Osper Privacy Policy

Introduction

At Osper we want to be clear and transparent about the information we collect, how we use the information, where we store the data and how it is protected.

Creating a family friendly privacy policy

We want to make sure that children and parents understand how we look after your information and how we use your information. To do this, we have created a family friendly version of our privacy policy. This means that a young person, or their parent, can read the boxes in purple. This will give them a simple summary of each part of this policy. In fact, we have even checked the text using an online tool to make sure this is readable for children as young as 8 years old. We have used the Common European Framework of Reference (CEFR) and made sure that this document is written at B1 level - which means it should be understandable in everyday speech. (You can find more information here: www.efset.org)

Simple Summary

What information do we need?

When you join Osper we need information such as your name, address and when you were born. This helps us make your account. We also keep information when you load money onto Osper or any time you use the Osper card. This helps us to show you where you have spent money and keep your money safe. We keep information about how you use the Osper app, so we can make it better. We keep details of any time you talk to us by email, phone or chat.

How do we keep your information safe?

When we store your information, we jumble it up to stop other people from seeing it. We teach our staff about keeping your information safe. Sometimes we share your information with other people to help us run Osper. When we do this, we make sure they stick to our rules.

Can you change or delete your information?

You can change your email address or phone number in the Osper app. If you would like to change anything else, please talk to our support team who will be able to help. When you leave Osper, we need to keep some information for six years. When we don’t need your information anymore, we will delete it.

How can I get more information?

You can read our full privacy policy below to see how we keep your information safe. We have simple notes in the purple boxes. If you have any questions you can talk to us by sending an email to privacy@osper.com

About this policy

We want everyone to know how do we get and use your information. You can read our notes in the purple boxes. They are not rules but will make it easier to read our policy.

This policy applies to the personal information processed by or on behalf of Osper. This covers the Osper Card, Osper App, Osper website and other features such as Osper Gifting. Personal information means information which on its own or in combination with other information can be used to identify you. We may change this privacy policy from time to time by updating this document. If we are making a major change we will notify you by email or an in-app message. If you have any questions regarding this privacy policy, you can contact us at privacy@osper.com

Who are we?

We are Osper and are based in the UK. We make it simpler, safer and better for families to manage money. We decide how to manage your information. We share information with a company called IDT Financial Services. They let us send you the Osper card. They are based in Gibraltar (next to Spain!)

We are Osper Ltd registered at Brent Hall, Warley Gap, Little Warley, Brentwood, England, CM13 3DP (Company No. 07958759). We provide services to:

empower young people to manage their money responsibly with the help of their family and
help families manage money across all family members in a simple, safe and easy to use way. This includes providing information and tools to the parents, guardians, young people, family members and extended family members (such as carers and nannies) to help them manage money, make choices about money, stay connected with each other, and help young people to grow up and feel empowered. We achieve all of this through prepaid debit cards, mobile apps, websites for interacting with prepaid cards, emails, in-app chat, mobile notifications, SMSs and other digital and payments tools.

We act as a data controller which means we decide on the purpose for which your personal data is processed. However, each of our partners may be data controllers for the purposes of their own privacy policies. See http://www.ico.org.uk/ for more information on cookies and personal information.

IDT Financial Services Limited ("IDT") is the issuer of the card associated with your Osper account. Accordingly, IDT is a joint controller of some of your personal information as it relates to, and is required for, the administration and operation of the card. A copy of IDT's privacy policy may be found at http://www.idtfinance.com/privacypolicy.pdf.

Notice for parents or guardians

👦🏾 👩🏾 👦 👧 👧🏿 🧒🏿 📨 An adult will provide Osper with a child's information. If we have a child's email address or phone number, we may use this to send the child some messages.

✅ ❌ You can choose if we send some of these messages

As a parent or guardian who has signed up a Young Person, under the age of 18, to use the Osper service, you are giving us permission to collect, use and share their data in the ways specified in this policy.

By providing a set of verified contact details for a Young Person, parents and guardians are explicitly giving their permission for their children to be contacted in the ways described below.

We encourage parents and guardians to explain to their children how their information will be used, as set out in this policy.

Protecting the privacy of the data of Young People is important to Osper. We therefore commit to the following principles regarding how we respect their personal data:

We will send the following communications to Young People:
Essential service communications, e.g. attempted spend at non permitted merchant, responses to enquiries
Osper usage alerts, e.g. allowance switched on/off; receipt of Osper Gifts
Osper service updates
Parents or guardians may opt out of marketing on behalf of their children. Please see “Unsubscribing from services” for further details.

We are reliant on you providing accurate information in order to implement our Privacy Policy and cannot be held responsible if you circumvent age-restrictions by providing incorrect age information.

