for which it was provided;
• we have requested your permission to process your information and/or data and you wish to withdraw your consent; or
• we are not using your information and/or data in a lawful mannerFor any deletion requests please email us at [email protected]
Restriction – You have a right to request that we restrict the processing of your information and/or data.You may request that we delete your information and/or data if you believe that:
• we no longer need to process your information and/or data for the purposes for which it was provided;
• we have requested your permission to process your information and/or data and you wish to withdraw your consent; or
• we are not using your information and/or data in a lawful mannerFor any restriction requests please email us at [email protected]
Portability – You have a right to data and/or information portability.Where we have requested your permission to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible.If you would like to request the information you provided to us in a portable format, please contact us at [email protected] or write to us at Data Protection, 33 Holborn, London, EC1N 2HT
Marketing – You have a right to object to direct marketing.You have a right to object at any time to processing of your information and/or data for direct marketing purposes, including profiling you for the purposes of direct marketing. If you would like to change your marketing preferences please contact us at [email protected] or write to us at Data Protection, 33 Holborn, London, EC1N 2HT or call us on+44 800 316 2295.
Lodge complaints – You have a right to lodge a complaint with the regulator.If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter via e-mail at [email protected] or write to us at Data Protection 33 Holborn, London, EC1N 2HT or call us on +44 800 316 2295. We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk

13. How long we keep your information

By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records.  Records can be held on a variety of media (physical or electronic) and formats.

We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements.  Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.

Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements.  Retention periods may be changed from time to time based on business or legal and regulatory requirements.

We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.

 If you would like more information about how long we keep your information, please contact us at [email protected].

Cookie notice

Find out what cookies are and how we use them on this website.