Privacy Notice for Business Contacts and their Representatives
This Privacy Notice provides information about how we collect, use, store, and share your personal data. “Personal Data” means any information about you that enables you to be identified; for example information such as your name and contact details, but also less obvious information such as identification numbers, electronic location data, and other online identifiers.
We are committed to our privacy obligations under the Data Protection Act 2018 and the General Data Protection Regulation (“Data Protection Laws”). We are the data controller as defined by the GDPR.
This Privacy Notice explains the following:
- 1. Who are we and how can you contact us?
- 2. What kinds of personal data do we collect, and how?
- 3. What do we use personal data for?
- 4. What are our legal grounds for handling your personal data?5. Who do we share your personal data with?
- 5. Where in the world is the personal data sent and stored
- 6. For how long is my personal data retained
- 7. Do we make automatic decisions about you or profile you using your personal data?
- 8. What rights do you have in relation to the personal data we hold about you?
- 9. Who can you complain to if you are unhappy about the use of your personal data?
- 10. Changes to this Privacy Notice
Please read this Privacy Notice carefully to understand how we treat your personal data.
1. WHO ARE WE AND HOW CAN YOU CONTACT US?
We are SmartCredit Limited, trading under the name SmartSearch. In this Privacy Notice, “we”, “us” and “our” will always mean SmartCredit Limited, a company registered in England under company number 05534508.
You can contact us about issues relating to your personal data, including the contents of this notice, by any of the following methods:
- Post: Data Protection Officer, SmartCredit Ltd, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL
- Email: email@example.com
- Telephone: 0113 238 7660
2. WHAT KINDS OF PERSONAL DATA DO WE COLLECT, AND HOW?
We collect personal data about you from your interactions with us and from certain third parties and other sources (such as from publicly available sources where permissible). We have set out below the types of personal data we will collect:
Name and contact details; such as first and last name, email address, postal address, phone number and other similar contact data.
Personal identification numbers; such as your social security number or national insurance number. Family circumstances information; your marital status and dependents if you are a PEP or a close associate of a PEP.
Employment or role details; for example the organisation you work for, public roles (including political, diplomatic, religious, judicial, military and trade union roles), your job title and education history.
Professional and personal affiliations; organisations and individuals that you may be associated with in your professional or personal capacity.
Financial information relevant to understanding your income or wealth; for example bankruptcy or insolvency fillings.
Your inclusion (if any) on sanctions lists or on public lists of disqualified directors or other positions of responsibility.
Public domain data about actual or alleged money laundering or terrorist financing crime. Information about our dealings with you; such as what information we have sent you, who in our organisation knows you, and what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails, clicked on a link or watched a video.
Information about the device you are using to access our websites; such as the type of device, its operating system, browser, its IP address, and what cookies are on it.
Information about your use of our websites; such as what pages you have visited and what content you have downloaded.
Information capture via your use of our Mobile App SmartIDV; this may include but is not limited to your passport, driving license, ID card, and residency permits.
We may also receive information about you from third party service providers such as credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges. We may also receive personal data from third party social media services such as Google, LinkedIn and Facebook, or other commercially available sources. We do not control the information on you that such networks obtain, or the technology they use to do so.
Some of the personal data we collect about you may be special category data, as defined in the Data Protection Laws. We will only collect and use this information if the Data Protection Laws allow us to do so and will take extra care with this data. We generally process special category data for reasons of substantial public interest on the basis of applicable law. Special categories of data includes information about:
- Physical and mental health;
- Sexual orientation;
- Racial or ethnic origin;
- Political opinions;
- Religious and/or philosophical beliefs;
- Trade union memberships;
- Criminal convictions and offences;
- Genetic and biometric data;
- Health data including gender.
3. WHAT DO WE USE YOUR PERSONAL DATA FOR?
This section explains the purposes for which we use your personal data..
We use your personal data for marketing purposes. This includes informing you about products and services that we think may be of interest to you and providing you with related materials such as news items and blog posts, or in administering any prize draws that you are offered and elect to enter. We may contact you to ask you to confirm or update your choices, such as when there is a change in the law or the structure of our business We might contact you for marketing purposes through various channels such as by email, telephone or post. You might also be contacted through any channel for other purposes – for example, as part of our ordinary relationship management activity.
You can withdraw from marketing at any time by either using the relevant unsubscribe button in our emails, or by contacting us using the details above.
Provision of services, including administration and management of our records
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with you and/or your representatives. This could include activities such as letting you know about product changes or planned maintenance activity, contacting you with billing enquiries, inviting you to events and webinars, dealing with your enquiries, retaining records of your instructions and telephone calls, responding to any data rights you invoke, or asking you about what sorts of products you want us to develop.
Monitoring and improving our websites
We use information such as how you navigate around our websites, how long you spend on particular pages, whether you download any of our content (including product brochures, white papers and so on), in order to help improve the user experience of our websites. We may also use this information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which can be based on your activity on our websites. We can do this ourselves or appoint an agency to do this on our behalf.
To protect our rights
We may use your personal data as we believe to be necessary or appropriate in order to protect, enforce, or defend the legal rights, safety, or property of us, our employees, agents and contractors; protect against fraud and other unlawful activity; to comply with and enforce the law or legal process; or to respond to requests from public and government authorities, to the extent permitted by applicable law.
4. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING YOUR PERSONAL DATA?
Under the Data Protection Laws, we must have a legal basis (i.e. a valid legal reason) for using your personal data.
One of the legal reasons we may rely on is when we use your personal data for our legitimate interests (this is usually when we have a business reason). However, we will always ensure that we take your interests in to consideration too, and ensure that the use is fairly balanced.
Generally, our legitimate interests will be one of the following:
We have an interest in promoting our products and services to our clients and potential clients. We may also market to you to help you learn about products and services that might be of use to you, or where we have an interest in learning about your needs so that we may better understand what products or services could be of interest to you.
