OneFamily Logo The AA Logo


OneFamily (“we”, “us”, “our”) are committed to protecting and respecting your privacy. This privacy policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, via the AA ISA application and account login areas of the OneFamily website (“the AA ISA site” or “the site”), will be processed by us.

Your personal details enable us to respond to specific enquiries you have and to provide you with products and services for which you apply.

When you fill out our online enquiry forms, we ask for your contact details so that we can deal with your request as efficiently and effectively as possible.

By using the AA ISA site, you accept this privacy policy and agree to us processing your personal data in accordance with its terms. If you do not agree to this privacy policy, you should not use the site.

We may amend this privacy policy from time to time. We'll post any changes to this privacy policy here so that you'll always know what information we gather, how we might use that information, and whether we'll disclose that information to anyone. Please refer back to this privacy policy on a regular basis. Your continued use of the site following the posting of changes to this privacy policy will mean that you accept those changes.

Your privacy and the security of your personal information are very important to us. We want you to be as comfortable as possible visiting the site. Please read this privacy policy carefully.

Please remember that this privacy policy applies only to information collected by the site. We are not responsible for the privacy practices of websites that are operated or owned by third parties (i.e. websites you may have visited previously, which contain links to a OneFamily website).

We will not sell, share, license, trade, or rent your personal information collected on the site to third parties.

We'll share the information you provide with AA Financial Services Limited (AA) and Bank of Ireland UK plc (Bank of Ireland UK).

What information about me is collected on the site or through your internet products?

We collect two types of information: personally identifiable information and non-personally identifiable information.

Personally identifiable information

Personally identifiable information is information that identifies you or can be used to identify or contact you ("personally identifiable information"). Such personally identifiable information may include your name, address, email address, telephone number, birth date (primarily for eligibility purposes) and bank details. We'll collect personally identifiable information from you only if you voluntarily submit such information to us (i.e. when requesting an information pack or applying for a product or managing an account online). Unless you give us permission to do so, we'll not share your personally identifiable information other than as specified in our privacy policy and uses of data statement, or as stated in the Terms and Conditions of any products you apply for.

Non-personally identifiable information

Non-personally identifiable information includes user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the site. Non-personally identifiable information is used to help us understand who uses the site and to improve and market the site in general.

Who operates the site and where are your servers located?

OneFamily operates the site and our servers are located at our registered office; 16-17 West Street, Brighton, BN1 2RL, United Kingdom.

Personal information

If we want to collect personally identifiable information through the site, we'll be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

We have the ability to retain information that you provide on an application form, even if you do not submit your application. In order to help improve our customer experience we may use the details you have left to contact you about your application.

When do you disclose information to third parties?

Except as set forth in this privacy policy, or as specifically agreed to by you, we'll not disclose any information we gather from you through the site.

We'll share the information you provide with AA and Bank of Ireland UK. For more information please see our uses of data policy. OneFamily is also the ISA manager for ISA products distributed by other commercial partners. If you hold an ISA with any of our ISA partners and contact us to update your personal details, we will update your information on both our system and with all the ISA partners that you hold an account with.

Laws and legal rights

We may disclose your information (including personally identifiable information) if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a search warrant, a court or regulatory order, or other valid legal process.

We may disclose personally identifiable information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our terms of use or to protect the safety and/or security of our users, the site or the general public.

Third parties generally

Other than the information we share with AA, Bank of Ireland UK, and our other ISA partners as necessary, we may provide to third parties information about you that does not allow you to be identified or contacted (i.e. non-personally identifiable information detailed above), including where such information is combined with similar information of other users of our websites. For example, we might inform third parties regarding the number of unique users who visit our websites, or the activities that visitors to our websites engage in while on those websites. The third parties to which we may provide this information may include potential or actual advertisers (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.

Sale of business

We reserve the right to transfer information (including your personally identifiable information) to a third party in the event of a sale, merger or other transfer of all or part of the assets of OneFamily provided that the third party agrees to adhere to the terms of this privacy policy.

Is the information collected secure?

We want your information (including personally identifiable information) to remain as secure as possible. We strive to provide secure transmission of your information from your computer to our servers through industry-standard techniques. To help ensure the integrity and privacy of the personally identifiable information you provide to us via the Internet at the time you elect to request an information pack or apply online, we use Secured Socket Layer (SSL) encryption technology in transmitting such personally identifiable information over the Internet to our servers. We secure the personally identifiable information you provide on servers located in controlled, secure environments, protected from unauthorised access, use, or alteration.

OneFamily websites also incorporate 128-bit encryption technology so the information being passed between you and us cannot be read or understood by unauthorised persons. We transmit data with your permission to authorised third parties using 192-bit AES encryption.

Only employees who need access to your information to perform a specific task or function are granted access to such information. In addition, all employees of OneFamily must abide by this privacy policy and are kept up-to-date on security practices.

Notwithstanding the above commitments to protect your information (including personally identifiable information) from loss, misuse or alteration by third parties, you should be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your information, we cannot ensure or warrant the security and privacy of any information you transmit to us, and you do so at your own risk.

What choices do I have regarding the collection, disclosure and distribution of personally identifiable information?

Except as otherwise described in this privacy policy, we'll only use personally identifiable information for the purposes described above or as otherwise disclosed at the time we request such information from you. You can "opt-out" from giving us permission to use your personally identifiable information for any other purpose.

You can contact us in order to:

  1. update or correct your personally identifiable information,
  2. verify what personally identifiable information we maintain about you,
  3. change your preferences with respect to communications and other information you receive from us.

Anyone contacting us for details of the information we hold on them will have to verify their identity (or we'll take reasonable steps to verify their identity). We reserve the right to make a small charge as prescribed by current legislation for such a request.

Who do I contact if I have any privacy questions?

If you have any questions about our privacy policy or feel that we are not abiding by the terms of our posted privacy policy, please contact our privacy Co-ordinator in any of the following ways:

By e-mail:
By post:
Attn: Privacy Co-ordinator/Data Protection Officer
16-17 West Street
United Kingdom


Cookies are pieces of information that a website transfers to the cookie file on your computer's hard disk. Cookies enable users to navigate around the website and (where appropriate) enable us to tailor the content to fit the needs of visitors who have accessed the site.

Some cookies only stay on your PC for the duration of your visit to the website - these are session based cookies and expire when you shut down your browser. Others are known as 'persistent' and remain on your PC for a fixed period of time - minutes, months or indefinitely.

There are different types of cookies which do different things, such as allowing efficient navigation around the website, remembering preferences and improving your overall browsing experience. Others can be used to measure the number of site visits and most popular pages users visit. Cookies can also be used to provide you with advertising which is more tailored to your interests - we do not use these types of cookies.

There are four classifications of cookies - strictly necessary, performance, functionality and targeting.

Although most browsers are initially set to accept cookies, you may reset your browser to notify you when you receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the "Help" section of the toolbar.

More information about cookies can be found at and in the ICC UK Cookie Guide.

Our web pages may contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages on the site. Web beacons and spotlight tags are simple tools used to obtain generic information about the web pages visited. They are not used to obtain information about specific users. We do not disclose any of your personally identifiable information to our advertising partners.

We also use analytical tools to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the site (including your IP address) is transmitted the analytics provider who uses the information is then used to evaluate visitors’ use of the site and to compile statistical reports on website activity.

We will not (and will not allow any third party) to use these statistical analytics tool to track or to collect any personally identifiable information of visitors to the site.

We will also use cookies to assist us in tailoring how we advertise our services to you when you visit certain third party websites. This is known as 'retargeting', 'remarketing' or 'behavioural advertising'. When you visit certain pages on the sites, a cookie will be downloaded onto your computer which will enable us to tailor advertisements that would appear on certain third party websites having an agreement with behavioural advertising providers to display such advertisements. If you do not wish to allow us to use cookies in this way, you can visit to opt out.

Log files

We also collect non-personally identifiable information through our Internet log files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the site. This information may be used to analyse trends, to administer the site, to monitor the site’s use, and to gather general demographic information.

Uses of data

Any information you provide, including that provided via the AA ISA application and account login areas of the OneFamily website (“the AA site” or “the site”) will be held and processed by OneFamily (“we”, “us”, “our”), AA Financial Services Limited (“AA”) (which is a member of the AA group of companies (“AA Group”) and Bank of Ireland UK plc (“Bank of Ireland UK”) at all times in accordance with the Data Protection Act 1998 (“the Act”) and as detailed below. We, AA and Bank of Ireland UK are each “data controllers” for the purposes of the Act.

Your information includes your personal details (such as your name and contact details) and details of your transactions (such as account balances, withdrawals and deposits).

How your information is obtained

We are the ISA Manager of the AA ISA and the AA acts as an introducer for the AA ISA. We will receive information about you from a number of sources. The main sources are from your application or communications you send us. It may also come from third parties. The AA will receive your personal information from us and Bank of Ireland UK, as well as from other sources in connection with its relationship with you. The AA may share this information with other members of the AA Group.

How your information is used

To provide you with a high quality service, we will use your information to:

  • identify you;
  • administer and maintain records of your account and membership;
  • answer your queries;
  • analyse data; and,
  • update our systems to make sure you get the best possible service.

We may also:

  • record or monitor telephone conversations for your, or our, protection and training purposes; and,
  • monitor our customer service and provide staff training (we may also disclose information to third party agencies who may carry out this monitoring and training on our behalf).

AA Financial Services Limited (and other members of the AA group) will use your information in accordance with the AA privacy policy which can be found online at or by writing to the Data Protection Officer at The AA, Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA for a copy. This policy explains in greater detail how the AA Group uses and shares personal information. This includes using your information:

  • to provide, develop and improve its (or their) products and services
  • for analysis purposes and to better understand its (or their) customers
  • to send you follow-up communications

Bank of Ireland UK may process your personal information to conduct product analysis and development, including analytics reporting on customers who have opened the AA ISA, for regulatory reporting and to ensure its compliance with relevant regulatory and legal requirements.

Security of your information

To help keep your information secure we will:

  • endeavour to keep any information about you secure, up-to-date and accurate. To help with this, you must inform us if you change your personal details.
  • keep records about you and your account securely after our business relationship with you has ended. This is so that any queries from you or third parties can be dealt with.
  • not ask for, nor keep, unnecessary information about you.

The AA will keep records about you and your account for a limited time after their business relationship with you has ended. This is so they can deal with any queries from you or a third party and to comply with their legal and regulatory obligations and for other business purposes.

Who your information will be shared with

  • We will share your information with the AA and Bank of Ireland UK.
  • We may share information about you or your account with third parties if you have made a reasonable request or authorised us to pass them information.
  • We may also share information about you or your account with any third party if we reasonably believe that they are acting with your consent. If you have specific concerns about this, you should tell us.
  • We may share information about you with third party credit reference agencies to help us complete anti-money laundering checks.
  • We may share information about you with reputable third party organisations who will process your data on our behalf.
  • We may share information about you with legal, tax or regulatory authorities who ask us to provide it.

We will only share your information with companies who adhere to the data protection regulations.

The AA may, from time to time, share your information with Bank of Ireland UK and companies within the Bank of Ireland Group.

The AA (and members of the AA Group) may also use third parties to process your information and provide services on their behalf. In some cases, these third parties are based in countries outside the European Economic Area. Where they do this, they will take steps to put in place adequate procedures and safeguards to protect your data.

Bank of Ireland UK may share your personal information:

  • With other companies in the Bank of Ireland Group, including in its reports.
  • With other third parties such as its/their vendors and service providers.
  • With the AA and the AA Group.

Processing of your personal information outside the EEA for Bank of Ireland UK

From time to time Bank of Ireland UK may disclose or transfer personal information about you to persons or companies who are based outside of the European Economic Area, so that they may process your personal information as their data processors. It will take steps to ensure that such persons or companies agree to give your personal information at least the same level of protection as it is required to give it in the UK and act solely on its instructions.

Who will send you marketing information

We will not use your information for the purposes of marketing our products or services.

By submitting an application for an AA ISA, you consent to AA Financial Services Limited and the AA Group using your personal information for administration and (unless you have previously told the AA Group you do not want to receive this information) keeping you informed by post, telephone, email and SMS of other products and services from the AA Group and its partners. The AA Group privacy policy (see “How your information is used” above) explains how you can opt-out of receiving these communications if you so wish.

Please note that opting out of marketing may limit the information, products and services that can be offered to you.

Your rights

You have certain rights in relation to the information that we hold about you. The most important of these rights are set out as follows:

  • you have the right to request (in writing) a copy of the personal information that is held on you and the reason for which it is held. You will be provided with this information within 40 days. This is normally provided as a photocopy or computer printout. We may charge you for this information. This charge can be no more than £10.
  • contact us (in writing) if you believe that the way we use your information might cause you damage or distress. If so, we will stop using the information for this particular purpose.
  • sometimes we use automated software to process information about you or to make decisions which affect our relationship with you. If you are not happy with this please contact us in writing. You have the right to be informed when this kind of automated decision takes place.

You also have a legal right (subject to certain exemptions) to receive a copy of the personal information about you which is held by Bank of Ireland (UK) plc and/or the AA.

To request access to your personal information held by Bank of Ireland UK, write to Customer Services at 1 Donegall Square South, Belfast, BT1 5LR. A small statutory fee will be payable and this can be charged under the Act.

The AA privacy policy (see “How your information is used” above) contains information about how you can access the personal information held about you by the AA and the AA Group.

For more information regarding data protection and your rights, you should refer to the Information Commissioner’s Office website or call their helpline on 0303 123 1113 (call charges may apply – if you need further information you should contact your phone provider).