Revision: 17/10/2017

GDWRK Limited of 37 Alloa Road, London, SE8 5AH (We) are committed to protecting and respecting your privacy.

We are known as the “data controller” under applicable laws.


This policy (together with our terms and conditions as set out here (T&Cs), together our Terms of Use) applies to your use of:

This policy sets out the basis on which any personal data We collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.

For the purpose of the Data Protection Act 1998,


We will collect and process the following data about you:


We use cookies to distinguish you from other users of the App or our Site. This helps us to provide you with a good experience when you use the App or browse any of the sites and also allows us to improve the App, our Site and our Service. For detailed information on the cookies We use and the purposes for which We use them, see our cookie policy [WEB ADDRESS OF COOKIE POLICY].


We use the personal data held about you in the following ways:

We do not disclose information about identifiable individuals to third parties other than as expressly envisaged in the Terms of Use but We may provide them with anonymous aggregate information about our users (for example, We may inform them that a specific age group tends to have more direct debits on their account than another age group).


You agree that We have the right to disclose your personal information to any member of our group from time to time, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.

As well as disclosure as specified elsewhere within this Privacy Policy, We will disclose your personal information to third parties:


We will store your data on servers based within the European Economic Area (EEA).

Please note however that Salt Edge and our other service deliver partners may transfer your data to, and store it at, a destination outside the European Economic Area (EEA). While the processing of your personal data by those third parties is solely their responsibility and is subject to those parties’ own terms and conditions and privacy policies, by submitting your personal data, you agree to this transfer, storing and processing of your personal data by those parties outside the EEA.

We will take all steps reasonably necessary to ensure that we treat your data securely and in accordance with this Privacy Policy.

All information you provide to us is stored on our secure servers. Data relating to your identity will be securely encrypted using TLS (Transport Layer Security). Where We have given you (or where you have chosen) a password that enables you to access certain parts of Our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the App or our Site; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access. We use the very latest framework releases. We use tried and tested modules, and apply fundamental security considerations to every aspect of software design and development. We also frequently review and externally test our software. We filter identifiable information from server logs, encrypt identifiable information in our secure databases, and we only communicate over encrypted protocols.

Personal data may be stored on your Device or web browsers using application data caches and browser web storage or similar technology.


You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if We intend to use your data for such purposes or if We intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms We use to collect your data. You can also exercise the right at any time by contacting us at

Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which the App or the Service are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.


The Data Protection Act 1998 and, with effect from 25 May 2018, the General Data Protection Regulation, gives you the right to access information held about you. Your right of access can be exercised in accordance with those pieces of legislation.

You can access much of your data on the App or on the Site itself where you can make corrections, updates or deletions.


We strive to retain your personal data for no longer than is necessary.


This regulation (the GDPR) comes into effect on 25 May 2018 and We respect and will comply with the new rights it brings into effect for the benefit of individuals. In particular:

Right to erasure: Also sometimes referred to as the “right to be forgotten”, We will comply with our obligation to erase your data promptly where you request us to do so in exercise of your rights under the GDPR.

Right of data portability: We will transfer your personal data to another data controller in a structured, commonly used and machine-readable format, upon request.


Please know if you have any complaints of any kind. We will do our absolute best to resolve them. If we are unable to do so, remember that you have a right to complain to the UK data protection regulator, the Information Commissioner’s Office.


We will give you at least 30 days’ notice of any change by sending you an SMS or email with details of the change or notifying you of a change when you next start the App or access the Service.


Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to