Information we collect

We keep information when you sign up and use Osper. Here is a list of the type of information we keep:

👋 🏠 your name, age where you live and how to contact you

💳 adult's bank card number do they can load money

📑 sometimes we might ask to see something to show who you are.

📝 messages you send to us and the ones we send to you

🖼 images you select or upload to us

🖇 information of anyone you invite to Osper

🔎 information about what do you do on our website

📱 the phone or tablet you use the Osper app on

💷 every time you spend or get money on Osper

🗺 (if you let us) where your phone or tablet is used

💻 sometimes the kind of computer, tablet or phone you are using

We collect personal information from you when you sign up and use our services. When you log into the Osper app or use the Osper website. We also collect data when you contact Osper or when we need to contact you. This includes:

Information that you provide to Osper when you sign up or activate a card

Account holder and cardholder personal information such as: Name, date of birth, gender, relationship to account holder or cardholder, email address, postal/billing address and mobile number
Payment information such as: debit card number, expiry date, CVC, bank account number.
Personal documentation provided on request such as: Passport, Driving License, utility bill, bank statement.

Information you provide in contact/correspondence with Osper

Information you give to us in telephone calls, emails, instant messages, text messages or other means of communication
Media (should you choose to enable these features once available)
Profile photos
Other photos, e.g. to tag transactions, capture receipts
Contact information you provide if you refer friends or family to use Osper or gift to an Osper card. You confirm that you have the consent of anyone whose contact information you provide for this purpose

Technical information collected automatically when you use Osper

Information collected when visiting Osper’s website such as:
- IP address, browser type, operating system, browser language, time zone, service provider, system settings, system tokens/keys
- Information about activities you undertake, such as the pages you visit, searches you make, marketing or links you click
- Information collected when using the Osper app such as: mobile device, a unique device identifier, operating system version, mobile carrier

Usage data collected when you use Osper

Information related to individual transactions, e.g.
Loading information: time and date of load, load type, notes
- Purchase information: retailers used, value of transactions, category of retailer, time of transaction
- Withdrawals: cash machine used, how much has been withdrawn, time of withdrawal
- Savings: amount saved, savings goal name, when saved, frequency of automatic saving
Osper App usage information, e.g.
- Pages visited, functions selected
- Login attempts
All communications between Osper and users or directly between users, including gifters
- Communications via text message, in-app messages from Osper to Osper users, messages on transfers or loads
If you enable features of Osper that are location-enabled, we may collect and process information about the location of your device, e.g.
- Location of the mobile device, or other technologies such as nearby Wi-Fi access points, mobile transmitters and sensor data Note: You will only be able to use location-based services if you have opted-in to do so and you will be able to switch them off again at any time you wish
We may also store and access information on your device, e.g.
- Application data caches, browser web storage

Testing/pre-release research initiatives

We may require additional information if you choose to take part in a pilot program, e.g.
- Personal data, device information and other types of data which will be specified as part of the pilot

How we use your information

📋 We use your information so you can use Osper and for rules we have to follow. The reasons we use your information are:

to keep your account working

to send you the Osper card

so you can use the Osper app

to contact you when something is wrong

to check who you are and that you are following the rules

to see how you use Osper so we can make it better

if we have to tell someone like the police, to keep you or someone else safe

to help you if you ask us

🗃 We also use your information to help Osper. We make sure that we are careful, and you can ask us to stop.

📨 We may send you information when we make Osper better

📈 We might use some information to make Osper better. This won't be your name or all of you address.

🔖 You might see messages only for you when you visit our website

💬 If you let us we might send you messages about other companies. You can ask us to stop.

We use your information to fulfill our contract with you, provide you with our services, meet our legal obligations, protect your vital interests and where necessary for the public interest. This includes:

To create your Osper account and send you Osper cards that you have ordered
To enable you to use the Osper card and app. This will let you load, spend and withdraw funds on the Osper card, manage savings, review transactions and make transfers
To enable you to easily, safely and simply manage money as an extended family (for example, letting family members know about children’s upcoming birthdays to make birthday gifting easier)
To enable you to access, manage, spend, save, send and withdraw your money through the prepaid debit card, app and all types of notifications
To enable you to make choices about money, stay connected with each other, and help young people to grow up and feel empowered, for example, by sharing data insight, tips and advice
To contact you regarding your account
Provide you with essential services communications, e.g. suspicious activity on your account, billing, responding to enquiries, etc
Send you usage alerts to notify you of relevant account activity, e.g. allowance switched on/off, attempted card use at non-permitted merchants
To provide you with customer service when we notice a problem
To verify your identity and to identify, prevent, detect or tackle financial crime, including fraud, money laundering and other unauthorised conduct. We may also access, use and store any identity verification or other check made, and do anything else required for these purposes.
To understand your use of the service so we can provide a safe, reliable and convenient Osper experience. We will also use your data to make sure content is presented on your device is the most effective manner.
We may access, read, preserve, and disclose information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Osper, our employees, our customers, or others.
We will use your data to carry out our obligations to you or any other users of the Osper service, perform any services you have requested and allow you to participate in interactive features of the service when you choose to do so. For example, if you contribute money to a Young Person’s account we may communicate data about you and your gift to the relevant account-holder (parent / guardian of the Young Person).
When you contact the Osper Support team for assistance via any means we may keep a record of your communications to respond to your query and to improve our service to you. Your call may be recorded for training or quality purposes.

