Privacy Policy



pawaBank is a product created by Pawaful Limited (UK registered company 13076355). This Privacy Policy is to help you understand how we will look after your personal information.

Your Privacy is important to us. We respect your Privacy and comply with all applicable laws and regulations regarding the Personal Data we may collect about you. This includes data from across our website and/or apps.

Personal Data is information about you which can be used to identify you. This includes information about you as a person (things such as name, address and date of birth), your devices, payment details; even information about how you use a website and apps, or an online service.

Our website and/or apps may contain links to Third-Party sites and services. Please be aware that those sites and services have their own Privacy policies so after following a link to any Third-Party content, you should read their posted Privacy Policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site(s).


This policy has been developed incorporating the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), all legislation enacted in the UK in respect of the protection of Personal Data, and any code of practice or guidance published by the Information Commissioner’s Office. It exists to protect the accuracy, integrity and confidentiality of your Personal Data and to ensure that you are able to exercise your rights under the legislation. 

We only collect and use your Personal Data when we have a legitimate reason for doing so. As such, we only collect Personal Data that is reasonably necessary to provide our services to you.

When processing your Personal Data we adhere to the GDPR principles (Article 5). 


Information we collect includes information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.

3.1 Personal Information

We may ask for Personal Data which may include one or more of the following:

3.2 Log Data

When you visit our website and apps, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened and so forth. You may or may not receive notice of such errors occurring.

We wish to make you aware that although this information may not be personally identifying per se, it may be possible to combine it with other data to identify individuals.

3.3 Device Data

When you visit our website and apps or interact with our services, we may automatically collect data about your device, such as:

Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

We may collect Personal Data from you when you undertake any of the following on our website and/or apps:

We may collect, hold, use, and disclose information for the following purposes. Your Personal Data will not be further processed in a manner that is incompatible with these purposes:

Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.

3.4 Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect Personal Data about children under 13.


We keep your Personal Data only for only as long as necessary to fulfil the purpose for which it was obtained. This time period may depend on what we are using your information for, in accordance with this Privacy Policy. If your Personal Data is no longer required, we will delete it or make it anonymous by removing all details that identify you.

We will retain Personal Data for a maximum of one year after we have collected it if we have not entered into a contract with you for the provision of services. We may retain your Personal Data for longer if there is a lawful justification for it to be retained.

Personal Data is retained for not more than 5 years after a customer has exited our services unless there is a lawful justification for it to be retained. We may retain your information for longer if retaining it requires our compliance with any legal, accounting, or reporting obligation, technical reasons (remedial action will be undertaken as soon as practicable) or for archiving purposes in the public interest as defined in Data Protection legislation. 

In all cases, the Data Protection Officer will ensure the secure deletion of all Personal Data that is no longer allowed to be held by us. If it is necessary to retain your data for us to be compliant with our obligations (as outlined above), the Data Protection Officer will ensure your data is safely and cryptographically stored.


You always retain the right to withhold Personal Data from us, with the understanding that your experience of our website and/or apps may be affected. We will not discriminate against you for exercising any of your rights over your personal information. 

If you do provide us with Personal Data, you understand that we will collect, hold, use and disclose it only in accordance with this Privacy Policy. 

You retain the right to request details of any Personal Data we hold about you.

If we receive Personal Data about you from a Third Party, we will protect it as set out in this Privacy Policy. If you are a Third Party providing Personal Data about somebody else, you represent and warrant that you have such person’s consent to provide the Personal Data to us.


We use “Cookies” to collect information about you and your activity across our site. A Cookie may not always be classed as Personal Data per se; it is a small piece of data that our website and/or apps stores on your computer and accesses each time you visit. Cookies do this to understand how you use our site. This helps us to provide you with content based on preferences you have specified.

Please refer to our Cookie Policy for more information.


If you believe or identify that any Personal Data we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading then please contact us. It is our obligation to take reasonable steps to correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading.


