Supplementary privacy policies, notices or other privacy related information will apply to personal data obtained by us (or on our behalf) where you interact with us in ways other than through the Website (e.g. via the phone or where you make a loan application by post or through a broker). This additional privacy information will be made available to you at the relevant point at which we collect your personal data.
YOU HAVE A RIGHT TO KNOW HOW WE WILL USE YOUR PERSONAL DATA
We are committed to ensuring the security of your personal data.
Data Protection Laws place obligations on us to process your personal data fairly and lawfully and to keep it secure. For the purposes of the Data Protection Laws, the data controller of Website users’ personal data is Together Financial Services Limited of Lake View, Lakeside, Cheadle, SK8 3GW.
As a data controller, Together Financial Services Limited maintains a notification of its data processing activities with the Information Commissioner’s Office (ICO) and its registration number is ZA067862.
Personal data may also be processed by Together Personal Finance Limited (ICO registration number Z6004427) and/or Together Commercial Finance Limited (ICO registration number Z6462238).
WHAT IS PERSONAL DATA?
HOW WE WILL COMPLY WITH DATA PROTECTION LAWS
- Contract: Where you are an existing customer we will process your personal data to the extent required for us to provide you with services related to products that you have purchased from us in accordance with its terms (for example existing customers can make a payment, request information in respect of how to obtain additional finance or how to obtain a redemption figure);
- Legal Obligation: Where there is a legal requirement upon us to record, retain or share your personal data with authorities, we must do so. For example to comply with laws and regulations which govern our business, such as the Financial Services and Markets Act 2000 or the Proceeds of Crime Act 2002;
- Consent: Where you have provided your specific agreement to the processing of personal data for a specific purpose(s). For example, if you advise us of a health condition, we will seek your consent to record and process this information.
TYPE OF PERSONAL DATA COLLECTED
The personal data that you may provide to us through the Website is set out below:
- your name and username;
- security information (passwords and answers to security questions) (please note that passwords and answers to security questions are encrypted and as such are not available for Together to view);
- your contact details (including postal address, email address and phone number);
- your account number;
- any personal data you choose to include when typing additional comments in free text boxes.
In addition, you may also provide us with your personal data by corresponding with us by phone, e-mail, post or otherwise. This includes personal data you submit when you register to use the Website, make an enquiry and/or when you report a problem with the Website. The information you give us may include some of the personal data listed above and any other personal data you choose to provide.
HOW WE USE THE PERSONAL DATA
We will store and process your personal data on our computers and in our paper folders.
Please see the Data Security header below for details about how we keep your personal data secure, in line with our obligations under Data Protection Laws.
We will use your personal data (including from any third parties, where relevant and lawful) to:
- contact you about our products/services (in response to your request for this contact which you have made via our Website);
- manage your account;
- provide our products/services to you;
- contact you in respect of any complaint that you submit;
- process payments if you make a payment to us relating to your loan/mortgage via the Website;
- comply with our legal obligations; and
- identify patterns which we can use to help us develop, administer, support and improve our services.
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate.
PREVENTION OF FRAUD
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may request and/or access this information.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- Checking details on applications for credit and credit related or other facilities;
- Managing credit and credit related accounts or facilities;
- Recovering debt;
- Checking details on proposals and claims for all types of insurance; and
- Checking details of job applicants and employees.
Please contact the Financial Crime Team (email@example.com) if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
WHO DO WE PASS YOUR PERSONAL DATA TO?
We may use third parties to provide services on our behalf. This means we will disclose your personal data to them.
We will provide your personal data to the following categories of third parties:
- companies that provide data hosting and website management services such as Azure, OKTA, OPUS and Microsoft; and
- companies that provide website analytics services and /or help us to make advertising messages more relevant to you such as Google Analytics, AppNexus, Hotjar and/ or Infinity (please see our Cookies Policy for further information).
In each case, we will, in accordance with our obligations under Data Protection Laws, put in place appropriate contractual protections for your personal data.
