- Introduction
- The Group Companies
- What Kind of Personal Data Does My Pulse Collect and on Whom
- The Purposes for which we Use your Personal Data
- Disclosure of Your Information to Third Parties
- Marketing
- Overseas Transfers
- Your Legal Rights
- Complaints Policy
- Information Security and Encryption
- Policy Changes
- Glossary
- Cookie Policy
Introduction
In the course of our business, My Pulse (Mypulse.io Private Limited) needs to collect and
use certain personal data about living individuals, including past, present and prospective customers in order to run our business effectively and meet your customer requirements.
The General Data Protection Regulation and the UK’s Data Protection Act are important laws governing the processing, including the use or holding, of personal data. They also give you, the individual, certain rights and remedies in respect of that personal data.
My Pulse takes its responsibilities concerning the privacy, protection and security of the customers data rights extremely seriously. The purpose of this Privacy Policy (“Policy”) is to explain how the
personal data we and our affiliated companies collect from you, or that you provide to us, will be processed by us.
Terms under data protection law which are used in this Policy are defined in it or in the Glossary at the end of it.
My Pulse has appointed a Data Protection Manager at a senior level with specific responsibility for day today matters of data protection, who acts as our contact point with the Information Commissioner’s Office (“ICO”). Please contact our Data Protection Manager, Simon Willmett, with any questions or concerns you may have about our use of personal data.
Data Protection Manager Details
Postal address: Data Protection Manager, My Pulse, St Albans House, 57-59 Haymarket, St. James’s, London, SW1Y 4QX
Telephone number 0207 839 9442
Email address: [email protected]
Please read this Policy carefully to help you understand the approach we take to handling your personal data and the
rights you have as an individual.
All personal information given to us through this website will only be held and used in accordance with this Policy,the Privacy and Electronic Communications (E.C. Directive) Regulations 2003 (as amended), the General Data Protection Regulation (EU) 2016/679 or “GDPR” and before 25 May 2018 the Data Protection
Act 1998, together with replacement, amending or supplementary laws or regulations relating to the protection of personal data.
The Group Companies
My Pulse operates as part of a group of companies (“the Group”) within the UK and overseas
and this Policy provides privacy information about how the Group collectively uses personal data. The Group companies will use personal data for their own purposes and will also share personal data between them, in each case as data controllers. This Policy explains how Group companies based in the European Economic Area (“EEA”) use and share personal data, including with Group companies based outside the EEA.
What Kind of Data Does My Pulse Collect and on Whom?
We use different methods to collect personal data from and about you, including:
- Direct interactions. You may give us your information by filling in forms, on the
telephone, or by corresponding with us by post, fax, email or otherwise. This includes personal data you provide
when you:- ask us to send information to you;
- provide us (yourself or on behalf of an organisation) with goods or services or obtain products and
services from us; or - provide us feedback or contact us about our products or services.
- Third parties or publicly available sources. We may receive personal data about you from
various third parties and public sources as set out below:- Directors, shareholders and employees at any business or organisation you are associated with;
- Data brokers who are in the business of legally reselling or transferring personal data;
- Brokers and Insurers;
- Recruiters and recruitment agencies;
- Credit reference agencies (“CRA”) (see Credit Reference Checks section below);
- an Agency, for it and others searching its records to use to help make decisions about me/us, my
associated businesses or household’s members; - service providers (including insurers, for underwriting purposes (who may pass it to persons they deal
with and to users of their services and give My Pulse information and personal data from their own
sources)), to help them carry out their services; - Electronic identity verification services;
- The Land Registry;
- Publicly-accessible sources, including websites.
- any person giving (or potentially giving) a guarantee, indemnity or other commitment to My Pulse in
relation to this matter, to assess their obligations to My Pulse ; - bankers, financiers or other advisers acting on behalf of My Pulse , me/us or any organisation in relation
to this matter, so that they can carry out their services to such persons; - to assess my/our financial position or consider offering facilities in relation to this matter; and
- any person where My Pulse are allowed or required to do so by law.
