Privacy Policy


Where we obtain your personal information

We get personal information about you from a number of sources. For example, personal information that:

Information we hold

NewDay Ltd are a data controller for the information that NewDay Ltd obtain when providing your card.

NewDay hold and use the following personal information about you:


Information we disclose to third parties and other organisations

We will keep your personal information confidential and only share it with others for the purposes explained below and elsewhere in this Privacy Notice. We have trusted relationships with carefully selected third parties who carry out services on our behalf. All these third parties have a contract with us and have agreed to keep your personal information confidential and secure and only to use it for the purposes that we allow.

We may share your information with the following people and organisations for the purposes detailed below:

To operate your account and provide services to you

To manage your account

For the prevention and detection of fraud, crime and/or terrorism

To CRAs and FPAs

In relation to any business transfer or re-organisation

Granting third party providers access to your online servicing account

Following changes to the law, from 13 January 2018 you can allow an authorised Third Party Provider (TPP) to have access to your online servicing account. These TPPs are sometimes known as Account Information Service Providers and offer such services as the ability for you to look at all your bank and credit card accounts through one Mobile App or Website. You can only use a TPP where you have registered for Online Account Manager.

If you choose to use a TPP, please ensure you understand how their service works, such as how they access your account with us and how they will protect your data. Please be aware that:

The terms and conditions of your card will still apply.

  1. We will give the TPP access to your account information only, and in the same way as if you were accessing it directly. For example, they will be able to see your recent transactions and your outstanding balance.  The TPP is not permitted to change any of your preferences, direct debit details or any information about you and cannot initiate a payment from your account.
  2. Although you must not, generally, give the security details you use to log-in to our online service to anyone else, you may give them to a TPP if it is necessary to do so. They should agree with you that they will keep these details safe and will only use them for the purpose(s) you have agreed with them.
  3. We can refuse to allow a TPP to access your account where we are concerned about unauthorised or fraudulent access by that TPP.

All TPPs must be authorised by the Financial Conduct Authority and so you must check, from the information that the TPP gives you before you use their services, that the TPP is authorised. If you give your security details to a TPP that is not authorised, we will assume it is you authorising us to give access to your account. If we become aware that an unauthorised third party is using your security details, we will block access to your account.

How we use your personal information

We will use your personal information to:

  1. search CRAs and FPAs;
  2. make, or assist in making, credit decisions about you, assess lending risks and to check the details that you have let us and others have;
  3. operate and manage your account and manage any application, agreement or correspondence you may have with us and to conduct financial reviews;
  4. perform other administrative and operational purposes including the testing of systems;
  5. monitor and analyse our business, including to carry out customer modelling and statistical, trend and transactional analysis;
  6. form a view of you as an individual and to identify, develop or improve products that may be of interest to you and to carry out market research;
  7. provide you with products and services and tell you about changes to these products and services;
  8. send you marketing in accordance with the provisions of section below “Use of your personal information for marketing and contact purposes”;
  9. carry out audits;
  10. trace your whereabouts in the event we are unable to contact you in relation to the products or services we provide to you;
  11. recover any debt you owe us;
  12. provide information to independent external bodies such as government departments and agencies, universities and similar to carry out research; and/or
  13. comply with our legal and regulatory obligations and to identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes.

Your personal information may also be used for other purposes for which you give your permission or where we are permitted to do so by law or it is in the public interest to disclose the information or is otherwise permitted under the terms of the Data Protection Act 1998.

Should you enter into a credit agreement with us, you explicitly consent to us accessing, processing, and retaining any information you provide to us, for the purposes of providing payment services to you. This does not affect any rights and obligations you or we have under the Data Protection Act 1998. You may withdraw this consent by closing your account. If you do this, we will stop using your data for this purpose, but may continue to process your data for other purposes as set out in this Privacy Policy.

In the event that NewDay receives any funds from a third party which have been incorrectly attributed or applied to your account, NewDay shall have the right to disclose all your available relevant information (including personal information) to the third party’s payment service provider (for example their bank) in order to assist the third party to recover such funds. Additionally, in the event that the third party’s payment service provider is unable to recover such funds on behalf of the third party, NewDay will upon receipt of a written request, provide all your available relevant information (including personal information) to the third party to enable them to recover the funds.

