Our Data Protection Policy describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the relevant domestic and European data protection laws and regulations.
This Data Protection Policy applies to personal data we process regardless of the media on which is stored or whether it relates to past or present employees, workers, customers, clients or supplier contracts, website users or any other data subject.
This Data Protection Policy sets out what we expect from you in order for the Company to comply with the applicable law. Your compliance with this policy is mandatory.
This data protection policy will become effective from 25th May 2018.
1.1 We take your privacy seriously and protecting the confidentiality and integrity of personal data is a critical responsibility. You can find out more here and in other related policies and notices about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the products and services we provide to you.
See section 3 Your Privacy Rights for more information about your rights.
1.3 This policy provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this policy if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
- About us
We are what is known as the ‘data-controller’ of personal information we gather and use. In some instances we are also the “data “processor” meaning that we process the personal information we collect and hold. When we say ‘we’ or ‘us’ in this policy, we mean Pewleys, Richmond House, 6 Station Row, Shalford, Guildford, GU4 8BY
- Your privacy rights
3.1 You have the right to object to how we use your personal information. If we have relied on consent to process your personal information you can withdraw that consent at any time (this is discussed further below).You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else. You can make a complaint to us by emailing Richard@pewleys.co.uk
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, at https://ico.org.uk. To make enquires for further information about exercising any of your rights in this policy please contact us at Richard@pewleys.co.uk
- What kinds of personal information we use
4.1 We collect and use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to use your name, address, date of birth, contact details, information to allow us to check your identity and information about your credit history. For some products and services we might need additional information, for example:
– information for, fraud prevention;
– information for, anti-money laundering; and
– to meet legal obligations.
4.2 Sometimes where we ask for your personal information needed to enter into a contract with you or to meet a legal obligation (such as a credit check), we will not be able to provide some products or services without that personal information.
- How we gather your personal information
We obtain personal information:
– directly from you, for example when you fill out an application;
– by observing how you use our products and services, for example from the transactions and operation of your accounts and services;
– from other organisations such as credit reference and fraud prevention agencies;
– from other people who know you including joint account holders and people you are linked to financially.
- How we use your personal information
To provide you with the products and services we offer we will need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
6.1 To operate and administer our products and services, including dealing with your complaints and fixing our mistakes,
6.2 To administer payments to and from you,
6.3 To comply with our legal obligations, to prevent financial crime including fraud and money laundering
6.4 To comply with our legal obligations, to support our vulnerable customers:
6.5 For financial management and debt recovery purposes,
6.6 To enable payments to third parties who may have introduced you to us,
6.7 To carry out market research and analysis to develop and improve our products and services
6.8 To market products and services to you from us or our partners,
6.9 Personal information requirements for Business customers
- Our legal basis for using your personal information
7.1 We only use your personal information where it is permitted by the laws that protect your privacy rights. We only use personal information where:
– we have your consent (if consent is needed);
– we need to use the information to comply with our legal obligations;
– we need to use the information to perform a contract with you; and/or
– it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you. This can include where it is in our interests to contact you about products or services, market to you, or – – collaborate with others to improve our services.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See section 10 Keeping you up to date, clause 10.2 for details about how to withdraw your consent to marketing.
7.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your physical and mental health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
– we have a legal obligation to do so (for example to protect vulnerable people);
– it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
– it is in the substantial public interest;
– it is necessary for the prevention or detection of crime;
– it is necessary for insurance purposes; or
– you have specifically given us explicit consent to use the information.
- Sharing your personal information with or getting your personal information from others
8.1 We will share personal information within our Group and with others outside Pewleys where:
- we need to do that to make products and services available to you,
- market products and services to you; or
- meet or enforce a legal obligation or where it is fair and reasonable for us to do so.
See section 6 How we use your personal information for more information about how we do this. We will only share your personal information to the extent needed for those purposes.
8.2 Who we share your personal information with depends on the products and services we provide to you and the purposes we use your personal information for. For most products and services we will share your personal information with our own service providers such as our IT Suppliers, with credit reference agencies and fraud prevention agencies. See section 6 How we use your personal information for more information on who we share your personal information with and why.
8.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing products and services to you. We also sometimes gather personal information from and send personal information to third parties where necessary for credit checking and fraud prevention or marketing purposes, for example so you can receive the best offers from us and our partners. See section 6 How we use your personal information for more information on who we get your personal information from and why.
- How long we keep your personal information for
9.1 How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for. We monitor how long we keep personal information for and aim to comply with the legal framework for document retention.
- Keeping you up to date
10.1 We will communicate with you about products and services we are delivering using any contact details you have given us – for example by post, email, text message, social media, and notifications on our app or website.
10.2 Where you have given us consent to receive marketing, you can withdraw consent and update your marketing and contact preferences by visiting a branch or calling us directly. For contact details, visit our website on www.pewleys.co.uk
- Your online activities
This Data Protection Policy does not override any applicable national data protection privacy laws and regulations in countries where Pewleys or any group company operates.