How We Use Personal Information
1. We promise to keep your information
2. We promise not to sell it
3. We give you ways to manage and
review your marketing choices at any time
4. We keep record of when and how we
get consents and what you were told at the time.
How the Law Protects you
The law says we must have one or more of
these reasons to collect your data
1. To fulfil a
contract with you
2. When it is our
3. When it is in our
legitimate interest (which we must define)
4. When you consent.
Transparency means you have the right to
be informed about how we will use your data
Groups of Personal Information
FINANCIAL - Your financial
position, status and history
CONTACT – Where you live and how we contact you
SOCIO-DEMOGRAPHIC – Details about your work, nationality,
education, and where you fit into general social or income groups.
TRANSACTIONAL – Details of payments you make to us.
CONTRACTUAL – Details about the products or services we provide to
COMMUNICATIONS – What we learn about you from letters,
emails and conversations between us.
OPEN DATA AND PUBLIC RECORDS – E.g Electoral Information,
DOCUMENTARY DATA – E.g copies of ID
CONSENTS – How you agree we can contact you
NATIONAL INDENTIFIERS – E.g National Insurance Number
We collect Data from Third Parties such
as Social Networks, Fraud Prevention Agencies, Public Information Services.
WE MAY SHARE THIS INFORMATION WITH
1. HMRC, Regulators
and other authorities
2. Credit Reference
3. Fraud Prevention
4. Any party linked
to you (e.g Joint Tenant)
5. Workmen needing
to enter your house.
6. Companies you ask
us to share data with (e.g Homelet, Rent4Sure)
7. If you use Direct
debits we will share your data with the Direct Debit Scheme.
8. If we sell our
business we will only do this if they agree to keep your information safe.
CREDIT REFERENCE AGENCIES
We will share information with CRA’s and
they will give us information about you. The Data we exchange can include.
1. Name, Address, Date of Birth
2. Application form
situation and history
We will use this information to
1. Assess if you can
afford the property
2. Make sure what
you have told us is the truth
3. Help detect and
4. Track and recover
On joint tenancy, CRA’s may link your data to other joint tenants.
You can ask CRA’s to break the link but you normally have to prove you no
longer have a financial link with them.
IF YOU DO NOT PROVIDE DATA WE MAY NOT BE ABLE TO OFFER YOU A
HOW LONG WE KEEP INFORMATION
1. We will keep it
as long as you are a client
2. After you stop
being a client we may keep data for up to 10 years for one or more of the
To respond to questions or
To show why we have treated you
For historical research and
can access personal information by emailing us: firstname.lastname@example.org. You can also ask us to correct any information you
believe to be incorrect. We do not have to provide information where the
request is disproportionate or has already been given previously.
WHAT IF YOU ASK US TO STOP USING YOUR PERSONAL INFORMATION?
This is also known as “The Right to be
forgotten”. There may be legal or other reasons why we need to keep or use your
data. In such cases we can restrict the use of your data to legal claims or to
exercise legal rights.
YOU CAN WITHDRAW CONSENT BY WRITING TO US AT (ADDRESS)
YOU CAN COMPLAIN TO US IF YOU ARE UNHAPPY WITH HOW WE HAVE USED
YOUR PERSONAL INFORMATION AT: email@example.com
YOU CAN ALSO COMPLAINB TO THE INFORMATION COMISSIONERS OFFICE. YOU
CAN LOOK ON THEIR WEBSITE HOW TO REPORT A CONCERN.
VITAL INTEREST – We can pass on details in an emergency
e.g medical care if you re physically or legally incapable of giving consent.
We supply a copy of information free of
charge. We can charge a reasonable fee when a request is manifestly unfounded,
or excessive, particularly if it is
repetitive. We may charge a fee where we have already supplied the information.
We must supply information without delay
and in any event within one month. This can be extended by up to 2 months if
during that month the request is considered complex and/or numerous, and if we
do have to explain why.
We must verify the identity of the person making the request using
DATA PROTECTION IMPACT ASSESSMENT
This will allow an organisation to
identify and fix problems at an early stage.
Further guidance see ICO Conducting
privacy impact assessments code of practice