Effective as at: 09/05/2025
Noggin HQ Ltd (“
Noggin”, “
we”, “
us”, or “
our”) is committed to protecting your personal data and privacy. The purpose of this Noggin Privacy Policy (this “
Privacy Policy”) is to inform you about the collection, use, and disclosure of your personal data (i.e., information that indirectly or directly identifies you) (“
Personal Data”) when you: (a) visit and interact with our website located at
https://www.nogginhq.com/ and
https://www.nogginmobile.com/ (the “
Website”); (b) use our Website to review and compare certain credit products and credit-related products made available for purchase on the website of our partners (“Products”); and/or (c) create an NHQ account with us and redeem a special offer relating to a Product, and/or (d) use our Website to review, apply for, purchase and/or manage your agreement for for our unregulated credit products. We are registered as a fee payer with the UK’s Information Commissioner’s Office (
www.ico.org.uk) (registration reference: ZB234886). For the purposes of UK data protection law, Noggin is the controller of your Personal Data.
This Privacy Policy does not apply to any Personal Data we collect about Noggin employees, job applicants, and independent contractors.
TYPES OF PERSONAL DATA WE COLLECT
We may collect the following Personal Data directly from you:
- Contact Information: such as your first and last name, email address(s), residential address, telephone number(s);
- Identification Information: such as your date of birth, nationality, marital status, title, photograph, passport, driving licence or other identity document(s), documents you provide to prove your address;
- Profile Data: such as your username and password(s), your interests, preferences, feedback and survey responses; and
- Special Categories of Personal Data: such as your race, gender, and ethnicity.
We may collect the following Personal Data about you from third parties:
- Information from your Connected Payment Accounts: if you choose to participate in Open Banking and connect your payment account, we will use certain third parties (such as Plaid) to operate as an application programming interface (API) to connect us to your Open Banking data. As part of this service, we will collect the following information: your bank account type (e.g., checking), bank account balance and currency, username, contact details for identity verification (e.g., name, telephone number(s), work and residential address(s), email address(s)), banking product (e.g., type of credit card), your transaction history (e.g., incoming, such as income, and outgoing payments, and categories), regular payment details (e.g., amounts, recipients of payments, standing orders, and direct debits) account features and benefits (e.g., fees, overdraft payments and rewards). You may change your mind about use of this feature and unlink your connected payment accounts at any time; and
- Information from our Product Partners: where you purchase a Product from one of our partners whose Products are included on the Website (“Product Partner”) they may send us information about the Product you have purchased (including any terms of the agreement entered into between you and the Product Partner), the date and time of purchase, and your user ID. To the extent that your agreement with our Product Partner is a regulated credit agreement, we may also receive details of your monthly repayment history on that Product, a monthly status update of your credit account and date of agreement end. To the extent that your agreement with our Product Partner is a non-credit agreement, we may receive details of your monthly payment history on that Product, a monthly status update and date of agreement end.
We collect the following Personal Data automatically including, through your access to our Website, from cookies and similar tracking your devices:
- Technical Usage Data: information about response time for web pages, download errors and date and time when you accessed the Website, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Website and other usage and browsing information collected through cookies or other tracking technologies; and
- Information from your Device: information about your IP address, browser ID, device ID, cookie preferences, operating system, platform, and similar information about your device settings, and data collected from cookies or other tracking technologies.
For more information about our use of cookies, please see our Cookies Policy.
HOW WE MAY USE YOUR PERSONAL DATA
Depending on how you interact with the Website, we may process your Personal Data for the purposes and in reliance on the legal bases set out below.
| Categories of Personal Data | Purpose | Legal Basis under the UK GDPR |
|---|
| All categories of Personal Data | To provide our services to you, to administer the customer relationship with you and to respond to your requests and enquiries. | To manage and perform our contract with you (Article 6(1)(b), UK GDPR) |
| All categories of Personal Data | To manage, run and administer your NHQ account should you choose to open one. | To manage and perform our contract with you (Article 6(1)(b), UK GDPR) |
| All categories of Personal Data | To display relevant and suitable Products to you including those which align with your needs and circumstances. | To comply with our legal or regulatory obligations i.e., credit broking (Article 6(1)(c), UK GDPR) |
| Information from your Connected Payment Accounts and Information from Product Partners | For our own research purposes and to improve our credit scoring model. To provide products and/or services to you at a price and value that enables you to achieve your financial objectives. To undertake analysis to help us manage our business and improve our services. | With your consent (Article 6(1)(a), UK GDPR) |
| Contact Information, Identification Information, Profile Data, Technical Usage Data, Information from your Device | To redirect you to the websites of our Product Partners to enable you to purchase a Product from the relevant Product Partner. | To comply with our legal or regulatory obligations i.e., credit broking (Article 6(1)(c), UK GDPR) |
| Contact Information | Where you create an NHQ account with us, to enable the sharing of your Open Banking data with us. | With your consent (Article 6(1)(a), UK GDPR) |
| All categories of Personal Data | Where you create an NHQ account with us, to display special offers to you relating to Products. | We have a legitimate interest to offer you incentives / special offers (Article 6(1)(f), UK GDPR) |
