Who are we?
This website is operated by us, Ordo, the trading name for The Smart Request Company Ltd. Ordo runs the payment request service allowing users to send and receive bills and payments simply, swiftly and securely, using smart requests.
What data do you collect and what for?
To allow us to provide you with Ordo, we collect, use and are responsible for certain personal information about you. We take our responsibilities very seriously and keeping this information safe and secure is a top priority of ours. Our service is new, so we built it with privacy and security in its design. In providing the Ordo service to you, we are regulated under the General Data Protection Regulation.
Our collection and use of your personal information
We are a new service and we built Ordo with the user in mind – we only ask for the minimum amount of personal information we need to provide Ordo to you when you register with or use Ordo, you contact us for any reason, or browse our website.
The personal information we need depends on how you use Ordo. If you register with Ordo, we need your:
- name – so we know how to refer to you
- email address – so we can contact you, and your mobile phone number as a backup in case anything goes wrong with your email/password
- Ordo account details, such as username, login details – so we can provide you with the Ordo service
And if you want to send people money (we call this being a payer)
- bank – optional; to save you having to find your bank from a long list each time you pay
And if you want to send people bills (we call this being a biller)
- bank, account number, sort code and title of the account you want to receive payments into – so we can verify you and get your money to you.
We will never ask for your financial security details, your account details if you’re a payer, your individual title, your date of birth or address – we don’t need that information to provide you with Ordo and it’s none of our business.
The little information listed above that we do need, we use to:
- create and manage your Ordo service,
- verify your identity if you’re a biller,
- make sure bills and payments get sent simply, swiftly and securely,
- make your use of our web site and service as efficient as possible,
- notify you of any changes to our website, our terms or to our services that may affect you, and
- improve our services.
Our legal basis for processing your personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what the personal information is and what we are doing with it.
Some of the relevant legal bases we may rely on include:
- consent:where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- legitimate interests:where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
From a data protection perspective, we rely on having a contract with you and that what we do with your data is necessary for our legitimate interests to be able to provide you with the Ordo service. In the unlikely event we are ever compelled to use your information to comply with the law (like an investigation and court order, for example) we will rely on the legal obligation on us at the point.
We have made sure we have not compromised you or your data in any way or gone further than it is reasonable for us to. We analysed what data we needed to provide you with Ordo and conducted a risk assessment.
Incidentally, in order to provide you with the Ordo service (which, in legal speak, is a Payment Initiation Service and, where you would like it, an Account Information Service) we need your explicit consent. That’s why you’re asked to consent to receiving the Ordo service before you use it – this is a FCA requirement (separate to our data protection requirements and obligations).
What about Marketing?
We may send you information about Ordo generally or other aspects of Ordo that you may find useful. Where we have your consent or it is in our legitimate interests to do so, we may do this by email, telephone, text message (SMS) or call (automated or otherwise).
We will only send you relevant marketing messages if you tick the marketing boxes when you register. And don’t worry, if you get fed up with them you can unsubscribe at any time.
You can read more about your rights under the new data protection laws (they were enacted to protect you) below.
Do you share my data with anyone?
We do not share or sell your data to anyone for any reason other than providing you with the Ordo service and making it more brilliant. We do not analyse or monetise your data for any reason other than providing you with the Ordo service and making it more brilliant. We only use your data to provide you with the Ordo service – we call this the non-use of your data. The only people we share your data with are our technical partners who help us run Ordo and make it brilliant for everyone using it. All your data stays in the UK.
What are my Rights?
Under the General Data Protection Regulation you have a number of important rights free of charge. The new data protection laws were enacted to empower and protect you. In summary, those include rights to:
- being told what we collect and how, and the fair and transparent use of your information
- requiring us to correct any mistakes in the information we have about you
- the erasure of personal information about you providing it’s lawful for us to do that
- knowing the personal information about you which you have provided to us
- being able to opt out of direct marketing at any time
- objecting to decisions being taken about you, that are significant (legally or otherwise) by automated means
- objecting in certain situations to our continued use of your personal information
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
How do you keep my personal information secure?
We are a new service. So we built the service from scratch with privacy and security in its design. We only ask for the minimum amount of personal information we need to be able to provide you with the Ordo service. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any relevant regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
If you would like to exercise any of those rights, please:
contact us using the form in the footer of our web site
please tell us enough information so that we can identify you (eg your Ordo email address),
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility bill), and
let us know the information to which your request relates.
What about if I open Ordo whilst I’m outside of the EEA?
In this case, the smart request data will still be via our encrypted secure end-to-end system. To allow you to see your smart requests, it will be necessary for Ordo to transfer the smart request data for the performance of the contract between us and to allow us to provide you with the Ordo service when and where you want it. The transfer of the smart request data is in your interests if you want to look up your smart requests in Ordo whilst outside of the EEA.
How would I complain if I wanted to?
We really hope that if we’ve done something to upset or annoy you, that you’ll get in touch and we will be able to work it out with you.