Scope of this Privacy Notice
This Privacy Notice covers how we handle your data from this website and within our organisation. It does not include any website you have used to access this website or any website that you access from this website
Under GDPR, we act as a data controller (make decisions) for your personal data that we collect and a data processor (process your data) or data controller for any of your data shared with us by a third-party.
Data Controller Contact Details
If you have any questions about this Privacy Notice or any other data protection queries, our Data Controller can be contacted at firstname.lastname@example.org.
We would always welcome the opportunity to rectify any complaints that you have about your data and privacy held with us and can be contacted as shown in the ‘Data Controller Contact Details’ section above. If you would like to make a complaint to the ICO, their contact details are:
By phone – 0303 123 1113
Online – https://ico.org.uk/concerns
This Privacy Notice applies to data that you have either supplied to us, we have collected or acquired from reputable and compliant sources.
Data that you supply to us
- This is personal information about you that you share with us through filling in online or offline forms, by email, through the post, on the telephone or by any other means. Verbal personal information that you give us consent to use, will have such consent confirmed back to you in writing. Most often, your personal information will include your full name, home and/or business address and/or delivery address, personal and/or business email address and telephone and/or mobile phone number. Where payment is made, additional personal information may include your credit card details, your bank details and information needed to supply the purchased services or items. If you apply for a role with our organisation, other personal data shared is likely to include your employment history, proof of identity, qualification checks, health information etc..
- Where you are sharing personal information that does not directly relate to you (e.g. your representatives that legally act on your behalf), you must ensure you have the consent to do so and have shared this Privacy Notice with that person/those people.
Data that we collect
- Telephone conversations may be recorded to improve training and to ensure a high level of consistent customer service.
- We generate data to understand customer and market trends.
- Website Usage Information – to better understand and continuously improve our service levels, our website uses Google Analytics to gather statistical information like how many people visits our website, how long they stay on our web pages. This information may include IP addresses used but, does not include any other personal data.
- Data may be acquired from reputable third-parties who will be contracted to provide GDPR compliant data only.
Information we receive from third-parties
- Business Partners – where we have formal relationships with business partners who may introduce new customers or sales opportunities to us, data would include personal contact details, information on the areas of interest and data required to fulfil a request, product or service
References – membership accounts or employment opportunities with us may result in us taking out references from third-parties. This may be from compliant third-parties or from contacts that you introduce to us for this purpose.
- Social Media – where you have responded to a promotional item or offer from us through social media facilities, we can receive profile information about you which can include your name, address, telephone number(s) and/or your business contact details. This information would be used to respond to your interest, to fulfil a request/order from you and/or to send you future information and offers, where you have given clear consent to do so.
- Publicly Available Information – we may obtain personal information about you from publicly available sources. This can include your name, address and other publicly available information. As far as passible, we ensure that where any third-parties are involved in suppling such information, that they are compliant to do so.
- Other – from time to time, we may receive personal information from other sources. We will always endeavour to ensure such information is provided from reputable sources, who are compliant to do so.
How we use your data
We collect data to help operate our business and deliver our products and services to you. Where you have completed a form with the appropriate consent or given us consent in another way, we will send you relevant information in line with the consent you gave us. This can include email, telephone and/or other communication methods. We may also contact you with survey completion requests, designed to improve our service levels to you. You do not have to respond to such surveys and we will always give you the option to opt out of unsubscribe from any of these communications.
Third-Parties Who Form Part of Our Contracted Delivery Process
We may engage a reputable third-party to help us deliver the product or service we have contracted with you. E.G. A third-party delivery company may be used. They will receive the minimal data about you to complete their part of the delivery process and we contract with them that your data should not be used for any other reason.
Third-Parties may also be contracted to:
- Improve data safety and security levels
- As part of business development function
- Statistically analysis exercises
We will share personal information with the relevant agencies and without notice, where we are requested to or suspect fraudulent activities, money laundering, terrorist related activities or where there is another legal requirement to do so.
We will keep and use your data in terms of any legal or regulatory requirements that we have and can use your data to protect our legal position, if legal action is required, including the recovery of any outstanding debts.