- Group companies. Group companies who obtain data in direct interactions with you or from
third parties or publicly available sources may share your personal data with other members of the Group.
We may collect, use, store and transfer different kinds of personal data about you. The personal data we collect will depend on the relationship you have with My Pulse .
If you are:
An employee of My Pulse, someone working with us under a contract for services, or someone who applies for employment or work with us, we will provide you with specific privacy information and ask for your consent to use your personal data. We will also collect the following information on you:
- Identity Data including first name, last name, title, job title, role or similar
identifier, and gender, as well as proof of identity and your right to work in the UK. - Contact Data which may include your address, email address and telephone numbers.
- Financial Data to provide pay, benefits and conduct other financial transactions with you.
A business contact, including persons who supply us with goods (including hiring things to us) or services and any contacts at a company or other organisation which does so, and clients or prospective clients (including contacts at companies or other organisations) to whom we supply or may in future wish to supply our products and services, as well as the customers and debtors of our clients, we may collect the following types of data on you:
- Identity Data includes first name, last name, title, job title, role or similar
identifier, and gender. - Contact Data includes your work address, email address and telephone numbers.
- Financial Data if we supply or purchase goods and services to or from you as an individual
(including some sole traders and partnerships), we may record and retain details of those transactions.
A person associated with a customer or debtor of one of our clients, whose data may be relevant to the business you or your organisation does with our client, with contracts entered into, debts incurred or to be incurred or historic business transactions between you/your organisation and our client, and for preventing fraud and setting credit limits and availability, we may collect the following types of data on you:
- Identity Data includes first name, last name, title, job title, role or similar
identifier, and gender. - Contact Data includes your work address, email address and telephone numbers. Where you
are personally a party to a transaction with us or with our client, we may obtain your home address. - Financial Data if our client supplies or purchase goods and services to or from you as an
individual (including some sole traders and partnerships), or if you are involved in financial transactions with our client (e.g. as a guarantor) we may record and retain details of those transactions and may include bank statements, business accounts and any other financial documents provided by our client or you.
A person associated with a supplier or other creditor of one of our clients, whose data may be relevant to the business you or your organisation does with our client or their obligations to you or your organisation, with contracts entered into, debts incurred or to be incurred or historic business transactions between you/your organisation and our client, and for preventing fraud and making payments on behalf of our clients from any facility they may from time to time have with us:
- Identity Data includes first name, last name, title, job title, role or similar
identifier, and gender. - Contact Data includes your work address, email address and telephone numbers. Where you
are personally a party to a transaction with us or with our client, we may obtain your home address. - Financial Data if you are involved in financial transactions with our client (e.g. as a
guarantor) or its creditor, we may record and retain details of those transactions including bank statements or
any other financial documents provided by our client or you.
If you are a director, officer, shareholder or proposed personal guarantor in relation to a facility with one of our clients, then ahead of entering into a customer agreement with you or with our client, we will as a matter of course undertake anti money-laundering checks and may conduct credit reference checks with third-party agencies. These checks are a crucial and necessary step My Pulse must undertake before we are able to enter into a contract with your organisation.
When CRAs receive a search request from My Pulse they may:
- place a credit search “footprint” on the consumer credit file of the Directors, officers, beneficial owners or those who financially guarantee obligations of a client or prospective client following each credit application, whether or not that application proceeds. The footprint may be seen by other organisations when the client or prospective client applies for credit in the future;
- link together the previous and subsequent names advised by you of anyone that is a party to the account;
- place an enquiry or identification search on the record of any shareholder or beneficial owner and who My Pulse has checked; and
- create a record of the name and address of your business and its proprietors (if there is not one already).
We will give details of all financial commitments of a client or prospective client to us or which we become aware of during our enquiries, and how those commitments are managed, to the CRAs. If you borrow and do not repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding; other organisations may see these updates and this may affect your ability to obtain credit in the future.
