To allow us to provide you with Ordo, we collect, use and are responsible for certain personal information about you. We take our responsibilities very seriously and keeping this information safe and secure is a top priority of ours. Our service is new, so we built it with privacy and security in its design. In providing the Ordo service to you, we are regulated under the General Data Protection Regulation.
Our collection and use of your personal information
We are a new service and we built Ordo with the user in mind – we only ask for the minimum amount of personal information we need to provide Ordo to you when you register with or use Ordo, you contact us for any reason, or browse our website.
The personal information we need depends on how you use Ordo. If you register with Ordo, we need your:
- name – so we know how to refer to you
- email address – so we can contact you, and your mobile phone number as a backup in case anything goes wrong with your email/password
- Ordo account details, such as username, login details – so we can provide you with the Ordo service
And if you want to send people money (we call this being a payer)
- bank – optional; to save you having to find your bank from a long list each time you pay
And if you want to send people bills (we call this being a biller)
- bank, account number, sort code and title of the account you want to receive payments into – so we can verify you and get your money to you.
We will never ask for your financial security details, your account details if you’re a payer, your individual title, your date of birth or address – we don’t need that information to provide you with Ordo and it’s none of our business.
The little information listed above that we do need, we use to:
- create and manage your Ordo service,
- verify your identity if you’re a biller,
- make sure bills and payments get sent simply, swiftly and securely,
- make your use of our web site and service as efficient as possible,
- notify you of any changes to our website, our terms or to our services that may affect you, and
- improve our services.
Our legal basis for processing your personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what the personal information is and what we are doing with it.
Some of the relevant legal bases we may rely on include:
- consent:where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- legitimate interests:where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
From a data protection perspective, we rely on having a contract with you and that what we do with your data is necessary for our legitimate interests to be able to provide you with the Ordo service. In the unlikely event we are ever compelled to use your information to comply with the law (like an investigation and court order, for example) we will rely on the legal obligation on us at the point.
We have made sure we have not compromised you or your data in any way or gone further than it is reasonable for us to. We analysed what data we needed to provide you with Ordo and conducted a risk assessment.
Incidentally, in order to provide you with the Ordo service (which, in legal speak, is a Payment Initiation Service and, where you would like it, an Account Information Service) we need your explicit consent. That’s why you’re asked to consent to receiving the Ordo service before you use it – this is a FCA requirement (separate to our data protection requirements and obligations).