How long we retain your personal information for

We will only retain your personal information for as long as it is required in relation for the purposes it was obtained.

We hold your personal information for the periods listed below:

When you have an account with us

We only keep details of your personal information and details of your account for such period of time to permit us to comply with any legal or statutory obligations after your account is closed.

When you apply for an account but are declined credit

We will keep your personal information for statistical analysis, fraud prevention and credit scoring purposes.




Protecting and managing your online privacy

What is a cookie and how NewDay uses Cookies?

Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience. NewDay also uses Cookies as part of its application processes and when you access any online account for fraud prevention and detection purposes.

There are different types of cookies. They all work in the same way, but have minor differences:

  1. Session cookies – Session cookies last only for the duration of your visit and are deleted when you close your browser. These facilitate various tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality. Many of the cookies we use are session cookies. For example, they help us to ensure the security of your online account servicing session, and can also keep you signed in while you move between pages or service your account. Our session cookies used for security are designed to be very difficult to read, change, access or use except by us when you have an active Internet Banking session. They contain no personal information that can be used to identify an individual. Their names typically start with the letters IB e.g. IBSESSION, IBCOOKIE01, IBCOOKIE02.
  2. Persistent cookies – Persistent cookies last after you have closed your browser, and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites to provide targeted advertising based upon the browsing history of the device. NewDay uses persistent cookies in a few ways, for example, to remember your username for log in so you don’t have to (cookie named IBUserID). We also use persistent cookies to allow us to analyse customer visits to our site, for example our cookie named WT_fpc. These cookies help us to understand how customers arrive at and use our site so we can improve the service.
  3. First and third party cookies – Whether a cookie is a first or third party cookie depends on which website the cookie comes from. First party cookies are those set by or on behalf of the website visited. All other cookies are third party cookies. We use both first party and third party cookies.
  4. Strictly necessary cookies – These cookies are essential in order to enable you to move around the website and use its features, and ensuring the security of your online banking experience. Without these cookies services you have asked for, such as applying for products and managing your accounts, cannot be provided. These cookies don’t gather information about you for the purposes of marketing.
  5. Performance cookies – These cookies collect information about how visitors use a web site, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor although they may collect the IP address of the device used to access the site. All information these cookies collect is anonymous and is only used to improve how a website works, the user experience and to optimise our advertising. By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.
  6. Functionality cookies – These cookies allow the website to remember choices you make (such as your user name). They may also be used to provide services you have requested such as watching a video. The information these cookies collect is anonymised (i.e. it does not contain your name, address, account details, etc.) and they do not track your browsing activity across other websites. By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.
  7. Targeting cookies – These cookies collect several pieces of information about your browsing habits. They are usually placed by advertising networks. They remember that you have visited a website and this information is shared with other organisations such as media publishers. These organisations do this in order to provide you with targeted adverts more relevant to you and your interests. This type of advertising is called online behavioural advertising and those companies providing this advertising are working with the UK’s Internet Advertising Bureau to deliver more information to consumers. To highlight this information, publishers of advertising will, in the future, look to place an icon in the top right hand corner of an advert. This icon when clicked, will take you through to the website "youronlinechoices" ( where there is more help and guidance. In addition, NewDay seeks to only use advertising networks which are signed up to the IASH code of conduct for the placement of adverts. This code requires members to have their processes audited by a third party to ensure compliance. For more information on IASH please visit By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.

What if I don't want to accept cookies?

Using companies to process your information outside of the UK

We may transfer your personal information so that we can manage your account and provide other services from:

We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation. These external organisations may process and store your personal information abroad in order to fulfil any payment instructions for example when you use your credit card. Additionally, they have to disclose your personal information to overseas authorities to help them to prevent and detect crime and terrorism. If these authorities are outside the EEA, your personal information may not be protected to the same standards as in the EEA.

Using credit scoring and automated decision making

When you apply to us for credit we may use an automated system known as credit scoring to help us decide whether to lend to you. It is a way of assessing how much you are able to afford to borrow and how you are likely to manage your account. Most lenders use credit scoring to help make fair and informed decision about lending.