We use your information for our legitimate interests where those interests are not outweighed by your interests or rights

We may use your contact details to communicate to you Osper updates which let you know about changes to the Osper service
We may also use anonymised data collected to improve our service, for example to carry out statistical analysis, including data analytics, developing and analysing data metrics and publishing the results in an aggregated form.
To ensure a consistent Osper experience we will use information collected when you use Osper via our apps or website using such technologies as cookies and pixel tags. This information may be used to customise any messaging you are presented with. Please see the Osper Cookie policy for further information.

We use your information, with your consent to:

Contact you by email, SMS or in-app message to inform you of relevant offers and other marketing-related items from Osper
Contact you by email, SMS or in-app message to inform you of relevant offers and other marketing-related items from carefully selected third-parties

You have the right to remove your consent for these purposes at any time by emailing us at unsubscribe@osper.com

Cookies

🍪 When you visit our website, we store a cookie on your computer, phone or tablet.

🏷 A cookie is a small piece of information to help us know what you have done on the website.

👋🏾 It tells us if you have seen our website before

Cookies are data files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. We use cookies in order to ensure our website and app function correctly and to improve our understanding of how you use our service in order to make improvements. You can find full details on the types of cookies we use at our Osper Cookie policy

How we share information

📠 We send your information to other people to help us run Osper

🔐 We always make sure your information is safe

🌍 If we send your information to another country, we make sure they stick to our rules

🙈 If you break important rules, we may need to send information to someone like the police

🆘 We may send information to someone else if we need to keep you safe

We share your personal information with the joint data controller IDT Financial Services Limited who issue the Osper card.

We use third-party providers who process personal information on our behalf to help us provide the following services:

Collecting debit card data for loading Osper Cards and loading chargebacks:
Processing Osper Card transactions and transaction chargebacks:
Identity verification and fraud monitoring
Osper Card manufacturing
Customer-service
IT infrastructure, including cloud computing services
Marketing to customers where we have consent
Develop our service
Back-up and store our data

We have agreements in place with all third-party providers to make sure your information is properly protected. Third-party providers will only process your data for the reasons we have agreed with them.

If we need to transfer your personal information to a country other than the UK we will have appropriate safeguards in place.

We may add additional services from time to time, in which case we will update this Privacy Policy.

To comply with the law or in the public interest

Should we believe our service is being used illegally, we may provide evidence to the authorities to enable them to investigate suspected illegal activity. We will also disclose personal information (which may include purchase and location data) if we are required to do so by law. We may pass on data in an emergency where in good faith we believe that revealing personal information is needed to protect the safety of you or someone else.

Business Transfers

We may share customer information if we choose to buy or sell assets. Also, if we (or some of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information would be one of the assets transferred to a third party in those circumstances. You will be notified via email and/or a prominent notice on our website of any change in ownership.

How we keep information secure

🔐 We make sure your information stays safe

🔀 We jumble up your information to stop other people from seeing it

👀 We only let some people see your information

Osper understands the importance of keeping your personal data secure. We will take appropriate technical and organisational measures to protect against unauthorised or unlawful processing, accidental loss or destruction of, or damage to personal data, although we cannot guarantee these things will never happen. No system is 100% safe from a sophisticated and sustained attack by determined hackers.

A selection of measures we take to protect your personal data are provided below: Using industry standard security technology and procedures to protect your information

High-security password protection on internal Osper systems
Encryption of our services using SSL (Secure Sockets Layer)
Training of our employees on information security
Continual review of our policies and procedures in response to advances in technology and security best practice

Osper App access password protection

Built-in password protection on the Osper App for parents / guardians and Young People to gain access to their account

Limiting access to your data

Measures to ensure access to Osper systems is limited to approved

Osper team members to undertake their job

All employees undergo data protection training and sign confidentiality agreements

Keeping your data up to date

📱 🖊 You can change some of your information on the Osper app

✉️ 🖊 You can ask us to change other information

If you are an Osper parent / guardian or Young Person, most of your personal information can be accessed by logging into your account and some can be changed directly. However, for compliance reasons, certain types of information cannot be changed or deleted online. To request an amendment of this information you will need to contact us (see Contact us page) so we can verify your identity.