| Information from Product Partners | Where you create an NHQ account with us, to have Information from Product Partners displayed in your account. | We have a legitimate interest to provide this service to you which will provide you with greater visibility of your Product repayment history (Article 6(1)(f), UK GDPR) |
| Contact Information, Identification Information, Profile Data, Technical Usage Data, Information from your Device | To personalise your visit to our Website, to assist you while you use the Website and improve the Website by helping us understand who uses the Website. |
With your consent, if required by applicable law (Article 6(1)(a), UK GDPR)
We have a legitimate interest to ensure the content is presented in the most effective way for you and your device and to improve your (and others) experience when interacting with the Website (Article 6(1)(f), UK GDPR)
|
| Contact Information, Identification Information, Profile Data, Technical Usage Data, Information from your Device | To contact you to tell you about our services, which we believe may interest you, unless you inform us that you do not wish to receive marketing or market research communications from us. You can request that we stop processing your Personal Data for marketing purposes at any time by clicking on marketing opt-out or unsubscribe links in any e-marketing materials we send you, or by contacting us using the details below. |
With your consent, if required by applicable law (Article 6(1)(a), UK GDPR)
We have a legitimate interest to carry out direct marketing (Article 6(1)(f), UK GDPR)
|
| Contact Information, Identification Information, Profile Data, Technical Usage Data, Information from your Device | For tailored advertising on third-party websites either because of the website you are viewing, or based on your interests which we have inferred from your Personal Data. |
With your consent, if required by applicable law (Article 6(1)(a), UK GDPR)
If you no longer wish to see tailored advertising, you can amend your cookie preferences (please see our Cookies Policy)
|
| All categories of Personal Data | To enforce or defend our rights, including through third-parties to whom we delegate such responsibilities. |
To manage and perform our contract with you (Article 6(1)(b), UK GDPR)
We have a legitimate interest to enforce or defend our rights, including through third-parties to whom we delegate such responsibilities (Article 6(1)(f), UK GDPR)
|
| All categories of Personal Data | To share with third parties we use to help deliver our products and/or services to you and/or improve the services we offer you. | To manage and perform our contract with you (Article 6(1)(b), UK GDPR) |
| All categories of Personal Data | To share with third parties we use to help deliver our products and/or services to you and/or improve the services we offer you. | To manage and perform our contract with you (Article 6(1)(b), UK GDPR) |
| All categories of Personal Data | To share data with police, law enforcement, courts, dispute resolution bodies, tax authorities or other government and fraud prevention agencies where we have a legal obligation. | To comply with our legal or regulatory obligations (Article 6(1)(c), UK GDPR) |
| All categories of Personal Data | To investigate and resolve complaints and manage regulatory matters, investigations and litigation. |
To comply with our legal or regulatory obligations (Article 6(1)(c), UK GDPR)
We have a legitimate interest to conduct investigations, resolve complaints and manage legal and/or regulatory matters as effectively and efficiently as possible (Article 6(1)(f), UK GDPR)
|
| All categories of Personal Data | To monitor communications for investigation and fraud prevention purposes, crime detection, prevention and investigation. |
To comply with our legal or regulatory obligations (Article 6(1)(c), UK GDPR)
We have a legitimate interest to prevent misuse of our services as part of our efforts to ensure the Website is safe and secure (Article 6(1)(f), UK GDPR)
|
| All categories of Personal Data | To comply with any of our applicable legal, or regulatory obligations including, to respond to personal data breaches and data subject requests. | To comply with our legal or regulatory obligations (Article 6(1)(c), UK GDPR) |
| All categories of Personal Data | The day to day running and management of the business including to monitor, maintain and improve the processes, information and data, technology and communications’ solutions and services we use. | We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests (Article 6(1)(f), UK GDPR) |
| All categories of Personal Data | To perform general, financial and regulatory accounting and reporting. | To comply with our legal or regulatory obligations (Article 6(1)(c), UK GDPR) We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests (Article 6(1)(f), UK GDPR) |
| All categories of Personal Data | To compile or aggregate Personal Data in certain data analyses, or reports. | We have a legitimate interest to analyse certain activities and data to improve our service offering and for our own understanding of the business (Article 6(1)(f), UK GDPR) |
| All categories of Personal Data | To share Personal Data with third-parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business. | We have a legitimate interest to manage our business including in relation to a potential merger or acquisition (Article 6(1)(f), UK GDPR) |
| Special Categories of Personal Data |
|---|
| Special Categories of Personal Data | We may request you provide us with certain information relating to, for example, your race, gender, and ethnic group in order to test and improve our internal credit assessment processes. | With your explicit consent (Articles 6(1)(a) and 9(2)(a), UK GDPR) |
Please note that you have the right to object to the processing of your Personal Data where that processing is carried out for our legitimate interest and/or for direct marketing purposes.
In order to ensure the Products we display to you on our Website are relevant and suitable for your needs and circumstances, and to help us improve our credit scoring model, we may undertake analysis of your Personal Data. The information we collect helps us tailor our content and improve our suggestions to you and other users about the Products that may interest you or them. We do not consider that these activities would produce legal effects, or have similarly significant effects on you.
CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
Where we require your Personal Data to comply with contractual or legal requirements, failure to provide such Personal Data may mean that we are not able to provide you with the service.
HOW WE SHARE YOUR PERSONAL DATA
We may share your Personal Data with the following third parties:
- Our Product Partners.
- To select third-parties who provide us with services (e.g., technical and hosting support for the Website, marketing, data analysis firms).
- With financial institutions and other service providers in connection with your participation in Open Banking, for example when we instruct a third party to access certain information from your bank (such as Plaid).
- With third parties where required or permitted by law e.g., to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities.
- With third-parties who assist in the management of our business, such as accountants and lawyers, and to help detect and protect against fraud or technical or data security vulnerabilities.
- With any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or that succeeds us in carrying on all or part of our business.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
We may transfer Personal Data to vendors, suppliers and other recipients located in countries outside of the UK (e.g., the United States), which are not considered by the UK Government to provide an adequate level of data protection.
Where we transfer your Personal Data to recipients in countries not considered to provide an adequate level of data protection, we will take steps to ensure your Personal Data are protected, including by: (a) entering into a Data Transfer Agreement with the recipient; or (b) seeking assurances from them that they have Binding Corporate Rules in place or where available, that they have self-certified to the UK Extension of the EU-US Data Protection Framework. You can obtain further details on these safeguards by contacting us using the contact details provided below.
SECURITY OF YOUR PERSONAL DATA
The security of your Personal Data is extremely important to us. We take reasonable steps, consistent with generally accepted industry standards, including technical, administrative and physical safeguards to protect the Personal Data submitted to us from loss, misuse and unauthorised access, disclosure, alteration and destruction. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk and you should always use caution when transmitting Personal Data over the Internet.
RETENTION OF PERSONAL DATA
We will retain your Personal Data for no longer than is necessary for the provision of our services, internal analytical purposes, or to comply with our legal obligations, resolve disputes and enforce agreements (e.g. settlement). The criteria used to determine the retention periods include:
- how long the Personal Data is needed for a particular purpose and to operate the business;
- the type of Personal Data collected; and
- whether we are subject to a legal, contractual or similar obligation to retain the Personal Data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).
We may retain your Personal Data for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.
We will also delete your Personal Data when you withdraw your consent (where applicable), provided that we are not legally required or otherwise permitted to continue to hold such Personal Data.
YOUR RIGHTS
You may have certain data privacy rights, which may be subject to limitations and/or restrictions. These rights include the right to:
- request access to Personal Data we hold about you;
- the correction of your Personal data when incorrect, out of date or incomplete;
- request that we erase your Personal Data;
- object to us using or processing your Personal Data;
- request that we restrict the processing of your Personal Data (i.e., we would need to secure and retain the Personal Data for your benefit but not otherwise use it);
- withdraw your consent at any time;
- opt-out of any marketing communications that we may send you and to object to us using / processing your Personal Data if we have no legitimate reason to do so; and
- the portability of personal data (i.e., ask for a copy of your Personal Data to be provided to you, or a third-party, in a digital format).
Separately, you can withdraw your consent to the sharing of your Open Banking data with us at any time. You can do this via your NHQ account. You can also delete your NHQ account at any time which will result in the immediate deletion or anonymisation of all Open Banking data collected by Noggin up to that point.
We will respond to your request in writing if requested, as soon as practicable and in any event not more than within one (1) month after receipt of your request. In exceptional cases, we may extend this period by two (2) months and provide you with reasons. We may request proof of identification to verify your request. To enable us to trace any of your Personal Data that we may be holding, we may need to request further information from you.
If you have a complaint about how we have used your information, you have the right to complain to the UK’s Information Commissioner’s Office or your local data protection authority. For more details in relation to your rights including how to exercise them, please feel free to contact:
support@nogginhq.co.ukLINKS TO OTHER WEBSITES
Our Website contains links to our third-party websites, including those of our Product Partners, that are not operated or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not control or accept any responsibility or liability for these policies or the privacy practices of any third-parties, including our Product Partners. Please check these policies before you submit any Personal Data to these websites. Any Personal Data you choose to give to third-party websites is not covered by this Privacy Policy.
CHANGES TO THIS PRIVACY POLICY
We may revise or supplement this Privacy Policy from time to time. If we make any substantial changes in the way we use or share your Personal Data, we will notify you by posting a notice on our Website prior to the change becoming effective. We encourage you to refer to this Privacy Policy on an ongoing basis so you understand our current privacy practices.
MINORS
You must be aged 18 or over to use the Website and our other digital offerings. We do not solicit or knowingly collect personal data from children aged 17 and under. If we are made aware that we have received such information, or any information in violation of this Privacy Policy, we will use reasonable efforts to locate and remove that information from our records.
CONTACT US
Questions, comments and requests regarding this Privacy Policy are welcomed, including requests relating to exercising any of your data privacy rights. Please contact us by email:
support@nogginhq.co.uk or write to Noggin HQ LTD: Noggin HQ, Toffee Factory, Lower Steenbergs Yard, Quayside, Byker, Newcastle upon Tyne NE1 2DF.