The following has been drafted to cover and post GDRP processing requirements.
Buckingham Leasing Limited is committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it. By visiting our websites, you are accepting and consenting to the practices described in this policy.
For the purpose of the European Data Protection Regulations (‘GDRP’) and the Data Protection Act 2018 (the Act) .
This Privacy Statement explains how we process your information and your rights under both DPA and GDPR.
Information we may collect from you
We may collect and process the following data about you:
Information you give us: Personal information for example, your name, address, date of birth, home ownership, length of time at your address, email and phone numbers to allow us to check your identity.
Information we collect about you: We will need to assess your credit worthiness by collecting information regarding credit risk and affordability. We do this by asking you to be open and honest about your current financial position, for example, outgoings, employment details, details of any criminal prosecutions and details of bankruptcy or any County Court Judgements or other adverse credit you may have. We will also promise to provide you with accurate upfront costs and fees so that you can decide if these are affordable. We will also assess your credit history by using a credit reference agency or fraud prevention agencies with your permission.
Information we receive from other sources: As a broker we work towards finding the best finance from a range of lenders for you, normally banks. It may be necessary to ask for references or a guarantor based on the assessment of your credit risk to meet the terms and conditions of the lender. We may also collect information from your supplier, or other people you are linked to financially. In this situation we would use your your contact details; details of your contractual arrangements with Your Supplier (including payment terms); copies of purchase orders between you and Your Supplier along with documents which evidence proof of delivery and/or provision of services; copies of invoices sent to you by Your Supplier; copies of credit notes issued to you by Your Supplier; and the amount of monies owing by you to Your Supplier. We only do this to meet our legal obligations.
Uses made of the information
We use information held about you in the following ways:
Information you give us. How we use your personal information will depend on: our relationship with you; on the products and services we provide to you (or to any company or limited liability partnership (each, a ‘Connected Company’) of which you are a corporate officer, owner, member or partner or in connection with which you have agreed to act as security, guarantor or warrantor (each, a ‘Key Individual’); or where you (or a Connected Company) are a customer of one of our clients to whom we’ve made funding available (Your Supplier), on the products and services we make available to Your Supplier. Information will then be used to produce a fact find and summary of the credit proposal and submitted to the most appropriate lender.
Information we Collect about you: We will use this information for funding decisions, for fraud prevention and anti-money laundering and to meet our own legal obligations.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending upon the types of information we receive.
Disclosure of your information
We may share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with (them or) you, including without limitation any data processor we engage.
Analytics and search engine providers that assist us in the improvement and optimisation of our site
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Where we store your personal data
All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability or these policies. Please check these policies before you submit any personal data to these websites.
Your rights under Data Protection Law
We operate under the Data Protection Act 2018 (‘DPA’) and the European General Data Protection Regulation (‘GDPR’).
The DPA and GDPR apply to ‘personal data’ we process, and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
a) Processed lawfully, fairly and in a transparent manner;
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) Accurate and where necessary kept up to date;
e) Kept no longer than is necessary for the purposes for which the personal data are processed.
We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so.
f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We ensure lawful processing of personal data by obtaining content; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.
In the majority of cases we process personal data based on your contact with us. In other cases, we process personal data only where there are legitimate grounds for doing so.
To meet our Data Protection obligations, we have established comprehensive and proportionate governance measures.
We ensure data protection compliance across the organisation through:
a) Implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and review of internal policies
b) Maintaining relevant documentation on processing activities
c) Implementing measures that meet the principles of data protection by design and data protection by default including data minimisation, pseudonymisation, transparency, deploying the most up-to-date data security protocols and using data protection impact assessments across our organisation and in any third party arrangements.
Under the GDRP You have the following rights in respect of the personal data we process:
1. The right to be informed about how we use data. The privacy statement explains who we are; the purposes for which we process personal data and our legitimate interests in doing so; the categories of data we process; third party disclosures; and details of transfers of personal data outside the UK.
2. The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt.
3. The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
4. The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no legitimate reason for continuing to process the data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the process.
5. The right to restrict processing, for example while we are reviewing the accuracy or completeness of data or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.
6. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their purposes across different services.
7. The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is necessary for the performance of a public interest task.
8. Rights in relation to automated decision making and profiling.
Please contact our compliance officer at email@example.com for more information about the GDRP and your rights under Data Protection law.
If you have a complaint about Data Protection at Buckingham Leasing Limited our compliance Officer At firstname.lastname@example.org.
Alternatively contact our supervisory authority for data protection compliance (www.ico.org.uk)
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Cookies are pieces of information that a website transfers to your computer’s hard disk for record-keeping purposes. Cookies can make the internet more useful by storing information about your preferences on a particular site, such as your personal preference pages.
Buckingham Leasing Limited cookies do not identify you personally.
Last updated 16.05.2018