We have been asked to assist your business in obtaining finance. This process will involve the processing of your personal data. This Data Protection Notice is intended to give you information on how this personal data (i.e., information which directly or indirectly identifies you) will be processed by any company to which we submit a finance application on behalf of your business. We have not yet identified the finance company or companies to which such an application should be submitted. You will be given details in due course of their identity, but for present purposes we will refer to any such company in this notice as "the Company"
For the purposes of EU data protection laws, the Company will be a data controller.
Data That May Be Collected. The Company may collect certain personal data with respect to you, including, without limitation, your name, address, date of birth, contact details, credit reference data, financial & employment details, banking & credit card details, director or shareholder roles, income & details of your business. The Company may collect some of this data from third parties, for example credit reference agencies. Where your business is a corporate entity the Company may collect personal data about the directors & shareholders of the business from credit reference agencies where this data is held publicly, such as at Companies House.
Use of Personal Data. The Company will use your personal data for: provision of products & services, credit & AML risk assessment, profiling for marketing purposes, market research & product development, statistical analysis, marketing, fraud prevention & detection & otherwise as necessary to comply with applicable laws, regulations &/or codes of practice. The processing of personal data may be necessary for the performance of a contractual relationship, compliance with a legal obligation, or where it is in the legitimate interests of the Company or a member of any group of companies to which the Company belongs.
Disclosure to Certain Third Parties. The Company may disclose certain personal data: (i) within any group of companies to which the Company belongs; (ii) to the Company's brokers & dealers / suppliers, professional advisors & service providers (including, information technology systems providers); (iii) to courts, governmental & non-governmental regulators & ombudsmen; (iv) to fraud prevention agencies & law enforcement agencies; (v) to any third party that acquires, or is interested in acquiring, all or part of the Company's assets or shares, or that succeeds the Company in carrying on all or a part of its business, whether by merger, acquisition, reorganization or otherwise; & (vi) as otherwise required or permitted by law.
In particular, the Company may share the personal data it collects with fraud prevention agencies who will use it to prevent fraud & money-laundering & to verify your identity. If fraud is detected you could be refused certain services, finance or employment. Further details of how your information will be used by us & these fraud prevention agencies, & your data protection rights can be found at www.landmarkltd.co.uk/gdpr .
In order to process your application for finance, your personal data will be shared with credit reference agencies (CRAs). The Company will send information about your applications to CRAs & they will record this, even if your business' application does not proceed or is unsuccessful. This will include information from your credit application & about your financial situation & financial history. CRAs can give the Company both public information (e.g. electoral register) & shared credit, financial situation & financial history information & fraud prevention information
The Company may use the data received to:
• Assess your creditworthiness
• Verify the accuracy of the data you have provided
• Prevent criminal activity, fraud & money laundering
• Manage your account(s)
• Trace & recover debts
• Ensure any offers provided to you are appropriate to your circumstances.
The Company may continue to exchange information about you with CRAs while you have a relationship with them, & may also inform the CRAs about your settled accounts. If you borrow & do not repay in full & on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from the Company they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application, or tell the Company that you have a spouse or financial associate, the Company may link your records together, so you should make sure you discuss this with them, & share with them this information, before lodging theapplication. CRAs will also link your records together & these links will remain on your & their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use & share personal information, data retention periods & your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – using any of these three addresses will take you to the same CRAIN document:
Transfer of Personal Data Outside the European Economic Area (EEA). The Company may transfer your personal data to recipients (including affiliates) located in countries outside of the EEA, which may not have data privacy laws equivalent to those in the EEA. In such a case, the Company is under a duty to take all necessary steps to ensure the safety of your personal data in accordance with applicable data protection laws.
Your rights. Under applicable EU data privacy laws, you may have a right to: (i) request access to & rectification or erasure of your personal data; (ii) obtain restriction of processing or to object to processing of your personal data; & (iii) data portability (i.e. to request the transfer of personal data from one data controller to another in certain circumstances). If you wish to exercise any of these rights you should contact the Data Privacy Officer(s) whose details will be given to you at the same time as you are informed about the identity of the Company. You also have the right to lodge a complaint about the processing of your personal data with your local data protection authority.
The Company may rely on automated credit assessment based on the personal data which we provide to it & data which it obtain from a credit reference agency or similar sources about your credit profile or history. The outcome of this process can result in an automated decline of your application where it does not meet the Company's acceptance criteria. The Company has a duty to review these acceptance criteria regularly to ensure fairness in the decisions made, & you have a right to ask it to manually review any decision taken in this manner.
Security. The Company is under a duty to take steps to protect your personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.
Retention. When you are informed of the identity of the Company, you will also be informed of the policy it adopts regarding the retention of your personal data.
Enquiries, Requests or Concerns. All enquiries, requests or concerns regarding this Notice or relating to the processing of Personal Data, should be sent FAO Data Privacy Officer using the following contact details.
or to the Data Privacy Officer(s) whose details will be given to you at the same time as you are informed about the identity of the Company.