Any records shared with CRAs will remain on file for six years after your account is closed, whether any outstanding sums have been settled by you or following a default. The CRAs are responsible for data held on their files and you should contact them with concerns regarding any information they hold or may hold on you.
You can contact the CRAs currently operating in the UK. The information they hold may not be the same, so you may consider contacting them all. They will charge you a small statutory fee. They are:
- Experian, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk
- Creditsafe Business Solutions Limited, Bryn House Caerphilly Business Park, Van Road, Caerphilly, CF83 3GG, or
call 02920 886 500
If you fail to provide personal data
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested:
- We may not offer your organisation a facility and if your organisation is an existing client, it may be placed in breach of the terms of a finance agreement with us
- If you have personally guaranteed or been asked to personally guarantee obligations of a client or prospective
client, we may not accept your guarantee, you may be placed in breach of your obligations under an existing guarantee, and in each case this may affect whether we will provide or continue providing finance to the client or prospective client, who may also be placed in breach of its obligations to us as a result - We may not be able to agree, enter in to or perform a contract we have or are trying to enter into with you, a client, or a person or organisation associated with you. Our client may also be placed in breach of the terms of a finance agreement with us
- If you are an employee, contractor or applicant for a position with us, we may not be able to consider your application, provide you with pay or benefits, or administer a contract for services or contract of employment with you
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (or any purpose which is not incompatible with those purposes), including for the purposes of satisfying any legal, accounting, or reporting requirements.
Purposes for Which We will Use your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use, analyse and assess your personal data in the following circumstances:
- To provide you with information, products or services that you ask for;
- To let you know about other products and services that we think you might be interested in (if you have said that you are happy to be contacted in this way);
- to make financial risk assessments, prevent money laundering, fraud or other wrongdoing;
- making payments to you and/ or your business;
- recovering monies;
- training, product and statistical analysis and development of new products;
- protecting our interests (including the provision of the information to third parties retained by us for them to conduct their services for us);
- To make a decision as the whether to extend credit to a client or prospective client, or whether to vary the terms of our agreements with a client;
In obtaining or storing information about you we may:
- Store and process information about you including on our computers and in any other way;
- Search your record at a credit reference or fraud prevention agency of our choice. Details of our searches may be kept by such agency and may be seen by other organisations that makes searches with the agency;
- Monitor and/ or record telephone conversations with you for training and/ or security purposes;
- Approach you for market research or direct marketing purposes;
- Seek and record any further information that we may require from any source, including banks for any of the purposes set out above;
- Transfer such of the information that we may have to other members of a group of companies of which My Pulse is a part; to our financiers; to associates or persons acting on our behalf; to guarantors or indemnifiers and to businesses providing similar serves to those of My Pulse , all of whom may use such information for any of the
purposes set out herein (including transfer within the group of companies). We shall, as far as we are able but without guarantee, seek to ensure that such financiers will always keep control of the information within the terms of this Policy.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
We do not use any fully automated decision-making process.
Note that we may process your personal data on more than one lawful basis, depending on the specific purpose for
which we are using your data. Please contact us if you need details about the specific legal ground we are relying
on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To assess and make decisions about prospective clients who may wish to obtain financial products and services from us | (a) Identity data (b) Contact data (c) Financial data (for credit purposes) | (a) Performance of a contract with you (b) Necessary for our legitimate interests in promoting or providing our products and services to you or your organisation (c) Your consent |
To register you (or your employer or a person or entity to whom you provide services) as a new client. | (a) Identity data (b) Contact data (c) Financial data (for credit purposes) | (a) Performance of a contract with you (b) Necessary for our legitimate interests in promoting or providing our products and services to you or your organisation (c) Your consent |
To fulfil our contractual obligations to a client, to you or your organisation or to enforce your or your organisation’s obligations to us or to our client, including to (a) Manage payments, fees and charges (b) Collect and recover money owed to us | (a) Identity data (b) Contact data (c) Financial data (d) Transaction data | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Policy (b) Contacting you about products or services we obtain from or provide to you or your employer | (a) Identity data (b) Contact data | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how our products/services are used and received) |
To administer and protect our business which may include: a) Financial risk assessment, preventing money laundering, fraud or other wrongdoing; b) Contacting credit reference agencies and making credit related decisions; c) Recovering monies and making payments to you and/ or your business. | (a) Identity data (b) Contact data | (a) Necessary for our legitimate interests (b) Necessary to comply with a legal obligation |
To administer a contract for services or contract of employment between us – we will provide you with further information about this when we collect information from you and during the course of our relationship) | (a) Identity data (b) Contact data (c) Financial data | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to administer the economic relationship between us) (c) Necessary to comply with a legal obligation (related to your work or workplace or our obligations under the law in relation to these) |
We will also use personal data about you for marketing purposes. Further information is set out in the Marketing section of the Policy, below.
