Your personal information and what we do with it
The meaning of some terms we use in this Privacy Notice
Process orprocessing includes everything we do with your personal information from its collection, through to its destruction or deletion when we no longer need it. This includes, for instance, collecting it (from you), obtaining it (from other organisations), using, sharing, retaining, deleting and destroying it, and transferring it overseas.
Legitimate interests is mentioned in this Privacy Notice because data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights and freedoms. Those laws call this the “legitimate interests” legal ground for personal data processing.
Sceptre Finance Limited is a Data Controller and Processor within the Data Protection Act 1998. Registration No. Z6506759. Our Registered Office is Cumberland House, 24-28 Baxter Avenue, Southend-on-Sea, Essex SS2 6HZ. Company No. 4247886. Sceptre Finance Limited is a broker and not a lender. Authorised and regulated by the Financial Conduct Authority FRN673142. We can introduce you to a limited number of carefully selected finance providers and may receive a commission from them for the introduction. Sceptre Taxi Finance, Sceptre Taxi Sales, sceptretaxifinance, The Cab Detective and thecabdetective.co.uk are also trading styles of Sceptre Finance Limited.
Sceptre Finance Limited is a data controller of your personal information. This means information that is about you or from which we can identify you. This Privacy Notice describes how we deal with your personal information. We are the data controller of this information under relevant data protection laws because in the context of our business relationship with you, we decide how and why it is processed in the ways described in the Privacy Notice. When we use terms such as we, us and our in this notice we mean Sceptre Finance Limited.
We can be contacted at any time, including if you have queries about this Privacy Notice or wish to exercise any of the rights mentioned in it. You can do this in the following ways:
In writing: Office 3, First Floor, 251 Church Road, Benfleet, Essex, SS7 4QP
Telephone: 01268 799541
This Privacy Notice may be updated from time to time. You can check our website for the latest version.
What kinds of information about you do we process?
Personal information about you that we process in connection with raising personal finance for you includes:
· Your title, full name, contact details, including for instance your email address and contact telephone numbers
· Your home address, correspondence address (if different) and personal address history
· Your date of birth and/or age, nationality and country of tax residence
· National identifiers (e.g. Passport number, National Insurance number) to identify you
· Your financial details, e.g. your salary and other earnings, details of other income, details of your savings, your income and expenditure
· Information about your employment status including whether you are employed, self-employed, retired or receive benefits
· Details of your existing borrowings and loans
· Information about your occupier status, such as whether you are a tenant, live with your parents or are an owner occupier of the property in which you live
· Information which is relevant for your residency, your length of residency in the UK and/or whether you have the permanent right to reside in the UK
· Your personal circumstances if relevant to your credit application (e.g. the number of dependents you have)
· Records of how you have contacted us
Joint applicants and Guarantors
If you make a joint applicant with your spouse, partner or family member, we will also collect the personal information mentioned above about that person. You must show this Privacy Notice to the other applicant and ensure they confirm that they know you will share it with us for the purposes described in it. If you look now at the section below headed “What are the legal grounds?” you will see reference to consent and a description of some limited scenarios where it may be relevant to what we do with personal information.
If you apply for credit with a guarantor, that person will see this Privacy Notice when he/she submits his/her own personal information to us because he/she must necessarily sign the application form.
What is the source of your personal information?
We will generally collect your personal information from you directly.
In addition, we obtain your personal information from other sources such as your employer, landlord, other lenders, HMRC, DWP, publicly available directories and information, debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime and police and law enforcement agencies.
What are the legal grounds for our processing of your personal information (Including when we share it with others)?
Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing more than one legal ground may be relevant (except where we rely on a ‘consent’). Here are the legal grounds that are relevant to us:
1) Processing necessary to perform our contract with you or for taking steps prior to entering into it:
a) Sharing your personal information with credit providers to enable us to find suitable credit for you.
2) Where we consider that, on balance, it is appropriate for us do so, processing necessary for the following legitimate interests which apply to us and in some cases other organisations (which we list below) are:
a) To test the performance of our systems and internal processes;
b) To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Financial Services Ombudsman and the Information Commissioner’s Office;
c) For management and audit of our business operations including accounting;
d) To carry out monitoring and to keep records (see below);
e) To administer our good governance requirements, such as internal reporting and compliance obligations or administration;
f) When we share your personal information with these other people or organisations;
· Your guarantor (if you have one);
· Joint account applicants, and any person with power of attorney over your affairs (in each case only if relevant to you);
· Our legal and other professional advisers, auditors and actuaries;
· Financial institutions and trade associations;
· Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Financial Services Ombudsman and the Information Commissioner’s Office;
· Other organisations and businesses which provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions; and
· Buyers and their professional representatives as part of any restructuring, merger or sale of our business or assets; and
3) Processing necessary to comply with our legal obligations:
a) For compliance with laws that apply to us;
b) For establishment, defence and enforcement of our legal rights;
c) For activities relating to the prevention, detection and investigation of crime;
d) To carry out identity checks and anti-money laundering checks;
e) To carry out monitoring and to keep records (see below);
f) To deal with requests from you to exercise your rights under data protection laws;
g) To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud); and
h) When we share your personal information with these other people or organisations:
· Your guarantor (if you have one); Joint account applicants and the person with power of attorney over your affairs;
· Law enforcement agencies and governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Financial Services Ombudsman and the Information Commissioner’s Office; and
· Courts and other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
4) Processing with your consent:
a) When you request that we share your personal information with someone else and consent to that;
5) Processing for a substantial public interest under laws that apply to us where this helps us to meet our broader social obligations such as:
a) Processing that we need to do to fulfil our legal obligations and regulatory requirements.
b) When we share your personal information with other people and organisations, for example if they need to know that you are a vulnerable customer.