Running a business
We have an interest in running and developing our business, enforcing our terms and conditions, and to ensure a safe environment for our website visitors. We also have an interest in setting up and administering your account, to provide technical and customer support and training, and to send important account, subscription and service information.
In some circumstances, we may have other grounds to process your personal data. These are set out in the following table, along with examples of the circumstances in which they might apply.
Necessary for performance of a contract with the relevant individual, or to take steps for entering into a contract.
If you sign up to one of our products or services, it will often be necessary for us to use your details in order to provide that product or service, or to fulfil the contract
Necessary in order to comply with a legal obligation.
Regulators, government bodies and courts have powers to order us to provide your personal data to them, and, like any other organisation, we sometimes have to comply with their requests. For example, under anti money laundering regulations we must hold certain information about you.
Where you have agreed to us collecting your personal data, for example you have ticked a box on a form regarding marketing emails, or where we process any special category data about you. We will only ask for your consent in relation to specific uses of personal data where we need to, and, if we need your consent, we will make it clear that we are asking for it.
5. WHO DO WE SHARE THE INFORMATION WITH?
We may make your personal data available to third party services providers, such as contractors, agents or sponsors, who help us manage or provide our products and services. For example:
We might use a third party email broadcasting service in order to send you marketing emails ;
Credit reference agencies; Fraud prevention agencies who will use your personal data to prevent fraud and money-laundering and to verify your identity;
We might use a printing company to produce and send personalised direct mail;
Our database of personal data may be held by third parties on our behalf; or
We might use a third party to process payments and deliver subscriptions.
These third party service providers are required to protect personal data entrusted to them and not use it for any other purpose than the specific service they are providing on our behalf. In some circumstances, we may be legally required to share your personal data, for example if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We may also transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. At all times, we take steps to ensure your privacy rights continue to be protected as per this Privacy Notice.
6. WHERE IN THE WORLD IS THE INFORMATION SENT AND STORED?
We are based in the United Kingdom, and will normally access and use your information from here. We will usually store your personal data on secure servers in the UK, and will seek to protect your personal data by limiting access to your personal data to those employees, agents, contractors and other third parties with a legitimate need to know and ensure that they are subject to duties of confidentiality. We also have in place procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.
If instances arise where we transfer your personal data to countries outside of the European Economic Area (“EEA”), we will take appropriate steps to ensure the personal data is afforded the same level of protection as described in this Privacy Notice. For example, we may rely on adequacy decisions or any adequate data transfer mechanisms adopted by the European Commission or a supervisory authority for transfers outside of the EEA.
7. FOR HOW LONG IS MY PERSONAL DATA RETAINED?
We will normally keep your personal data while you or your employer have an ongoing relationship with us or if you have demonstrated an interest in our products and services.
We will keep most of your personal data for as long as you are using our services, and generally for a minimum of seven years after that to comply with the legal or regulatory requirements, or if we face a legal challenge.
To work out how long we keep different categories of personal data, we consider why we hold it, if it is special category data, how long the law says we need to keep it for, and what the risks are.
8. DO WE MAKE AUTOMATIC DECISIONS ABOUT YOU OR PROFILE YOU USING YOUR PERSONAL DATA?
We use certain profiling techniques in order to help us to understand you and your needs. This in turn helps us to understand which products and services you might be interested in. We do not use automated decision-making or profiling to make any decisions that will significantly affect you. For example, we do not use it to set the prices that we charge for our products and services.
9. WHAT RIGHTS DO YOU HAVE IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
Right of access:
You have a right to find out what personal data we hold about you, and to a copy of any personal data processed about you. If you request to see your personal data, your initial request will be free of charge; subsequent requests may attract an administration fee.
Right to correct and update your personal data:
If you believe that the information that we hold about you is inaccurate or out of date, you have a right to get it corrected.
Right to request deletion:
If you want us to delete your personal data, you can ask us to do so at any time. The circumstances when deletion can apply include when we no longer need it to meet a lawful basis for processing unless that basis is consent and you withdraw your consent, or you object to the processing, or the processing is unlawful. However, certain exclusions apply – where the processing is necessary for compliance with a legal obligation or to establish, exercise or defend legal claims.
Right to request restriction:
You can ask us to restrict our use of your personal data in some circumstances: a) if you want us to establish the data’s accuracy; b) where our use of the data is unlawful but you do not want us to erase it; c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to be informed:
This Privacy Notice provides you with the details on how we use and process your personal data.
Right to object to processing:
You may request that we stop processing information about you. Upon considering your request we will let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights, or to bring or defend legal claims.
Right to withdraw consent:
This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
Right to data portability:
You have the right to ask us to provide your personal data to another data controller or third party service provider.
Rights related to automated processing:
Where this processing produces legal effects or significantly affects you, you can object to this processing unless the processing is necessary as part of our contract, or is required by law.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact with us in the first instance so that we can investigate your concerns. Please contact us using these details:
- Post: Data Protection Officer, SmartCredit Ltd, Mayfield House, Lower Railway Road, Ilkley, LS29 8LF.
- Email: firstname.lastname@example.org
- Telephone: 0113 238 7660
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
11. CHANGES TO THIS PRIVACY NOTICE
We review our use of your personal data regularly. In doing so, we can change what personal data we collect, how we keep it and what we do with it. As a result, we may change this Privacy Notice from time to time to keep it relevant and up to date.
Any changes will be immediately posted on our websites and we recommend that you check this page regularly to keep up to date. This Privacy Notice was last updated on 11th November 2020. If we need to make substantial changes to this Notice, we will notify you, if we hold your contact details, before we make any changes unless we are required to make the change sooner (for example regulatory reasons).