Credit scoring takes account of information from three sources:

Credit scoring methods are regularly reviewed to ensure they remain fair, effective and unbiased. Using credit scoring helps us to lend responsibly.

How we check your identity

As well as searching CRAs, we may ask you to provide physical forms of identity when you apply for credit for example a copy of your passport and/or driving licence and other information for us to validate your identity.

Declined applications

If you apply to us but we are unable to offer you credit, you can contact us within 21 days of the date of your application to ask to have the decision reconsidered.

Your data subject rights

Under the Data Protection Act 1998 you have a number of data subject rights. Details of these rights and how you can exercise these are set out in the following sections:

Right of Access

You have a right to access certain personal records that we hold about you. This is called a data subject access request and you can make a request by writing to aqua Customer Services, PO BOX 173, Sheffield, S98 1JW. A £10 fee is payable and we may require further information from you in order to identify your identity before disclosing any personal information to you.

Right to rectification

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove any personal information that you think is no longer up to date.

You have a right under the Consumer Credit Act 1974 to request a CRA to provide you with information that they hold about you. A fee is payable.

Use of your personal information for marketing and contact purposes

Information we are required to send you as part of our services

We and members of the group, may send you information directly related to your card and from which you may benefit about, for example, offers, loyalty points or cardholder promotions where these are features of your card. We may also send you marketing and details of how and why we do this and your right to opt out of receiving such communications are set out in section below “Marketing Communications

We want to make sure that we provide excellent customer service and we use various means of communication to do this including phone, post, email and SMS.

Marketing Communications

Recording phone calls

We may monitor or record phone calls with you in case we need to check that we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve the quality of our service, to manage your account and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.

Social networking sites

As part of our commitment to understand our customers better, we may research comments and opinions made public on social networking sites, such as Twitter and Facebook.

A guide to the use of your personal information by CRAs and FPAs and the NewDay Group


When you apply to us to open an account, we will:

Check our own records for information on:

Any account you and, if you have one, your "financial associate" (as defined in the next paragraph) may have or have had with us.

A "financial associate" is someone with whom you have a personal relationship that creates a joint financial unit in a similar way to a married couple. You will have been living at the same address at the time. It is not intended to include temporary arrangements such as students or rented flat sharers or business relationships.

CRAs may link together the records of people that are part of a financial unit. They may do this when people are known to be linked, such as being married or have jointly applied for credit or have joint accounts. They may also link people together if they, themselves, state that they are financially linked.

Search at CRAs for information on:

Search at FPAs for information on you and any addresses at which you have lived and on your business (if you have one).

What we do with the information you supply to us as part of the application:

Information that is supplied to us will be sent to the CRAs.

If you are making a joint application or tell us that you have a spouse or financial associate, we will:

You must ensure that you have a financial associate's consent and agreement to disclose personal information about them to us

If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.

Your personal information may also be used by us to offer you other products, but only if you have given your permission as part of any application that you have completed.

With the personal information that we obtain we will:

Assess this application for credit and/or;

Check details on applications for credit and credit related or other facilities;

Verify your identity and the identity of your spouse, partner or other directors/partners (if any) and/or;

Undertake checks for the prevention and detection of crime, fraud and/or money laundering.

We may use scoring methods to assess this application and to verify your identity.

Any or all of these processes may be automated for more information please see section entitled "Using credit scoring and automated decision making".

What we do when you have an account:

Where you borrow or may borrow from us, we will give details of your personal and/or business account (if you have one), including names and parties to the account and how you manage it/them to CRAs.

If you borrow and do not repay in full and on time, we will tell CRAs.

We may make periodic searches of our own group records and at CRAs to manage your account with us, including whether to make credit available, increase the amount of credit available or to continue or extend existing credit. We may also check at FPAs to prevent or detect fraud.

What credit reference and FPAs do

When CRAs receive a search from us they will:

Place a search “footprint” on your credit file whether or not this application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future.

Link together the records of you and anyone that you have advised is your financial associate including previous and subsequent names of parties to the account. Links between financial associates will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs.