Please be aware that for legal or risk reasons the Osper Support team may be unable to amend or delete certain types of data. Furthermore, for legal reasons we may be required to keep your data for a fixed period of time after your account has been closed (currently 6 years). In addition, we use back-up systems to prevent service interruptions or data loss. We cannot guarantee that your data will be changed or deleted in those archives.

Your rights

You can ask us things about your information You can ask:

What information we have on you and where we keep it

To update your information if it is wrong

That we remove your information

To stop using your information to help Osper

To stop using your information if there is a problem

To send you your information so you can use it somewhere else

Not to choose what to do with your information without looking at it first

We have to follow rules about what we do with your information. You can always send a message to the people who make sure we follow the rules.

As a UK company we comply with UK Data Protection law. If we have processed your personal information you are entitled to the below rights:

You have a right to access the information we hold, obtain a copy and obtain details on how your data is processed within 30 days of a request.
If any data we hold is incorrect, you can request this is corrected without delay.
You can request that we remove any unnecessary information about you. Osper is required to retain some information to comply with financial regulations.
You can object to Osper processing data in its interests
You can ask us to stop processing your data where it is inaccurate, our processing is unlawful, we no longer need the data or you have objected to us processing your data in our interest. When you do this, you will be unable to access any of the Osper services.
You have the right to receive your data in a machine-readable format so that it can be used by another service.
You can object to automated decision-making which may significantly affect you.
You have the right to contact the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. If you would like to exercise any of your rights, including obtaining a copy of the information we hold about you, please send an email to privacy@osper.com

Unsubscribing from services

🔕 We may send you messages about Osper. You can always ask us not to.

🚫 If you have let us send you messages about other companies you can tell us to stop.

You may opt out from some communications we send you. Where we process your data with your consent, you may withdraw that consent at any time.

Essential service communications

Osper may communicate with you about important activity which has taken place on your account, for example, to alert you about suspicious transactions or problems with your account. You cannot opt-out of these communications.

Usage alerts

Osper may send you alerts regarding your Osper account usage, for example, when money is loaded or allowance is paid. These notifications are designed to keep you informed about important account activity, and may alert you to suspicious activity so they cannot be switched-off. (In the future we may build functionality to enable you to control these alerts although we will recommend that you continue to keep them on).

Osper updates

To unsubscribe from optional Osper updates you can simply use the unsubscribe link which will be at the bottom of any service update email we send you.

Marketing

You have the right to ask us not to process your personal data for marketing purposes. If you have previously consented to marketing emails, but do not wish for you or your family to receive marketing communications, then please send an email with one of the following subject headings to privacy@osper.com:

“Unsubscribe me from third party marketing
“Unsubscribe me from Osper marketing”
“Unsubscribe me from all marketing”

To unsubscribe from Osper marketing you can also use the unsubscribe link which will be at the bottom of any marketing emails we send. We will need 5 working days to process these requests in most cases but please allow up to 2 weeks to take account of pre-prepared mailing lists.

Keeping your own data secure

Make sure you keep your PIN and password safe. Don't share them with anyone else. 🔐

We encourage parents / guardians to speak to their Children about PIN and password security to ensure ongoing safety while using the service. Parents / guardians should ensure their Children understand that they should never share the PIN or password for their Osper App or Osper Card. We recommend they do not write down their PIN but if they need to, this must be kept securely and separately from their Osper Card and the device that they use to access the Osper App. Equally, parents and guardians must follow good password management practice themselves and not write down or share their Osper password.

If we believe your Osper account passwords/PINs have not been kept secret, we may not be responsible for losses incurred on your account.

The rules and guidelines we follow

📑 🇬🇧 🇪🇺 We follow the rules made in the United Kingdom and a group of countries called the European Union

As a UK company, Osper is subject to UK Data Protection regulations. We are registered with the Information Commissioner’s Office and we have developed our internal data protection policies by consulting relevant UK legislation. The principles underpinning this legislation are there to help us maintain transparency with Osper parents / guardians and Young People about how we process their personal data, only use it for legal or legitimate purposes and make sure that usage is appropriate for that purpose.

Contact us

If you have any general enquiries or questions about how we use your personal information or about this Privacy Policy, please contact the Osper Support Team by email at hello@osper.com or by the in-app chat. You can also contact our Data Protection Officer directly at: Email: privacy@osper.com Address: Data Protection Officer, Osper, Brent Hall Warley Gap, Little Warley, Brentwood, England, CM13 3DP.

Description of some terms

Data Controller Decides what information is needed and how it is used.

IP Address A set of numbers which makes up an address. The address tells us where you are connecting to the internet from.

Personal information Information which on its own or in combination with other information can be used to identify you.

SSL (Secure Sockets Layer) Rules which let your computer or phone to send or get information from Osper without anyone else from seeing it.