A Data Subject is an identifiable person who can be identified, directly or indirectly from Personal Data. On that basis, consider yourself a Data Subject. In accordance with the GDPR and the Data Protection Act 2018, Data Subjects have rights when it comes to how we handle their Personal Data which include rights to:

8.1 Right To Your Personal Data - Subject Access Requests

In accordance with the GDPR and the Data Protection Act 2018 every Data Subject is entitled to make a Subject Access Request (SAR)

SARs should be submitted, by email with the following information:

When responding to a SAR, we will ensure that we will respond:

Each SAR will be considered on a case-by-case basis and should an exemption be applicable and/or an SAR is unfounded or excessive, we reserve the right to refuse to provide some or all of the requested information. In such cases, we will inform you of the reasons for the decision and advise you of your right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority and/or their right to seek to enforce the SAR through the courts. You can find out more information about your rights as a Data Subject, regulatory powers of the ICO and actions they can take by accessing their website

8.2 Right To Withdraw Your Consent

It is your right to withdraw consent at any time so please contact us if you want to follow this course of action. We want to make you aware of the following:

8.3 Right To Object

You have rights in respect of what Personal Data we can and cannot keep or cannot use. You need to tell us if this is applicable to you.

8.4 Right To Be Forgotten

You have the ‘right to erasure’ or the ‘right to be forgotten’ if you believe that there is no requirement for us to retain your information. You need to tell us if this is applicable to you. If there is a legal and/or other official and justifiable reason that your data is still required by us, then we will advise you accordingly. In such cases we may be able to restrict the use of your data for legal and/or other official and justifiable reasons only if requested.


We ensure Personal Data remains confidential but to meet our operational obligations and provide the services and products to our customers as required, we may need to share information to Third Parties. We always ensure full compliance with Data Protection Legislation when information-sharing is necessary. We may share your data with the following:


If you have consented to receiving direct marketing from ourselves, then we may contact you if we think you might be interested in our products and services and may use your Personal Data to make an informed decision regarding this. We may also provide you with marketing material if there is a legitimate interest and we have a commercial reasoning to use your data. 

If you have previously consented to us using your Personal Data for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. 


Automated individual decision-making is a decision made by automated means without any human involvement. Such decisions are based on Personal Data that we are able, by law, to collect. For example, we may use automated decision-making if we enter into a contract with you whereby systems may subsequently make automated decisions about you regarding marketing, services or products offered to you. It is an efficient means of ensuring decisions are correct and just. Such systems are proactive enabling them to also be an efficient and effective means to detect fraudulent activity.

You have the right to object to automated decision-making and should contact the Data Protection Officer in the first instance at


The Personal Data we collect is stored and/or processed in the United Kingdom, or where we or our partners, affiliates, and Third-Party providers maintain facilities.Personal Data may be transferred to countries outside the United Kingdom for any of the purposes described in this Policy. The countries to which we store, process, or transfer your Personal Data may not have the same Data Protection laws as us and if we transfer your Personal Data to Third Parties in other countries we will always take all identifiable and reasonable safeguarding steps to ensure that your information remains adequately protected including in all cases: 

On receipt of your Personal Data within another country, you understand that they may not have such stringent Data Protection legislation as the UK and less confidentiality. Your information can become subject to the laws and disclosure requirements of such countries.


If you wish to raise concerns, seek clarification or make a complaint regarding Personal Data processing, ask that you contact the Data Protection Officer in the first instance providing us with  full details of your query, concern or complaint.

We will promptly look into your request, investigate and take remedial steps where applicable and respond to you, in writing. This communication will detail outcomes of any investigation, remedial actions undertaken and further steps we will take to deal with your query, concern or complaint. 

You can contact the Data Protection Officer via email
You also have the right to contact the Information Commissioner's Office (ICO) at any time if you have concerns or a complaint regarding how we have handled your Personal Data or Data Subject rights. You can also contact the ICO if you are unhappy with the outcome of a complaint and wish to lodge an appeal.

You can contact the ICO via their website or their helpline 0303 123 1113  


At our discretion, we may change our Privacy Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Privacy Policy, we will post the changes here at the same link by which you are accessing this Privacy Policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) with the new details and links to the updated or changed Policy.