In addition to the disclosures described above, we may disclose your personal data to:
- our auditors, solicitors, professional advisors, sub-contractors or any person providing services to Together Financial Services Limited group companies and, who have agreed to treat your personal details as confidential;
- anybody having a legal right to your personal data, including the police and any other legal and regulatory authorities and government bodies;
- to any third party who acquires all, or substantially all, of the assets or shares in Together Financial Services Limited, any of our corporate group, and/or the Website, whether by sale, merger, acquisition or otherwise; and
Where your personal data is being transferred outside the UK, we will ensure that appropriate safeguards are in place, such as the use of the approved International Data Transfer Agreements (IDTA) to protect your information in accordance with Data Protection Laws, along with any relevant risks assessments.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
We take steps with a view to deleting, destroying or permanently anonymising your personal data (which means that we are no longer able to identify you from it) when it is no longer necessary for its purpose and we are not required by law to keep it.
How long we keep your personal data depends upon the purpose for which your personal data was collected was provided. Generally however we will hold your personal data:
- for as long as it is necessary to enable us to provide you with a product or service (i.e. until that service or product has been provided to you and all parties have fulfilled their obligation in relation to that service or product);
- if you taken out a loan or mortgage with us, for the duration of your loan or mortgage and an additional 6 years after the loan or mortgage has concluded;
- We will never retain your personal data for longer than is necessary. However, we may keep your data longer than 6 years if we cannot delete it for example, to comply with our legal or regulatory obligations.
You have a number of rights under Data Protection Laws in relation to the way we process your personal data. These are set out below. You may contact us using the details below to exercise any of these rights and we will respond to any request received from you within one month from the date of the request.
|The right to be informed||As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided within this notice, our Fair Processing Notice and in any related communication we may send you.|
|The right of access||You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity, we will provide access to the personal data we hold about you.|
|The right to rectification||Where you believe we hold inaccurate or incomplete personal information about you, then you may exercise your right to correct or complete this data.|
|The right to erasure (the ‘right to be forgotten’)||Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.|
|The right to restrict processing||You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
|The right to data portability||You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format. You have the right to require us to transfer your personal data to another organisation, at your request. This right only applies when we care carrying out the processing by automated means.|
|The right to object||You have the right to object to our processing of your data where:
|Right regarding automated decision-making and profiling||You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way.|
If you would like to exercise the rights listed above, you can send a request:
- By mail to: Customer Services, Lake View, Lakeside, Cheadle, Cheshire SK8 3GW enclosing details of your account number(s) or application date
- By e-mail to:firstname.lastname@example.org
- By telephone to: 0161 333 7403
We take protecting your personal information seriously and are continuously developing our security systems and processes. In accordance with our obligations under the Data Protection Laws; to prevent unauthorised access to or disclosure of your personal data, maintain data accuracy, and ensure the appropriate use of your personal data; we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data we collect online. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems and data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilise industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
We require that third parties who process your personal data on our behalf apply at least equivalent technical and organisational measures to ensure that data is securely processed.
However, you acknowledge that, unfortunately, the transmission of information via the internet, including forms you submit to us, is not completely secure. We cannot guarantee the security of your data transmitted to the Website: any transmission (i.e. your sending of the personal data to us) is at your own risk. Once we have received your personal data, we will use the steps detailed above to protect it.
You should be aware that there are inherent risks in transferring personal data over the Internet. For example, if you send us an e-mail from your private mailbox, we cannot guarantee the security of the content during its transmission to us. For that reason, please do not send to us an unsecured e-mail with confidential information such as your employee number or bank account numbers, or any sensitive personal data.
FEEDBACK AND COMPLAINTS
If you are not happy with the way in which your personal data is held or processed by us, or if you are not satisfied with our handling of any request by you in relation to your rights, our Data Protection Officer (“DPO”) would be happy to help. You can contact our DPO at Lake View, Lakeside, Cheadle SK8 3GW or via email – email@example.com.
Alternatively, you have the right to complain to the Information Commissioner’s Office (ICO) by calling 0303 123 1113. The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website (www.ico.org.uk).