Financial associates may "break the link" between themselves if their circumstances change such that they are no longer a financial unit. Financial associates should apply for their credit file from a CRA and file for a "disassociation".

CRAs and FPAs will supply to us:

Credit information such as previous applications and the conduct of the accounts in your name and of your associate(s) (if there is a link between you) and/or your business accounts (if you have one).

Public information such as County Court Judgments (CCJs) and bankruptcies.

Electoral Register information.

Fraud prevention information.

When personal information is supplied by us, to CRAs and FPAs in relation to your account(s):

CRAs will record the details that are supplied on your personal and/or business account (if you have one) including any previous and subsequent names that have been used by the account holders and how you/they manage it/them.

If you borrow and do not repay in full and on time, CRAs will record the outstanding debt.

Records shared with CRAs remain on file for 6 years after they are closed, whether settled by you or defaulted.

How your personal information will NOT be used by CRAs: -

It will not be used to create a blacklist.

It will not be used by the CRA to make a decision.

How your personal information WILL be used by CRAs:

The information which we and other organisations provide to the CRAs about you, your financial associates and your business (if you have one) may be supplied by CRAs to other organisations and used by them to:

  1. Prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities
  2. Check the operation of credit and credit-related accounts.
  3. Verify your identity if you or your financial associate applies for other facilities.
  4. Make decisions on credit and credit related services about you, your partner, other members of your household or your business.
  5. Manage your personal, your partner’s and/or business (if you have one) credit or credit related account or other facilities.
  6. Trace your whereabouts and recover debts that you owe.
  7. Undertake statistical analysis and system testing.

How your personal information may be used by FPAs:

The information which we provide to the FPAs about you, your financial associates and your business (if you have one) may be supplied by FPAs to other organisations and used by them and us to prevent crime, fraud and money laundering by, for example;

Trace your whereabouts and recover debts that you owe.

Your personal information may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 1998.

Your personal information may also be used to offer you other products, but only where permitted.


How to find out more

You can contact the CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.

Please contact us at Customer Services Team on 0333 220 2691 if you want to receive details of the relevant FPAs.


Questions and answers

Q: What is a CRA?

A: CRAs collect and maintain information on consumers’ and businesses’ credit behaviour, on behalf of organisations in the UK.

Q: What is a FPA?

A: FPAs collect, maintain and share, information on known and suspected fraudulent activity. Some CRAs also act as FPAs.

Q: Why do you use CRAs and FPAs when I have applied to your organisation?

A: Although you have applied to NewDay and we will check our own records, we will also contact CRAs to get information on your credit behaviour with other organisations. This will help us make the best possible assessment of your overall situation before we make a decision.

Q: Where do CRAs and FPAs get the information?

A: Publicly available information:

Q: How will I know if my personal information is to be sent to a CRA or FPA?

A: You will be told when you apply for an account if your application personal information is to be supplied. The next section of this leaflet will tell you how, when and why we will search at CRAs and FPAs and what we will do with the information we obtain from them. We will also tell you if we plan to send payment history information on you or your business, if you have one, to CRAs. You can ask at any time the name of CRAs and FPAs.

Q: Why is my personal information used in this way?

A: We and other organisations want to make the best possible decisions we can, in order to make sure that you, or your business, will be able to repay us. Some organisations may also use the information to check your identity. In this way we can ensure that we all make responsible decisions. At the same time we also want to make decisions quickly and easily and, by using up to date information, provided electronically, we are able to make the most reliable and fair decisions possible.

Q: Who controls what CRAs are allowed to do with my personal information?

All organisations that collect and process personal information are regulated by the Data Protection Act 1998, and compliance with the Data Protection Act 1998 is overseen by the UK Information Commissioner’s Office. All CRAs are in regular dialogue with the Information Commissioner's Office. Use of the Electoral Register is controlled under the Representation of the People Act 2000.

Q: Can just anyone look at my personal information held at CRAs?

A: No, access to your information is very strictly controlled and only those that are entitled to do so, may see it. Usually that will only be with your agreement or (very occasionally) if there is a legal requirement.