This is the Privacy Policy for “Koody” and “Budget by Koody”, a personal finance marketplace and budgeting app, provided at https://www.koody.co and associated mobile applications, that allow you to compare financial products and manage your money intelligently without connecting your bank account or sharing sensitive banking details (“the Product”).
The Product is provided by Koody Limited, a company registered in England and Wales (No. 11764182), with registered office address at Unit C, 81 Curtain Road, London, United Kingdom, EC2A 3AG, (“we”, “us”, “our”). We are the data ‘controller’ in relation to the personal data you provide to us, which means we determine the purposes and the way in which your personal data is, or will be, processed.
Koody Limited is registered with the Information Commissioner's Office (ICO), with reference number ZA785178. Visit www.ico.org.uk for more information.
If there is anything you do not understand or wish to clarify, please get in touch with us by emailing us at: hello@koody.co.
This policy aims to give you information on how we collect and process any personal data we collect from you, or that you provide to us. We want you to be confident when you use our product that you know what your personal data is being used for, and that it is being kept safe.
It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.
You will always have the right to lodge a complaint with a supervisory body. The relevant authority in the UK is the Information Commissioner's Office http://www.ico.org.uk. However, if you do have a complaint, we would appreciate the chance to deal with your concerns first, so please do contact us in the first instance at hello@koody.co.
We use different methods to collect data from and about you including through:
We may collect and process the following information about you:
Registration Information: To register to use our product you will have to supply us with your full name, email address, date of birth and phone number.
Additional Personal Information: You may choose to submit additional personal information when you register for the service, for example your photograph or your preferred pronoun (he, she, they).
Unique User ID: This is an identifier which we assign to you when you sign up to use our product, to create your own unique data record.
Transactional Information: We keep a secured record of all the transactions you log on Budget by Koody.
Technical Information: When you browse our website, we automatically collect some technical information about your visit to our website, including, but not limited to, information about the device you are using to access the Koody Marketplace and Budget by Koody (for example, mobile device or web), the IP address used to connect your computer to the internet, your browser type and version, your browser plug-in types and version and your location.
Customer Testimonials: This could include your name, social media handle and/or any testimonial, review or other comment on our products or services that you choose to provide to us.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
PURPOSE / ACTIVITY | OUR LAWFUL BASIS FOR PROCESSING THIS DATA | TYPE(S) OF DATA WE USE FOR THIS PURPOSE |
To register you as a customer to use our service | Performance of a Contract with you (i.e. Contract) | Registration Information |
To manage our relationship with you (including notifying you about changes to our terms and conditions or this privacy policy) | Contract; Legal obligation | Email Address |
To understand our user base better | Legitimate interests (to understand our user demographic and what users want to get out of our service) | Registration Information, Additional Personal Information |
Requesting your participation in online surveys | Consent | Email Address |
Posting customer testimonials and reviews on our website | Consent | Customer Testimonials, Email Address (we contact you to ask if you are happy for us to include your testimonial, and how you would like your name and/or social media handles to appear) |
To tell you about goods or services (marketing material) that we feel may be of interest to you | Consent | Email Address |
To create your personal data record, which we need to uniquely identify you | Contract | Unique User ID |
To create your dashboard | Contract | Account and Transactional information |
To provide user support and technical instructions regarding your account | Contract | Registration Information, Unique User ID, Account and Transactional information and Technical information |
To monitor and improve our product | Legitimate interests (to track the use of our product and identify areas where we can improve service performance or service functionality. This includes business and technical improvements) | Registration Information, Technical information, Additional Personal Information |
To create aggregated market research, from which all personal data is removed. | Legitimate interests (We may sell this anonymised market research to clients to create the revenue we need to run our business) | Account and Transactional Information, Registration Information |
Use of necessary, functional and analytical cookies (see Cookies section for further information on specific purposes) | Legitimate interests (in operating our website); Consent | Technical Information |
You may control your subscriptions to any of the above marketing content notifications by unsubscribing from marketing communications.