How and when can you withdraw your consent?
Much of what we do with your personal information is not based on your consent; instead it is based on other legal grounds. For processing that is based on your consent, you have the right to take back that consent for future processing at any time. You can do this by contacting us using the details above.
Is your personal information transferred outside the UK or the EEA?
We are based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area. If it is processed within Europe or other parts of the European Economic Area (EEA) then it is protected by European data protection standards. Some countries outside the EEA do have adequate protection for personal information under laws that apply to us. We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA which do not have adequate protection under laws that apply to us. Your personal information may be transferred to recipients in countries outside the EEA on the basis of an adequacy decision by the European Commission, for example in the case of Canada.
Safeguards include contractual obligations imposed on the recipients of your personal information. Those obligations require the recipient to protect your personal information to the standard required in the European Economic Area. Safeguards also include requiring the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information.
Do you have to provide your personal information to us?
We are unable to source accurately the correct credit facility for you or to process your application without having personal information about you.
In cases where providing some personal information is optional, we will make this clear. For instance, we will say in application forms if alternative (such as work) telephone number contact details can be left blank.
Do we do any monitoring involving processing of your personal information?
In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, social media messages, in person face to face meetings and other communications.
We may monitor where permitted by law and we will do this where the law requires it. In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone lines or in person meetings (as relevant) we will do so.
Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you and for quality control and staff training purposes.
Some of our monitoring may check for obscene or profane content in communications.
We may take and retain notes of telephone calls and/or in person meetings between us and you in connection with your application to make sure that we have a record of what has been discussed and what your instructions are.
For how long is your personal information retained by us?
Unless we explain otherwise to you, we will hold your personal information for the following periods:
Retention in case of queries. We will retain the personal information that we need to keep in case of queries from you (for instance, if you apply unsuccessfully for a credit facility) for 12 months unless we have to keep it for a longer period (see directly below);
Retention in case of claims. We will retain the personal information that we need to keep for the period in which you might legally bring claims against us which in practice means 7 years unless we have to keep it for a longer period (see directly below); and
Retention in accordance with legal and regulatory requirements. We will retain the personal information that we need to keep even after the relevant contract you have with us has come to an end for 7 years and this will be to satisfy our legal and regulatory requirements.
If you would like further information about our data retention practices, please contact us.
What are your rights under Data Protection law (*effective from 25 May 2018)?
Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them we will explain at that time if they are engaged or not. The right of data portability is only relevant from 25 May 2018.
· The right to be informed* – we have to be transparent with you about the processing that we do with your personal information. This is why we have a Privacy Notice. The information that you supply is determined by whether or not we collected your personal information directly from you or indirectly via someone else. Your right to be informed may be relevant if you consider it necessary to ask for more information about what we do with your personal information.
· The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed in certain circumstances. If we have disclosed the personal information in question to other organisations, we must inform them of the rectification where possible. Your rights in relation to rectification may be relevant if you consider that we are processing inaccurate or incomplete information about you.
· The right to object to processing of your personal information where it is based on legitimate interests, where it is processed for direct marketing (including profiling relevant to direct marketing) or where it is processed for the purposes of statistics. Your rights to object may be relevant if you wish to find out more about what legitimate interests we rely on (they are listed in our Privacy Notice) or about what profiling we do in relation to our direct marketing communications and activities (as mentioned in our Privacy Notice) for instance.
· The right to restrict processing* of your personal information, for instance where you contest it as being inaccurate (until the accuracy is verified); where you have objected to the processing (where it was necessary for legitimate interests) and we are considering whether our organisation’s legitimate interests override your own; where you consider that the processing is unlawful (and where this is the case) and where you oppose erasure and request restriction instead; or where we no longer need the personal information for the purposes of the processing for which we were holding it but where you require us to continue to hold it for the establishment, exercise or defence of legal claims.
· The right to have your personal information erased* (also known as the “right to be forgotten”). This enables an individual to request the deletion or removal of personal information where there is no compelling reason for its continued processing. This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. It may be relevant where the personal information is no longer necessary in relation to the purpose for which it was originally collected/processed; if the processing is based on consent which you then withdraw; when you object to the processing and there is no overriding legitimate interest for continuing it; if the personal information is unlawfully processed; or if the personal information has to be erased to comply with a legal obligation. Requests for erasure may be refused in some circumstances such as where the personal information has to be retained to comply with a legal obligation or to exercise or defend legal claims
· The right to request access to the personal information held about you, to obtain confirmation that it is being processed and to obtain certain prescribed information about how we process it. This may assist if you wish to find out what personal information we do have about you in order to then determine if you can exercise other rights (those mentioned above and below).
· The right to data portability*. This allows individuals to obtain and reuse their personal information for their own purposes across different services; to move, copy or transfer their personal information easily from one environment to another in a safe and secure way without hindrance to usability. This right can only be relevant where personal information is being processed based on a consent or for performance of a contract and is carried out by automated means. This right is different from the right of access (see above) and that the types of information you can obtain under the two separate rights may be different. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access.
· Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you*. This right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention. This right is different from the more general right to object to profiling (see above) because that other right is not tied to a scenario where there is a legal effect on you or where the processing otherwise significant affects you. Data protection laws prohibit this particular type of automated decision making except where it is necessary for entering into or performing a contract; is authorised by law; or where you have explicitly consented to it. In those cases, you have the right to obtain human intervention and an explanation of the decision and you may be able to challenge that decision.
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk.