Our Privacy Policy

doodle white smalldoodle white small

Introduction

Raindrop takes your privacy very seriously. This privacy policy has been prepared in line with the UK and EU’s General Data Protection Regulation (GDPR) which took effect on 25 May 2018 and the UK Data Protection Act 2018. This privacy policy was last updated on the 7th of August 2024.

The GDPR promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data we process. Whenever we request data from you that requires your consent, we will ask for it explicitly. To enable this, we make a record of your consent (or otherwise) to the collection and use of such data whenever requested.

If you would like to get in touch about anything in this policy, or about your personal data then please contact us at privacy@myraindrop.co.uk.

1. Who we are

We are Raindrop Technologies Holdings Ltd a company registered in England (Company no. 12431555) and are committed to protecting your privacy and complying with applicable data protection and privacy laws. This privacy notice (Notice) is designed to help you to understand what kind of personal data we collect and how we process and use such data. It also sets out your rights in relation to how we look after your personal data.

Our products or services may contain links to a third party’s website or service. Unless that third party is processing your personal data on our behalf, we are not responsible for the privacy policies or practices of such a third party. We recommend that you carefully read the privacy notice for such third parties.


1.1 Raindrop as a Data Processor


If you access the pension finding service through one of our clients we will be a processor of your data with our client being the controller of your data.


1.2 Randrop as a Data Controller

In all other cases, such as when accessing this website, emailing or calling us directly, or if you had a Raindrop Self-Invested Personal Pension etc, we will be a controller of your data.

2. Data we collect

We collect a variety of data in order to deliver services. Whenever we collect Personal Information from you, we let you know, and you will be able to access the following precise information:

  • data we have collected from you
  • the basis on which we are holding it (e.g. because you gave us consent)
  • what we will do with it
  • how long we will hold it for
  • where it is stored
  • who it might be shared with
  • your rights in relation to the data, and
  • information on how you can access and manage this data


We have provided further detail below about the specific types of data we collect and our reasons for doing so.

2.1 What data do we ask you to provide to us, and why?

We collect your personal data typically when you register for our services, make a purchase, enter a sales promotion, or otherwise interact with us. Below are examples of the categories of the data we collect on you.

“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Not all of the following types of data will necessarily be collected from you, but this is the full scope of data that we collect and when we collect it from you:

  • Profile/Identity Data: This is data relating to your full name, any previous names, title, gender, date of birth, national insurance number and signature as described in this policy for the particular channel through which we deal with you. This also includes any documents that you may provide us to prove your identity such as a name change, current address et cetera.
  • Contact Data: This is data relating to your addresses, email addresses, phone numbers.
  • Marketing and Communications Data: This is your preferences in receiving marketing information and other information from us.
  • Previous Pension Data: This is data we collect to find and, where relevant, transfer old pensions to and from Raindrop as you may request. This includes previous pension provider names, scheme names, plan reference numbers, old employers, employment dates and previous address history as well as the key features of found pension policies such as whether they have defined benefits, are actively receiving contributions, contain GAR's (Guaranteed Annuity Rates) et cetera.
  • Technical Data: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.
  • Customer Support Data: This includes feedback, email communications, conversation scripts, phone call logs and survey responses.
  • Usage Data: Information about how you use our website, products, and services.


2.1.1 Sensitive Personal Data

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and genetic and biometric data).


2.2 The Legal Basis for Collecting That Data

There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:

  • "Consent": Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
  • "Contractual Obligations": We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
  • "Legal Compliance": We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
  • "Legitimate Interest": We might need to collect certain information from you to be able to meet our legitimate interests - these covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

On the Raindrop website myraindrop.co.uk and ancillary websites to which this policy applies:

Type of data we collect

What data we collect from you

Why we collect the data

Legal basis for collecting that data

Profile Data
First name
Last name
To allow us to provide content to you when requested as well as customer support where required
Consent
Contact Data
Email address
Phone number
To allow us to provide content to you when requested as well as customer support where required
Consent
Technical Data
IP address
Operating system
Device type
Time Zone & Location
So that we can improve our website and tools that we offer through it.
Consent; Legitimate Interest
Usage Data
Page visits
Website interactions
To allow us to better understand how you use our website so that we can continue to improve our products and services.
Consent; Legitimate Interest
Previous Pension Data
Ceding pension
Ceding pension plan/ scheme names
Previous address history
Pension plan reference numbers
Old employers
Employment start dates at old employer
Employment end dates at old employers
To provide the service of finding and, where relevant, transferring old pensions which you have requested from us.
Consent; Contractual

In the white-label Raindrop Apps we build for our clients that are hosted on subdomains of myraindrop.co.uk or through pension finding services that are powered by Raindrop and offered by our clients (through APIs/ iframe) we may collect the following:

Type of data we collect

What data we collect from you

Why we collect the data

Legal basis for collecting that data

Profile Data
Full name
Date of birth
Identity documentation (including but not limited to driver's licences; passports; national identity cards and biometric residence permits)
Name change documentation (including but not limited to marriage certificates and deed poll certificates)
To verify your identity and administer your account.
Contractual; Legal
Contact Data
Email address
Phone number
Residential address
Utility bill, bank statement or other forms of proof of address
To verify your identify and administer your account. To communicate to you important information regarding your Raindrop account and pension finding requests.
Contractual; Legal
Profile Data
National insurance number
Previous names
Gender
To provide the service of finding your old pensions which you have requested from us.
Contractual
Previous Pension Data
Ceding pension providers
Ceding pension plan/ scheme names
Previous address history
Pension plan reference numbers
Old employers and data used to identify them
Employment start dates at old employer
Employment end dates at old employers
Pension policies
Key pension features (such as whether they are defined benefits, actively receiving contributions, contain GARs (Guaranteed Annuity Rates) et cetera.)
To provide the service of finding your old pensions which you have requested from us.
Consent; Contractual
Customer Support Data
Email communications
Chat transcripts
Phone numbers
Call logs
To allow us to support you with any queries you may have about our service. To help us to improve the service that we offer you via the Raindrop app and website.
Legitimate Interest
Technical Data
IP address
Operating system
Device type
Time Zone & Location
To allow us to better understand how you use our service so that we can continue to improve our products and services.
Legitimate Interest
Usage Data
Page visits
Website interactions
To allow us to better understand how you use our app so that we can continue to improve our products and services.
Legitimate Interest

If you have agreed to being part of user research


We may occasionally reach out to conduct more in-depth research with users. In these cases, we will explicitly ask for your consent to process the following data.

Type of data we collect

What data we collect from you

Why we collect the data

Legal basis for collecting that data

Profile Data
First name
Last name
Date of birth
Gender
To allow us to better understand our users so that we can continue to improve our products and services.
Consent
Contact Data
Email address
Phone number
To communicate with you regarding user research which you have agreed to be part of.
Consent
User Research Data
Survey responses
Interview transcripts and responses
Page visits
Website and app interactions
To allow us to better understand how you use our app so that we can continue to improve our products and services
Consent


2.3 Data we collect from third parties


We collect the following data from third parties to fulfil our legal and regulatory requirements.

Type of data we collect

Who we collect this data from

Legal basis for collecting that data

Data relating to the verification of your identity.
Northrow Limited, registered number 7358038
Legal; Legitimate Interest
Where you have asked us to find an old pension we may supplement the information we collect from you with other information such as, but not limited to, your previous address and name history from a third-party to identify you at the ceding pension provider.
Northrow Limited, registered number 7358038, Credit Referencing Agencies
Consent; Contractual

3. Our other legitimate interests in using your data

Taking into account your interests, we process your personal data for the following purposes:

3.1 To provide the service you have asked of us

We process and use your personal data to provide the service that you have asked of us, either directly or through our clients.

3.2 To verify your identity and administer your account

We process and use your personal data to ensure the functionality and security of our products and services, to identify you and the instructions you give us, and to prevent and detect fraud and other misuses.

Data that is supplemented from third-parties such as Credit Referencing Agencies is used for the purposes of identifying you and your pension policy at a ceding pension provider as part of our pension finding service.

3.3 Ensuring accurate and up to date account data

Data that is supplemented from third-parties such as Credit Referencing Agencies may also be used for general account management to ensure that your contact details are current for GDPR purposes and to ensure that you receive important communications with regards to your Raindrop pension and our pension finding service.

Where you have signed up for our client's service(s), and where they have requested us to, we may also use data supplemented from third-parties such as Credit Referencing Agencies for their general account management to ensure that your contact details are current for GDPR purposes within their systems and to ensure that you receive important communications with regards to services they offer you.

3.4 Development of products and services

We process and use your personal data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalise our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customized content and advertising. We may combine personal data collected in connection with your use of a particular product and/or service with other personal data we may hold about you, unless the purpose for which we collected that data is incompatible with amalgamation.

3.5 Communicating with you and marketing

We process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Market purposes may include using your personal data for personalised marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services. When contacting you for the purpose of marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing.

3.6 Automated decision making and profiling

We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing, or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.

3rd parties that we use in respect of identity checking and fraud prevention may offer us an automated result based on your personal data.

These results are only used in part of a manual decision process on whether we wish to offer a Raindrop account to you. It is our right to decide whether to offer an account or not.

3.7 Tracking remuneration due to us or our clients

We use your personal data to ensure that we receive the remuneration or commission due to us from, or payable by us to, any third-party product providers or distributors.

3.8 Business continuity

In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems) or wind down planning to protect your interests. This may involve a transfer of your personal data to a third party (see below).

4.   What personal data do we share with third parties and who are they?

To power our services, we will transfer your personal data to the third parties noted below, or as obligated by law.

4.1 Material service providers


We may transfer your personal data to the following third parties who provide us with a material service:

Who we share data with

What data we share

Why we share this data

Northrow Limited (registered number 7358038)
Profile Data
Contact Data
To verify your identity and meet our regulatory obligations. We only share your bank details when we verify your identity against your banking provider.
Ceding pension providers and other relevant third parties required in the service of finding and transferring your old or lost pensions
Profile Data
Contact Data
Previous Pension Data
To provide the service of finding and/or transferring an old pension we may be required to share data with ceding pension providers and other relevant third parties to allow them to verify your identity, and otherwise as required, locate your previous pension.
Credit Referencing Agencies
Profile Data
Contact Data
Previous Pension Data (Previous addresses and names)
To supplement the data collected from you with previous address and name history to verify your identity with ceding providers when locating pension policies that you have asked us to find.

For general account management to ensure that your contact details are current for GDPR purposes and to ensure that you receive important communications with regards to your Raindrop pension and our pension finding service.

For the purposes of third-parties verifying your identity for authentication and fraud prevention purposes.

4.2 Generic service providers

We may transfer your personal data to third parties who control or process personal data on our behalf to enable the efficient technical and logistical provision of our services. These service providers supply us with cloud data storage, data security services, customer relationship management software, and support ticketing services. We may substitute a technical or logistical service provider from time to time. Such parties are generally not permitted to use your personal data for any other purposes than for what your personal data was collected, and we require them to act consistently with applicable laws and this Notice as well as to use appropriate security measures to protect your personal data.

4.3 Event driven transfers

We may transfer your personal data to third parties in certain events where is it necessary to protect your, or our, legitimate interests. This includes the cessation, sale, or transfer of our business; civil or criminal legal, or regulatory, proceedings; or insurance claims.

4.4 Ancillary service providers

With your consent and to allow us to provide other services that you have requested from us we may share your data with ancillary service providers such as accountants or financial planners. We will only do this with your consent and if you have requested this service.

4.5 Pension finding requests

With your consent and to allow us to provide the service of finding an old pension that you have requested from us we may share your data with relevant clients through whom you have made this request. We will only do this with your consent and if you have requested this service.

Who we share data with

What data we share

Why we share this data

The firm we told you about when you signed up to the services they asked us to provide them and you.

We may share your personal information with our approved clients and third-party product providers so that they can complete the service they offered you, and the service we are providing.
As collected by us through the particular channel we share:

Profile Data
Contact Data
Previous Pension Data, and
Customer Support Data
This processing of your personal information is necessary so that we can provide our services to you in accordance with our terms and conditions and that of the firm that referred you to us.

We only share data if the law allows us to and at all times strictly in accordance with the terms of our privacy policy.

4.6 Data rectification requests

Where you have signed up for our client's service(s), and where they have requested us to, we may offer a data rectification service where we share up to date information, such as address and previous name data to ensure that your contact details are current for GDPR purposes within their systems and to ensure that you receive important communications with regards to services they offer you.

Who we share data with

What data we share

Why we share this data

The client, who already offers you a service(s), and has requested us to carry out data rectification checks.
Profile Data
Contact Data
Previous Pension Data
For their general account management to ensure that your contact details are current for GDPR purposes within their systems and to ensure that you receive important communications with regards to services they offer you.

4.7 International transfers 

Our products and services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred outside the country where you use our services, including to countries outside the European Economic Area (EEA). We will only transfer data in such circumstances if the level of data protection in that jurisdiction is deemed adequate, or if there are appropriate safeguards in place to protect your privacy.

5. How long do we keep personal data?

We will only keep your personal data for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. In general, we will delete redundant account information within 12 months of our relationship ending. However, we are obliged to keep certain records of our relationship to comply with the FCA’s rules, in which case we will instead restrict access through our archiving processes. Subject to any actual or potential legal claim, the maximum time that we envisage retaining any of your information is seven years, after which time it will be destroyed.

Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. If you do notify us that you no longer wish to receive marketing information, we will keep an encrypted version of your contact information to ensure we respect your wishes.

6. How do we keep your personal data secure?

We keep your data secure:

  • by following internal policies of best practice and training for staff
  • by restricting access to personal data and preventing unauthorised access, use, destruction, or disclosure
  • by conducting privacy impact assessments in accordance with the law and our business policies
  • by encrypting personal data both at rest and in flight
  • by using Secure Socket Layer (SSL) technology when information is submitted to us online
  • by managing third party risks through security reviews and contracts

In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we shall also inform you.

7. Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

7.1 Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or opened an account with us and you have not opted out of receiving that marketing.

7.2 Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

7.3 Opting out

You can ask us or third parties to stop sending you marketing messages at any time by letting us know through the Contact Us section of our website or by following the optout links on any marketing message sent to you. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of other purposes.

8. Cookies

A cookie is a small piece of code, sent from a website sends to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service. You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website.

The types of cookies we use are:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use ofe-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

We do not have any control over the use of cookies by third parties, including our clients and affiliates. To manage cookies from third party websites you will need to visit their site to adjust your settings.

For more information on our use of cookies you can view our cookie policy here.

9. Third party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, you should read the privacy notice of every website you visit.

10. Your rights

You have the following rights over your data, depending on the basis on which it is held:

  • Right to be informed. This Privacy Policy constitutes our informing you of how we use your personal data and your rights
  • Right of access. You have the right to understand how we process your personal data and on which legal basis as provided in this Privacy Policy. You also have the right to request access to your personal data.
  • Right to rectification. You have the right to correct any incorrect personal data we store about you. You can change your own personal data in most cases or else speak with our Customer Support team.
  • Right to erasure. Also known as the right to be forgotten, you may ask for your personal data to be deleted. Please note that this will constitute an account closure in most cases. We are legally obliged to retain data however even after an account closure – see How long do we keep personal data?
  • Right to restrict processing. You have the right to restrict our processing of your personal data.
  • Right to data portability. You have the right for your personal data to be exportable in easy to use, open formats such as CSV.
  • Right to object to processing of your personal data in certain circumstances, and
  • Rights related to automated decision-making i.e., where no humans are involved, and profiling i.e., where certain personal data is processed to evaluate an individual – see Automated decision making and profiling

You also have the right to make a complaint to your supervisory authority. In the UK, this is the Information Commissioner’s Office (www.ico.org.uk).

10.1 Right to access

You have the right to request access to the data we have on file for you. Before providing any data we will attempt to verify your identity and where we are not satisfied with the outcome we may refuse the request; we do this to keep your data secure.

When requesting this data we aim to fulfil your request within 30 days and to provide the data in an easily accessible format such as a csv or PDF where applicable.

Where we consider a request for access to be excessively onerous, unfounded or have other legitimate reasons (such as if fulfilling the request were to break other applicable laws) we may require more than 30 days to fulfil your request or may deny the request in part or completely. We will inform you of this in these cases.

We will not charge you for the right to access your data in most circumstances unless we consider the request to be excessively onerous and are still happy to comply with it. In these cases you will be informed of the charges before confirming if you would like us to go ahead with the request.

11. Changes to our privacy policy and control

We may change this privacy policy from time to time. When we do, we will let you know by changing the date on this policy and notifying you of significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.

12. Contact us

We are Raindrop and our address is Runway East, London Bridge, 20 St Thomas Street, London SE1 9RS, UK. You can contact our Data Protection Officer at privacy@myraindrop.co.uk.

Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Made by Flinch 77
Oops! Something went wrong while submitting the form.