Disclosure of your Information to Third Parties
We may have to share your personal data with the parties set out below for the purposes set out in the table above.
- Organisations associated with fraud prevention
- External Third Parties as set out in the Glossary.
- Specific third parties listed in the table above.
- We use third parties to store personal data.
- We use a third party to host, manage and support our website. They therefore have access to any data that you
submit via this website.
We require all third parties to respect the security of your personal data and to treat it in accordance with the
law. We do not allow our third-party service providers to use your personal data for their own purposes and only
permit them to process your personal data for specified purposes and in accordance with our instructions.
Marketing
We may from time to time wish to contact you via email, telephone, letter or SMS in order to keep you informed about
products, goods or services which may be of interest to you and to provide news and information about our business
and that of any business within our Group.
We may also provide you from time to time with information about products and services from selected third parties
which may be of interest to you or your organisation.
Where we send electronic marketing to an individual subscriber (under the Privacy and Electronic Communications
Regulations (“Privacy Regulations”)), My Pulse will only do so where we have received explicit
consent from you to do so and for each separate method of electronic communication.
We are not required by law to obtain prior consent to send you marketing information if you have purchased products
or services from us personally, or if we are contacting you at your organisation which is a “corporate subscriber”
under the Privacy Regulations.
You always have the right to refuse direct marketing communications directed to you personally. Should you
wish to do so, please contact our Data Protection Manager.
We may use your personal information and information about your computer (including, where available, your IP
address, operating system and browser type) for market research and other marketing purposes such as announcements
on our pricing, product launches, updates on the company, etc. We may also share your personal information with
third parties for the purpose of conducting market research and running marketing campaigns. Third parties who
process your personal data on our behalf are only permitted to do so in accordance with our instructions, which will
have previously been agreed with yourself. We will take steps to ensure that the transfer and any on-going
processing by those third parties is carried out securely and in accordance with applicable data protection and
privacy laws and regulations. We also collect and retain:
- copies of our correspondence with you as well as other data we collect relating to your activities on the
website and your arrangements with My Pulse ; - details about visitors to our website for the purposes of aggregating statistics or reporting purposes and to
calculate referral fees; and - comments made on blogs and discussion forums in connection with the marketplace.
Where you submit personal data to us using an online form, please ensure that you select the appropriate option on
the form if you do not want your data to be used by us or selected third parties for marketing purposes. You can
also notify us at any time if you do not wish your data to be used in this way. If you do not select the appropriate
option, but wish to do so subsequently, please contact our Data Protection
Manager so we can update our records.
Overseas Transfers
We are part of a global Group of companies and, in order to support our business in the most efficient manner
possible, we share infrastructure and functions across our business internationally. This means that we may transfer
your personal data to, or your personal data may be accessible in, any location in which we do business.
If your information is transferred to or accessible in a country which is not considered by the European Community to
provide adequate protection for your rights and freedoms in relation to the processing of personal data (such as the
USA), we will take alternative steps (as permitted by the GDPR) to ensure your information is adequately protected
and that those transfers comply with data protection law.