Our Standard Business Operations
- To provide the products, services and any other responsibilities that we contract to do so with you
- To provide you with information that you request from us
- To confirm your identity as a natural living person
- As part of our billing, payments and recovery processes
Children Under Sixteen
Our products and services are not intended to be used by children under 16 years old. We will never knowingly collect data from or on children below 16 years old. If you become aware of such a child (or another person) supplying data on that child to us, please contact using the details shown in the ‘Contact us’ section at the end of this Privacy Notice.
Your data will be used for any legal or general statistical analysis. This usually will not include your specific data, although it will include you in number form (E.G. 121 people gave positive feedback). The statistical data used within our business helps us to judge performance and to make improvements to how we operate.
Any data about you that can be considered as sensitive (E.G. your politics, beliefs. medical information etc) will not be processed by us without your consent or as a legal requirement.
Storage of Personal Data
The data you provide to us will be either securely stored and backed up within the EEA/EU or with a complaint Non-EEA/EU based supplier. Data may also be processed by employees who work for such suppliers.
We will take all reasonable actions to ensure any data processed outside of the EEA/EU protects your privacy rights and handles such data in a secure way. As part of you sharing your data with us, you are agreeing to such data being handled and cared for in this way.
Selling, Hiring or Transferring Your Data
We do not sell or hire your data or customer lists to any third-party. We may engage a reputable and trusted third-party to contact you on our behalf, with areas that you have given us consent, it is part of our contractual agreement, is a legal requirement or there is clear Legitimate Interest between us. These services may include sending you email, calling you by telephone, information through the post, customer service related communication, arranging deliveries etc. These third-parties will only receive and be authorised to use the minimal data required and contracted to not use your data for any other reason than that contracted for.
We may share your or disclose your data in the following circumstances:
- If we buy, sell or merge any business or assets of that business and are required to share data as part of the buying, selling or merger agreement
- If our website is acquired by a third-party, where data is transferred as part of the purchased assets
Once your data reaches us, we will use our strict data processes and security procedures to protect it. For any data transmitted to us and our website by you, before it reaches us, is at your own risk.
Timescales That We Keep Your Data For
The timescale for this will vary depending on the requirement. The criteria for this includes:
- The reason we are using your data. We will keep the minimum amount of data required for that reason and for the timescale that that reason requires (E.G. Membership periods, updates and event information under legitimate interest)
- Legal requirements and where a minimum timescale is set (E.G. Her Majesty’s Revenue and Customs (HMRC))
We will keep your data for the term you have consented to, the contracted term between us or where there is a legitimate interest for us to remain in contact with you in for up to 3 years in case of any queries that you may have for legally required reasons (E.G. HMRC), whichever is the longest period.
Your Data Protection & Privacy Rights
There are various rights that you have as a UK natural living person (individual) under the GDPR. Below are the abbreviated ICO definitions and include:
- The right to be informed – Individuals have the right to be informed about the collection and use of their personal data
- The right of access – Individuals have the right to access their personal data and supplementary information
- The right to rectification – Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure – The right for individuals to have personal data erased. This is also known as ‘the right to be forgotten. Please note this right is not absolute and only applies in certain circumstances
- The right to restrict processing – The right to request the restriction or suppression of their personal data. Please note this is not an absolute right and only applies in certain circumstances
- The right to data portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics
The full ICO rights under GDPR can be seen at the Internet link below or calling them on 0303 123 1113:
You can exercise your rights by contacting us using the details set out in the “Contact us” section below.
A Cookie is a small text file that is added to your device’s hard drive by a web server within our domain. Cookies cannot be used to run software programs or add a virus to your device. They are unique to you and avoid you having to input the same information and preferences each time you visit our web site(s).
We are registered in the UK and our registered address is at Churchill House, 86 Gladbeck Way, Enfield, EN2 7EL and our company registration number is 04040985.
Registered and authorised by the Financial Conduct Authority (FCA) No: 719430
Members of the Finance Leasing Association