1.1 Kerrion together with any group companies (“we” “us” “our”) are committed to protecting and respecting your privacy. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and national laws which relate to the processing of personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
VISITORS TO OUR WEBSITE
2.1 We may collect and process personal data about you in the following circumstances:
2.1.1 when you complete forms on our website (“Site”). This includes your name, email address and telephone which is provided where you ask us to contact you about our products or loans, subscribe to our mailing list, or subscribe/request our products or loans;
2.1.2 whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
2.1.3 whenever you disclose your information to us, or we collect information from you in any other way, through our Site.
2.2 We may use your personal data for our legitimate interests in order to:
2.2.1 provide you with information, or facilities that you requested from us;
2.2.2 allow you to participate in interactive features of our Site, when you choose to do so;
2.2.3 ensure that content from our Site is presented in the most effective manner for you and for your device;
2.2.4 improve our Site and services;
2.2.5 process and deal with any complaints or enquiries made by you; and
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. When you leave our Site, we encourage you to read the privacy notice/policy of every website you visit.
3.1 We will collect details such as your name, address, marital status, previous names, date of birth, nationality, national insurance number, address and previous addresses, period of occupancy at current and previous residences, details of who you live with, contact telephone numbers, email address, employment status, length of employment, employer’s contact details, income details, legal representative details, bank details, credit information, the assets you have/have access to when you apply for products or loans from us, or agree to guarantee any applicant’s obligations, either via our Site or by completing an application form. We will use this information to assess your/your business’ suitably for our products and comply with our contractual obligations.
3.3 In order to perform our contract with you, we may also need to share personal data with third parties such as payment providers, postal service organisations, government organisations and credit reference agencies to assess your suitability for our products, prevent fraud and validate any security you/your business has offered.
3.4 We may also advertise your feedback on our website and marketing materials (subject to obtaining your prior consent where necessary);
3.5 We will retain your information as long as we require this to provide you with our services and for a period of up to 7 years afterwards.
4.1 We will collect details such as your representative’s name and contact details, in order to contact you about goods or services ordered with you, to place further orders and to pay you for the goods and/or services supplied. We will keep the personal data for up to 7 years further to being provided with the goods/services.
IF YOU FAIL TO PROVIDE PERSONAL DATA
5.1 Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel any application you have with us but we will notify you if this is the case at the time.
MONITORING AND RECORDING
6.1 We may monitor and record communications with you (such as emails) for the purpose of quality assurance, training, fraud prevention and compliance. We also have CCTV cameras installed in our premises for the purpose of crime prevention and for health and safety reasons. We usually retain CCTV footage for 31 days from the time the images are recorded. We do not monitor telephone or email communications with you, but emails are retained.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
7.1 We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:
7.1.1 for performance of a contract we enter into with you or, at your request, to take steps prior to entering into a contract with you;
7.1.2 where necessary for compliance with a legal or regulatory obligation we are subject to; and
7.1.3 for our legitimate interests (as described within this policy) and your interests and fundamental rights do not override these interests.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
8.1 In addition to the third parties mentioned above, we may disclose your information to third parties for our following legitimate interests as follows:
8.1.1 to staff members in order to facilitate the provision of our products to you;
8.1.2 to our affiliated entities to support internal administration;
8.1.3 IT software providers that host our website and store data on our behalf;
8.1.4 professional advisers including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance and accounting services;
8.1.5 credit reference agencies, to obtain information in relation to your financial standing;
8.1.6 HM Revenue and Customs, regulators and other authorities who require reporting of processing activities in certain circumstances; and
8.2 We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.3 We will not sell or distribute personal data to other organisations without your approval.
CROSS-BORDER DATA TRANSFERS
9.1 We will not transfer your personal data outside the European Economic Area.
10.1 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
10.2 Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
ACCESS TO, UPDATING, DELETING AND RESTRICTING USE OF PERSONAL DATA
11.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
11.2 Data protection legislation gives you the right to object to the processing of your personal data in certain circumstances. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email to email@example.com. In certain circumstances we reserve the right to charge a reasonable fee to comply with your request.
11.3 You can also ask us to undertake the following:
11.3.1 update or amend your personal data if you feel this is inaccurate;
11.3.2 remove your personal data from our database entirely;
11.3.3 send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract; or
11.3.4 restrict the use of your personal data.
11.4 We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
11.5 Please send any requests relating to the above to firstname.lastname@example.org. specifying your name and the action you would like us to undertake.
13.1 If you have any questions, comments or requests regarding this policy or how we use your personal data please contact email@example.com This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you raise at https://ico.org.uk/global/contact-us/
Last updated: November 2018.