We may transfer your information to other countries, including those outside the European Economic Area, either for
storage purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have
operations overseas.
In particular, our Group companies may transfer any personal data they hold or obtain from time to time related to
prospective clients to Quantility. Quantility acts as both a data processor and data controller (for different
purposes) to help review and assess data on prospective clients provided by the Group companies. Data processed by
Quantility may be used to help one or more Group companies determine whether they wish to do business with a
prospective client and on what terms.
Our Group companies may also transfer to brokers and introducers personal data relating to prospective clients (as
part of other data relating to them) to which they are or would be unable to offer facilities, to enable these
brokers and introducers to identify and introduce alternative providers. These brokers and introducers will act as
data controllers and some of these brokers may be located outside the EEA.
Each Group company that
- shares personal data with Quantility provides adequate protection for the rights and freedoms of data subjects
by entering into EU-approved model contracts with it as (i) a processor; and (ii) a controller, of personal data
which is shared with it; and - shares personal data with non-EEA brokers and introducers provides adequate protection for the rights and
freedoms of data subjects by entering into EU-approved model contracts with each broker and introducer as a
controller of personal data which is shared with it.
Your Rights
You have the right to make a complaint about our use of your personal data at any time to the Information
Commissioner’s Office (“ICO”). The ICO is the UK’s supervisory authority for data protection issues (www.ico.org.uk).
If you do have a problem, question or concern about our use of your personal data, we would really appreciate the
chance to try to help you before you approach the ICO, so please feel free to contact us in the first instance using
the data protection compliance officer’s contact details above. You can contact us about data privacy issues in
other ways, but if you contact the data protection compliance officer, that will make it much easier for us to help
you.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This
enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing
it.
When we receive such a request we will endeavour to provide you with these details without delay and at the latest
within one month of receipt. We may extend the period of compliance by a further two months where requests are
complex or numerous. In such instances My Pulse will inform you within one month of the receipt of the request and
explain why the extension is necessary.
When My Pulse receives a subject access request we will provide a copy of the information held free of charge. My Pulse
may charge a reasonable fee to comply with requests for further copies of the same information. This does not mean
that we will charge for all subsequent access requests rather that the My Pulse reserves the right to charge a fee
based on the administrative cost of providing the information.
If the after reviewing a request the Data Protection Manager believes a request is manifestly unfounded or excessive,
particularly if it is repetitive, then My Pulse may charge a ‘reasonable fee’ which will be decided on a case by case
basis. In certain circumstances My Pulse may even refuse to respond to such requests.
Request correction of the personal data that we hold about you. This enables you to have any
incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data
you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal
data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or
remove your personal data where you have successfully exercised your right to object to processing (see below),
where we may have processed your information unlawfully or where we are required to erase your personal data to
comply with local law. Note, however, that we may not always be able to comply with your request of erasure for
specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or
those of a third party) and there is something about your particular situation which makes you want to object to
processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may
demonstrate that we have compelling legitimate grounds to process your information which override your rights and
freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend
the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s
accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to
hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d)
you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use
it. You can exercise your right to prevent such processing by refraining from ticking certain boxes on the forms we
use to collect your data whether that is on this website of via any other means. Alternatively, you can also
exercise the right at any time by contacting us at [email protected]
Request the transfer of your personal data to you or to a third party. We will provide to you,
or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note
that this right only applies to automated information which you initially provided consent for us to use or where we
used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data.
However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you
withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this
is the case at the time you withdraw your consent.
Complaints Policy
At My Pulse we value your business and we want you to be entirely satisfied with the service you
receive. If we make a mistake, or we fail to meet your expectations in some other way, we want the opportunity to
put things right as quickly as we can. Furthermore, we will take steps, where appropriate, to prevent a
recurrence.
Contact details:
Complaints can be raised by any channel at any time. Please follow one of
the steps below when making your first contact:
By e-mail: You can e-mail [email protected] with details of your complaint.