We may share your personal information in the following ways:
Some of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside of the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Under certain circumstances, you (registered user) have the following rights under data protection laws in relation to your personal data:
If you wish to exercise any of the rights set out above, please contact us at hello@koody.co. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
As a registered user, you have the right to ask for a copy of the information which we hold on you (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
As a registered user, you have the right to request that we correct personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold corrected, though we may need to verify the accuracy of the new data that you provide to us.
As a registered user, you may ask us to delete or remove personal data where there is no good reason for us continuing to process it. This is more commonly known as the ‘right to be forgotten’. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Please note, however, that we may not always be able to comply with your request to delete or remove personal data for specific legal reasons which will be notified to you, if applicable, at the time of your request.
As a registered user, you have the right to stop us processing your personal data for direct marketing purposes. We will always inform you if we intend to use your personal data for such purposes, or if we intend to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at hello@koody.co.
You may also object to us processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
In certain circumstances, you may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Where we are relying on consent to process your personal data you can withdraw your consent at any time. Please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will normally retain your information for a period of 30 days after your account is deactivated or 30 days after your information is no longer needed to provide you with our product. After this period, the data will be deleted from our systems and we will be unable to access it. In some circumstances you can ask us to delete your data sooner: see Deleting Personal Data above for further information. If you do wish to cancel your account or request that we no longer use your information to provide you services, please contact us at hello@koody.co.
Where we anonymise your personal data (i.e. so that it can no longer be associated with you) for further research or statistical purposes, then we may use this information indefinitely without further notice to you.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Our website may include links to third-party websites, plug-ins and applications. This includes Social Media Features, such as the Facebook Like button and Widgets, the “Share this" button or interactive mini-programs that run on our website. Clicking on those links or enabling those Features may allow third parties to collect or share data about you. For example, these Features may collect your IP address or which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. We do not control these third-party websites or Features and are not responsible for their privacy statements. Your interactions with these Features are governed by the privacy policy of the company providing it. When you leave one of our websites, we encourage you to read the privacy notice of every website you visit.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. To access and change your personal information, you should log in to your online account on our mobile or web app and make the necessary changes. The changes will be effective as soon as you save them to your Profile, and a confirmation message will be displayed.
A cookie is a text file containing a small amount of information that is sent to your browser when you visit a website. The cookie is then sent back to the originating website on each subsequent visit, or to another website that recognises it. Cookies are an extremely useful technology and do lots of different jobs.
We may collect information through the use of cookies.
We have listed below all the cookies that we use. These fall into the following categories:
Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our product.
Analytics/performance cookies: These types of cookies allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users can easily find what they are looking for.
Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about some of the individual cookies we use and the purposes for which we use them in the table below:
COOKIE | TYPE | PURPOSE |
osano_consentmanager* | Necessary | Osano - to manage user cookie consent. |
wf*, wf_logout, wf_user, wflogin, wf_exp_uniqueId, wf_first_touch | Necessary | Webflow - to provide the Product |
_pin_unauth | Necessary | Used by the application to ensure secure login |
ajs_user_id | Necessary | Used by the application to ensure secure login |
_ga*, _gat*, _gat_gtag_*, _gid* | Analytics | Google Analytics - to track page views and site performance |
monto-analytics-referrer | Analytics | Monto - for tracking page views and usage |
__stripe_mid | Functional | Stripe - to provide fraud prevention |
tatari-user-cookie | Targeting | Tatari - for targeting and advertising |
_fbp | Targeting | Facebook - to store and track visits across websites. |
_mkto_trk | Targeting | Marketo - for tracking page views |
_gcl_au | Targeting | Google Adsense - to store and track conversions |
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
To find out how to manage cookies on popular browsers:
BROWSER | LINK |
Google Chrome | |
Microsoft Edge | |
Microsoft Internet Explorer | |
Mozilla Firefox | https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox |
Opera | |
Safari |
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
We may need to modify this privacy policy from time to time, to reflect any key changes in our service or as required by law.
Last Updated: 30th December 2021.