Data controller: Simon Manley
Tel: 0116 254 1853
The Company collects and processes personal data relating to its clients to manage the initial and ongoing relationship. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The Company collects and processes a range of information about you. This includes but is not limited to
- your name, address and contact details, including email address and telephone number, date of birth and gender;
- the terms and conditions of your relationship with us;
- details of your trading history with ourselves
- information about your contractual obligations and payments
- details of your bank account and national insurance number;
- information about your marital status, next of kin, dependants;
- information about your nationality
- information about your criminal record;
- details of your credit risk profile
- for certain applications, information about medical or health conditions
The Company may collect this information in a variety of ways. For example, data might be collected through know your client documentation and application forms, obtained from your passport or other identity documents such as your driving licence; from correspondence with you; or through interviews, meetings or other assessments, companies house and HMRC.
The Company may seek information from third parties such as your existing pension credit ratings both business and possibly private; however we will obtain your consent before doing so.
Data will be stored in a range of different places, including in your client file, in the Company's operations management systems and in other IT systems (including the organisation's email and back office system).
Why does the Company process personal data?
The Company needs to process data to enter into a service contract with you and to meet its obligations under that contract. For example, it needs to process your data to provide you with a quotation or estimate and to administer the application process with any third party finance lender
In some cases, the Company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check your identity and address to ensure Anti Money Laundering and Financial Sanctions obligations have been met.
In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the relationship. Processing client data allows the organisation to
- ensure compliance and regulatory obligations are being met
- maintain accurate and up-to-date records and contact details
- ensure effective business administration;
- provide information on request to product providers in the course of your application and ongoing relationship;
We may process your data, especially your email address, to contact you for marketing purposes. For example if we are holding an event we think may interest you. We will obtain your consent to contact you for marketing at the beginning of our relationship via our customer service notice and contract
You will be able to withdraw your consent at any time throughout the relationship by contacting the data controller.
Who has access to data?
Your information may be shared internally, with staff if access to the data is necessary for performance of their roles.
The Company shares your data with third parties in order to process applications as part of a service to which you have consented. The Company may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Company will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
The Company takes the security of your data seriously. The Company has the following policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
- Data Security Risk Assessment Policy
- Data Breach Plan
Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The Company will hold your personal data depending on the type of contract or contact you have have with the Company and is subject to strict regulatory retention periods as may be set out by the the Data Protection Acts
Data obtained which does not proceed to a contractual relationship will be retained for 1 year then will be archived.
Data obtained which proceeds to business dealings will be retained for 5 years unless with regard to a financial matters, in which case it will be retained indefinitely. After this time and if there is no ongoing service, the data will be archived.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (called a subject access request);
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Simon Manley on 0116 2541853
If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
In order for us to provide you with our service and make suitable recommendations to you we will need to obtain and retain your data. If you are unable to do this then we will not be able to provide suitable advice and therefore will not be able to enter into a client relationship with you. By accepting this notice you specically agree that we may retain control and process data of a personal nature with you.