This Privacy Notice sets out how we’ll use your personal data. Your personal data is data which by itself or with other data available to us can be used to identify you. We use your personal data in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR).
The types of personal data we collect and use
To assist you with your claim, we’ll use your personal data for the reasons set out below.
The sources of personal data collected indirectly are mentioned in this statement. The personal data we use may be about you may include:
- Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers);
- Date of birth and/or age (e.g. to make sure that you’re eligible to apply);
- Financial details (e.g. salary and details of other income, expenditure and details of accounts with other providers);
- Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources;
- Family, lifestyle or social circumstances (e.g. the number of dependants you have);
- Employment details/employment status for credit and fraud prevention purposes; and
- Personal data about other named applicants. You must have their authority to provide their personal data to us and share this Privacy Notice with them beforehand together with details of what you’ve agreed on their behalf.
Providing your personal data
You must provide your personal data so we can assist you with your claim (unless you’re a customer and we already hold your details).
Using your personal data: the legal basis and purposes
We’ll process your personal data:
- As necessary to perform our contract with you:
- To take steps at your request prior to entering into it;
- To manage and perform that contract;
- To update our records; and
- As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
- For good governance, accounting, and managing and auditing our business operations;
- To monitor emails, calls and other communications;
- To send you marketing communications
- As necessary to comply with a legal obligation, e.g.:
- When you exercise your rights under data protection law and make requests;
- For compliance with legal and regulatory requirements;
- For establishment and defence of legal rights; and
- For activities relating to the prevention, detection and investigation of crime;
- To verify your identity, make credit, fraud prevention and anti-money laundering checks;
- Based on your consent, e.g.:
- When you request us to disclose your personal data to other people;
- To send you marketing communications where we’ve asked for your consent to do so.
You’re free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
Sharing of your personal data
Subject to applicable data protection law we may share your personal data with:
- Product providers in relation to our seeking to source products that meet your needs;
- Companies and other persons providing services to us;
- Our legal and other professional advisors;
- Fraud prevention agencies;
- Government bodies and agencies in the UK and overseas (e.g. HMRC and with regulators e.g., the Financial Conduct Authority, the Information Commissioner’s Office);
- Courts, to comply with legal requirements, and for the administration of justice;
- In an emergency or to otherwise protect your vital interests;
- To protect the security or integrity of our business operations;
- To other parties connected with your Product application e.g. other people named on the application who will see your transactions;
- When we restructure or sell our business or its assets or have a merger or re-organisation; and
- Anyone else where we have your consent or as required by law.
Identity verification and fraud prevention checks
The personal data we’ve collected from you at application or at any stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment in future. We may also search and use our internal records for these purposes.
Criteria used to determine retention periods (whether or not you become a customer)
The following criteria are used to determine data retention periods for your personal data:
- Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful);
- Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We’ll retain your personal data based on our legal and regulatory requirements.
Your rights under applicable data protection law
Your rights are as follows:
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
If you have question, want to exercise your rights or make a complaint, please contact us.
You can also make a complaint to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 SAF, telephone 0303 123 1113, www.ico.org.uk