By post:
Complaints Manager
My Pulse,
St Albans House,
57-59 Haymarket,
St. James’s,
London,
SW1Y 4QX.
What to include: In order for us to help you the best way we can, we ask that you
provide:
- You full name, business address, phone number and email address
- Your account number
- Details of your complaint
- What you would like us to do to resolve the issue
Our complaints process: We will acknowledge your complaint within 3 working days of receipt and
inform you of the steps we are taking to investigate it, or when you can expect a final response.
We treat all complaints fairly and will aim to resolve your complaint as soon as possible within 5 working days.
Where the complaint or problem is complex, we may need longer to look into the issue and ask you for more
information.
We will keep you updated on the progress of your complaint throughout the process and provide contact information for
the complaint handler dealing with your case.
If we have been unable to resolve your complaint within 8 weeks, have not sent you a final response within 8 weeks,
or you are unhappy with the outcome of your complaint, you can ask the Financial Ombudsman Service (“FOS”) to carry
out an independent review.
The FOS can help with most complaints if you are:
- A consumer
- A business employing fewer than 10 persons that has an annual turnover that doesn’t exceed €2 million
- A charity with an annual turnover of less than £1 million
- A trustee of a trust with a net asset value of less than £1 million
The contact details for the Financial Ombudsman Service are:
The Financial Ombudsman Service, South Quay Plaza, 183 Marsh Wall, London E14 9SR
E-mail: [email protected]
Website: www.financial-ombudsman.org.uk
Telephone: 0845 080
1800
FOS consumer
leaflet
Recording the Complaint
Please note that, in accordance with its regulatory obligations, My Pulse
Commercial Finance will compile a report of each complaint. These records will be retained for no less than three
years from the date the complaint was received.
Information Security and Encryption
Information that is transmitted via the internet is never completely secure.
We have put suitable protection in place, however any transmission of personal data to us via the internet is at your
own risk.
Where necessary we use encryption to protect the integrity of data during submission.
We also employ similar technologies and access control methods to keep any stored data secure.
Policy Changes
Any changes to this Policy will be posted here and will take immediate effect.
If you have any questions about this Policy or about our use of your personal details, then please contact
the Data Protection Manager
Glossary
“Personal data” means any information about an individual, held by a data controller, from
which the controller can identify a specific, living person. It does not include data about a living person that the
controller can’t identify.
Some personal data falls into “Special Categories” under the GDPR and are given greater
protection. These include any personal data revealing your race or ethnicity, religious or philosophical beliefs,
sex life, sexual orientation, political opinions, trade union membership, and information about your health, as well
as genetic and biometric data. Information about criminal convictions and offences is also treated differently from
ordinary personal data under the GDPR.
”Lawful Basis”
There are a number of different lawful bases for processing your personal data under the GDPR. These include:
Legitimate Interest means the legitimate interests of My Pulse or of a third party, including in
conducting a business, which must be balanced against the effect of the processing of personal data on individuals’
rights and freedoms.
In most cases where our legal basis for processing your personal data is a legitimate interest, this will be the
legitimate interest of My Pulse, of members of its Group or our clients in conducting our and their business. In the
case of My Pulse and its Group, this will be to provide financing in the most efficient and effective way we can. We
make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we
process your personal data for our legitimate interests or those of others. We do not use your personal data for
activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise
required or permitted to by law). You can obtain further information about how we assess our legitimate interests
against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a
contract to which you are a party, or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance
with a legal or regulatory obligation that we are subject to.
Protecting your vital interests applies where we would otherwise require your consent to use data, but you are
physically or legally incapable of giving consent, and processing is to protect your interests – for example, to
facilitate urgent medical treatment.
”Third Parties”
External Third Parties
These include our and our Group’s service providers, acting as data processors, based inside and outside the EEA who
provide technical, financial, logistical, information technology, data storage or other support for our work.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, insolvency
practitioners, and insurers based in the EEA and of it who provide consultancy, banking, legal, insurance and
accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of
processing activities in certain circumstances.
Governments and public authorities in other countries where we carry out filming who require information on our crew
and contributors.
Cookies Policy
To enhance your experience on our site, our web pages use “cookies” to distinguish you from other users. If you use
this website, then you accept that we can use the cookies set out below.
- What are cookies?
Cookies are small data files that we place in your computer or mobile’s browser to store your preferences.
Cookies, by themselves, do not tell us your email address or other personal information unless you choose to
provide this information to us by, for example, registering at one of our sites. Once you choose to provide a
web page with personal information, this information may be linked to the data stored in the cookie. A cookie is
like an identification card. It is unique to your computer and can only be read by the server that gave it to
you. - Why do we use cookies?
We use cookies to understand site usage and to improve the content and offerings on our site. For example, we
may use cookies to personalise your experience on our web pages and to provide you with a better service. - What cookies do we use?
We use the following cookies:- Strictly necessary cookies. These are cookies that are required for the operation of our sites. There is
no way to prevent these cookies being set other than to not use our site or not use that particular
feature. - Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see
how visitors move around our sites when they are using it. This helps us to improve the way our sites
work, for example, by ensuring that users are finding what they are looking for easily. - Functionality cookies. These are used to recognise you when you return to our site. This enables us to
personalise our content for you, greet you by name and remember your preferences and improve your visit. - Targeting cookies. These cookies record your visit to our sites, the pages you have visited and the
links you have followed. We will use this information to make our sites and the advertising displayed on
them more relevant to your interests. We may also share this information with third parties for this
purpose.
- Strictly necessary cookies. These are cookies that are required for the operation of our sites. There is
Generally, cookies which are strictly necessary for the operation of the website will expire when you leave
the website. Other cookies may be more permanent or not expire unless you actively delete them.
- How to reject cookies
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or
some cookies. Doing so however will likely limit the functionality of our and a large proportion of the world’s
websites as cookies are a standard part of most modern websites. If you are unsure as to how to manage your
cookies or require more information, we have provided the following links to the settings pages for the most
commonly used web browsers:
GENERAL
- Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud
and money laundering, and to verify your identity. These checks require us to process personal data about you. - The personal data you have provided, we have collected from you, or we have received from third parties will be
used to prevent fraud and money laundering, and to verify your identity. - Details of the personal
information that will be processed include, for example: name, address, date of birth, contact details, financial
information, employment details, device identifiers including IP address and vehicle details. - We and
fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect,
investigate and prevent crime. - We process your personal data on the basis that we have a legitimate
interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to
comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing
you have requested. - Fraud prevention agencies can hold your personal data for different periods of
time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six
years.
AUTOMATED DECISIONS
- As part of the processing of your
personal data, decisions may be made by automated means. This means we may automatically decide that you pose a
fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or
known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately
hidden your true identity. You have rights in relation to automated decision making: if you want to know more please
contact us using the details above.
CONSEQUENCES OF PROCESSING
- If we,
or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the
services or financing you have requested, or to employ you, or we may stop providing existing services to
you. - A record of any fraud or money laundering risk will be retained by the fraud prevention
agencies, and may result in others refusing to provide services, financing or employment to you. If you have any
questions about this, please contact us on the details above.
DATA
TRANSFERS
- Fraud
Prevention agencies may allow the transfer of your personal data outside of the
UK. This may be a country where the UK Government has decided that your data
will be protected to UK standards, but if the transfer is to another type of
country, then the fraud prevention agencies will ensure your data continues to
be protected by ensuring appropriate safeguards are in place.
YOUR RIGHTS
- Your personal data is protected by legal rights, which include your
rights to object to our processing of your personal data; request that your personal data is erased or corrected;
request access to your personal data. - For more information or to exercise your data protection
rights, please contact us using the contact details above. - You also have a right to complain to the
Information Commissioner’s Office which regulates the processing of personal data.